summaryrefslogtreecommitdiffstats
path: root/external/poky/meta/recipes-connectivity
diff options
context:
space:
mode:
Diffstat (limited to 'external/poky/meta/recipes-connectivity')
-rw-r--r--external/poky/meta/recipes-connectivity/avahi/avahi-ui_0.7.bb10
-rw-r--r--external/poky/meta/recipes-connectivity/avahi/avahi.inc12
-rw-r--r--external/poky/meta/recipes-connectivity/avahi/avahi_0.7.bb10
-rw-r--r--external/poky/meta/recipes-connectivity/avahi/files/0001-Fix-opening-etc-resolv.conf-error.patch7
-rw-r--r--external/poky/meta/recipes-connectivity/bind/bind/0001-build-use-pkg-config-to-find-libxml2.patch54
-rw-r--r--external/poky/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch18
-rw-r--r--external/poky/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch22
-rw-r--r--external/poky/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch31
-rw-r--r--external/poky/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch15
-rw-r--r--external/poky/meta/recipes-connectivity/bind/bind_9.11.21.bb (renamed from external/poky/meta/recipes-connectivity/bind/bind_9.11.5-P4.bb)33
-rw-r--r--external/poky/meta/recipes-connectivity/bluez5/bluez5.inc34
-rw-r--r--external/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch12
-rw-r--r--external/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Makefile.am-Fix-a-race-issue-for-tools.patch32
-rw-r--r--external/poky/meta/recipes-connectivity/bluez5/bluez5/CVE-2018-10910.patch705
-rw-r--r--external/poky/meta/recipes-connectivity/bluez5/bluez5/out-of-tree.patch26
-rw-r--r--external/poky/meta/recipes-connectivity/bluez5/bluez5/run-ptest2
-rw-r--r--external/poky/meta/recipes-connectivity/bluez5/bluez5_5.54.bb (renamed from external/poky/meta/recipes-connectivity/bluez5/bluez5_5.50.bb)6
-rw-r--r--external/poky/meta/recipes-connectivity/connman/connman-gnome_0.7.bb2
-rw-r--r--external/poky/meta/recipes-connectivity/connman/connman.inc26
-rw-r--r--external/poky/meta/recipes-connectivity/connman/connman/0001-giognutls-Fix-a-crash-using-wispr-over-TLS.patch41
-rw-r--r--external/poky/meta/recipes-connectivity/connman/connman/0001-gweb-fix-segfault-with-musl-v1.1.21.patch34
-rw-r--r--external/poky/meta/recipes-connectivity/connman/connman/0001-inet-Add-prefixlen-to-iproute_default_function.patch63
-rw-r--r--external/poky/meta/recipes-connectivity/connman/connman/0001-session-Keep-track-of-addr-in-fw_snat-session.patch112
-rw-r--r--external/poky/meta/recipes-connectivity/connman/connman/0002-inet-Implement-subnet-route-creation-deletion-in-ipr.patch69
-rw-r--r--external/poky/meta/recipes-connectivity/connman/connman/0003-inet-Implement-APIs-for-creating-and-deleting-subnet.patch68
-rw-r--r--external/poky/meta/recipes-connectivity/connman/connman/0004-session-Use-subnet-route-creation-and-deletion-APIs.patch77
-rw-r--r--external/poky/meta/recipes-connectivity/connman/connman/includes.patch417
-rw-r--r--external/poky/meta/recipes-connectivity/connman/connman_1.35.bb22
-rw-r--r--external/poky/meta/recipes-connectivity/connman/connman_1.37.bb17
-rw-r--r--external/poky/meta/recipes-connectivity/dhcp/dhcp.inc5
-rw-r--r--external/poky/meta/recipes-connectivity/dhcp/dhcp/0001-master-Added-includes-of-new-BIND9-compatibility-hea.patch79
-rw-r--r--external/poky/meta/recipes-connectivity/dhcp/dhcp/0001-workaround-busybox-limitation-in-linux-dhclient-script.patch65
-rw-r--r--external/poky/meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch6
-rw-r--r--external/poky/meta/recipes-connectivity/dhcp/dhcp/0006-site.h-enable-gentle-shutdown.patch27
-rw-r--r--external/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb (renamed from external/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb)7
-rw-r--r--external/poky/meta/recipes-connectivity/inetutils/inetutils/0001-rcp-fix-to-work-with-large-files.patch31
-rw-r--r--external/poky/meta/recipes-connectivity/inetutils/inetutils/fix-buffer-fortify-tfpt.patch25
-rw-r--r--external/poky/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch83
-rw-r--r--external/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch29
-rw-r--r--external/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch14
-rw-r--r--external/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch26
-rw-r--r--external/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch40
-rw-r--r--external/poky/meta/recipes-connectivity/inetutils/inetutils/rexec.xinetd.inetutils20
-rw-r--r--external/poky/meta/recipes-connectivity/inetutils/inetutils/rlogin.xinetd.inetutils23
-rw-r--r--external/poky/meta/recipes-connectivity/inetutils/inetutils/rsh.xinetd.inetutils21
-rw-r--r--external/poky/meta/recipes-connectivity/inetutils/inetutils/telnet.xinetd.inetutils13
-rw-r--r--external/poky/meta/recipes-connectivity/inetutils/inetutils/tftpd.xinetd.inetutils19
-rw-r--r--external/poky/meta/recipes-connectivity/inetutils/inetutils/version.patch17
-rw-r--r--external/poky/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb214
-rw-r--r--external/poky/meta/recipes-connectivity/iproute2/iproute2.inc37
-rw-r--r--external/poky/meta/recipes-connectivity/iproute2/iproute2/0001-ip-Remove-unneed-header.patch30
-rw-r--r--external/poky/meta/recipes-connectivity/iproute2/iproute2/configure-cross.patch32
-rw-r--r--external/poky/meta/recipes-connectivity/iproute2/iproute2_5.5.0.bb (renamed from external/poky/meta/recipes-connectivity/iproute2/iproute2_4.19.0.bb)6
-rwxr-xr-xexternal/poky/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/init78
-rw-r--r--external/poky/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/ldflags.patch87
-rw-r--r--external/poky/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/musl.patch29
-rw-r--r--external/poky/meta/recipes-connectivity/irda-utils/irda-utils_0.9.18.bb51
-rw-r--r--external/poky/meta/recipes-connectivity/iw/iw/0001-connect-fix-parsing-of-WEP-keys.patch194
-rw-r--r--external/poky/meta/recipes-connectivity/iw/iw/separate-objdir.patch33
-rw-r--r--external/poky/meta/recipes-connectivity/iw/iw_5.4.bb (renamed from external/poky/meta/recipes-connectivity/iw/iw_4.14.bb)8
-rw-r--r--external/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns/0001-check-for-nss.h.patch56
-rw-r--r--external/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.14.1.bb (renamed from external/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb)21
-rw-r--r--external/poky/meta/recipes-connectivity/libpcap/libpcap/0001-Fix-compiler_state_t.ai-usage-when-INET6-is-not-defi.patch41
-rw-r--r--external/poky/meta/recipes-connectivity/libpcap/libpcap/0002-Add-missing-compiler_state_t-parameter.patch67
-rw-r--r--external/poky/meta/recipes-connectivity/libpcap/libpcap/disable-remote.patch36
-rw-r--r--external/poky/meta/recipes-connectivity/libpcap/libpcap/fix-grammar-deps.patch29
-rw-r--r--external/poky/meta/recipes-connectivity/libpcap/libpcap/libpcap-pkgconfig-support.patch73
-rw-r--r--external/poky/meta/recipes-connectivity/libpcap/libpcap_1.8.1.bb31
-rw-r--r--external/poky/meta/recipes-connectivity/libpcap/libpcap_1.9.1.bb (renamed from external/poky/meta/recipes-connectivity/libpcap/libpcap.inc)32
-rw-r--r--external/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info/multilibfix.patch18
-rw-r--r--external/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb10
-rw-r--r--external/poky/meta/recipes-connectivity/neard/neard_0.16.bb4
-rw-r--r--external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch299
-rw-r--r--external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-cacheio-use-intmax_t-for-formatted-IO.patch38
-rw-r--r--external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/bugfix-adjust-statd-service-name.patch30
-rw-r--r--external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-warnings.patch61
-rw-r--r--external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service2
-rw-r--r--external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service1
-rw-r--r--external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch42
-rw-r--r--external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-limits.patch133
-rw-r--r--external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-res_querydomain.patch22
-rw-r--r--external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver2
-rw-r--r--external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.3.bb (renamed from external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.3.1.bb)38
-rw-r--r--external/poky/meta/recipes-connectivity/ofono/ofono/0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch36
-rw-r--r--external/poky/meta/recipes-connectivity/ofono/ofono/use-python3.patch27
-rw-r--r--external/poky/meta/recipes-connectivity/ofono/ofono_1.24.bb9
-rw-r--r--external/poky/meta/recipes-connectivity/ofono/ofono_1.31.bb (renamed from external/poky/meta/recipes-connectivity/ofono/ofono.inc)41
-rw-r--r--external/poky/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch26
-rwxr-xr-xexternal/poky/meta/recipes-connectivity/openssh/openssh/run-ptest3
-rw-r--r--external/poky/meta/recipes-connectivity/openssh/openssh_8.2p1.bb (renamed from external/poky/meta/recipes-connectivity/openssh/openssh_7.8p1+git.bb)26
-rw-r--r--external/poky/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch8
-rw-r--r--external/poky/meta/recipes-connectivity/openssl/openssl/CVE-2019-1543.patch69
-rw-r--r--external/poky/meta/recipes-connectivity/openssl/openssl/afalg.patch6
-rw-r--r--external/poky/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh222
-rw-r--r--external/poky/meta/recipes-connectivity/openssl/openssl/reproducible.patch32
-rw-r--r--external/poky/meta/recipes-connectivity/openssl/openssl10/0001-Fix-BN_LLONG-breakage.patch33
-rw-r--r--external/poky/meta/recipes-connectivity/openssl/openssl10/0001-Fix-DES_LONG-breakage.patch35
-rw-r--r--external/poky/meta/recipes-connectivity/openssl/openssl10/0001-Fix-build-with-clang-using-external-assembler.patch45
-rw-r--r--external/poky/meta/recipes-connectivity/openssl/openssl10/0001-allow-manpages-to-be-disabled.patch31
-rw-r--r--external/poky/meta/recipes-connectivity/openssl/openssl10/0001-openssl-force-soft-link-to-avoid-rare-race.patch46
-rw-r--r--external/poky/meta/recipes-connectivity/openssl/openssl10/Makefiles-ptest.patch89
-rw-r--r--external/poky/meta/recipes-connectivity/openssl/openssl10/Use-SHA256-not-MD5-as-default-digest.patch69
-rw-r--r--external/poky/meta/recipes-connectivity/openssl/openssl10/configure-musl-target.patch25
-rw-r--r--external/poky/meta/recipes-connectivity/openssl/openssl10/configure-targets.patch35
-rw-r--r--external/poky/meta/recipes-connectivity/openssl/openssl10/debian/c_rehash-compat.patch71
-rw-r--r--external/poky/meta/recipes-connectivity/openssl/openssl10/debian/debian-targets.patch73
-rw-r--r--external/poky/meta/recipes-connectivity/openssl/openssl10/debian/man-dir.patch15
-rw-r--r--external/poky/meta/recipes-connectivity/openssl/openssl10/debian/man-section.patch34
-rw-r--r--external/poky/meta/recipes-connectivity/openssl/openssl10/debian/no-rpath.patch15
-rw-r--r--external/poky/meta/recipes-connectivity/openssl/openssl10/debian/no-symbolic.patch15
-rw-r--r--external/poky/meta/recipes-connectivity/openssl/openssl10/debian/pic.patch177
-rw-r--r--external/poky/meta/recipes-connectivity/openssl/openssl10/debian1.0.2/block_digicert_malaysia.patch29
-rw-r--r--external/poky/meta/recipes-connectivity/openssl/openssl10/debian1.0.2/block_diginotar.patch68
-rw-r--r--external/poky/meta/recipes-connectivity/openssl/openssl10/debian1.0.2/soname.patch15
-rw-r--r--external/poky/meta/recipes-connectivity/openssl/openssl10/debian1.0.2/version-script.patch4658
-rw-r--r--external/poky/meta/recipes-connectivity/openssl/openssl10/engines-install-in-libdir-ssl.patch64
-rw-r--r--external/poky/meta/recipes-connectivity/openssl/openssl10/oe-ldflags.patch24
-rw-r--r--external/poky/meta/recipes-connectivity/openssl/openssl10/openssl-c_rehash.sh222
-rw-r--r--external/poky/meta/recipes-connectivity/openssl/openssl10/openssl-fix-des.pod-error.patch19
-rw-r--r--external/poky/meta/recipes-connectivity/openssl/openssl10/openssl_fix_for_x32.patch39
-rw-r--r--external/poky/meta/recipes-connectivity/openssl/openssl10/parallel.patch368
-rw-r--r--external/poky/meta/recipes-connectivity/openssl/openssl10/ptest-deps.patch34
-rw-r--r--external/poky/meta/recipes-connectivity/openssl/openssl10/ptest_makefile_deps.patch248
-rw-r--r--external/poky/meta/recipes-connectivity/openssl/openssl10/reproducible-cflags.patch20
-rw-r--r--external/poky/meta/recipes-connectivity/openssl/openssl10/reproducible-mkbuildinf.patch21
-rwxr-xr-xexternal/poky/meta/recipes-connectivity/openssl/openssl10/run-ptest2
-rw-r--r--external/poky/meta/recipes-connectivity/openssl/openssl10/shared-libs.patch41
-rw-r--r--external/poky/meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb363
-rw-r--r--external/poky/meta/recipes-connectivity/openssl/openssl_1.1.1g.bb (renamed from external/poky/meta/recipes-connectivity/openssl/openssl_1.1.1b.bb)51
-rw-r--r--external/poky/meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch47
-rw-r--r--external/poky/meta/recipes-connectivity/ppp/ppp_2.4.7.bb1
-rw-r--r--external/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.82.bb (renamed from external/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.79.bb)7
-rw-r--r--external/poky/meta/recipes-connectivity/socat/socat/0001-Access-c_ispeed-and-c_ospeed-via-APIs.patch52
-rw-r--r--external/poky/meta/recipes-connectivity/socat/socat/0001-define-NETDB_INTERNAL-to-1-if-not-available.patch32
-rw-r--r--external/poky/meta/recipes-connectivity/socat/socat/Makefile.in-fix-for-parallel-build.patch35
-rw-r--r--external/poky/meta/recipes-connectivity/socat/socat_1.7.3.4.bb (renamed from external/poky/meta/recipes-connectivity/socat/socat_1.7.3.2.bb)16
-rw-r--r--external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch82
-rw-r--r--external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch151
-rw-r--r--external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch62
-rw-r--r--external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch50
-rw-r--r--external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple1.patch191
-rw-r--r--external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple2.patch267
-rw-r--r--external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple3.patch201
-rw-r--r--external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple4.patch96
-rw-r--r--external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple5.patch81
-rw-r--r--external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple6.patch149
-rw-r--r--external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple7.patch60
-rw-r--r--external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple8.patch99
-rw-r--r--external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant-CVE-2018-14526.patch44
-rw-r--r--external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb (renamed from external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb)33
150 files changed, 1926 insertions, 11841 deletions
diff --git a/external/poky/meta/recipes-connectivity/avahi/avahi-ui_0.7.bb b/external/poky/meta/recipes-connectivity/avahi/avahi-ui_0.7.bb
index a77653bf..1510a0ef 100644
--- a/external/poky/meta/recipes-connectivity/avahi/avahi-ui_0.7.bb
+++ b/external/poky/meta/recipes-connectivity/avahi/avahi-ui_0.7.bb
@@ -1,6 +1,6 @@
require avahi.inc
-inherit distro_features_check
+inherit features_check
ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}"
DEPENDS += "avahi"
@@ -20,7 +20,13 @@ FILES_avahi-discover = "${datadir}/applications/avahi-discover.desktop \
do_install_append () {
rm ${D}${sysconfdir} -rf
- rm ${D}${base_libdir} -rf
+ if ${@bb.utils.contains('DISTRO_FEATURES','usrmerge','true','false',d)}; then
+ if [ "${nonarch_base_libdir}" != "${base_libdir}" ];then
+ rm ${D}${nonarch_base_libdir} -rf
+ fi
+ else
+ rm ${D}${base_libdir} -rf
+ fi
rm ${D}${systemd_unitdir} -rf
# The ${systemd_unitdir} is /lib/systemd, so we need rmdir /lib,
# but not ${base_libdir} here. And the /lib may not exist
diff --git a/external/poky/meta/recipes-connectivity/avahi/avahi.inc b/external/poky/meta/recipes-connectivity/avahi/avahi.inc
index 8339e451..6acedb54 100644
--- a/external/poky/meta/recipes-connectivity/avahi/avahi.inc
+++ b/external/poky/meta/recipes-connectivity/avahi/avahi.inc
@@ -36,6 +36,7 @@ PACKAGECONFIG ??= "dbus ${AVAHI_GTK}"
PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus"
PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+"
PACKAGECONFIG[gtk3] = "--enable-gtk3,--disable-gtk3,gtk+3"
+PACKAGECONFIG[libdns_sd] = "--enable-compat-libdns_sd --enable-dbus,,dbus"
inherit autotools pkgconfig gettext gobject-introspection
@@ -76,4 +77,15 @@ do_install() {
rm -rf ${D}${datadir}/dbus-1/interfaces
test -d ${D}${datadir}/dbus-1 && rmdir --ignore-fail-on-non-empty ${D}${datadir}/dbus-1
rm -rf ${D}${libdir}/avahi
+
+ # Move example service files out of /etc/avahi/services so we don't
+ # advertise ssh & sftp-ssh by default
+ install -d ${D}${docdir}/avahi
+ mv ${D}${sysconfdir}/avahi/services/* ${D}${docdir}/avahi
}
+
+PACKAGES =+ "${@bb.utils.contains("PACKAGECONFIG", "libdns_sd", "libavahi-compat-libdnssd", "", d)}"
+
+FILES_libavahi-compat-libdnssd = "${libdir}/libdns_sd.so.*"
+
+RPROVIDES_libavahi-compat-libdnssd = "libdns-sd"
diff --git a/external/poky/meta/recipes-connectivity/avahi/avahi_0.7.bb b/external/poky/meta/recipes-connectivity/avahi/avahi_0.7.bb
index 2e04d304..f6e3afb2 100644
--- a/external/poky/meta/recipes-connectivity/avahi/avahi_0.7.bb
+++ b/external/poky/meta/recipes-connectivity/avahi/avahi_0.7.bb
@@ -10,6 +10,16 @@ inherit update-rc.d systemd useradd
PACKAGES =+ "libavahi-gobject avahi-daemon libavahi-common libavahi-core libavahi-client avahi-dnsconfd libavahi-glib avahi-autoipd avahi-utils"
+LICENSE_libavahi-gobject = "LGPLv2.1+"
+LICENSE_avahi-daemon = "LGPLv2.1+"
+LICENSE_libavahi-common = "LGPLv2.1+"
+LICENSE_libavahi-core = "LGPLv2.1+"
+LICENSE_libavahi-client = "LGPLv2.1+"
+LICENSE_avahi-dnsconfd = "LGPLv2.1+"
+LICENSE_libavahi-glib = "LGPLv2.1+"
+LICENSE_avahi-autoipd = "LGPLv2.1+"
+LICENSE_avahi-utils = "LGPLv2.1+"
+
# As avahi doesn't put any files into PN, clear the files list to avoid problems
# if extra libraries appear.
FILES_${PN} = ""
diff --git a/external/poky/meta/recipes-connectivity/avahi/files/0001-Fix-opening-etc-resolv.conf-error.patch b/external/poky/meta/recipes-connectivity/avahi/files/0001-Fix-opening-etc-resolv.conf-error.patch
index 11e7e8a9..cb8b83fd 100644
--- a/external/poky/meta/recipes-connectivity/avahi/files/0001-Fix-opening-etc-resolv.conf-error.patch
+++ b/external/poky/meta/recipes-connectivity/avahi/files/0001-Fix-opening-etc-resolv.conf-error.patch
@@ -19,6 +19,11 @@ is marked as OE specific.
Upstream-Status: Inappropriate [OE Specific]
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+
+When connman installed to image, /etc/resolv.conf is link to
+/etc/resolv-conf.connman. So launch avahi-daemon after connman too.
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
---
avahi-daemon/avahi-daemon.service.in | 1 +
1 file changed, 1 insertion(+)
@@ -31,7 +36,7 @@ index 548c834..63e28e4 100644
[Unit]
Description=Avahi mDNS/DNS-SD Stack
Requires=avahi-daemon.socket
-+After=systemd-resolved.service
++After=systemd-resolved.service connman.service
[Service]
Type=dbus
diff --git a/external/poky/meta/recipes-connectivity/bind/bind/0001-build-use-pkg-config-to-find-libxml2.patch b/external/poky/meta/recipes-connectivity/bind/bind/0001-build-use-pkg-config-to-find-libxml2.patch
deleted file mode 100644
index 1e23c0f5..00000000
--- a/external/poky/meta/recipes-connectivity/bind/bind/0001-build-use-pkg-config-to-find-libxml2.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-xml2-config is disabled, so change the configure script to use pkgconfig to find
-libxml2.
-
-Upstream-Status: Inappropriate
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-Update context for version 9.10.3-P2.
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
-
-Update context for version 9.10.5-P3.
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
----
- configure.in | 23 +++--------------------
- 1 file changed, 3 insertions(+), 20 deletions(-)
-
-diff --git a/configure.in b/configure.in
-index 4da73a4..6f2a754 100644
---- a/configure.in
-+++ b/configure.in
-@@ -2282,26 +2282,9 @@ case "$use_libxml2" in
- DST_LIBXML2_INC=""
- ;;
- auto|yes)
-- case X`(xml2-config --version) 2>/dev/null` in
-- X2.[[6789]].*)
-- libxml2_libs=`xml2-config --libs`
-- libxml2_cflags=`xml2-config --cflags`
-- ;;
-- *)
-- if test "yes" = "$use_libxml2" ; then
-- AC_MSG_RESULT(no)
-- AC_MSG_ERROR(required libxml2 version not available)
-- else
-- libxml2_libs=
-- libxml2_cflags=
-- fi
-- ;;
-- esac
-- ;;
-- *)
-- if test -f "$use_libxml2/bin/xml2-config" ; then
-- libxml2_libs=`$use_libxml2/bin/xml2-config --libs`
-- libxml2_cflags=`$use_libxml2/bin/xml2-config --cflags`
-+ if pkg-config --exists libxml-2.0 ; then
-+ libxml2_libs=`pkg-config libxml-2.0 --libs`
-+ libxml2_cflags=`pkg-config libxml-2.0 --cflags`
- fi
- ;;
- esac
---
-2.1.4
-
diff --git a/external/poky/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch b/external/poky/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch
index 871bb2a5..9d31b980 100644
--- a/external/poky/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch
+++ b/external/poky/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch
@@ -1,4 +1,4 @@
-From 950867d9fd3f690e271c8c807b6eed144b2935b2 Mon Sep 17 00:00:00 2001
+From 2325a92f1896a2a7f586611686801b41fbc91b50 Mon Sep 17 00:00:00 2001
From: Hongxu Jia <hongxu.jia@windriver.com>
Date: Mon, 27 Aug 2018 15:00:51 +0800
Subject: [PATCH] configure.in: remove useless `-L$use_openssl/lib'
@@ -10,15 +10,16 @@ and helpful for clean up host build path in isc-config.sh
Upstream-Status: Inappropriate [oe-core specific]
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+
---
- configure.in | 2 +-
+ configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/configure.in b/configure.in
-index 54efc55..76ac0eb 100644
---- a/configure.in
-+++ b/configure.in
-@@ -1691,7 +1691,7 @@ If you don't want OpenSSL, use --without-openssl])
+diff --git a/configure.ac b/configure.ac
+index e85a5c6..2bbfc58 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1631,7 +1631,7 @@ If you don't want OpenSSL, use --without-openssl])
fi
;;
*)
@@ -27,6 +28,3 @@ index 54efc55..76ac0eb 100644
;;
esac
fi
---
-2.7.4
-
diff --git a/external/poky/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch b/external/poky/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch
deleted file mode 100644
index a8d601dc..00000000
--- a/external/poky/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-Upstream-Status: Pending
-
-Subject: gen.c: extend DIRNAMESIZE from 256 to 512
-
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
----
- lib/dns/gen.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Index: bind-9.11.3/lib/dns/gen.c
-===================================================================
---- bind-9.11.3.orig/lib/dns/gen.c
-+++ bind-9.11.3/lib/dns/gen.c
-@@ -130,7 +130,7 @@ static const char copyright[] =
- #define TYPECLASSBUF (TYPECLASSLEN + 1)
- #define TYPECLASSFMT "%" STR(TYPECLASSLEN) "[-0-9a-z]_%d"
- #define ATTRIBUTESIZE 256
--#define DIRNAMESIZE 256
-+#define DIRNAMESIZE 512
-
- static struct cc {
- struct cc *next;
diff --git a/external/poky/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch b/external/poky/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch
deleted file mode 100644
index 01874a44..00000000
--- a/external/poky/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 5bc3167a8b714ec0c4a3f1c7f3b9411296ec0a23 Mon Sep 17 00:00:00 2001
-From: Robert Yang <liezhi.yang@windriver.com>
-Date: Wed, 16 Sep 2015 20:23:47 -0700
-Subject: [PATCH] lib/dns/gen.c: fix too long error
-
-The 512 is a little short when build in deep dir, and cause "too long"
-error, use PATH_MAX if defined.
-
-Upstream-Status: Pending
-
-Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
----
- lib/dns/gen.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-Index: bind-9.11.3/lib/dns/gen.c
-===================================================================
---- bind-9.11.3.orig/lib/dns/gen.c
-+++ bind-9.11.3/lib/dns/gen.c
-@@ -130,7 +130,11 @@ static const char copyright[] =
- #define TYPECLASSBUF (TYPECLASSLEN + 1)
- #define TYPECLASSFMT "%" STR(TYPECLASSLEN) "[-0-9a-z]_%d"
- #define ATTRIBUTESIZE 256
-+#ifdef PATH_MAX
-+#define DIRNAMESIZE PATH_MAX
-+#else
- #define DIRNAMESIZE 512
-+#endif
-
- static struct cc {
- struct cc *next;
diff --git a/external/poky/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch b/external/poky/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch
index 37e210e6..84559e5f 100644
--- a/external/poky/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch
+++ b/external/poky/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch
@@ -1,4 +1,4 @@
-From 9473d29843579802e96b0293a3e953fed93de82c Mon Sep 17 00:00:00 2001
+From edda20fb5a6e88548f85e39d34d6c074306e15bc Mon Sep 17 00:00:00 2001
From: Paul Gortmaker <paul.gortmaker@windriver.com>
Date: Tue, 9 Jun 2015 11:22:00 -0400
Subject: [PATCH] bind: ensure searching for json headers searches sysroot
@@ -27,15 +27,16 @@ to make use of the combination some day.
Upstream-Status: Inappropriate [OE Specific]
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
+
---
- configure.in | 2 +-
+ configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
-Index: bind-9.11.3/configure.in
-===================================================================
---- bind-9.11.3.orig/configure.in
-+++ bind-9.11.3/configure.in
-@@ -2574,7 +2574,7 @@ case "$use_libjson" in
+diff --git a/configure.ac b/configure.ac
+index 17392fd..e85a5c6 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -2449,7 +2449,7 @@ case "$use_libjson" in
libjson_libs=""
;;
auto|yes)
diff --git a/external/poky/meta/recipes-connectivity/bind/bind_9.11.5-P4.bb b/external/poky/meta/recipes-connectivity/bind/bind_9.11.21.bb
index 432bad01..ee546a0a 100644
--- a/external/poky/meta/recipes-connectivity/bind/bind_9.11.5-P4.bb
+++ b/external/poky/meta/recipes-connectivity/bind/bind_9.11.21.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "http://www.isc.org/sw/bind/"
SECTION = "console/network"
LICENSE = "ISC & BSD"
-LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=8f17f64e47e83b60cd920a1e4b54419e"
+LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=bf39058a7f64b2a934ce14dc9ec1dd45"
DEPENDS = "openssl libcap zlib"
@@ -15,21 +15,22 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
file://make-etc-initd-bind-stop-work.patch \
file://init.d-add-support-for-read-only-rootfs.patch \
file://bind-ensure-searching-for-json-headers-searches-sysr.patch \
- file://0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch \
- file://0001-lib-dns-gen.c-fix-too-long-error.patch \
file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \
file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \
file://0001-avoid-start-failure-with-bind-user.patch \
-"
+ "
-SRC_URI[md5sum] = "8ddab4b61fa4516fe404679c74e37960"
-SRC_URI[sha256sum] = "7e8c08192bcbaeb6e9f2391a70e67583b027b90e8c4bc1605da6eb126edde434"
+SRC_URI[sha256sum] = "668158b005b3de4328fa0dbbbb3f524b66f28f024c67538aa9412a9e69c9dfbc"
UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
-UPSTREAM_CHECK_REGEX = "(?P<pver>9(\.\d+)+(-P\d+)*)/"
-RECIPE_NO_UPDATE_REASON = "9.11 is LTS 2021"
+# stay at 9.11 until 9.16, from 9.16 follow the ESV versions divisible by 4
+UPSTREAM_CHECK_REGEX = "(?P<pver>9.(11|16|20|24|28)(\.\d+)+(-P\d+)*)/"
-inherit autotools update-rc.d systemd useradd pkgconfig multilib_script
+# BIND >= 9.11.2 need dhcpd >= 4.4.0,
+# don't report it here since dhcpd is already recent enough.
+CVE_CHECK_WHITELIST += "CVE-2019-6470"
+
+inherit autotools update-rc.d systemd useradd pkgconfig multilib_script multilib_header
MULTILIB_SCRIPTS = "${PN}:${bindir}/bind9-config ${PN}:${bindir}/isc-config.sh"
@@ -39,7 +40,7 @@ PACKAGECONFIG[httpstats] = "--with-libxml2=${STAGING_DIR_HOST}${prefix},--withou
PACKAGECONFIG[readline] = "--with-readline=-lreadline,,readline"
PACKAGECONFIG[libedit] = "--with-readline=-ledit,,libedit"
PACKAGECONFIG[urandom] = "--with-randomdev=/dev/urandom,--with-randomdev=/dev/random,,"
-PACKAGECONFIG[python3] = "--with-python=${PYTHON} --with-python-install-dir=${D}/${PYTHON_SITEPACKAGES_DIR} , --without-python, python3-ply-native,"
+PACKAGECONFIG[python3] = "--with-python=yes --with-python-install-dir=${PYTHON_SITEPACKAGES_DIR} , --without-python, python3-ply-native,"
ENABLE_IPV6 = "--enable-ipv6=${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'yes', 'no', d)}"
EXTRA_OECONF = " ${ENABLE_IPV6} --with-libtool --enable-threads \
@@ -73,8 +74,6 @@ do_install_prepend() {
do_install_append() {
- rm "${D}${bindir}/nslookup"
- rm "${D}${mandir}/man1/nslookup.1"
rmdir "${D}${localstatedir}/run"
rmdir --ignore-fail-on-non-empty "${D}${localstatedir}"
install -d -o bind "${D}${localstatedir}/cache/bind"
@@ -105,6 +104,8 @@ do_install_append() {
install -d ${D}${sysconfdir}/tmpfiles.d
echo "d /run/named 0755 bind bind - -" > ${D}${sysconfdir}/tmpfiles.d/bind.conf
fi
+
+ oe_multilib_header isc/platform.h
}
CONFFILES_${PN} = " \
@@ -118,8 +119,12 @@ CONFFILES_${PN} = " \
${sysconfdir}/bind/db.root \
"
+ALTERNATIVE_${PN}-utils = "nslookup"
+ALTERNATIVE_LINK_NAME[nslookup] = "${bindir}/nslookup"
+ALTERNATIVE_PRIORITY = "100"
+
PACKAGE_BEFORE_PN += "${PN}-utils"
-FILES_${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig"
+FILES_${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig ${bindir}/nslookup ${bindir}/nsupdate"
FILES_${PN}-dev += "${bindir}/isc-config.h"
FILES_${PN} += "${sbindir}/generate-rndc-key.sh"
@@ -131,7 +136,5 @@ PACKAGE_BEFORE_PN += "${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3-
FILES_python3-bind = "${sbindir}/dnssec-coverage ${sbindir}/dnssec-checkds \
${sbindir}/dnssec-keymgr ${PYTHON_SITEPACKAGES_DIR}"
-RDEPENDS_${PN} = "bash"
-RDEPENDS_${PN}-utils = "bash"
RDEPENDS_${PN}-dev = ""
RDEPENDS_python3-bind = "python3-core python3-ply"
diff --git a/external/poky/meta/recipes-connectivity/bluez5/bluez5.inc b/external/poky/meta/recipes-connectivity/bluez5/bluez5.inc
index aaf2af97..150d909d 100644
--- a/external/poky/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/external/poky/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -6,7 +6,7 @@ LICENSE = "GPLv2+ & LGPLv2.1+"
LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \
file://COPYING.LIB;md5=fb504b67c50331fc78734fed90fb0e09 \
file://src/main.c;beginline=1;endline=24;md5=9bc54b93cd7e17bf03f52513f39f926e"
-DEPENDS = "udev dbus-glib glib-2.0"
+DEPENDS = "dbus glib-2.0"
PROVIDES += "bluez-hcidump"
RPROVIDES_${PN} += "bluez-hcidump"
@@ -22,6 +22,7 @@ PACKAGECONFIG ??= "obex-profiles \
hog-profiles \
tools \
deprecated \
+ udev \
"
PACKAGECONFIG[obex-profiles] = "--enable-obex,--disable-obex,libical"
PACKAGECONFIG[readline] = "--enable-client,--disable-client,readline,"
@@ -43,28 +44,26 @@ PACKAGECONFIG[threads] = "--enable-threads,--disable-threads"
PACKAGECONFIG[deprecated] = "--enable-deprecated,--disable-deprecated"
PACKAGECONFIG[mesh] = "--enable-mesh,--disable-mesh, json-c ell"
PACKAGECONFIG[btpclient] = "--enable-btpclient,--disable-btpclient, ell"
-
-SRC_URI = "\
- ${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
- file://out-of-tree.patch \
- file://init \
- file://run-ptest \
- ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \
- file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
- file://0001-test-gatt-Fix-hung-issue.patch \
- file://0001-Makefile.am-Fix-a-race-issue-for-tools.patch \
- file://CVE-2018-10910.patch \
-"
+PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,udev"
+
+SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
+ file://init \
+ file://run-ptest \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \
+ file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
+ file://0001-test-gatt-Fix-hung-issue.patch \
+ "
S = "${WORKDIR}/bluez-${PV}"
CVE_PRODUCT = "bluez"
-inherit autotools pkgconfig systemd update-rc.d distro_features_check ptest gobject-introspection-data
+inherit autotools pkgconfig systemd update-rc.d features_check ptest gobject-introspection-data
EXTRA_OECONF = "\
--enable-test \
--enable-datafiles \
--enable-library \
+ --without-zsh-completion-dir \
"
# bluez5 builds a large number of useful utilities but does not
@@ -117,7 +116,10 @@ FILES_${PN}-dev += " \
FILES_${PN}-obex = "${libexecdir}/bluetooth/obexd \
${exec_prefix}/lib/systemd/user/obex.service \
+ ${systemd_system_unitdir}/obex.service \
+ ${sysconfdir}/systemd/system/multi-user.target.wants/obex.service \
${datadir}/dbus-1/services/org.bluez.obex.service \
+ ${sysconfdir}/dbus-1/system.d/obexd.conf \
"
SYSTEMD_SERVICE_${PN}-obex = "obex.service"
@@ -133,7 +135,7 @@ def get_noinst_tools_paths (d, bb, tools):
FILES_${PN}-noinst-tools = "${@get_noinst_tools_paths(d, bb, d.getVar('NOINST_TOOLS'))}"
-RDEPENDS_${PN}-testtools += "python3 python3-dbus"
+RDEPENDS_${PN}-testtools += "python3-core python3-dbus"
RDEPENDS_${PN}-testtools += "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)}"
SYSTEMD_SERVICE_${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'systemd', 'bluetooth.service', '', d)}"
@@ -148,3 +150,5 @@ do_install_ptest() {
cp -r ${B}/unit/ ${D}${PTEST_PATH}
rm -f ${D}${PTEST_PATH}/unit/*.o
}
+
+RDEPENDS_${PN}-ptest_append_libc-glibc = " glibc-gconv-utf-16"
diff --git a/external/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch b/external/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch
index da714092..618ed734 100644
--- a/external/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch
+++ b/external/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch
@@ -1,4 +1,4 @@
-From 99ccdbe155028c4c789803a429072675b87d0c3a Mon Sep 17 00:00:00 2001
+From f74eb97c9fb3c0ee2895742e773ac6a3c41c999c Mon Sep 17 00:00:00 2001
From: Giovanni Campagna <gcampagna-cNUdlRotFMnNLxjTenLetw@public.gmane.org>
Date: Sat, 12 Oct 2013 17:45:25 +0200
Subject: [PATCH] Allow using obexd without systemd in the user session
@@ -17,22 +17,22 @@ http://thread.gmane.org/gmane.linux.bluez.kernel/38725/focus=38843
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
---
- Makefile.obexd | 4 ++--
- obexd/src/{org.bluez.obex.service => org.bluez.obex.service.in} | 2 +-
+ Makefile.obexd | 4 ++--
+ .../src/{org.bluez.obex.service => org.bluez.obex.service.in} | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
rename obexd/src/{org.bluez.obex.service => org.bluez.obex.service.in} (76%)
diff --git a/Makefile.obexd b/Makefile.obexd
-index c462692..0325f66 100644
+index de59d29..73004a3 100644
--- a/Makefile.obexd
+++ b/Makefile.obexd
@@ -1,12 +1,12 @@
if SYSTEMD
- systemduserunitdir = @SYSTEMD_USERUNITDIR@
+ systemduserunitdir = $(SYSTEMD_USERUNITDIR)
systemduserunit_DATA = obexd/src/obex.service
+endif
- dbussessionbusdir = @DBUS_SESSIONBUSDIR@
+ dbussessionbusdir = $(DBUS_SESSIONBUSDIR)
dbussessionbus_DATA = obexd/src/org.bluez.obex.service
-endif
diff --git a/external/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Makefile.am-Fix-a-race-issue-for-tools.patch b/external/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Makefile.am-Fix-a-race-issue-for-tools.patch
deleted file mode 100644
index 3c227a8e..00000000
--- a/external/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Makefile.am-Fix-a-race-issue-for-tools.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 048e1844092cb4b3afd23f16fc2cc70dd2e122b7 Mon Sep 17 00:00:00 2001
-From: Robert Yang <liezhi.yang@windriver.com>
-Date: Mon, 24 Dec 2018 17:57:14 -0800
-Subject: [PATCH] Makefile.am: Fix a race issue for tools
-
-Fixed:
-cp ../bluez-5.50/tools/hid2hci.rules tools/97-hid2hci.rules
-cp: cannot create regular file tools/97-hid2hci.rules: No such file or directory
-make[1]: *** [tools/97-hid2hci.rules] Error 1
-
-Upstream-Status: Submitted[https://www.spinics.net/lists/linux-bluetooth/msg78361.html]
-
-Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
----
- Makefile.am | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/Makefile.am b/Makefile.am
-index 6d1ff11..35a01f2 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -504,6 +504,7 @@ src/builtin.h: src/genbuiltin $(builtin_sources)
- $(AM_V_GEN)$(srcdir)/src/genbuiltin $(builtin_modules) > $@
-
- tools/%.rules:
-+ [ -e tools ] || $(MKDIR_P) tools
- $(AM_V_GEN)cp $(srcdir)/$(subst 97-,,$@) $@
-
- $(lib_libbluetooth_la_OBJECTS): $(local_headers)
---
-2.10.2
-
diff --git a/external/poky/meta/recipes-connectivity/bluez5/bluez5/CVE-2018-10910.patch b/external/poky/meta/recipes-connectivity/bluez5/bluez5/CVE-2018-10910.patch
deleted file mode 100644
index b4b1846c..00000000
--- a/external/poky/meta/recipes-connectivity/bluez5/bluez5/CVE-2018-10910.patch
+++ /dev/null
@@ -1,705 +0,0 @@
-A bug in Bluez may allow for the Bluetooth Discoverable state being set to on
-when no Bluetooth agent is registered with the system. This situation could
-lead to the unauthorized pairing of certain Bluetooth devices without any
-form of authentication.
-
-CVE: CVE-2018-10910
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-Subject: [PATCH BlueZ 1/4] client: Add discoverable-timeout command
-From: Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
-Date: 2018-07-25 10:20:32
-Message-ID: 20180725102035.19439-1-luiz.dentz () gmail ! com
-[Download RAW message or body]
-
-From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-
-This adds discoverable-timeout command which can be used to get/set
-DiscoverableTimeout property:
-
-[bluetooth]# discoverable-timeout 180
-Changing discoverable-timeout 180 succeeded
----
- client/main.c | 43 +++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 43 insertions(+)
-
-diff --git a/client/main.c b/client/main.c
-index 87323d8f7..59820c6d9 100644
---- a/client/main.c
-+++ b/client/main.c
-@@ -1061,6 +1061,47 @@ static void cmd_discoverable(int argc, char *argv[])
- return bt_shell_noninteractive_quit(EXIT_FAILURE);
- }
-
-+static void cmd_discoverable_timeout(int argc, char *argv[])
-+{
-+ uint32_t value;
-+ char *endptr = NULL;
-+ char *str;
-+
-+ if (argc < 2) {
-+ DBusMessageIter iter;
-+
-+ if (!g_dbus_proxy_get_property(default_ctrl->proxy,
-+ "DiscoverableTimeout", &iter)) {
-+ bt_shell_printf("Unable to get DiscoverableTimeout\n");
-+ return bt_shell_noninteractive_quit(EXIT_FAILURE);
-+ }
-+
-+ dbus_message_iter_get_basic(&iter, &value);
-+
-+ bt_shell_printf("DiscoverableTimeout: %d seconds\n", value);
-+
-+ return;
-+ }
-+
-+ value = strtol(argv[1], &endptr, 0);
-+ if (!endptr || *endptr != '\0' || value > UINT32_MAX) {
-+ bt_shell_printf("Invalid argument\n");
-+ return bt_shell_noninteractive_quit(EXIT_FAILURE);
-+ }
-+
-+ str = g_strdup_printf("discoverable-timeout %d", value);
-+
-+ if (g_dbus_proxy_set_property_basic(default_ctrl->proxy,
-+ "DiscoverableTimeout",
-+ DBUS_TYPE_UINT32, &value,
-+ generic_callback, str, g_free))
-+ return;
-+
-+ g_free(str);
-+
-+ return bt_shell_noninteractive_quit(EXIT_FAILURE);
-+}
-+
- static void cmd_agent(int argc, char *argv[])
- {
- dbus_bool_t enable;
-@@ -2549,6 +2590,8 @@ static const struct bt_shell_menu main_menu = {
- { "discoverable", "<on/off>", cmd_discoverable,
- "Set controller discoverable mode",
- NULL },
-+ { "discoverable-timeout", "[value]", cmd_discoverable_timeout,
-+ "Set discoverable timeout", NULL },
- { "agent", "<on/off/capability>", cmd_agent,
- "Enable/disable agent with given capability",
- capability_generator},
---
-2.17.1
-
-Subject: [PATCH BlueZ 2/4] client: Make show command print DiscoverableTimeout
-From: Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
-Date: 2018-07-25 10:20:33
-Message-ID: 20180725102035.19439-2-luiz.dentz () gmail ! com
-[Download RAW message or body]
-
-From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-
-Controller XX:XX:XX:XX:XX:XX (public)
- Name: Vudentz's T460s
- Alias: Intel-1
- Class: 0x004c010c
- Powered: yes
- Discoverable: no
- DiscoverableTimeout: 0x00000000
- Pairable: yes
- UUID: Headset AG (00001112-0000-1000-8000-00805f9b34fb)
- UUID: Generic Attribute Profile (00001801-0000-1000-8000-00805f9b34fb)
- UUID: A/V Remote Control (0000110e-0000-1000-8000-00805f9b34fb)
- UUID: SIM Access (0000112d-0000-1000-8000-00805f9b34fb)
- UUID: Generic Access Profile (00001800-0000-1000-8000-00805f9b34fb)
- UUID: PnP Information (00001200-0000-1000-8000-00805f9b34fb)
- UUID: A/V Remote Control Target (0000110c-0000-1000-8000-00805f9b34fb)
- UUID: Audio Source (0000110a-0000-1000-8000-00805f9b34fb)
- UUID: Audio Sink (0000110b-0000-1000-8000-00805f9b34fb)
- UUID: Headset (00001108-0000-1000-8000-00805f9b34fb)
- Modalias: usb:v1D6Bp0246d0532
- Discovering: no
----
- client/main.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/client/main.c b/client/main.c
-index 59820c6d9..6f472d050 100644
---- a/client/main.c
-+++ b/client/main.c
-@@ -877,6 +877,7 @@ static void cmd_show(int argc, char *argv[])
- print_property(proxy, "Class");
- print_property(proxy, "Powered");
- print_property(proxy, "Discoverable");
-+ print_property(proxy, "DiscoverableTimeout");
- print_property(proxy, "Pairable");
- print_uuids(proxy);
- print_property(proxy, "Modalias");
---
-2.17.1
-Subject: [PATCH BlueZ 3/4] adapter: Track pending settings
-From: Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
-Date: 2018-07-25 10:20:34
-Message-ID: 20180725102035.19439-3-luiz.dentz () gmail ! com
-[Download RAW message or body]
-
-From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-
-This tracks settings being changed and in case the settings is already
-pending considered it to be done.
----
- src/adapter.c | 30 ++++++++++++++++++++++++++++--
- 1 file changed, 28 insertions(+), 2 deletions(-)
-
-diff --git a/src/adapter.c b/src/adapter.c
-index af340fd6e..20c20f9e9 100644
---- a/src/adapter.c
-+++ b/src/adapter.c
-@@ -196,6 +196,7 @@ struct btd_adapter {
- char *name; /* controller device name */
- char *short_name; /* controller short name */
- uint32_t supported_settings; /* controller supported settings */
-+ uint32_t pending_settings; /* pending controller settings */
- uint32_t current_settings; /* current controller settings */
-
- char *path; /* adapter object path */
-@@ -509,8 +510,10 @@ static void settings_changed(struct btd_adapter *adapter, uint32_t settings)
- changed_mask = adapter->current_settings ^ settings;
-
- adapter->current_settings = settings;
-+ adapter->pending_settings &= ~changed_mask;
-
- DBG("Changed settings: 0x%08x", changed_mask);
-+ DBG("Pending settings: 0x%08x", adapter->pending_settings);
-
- if (changed_mask & MGMT_SETTING_POWERED) {
- g_dbus_emit_property_changed(dbus_conn, adapter->path,
-@@ -596,10 +599,31 @@ static bool set_mode(struct btd_adapter *adapter, uint16_t opcode,
- uint8_t mode)
- {
- struct mgmt_mode cp;
-+ uint32_t setting = 0;
-
- memset(&cp, 0, sizeof(cp));
- cp.val = mode;
-
-+ switch (mode) {
-+ case MGMT_OP_SET_POWERED:
-+ setting = MGMT_SETTING_POWERED;
-+ break;
-+ case MGMT_OP_SET_CONNECTABLE:
-+ setting = MGMT_SETTING_CONNECTABLE;
-+ break;
-+ case MGMT_OP_SET_FAST_CONNECTABLE:
-+ setting = MGMT_SETTING_FAST_CONNECTABLE;
-+ break;
-+ case MGMT_OP_SET_DISCOVERABLE:
-+ setting = MGMT_SETTING_DISCOVERABLE;
-+ break;
-+ case MGMT_OP_SET_BONDABLE:
-+ setting = MGMT_SETTING_DISCOVERABLE;
-+ break;
-+ }
-+
-+ adapter->pending_settings |= setting;
-+
- DBG("sending set mode command for index %u", adapter->dev_id);
-
- if (mgmt_send(adapter->mgmt, opcode,
-@@ -2739,13 +2763,15 @@ static void property_set_mode(struct btd_adapter *adapter, uint32_t setting,
- else
- current_enable = FALSE;
-
-- if (enable == current_enable) {
-+ if (enable == current_enable || adapter->pending_settings & setting) {
- g_dbus_pending_property_success(id);
- return;
- }
-
- mode = (enable == TRUE) ? 0x01 : 0x00;
-
-+ adapter->pending_settings |= setting;
-+
- switch (setting) {
- case MGMT_SETTING_POWERED:
- opcode = MGMT_OP_SET_POWERED;
-@@ -2798,7 +2824,7 @@ static void property_set_mode(struct btd_adapter *adapter, uint32_t setting,
- data->id = id;
-
- if (mgmt_send(adapter->mgmt, opcode, adapter->dev_id, len, param,
-- property_set_mode_complete, data, g_free) > 0)
-+ property_set_mode_complete, data, g_free) > 0)
- return;
-
- g_free(data);
---
-2.17.1
-Subject: [PATCH BlueZ 4/4] adapter: Check pending when setting DiscoverableTimeout
-From: Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
-Date: 2018-07-25 10:20:35
-Message-ID: 20180725102035.19439-4-luiz.dentz () gmail ! com
-[Download RAW message or body]
-
-From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-
-This makes DiscoverableTimeout check if discoverable is already pending
-and don't attempt to set it once again which may cause discoverable to
-be re-enabled when in fact the application just want to set the timeout
-alone.
----
- src/adapter.c | 14 +++++++++++++-
- 1 file changed, 13 insertions(+), 1 deletion(-)
-
-diff --git a/src/adapter.c b/src/adapter.c
-index 20c20f9e9..f92c897c7 100644
---- a/src/adapter.c
-+++ b/src/adapter.c
-@@ -2901,6 +2901,7 @@ static void property_set_discoverable_timeout(
- GDBusPendingPropertySet id, void *user_data)
- {
- struct btd_adapter *adapter = user_data;
-+ bool enabled;
- dbus_uint32_t value;
-
- dbus_message_iter_get_basic(iter, &value);
-@@ -2914,8 +2915,19 @@ static void property_set_discoverable_timeout(
- g_dbus_emit_property_changed(dbus_conn, adapter->path,
- ADAPTER_INTERFACE, "DiscoverableTimeout");
-
-+ if (adapter->pending_settings & MGMT_SETTING_DISCOVERABLE) {
-+ if (adapter->current_settings & MGMT_SETTING_DISCOVERABLE)
-+ enabled = false;
-+ else
-+ enabled = true;
-+ } else {
-+ if (adapter->current_settings & MGMT_SETTING_DISCOVERABLE)
-+ enabled = true;
-+ else
-+ enabled = false;
-+ }
-
-- if (adapter->current_settings & MGMT_SETTING_DISCOVERABLE)
-+ if (enabled)
- set_discoverable(adapter, 0x01, adapter->discoverable_timeout);
- }
-
---
-2.17.1
-Subject: [PATCH BlueZ 1/5] doc/adapter-api: Add Discoverable option to SetDiscoveryFilter
-From: Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
-Date: 2018-07-26 14:17:19
-Message-ID: 20180726141723.20199-1-luiz.dentz () gmail ! com
-[Download RAW message or body]
-
-From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-
-This enables the client to set its discoverable setting while
-discovering which is very typical situation as usually the setings
-application would allow incoming pairing request while scanning, so
-this would reduce the number of calls setting Discoverable and
-DiscoverableTimeout and restoring after done with discovery.
----
- doc/adapter-api.txt | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/doc/adapter-api.txt b/doc/adapter-api.txt
-index d14d0ca50..4791af2c7 100644
---- a/doc/adapter-api.txt
-+++ b/doc/adapter-api.txt
-@@ -113,6 +113,12 @@ Methods void StartDiscovery()
- generated for either ManufacturerData and
- ServiceData everytime they are discovered.
-
-+ bool Discoverable (Default: false)
-+
-+ Make adapter discoverable while discovering,
-+ if the adapter is already discoverable this
-+ setting this filter won't do anything.
-+
- When discovery filter is set, Device objects will be
- created as new devices with matching criteria are
- discovered regardless of they are connectable or
---
-2.17.1
-Subject: [PATCH BlueZ 2/5] adapter: Discovery filter discoverable
-From: Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
-Date: 2018-07-26 14:17:20
-Message-ID: 20180726141723.20199-2-luiz.dentz () gmail ! com
-[Download RAW message or body]
-
-From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-
-This implements the discovery filter discoverable and tracks which
-clients had enabled it and restores the settings when the last client
-enabling it exits.
----
- src/adapter.c | 56 +++++++++++++++++++++++++++++++++++++++++++++++++--
- 1 file changed, 54 insertions(+), 2 deletions(-)
-
-diff --git a/src/adapter.c b/src/adapter.c
-index f92c897c7..bd9edddc6 100644
---- a/src/adapter.c
-+++ b/src/adapter.c
-@@ -157,6 +157,7 @@ struct discovery_filter {
- int16_t rssi;
- GSList *uuids;
- bool duplicate;
-+ bool discoverable;
- };
-
- struct watch_client {
-@@ -214,6 +215,7 @@ struct btd_adapter {
-
- bool discovering; /* discovering property state */
- bool filtered_discovery; /* we are doing filtered discovery */
-+ bool filtered_discoverable; /* we are doing filtered discovery */
- bool no_scan_restart_delay; /* when this flag is set, restart scan
- * without delay */
- uint8_t discovery_type; /* current active discovery type */
-@@ -1842,6 +1844,16 @@ static void discovery_free(void *user_data)
- g_free(client);
- }
-
-+static bool set_filtered_discoverable(struct btd_adapter *adapter, bool enable)
-+{
-+ if (adapter->filtered_discoverable == enable)
-+ return true;
-+
-+ adapter->filtered_discoverable = enable;
-+
-+ return set_discoverable(adapter, enable, 0);
-+}
-+
- static void discovery_remove(struct watch_client *client)
- {
- struct btd_adapter *adapter = client->adapter;
-@@ -1854,6 +1866,22 @@ static void discovery_remove(struct watch_client *client)
- adapter->discovery_list = g_slist_remove(adapter->discovery_list,
- client);
-
-+ if (adapter->filtered_discoverable &&
-+ client->discovery_filter->discoverable) {
-+ GSList *l;
-+
-+ for (l = adapter->discovery_list; l; l = g_slist_next(l)) {
-+ struct watch_client *client = l->data;
-+
-+ if (client->discovery_filter->discoverable)
-+ break;
-+ }
-+
-+ /* Disable filtered discoverable if there are no clients */
-+ if (!l)
-+ set_filtered_discoverable(adapter, false);
-+ }
-+
- discovery_free(client);
-
- /*
-@@ -2224,6 +2252,15 @@ static DBusMessage *start_discovery(DBusConnection *conn,
- adapter->set_filter_list, client);
- adapter->discovery_list = g_slist_prepend(
- adapter->discovery_list, client);
-+
-+ /* Reset discoverable filter if already set */
-+ if (adapter->current_settings & MGMT_OP_SET_DISCOVERABLE)
-+ goto done;
-+
-+ /* Set discoverable if filter requires and it*/
-+ if (client->discovery_filter->discoverable)
-+ set_filtered_discoverable(adapter, true);
-+
- goto done;
- }
-
-@@ -2348,6 +2385,17 @@ static bool parse_duplicate_data(DBusMessageIter *value,
- return true;
- }
-
-+static bool parse_discoverable(DBusMessageIter *value,
-+ struct discovery_filter *filter)
-+{
-+ if (dbus_message_iter_get_arg_type(value) != DBUS_TYPE_BOOLEAN)
-+ return false;
-+
-+ dbus_message_iter_get_basic(value, &filter->discoverable);
-+
-+ return true;
-+}
-+
- struct filter_parser {
- const char *name;
- bool (*func)(DBusMessageIter *iter, struct discovery_filter *filter);
-@@ -2357,6 +2405,7 @@ struct filter_parser {
- { "Pathloss", parse_pathloss },
- { "Transport", parse_transport },
- { "DuplicateData", parse_duplicate_data },
-+ { "Discoverable", parse_discoverable },
- { }
- };
-
-@@ -2396,6 +2445,7 @@ static bool parse_discovery_filter_dict(struct btd_adapter *adapter,
- (*filter)->rssi = DISTANCE_VAL_INVALID;
- (*filter)->type = get_scan_type(adapter);
- (*filter)->duplicate = false;
-+ (*filter)->discoverable = false;
-
- dbus_message_iter_init(msg, &iter);
- if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_ARRAY ||
-@@ -2441,8 +2491,10 @@ static bool parse_discovery_filter_dict(struct btd_adapter *adapter,
- goto invalid_args;
-
- DBG("filtered discovery params: transport: %d rssi: %d pathloss: %d "
-- " duplicate data: %s ", (*filter)->type, (*filter)->rssi,
-- (*filter)->pathloss, (*filter)->duplicate ? "true" : "false");
-+ " duplicate data: %s discoverable %s", (*filter)->type,
-+ (*filter)->rssi, (*filter)->pathloss,
-+ (*filter)->duplicate ? "true" : "false",
-+ (*filter)->discoverable ? "true" : "false");
-
- return true;
-
---
-2.17.1
-Subject: [PATCH BlueZ 3/5] client: Add scan.discoverable command
-From: Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
-Date: 2018-07-26 14:17:21
-Message-ID: 20180726141723.20199-3-luiz.dentz () gmail ! com
-[Download RAW message or body]
-
-From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-
-This adds discoverable command to scan menu which can be used to set
-if adapter should become discoverable while scanning:
-
-[bluetooth]# scan.discoverable on
-[bluetooth]# scan on
-SetDiscoveryFilter success
-[CHG] Controller XX:XX:XX:XX:XX:XX Discoverable: yes
-Discovery started
-[CHG] Controller XX:XX:XX:XX:XX:XX Discovering: yes
-[bluetooth]# scan off
-Discovery stopped
-[CHG] Controller XX:XX:XX:XX:XX:XX Discoverable: no
----
- client/main.c | 29 +++++++++++++++++++++++++++++
- 1 file changed, 29 insertions(+)
-
-diff --git a/client/main.c b/client/main.c
-index 6f472d050..6e6f6d2fb 100644
---- a/client/main.c
-+++ b/client/main.c
-@@ -1166,6 +1166,7 @@ static struct set_discovery_filter_args {
- char **uuids;
- size_t uuids_len;
- dbus_bool_t duplicate;
-+ dbus_bool_t discoverable;
- bool set;
- } filter = {
- .rssi = DISTANCE_VAL_INVALID,
-@@ -1205,6 +1206,11 @@ static void set_discovery_filter_setup(DBusMessageIter *iter, void *user_data)
- DBUS_TYPE_BOOLEAN,
- &args->duplicate);
-
-+ if (args->discoverable)
-+ g_dbus_dict_append_entry(&dict, "Discoverable",
-+ DBUS_TYPE_BOOLEAN,
-+ &args->discoverable);
-+
- dbus_message_iter_close_container(iter, &dict);
- }
-
-@@ -1362,6 +1368,26 @@ static void cmd_scan_filter_duplicate_data(int argc, char *argv[])
- filter.set = false;
- }
-
-+static void cmd_scan_filter_discoverable(int argc, char *argv[])
-+{
-+ if (argc < 2 || !strlen(argv[1])) {
-+ bt_shell_printf("Discoverable: %s\n",
-+ filter.discoverable ? "on" : "off");
-+ return bt_shell_noninteractive_quit(EXIT_SUCCESS);
-+ }
-+
-+ if (!strcmp(argv[1], "on"))
-+ filter.discoverable = true;
-+ else if (!strcmp(argv[1], "off"))
-+ filter.discoverable = false;
-+ else {
-+ bt_shell_printf("Invalid option: %s\n", argv[1]);
-+ return bt_shell_noninteractive_quit(EXIT_FAILURE);
-+ }
-+
-+ filter.set = false;
-+}
-+
- static void filter_clear_uuids(void)
- {
- g_strfreev(filter.uuids);
-@@ -2510,6 +2536,9 @@ static const struct bt_shell_menu scan_menu = {
- { "duplicate-data", "[on/off]", cmd_scan_filter_duplicate_data,
- "Set/Get duplicate data filter",
- NULL },
-+ { "discoverable", "[on/off]", cmd_scan_filter_discoverable,
-+ "Set/Get discoverable filter",
-+ NULL },
- { "clear", "[uuids/rssi/pathloss/transport/duplicate-data]",
- cmd_scan_filter_clear,
- "Clears discovery filter.",
---
-2.17.1
-Subject: [PATCH BlueZ 4/5] client: Add scan.clear discoverable
-From: Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
-Date: 2018-07-26 14:17:22
-Message-ID: 20180726141723.20199-4-luiz.dentz () gmail ! com
-[Download RAW message or body]
-
-From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-
-This implements scan.clear for discoverable filter.
----
- client/main.c | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/client/main.c b/client/main.c
-index 6e6f6d2fb..1a66a3ab4 100644
---- a/client/main.c
-+++ b/client/main.c
-@@ -1416,6 +1416,11 @@ static void filter_clear_duplicate(void)
- filter.duplicate = false;
- }
-
-+static void filter_clear_discoverable(void)
-+{
-+ filter.discoverable = false;
-+}
-+
- struct clear_entry {
- const char *name;
- void (*clear) (void);
-@@ -1427,6 +1432,7 @@ static const struct clear_entry filter_clear[] = {
- { "pathloss", filter_clear_pathloss },
- { "transport", filter_clear_transport },
- { "duplicate-data", filter_clear_duplicate },
-+ { "discoverable", filter_clear_discoverable },
- {}
- };
-
-@@ -2539,7 +2545,8 @@ static const struct bt_shell_menu scan_menu = {
- { "discoverable", "[on/off]", cmd_scan_filter_discoverable,
- "Set/Get discoverable filter",
- NULL },
-- { "clear", "[uuids/rssi/pathloss/transport/duplicate-data]",
-+ { "clear",
-+ "[uuids/rssi/pathloss/transport/duplicate-data/discoverable]",
- cmd_scan_filter_clear,
- "Clears discovery filter.",
- filter_clear_generator },
---
-2.17.1
-Subject: [PATCH BlueZ 5/5] adapter: Fix not keeping discovery filters
-From: Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
-Date: 2018-07-26 14:17:23
-Message-ID: 20180726141723.20199-5-luiz.dentz () gmail ! com
-[Download RAW message or body]
-
-From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-
-If the discovery has been stopped and the client has set filters those
-should be put back into filter list since the client may still be
-interested in using them the next time it start a scanning.
----
- src/adapter.c | 25 ++++++++++++++++---------
- 1 file changed, 16 insertions(+), 9 deletions(-)
-
-diff --git a/src/adapter.c b/src/adapter.c
-index bd9edddc6..822bd3472 100644
---- a/src/adapter.c
-+++ b/src/adapter.c
-@@ -1854,7 +1854,7 @@ static bool set_filtered_discoverable(struct btd_adapter *adapter, bool enable)
- return set_discoverable(adapter, enable, 0);
- }
-
--static void discovery_remove(struct watch_client *client)
-+static void discovery_remove(struct watch_client *client, bool exit)
- {
- struct btd_adapter *adapter = client->adapter;
-
-@@ -1882,7 +1882,11 @@ static void discovery_remove(struct watch_client *client)
- set_filtered_discoverable(adapter, false);
- }
-
-- discovery_free(client);
-+ if (!exit && client->discovery_filter)
-+ adapter->set_filter_list = g_slist_prepend(
-+ adapter->set_filter_list, client);
-+ else
-+ discovery_free(client);
-
- /*
- * If there are other client discoveries in progress, then leave
-@@ -1911,8 +1915,11 @@ static void stop_discovery_complete(uint8_t status, uint16_t length,
- goto done;
- }
-
-- if (client->msg)
-+ if (client->msg) {
- g_dbus_send_reply(dbus_conn, client->msg, DBUS_TYPE_INVALID);
-+ dbus_message_unref(client->msg);
-+ client->msg = NULL;
-+ }
-
- adapter->discovery_type = 0x00;
- adapter->discovery_enable = 0x00;
-@@ -1925,7 +1932,7 @@ static void stop_discovery_complete(uint8_t status, uint16_t length,
- trigger_passive_scanning(adapter);
-
- done:
-- discovery_remove(client);
-+ discovery_remove(client, false);
- }
-
- static int compare_sender(gconstpointer a, gconstpointer b)
-@@ -2146,14 +2153,14 @@ static int update_discovery_filter(struct btd_adapter *adapter)
- return -EINPROGRESS;
- }
-
--static int discovery_stop(struct watch_client *client)
-+static int discovery_stop(struct watch_client *client, bool exit)
- {
- struct btd_adapter *adapter = client->adapter;
- struct mgmt_cp_stop_discovery cp;
-
- /* Check if there are more client discovering */
- if (g_slist_next(adapter->discovery_list)) {
-- discovery_remove(client);
-+ discovery_remove(client, exit);
- update_discovery_filter(adapter);
- return 0;
- }
-@@ -2163,7 +2170,7 @@ static int discovery_stop(struct watch_client *client)
- * and so it is enough to send out the signal and just return.
- */
- if (adapter->discovery_enable == 0x00) {
-- discovery_remove(client);
-+ discovery_remove(client, exit);
- adapter->discovering = false;
- g_dbus_emit_property_changed(dbus_conn, adapter->path,
- ADAPTER_INTERFACE, "Discovering");
-@@ -2188,7 +2195,7 @@ static void discovery_disconnect(DBusConnection *conn, void *user_data)
-
- DBG("owner %s", client->owner);
-
-- discovery_stop(client);
-+ discovery_stop(client, true);
- }
-
- /*
-@@ -2586,7 +2593,7 @@ static DBusMessage *stop_discovery(DBusConnection *conn,
- if (client->msg)
- return btd_error_busy(msg);
-
-- err = discovery_stop(client);
-+ err = discovery_stop(client, false);
- switch (err) {
- case 0:
- return dbus_message_new_method_return(msg);
---
-2.17.1
diff --git a/external/poky/meta/recipes-connectivity/bluez5/bluez5/out-of-tree.patch b/external/poky/meta/recipes-connectivity/bluez5/bluez5/out-of-tree.patch
deleted file mode 100644
index 3ee79d70..00000000
--- a/external/poky/meta/recipes-connectivity/bluez5/bluez5/out-of-tree.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From ed55b49a226ca3909f52416be2ae5ce1c5ca2cb2 Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@intel.com>
-Date: Fri, 22 Apr 2016 15:40:37 +0100
-Subject: [PATCH] Makefile.obexd: add missing mkdir in builtin.h generation
-
-In parallel out-of-tree builds it's possible that obexd/src/builtin.h is
-generated before the target directory has been implicitly created. Solve this by
-creating the directory before writing into it.
-
-Upstream-Status: Submitted
-Signed-off-by: Ross Burton <ross.burton@intel.com>
----
- Makefile.obexd | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/Makefile.obexd b/Makefile.obexd
-index 2e33cbc..c8286f0 100644
---- a/Makefile.obexd
-+++ b/Makefile.obexd
-@@ -105,2 +105,3 @@ obexd/src/plugin.$(OBJEXT): obexd/src/builtin.h
- obexd/src/builtin.h: obexd/src/genbuiltin $(obexd_builtin_sources)
-+ $(AM_V_at)$(MKDIR_P) $(dir $@)
- $(AM_V_GEN)$(srcdir)/obexd/src/genbuiltin $(obexd_builtin_modules) > $@
---
-2.8.0.rc3
-
diff --git a/external/poky/meta/recipes-connectivity/bluez5/bluez5/run-ptest b/external/poky/meta/recipes-connectivity/bluez5/bluez5/run-ptest
index 21df00c3..0335e68e 100644
--- a/external/poky/meta/recipes-connectivity/bluez5/bluez5/run-ptest
+++ b/external/poky/meta/recipes-connectivity/bluez5/bluez5/run-ptest
@@ -6,7 +6,7 @@ failed=0
all=0
for f in test-*; do
- "./$f"
+ "./$f" -q
case "$?" in
0)
echo "PASS: $f"
diff --git a/external/poky/meta/recipes-connectivity/bluez5/bluez5_5.50.bb b/external/poky/meta/recipes-connectivity/bluez5/bluez5_5.54.bb
index 66271432..260eee14 100644
--- a/external/poky/meta/recipes-connectivity/bluez5/bluez5_5.50.bb
+++ b/external/poky/meta/recipes-connectivity/bluez5/bluez5_5.54.bb
@@ -1,9 +1,7 @@
require bluez5.inc
-REQUIRED_DISTRO_FEATURES = "bluez5"
-
-SRC_URI[md5sum] = "8e35c67c81a55d3ad4c9f22280dae178"
-SRC_URI[sha256sum] = "5ffcaae18bbb6155f1591be8c24898dc12f062075a40b538b745bfd477481911"
+SRC_URI[md5sum] = "e637feb2dbb7582bbbff1708367a847c"
+SRC_URI[sha256sum] = "68cdab9e63e8832b130d5979dc8c96fdb087b31278f342874d992af3e56656dc"
# noinst programs in Makefile.tools that are conditional on READLINE
# support
diff --git a/external/poky/meta/recipes-connectivity/connman/connman-gnome_0.7.bb b/external/poky/meta/recipes-connectivity/connman/connman-gnome_0.7.bb
index a56bd375..778bf501 100644
--- a/external/poky/meta/recipes-connectivity/connman/connman-gnome_0.7.bb
+++ b/external/poky/meta/recipes-connectivity/connman/connman-gnome_0.7.bb
@@ -20,7 +20,7 @@ SRC_URI = "git://github.com/connectivity/connman-gnome.git \
S = "${WORKDIR}/git"
-inherit autotools-brokensep gtk-icon-cache pkgconfig distro_features_check
+inherit autotools-brokensep gtk-icon-cache pkgconfig features_check
ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}"
RDEPENDS_${PN} = "connman"
diff --git a/external/poky/meta/recipes-connectivity/connman/connman.inc b/external/poky/meta/recipes-connectivity/connman/connman.inc
index 2b03f9cb..55e5bf97 100644
--- a/external/poky/meta/recipes-connectivity/connman/connman.inc
+++ b/external/poky/meta/recipes-connectivity/connman/connman.inc
@@ -13,9 +13,9 @@ LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \
file://src/main.c;beginline=1;endline=20;md5=486a279a6ab0c8d152bcda3a5b5edc36"
-inherit autotools pkgconfig systemd update-rc.d bluetooth update-alternatives
+inherit autotools pkgconfig systemd update-rc.d update-alternatives
-DEPENDS = "dbus glib-2.0 ppp readline"
+DEPENDS = "dbus glib-2.0 ppp"
INC_PR = "r20"
@@ -27,13 +27,11 @@ EXTRA_OECONF += "\
--enable-ethernet \
--enable-tools \
--disable-polkit \
- --enable-client \
"
-PACKAGECONFIG ??= "wispr \
+PACKAGECONFIG ??= "wispr iptables client\
${@bb.utils.filter('DISTRO_FEATURES', '3g systemd wifi', d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \
- iptables \
"
# If you want ConnMan to support VPN, add following statement into
@@ -42,7 +40,7 @@ PACKAGECONFIG ??= "wispr \
PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_unitdir}/system/ --with-tmpfilesdir=${sysconfdir}/tmpfiles.d/,--with-systemdunitdir='' --with-tmpfilesdir=''"
PACKAGECONFIG[wifi] = "--enable-wifi, --disable-wifi, wpa-supplicant, wpa-supplicant"
-PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, ${BLUEZ}, ${BLUEZ}"
+PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, bluez5, bluez5"
PACKAGECONFIG[3g] = "--enable-ofono, --disable-ofono, ofono, ofono"
PACKAGECONFIG[tist] = "--enable-tist,--disable-tist,"
PACKAGECONFIG[openvpn] = "--enable-openvpn --with-openvpn=${sbindir}/openvpn,--disable-openvpn,,openvpn"
@@ -51,14 +49,16 @@ PACKAGECONFIG[l2tp] = "--enable-l2tp --with-l2tp=${sbindir}/xl2tpd,--disable-l2t
PACKAGECONFIG[pptp] = "--enable-pptp --with-pptp=${sbindir}/pptp,--disable-pptp,,pptp-linux"
# WISPr support for logging into hotspots, requires TLS
PACKAGECONFIG[wispr] = "--enable-wispr,--disable-wispr,gnutls,"
-PACKAGECONFIG[nftables] = "--with-firewall=nftables ,,libmnl libnftnl,,kernel-module-nf-tables-ipv4 kernel-module-nft-chain-nat-ipv4 kernel-module-nft-chain-route-ipv4 kernel-module-nft-meta kernel-module-nft-masq-ipv4 kernel-module-nft-nat"
+PACKAGECONFIG[nftables] = "--with-firewall=nftables ,,libmnl libnftnl,,kernel-module-nf-tables kernel-module-nft-chain-nat-ipv4 kernel-module-nft-chain-route-ipv4 kernel-module-nft-masq-ipv4 kernel-module-nft-nat"
PACKAGECONFIG[iptables] = "--with-firewall=iptables ,,iptables,iptables"
+PACKAGECONFIG[nfc] = "--enable-neard, --disable-neard, neard, neard"
+PACKAGECONFIG[client] = "--enable-client,--disable-client,readline"
INITSCRIPT_NAME = "connman"
INITSCRIPT_PARAMS = "start 05 5 2 3 . stop 22 0 1 6 ."
python __anonymous () {
- systemd_packages = "${PN}"
+ systemd_packages = "${PN} ${PN}-wait-online"
pkgconfig = d.getVar('PACKAGECONFIG')
if ('openvpn' or 'vpnc' or 'l2tp' or 'pptp') in pkgconfig.split():
systemd_packages += " ${PN}-vpn"
@@ -86,7 +86,6 @@ do_install_append() {
if [ -e ${B}/tools/wispr ]; then
install -m 0755 ${B}/tools/wispr ${D}${bindir}
fi
- install -m 0755 ${B}/client/connmanctl ${D}${bindir}
# We don't need to package an empty directory
rmdir --ignore-fail-on-non-empty ${D}${libdir}/connman/scripts
@@ -133,14 +132,14 @@ python populate_packages_prepend() {
add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, False)
plugin_dir = d.expand('${libdir}/connman/plugins/')
plugin_name = d.expand('${PN}-plugin-%s')
- do_split_packages(d, plugin_dir, '^(.*).so$', plugin_name, \
+ do_split_packages(d, plugin_dir, r'^(.*).so$', plugin_name, \
'${PN} plugin for %s', extra_depends='', hook=hook, prepend=True )
hook = lambda file,pkg,x,y,z: \
add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, True)
plugin_dir = d.expand('${libdir}/connman/plugins-vpn/')
plugin_name = d.expand('${PN}-plugin-vpn-%s')
- do_split_packages(d, plugin_dir, '^(.*).so$', plugin_name, \
+ do_split_packages(d, plugin_dir, r'^(.*).so$', plugin_name, \
'${PN} VPN plugin for %s', extra_depends='', hook=hook, prepend=True )
}
@@ -156,7 +155,7 @@ RDEPENDS_${PN}-client ="${PN}"
FILES_${PN} = "${bindir}/* ${sbindir}/* ${libexecdir}/* ${libdir}/lib*.so.* \
${libdir}/connman/plugins \
- ${sysconfdir} ${sharedstatedir} ${localstatedir} \
+ ${sysconfdir} ${sharedstatedir} ${localstatedir} ${datadir} \
${base_bindir}/* ${base_sbindir}/* ${base_libdir}/*.so* ${datadir}/${PN} \
${datadir}/dbus-1/system-services/* \
${sysconfdir}/tmpfiles.d/connman_resolvconf.conf"
@@ -195,7 +194,8 @@ SUMMARY_${PN}-plugin-vpn-vpnc = "A vpnc plugin for ConnMan VPN"
DESCRIPTION_${PN}-plugin-vpn-vpnc = "The ConnMan vpnc plugin uses vpnc client \
to create a VPN connection to Cisco3000 VPN Concentrator."
FILES_${PN}-plugin-vpn-vpnc += "${libdir}/connman/scripts/openconnect-script \
- ${libdir}/connman/plugins-vpn/vpnc.so"
+ ${libdir}/connman/plugins-vpn/vpnc.so \
+ ${libdir}/connman/scripts/vpn-script"
RDEPENDS_${PN}-plugin-vpn-vpnc += "${PN}-vpn"
RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','vpnc','${PN}-plugin-vpn-vpnc', '', d)}"
diff --git a/external/poky/meta/recipes-connectivity/connman/connman/0001-giognutls-Fix-a-crash-using-wispr-over-TLS.patch b/external/poky/meta/recipes-connectivity/connman/connman/0001-giognutls-Fix-a-crash-using-wispr-over-TLS.patch
deleted file mode 100644
index f9080d4b..00000000
--- a/external/poky/meta/recipes-connectivity/connman/connman/0001-giognutls-Fix-a-crash-using-wispr-over-TLS.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 929fc9b7068100444e0ffcccd25841f78791e619 Mon Sep 17 00:00:00 2001
-From: Jian Liang <jianliang@tycoint.com>
-Date: Fri, 15 Sep 2017 06:40:08 -0400
-Subject: [PATCH] gweb: Fix a crash using wispr over TLS
-To: connman@lists.01.org
-Cc: wagi@monom.org
-
-When gnutls_channel is instantiated, the gnutls_channel->established
-has to be initiated as FALSE. Otherwise, check_handshake function
-won't work. A random initial value 1 of gnutls_channel->established
-will make check_handshake return G_IO_STATUS_NORMAL, when the channel
-is actually not ready to be used. The observed behaviours are,
-
-- wispr is getting random errors in wispr_portal_web_result
-- ConnMan crashes on exit after those random errors
-- when wispr is luckly working, ConnMan doesn't crash on exit
-
-Signed-off-by: Jian Liang <jianliang@tycoint.com>
-
----
-Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=73e53f3bd9e7debae86341f1eee7b97862a56a5e]
-Signed-off-by: André Draszik <andre.draszik@jci.com>
- gweb/giognutls.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/gweb/giognutls.c b/gweb/giognutls.c
-index 09dc9e7..c029a8b 100644
---- a/gweb/giognutls.c
-+++ b/gweb/giognutls.c
-@@ -421,7 +421,7 @@ GIOChannel *g_io_channel_gnutls_new(int fd)
-
- DBG("");
-
-- gnutls_channel = g_new(GIOGnuTLSChannel, 1);
-+ gnutls_channel = g_new0(GIOGnuTLSChannel, 1);
-
- channel = (GIOChannel *) gnutls_channel;
-
---
-2.7.4
-
diff --git a/external/poky/meta/recipes-connectivity/connman/connman/0001-gweb-fix-segfault-with-musl-v1.1.21.patch b/external/poky/meta/recipes-connectivity/connman/connman/0001-gweb-fix-segfault-with-musl-v1.1.21.patch
new file mode 100644
index 00000000..30f1432c
--- /dev/null
+++ b/external/poky/meta/recipes-connectivity/connman/connman/0001-gweb-fix-segfault-with-musl-v1.1.21.patch
@@ -0,0 +1,34 @@
+From f0a8c69971b30ea7ca255bb885fdd1179fa5d298 Mon Sep 17 00:00:00 2001
+From: Nicola Lunghi <nick83ola@gmail.com>
+Date: Thu, 23 May 2019 07:55:25 +0100
+Subject: [PATCH] gweb: fix segfault with musl v1.1.21
+
+In musl > v1.1.21 freeaddrinfo() implementation changed and
+was causing a segmentation fault on recent Yocto using musl.
+
+See this commit:
+
+ https://git.musl-libc.org/cgit/musl/commit/src/network/freeaddrinfo.c?id=d1395c43c019aec6b855cf3c656bf47c8a719e7f
+
+Upstream-Status: Submitted
+---
+ gweb/gweb.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/gweb/gweb.c b/gweb/gweb.c
+index 393afe0a..12fcb1d8 100644
+--- a/gweb/gweb.c
++++ b/gweb/gweb.c
+@@ -1274,7 +1274,8 @@ static bool is_ip_address(const char *host)
+ addr = NULL;
+
+ result = getaddrinfo(host, NULL, &hints, &addr);
+- freeaddrinfo(addr);
++ if(!result)
++ freeaddrinfo(addr);
+
+ return result == 0;
+ }
+--
+2.19.1
+
diff --git a/external/poky/meta/recipes-connectivity/connman/connman/0001-inet-Add-prefixlen-to-iproute_default_function.patch b/external/poky/meta/recipes-connectivity/connman/connman/0001-inet-Add-prefixlen-to-iproute_default_function.patch
deleted file mode 100644
index dd7b3567..00000000
--- a/external/poky/meta/recipes-connectivity/connman/connman/0001-inet-Add-prefixlen-to-iproute_default_function.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From 508dc60a1f0758ebc586b6b086478a176d493086 Mon Sep 17 00:00:00 2001
-From: Jian Liang <jianliang@tycoint.com>
-Date: Thu, 5 Oct 2017 09:34:41 +0100
-Subject: [PATCH 1/4] inet: Add prefixlen to iproute_default_function
-To: connman@lists.01.org
-Cc: wagi@monom.org
-
-Add prefixlen parameter to this function in preparation for using
-it also in creating subnet route later, e.g.
-
-default via 192.168.100.1 dev eth0
-192.168.100.0/24 dev eth0
-
-Signed-off-by: Jian Liang <jianliang@tycoint.com>
-
----
-Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=edda5b695de2ee79f02314abc9b46fdd46b388e1]
-Signed-off-by: André Draszik <andre.draszik@jci.com>
- src/inet.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/src/inet.c b/src/inet.c
-index b887aa0..ab8aec8 100644
---- a/src/inet.c
-+++ b/src/inet.c
-@@ -2796,7 +2796,7 @@ int __connman_inet_del_fwmark_rule(uint32_t table_id, int family, uint32_t fwmar
- }
-
- static int iproute_default_modify(int cmd, uint32_t table_id, int ifindex,
-- const char *gateway)
-+ const char *gateway, unsigned char prefixlen)
- {
- struct __connman_inet_rtnl_handle rth;
- unsigned char buf[sizeof(struct in6_addr)];
-@@ -2829,6 +2829,7 @@ static int iproute_default_modify(int cmd, uint32_t table_id, int ifindex,
- rth.req.u.r.rt.rtm_protocol = RTPROT_BOOT;
- rth.req.u.r.rt.rtm_scope = RT_SCOPE_UNIVERSE;
- rth.req.u.r.rt.rtm_type = RTN_UNICAST;
-+ rth.req.u.r.rt.rtm_dst_len = prefixlen;
-
- __connman_inet_rtnl_addattr_l(&rth.req.n, sizeof(rth.req), RTA_GATEWAY,
- buf, len);
-@@ -2860,7 +2861,7 @@ int __connman_inet_add_default_to_table(uint32_t table_id, int ifindex,
- {
- /* ip route add default via 1.2.3.4 dev wlan0 table 1234 */
-
-- return iproute_default_modify(RTM_NEWROUTE, table_id, ifindex, gateway);
-+ return iproute_default_modify(RTM_NEWROUTE, table_id, ifindex, gateway, 0);
- }
-
- int __connman_inet_del_default_from_table(uint32_t table_id, int ifindex,
-@@ -2868,7 +2869,7 @@ int __connman_inet_del_default_from_table(uint32_t table_id, int ifindex,
- {
- /* ip route del default via 1.2.3.4 dev wlan0 table 1234 */
-
-- return iproute_default_modify(RTM_DELROUTE, table_id, ifindex, gateway);
-+ return iproute_default_modify(RTM_DELROUTE, table_id, ifindex, gateway, 0);
- }
-
- int __connman_inet_get_interface_ll_address(int index, int family,
---
-2.7.4
-
diff --git a/external/poky/meta/recipes-connectivity/connman/connman/0001-session-Keep-track-of-addr-in-fw_snat-session.patch b/external/poky/meta/recipes-connectivity/connman/connman/0001-session-Keep-track-of-addr-in-fw_snat-session.patch
deleted file mode 100644
index f1b4d0aa..00000000
--- a/external/poky/meta/recipes-connectivity/connman/connman/0001-session-Keep-track-of-addr-in-fw_snat-session.patch
+++ /dev/null
@@ -1,112 +0,0 @@
-From b5fd5945886fa1845db5c969424b63d894fe0376 Mon Sep 17 00:00:00 2001
-From: Jian Liang <jianliang@tycoint.com>
-Date: Fri, 25 Aug 2017 10:02:16 -0400
-Subject: [PATCH 1/2] session: Keep track of addr in fw_snat & session
-To: connman@lists.01.org
-Cc: wagi@monom.org
-
-When there is more than one session in fw_snat's list of sessions,
-fw_snat failed to be re-created when update-session-state is triggered
-with new IP address. This is because index alone is not sufficient to
-decide if fw_snat needs to be re-created. The solution here is to keep
-a track of IP addr and use it to avoid false lookup of fw_snat.
-
-Signed-off-by: Jian Liang <jianliang@tycoint.com>
-
----
-Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=f9e27d4abfcab5c80a38e0850b5ddb26277f97c1]
-Signed-off-by: André Draszik <andre.draszik@jci.com>
- src/session.c | 19 +++++++++++++++----
- 1 file changed, 15 insertions(+), 4 deletions(-)
-
-diff --git a/src/session.c b/src/session.c
-index 9e3c559..965ac06 100644
---- a/src/session.c
-+++ b/src/session.c
-@@ -65,6 +65,7 @@ struct connman_session {
- struct firewall_context *fw;
- uint32_t mark;
- int index;
-+ char *addr;
- char *gateway;
- bool policy_routing;
- bool snat_enabled;
-@@ -79,6 +80,7 @@ struct fw_snat {
- GSList *sessions;
- int id;
- int index;
-+ char *addr;
- struct firewall_context *fw;
- };
-
-@@ -200,7 +202,7 @@ static char *service2bearer(enum connman_service_type type)
- return "";
- }
-
--static struct fw_snat *fw_snat_lookup(int index)
-+static struct fw_snat *fw_snat_lookup(int index, const char *addr)
- {
- struct fw_snat *fw_snat;
- GSList *list;
-@@ -208,8 +210,11 @@ static struct fw_snat *fw_snat_lookup(int index)
- for (list = fw_snat_list; list; list = list->next) {
- fw_snat = list->data;
-
-- if (fw_snat->index == index)
-+ if (fw_snat->index == index) {
-+ if (g_strcmp0(addr, fw_snat->addr) != 0)
-+ continue;
- return fw_snat;
-+ }
- }
- return NULL;
- }
-@@ -224,6 +229,7 @@ static int fw_snat_create(struct connman_session *session,
-
- fw_snat->fw = __connman_firewall_create();
- fw_snat->index = index;
-+ fw_snat->addr = g_strdup(addr);
-
- fw_snat->id = __connman_firewall_enable_snat(fw_snat->fw,
- index, ifname, addr);
-@@ -238,6 +244,7 @@ static int fw_snat_create(struct connman_session *session,
- return 0;
- err:
- __connman_firewall_destroy(fw_snat->fw);
-+ g_free(fw_snat->addr);
- g_free(fw_snat);
- return err;
- }
-@@ -393,7 +400,7 @@ static void del_nat_rules(struct connman_session *session)
- return;
-
- session->snat_enabled = false;
-- fw_snat = fw_snat_lookup(session->index);
-+ fw_snat = fw_snat_lookup(session->index, session->addr);
-
- if (!fw_snat)
- return;
-@@ -420,8 +427,11 @@ static void add_nat_rules(struct connman_session *session)
- if (!addr)
- return;
-
-+ g_free(session->addr);
-+ session->addr = g_strdup(addr);
-+
- session->snat_enabled = true;
-- fw_snat = fw_snat_lookup(index);
-+ fw_snat = fw_snat_lookup(index, session->addr);
- if (fw_snat) {
- fw_snat_ref(session, fw_snat);
- return;
-@@ -502,6 +512,7 @@ static void free_session(struct connman_session *session)
- g_free(session->info);
- g_free(session->info_last);
- g_free(session->gateway);
-+ g_free(session->addr);
-
- g_free(session);
- }
---
-2.7.4
-
diff --git a/external/poky/meta/recipes-connectivity/connman/connman/0002-inet-Implement-subnet-route-creation-deletion-in-ipr.patch b/external/poky/meta/recipes-connectivity/connman/connman/0002-inet-Implement-subnet-route-creation-deletion-in-ipr.patch
deleted file mode 100644
index 9c953e5d..00000000
--- a/external/poky/meta/recipes-connectivity/connman/connman/0002-inet-Implement-subnet-route-creation-deletion-in-ipr.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From 08cda4004491d3971a8b9df937426c43800d15b1 Mon Sep 17 00:00:00 2001
-From: Jian Liang <jianliang@tycoint.com>
-Date: Thu, 5 Oct 2017 09:37:06 +0100
-Subject: [PATCH 2/4] inet: Implement subnet route creation/deletion in
- iproute_default_modify
-To: connman@lists.01.org
-Cc: wagi@monom.org
-
-- Calculate subnet address base on gateway address and prefixlen
-- Differentiate creation of routes to gateway and subnet
-
-Signed-off-by: Jian Liang <jianliang@tycoint.com>
-
----
-Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=ff7dcf91f12a2a237feebc6e606d0a8e92975528]
-Signed-off-by: André Draszik <andre.draszik@jci.com>
- src/inet.c | 22 +++++++++++++++++++---
- 1 file changed, 19 insertions(+), 3 deletions(-)
-
-diff --git a/src/inet.c b/src/inet.c
-index ab8aec8..0ddb030 100644
---- a/src/inet.c
-+++ b/src/inet.c
-@@ -2802,6 +2802,9 @@ static int iproute_default_modify(int cmd, uint32_t table_id, int ifindex,
- unsigned char buf[sizeof(struct in6_addr)];
- int ret, len;
- int family = connman_inet_check_ipaddress(gateway);
-+ char *dst = NULL;
-+
-+ DBG("gateway %s/%u table %u", gateway, prefixlen, table_id);
-
- switch (family) {
- case AF_INET:
-@@ -2814,7 +2817,19 @@ static int iproute_default_modify(int cmd, uint32_t table_id, int ifindex,
- return -EINVAL;
- }
-
-- ret = inet_pton(family, gateway, buf);
-+ if (prefixlen) {
-+ struct in_addr ipv4_subnet_addr, ipv4_mask;
-+
-+ memset(&ipv4_subnet_addr, 0, sizeof(ipv4_subnet_addr));
-+ ipv4_mask.s_addr = htonl((0xffffffff << (32 - prefixlen)) & 0xffffffff);
-+ ipv4_subnet_addr.s_addr = inet_addr(gateway);
-+ ipv4_subnet_addr.s_addr &= ipv4_mask.s_addr;
-+
-+ dst = g_strdup(inet_ntoa(ipv4_subnet_addr));
-+ }
-+
-+ ret = inet_pton(family, dst ? dst : gateway, buf);
-+ g_free(dst);
- if (ret <= 0)
- return -EINVAL;
-
-@@ -2831,8 +2846,9 @@ static int iproute_default_modify(int cmd, uint32_t table_id, int ifindex,
- rth.req.u.r.rt.rtm_type = RTN_UNICAST;
- rth.req.u.r.rt.rtm_dst_len = prefixlen;
-
-- __connman_inet_rtnl_addattr_l(&rth.req.n, sizeof(rth.req), RTA_GATEWAY,
-- buf, len);
-+ __connman_inet_rtnl_addattr_l(&rth.req.n, sizeof(rth.req),
-+ prefixlen > 0 ? RTA_DST : RTA_GATEWAY, buf, len);
-+
- if (table_id < 256) {
- rth.req.u.r.rt.rtm_table = table_id;
- } else {
---
-2.7.4
-
diff --git a/external/poky/meta/recipes-connectivity/connman/connman/0003-inet-Implement-APIs-for-creating-and-deleting-subnet.patch b/external/poky/meta/recipes-connectivity/connman/connman/0003-inet-Implement-APIs-for-creating-and-deleting-subnet.patch
deleted file mode 100644
index 56ba5c3f..00000000
--- a/external/poky/meta/recipes-connectivity/connman/connman/0003-inet-Implement-APIs-for-creating-and-deleting-subnet.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From a9243f13d6e1aadd69bfcc27f75f69c38be51677 Mon Sep 17 00:00:00 2001
-From: Jian Liang <jianliang@tycoint.com>
-Date: Wed, 4 Oct 2017 17:30:17 +0100
-Subject: [PATCH 3/4] inet: Implement APIs for creating and deleting subnet
- route
-To: connman@lists.01.org
-Cc: wagi@monom.org
-
-Signed-off-by: Jian Liang <jianliang@tycoint.com>
-
----
-Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=3a15b0b7fccd053aff91da2cc68585509d0c509b]
-Signed-off-by: André Draszik <andre.draszik@jci.com>
- src/connman.h | 4 ++++
- src/inet.c | 14 ++++++++++++++
- 2 files changed, 18 insertions(+)
-
-diff --git a/src/connman.h b/src/connman.h
-index 21b7080..da4446a 100644
---- a/src/connman.h
-+++ b/src/connman.h
-@@ -240,7 +240,11 @@ int __connman_inet_rtnl_addattr32(struct nlmsghdr *n, size_t maxlen,
- int __connman_inet_add_fwmark_rule(uint32_t table_id, int family, uint32_t fwmark);
- int __connman_inet_del_fwmark_rule(uint32_t table_id, int family, uint32_t fwmark);
- int __connman_inet_add_default_to_table(uint32_t table_id, int ifindex, const char *gateway);
-+int __connman_inet_add_subnet_to_table(uint32_t table_id, int ifindex,
-+ const char *gateway, unsigned char prefixlen);
- int __connman_inet_del_default_from_table(uint32_t table_id, int ifindex, const char *gateway);
-+int __connman_inet_del_subnet_from_table(uint32_t table_id, int ifindex,
-+ const char *gateway, unsigned char prefixlen);
- int __connman_inet_get_address_netmask(int ifindex,
- struct sockaddr_in *address, struct sockaddr_in *netmask);
-
-diff --git a/src/inet.c b/src/inet.c
-index 0ddb030..dcd1ab2 100644
---- a/src/inet.c
-+++ b/src/inet.c
-@@ -2880,6 +2880,13 @@ int __connman_inet_add_default_to_table(uint32_t table_id, int ifindex,
- return iproute_default_modify(RTM_NEWROUTE, table_id, ifindex, gateway, 0);
- }
-
-+int __connman_inet_add_subnet_to_table(uint32_t table_id, int ifindex,
-+ const char *gateway, unsigned char prefixlen)
-+{
-+ /* ip route add 1.2.3.4/24 dev eth0 table 1234 */
-+ return iproute_default_modify(RTM_NEWROUTE, table_id, ifindex, gateway, prefixlen);
-+}
-+
- int __connman_inet_del_default_from_table(uint32_t table_id, int ifindex,
- const char *gateway)
- {
-@@ -2888,6 +2895,13 @@ int __connman_inet_del_default_from_table(uint32_t table_id, int ifindex,
- return iproute_default_modify(RTM_DELROUTE, table_id, ifindex, gateway, 0);
- }
-
-+int __connman_inet_del_subnet_from_table(uint32_t table_id, int ifindex,
-+ const char *gateway, unsigned char prefixlen)
-+{
-+ /* ip route del 1.2.3.4/24 dev eth0 table 1234 */
-+ return iproute_default_modify(RTM_DELROUTE, table_id, ifindex, gateway, prefixlen);
-+}
-+
- int __connman_inet_get_interface_ll_address(int index, int family,
- void *address)
- {
---
-2.7.4
-
diff --git a/external/poky/meta/recipes-connectivity/connman/connman/0004-session-Use-subnet-route-creation-and-deletion-APIs.patch b/external/poky/meta/recipes-connectivity/connman/connman/0004-session-Use-subnet-route-creation-and-deletion-APIs.patch
deleted file mode 100644
index ca213eb1..00000000
--- a/external/poky/meta/recipes-connectivity/connman/connman/0004-session-Use-subnet-route-creation-and-deletion-APIs.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-From deb9372db8396da4f7cd20555ce7c9a8b3ad96bd Mon Sep 17 00:00:00 2001
-From: Jian Liang <jianliang@tycoint.com>
-Date: Fri, 6 Oct 2017 11:40:16 +0100
-Subject: [PATCH 4/4] session: Use subnet route creation and deletion APIs
-To: connman@lists.01.org
-Cc: wagi@monom.org
-
-As subnet route is address and session specific in this case, so add
-prefixlen into struct connman_session, and update it along with ipconfig.
-Then use it in subnet route related APIs.
-
-Signed-off-by: Jian Liang <jianliang@tycoint.com>
-
----
-Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=285f25ef6cc9e4a43dab83523f3e2eab4365ac26]
-Signed-off-by: André Draszik <andre.draszik@jci.com>
- src/session.c | 20 ++++++++++++++++----
- 1 file changed, 16 insertions(+), 4 deletions(-)
-
-diff --git a/src/session.c b/src/session.c
-index 965ac06..7b7a14b 100644
---- a/src/session.c
-+++ b/src/session.c
-@@ -67,6 +67,7 @@ struct connman_session {
- int index;
- char *addr;
- char *gateway;
-+ unsigned char prefixlen;
- bool policy_routing;
- bool snat_enabled;
- };
-@@ -357,13 +358,17 @@ static void del_default_route(struct connman_session *session)
- if (!session->gateway)
- return;
-
-- DBG("index %d routing table %d default gateway %s",
-- session->index, session->mark, session->gateway);
-+ DBG("index %d routing table %d default gateway %s/%u",
-+ session->index, session->mark, session->gateway, session->prefixlen);
-+
-+ __connman_inet_del_subnet_from_table(session->mark,
-+ session->index, session->gateway, session->prefixlen);
-
- __connman_inet_del_default_from_table(session->mark,
- session->index, session->gateway);
- g_free(session->gateway);
- session->gateway = NULL;
-+ session->prefixlen = 0;
- session->index = -1;
- }
-
-@@ -383,13 +388,20 @@ static void add_default_route(struct connman_session *session)
- if (!session->gateway)
- session->gateway = g_strdup(inet_ntoa(addr));
-
-- DBG("index %d routing table %d default gateway %s",
-- session->index, session->mark, session->gateway);
-+ session->prefixlen = __connman_ipconfig_get_prefixlen(ipconfig);
-+
-+ DBG("index %d routing table %d default gateway %s/%u",
-+ session->index, session->mark, session->gateway, session->prefixlen);
-
- err = __connman_inet_add_default_to_table(session->mark,
- session->index, session->gateway);
- if (err < 0)
- DBG("session %p %s", session, strerror(-err));
-+
-+ err = __connman_inet_add_subnet_to_table(session->mark,
-+ session->index, session->gateway, session->prefixlen);
-+ if (err < 0)
-+ DBG("session add subnet route %p %s", session, strerror(-err));
- }
-
- static void del_nat_rules(struct connman_session *session)
---
-2.7.4
-
diff --git a/external/poky/meta/recipes-connectivity/connman/connman/includes.patch b/external/poky/meta/recipes-connectivity/connman/connman/includes.patch
deleted file mode 100644
index 9f7395cb..00000000
--- a/external/poky/meta/recipes-connectivity/connman/connman/includes.patch
+++ /dev/null
@@ -1,417 +0,0 @@
-Fix various issues which cause problems under musl.
-
-Upstream-Status: Backport [bd1326ba7d68df38c5ccaafd2403a5fb30bd452b]
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 630516bcc0233b047f65665c003201ba6e77453d Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@intel.com>
-Date: Tue, 9 Aug 2016 16:22:36 +0100
-Subject: [PATCH 1/3] Use AC_USE_SYSTEM_EXTENSIONS
-
-Instead of using #define _GNU_SOURCE in some source files which causes problems
-when building with musl as more files need the define, simply use
-AC_USE_SYSTEM_EXTENSIONS in configure.ac to get it defined globally.
----
- configure.ac | 1 +
- gdhcp/client.c | 1 -
- plugins/tist.c | 1 -
- src/backtrace.c | 1 -
- src/inet.c | 1 -
- src/log.c | 1 -
- src/ntp.c | 1 -
- src/resolver.c | 1 -
- src/rfkill.c | 1 -
- src/stats.c | 1 -
- src/timezone.c | 1 -
- tools/stats-tool.c | 1 -
- tools/tap-test.c | 1 -
- tools/wispr.c | 1 -
- vpn/plugins/vpn.c | 1 -
- 15 files changed, 1 insertion(+), 14 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 6e66ab3..bacf5ec 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -20,6 +20,7 @@ AC_SUBST(abs_top_srcdir)
- AC_SUBST(abs_top_builddir)
-
- AC_LANG_C
-+AC_USE_SYSTEM_EXTENSIONS
-
- AC_PROG_CC
- AM_PROG_CC_C_O
-diff --git a/gdhcp/client.c b/gdhcp/client.c
-index fbb40ab..3aeb089 100644
---- a/gdhcp/client.c
-+++ b/gdhcp/client.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
-
--#define _GNU_SOURCE
- #include <stdio.h>
- #include <errno.h>
- #include <unistd.h>
-diff --git a/plugins/tist.c b/plugins/tist.c
-index ad5ef79..cc2800a 100644
---- a/plugins/tist.c
-+++ b/plugins/tist.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
-
--#define _GNU_SOURCE
- #include <stdio.h>
- #include <stdbool.h>
- #include <stdlib.h>
-diff --git a/src/backtrace.c b/src/backtrace.c
-index 6a66c0a..4dbdda8 100644
---- a/src/backtrace.c
-+++ b/src/backtrace.c
-@@ -24,7 +24,6 @@
- #include <config.h>
- #endif
-
--#define _GNU_SOURCE
- #include <stdio.h>
- #include <unistd.h>
- #include <stdlib.h>
-diff --git a/src/inet.c b/src/inet.c
-index 69ded19..81d92c2 100644
---- a/src/inet.c
-+++ b/src/inet.c
-@@ -25,7 +25,6 @@
- #include <config.h>
- #endif
-
--#define _GNU_SOURCE
- #include <stdio.h>
- #include <errno.h>
- #include <unistd.h>
-diff --git a/src/log.c b/src/log.c
-index 9bae4a3..f7e82e5 100644
---- a/src/log.c
-+++ b/src/log.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
-
--#define _GNU_SOURCE
- #include <stdio.h>
- #include <unistd.h>
- #include <stdarg.h>
-diff --git a/src/ntp.c b/src/ntp.c
-index dd246eb..db8ae96 100644
---- a/src/ntp.c
-+++ b/src/ntp.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
-
--#define _GNU_SOURCE
- #include <errno.h>
- #include <fcntl.h>
- #include <unistd.h>
-diff --git a/src/resolver.c b/src/resolver.c
-index fbe4be7..ef61f92 100644
---- a/src/resolver.c
-+++ b/src/resolver.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
-
--#define _GNU_SOURCE
- #include <stdio.h>
- #include <errno.h>
- #include <fcntl.h>
-diff --git a/src/rfkill.c b/src/rfkill.c
-index 2bfb092..af49d12 100644
---- a/src/rfkill.c
-+++ b/src/rfkill.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
-
--#define _GNU_SOURCE
- #include <stdio.h>
- #include <errno.h>
- #include <fcntl.h>
-diff --git a/src/stats.c b/src/stats.c
-index 26343b1..cfcdc94 100644
---- a/src/stats.c
-+++ b/src/stats.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
-
--#define _GNU_SOURCE
- #include <errno.h>
- #include <sys/mman.h>
- #include <sys/types.h>
-diff --git a/src/timezone.c b/src/timezone.c
-index e346b11..8e91267 100644
---- a/src/timezone.c
-+++ b/src/timezone.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
-
--#define _GNU_SOURCE
- #include <errno.h>
- #include <stdio.h>
- #include <fcntl.h>
-diff --git a/tools/stats-tool.c b/tools/stats-tool.c
-index b076478..428d94b 100644
---- a/tools/stats-tool.c
-+++ b/tools/stats-tool.c
-@@ -22,7 +22,6 @@
- #include <config.h>
- #endif
-
--#define _GNU_SOURCE
- #include <sys/mman.h>
- #include <sys/types.h>
- #include <sys/stat.h>
-diff --git a/tools/tap-test.c b/tools/tap-test.c
-index fdc098a..57917f5 100644
---- a/tools/tap-test.c
-+++ b/tools/tap-test.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
-
--#define _GNU_SOURCE
- #include <stdio.h>
- #include <errno.h>
- #include <fcntl.h>
-diff --git a/tools/wispr.c b/tools/wispr.c
-index d5f9341..e56dfc1 100644
---- a/tools/wispr.c
-+++ b/tools/wispr.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
-
--#define _GNU_SOURCE
- #include <stdio.h>
- #include <fcntl.h>
- #include <unistd.h>
-diff --git a/vpn/plugins/vpn.c b/vpn/plugins/vpn.c
-index 9a42385..479c3a7 100644
---- a/vpn/plugins/vpn.c
-+++ b/vpn/plugins/vpn.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
-
--#define _GNU_SOURCE
- #include <string.h>
- #include <fcntl.h>
- #include <unistd.h>
---
-2.8.1
-
-
-From b8b7878e6cb2a1ed4fcfa256f7e232511a40e3d9 Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@intel.com>
-Date: Tue, 9 Aug 2016 15:37:50 +0100
-Subject: [PATCH 2/3] Check for in6_pktinfo.ipi6_addr explicitly
-
-Instead of assuming that just glibc has this structure, check for it at
-configure as musl also has it.
-
-Based on work by Khem Raj <raj.khem@gmail.com>.
----
- configure.ac | 2 ++
- gdhcp/common.h | 5 +++--
- 2 files changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index bacf5ec..ad00456 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -186,6 +186,8 @@ AC_CHECK_LIB(resolv, ns_initparse, dummy=yes, [
- AC_CHECK_HEADERS([execinfo.h])
- AM_CONDITIONAL([BACKTRACE], [test "${ac_cv_header_execinfo_h}" = "yes"])
-
-+AC_CHECK_MEMBERS([struct in6_pktinfo.ipi6_addr], [], [], [[#include <netinet/in.h>]])
-+
- AC_CHECK_FUNC(signalfd, dummy=yes,
- AC_MSG_ERROR(signalfd support is required))
-
-diff --git a/gdhcp/common.h b/gdhcp/common.h
-index 75abc18..6899499 100644
---- a/gdhcp/common.h
-+++ b/gdhcp/common.h
-@@ -19,6 +19,7 @@
- *
- */
-
-+#include <config.h>
- #include <netinet/udp.h>
- #include <netinet/ip.h>
-
-@@ -170,8 +171,8 @@ static const uint8_t dhcp_option_lengths[] = {
- [OPTION_U32] = 4,
- };
-
--/* already defined within netinet/in.h if using GNU compiler */
--#ifndef __USE_GNU
-+/* already defined within netinet/in.h if using glibc or musl */
-+#ifndef HAVE_STRUCT_IN6_PKTINFO_IPI6_ADDR
- struct in6_pktinfo {
- struct in6_addr ipi6_addr; /* src/dst IPv6 address */
- unsigned int ipi6_ifindex; /* send/recv interface index */
---
-2.8.1
-
-
-From c0726e432fa0274a2b9c70179b03df6720972816 Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@intel.com>
-Date: Tue, 9 Aug 2016 15:19:23 +0100
-Subject: [PATCH 3/3] Rationalise includes
-
-gweb/gresolv.c uses snprintf() and isspace() so it should include stdio.h and
-ctype.h.
-
-tools/dnsproxy-test uses functions from stdio.h.
-
-musl warns when sys/ headers are included when the non-sys form should be used,
-so switch sys/errno.h and so on to errno.h.
-
-musl also causes redefinition errors when pieces of the networking headers are
-included, so remove the redundant includes.
-
-Based on work by Khem Raj <raj.khem@gmail.com>.
----
- gweb/gresolv.c | 2 ++
- plugins/wifi.c | 3 +--
- src/ippool.c | 1 -
- src/iptables.c | 2 +-
- src/tethering.c | 2 --
- tools/dhcp-test.c | 1 -
- tools/dnsproxy-test.c | 1 +
- tools/private-network-test.c | 2 +-
- tools/tap-test.c | 2 +-
- 9 files changed, 7 insertions(+), 9 deletions(-)
-
-diff --git a/gweb/gresolv.c b/gweb/gresolv.c
-index 8a51a9f..d55027c 100644
---- a/gweb/gresolv.c
-+++ b/gweb/gresolv.c
-@@ -29,6 +29,7 @@
- #include <string.h>
- #include <stdlib.h>
- #include <resolv.h>
-+#include <stdio.h>
- #include <sys/types.h>
- #include <sys/socket.h>
- #include <netdb.h>
-diff --git a/plugins/wifi.c b/plugins/wifi.c
-index 9d56671..148131d 100644
---- a/plugins/wifi.c
-+++ b/plugins/wifi.c
-@@ -30,9 +30,8 @@
- #include <string.h>
- #include <sys/ioctl.h>
- #include <sys/socket.h>
--#include <linux/if_arp.h>
--#include <linux/wireless.h>
- #include <net/ethernet.h>
-+#include <linux/wireless.h>
-
- #ifndef IFF_LOWER_UP
- #define IFF_LOWER_UP 0x10000
-diff --git a/src/ippool.c b/src/ippool.c
-index cea1dcc..8a645da 100644
---- a/src/ippool.c
-+++ b/src/ippool.c
-@@ -28,7 +28,6 @@
- #include <stdio.h>
- #include <string.h>
- #include <unistd.h>
--#include <sys/errno.h>
- #include <sys/socket.h>
-
- #include "connman.h"
-diff --git a/src/iptables.c b/src/iptables.c
-index 5ef757a..82e3ac4 100644
---- a/src/iptables.c
-+++ b/src/iptables.c
-@@ -28,7 +28,7 @@
- #include <stdio.h>
- #include <string.h>
- #include <unistd.h>
--#include <sys/errno.h>
-+#include <errno.h>
- #include <sys/socket.h>
- #include <xtables.h>
- #include <inttypes.h>
-diff --git a/src/tethering.c b/src/tethering.c
-index 3153349..ad062d5 100644
---- a/src/tethering.c
-+++ b/src/tethering.c
-@@ -31,10 +31,8 @@
- #include <stdio.h>
- #include <sys/ioctl.h>
- #include <net/if.h>
--#include <linux/sockios.h>
- #include <string.h>
- #include <fcntl.h>
--#include <linux/if_tun.h>
- #include <netinet/in.h>
- #include <linux/if_bridge.h>
-
-diff --git a/tools/dhcp-test.c b/tools/dhcp-test.c
-index c34e10a..eae66fc 100644
---- a/tools/dhcp-test.c
-+++ b/tools/dhcp-test.c
-@@ -33,7 +33,6 @@
- #include <arpa/inet.h>
- #include <net/route.h>
- #include <net/ethernet.h>
--#include <linux/if_arp.h>
-
- #include <gdhcp/gdhcp.h>
-
-diff --git a/tools/dnsproxy-test.c b/tools/dnsproxy-test.c
-index 551cae9..371e2e2 100644
---- a/tools/dnsproxy-test.c
-+++ b/tools/dnsproxy-test.c
-@@ -24,6 +24,7 @@
- #endif
-
- #include <errno.h>
-+#include <stdio.h>
- #include <stdlib.h>
- #include <string.h>
- #include <unistd.h>
-diff --git a/tools/private-network-test.c b/tools/private-network-test.c
-index 3dd115b..2828bb3 100644
---- a/tools/private-network-test.c
-+++ b/tools/private-network-test.c
-@@ -32,7 +32,7 @@
- #include <stdlib.h>
- #include <string.h>
- #include <signal.h>
--#include <sys/poll.h>
-+#include <poll.h>
- #include <sys/signalfd.h>
- #include <unistd.h>
-
-diff --git a/tools/tap-test.c b/tools/tap-test.c
-index 57917f5..cb3ee62 100644
---- a/tools/tap-test.c
-+++ b/tools/tap-test.c
-@@ -28,7 +28,7 @@
- #include <fcntl.h>
- #include <unistd.h>
- #include <string.h>
--#include <sys/poll.h>
-+#include <poll.h>
- #include <sys/ioctl.h>
-
- #include <netinet/in.h>
---
-2.8.1
diff --git a/external/poky/meta/recipes-connectivity/connman/connman_1.35.bb b/external/poky/meta/recipes-connectivity/connman/connman_1.35.bb
deleted file mode 100644
index ff211811..00000000
--- a/external/poky/meta/recipes-connectivity/connman/connman_1.35.bb
+++ /dev/null
@@ -1,22 +0,0 @@
-require connman.inc
-
-SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
- file://0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch \
- file://0001-connman.service-stop-systemd-resolved-when-we-use-co.patch \
- file://connman \
- file://no-version-scripts.patch \
- file://includes.patch \
- file://0001-session-Keep-track-of-addr-in-fw_snat-session.patch \
- file://0001-giognutls-Fix-a-crash-using-wispr-over-TLS.patch \
- file://0001-inet-Add-prefixlen-to-iproute_default_function.patch \
- file://0002-inet-Implement-subnet-route-creation-deletion-in-ipr.patch \
- file://0003-inet-Implement-APIs-for-creating-and-deleting-subnet.patch \
- file://0004-session-Use-subnet-route-creation-and-deletion-APIs.patch \
- "
-SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch \
- "
-
-SRC_URI[md5sum] = "bae37b45ee9b3db5ec8115188f8a7652"
-SRC_URI[sha256sum] = "66d7deb98371545c6e417239a9b3b3e3201c1529d08eedf40afbc859842cf2aa"
-
-RRECOMMENDS_${PN} = "connman-conf"
diff --git a/external/poky/meta/recipes-connectivity/connman/connman_1.37.bb b/external/poky/meta/recipes-connectivity/connman/connman_1.37.bb
new file mode 100644
index 00000000..00852bf0
--- /dev/null
+++ b/external/poky/meta/recipes-connectivity/connman/connman_1.37.bb
@@ -0,0 +1,17 @@
+require connman.inc
+
+SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
+ file://0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch \
+ file://0001-connman.service-stop-systemd-resolved-when-we-use-co.patch \
+ file://0001-gweb-fix-segfault-with-musl-v1.1.21.patch \
+ file://connman \
+ file://no-version-scripts.patch \
+"
+
+SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch"
+
+SRC_URI[md5sum] = "75012084f14fb63a84b116e66c6e94fb"
+SRC_URI[sha256sum] = "6ce29b3eb0bb16a7387bc609c39455fd13064bdcde5a4d185fab3a0c71946e16"
+
+RRECOMMENDS_${PN} = "connman-conf"
+RCONFLICTS_${PN} = "networkmanager"
diff --git a/external/poky/meta/recipes-connectivity/dhcp/dhcp.inc b/external/poky/meta/recipes-connectivity/dhcp/dhcp.inc
index 3e65e5cf..d46130d4 100644
--- a/external/poky/meta/recipes-connectivity/dhcp/dhcp.inc
+++ b/external/poky/meta/recipes-connectivity/dhcp/dhcp.inc
@@ -21,7 +21,7 @@ SRC_URI = "http://ftp.isc.org/isc/dhcp/${PV}/dhcp-${PV}.tar.gz \
file://dhcpd.service file://dhcrelay.service \
file://dhcpd6.service \
"
-UPSTREAM_CHECK_URI = "ftp://ftp.isc.org/isc/dhcp/"
+UPSTREAM_CHECK_URI = "http://ftp.isc.org/isc/dhcp/"
UPSTREAM_CHECK_REGEX = "(?P<pver>\d+\.\d+\.(\d+?))/"
inherit autotools-brokensep systemd useradd update-rc.d
@@ -43,7 +43,7 @@ INITSCRIPT_PACKAGES = "dhcp-server"
INITSCRIPT_NAME_dhcp-server = "dhcp-server"
INITSCRIPT_PARAMS_dhcp-server = "defaults"
-TARGET_CFLAGS += "-D_GNU_SOURCE"
+CFLAGS += "-D_GNU_SOURCE"
EXTRA_OECONF = "--with-srv-lease-file=${localstatedir}/lib/dhcp/dhcpd.leases \
--with-srv6-lease-file=${localstatedir}/lib/dhcp/dhcpd6.leases \
--with-cli-lease-file=${localstatedir}/lib/dhcp/dhclient.leases \
@@ -100,6 +100,7 @@ do_install_append () {
PACKAGES += "dhcp-libs dhcp-server dhcp-server-config dhcp-client dhcp-relay dhcp-omshell"
PACKAGES_remove = "${PN}"
+RDEPENDS_${PN}-client += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'iproute2', '', d)}"
RDEPENDS_${PN}-dev = ""
RDEPENDS_${PN}-staticdev = ""
FILES_${PN}-libs = "${libdir}/libdhcpctl.so.0* ${libdir}/libomapi.so.0* ${libdir}/libdhcp.so.0*"
diff --git a/external/poky/meta/recipes-connectivity/dhcp/dhcp/0001-master-Added-includes-of-new-BIND9-compatibility-hea.patch b/external/poky/meta/recipes-connectivity/dhcp/dhcp/0001-master-Added-includes-of-new-BIND9-compatibility-hea.patch
deleted file mode 100644
index 1bc14224..00000000
--- a/external/poky/meta/recipes-connectivity/dhcp/dhcp/0001-master-Added-includes-of-new-BIND9-compatibility-hea.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-From 8194daabfd590f17825f0c61e9534bee5c99cc86 Mon Sep 17 00:00:00 2001
-From: Thomas Markwalder <tmark@isc.org>
-Date: Fri, 14 Sep 2018 13:41:41 -0400
-Subject: [master] Added includes of new BIND9 compatibility headers
-
- Merges in rt48072.
-
-Upstream-Status: Backport
-Signed-off-by: Adrian Bunk <bunk@stusta.de>
-
-diff --git a/includes/omapip/isclib.h b/includes/omapip/isclib.h
-index 75a87ff6..538b927f 100644
---- a/includes/omapip/isclib.h
-+++ b/includes/omapip/isclib.h
-@@ -48,6 +48,9 @@
- #include <string.h>
- #include <netdb.h>
-
-+#include <isc/boolean.h>
-+#include <isc/int.h>
-+
- #include <isc/buffer.h>
- #include <isc/lex.h>
- #include <isc/lib.h>
-diff --git a/includes/omapip/result.h b/includes/omapip/result.h
-index 91243e1b..860298f6 100644
---- a/includes/omapip/result.h
-+++ b/includes/omapip/result.h
-@@ -26,6 +26,7 @@
- #ifndef DHCP_RESULT_H
- #define DHCP_RESULT_H 1
-
-+#include <isc/boolean.h>
- #include <isc/lang.h>
- #include <isc/resultclass.h>
- #include <isc/types.h>
-diff --git a/server/dhcpv6.c b/server/dhcpv6.c
-index a7110f98..cde4f617 100644
---- a/server/dhcpv6.c
-+++ b/server/dhcpv6.c
-@@ -1034,7 +1034,8 @@ void check_pool6_threshold(struct reply_state *reply,
- shared_name,
- inet_ntop(AF_INET6, &lease->addr,
- tmp_addr, sizeof(tmp_addr)),
-- used, count);
-+ (long long unsigned)(used),
-+ (long long unsigned)(count));
- }
- return;
- }
-@@ -1066,7 +1067,8 @@ void check_pool6_threshold(struct reply_state *reply,
- "address: %s; high threshold %d%% %llu/%llu.",
- shared_name,
- inet_ntop(AF_INET6, &lease->addr, tmp_addr, sizeof(tmp_addr)),
-- poolhigh, used, count);
-+ poolhigh, (long long unsigned)(used),
-+ (long long unsigned)(count));
-
- /* handle the low threshold now, if we don't
- * have one we default to 0. */
-@@ -1436,12 +1438,15 @@ pick_v6_address(struct reply_state *reply)
- log_debug("Unable to pick client address: "
- "no addresses available - shared network %s: "
- " 2^64-1 < total, %llu active, %llu abandoned",
-- shared_name, active - abandoned, abandoned);
-+ shared_name, (long long unsigned)(active - abandoned),
-+ (long long unsigned)(abandoned));
- } else {
- log_debug("Unable to pick client address: "
- "no addresses available - shared network %s: "
- "%llu total, %llu active, %llu abandoned",
-- shared_name, total, active - abandoned, abandoned);
-+ shared_name, (long long unsigned)(total),
-+ (long long unsigned)(active - abandoned),
-+ (long long unsigned)(abandoned));
- }
-
- return ISC_R_NORESOURCES;
-
diff --git a/external/poky/meta/recipes-connectivity/dhcp/dhcp/0001-workaround-busybox-limitation-in-linux-dhclient-script.patch b/external/poky/meta/recipes-connectivity/dhcp/dhcp/0001-workaround-busybox-limitation-in-linux-dhclient-script.patch
new file mode 100644
index 00000000..2359381b
--- /dev/null
+++ b/external/poky/meta/recipes-connectivity/dhcp/dhcp/0001-workaround-busybox-limitation-in-linux-dhclient-script.patch
@@ -0,0 +1,65 @@
+From eec0503cfc36f63d777f5cb3f2719cecedcb8468 Mon Sep 17 00:00:00 2001
+From: Haris Okanovic <haris.okanovic@ni.com>
+Date: Mon, 7 Jan 2019 13:22:09 -0600
+Subject: [PATCH] Workaround busybox limitation in Linux dhclient-script
+
+Busybox is a lightweight implementation of coreutils commonly used on
+space-constrained embedded Linux distributions. It's implementation of
+chown and chmod doesn't provide a "--reference" option added to
+client/scripts/linux as of commit 9261cb14. This change works around
+that limitation by using stat to read ownership and permissions flags
+and simple chown/chmod calls supported in both coreutils and busybox.
+
+ modified: client/scripts/linux
+
+Signed-off-by: Haris Okanovic <haris.okanovic@ni.com>
+Upstream-Status: Pending [ISC-Bugs #48771]
+---
+ client/scripts/linux | 17 +++++++++++++----
+ 1 file changed, 13 insertions(+), 4 deletions(-)
+
+diff --git a/client/scripts/linux b/client/scripts/linux
+index 0c429697..2435a44b 100755
+--- a/client/scripts/linux
++++ b/client/scripts/linux
+@@ -32,6 +32,17 @@
+ # if your system holds ip tool in a non-standard location.
+ ip=/sbin/ip
+
++chown_chmod_by_reference() {
++ local reference_file="$1"
++ local target_file="$2"
++
++ local owner=$(stat -c "%u:%g" "$reference_file")
++ local perm=$(stat -c "%a" "$reference_file")
++
++ chown "$owner" "$target_file"
++ chmod "$perm" "$target_file"
++}
++
+ # update /etc/resolv.conf based on received values
+ # This updated version mostly follows Debian script by Andrew Pollock et al.
+ make_resolv_conf() {
+@@ -74,8 +85,7 @@ make_resolv_conf() {
+ fi
+
+ if [ -f /etc/resolv.conf ]; then
+- chown --reference=/etc/resolv.conf $new_resolv_conf
+- chmod --reference=/etc/resolv.conf $new_resolv_conf
++ chown_chmod_by_reference /etc/resolv.conf $new_resolv_conf
+ fi
+ mv -f $new_resolv_conf /etc/resolv.conf
+ # DHCPv6
+@@ -101,8 +111,7 @@ make_resolv_conf() {
+ fi
+
+ if [ -f /etc/resolv.conf ]; then
+- chown --reference=/etc/resolv.conf $new_resolv_conf
+- chmod --reference=/etc/resolv.conf $new_resolv_conf
++ chown_chmod_by_reference /etc/resolv.conf $new_resolv_conf
+ fi
+ mv -f $new_resolv_conf /etc/resolv.conf
+ fi
+--
+2.20.0
+
diff --git a/external/poky/meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch b/external/poky/meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch
index b71c93dd..7b57730f 100644
--- a/external/poky/meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch
+++ b/external/poky/meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch
@@ -85,9 +85,11 @@ Index: dhcp-4.4.1/relay/Makefile.am
===================================================================
--- dhcp-4.4.1.orig/relay/Makefile.am
+++ dhcp-4.4.1/relay/Makefile.am
-@@ -1,4 +1,4 @@
+@@ -1,6 +1,6 @@
+ SUBDIRS = . tests
+
-AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"'
+AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes
-
+
sbin_PROGRAMS = dhcrelay
dhcrelay_SOURCES = dhcrelay.c
diff --git a/external/poky/meta/recipes-connectivity/dhcp/dhcp/0006-site.h-enable-gentle-shutdown.patch b/external/poky/meta/recipes-connectivity/dhcp/dhcp/0006-site.h-enable-gentle-shutdown.patch
deleted file mode 100644
index 6ef70cca..00000000
--- a/external/poky/meta/recipes-connectivity/dhcp/dhcp/0006-site.h-enable-gentle-shutdown.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 01641d146e4e6bea954e4a4ee1f6230b822665b4 Mon Sep 17 00:00:00 2001
-From: Chen Qi <Qi.Chen@windriver.com>
-Date: Tue, 15 Aug 2017 15:37:49 +0800
-Subject: [PATCH 06/11] site.h: enable gentle shutdown
-
-Upstream-Status: Inappropriate [configuration]
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
-
-Rebase to 4.3.6
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- includes/site.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Index: dhcp-4.4.1/includes/site.h
-===================================================================
---- dhcp-4.4.1.orig/includes/site.h
-+++ dhcp-4.4.1/includes/site.h
-@@ -295,7 +295,7 @@
- situations. We plan to revisit this feature and may
- make non-backwards compatible changes including the
- removal of this define. Use at your own risk. */
--/* #define ENABLE_GENTLE_SHUTDOWN */
-+#define ENABLE_GENTLE_SHUTDOWN
-
- /* Include old error codes. This is provided in case you
- are building an external program similar to omshell for
diff --git a/external/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb b/external/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb
index e8cc731a..b56a2048 100644
--- a/external/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb
+++ b/external/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb
@@ -5,16 +5,15 @@ SRC_URI += "file://0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.pat
file://0003-link-with-lcrypto.patch \
file://0004-Fix-out-of-tree-builds.patch \
file://0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch \
- file://0006-site.h-enable-gentle-shutdown.patch \
file://0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch \
file://0009-remove-dhclient-script-bash-dependency.patch \
file://0012-dhcp-correct-the-intention-for-xml2-lib-search.patch \
file://0013-fixup_use_libbind.patch \
- file://0001-master-Added-includes-of-new-BIND9-compatibility-hea.patch \
+ file://0001-workaround-busybox-limitation-in-linux-dhclient-script.patch \
"
-SRC_URI[md5sum] = "18c7f4dcbb0a63df25098216d47b1ede"
-SRC_URI[sha256sum] = "2a22508922ab367b4af4664a0472dc220cc9603482cf3c16d9aff14f3a76b608"
+SRC_URI[md5sum] = "2afdaf8498dc1edaf3012efdd589b3e1"
+SRC_URI[sha256sum] = "1a7ccd64a16e5e68f7b5e0f527fd07240a2892ea53fe245620f4f5f607004521"
LDFLAGS_append = " -pthread"
diff --git a/external/poky/meta/recipes-connectivity/inetutils/inetutils/0001-rcp-fix-to-work-with-large-files.patch b/external/poky/meta/recipes-connectivity/inetutils/inetutils/0001-rcp-fix-to-work-with-large-files.patch
new file mode 100644
index 00000000..d4764f58
--- /dev/null
+++ b/external/poky/meta/recipes-connectivity/inetutils/inetutils/0001-rcp-fix-to-work-with-large-files.patch
@@ -0,0 +1,31 @@
+Upstream-Status: Pending
+
+Subject: rcp: fix to work with large files
+
+When we copy file by rcp command, if the file > 2GB, it will fail.
+The cause is that it used incorrect data type on file size in sink() of rcp.
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ src/rcp.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/rcp.c b/src/rcp.c
+index 21f55b6..bafa35f 100644
+--- a/src/rcp.c
++++ b/src/rcp.c
+@@ -876,9 +876,9 @@ sink (int argc, char *argv[])
+ enum
+ { YES, NO, DISPLAYED } wrerr;
+ BUF *bp;
+- off_t i, j;
++ off_t i, j, size;
+ int amt, count, exists, first, mask, mode, ofd, omode;
+- int setimes, size, targisdir, wrerrno;
++ int setimes, targisdir, wrerrno;
+ char ch, *cp, *np, *targ, *vect[1], buf[BUFSIZ];
+ const char *why;
+
+--
+1.9.1
+
diff --git a/external/poky/meta/recipes-connectivity/inetutils/inetutils/fix-buffer-fortify-tfpt.patch b/external/poky/meta/recipes-connectivity/inetutils/inetutils/fix-buffer-fortify-tfpt.patch
new file mode 100644
index 00000000..a91913cb
--- /dev/null
+++ b/external/poky/meta/recipes-connectivity/inetutils/inetutils/fix-buffer-fortify-tfpt.patch
@@ -0,0 +1,25 @@
+tftpd: Fix abort on error path
+
+When trying to fetch a non existent file, the app crashes with:
+
+*** buffer overflow detected ***:
+Aborted
+
+
+Upstream-Status: Submitted [https://www.mail-archive.com/bug-inetutils@gnu.org/msg03036.html https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91205]
+Signed-off-by: Ricardo Ribalda Delgado <ricardo@ribalda.com>
+diff --git a/src/tftpd.c b/src/tftpd.c
+index 56002a0..144012f 100644
+--- a/src/tftpd.c
++++ b/src/tftpd.c
+@@ -864,9 +864,8 @@ nak (int error)
+ pe->e_msg = strerror (error - 100);
+ tp->th_code = EUNDEF; /* set 'undef' errorcode */
+ }
+- strcpy (tp->th_msg, pe->e_msg);
+ length = strlen (pe->e_msg);
+- tp->th_msg[length] = '\0';
++ memcpy(tp->th_msg, pe->e_msg, length + 1);
+ length += 5;
+ if (sendto (peer, buf, length, 0, (struct sockaddr *) &from, fromlen) != length)
+ syslog (LOG_ERR, "nak: %m\n");
diff --git a/external/poky/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch b/external/poky/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch
new file mode 100644
index 00000000..24c134fc
--- /dev/null
+++ b/external/poky/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch
@@ -0,0 +1,83 @@
+Upstream: http://www.mail-archive.com/bug-inetutils@gnu.org/msg02103.html
+
+Upstream-Status: Pending
+
+Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
+---
+ ping/ping_common.h | 20 ++++++++++++++++++++
+ 1 file changed, 20 insertions(+)
+
+diff --git a/ping/ping_common.h b/ping/ping_common.h
+index 1dfd1b5..3bfbd12 100644
+--- a/ping/ping_common.h
++++ b/ping/ping_common.h
+@@ -17,10 +17,14 @@
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see `http://www.gnu.org/licenses/'. */
+
++#include <config.h>
++
+ #include <netinet/in_systm.h>
+ #include <netinet/in.h>
+ #include <netinet/ip.h>
++#ifdef HAVE_IPV6
+ #include <netinet/icmp6.h>
++#endif
+ #include <icmp.h>
+ #include <error.h>
+ #include <progname.h>
+@@ -62,7 +66,12 @@ struct ping_stat
+ want to follow the traditional behaviour of ping. */
+ #define DEFAULT_PING_COUNT 0
+
++#ifdef HAVE_IPV6
+ #define PING_HEADER_LEN (USE_IPV6 ? sizeof (struct icmp6_hdr) : ICMP_MINLEN)
++#else
++#define PING_HEADER_LEN (ICMP_MINLEN)
++#endif
++
+ #define PING_TIMING(s) ((s) >= sizeof (struct timeval))
+ #define PING_DATALEN (64 - PING_HEADER_LEN) /* default data length */
+
+@@ -74,13 +83,20 @@ struct ping_stat
+ (t).tv_usec = ((i)%PING_PRECISION)*(1000000/PING_PRECISION) ;\
+ } while (0)
+
++#ifdef HAVE_IPV6
+ /* FIXME: Adjust IPv6 case for options and their consumption. */
+ #define _PING_BUFLEN(p, u) ((u)? ((p)->ping_datalen + sizeof (struct icmp6_hdr)) : \
+ (MAXIPLEN + (p)->ping_datalen + ICMP_TSLEN))
+
++#else
++#define _PING_BUFLEN(p, u) (MAXIPLEN + (p)->ping_datalen + ICMP_TSLEN)
++#endif
++
++#ifdef HAVE_IPV6
+ typedef int (*ping_efp6) (int code, void *closure, struct sockaddr_in6 * dest,
+ struct sockaddr_in6 * from, struct icmp6_hdr * icmp,
+ int datalen);
++#endif
+
+ typedef int (*ping_efp) (int code,
+ void *closure,
+@@ -89,13 +105,17 @@ typedef int (*ping_efp) (int code,
+ struct ip * ip, icmphdr_t * icmp, int datalen);
+
+ union event {
++#ifdef HAVE_IPV6
+ ping_efp6 handler6;
++#endif
+ ping_efp handler;
+ };
+
+ union ping_address {
+ struct sockaddr_in ping_sockaddr;
++#ifdef HAVE_IPV6
+ struct sockaddr_in6 ping_sockaddr6;
++#endif
+ };
+
+ typedef struct ping_data PING;
+--
+2.8.3
+
diff --git a/external/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch b/external/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch
new file mode 100644
index 00000000..3da4e9f5
--- /dev/null
+++ b/external/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch
@@ -0,0 +1,29 @@
+From 552a7d64ad4a7188a9b7cd89933ae7caf7ebfe90 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier at gentoo.org>
+Date: Thu, 18 Nov 2010 16:59:14 -0500
+Subject: [PATCH gnulib] printf-parse: pull in features.h for __GLIBC__
+
+Upstream-Status: Pending
+
+Signed-off-by: Mike Frysinger <vapier at gentoo.org>
+---
+ lib/printf-parse.h | 3 +++
+ 1 files changed, 3 insertions(+), 0 deletions(-)
+
+diff --git a/lib/printf-parse.h b/lib/printf-parse.h
+index 67a4a2a..3bd6152 100644
+--- a/lib/printf-parse.h
++++ b/lib/printf-parse.h
+@@ -25,6 +25,9 @@
+
+ #include "printf-args.h"
+
++#ifdef HAVE_FEATURES_H
++# include <features.h> /* for __GLIBC__ */
++#endif
+
+ /* Flags */
+ #define FLAG_GROUP 1 /* ' flag */
+--
+1.7.3.2
+
diff --git a/external/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch b/external/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch
new file mode 100644
index 00000000..b13bb922
--- /dev/null
+++ b/external/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch
@@ -0,0 +1,14 @@
+Upstream-Status: Pending
+
+--- inetutils-1.8/lib/wchar.in.h
++++ inetutils-1.8/lib/wchar.in.h
+@@ -70,6 +70,9 @@
+ /* The include_next requires a split double-inclusion guard. */
+ #if @HAVE_WCHAR_H@
+ # @INCLUDE_NEXT@ @NEXT_WCHAR_H@
++#else
++# include <stddef.h>
++# define MB_CUR_MAX 1
+ #endif
+
+ #undef _GL_ALREADY_INCLUDING_WCHAR_H
diff --git a/external/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch b/external/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch
new file mode 100644
index 00000000..2592989a
--- /dev/null
+++ b/external/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch
@@ -0,0 +1,26 @@
+inetutils: define PATH_PROCNET_DEV if not already defined
+
+this prevents the following compilation error :
+system/linux.c:401:15: error: 'PATH_PROCNET_DEV' undeclared (first use in this function)
+
+this patch comes from :
+ http://repository.timesys.com/buildsources/i/inetutils/inetutils-1.9/
+
+Upstream-Status: Inappropriate [not author]
+
+Signed-of-by: Eric Bénard <eric@eukrea.com>
+---
+diff -Naur inetutils-1.9.orig/ifconfig/system/linux.c inetutils-1.9/ifconfig/system/linux.c
+--- inetutils-1.9.orig/ifconfig/system/linux.c 2012-01-04 16:31:36.000000000 -0500
++++ inetutils-1.9/ifconfig/system/linux.c 2012-01-04 16:40:53.000000000 -0500
+@@ -49,6 +49,10 @@
+ #include "../ifconfig.h"
+
+
++#ifndef PATH_PROCNET_DEV
++ #define PATH_PROCNET_DEV "/proc/net/dev"
++#endif
++
+ /* ARPHRD stuff. */
+
+ static void
diff --git a/external/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch b/external/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch
new file mode 100644
index 00000000..ff3abd86
--- /dev/null
+++ b/external/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch
@@ -0,0 +1,40 @@
+Only check security/pam_appl.h which is provided by package libpam when pam is
+enabled.
+
+Upstream-Status: Pending
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+---
+diff --git a/configure.ac b/configure.ac
+index b35e672..e78a751 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -195,6 +195,19 @@ fi
+
+ # See if we have libpam.a. Investigate PAM versus Linux-PAM.
+ if test "$with_pam" = yes ; then
++ AC_CHECK_HEADERS([security/pam_appl.h], [], [], [
++#include <sys/types.h>
++#ifdef HAVE_NETINET_IN_SYSTM_H
++# include <netinet/in_systm.h>
++#endif
++#include <netinet/in.h>
++#ifdef HAVE_NETINET_IP_H
++# include <netinet/ip.h>
++#endif
++#ifdef HAVE_SYS_PARAM_H
++# include <sys/param.h>
++#endif
++])
+ AC_CHECK_LIB(dl, dlopen, LIBDL=-ldl)
+ AC_CHECK_LIB(pam, pam_authenticate, LIBPAM=-lpam)
+ if test "$ac_cv_lib_pam_pam_authenticate" = yes ; then
+@@ -587,7 +600,7 @@ AC_HEADER_DIRENT
+ AC_CHECK_HEADERS([arpa/nameser.h errno.h fcntl.h features.h \
+ glob.h memory.h netinet/ether.h netinet/in_systm.h \
+ netinet/ip.h netinet/ip_icmp.h netinet/ip_var.h \
+- security/pam_appl.h shadow.h \
++ shadow.h \
+ stdarg.h stdlib.h string.h stropts.h sys/tty.h \
+ sys/utsname.h sys/ptyvar.h sys/msgbuf.h sys/filio.h \
+ sys/ioctl_compat.h sys/cdefs.h sys/stream.h sys/mkdev.h \
diff --git a/external/poky/meta/recipes-connectivity/inetutils/inetutils/rexec.xinetd.inetutils b/external/poky/meta/recipes-connectivity/inetutils/inetutils/rexec.xinetd.inetutils
new file mode 100644
index 00000000..30e81ef4
--- /dev/null
+++ b/external/poky/meta/recipes-connectivity/inetutils/inetutils/rexec.xinetd.inetutils
@@ -0,0 +1,20 @@
+# default: off
+# description:
+# Rexecd is the server for the rexec program. The server provides remote
+# execution facilities with authentication based on user names and
+# passwords.
+#
+service exec
+{
+ socket_type = stream
+ protocol = tcp
+ flags = NAMEINARGS
+ wait = no
+ user = root
+ group = root
+ log_on_success += USERID
+ log_on_failure += USERID
+ server = @SBINDIR@/tcpd
+ server_args = @SBINDIR@/in.rexecd
+ disable = yes
+}
diff --git a/external/poky/meta/recipes-connectivity/inetutils/inetutils/rlogin.xinetd.inetutils b/external/poky/meta/recipes-connectivity/inetutils/inetutils/rlogin.xinetd.inetutils
new file mode 100644
index 00000000..21b55da9
--- /dev/null
+++ b/external/poky/meta/recipes-connectivity/inetutils/inetutils/rlogin.xinetd.inetutils
@@ -0,0 +1,23 @@
+# default: off
+# description:
+# Rlogind is a server for the rlogin program. The server provides remote
+# execution with authentication based on privileged port numbers from trusted
+# host
+#
+service login
+{
+ socket_type = stream
+ protocol = tcp
+ flags = NAMEINARGS
+ wait = no
+ user = root
+ group = root
+ log_on_success += USERID
+ log_on_failure += USERID
+ server = @SBINDIR@/tcpd
+ server_args = @SBINDIR@/in.rlogind -a
+ disable = yes
+}
+
+
+
diff --git a/external/poky/meta/recipes-connectivity/inetutils/inetutils/rsh.xinetd.inetutils b/external/poky/meta/recipes-connectivity/inetutils/inetutils/rsh.xinetd.inetutils
new file mode 100644
index 00000000..2b894a74
--- /dev/null
+++ b/external/poky/meta/recipes-connectivity/inetutils/inetutils/rsh.xinetd.inetutils
@@ -0,0 +1,21 @@
+# default: off
+# description:
+# The rshd server is a server for the rcmd(3) routine and,
+# consequently, for the rsh(1) program. The server provides
+# remote execution facilities with authentication based on
+# privileged port numbers from trusted hosts.
+#
+service shell
+{
+ socket_type = stream
+ protocol = tcp
+ flags = NAMEINARGS
+ wait = no
+ user = root
+ group = root
+ log_on_success += USERID
+ log_on_failure += USERID
+ server = @SBINDIR@/tcpd
+ server_args = @SBINDIR@/in.rshd -aL
+ disable = yes
+}
diff --git a/external/poky/meta/recipes-connectivity/inetutils/inetutils/telnet.xinetd.inetutils b/external/poky/meta/recipes-connectivity/inetutils/inetutils/telnet.xinetd.inetutils
new file mode 100644
index 00000000..2d9a0408
--- /dev/null
+++ b/external/poky/meta/recipes-connectivity/inetutils/inetutils/telnet.xinetd.inetutils
@@ -0,0 +1,13 @@
+# default: on
+# description: The telnet server serves telnet sessions; it uses \
+# unencrypted username/password pairs for authentication.
+service telnet
+{
+ disable = no
+ flags = REUSE
+ socket_type = stream
+ wait = no
+ user = root
+ server = @SBINDIR@/in.telnetd
+ log_on_failure += USERID
+}
diff --git a/external/poky/meta/recipes-connectivity/inetutils/inetutils/tftpd.xinetd.inetutils b/external/poky/meta/recipes-connectivity/inetutils/inetutils/tftpd.xinetd.inetutils
new file mode 100644
index 00000000..67b44c43
--- /dev/null
+++ b/external/poky/meta/recipes-connectivity/inetutils/inetutils/tftpd.xinetd.inetutils
@@ -0,0 +1,19 @@
+# default: off
+# description:
+# Tftpd is a server which supports the Internet Trivial File Transfer
+# Pro-tocol (RFC 783). The TFTP server operates at the port indicated
+# in the tftp service description; see services(5).
+#
+service tftp
+{
+ disable = yes
+ socket_type = dgram
+ protocol = udp
+ flags = IPv6
+ wait = yes
+ user = root
+ group = root
+ server = @SBINDIR@/in.tftpd
+ server_args = /tftpboot
+}
+
diff --git a/external/poky/meta/recipes-connectivity/inetutils/inetutils/version.patch b/external/poky/meta/recipes-connectivity/inetutils/inetutils/version.patch
new file mode 100644
index 00000000..532a0e5c
--- /dev/null
+++ b/external/poky/meta/recipes-connectivity/inetutils/inetutils/version.patch
@@ -0,0 +1,17 @@
+Upstream-Status: Pending
+
+remove m4_esyscmd function
+
+Signed-off-by: Chunrong Guo <b40290@freescale.com>
+--- inetutils-1.9.1/configure.ac 2012-01-06 22:05:05.000000000 +0800
++++ inetutils-1.9.1/configure.ac 2012-11-12 14:01:11.732957019 +0800
+@@ -20,8 +20,7 @@
+
+ AC_PREREQ(2.59)
+
+-AC_INIT([GNU inetutils],
+- m4_esyscmd([build-aux/git-version-gen .tarball-version 's/inetutils-/v/;s/_/./g']),
++AC_INIT([GNU inetutils],[1.9.4],
+ [bug-inetutils@gnu.org])
+
+ AC_CONFIG_SRCDIR([src/inetd.c])
diff --git a/external/poky/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb b/external/poky/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb
new file mode 100644
index 00000000..cc9410b9
--- /dev/null
+++ b/external/poky/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb
@@ -0,0 +1,214 @@
+DESCRIPTION = "The GNU inetutils are a collection of common \
+networking utilities and servers including ftp, ftpd, rcp, \
+rexec, rlogin, rlogind, rsh, rshd, syslog, syslogd, talk, \
+talkd, telnet, telnetd, tftp, tftpd, and uucpd."
+HOMEPAGE = "http://www.gnu.org/software/inetutils"
+SECTION = "net"
+DEPENDS = "ncurses netbase readline virtual/crypt"
+
+LICENSE = "GPLv3"
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=0c7051aef9219dc7237f206c5c4179a7"
+
+SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.gz \
+ file://version.patch \
+ file://inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch \
+ file://inetutils-1.8-0003-wchar.patch \
+ file://rexec.xinetd.inetutils \
+ file://rlogin.xinetd.inetutils \
+ file://rsh.xinetd.inetutils \
+ file://telnet.xinetd.inetutils \
+ file://tftpd.xinetd.inetutils \
+ file://inetutils-1.9-PATH_PROCNET_DEV.patch \
+ file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \
+ file://0001-rcp-fix-to-work-with-large-files.patch \
+ file://fix-buffer-fortify-tfpt.patch \
+"
+
+SRC_URI[md5sum] = "04852c26c47cc8c6b825f2b74f191f52"
+SRC_URI[sha256sum] = "be8f75eff936b8e41b112462db51adf689715658a1b09e0d6b05d11ec92cc616"
+
+inherit autotools gettext update-alternatives texinfo
+
+acpaths = "-I ./m4"
+
+SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', '', 'file://fix-disable-ipv6.patch', d)}"
+
+PACKAGECONFIG ??= "ftp uucpd \
+ ${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6 ping6', '', d)} \
+ "
+PACKAGECONFIG[ftp] = "--enable-ftp,--disable-ftp,readline"
+PACKAGECONFIG[uucpd] = "--enable-uucpd,--disable-uucpd,readline"
+PACKAGECONFIG[pam] = "--with-pam,--without-pam,libpam"
+PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6 gl_cv_socket_ipv6=no,"
+PACKAGECONFIG[ping6] = "--enable-ping6,--disable-ping6,"
+
+EXTRA_OECONF = "--with-ncurses-include-dir=${STAGING_INCDIR} \
+ inetutils_cv_path_login=${base_bindir}/login \
+ --with-libreadline-prefix=${STAGING_LIBDIR} \
+ --enable-rpath=no \
+"
+
+# These are horrible for security, disable them
+EXTRA_OECONF_append = " --disable-rsh --disable-rshd --disable-rcp \
+ --disable-rlogin --disable-rlogind --disable-rexec --disable-rexecd"
+
+do_configure_prepend () {
+ export HELP2MAN='true'
+ cp ${STAGING_DATADIR_NATIVE}/gettext/config.rpath ${S}/build-aux/config.rpath
+ install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.guess ${S}
+ install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.sub ${S}
+ rm -f ${S}/glob/configure*
+}
+
+do_install_append () {
+ install -m 0755 -d ${D}${base_sbindir}
+ install -m 0755 -d ${D}${sbindir}
+ install -m 0755 -d ${D}${sysconfdir}/xinetd.d
+ if [ "${base_bindir}" != "${bindir}" ] ; then
+ install -m 0755 -d ${D}${base_bindir}
+ mv ${D}${bindir}/ping* ${D}${base_bindir}/
+ mv ${D}${bindir}/hostname ${D}${base_bindir}/
+ fi
+ mv ${D}${bindir}/ifconfig ${D}${base_sbindir}/
+ mv ${D}${libexecdir}/syslogd ${D}${base_sbindir}/
+ mv ${D}${libexecdir}/tftpd ${D}${sbindir}/in.tftpd
+ mv ${D}${libexecdir}/telnetd ${D}${sbindir}/in.telnetd
+ if [ -e ${D}${libexecdir}/rexecd ]; then
+ mv ${D}${libexecdir}/rexecd ${D}${sbindir}/in.rexecd
+ cp ${WORKDIR}/rexec.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/rexec
+ fi
+ if [ -e ${D}${libexecdir}/rlogind ]; then
+ mv ${D}${libexecdir}/rlogind ${D}${sbindir}/in.rlogind
+ cp ${WORKDIR}/rlogin.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/rlogin
+ fi
+ if [ -e ${D}${libexecdir}/rshd ]; then
+ mv ${D}${libexecdir}/rshd ${D}${sbindir}/in.rshd
+ cp ${WORKDIR}/rsh.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/rsh
+ fi
+ if [ -e ${D}${libexecdir}/talkd ]; then
+ mv ${D}${libexecdir}/talkd ${D}${sbindir}/in.talkd
+ fi
+ mv ${D}${libexecdir}/uucpd ${D}${sbindir}/in.uucpd
+ mv ${D}${libexecdir}/* ${D}${bindir}/
+ cp ${WORKDIR}/telnet.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/telnet
+ cp ${WORKDIR}/tftpd.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/tftpd
+
+ sed -e 's,@SBINDIR@,${sbindir},g' -i ${D}/${sysconfdir}/xinetd.d/*
+ if [ -e ${D}${libdir}/charset.alias ]; then
+ rm -rf ${D}${libdir}/charset.alias
+ fi
+ rm -rf ${D}${libexecdir}/
+ # remove usr/lib if empty
+ rmdir ${D}${libdir} || true
+}
+
+PACKAGES =+ "${PN}-ping ${PN}-ping6 ${PN}-hostname ${PN}-ifconfig \
+${PN}-tftp ${PN}-logger ${PN}-traceroute ${PN}-syslogd \
+${PN}-ftp ${PN}-ftpd ${PN}-tftpd ${PN}-telnet ${PN}-telnetd ${PN}-inetd \
+${PN}-rsh ${PN}-rshd"
+
+# The packages tftpd, telnetd and rshd conflict with the ones
+# provided by netkit, so add the corresponding -dbg packages
+# for them to avoid the confliction between the dbg package
+# of inetutils and netkit.
+PACKAGES =+ "${PN}-tftpd-dbg ${PN}-telnetd-dbg ${PN}-rshd-dbg"
+NOAUTOPACKAGEDEBUG = "1"
+
+ALTERNATIVE_PRIORITY = "79"
+ALTERNATIVE_${PN} = "whois"
+ALTERNATIVE_LINK_NAME[uucpd] = "${sbindir}/in.uucpd"
+
+ALTERNATIVE_PRIORITY_${PN}-logger = "60"
+ALTERNATIVE_${PN}-logger = "logger"
+ALTERNATIVE_${PN}-syslogd = "syslogd"
+ALTERNATIVE_LINK_NAME[syslogd] = "${base_sbindir}/syslogd"
+
+ALTERNATIVE_${PN}-ftp = "ftp"
+ALTERNATIVE_${PN}-ftpd = "ftpd"
+ALTERNATIVE_${PN}-tftp = "tftp"
+ALTERNATIVE_${PN}-tftpd = "tftpd"
+ALTERNATIVE_LINK_NAME[tftpd] = "${sbindir}/tftpd"
+ALTERNATIVE_TARGET[tftpd] = "${sbindir}/in.tftpd"
+
+ALTERNATIVE_${PN}-telnet = "telnet"
+ALTERNATIVE_${PN}-telnetd = "telnetd"
+ALTERNATIVE_LINK_NAME[telnetd] = "${sbindir}/telnetd"
+ALTERNATIVE_TARGET[telnetd] = "${sbindir}/in.telnetd"
+
+ALTERNATIVE_${PN}-inetd= "inetd"
+ALTERNATIVE_${PN}-traceroute = "traceroute"
+
+ALTERNATIVE_${PN}-hostname = "hostname"
+ALTERNATIVE_LINK_NAME[hostname] = "${base_bindir}/hostname"
+
+ALTERNATIVE_${PN}-doc = "hostname.1 dnsdomainname.1 logger.1 syslogd.8 \
+ tftpd.8 tftp.1 telnetd.8"
+ALTERNATIVE_LINK_NAME[hostname.1] = "${mandir}/man1/hostname.1"
+ALTERNATIVE_LINK_NAME[dnsdomainname.1] = "${mandir}/man1/dnsdomainname.1"
+ALTERNATIVE_LINK_NAME[logger.1] = "${mandir}/man1/logger.1"
+ALTERNATIVE_LINK_NAME[syslogd.8] = "${mandir}/man8/syslogd.8"
+ALTERNATIVE_LINK_NAME[telnetd.8] = "${mandir}/man8/telnetd.8"
+ALTERNATIVE_LINK_NAME[tftpd.8] = "${mandir}/man8/tftpd.8"
+ALTERNATIVE_LINK_NAME[tftp.1] = "${mandir}/man1/tftp.1"
+
+ALTERNATIVE_${PN}-ifconfig = "ifconfig"
+ALTERNATIVE_LINK_NAME[ifconfig] = "${base_sbindir}/ifconfig"
+
+ALTERNATIVE_${PN}-ping = "ping"
+ALTERNATIVE_LINK_NAME[ping] = "${base_bindir}/ping"
+
+ALTERNATIVE_${PN}-ping6 = "${@bb.utils.filter('PACKAGECONFIG', 'ping6', d)}"
+ALTERNATIVE_LINK_NAME[ping6] = "${base_bindir}/ping6"
+
+
+FILES_${PN}-dbg += "${base_bindir}/.debug ${base_sbindir}/.debug ${bindir}/.debug ${sbindir}/.debug"
+FILES_${PN}-ping = "${base_bindir}/ping.${BPN}"
+FILES_${PN}-ping6 = "${base_bindir}/ping6.${BPN}"
+FILES_${PN}-hostname = "${base_bindir}/hostname.${BPN}"
+FILES_${PN}-ifconfig = "${base_sbindir}/ifconfig.${BPN}"
+FILES_${PN}-traceroute = "${bindir}/traceroute.${BPN}"
+FILES_${PN}-logger = "${bindir}/logger.${BPN}"
+
+FILES_${PN}-syslogd = "${base_sbindir}/syslogd.${BPN}"
+RCONFLICTS_${PN}-syslogd = "rsyslog busybox-syslog sysklogd syslog-ng"
+
+FILES_${PN}-ftp = "${bindir}/ftp.${BPN}"
+
+FILES_${PN}-tftp = "${bindir}/tftp.${BPN}"
+FILES_${PN}-telnet = "${bindir}/telnet.${BPN}"
+
+# We make us of RCONFLICTS / RPROVIDES here rather than using the normal
+# alternatives method as this leads to packaging QA issues when using
+# musl as that library does not provide what these applications need to
+# build.
+FILES_${PN}-rsh = "${bindir}/rsh ${bindir}/rlogin ${bindir}/rexec ${bindir}/rcp"
+RCONFLICTS_${PN}-rsh += "netkit-rsh-client"
+RPROVIDES_${PN}-rsh = "rsh"
+
+FILES_${PN}-rshd = "${sbindir}/in.rshd ${sbindir}/in.rlogind ${sbindir}/in.rexecd \
+ ${sysconfdir}/xinetd.d/rsh ${sysconfdir}/xinetd.d/rlogin ${sysconfdir}/xinetd.d/rexec"
+FILES_${PN}-rshd-dbg = "${sbindir}/.debug/in.rshd ${sbindir}/.debug/in.rlogind ${sbindir}/.debug/in.rexecd"
+RDEPENDS_${PN}-rshd += "xinetd tcp-wrappers"
+RCONFLICTS_${PN}-rshd += "netkit-rshd-server"
+RPROVIDES_${PN}-rshd = "rshd"
+
+FILES_${PN}-ftpd = "${bindir}/ftpd.${BPN}"
+FILES_${PN}-ftpd-dbg = "${bindir}/.debug/ftpd.${BPN}"
+RDEPENDS_${PN}-ftpd += "xinetd"
+
+FILES_${PN}-tftpd = "${sbindir}/in.tftpd ${sysconfdir}/xinetd.d/tftpd"
+FILES_${PN}-tftpd-dbg = "${sbindir}/.debug/in.tftpd"
+RCONFLICTS_${PN}-tftpd += "netkit-tftpd"
+RDEPENDS_${PN}-tftpd += "xinetd"
+
+FILES_${PN}-telnetd = "${sbindir}/in.telnetd ${sysconfdir}/xinetd.d/telnet"
+FILES_${PN}-telnetd-dbg = "${sbindir}/.debug/in.telnetd"
+RCONFLICTS_${PN}-telnetd += "netkit-telnet"
+RPROVIDES_${PN}-telnetd = "telnetd"
+RDEPENDS_${PN}-telnetd += "xinetd"
+
+FILES_${PN}-inetd = "${bindir}/inetd.${BPN}"
+
+RDEPENDS_${PN} = "xinetd"
diff --git a/external/poky/meta/recipes-connectivity/iproute2/iproute2.inc b/external/poky/meta/recipes-connectivity/iproute2/iproute2.inc
index b2835890..403d2643 100644
--- a/external/poky/meta/recipes-connectivity/iproute2/iproute2.inc
+++ b/external/poky/meta/recipes-connectivity/iproute2/iproute2.inc
@@ -9,16 +9,25 @@ LICENSE = "GPLv2+"
LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \
file://ip/ip.c;beginline=3;endline=8;md5=689d691d0410a4b64d3899f8d6e31817"
-DEPENDS = "flex-native bison-native iptables elfutils libcap"
+DEPENDS = "flex-native bison-native iptables libcap"
inherit update-alternatives bash-completion pkgconfig
CLEANBROKEN = "1"
-PACKAGECONFIG ??= "tipc"
+PACKAGECONFIG ??= "tipc elf devlink"
PACKAGECONFIG[tipc] = ",,libmnl,"
+PACKAGECONFIG[elf] = ",,elfutils,"
+PACKAGECONFIG[devlink] = ",,libmnl,"
-EXTRA_OEMAKE = "CC='${CC}' KERNEL_INCLUDE=${STAGING_INCDIR} DOCDIR=${docdir}/iproute2 SUBDIRS='lib tc ip bridge misc genl ${@bb.utils.contains('PACKAGECONFIG', 'tipc', 'tipc', '', d)}' SBINDIR='${base_sbindir}' LIBDIR='${libdir}'"
+EXTRA_OEMAKE = "\
+ CC='${CC}' \
+ KERNEL_INCLUDE=${STAGING_INCDIR} \
+ DOCDIR=${docdir}/iproute2 \
+ SUBDIRS='lib tc ip bridge misc genl ${@bb.utils.filter('PACKAGECONFIG', 'devlink tipc', d)}' \
+ SBINDIR='${base_sbindir}' \
+ LIBDIR='${libdir}' \
+"
do_configure_append () {
sh configure ${STAGING_INCDIR}
@@ -37,18 +46,36 @@ do_install () {
# The .so files in iproute2-tc are modules, not traditional libraries
INSANE_SKIP_${PN}-tc = "dev-so"
-PACKAGES =+ "${PN}-tc ${PN}-lnstat ${PN}-ifstat ${PN}-genl ${PN}-rtacct ${PN}-nstat ${PN}-ss ${@bb.utils.contains('PACKAGECONFIG', 'tipc', '${PN}-tipc', '', d)}"
+PACKAGES =+ "\
+ ${PN}-devlink \
+ ${PN}-genl \
+ ${PN}-ifstat \
+ ${PN}-lnstat \
+ ${PN}-nstat \
+ ${PN}-rtacct \
+ ${PN}-ss \
+ ${PN}-tc \
+ ${PN}-tipc \
+"
+
FILES_${PN}-tc = "${base_sbindir}/tc* \
${libdir}/tc/*.so"
-FILES_${PN}-lnstat = "${base_sbindir}/lnstat ${base_sbindir}/ctstat ${base_sbindir}/rtstat"
+FILES_${PN}-lnstat = "${base_sbindir}/lnstat \
+ ${base_sbindir}/ctstat \
+ ${base_sbindir}/rtstat"
FILES_${PN}-ifstat = "${base_sbindir}/ifstat"
FILES_${PN}-genl = "${base_sbindir}/genl"
FILES_${PN}-rtacct = "${base_sbindir}/rtacct"
FILES_${PN}-nstat = "${base_sbindir}/nstat"
FILES_${PN}-ss = "${base_sbindir}/ss"
FILES_${PN}-tipc = "${base_sbindir}/tipc"
+FILES_${PN}-devlink = "${base_sbindir}/devlink"
ALTERNATIVE_${PN} = "ip"
ALTERNATIVE_TARGET[ip] = "${base_sbindir}/ip.${BPN}"
ALTERNATIVE_LINK_NAME[ip] = "${base_sbindir}/ip"
ALTERNATIVE_PRIORITY = "100"
+
+ALTERNATIVE_${PN}-tc = "tc"
+ALTERNATIVE_LINK_NAME[tc] = "${base_sbindir}/tc"
+ALTERNATIVE_PRIORITY_${PN}-tc = "100"
diff --git a/external/poky/meta/recipes-connectivity/iproute2/iproute2/0001-ip-Remove-unneed-header.patch b/external/poky/meta/recipes-connectivity/iproute2/iproute2/0001-ip-Remove-unneed-header.patch
deleted file mode 100644
index a9027c5b..00000000
--- a/external/poky/meta/recipes-connectivity/iproute2/iproute2/0001-ip-Remove-unneed-header.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 02ed10fc5215c4a32e6740b0a0c2439659be6801 Mon Sep 17 00:00:00 2001
-From: Changhyeok Bae <changhyeok.bae@gmail.com>
-Date: Mon, 13 Nov 2017 15:59:35 +0000
-Subject: [PATCH] ip: Remove unneed header
-
-Fix redefinition of struct ethhdr with a suitably patched musl libc
-that suppresses the kernel if_ether.h.
-
-Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
-
-Upstream-Status: Pending [netdev@vger.kernel.org]
----
- ip/iplink_bridge.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c
-index cccdec1..f065b22 100644
---- a/ip/iplink_bridge.c
-+++ b/ip/iplink_bridge.c
-@@ -13,7 +13,6 @@
- #include <stdlib.h>
- #include <string.h>
- #include <netinet/in.h>
--#include <netinet/ether.h>
- #include <linux/if_link.h>
- #include <linux/if_bridge.h>
- #include <net/if.h>
---
-2.7.4
-
diff --git a/external/poky/meta/recipes-connectivity/iproute2/iproute2/configure-cross.patch b/external/poky/meta/recipes-connectivity/iproute2/iproute2/configure-cross.patch
deleted file mode 100644
index 8b75a2ad..00000000
--- a/external/poky/meta/recipes-connectivity/iproute2/iproute2/configure-cross.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 85b0589b4843c03e8e6fd9416d71ea449a73c5c0 Mon Sep 17 00:00:00 2001
-From: Koen Kooi <koen@dominion.thruhere.net>
-Date: Thu, 3 Nov 2011 10:46:16 +0100
-Subject: [PATCH] make configure cross compile safe
-
-According to Kevin Tian:
-Upstream-Status: Pending
-
-Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
-Signed-off-by: Shane Wang <shane.wang@intel.com>
-
-Index: iproute2-4.14.1/configure
-===================================================================
---- iproute2-4.14.1.orig/configure
-+++ iproute2-4.14.1/configure
-@@ -2,6 +2,7 @@
- # This is not an autoconf generated configure
- #
- INCLUDE=${1:-"$PWD/include"}
-+SYSROOT=$1
-
- # Output file which is input to Makefile
- CONFIG=config.mk
-@@ -195,7 +196,7 @@ check_ipt_lib_dir()
- return
- fi
-
-- for dir in /lib /usr/lib /usr/local/lib
-+ for dir in $SYSROOT/lib $SYSROOT/usr/lib $SYSROOT/usr/local/lib
- do
- for file in $dir/{xtables,iptables}/lib*t_*so ; do
- if [ -f $file ]; then
diff --git a/external/poky/meta/recipes-connectivity/iproute2/iproute2_4.19.0.bb b/external/poky/meta/recipes-connectivity/iproute2/iproute2_5.5.0.bb
index 6db4062d..7ad4b8ee 100644
--- a/external/poky/meta/recipes-connectivity/iproute2/iproute2_4.19.0.bb
+++ b/external/poky/meta/recipes-connectivity/iproute2/iproute2_5.5.0.bb
@@ -1,13 +1,11 @@
require iproute2.inc
SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz \
- file://configure-cross.patch \
file://0001-libc-compat.h-add-musl-workaround.patch \
- file://0001-ip-Remove-unneed-header.patch \
"
-SRC_URI[md5sum] = "67eeebacaac4515cab73dfd2fc796af3"
-SRC_URI[sha256sum] = "d9ec5ca1f47d8a85416fa26e7dc1cbf5d067640eb60e90bdc1c7e5bdc6a29984"
+SRC_URI[md5sum] = "ee8e2cdb416d4a8ef39525d39ab7c2d0"
+SRC_URI[sha256sum] = "bac543435cac208a11db44c9cc8e35aa902befef8750594654ee71941c388f7b"
# CFLAGS are computed in Makefile and reference CCOPTS
#
diff --git a/external/poky/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/init b/external/poky/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/init
deleted file mode 100755
index 6f29e9c6..00000000
--- a/external/poky/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/init
+++ /dev/null
@@ -1,78 +0,0 @@
-#! /bin/sh
-### BEGIN INIT INFO
-# Provides: irda
-# Required-Start: $network $remote_fs
-# Required-Stop: $network $remote_fs
-# Default-Start: 2 3 4 5
-# Default-Stop: 0 1 6
-# Short-Description: Infrared port support
-### END INIT INFO
-
-NAME="irattach"
-test -x "$IRDA_DAEMON" || IRDA_DAEMON=/usr/sbin/irattach
-test -z "$IRATTACH_PID" && IRATTACH_PID=/var/run/irattach.pid
-
-# Source function library.
-. /etc/init.d/functions
-
-module_id() {
- awk 'BEGIN { FS=": " } /Hardware/ { print $2 } ' </proc/cpuinfo
-}
-
-if [ ! -f /etc/sysconfig/irda ]; then
- case `module_id` in
- "HP iPAQ H2200" | "HP iPAQ HX4700" | "HTC Universal")
- IRDA=yes
- DEVICE=/dev/ttyS2
- DONGLE=
- DISCOVERY=
- ;;
- *)
- IRDA=yes
- DEVICE=/dev/ttyS1
- DONGLE=
- DISCOVERY=
- ;;
- esac
-else
- . /etc/sysconfig/irda
-fi
-
-# Check that irda is up.
-[ ${IRDA} = "no" ] && exit 0
-
-[ -f /usr/sbin/irattach ] || exit 0
-
-ARGS=
-if [ $DONGLE ]; then
- ARGS="$ARGS -d $DONGLE"
-fi
-if [ "$DISCOVERY" = "yes" ];then
- ARGS="$ARGS -s"
-fi
-
-case "$1" in
- start)
- echo -n "Starting IrDA: $NAME"
- start-stop-daemon --start --quiet --exec "$IRDA_DAEMON" ${DEVICE} ${ARGS} --pidfile "$IRATTACH_PID"
- sleep 1
- [ -f /var/run/irattach.pid ] && echo " done" || echo " fail"
- ;;
- stop)
- echo "Stopping IrDA: $NAME"
- start-stop-daemon --stop --quiet --exec "$IRDA_DAEMON" --pidfile "$IRATTACH_PID"
- ;;
- restart|force-reload)
- $0 stop
- $0 start
- ;;
- status)
- status irattach
- exit $?
- ;;
- *)
- N=/etc/init.d/$NAME
- echo "Usage: $N {start|stop|restart|force-reload|status}" >&2
- exit 1
- ;;
-esac
diff --git a/external/poky/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/ldflags.patch b/external/poky/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/ldflags.patch
deleted file mode 100644
index b246de8f..00000000
--- a/external/poky/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/ldflags.patch
+++ /dev/null
@@ -1,87 +0,0 @@
-Obey LDFLAGS
-
-Signed-off-by: Christopher Larson <chris_larson@mentor.com>
-Upstream-Status: Pending
-
-Index: irda-utils-0.9.18/findchip/Makefile
-===================================================================
---- irda-utils-0.9.18.orig/findchip/Makefile
-+++ irda-utils-0.9.18/findchip/Makefile
-@@ -65,5 +65,5 @@ install: findchip
-
- gfindchip: gfindchip.c
- $(prn_cc)
-- $(ECMD))$(CC) $(CFLAGS) `gtk-config --cflags` $< -o $@ `gtk-config --libs`
-+ $(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) `gtk-config --cflags` $< -o $@ `gtk-config --libs`
-
-Index: irda-utils-0.9.18/irattach/Makefile
-===================================================================
---- irda-utils-0.9.18.orig/irattach/Makefile
-+++ irda-utils-0.9.18/irattach/Makefile
-@@ -49,13 +49,13 @@ all: $(TARGETS)
-
- irattach: irattach.o util.o
- $(prn_cc_o)
-- $(ECMD)$(CC) $(CFLAGS) irattach.o util.o -o $@
-+ $(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) irattach.o util.o -o $@
-
-
-
- dongle_attach: dongle_attach.o
- $(prn_cc_o)
-- $(ECMD)$(CC) $(CFLAGS) dongle_attach.o -o $@
-+ $(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) dongle_attach.o -o $@
-
-
- install: $(TARGETS)
-Index: irda-utils-0.9.18/irdadump/Makefile
-===================================================================
---- irda-utils-0.9.18.orig/irdadump/Makefile
-+++ irda-utils-0.9.18/irdadump/Makefile
-@@ -40,7 +40,7 @@ lib_irdadump.a: $(LIBIRDADUMP_OBJS)
-
- irdadump: $(IRDADUMP_OBJS) $(LIBIRDADUMP_TARGET)
- $(prn_cc_o)
-- $(ECMD)$(CC) $(CFLAGS) `pkg-config --libs glib-2.0` -o $(IRDADUMP_TARGET) $< $(LIBIRDADUMP_TARGET)
-+ $(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) `pkg-config --libs glib-2.0` -o $(IRDADUMP_TARGET) $< $(LIBIRDADUMP_TARGET)
-
-
- .c.o:
-Index: irda-utils-0.9.18/irdaping/Makefile
-===================================================================
---- irda-utils-0.9.18.orig/irdaping/Makefile
-+++ irda-utils-0.9.18/irdaping/Makefile
-@@ -56,7 +56,7 @@ all: $(TARGETS)
-
- irdaping: $(OBJS)
- $(prn_cc_o)
-- $(ECMD)$(CC) $(CFLAGS) $(OBJS) -o $@
-+ $(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) $(OBJS) -o $@
-
-
- .c.o:
-Index: irda-utils-0.9.18/irnetd/Makefile
-===================================================================
---- irda-utils-0.9.18.orig/irnetd/Makefile
-+++ irda-utils-0.9.18/irnetd/Makefile
-@@ -50,7 +50,7 @@ all: $(TARGETS)
-
- irnetd: $(OBJS)
- $(prn_cc_o)
-- $(ECMD)$(CC) $(CFLAGS) $(OBJS) -o $@
-+ $(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) $(OBJS) -o $@
-
-
- install: irnetd
-Index: irda-utils-0.9.18/psion/Makefile
-===================================================================
---- irda-utils-0.9.18.orig/psion/Makefile
-+++ irda-utils-0.9.18/psion/Makefile
-@@ -25,4 +25,4 @@ install: $(PSION_TARGETS)
- CFLAGS += -g -I../include -Wall -Wstrict-prototypes $(RPM_OPT_FLAGS)
- irpsion5:
- $(prn_cc_o)
-- $(ECMD)$(CC) $(CFLAGS) $(PSION_SRC) -o $@
-\ No newline at end of file
-+ $(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) $(PSION_SRC) -o $@
-\ No newline at end of file
diff --git a/external/poky/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/musl.patch b/external/poky/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/musl.patch
deleted file mode 100644
index 97eb9750..00000000
--- a/external/poky/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/musl.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-Replace use of <net/if_packet.h> with <linux/if_packet.h>.
-
-kernel headers <linux/if_packet.h> already provides the
-needed definitions, moreover not all libc implementations
-provide if_packet.h e.g. musl
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-Upstream-Status: Pending
-
-Index: irda-utils-0.9.18/irdaping/irdaping.c
-===================================================================
---- irda-utils-0.9.18.orig/irdaping/irdaping.c
-+++ irda-utils-0.9.18/irdaping/irdaping.c
-@@ -33,7 +33,6 @@
- #include <sys/socket.h>
- #include <sys/ioctl.h>
- #include <net/if.h> /* For struct ifreq */
--#include <net/if_packet.h> /* For struct sockaddr_pkt */
- #include <net/if_arp.h> /* For ARPHRD_IRDA */
- #include <netinet/if_ether.h> /* For ETH_P_ALL */
- #include <netinet/in.h> /* For htons */
-@@ -46,6 +45,7 @@
- #include <asm/byteorder.h> /* __cpu_to_le32 and co. */
-
- #include <linux/types.h> /* For __u8 and co. */
-+#include <linux/if_packet.h> /* For struct sockaddr_pkt */
- #include <irda.h>
-
- #ifndef AF_IRDA
diff --git a/external/poky/meta/recipes-connectivity/irda-utils/irda-utils_0.9.18.bb b/external/poky/meta/recipes-connectivity/irda-utils/irda-utils_0.9.18.bb
deleted file mode 100644
index 11b2ee91..00000000
--- a/external/poky/meta/recipes-connectivity/irda-utils/irda-utils_0.9.18.bb
+++ /dev/null
@@ -1,51 +0,0 @@
-SUMMARY = "Common files for IrDA"
-DESCRIPTION = "Provides common files needed to use IrDA. \
-IrDA allows communication over Infrared with other devices \
-such as phones and laptops."
-HOMEPAGE = "http://irda.sourceforge.net/"
-BUGTRACKER = "http://sourceforge.net/p/irda/bugs/"
-SECTION = "base"
-LICENSE = "GPLv2+"
-LIC_FILES_CHKSUM = "file://irdadump/COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \
- file://smcinit/COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3 \
- file://man/COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \
- file://irdadump/irdadump.c;beginline=1;endline=24;md5=d78b9dce3cd78c2220250c9c7a2be178"
-
-SRC_URI = "${SOURCEFORGE_MIRROR}/irda/irda-utils-${PV}.tar.gz \
- file://ldflags.patch \
- file://musl.patch \
- file://init"
-
-SRC_URI[md5sum] = "84dc12aa4c3f61fccb8d8919bf4079bb"
-SRC_URI[sha256sum] = "61980551e46b2eaa9e17ad31cbc1a638074611fc33bff34163d10c7a67a9fdc6"
-
-inherit update-rc.d
-
-EXTRA_OEMAKE = "\
- 'CC=${CC}' \
- 'LD=${LD}' \
- 'CFLAGS=${CFLAGS}' \
- 'LDFLAGS=${LDFLAGS}' \
- 'SYS_INCLUDES=' \
- 'V=1' \
-"
-
-INITSCRIPT_NAME = "irattach"
-INITSCRIPT_PARAMS = "defaults 20"
-
-TARGETS ??= "irattach irdaping"
-do_compile () {
- for t in ${TARGETS}; do
- oe_runmake -C $t
- done
-}
-
-do_install () {
- install -d ${D}${sbindir}
- for t in ${TARGETS}; do
- oe_runmake -C $t ROOT="${D}" install
- done
-
- install -d ${D}${sysconfdir}/init.d
- install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/${INITSCRIPT_NAME}
-}
diff --git a/external/poky/meta/recipes-connectivity/iw/iw/0001-connect-fix-parsing-of-WEP-keys.patch b/external/poky/meta/recipes-connectivity/iw/iw/0001-connect-fix-parsing-of-WEP-keys.patch
deleted file mode 100644
index 8cf8f7ab..00000000
--- a/external/poky/meta/recipes-connectivity/iw/iw/0001-connect-fix-parsing-of-WEP-keys.patch
+++ /dev/null
@@ -1,194 +0,0 @@
-From 2a6be4166fd718be0694fe8a6e3f1013c125dee2 Mon Sep 17 00:00:00 2001
-From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
-Date: Tue, 12 Jun 2018 09:01:56 +0300
-Subject: [PATCH] connect: fix parsing of WEP keys
-
-The introduction of MFP options added a bug that causes a
-segmentation fault when parsing WEP keys.
-Fix that.
-
-Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
-Upstream-Status: Backport
-[https://git.kernel.org/pub/scm/linux/kernel/git/jberg/iw.git/commit/?id=0e39f109c4b8155697a12ef090b59cdb304c8c44]
-Signed-off-by: Liu Haitao <haitao.liu@windriver.com>
----
- ap.c | 2 +-
- connect.c | 7 ++-----
- ibss.c | 2 +-
- iw.h | 3 ++-
- util.c | 36 ++++++++++++++++++------------------
- 5 files changed, 24 insertions(+), 26 deletions(-)
-
-diff --git a/ap.c b/ap.c
-index 4bab5b9..dcce402 100644
---- a/ap.c
-+++ b/ap.c
-@@ -116,7 +116,7 @@ static int handle_start_ap(struct nl80211_state *state,
- argv++;
- argc--;
-
-- return parse_keys(msg, argv, argc);
-+ return parse_keys(msg, &argv, &argc);
- nla_put_failure:
- return -ENOSPC;
- }
-diff --git a/connect.c b/connect.c
-index 339fc73..4a847a1 100644
---- a/connect.c
-+++ b/connect.c
-@@ -54,13 +54,10 @@ static int iw_conn(struct nl80211_state *state,
- argv++;
- argc--;
-
-- ret = parse_keys(msg, argv, argc);
-+ ret = parse_keys(msg, &argv, &argc);
- if (ret)
- return ret;
-
-- argc -= 4;
-- argv += 4;
--
- if (!argc)
- return 0;
-
-@@ -228,7 +225,7 @@ static int iw_auth(struct nl80211_state *state,
- argv++;
- argc--;
-
-- return parse_keys(msg, argv, argc);
-+ return parse_keys(msg, &argv, &argc);
- nla_put_failure:
- return -ENOSPC;
- }
-diff --git a/ibss.c b/ibss.c
-index 84f1e95..d77fc92 100644
---- a/ibss.c
-+++ b/ibss.c
-@@ -115,7 +115,7 @@ static int join_ibss(struct nl80211_state *state,
- argv++;
- argc--;
-
-- return parse_keys(msg, argv, argc);
-+ return parse_keys(msg, &argv, &argc);
- nla_put_failure:
- return -ENOSPC;
- }
-diff --git a/iw.h b/iw.h
-index ee7ca20..8767ed3 100644
---- a/iw.h
-+++ b/iw.h
-@@ -180,7 +180,8 @@ int parse_hex_mask(char *hexmask, unsigned char **result, size_t *result_len,
- unsigned char **mask);
- unsigned char *parse_hex(char *hex, size_t *outlen);
-
--int parse_keys(struct nl_msg *msg, char **argv, int argc);
-+
-+int parse_keys(struct nl_msg *msg, char **argv[], int *argc);
- int parse_freqchan(struct chandef *chandef, bool chan, int argc, char **argv, int *parsed);
- enum nl80211_chan_width str_to_bw(const char *str);
- int put_chandef(struct nl_msg *msg, struct chandef *chandef);
-diff --git a/util.c b/util.c
-index 6e0ddff..122c019 100644
---- a/util.c
-+++ b/util.c
-@@ -417,23 +417,23 @@ static int parse_cipher_suite(const char *cipher_str)
- return -EINVAL;
- }
-
--int parse_keys(struct nl_msg *msg, char **argv, int argc)
-+int parse_keys(struct nl_msg *msg, char **argv[], int *argc)
- {
- struct nlattr *keys;
- int i = 0;
- bool have_default = false;
-- char *arg = *argv;
-+ char *arg = **argv;
- char keybuf[13];
- int pos = 0;
-
-- if (!argc)
-+ if (!*argc)
- return 1;
-
- if (!memcmp(&arg[pos], "psk", 3)) {
- char psk_keybuf[32];
- int cipher_suite, akm_suite;
-
-- if (argc < 4)
-+ if (*argc < 4)
- goto explain;
-
- pos+=3;
-@@ -451,9 +451,9 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)
- NLA_PUT(msg, NL80211_ATTR_PMK, 32, psk_keybuf);
- NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, NL80211_AUTHTYPE_OPEN_SYSTEM);
-
-- argv++;
-- argc--;
-- arg = *argv;
-+ *argv += 1;
-+ *argc -= 1;
-+ arg = **argv;
-
- akm_suite = parse_akm_suite(arg);
- if (akm_suite < 0)
-@@ -461,9 +461,9 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)
-
- NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, akm_suite);
-
-- argv++;
-- argc--;
-- arg = *argv;
-+ *argv += 1;
-+ *argc -= 1;
-+ arg = **argv;
-
- cipher_suite = parse_cipher_suite(arg);
- if (cipher_suite < 0)
-@@ -471,9 +471,9 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)
-
- NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher_suite);
-
-- argv++;
-- argc--;
-- arg = *argv;
-+ *argv += 1;
-+ *argc -= 1;
-+ arg = **argv;
-
- cipher_suite = parse_cipher_suite(arg);
- if (cipher_suite < 0)
-@@ -495,7 +495,7 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)
- struct nlattr *key = nla_nest_start(msg, ++i);
- char *keydata;
-
-- arg = *argv;
-+ arg = **argv;
- pos = 0;
-
- if (!key)
-@@ -537,15 +537,15 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)
-
- NLA_PUT(msg, NL80211_KEY_DATA, keylen, keydata);
-
-- argv++;
-- argc--;
-+ *argv += 1;
-+ *argc -= 1;
-
- /* one key should be TX key */
-- if (!have_default && !argc)
-+ if (!have_default && !*argc)
- NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT);
-
- nla_nest_end(msg, key);
-- } while (argc);
-+ } while (*argc);
-
- nla_nest_end(msg, keys);
-
---
-2.17.1
-
diff --git a/external/poky/meta/recipes-connectivity/iw/iw/separate-objdir.patch b/external/poky/meta/recipes-connectivity/iw/iw/separate-objdir.patch
index 0ea6a527..179fd901 100644
--- a/external/poky/meta/recipes-connectivity/iw/iw/separate-objdir.patch
+++ b/external/poky/meta/recipes-connectivity/iw/iw/separate-objdir.patch
@@ -1,3 +1,6 @@
+From ff9f0a631c99fb6e2677c02bf572a5e69c70f5cf Mon Sep 17 00:00:00 2001
+From: Changhyeok Bae <changhyeok.bae@gmail.com>
+Date: Mon, 27 Jan 2020 22:48:03 +0100
Subject: [PATCH] Support separation of SRCDIR and OBJDIR
Typical use of VPATH to locate the sources.
@@ -7,29 +10,41 @@ Upstream-Status: Pending
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Maxin B. John <maxin.john@intel.com>
---
-diff -Naur iw-4.3-origin/Makefile iw-4.3/Makefile
---- iw-4.3-origin/Makefile 2015-11-20 16:37:58.752077287 +0200
-+++ iw-4.3/Makefile 2015-11-20 16:57:15.510615815 +0200
-@@ -1,5 +1,7 @@
+ Makefile | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 90f2251..714cdb9 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,5 +1,9 @@
MAKEFLAGS += --no-print-directory
--
+
+SRCDIR ?= $(dir $(lastword $(MAKEFILE_LIST)))
+OBJDIR ?= $(PWD)
+VPATH = $(SRCDIR)
++
PREFIX ?= /usr
SBINDIR ?= $(PREFIX)/sbin
MANDIR ?= $(PREFIX)/share/man
-@@ -95,11 +97,11 @@
+@@ -92,7 +96,7 @@ all: $(ALL)
version.c: version.sh $(patsubst %.o,%.c,$(VERSION_OBJS)) nl80211.h iw.h Makefile \
$(wildcard .git/index .git/refs/tags)
@$(NQ) ' GEN ' $@
- $(Q)./version.sh $@
+ $(Q)cd $(SRCDIR) && ./version.sh $(OBJDIR)/$@
- %.o: %.c iw.h nl80211.h
+ nl80211-commands.inc: nl80211.h
+ @$(NQ) ' GEN ' $@
+@@ -100,7 +104,7 @@ nl80211-commands.inc: nl80211.h
+
+ %.o: %.c iw.h nl80211.h nl80211-commands.inc
@$(NQ) ' CC ' $@
-- $(Q)$(CC) $(CFLAGS) -c -o $@ $<
-+ $(Q)$(CC) -I$(SRCDIR) $(CFLAGS) -c -o $@ $<
+- $(Q)$(CC) $(CFLAGS) $(CPPFLAGS) -c -o $@ $<
++ $(Q)$(CC) -I$(SRCDIR) $(CFLAGS) $(CPPFLAGS) -c -o $@ $<
ifeq ($(IW_ANDROID_BUILD),)
iw: $(OBJS)
+--
+2.23.0
+
diff --git a/external/poky/meta/recipes-connectivity/iw/iw_4.14.bb b/external/poky/meta/recipes-connectivity/iw/iw_5.4.bb
index f414a4b1..9f58e497 100644
--- a/external/poky/meta/recipes-connectivity/iw/iw_4.14.bb
+++ b/external/poky/meta/recipes-connectivity/iw/iw_5.4.bb
@@ -4,7 +4,7 @@ wireless devices. It supports almost all new drivers that have been added \
to the kernel recently. "
HOMEPAGE = "http://wireless.kernel.org/en/users/Documentation/iw"
SECTION = "base"
-LICENSE = "BSD"
+LICENSE = "BSD-2-Clause"
LIC_FILES_CHKSUM = "file://COPYING;md5=878618a5c4af25e9b93ef0be1a93f774"
DEPENDS = "libnl"
@@ -12,11 +12,10 @@ DEPENDS = "libnl"
SRC_URI = "http://www.kernel.org/pub/software/network/iw/${BP}.tar.gz \
file://0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch \
file://separate-objdir.patch \
- file://0001-connect-fix-parsing-of-WEP-keys.patch \
"
-SRC_URI[md5sum] = "2067516ca9940fdb8c091ee3250da374"
-SRC_URI[sha256sum] = "a0c3aad6ff52234d03a2522ba2eba570e36abb3e60dc29bf0b1ce88dd725d6d4"
+SRC_URI[md5sum] = "08a4f581a39dc62fa85d3af796d844b6"
+SRC_URI[sha256sum] = "943cd2446a6c7242fded3766d054ab2a214a3514b9a8b7e942fed8fb13c1370c"
inherit pkgconfig
@@ -27,7 +26,6 @@ EXTRA_OEMAKE = "\
'SBINDIR=${sbindir}' \
'MANDIR=${mandir}' \
"
-B = "${WORKDIR}/build"
do_install() {
oe_runmake 'DESTDIR=${D}' install
diff --git a/external/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns/0001-check-for-nss.h.patch b/external/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns/0001-check-for-nss.h.patch
deleted file mode 100644
index f63eb90c..00000000
--- a/external/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns/0001-check-for-nss.h.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From bdf01a581d58eb5340e9238d143dbcac9db5b11c Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Sat, 30 Jan 2016 19:29:45 +0000
-Subject: [PATCH] check for nss.h
-
-nss.h may not available on all libc implementations, e.g. musl does not
-have this header, this patch detects nss.h presence and defines the data
-types that are required if nss.h is missing on platform
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
-Upstream-Status: Pending
-
- configure.ac | 2 +-
- src/nss.c | 11 +++++++++++
- 2 files changed, 12 insertions(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index aa66bc6..ce19b07 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -71,7 +71,7 @@ AC_PROG_LIBTOOL
-
- # Checks for header files.
- AC_HEADER_STDC
--AC_CHECK_HEADERS([arpa/inet.h fcntl.h inttypes.h netdb.h netinet/in.h stdlib.h string.h sys/socket.h sys/time.h unistd.h nss.h sys/ioctl.h])
-+AC_CHECK_HEADERS([arpa/inet.h fcntl.h inttypes.h netdb.h netinet/in.h stdlib.h string.h sys/socket.h sys/time.h unistd.h nss.h sys/ioctl.h nss.h])
-
- # Checks for typedefs, structures, and compiler characteristics.
- AC_C_CONST
-diff --git a/src/nss.c b/src/nss.c
-index e48e315..406733b 100644
---- a/src/nss.c
-+++ b/src/nss.c
-@@ -29,7 +29,18 @@
- #include <assert.h>
- #include <netdb.h>
- #include <sys/socket.h>
-+#ifdef HAVE_NSS_H
- #include <nss.h>
-+#else
-+enum nss_status {
-+ NSS_STATUS_TRYAGAIN = -2,
-+ NSS_STATUS_UNAVAIL,
-+ NSS_STATUS_NOTFOUND,
-+ NSS_STATUS_SUCCESS,
-+ NSS_STATUS_RETURN
-+};
-+#endif
-+
- #include <stdio.h>
- #include <stdlib.h>
-
---
-2.7.0
-
diff --git a/external/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb b/external/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.14.1.bb
index d0eb2768..5e446004 100644
--- a/external/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb
+++ b/external/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.14.1.bb
@@ -1,31 +1,24 @@
SUMMARY = "Name Service Switch module for Multicast DNS (zeroconf) name resolution"
-HOMEPAGE = "http://0pointer.de/lennart/projects/nss-mdns/"
+HOMEPAGE = "https://github.com/lathiat/nss-mdns"
SECTION = "libs"
LICENSE = "LGPLv2.1+"
LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1"
DEPENDS = "avahi"
-PR = "r7"
-SRC_URI = "http://0pointer.de/lennart/projects/nss-mdns/nss-mdns-${PV}.tar.gz \
- file://0001-check-for-nss.h.patch \
+SRC_URI = "git://github.com/lathiat/nss-mdns \
"
-SRC_URI[md5sum] = "03938f17646efbb50aa70ba5f99f51d7"
-SRC_URI[sha256sum] = "1e683c2e7c3921814706d62fbbd3e9cbf493a75fa00255e0e715508d8134fa6d"
+SRCREV = "41c9c5e78f287ed4b41ac438c1873fa71bfa70ae"
-S = "${WORKDIR}/nss-mdns-${PV}"
+S = "${WORKDIR}/git"
-localstatedir = "/"
+inherit autotools pkgconfig
-inherit autotools
+COMPATIBLE_HOST_libc-musl = 'null'
-EXTRA_OECONF = "--libdir=${base_libdir} --disable-lynx --enable-avahi"
-
-# suppress warning, but don't bother with autonamer
-LEAD_SONAME = "libnss_mdns.so"
-DEBIANNAME_${PN} = "libnss-mdns"
+EXTRA_OECONF = "--libdir=${base_libdir}"
RDEPENDS_${PN} = "avahi-daemon"
diff --git a/external/poky/meta/recipes-connectivity/libpcap/libpcap/0001-Fix-compiler_state_t.ai-usage-when-INET6-is-not-defi.patch b/external/poky/meta/recipes-connectivity/libpcap/libpcap/0001-Fix-compiler_state_t.ai-usage-when-INET6-is-not-defi.patch
deleted file mode 100644
index edb6ae56..00000000
--- a/external/poky/meta/recipes-connectivity/libpcap/libpcap/0001-Fix-compiler_state_t.ai-usage-when-INET6-is-not-defi.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 64aa033a061c43fc15c711f2490ae41d23b868c3 Mon Sep 17 00:00:00 2001
-From: Fabio Berton <fabio.berton@ossystems.com.br>
-Date: Thu, 17 Nov 2016 09:44:42 -0200
-Subject: [PATCH 1/2] Fix compiler_state_t.ai usage when INET6 is not defined
-Organization: O.S. Systems Software LTDA.
-
-Fix error:
-
-/
-| ../libpcap-1.8.1/gencode.c: In function 'pcap_compile':
-| ../libpcap-1.8.1/gencode.c:693:8: error: 'compiler_state_t
-| {aka struct _compiler_state}' has no member named 'ai'
-| cstate.ai = NULL;
-\
-
-Upstream-Status: Submitted [1]
-
-[1] https://github.com/the-tcpdump-group/libpcap/pull/541
-
-Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
----
- gencode.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/gencode.c b/gencode.c
-index a887f27..e103c70 100644
---- a/gencode.c
-+++ b/gencode.c
-@@ -690,7 +690,9 @@ pcap_compile(pcap_t *p, struct bpf_program *program,
- }
- initchunks(&cstate);
- cstate.no_optimize = 0;
-+#ifdef INET6
- cstate.ai = NULL;
-+#endif
- cstate.ic.root = NULL;
- cstate.ic.cur_mark = 0;
- cstate.bpf_pcap = p;
---
-2.1.4
-
diff --git a/external/poky/meta/recipes-connectivity/libpcap/libpcap/0002-Add-missing-compiler_state_t-parameter.patch b/external/poky/meta/recipes-connectivity/libpcap/libpcap/0002-Add-missing-compiler_state_t-parameter.patch
deleted file mode 100644
index 032b265f..00000000
--- a/external/poky/meta/recipes-connectivity/libpcap/libpcap/0002-Add-missing-compiler_state_t-parameter.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From 50ec0a088d5924a8305b2d70dcba71b0942dee1a Mon Sep 17 00:00:00 2001
-From: Fabio Berton <fabio.berton@ossystems.com.br>
-Date: Thu, 17 Nov 2016 09:47:29 -0200
-Subject: [PATCH 2/2] Add missing compiler_state_t parameter
-Organization: O.S. Systems Software LTDA.
-
-Fix error:
-
-/
-|../libpcap-1.8.1/gencode.c: In function 'gen_gateway':
-|../libpcap-1.8.1/gencode.c:4914:13: error: 'cstate' undeclared
-| (first use in this function)
-| bpf_error(cstate, "direction applied to 'gateway'");
-\
-
-Upstream-Status: Submitted [1]
-
-[1] https://github.com/the-tcpdump-group/libpcap/pull/541
-
-Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
----
- gencode.c | 15 ++++++++-------
- 1 file changed, 8 insertions(+), 7 deletions(-)
-
-diff --git a/gencode.c b/gencode.c
-index e103c70..f07c0be 100644
---- a/gencode.c
-+++ b/gencode.c
-@@ -523,7 +523,7 @@ static struct block *gen_host6(compiler_state_t *, struct in6_addr *,
- struct in6_addr *, int, int, int);
- #endif
- #ifndef INET6
--static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
-+static struct block *gen_gateway(compiler_state_t *, const u_char *, bpf_u_int32 **, int, int);
- #endif
- static struct block *gen_ipfrag(compiler_state_t *);
- static struct block *gen_portatom(compiler_state_t *, int, bpf_int32);
-@@ -4904,11 +4904,12 @@ gen_host6(compiler_state_t *cstate, struct in6_addr *addr,
-
- #ifndef INET6
- static struct block *
--gen_gateway(eaddr, alist, proto, dir)
-- const u_char *eaddr;
-- bpf_u_int32 **alist;
-- int proto;
-- int dir;
-+gen_gateway(cstate, eaddr, alist, proto, dir)
-+ compiler_state_t *cstate;
-+ const u_char *eaddr;
-+ bpf_u_int32 **alist;
-+ int proto;
-+ int dir;
- {
- struct block *b0, *b1, *tmp;
-
-@@ -6472,7 +6473,7 @@ gen_scode(compiler_state_t *cstate, const char *name, struct qual q)
- alist = pcap_nametoaddr(name);
- if (alist == NULL || *alist == NULL)
- bpf_error(cstate, "unknown host '%s'", name);
-- b = gen_gateway(eaddr, alist, proto, dir);
-+ b = gen_gateway(cstate, eaddr, alist, proto, dir);
- free(eaddr);
- return b;
- #else
---
-2.1.4
-
diff --git a/external/poky/meta/recipes-connectivity/libpcap/libpcap/disable-remote.patch b/external/poky/meta/recipes-connectivity/libpcap/libpcap/disable-remote.patch
deleted file mode 100644
index 7e1eea6b..00000000
--- a/external/poky/meta/recipes-connectivity/libpcap/libpcap/disable-remote.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Disable bits of remote capture support inherited from the WinPCAP merge
-which cause applications to FTBFS if they define HAVE_REMOTE.
-
-Patch from:
-https://anonscm.debian.org/cgit/users/rfrancoise/libpcap.git/commit/?
-id=f35949969269dfdcc3549b12fade604755e1e326
-
-Upstream-Status: Pending
-
---- a/pcap/pcap.h
-+++ b/pcap/pcap.h
-@@ -506,6 +506,11 @@
- #define MODE_STAT 1
- #define MODE_MON 2
-
-+#ifdef HAVE_REMOTE
-+ /* Includes most of the public stuff that is needed for the remote capture */
-+ #include <remote-ext.h>
-+#endif /* HAVE_REMOTE */
-+
- #elif defined(MSDOS)
-
- /*
-@@ -526,11 +531,6 @@
-
- #endif /* _WIN32/MSDOS/UN*X */
-
--#ifdef HAVE_REMOTE
-- /* Includes most of the public stuff that is needed for the remote capture */
-- #include <remote-ext.h>
--#endif /* HAVE_REMOTE */
--
- #ifdef __cplusplus
- }
- #endif
-
diff --git a/external/poky/meta/recipes-connectivity/libpcap/libpcap/fix-grammar-deps.patch b/external/poky/meta/recipes-connectivity/libpcap/libpcap/fix-grammar-deps.patch
deleted file mode 100644
index f40e655c..00000000
--- a/external/poky/meta/recipes-connectivity/libpcap/libpcap/fix-grammar-deps.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-Fix a missing dependency that can result in:
-
-../libpcap-1.8.1/grammar.y:78:10: fatal error: scanner.h: No such file or directory
-
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 0dd90a6bdbce4dca14106859eee63ef643a106e2 Mon Sep 17 00:00:00 2001
-From: Alfredo Alvarez Fernandez <alfredoalvarezernandez@gmail.com>
-Date: Tue, 21 Feb 2017 11:41:43 +0100
-Subject: [PATCH] Makefile.in: Fix missing dependency
-
----
- Makefile.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Makefile.in b/Makefile.in
-index 7044f043..f5d443ae 100644
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -465,7 +465,7 @@ grammar.h: grammar.c
- $(MAKE) $(MAKEFLAGS) grammar.c; \
- fi
-
--grammar.o: grammar.c
-+grammar.o: grammar.c scanner.h
- $(CC) $(FULL_CFLAGS) -c grammar.c
-
- gencode.o: $(srcdir)/gencode.c grammar.h scanner.h
diff --git a/external/poky/meta/recipes-connectivity/libpcap/libpcap/libpcap-pkgconfig-support.patch b/external/poky/meta/recipes-connectivity/libpcap/libpcap/libpcap-pkgconfig-support.patch
deleted file mode 100644
index afaa3bea..00000000
--- a/external/poky/meta/recipes-connectivity/libpcap/libpcap/libpcap-pkgconfig-support.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From 2796129af52901dd68595e5e88a639308541def9 Mon Sep 17 00:00:00 2001
-From: Fabio Berton <fabio.berton@ossystems.com.br>
-Date: Thu, 3 Nov 2016 17:56:29 -0200
-Subject: [PATCH] libpcap: pkgconfig support
-Organization: O.S. Systems Software LTDA.
-
-Adding basic structure to support pkg-config.
-
-Upstream-Status: Inappropriate [embedded specific]
-
-Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
-Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
----
- Makefile.in | 5 +++++
- configure.ac | 1 +
- libpcap.pc.in | 10 ++++++++++
- 3 files changed, 16 insertions(+)
- create mode 100644 libpcap.pc.in
-
-diff --git a/Makefile.in b/Makefile.in
-index e71d973..d7004ed 100644
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -61,6 +61,10 @@ V_RPATH_OPT = @V_RPATH_OPT@
- DEPENDENCY_CFLAG = @DEPENDENCY_CFLAG@
- PROG=libpcap
-
-+# pkgconfig support
-+pkgconfigdir = $(libdir)/pkgconfig
-+pkgconfig_DATA = libpcap.pc
-+
- # Standard CFLAGS
- FULL_CFLAGS = $(CCOPT) $(INCLS) $(DEFS) $(CFLAGS)
-
-@@ -286,6 +290,7 @@ EXTRA_DIST = \
- lbl/os-solaris2.h \
- lbl/os-sunos4.h \
- lbl/os-ultrix4.h \
-+ libpcap.pc \
- missing/getopt.c \
- missing/getopt.h \
- missing/snprintf.c \
-diff --git a/configure.ac b/configure.ac
-index da2f940..4fc67bf 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -1805,6 +1805,7 @@ fi
- AC_PROG_INSTALL
-
- AC_CONFIG_HEADER(config.h)
-+AC_CONFIG_FILES([libpcap.pc])
-
- AC_OUTPUT_COMMANDS([if test -f .devel; then
- echo timestamp > stamp-h
-diff --git a/libpcap.pc.in b/libpcap.pc.in
-new file mode 100644
-index 0000000..4f78ad8
---- /dev/null
-+++ b/libpcap.pc.in
-@@ -0,0 +1,10 @@
-+prefix=@prefix@
-+exec_prefix=@exec_prefix@
-+libdir=@libdir@
-+includedir=@includedir@
-+
-+Name: libpcap
-+Description: System-independent interface for user-level packet capture.
-+Version: @VERSION@
-+Libs: -L${libdir} -lpcap
-+Cflags: -I${includedir}
---
-2.1.4
-
diff --git a/external/poky/meta/recipes-connectivity/libpcap/libpcap_1.8.1.bb b/external/poky/meta/recipes-connectivity/libpcap/libpcap_1.8.1.bb
deleted file mode 100644
index 13dfbd67..00000000
--- a/external/poky/meta/recipes-connectivity/libpcap/libpcap_1.8.1.bb
+++ /dev/null
@@ -1,31 +0,0 @@
-require libpcap.inc
-
-SRC_URI += " \
- file://libpcap-pkgconfig-support.patch \
- file://0001-Fix-compiler_state_t.ai-usage-when-INET6-is-not-defi.patch \
- file://0002-Add-missing-compiler_state_t-parameter.patch \
- file://disable-remote.patch \
- file://fix-grammar-deps.patch \
-"
-
-SRC_URI[md5sum] = "3d48f9cd171ff12b0efd9134b52f1447"
-SRC_URI[sha256sum] = "673dbc69fdc3f5a86fb5759ab19899039a8e5e6c631749e48dcd9c6f0c83541e"
-
-#
-# make install doesn't cover the shared lib
-# make install-shared is just broken (no symlinks)
-#
-
-do_configure_prepend () {
- #remove hardcoded references to /usr/include
- sed 's|\([ "^'\''I]\+\)/usr/include/|\1${STAGING_INCDIR}/|g' -i ${S}/configure.ac
-}
-
-do_install_prepend () {
- install -d ${D}${libdir}
- install -d ${D}${bindir}
- oe_runmake install-shared DESTDIR=${D}
- oe_libinstall -a -so libpcap ${D}${libdir}
- sed "s|@VERSION@|${PV}|" -i ${B}/libpcap.pc
- install -D -m 0644 libpcap.pc ${D}${libdir}/pkgconfig/libpcap.pc
-}
diff --git a/external/poky/meta/recipes-connectivity/libpcap/libpcap.inc b/external/poky/meta/recipes-connectivity/libpcap/libpcap_1.9.1.bb
index e57ea87b..35bb5650 100644
--- a/external/poky/meta/recipes-connectivity/libpcap/libpcap.inc
+++ b/external/poky/meta/recipes-connectivity/libpcap/libpcap_1.9.1.bb
@@ -5,38 +5,40 @@ security monitoring and network debugging."
HOMEPAGE = "http://www.tcpdump.org/"
BUGTRACKER = "http://sourceforge.net/tracker/?group_id=53067&atid=469577"
SECTION = "libs/network"
-LICENSE = "BSD"
+LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=5eb289217c160e2920d2e35bddc36453 \
file://pcap.h;beginline=1;endline=32;md5=39af3510e011f34b8872f120b1dc31d2"
DEPENDS = "flex-native bison-native"
-INC_PR = "r5"
+SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz \
+ "
+SRC_URI[md5sum] = "21af603d9a591c7d96a6457021d84e6c"
+SRC_URI[sha256sum] = "635237637c5b619bcceba91900666b64d56ecb7be63f298f601ec786ce087094"
-SRC_URI = "http://www.tcpdump.org/release/${BP}.tar.gz"
+inherit autotools binconfig-disabled pkgconfig
BINCONFIG = "${bindir}/pcap-config"
-inherit autotools binconfig-disabled pkgconfig bluetooth
-
-EXTRA_OECONF = "--with-pcap=linux"
+# Explicitly disable dag support. We don't have recipe for it and if enabled here,
+# configure script poisons the include dirs with /usr/local/include even when the
+# support hasn't been detected.
+EXTRA_OECONF = " \
+ --with-pcap=linux \
+ --without-dag \
+ "
EXTRA_AUTORECONF += "--exclude=aclocal"
-PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', '${BLUEZ}', '', d)} \
+PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez5', '', d)} \
${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \
"
-PACKAGECONFIG[bluez4] = "--enable-bluetooth,--disable-bluetooth,bluez4"
-# Add a dummy PACKAGECONFIG for bluez5 since it is not supported by libpcap.
-PACKAGECONFIG[bluez5] = ",,"
+PACKAGECONFIG[bluez5] = "--enable-bluetooth,--disable-bluetooth,bluez5"
PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus"
PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
PACKAGECONFIG[libnl] = "--with-libnl,--without-libnl,libnl"
-CPPFLAGS_prepend = "-I${S} "
-CFLAGS_prepend = "-I${S} "
-CXXFLAGS_prepend = "-I${S} "
-
do_configure_prepend () {
- sed -i -e's,^V_RPATH_OPT=.*$,V_RPATH_OPT=,' ${S}/pcap-config.in
+ #remove hardcoded references to /usr/include
+ sed 's|\([ "^'\''I]\+\)/usr/include/|\1${STAGING_INCDIR}/|g' -i ${S}/configure.ac
}
BBCLASSEXTEND = "native"
diff --git a/external/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info/multilibfix.patch b/external/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info/multilibfix.patch
deleted file mode 100644
index 7e97e8ec..00000000
--- a/external/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info/multilibfix.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-The mobile-broadband-provider-info.pc file is installed into a non-arch directory
-yet contains libdir which can vary depending on which multilib is configured.
-The .pc file does not require libdir so remove this to fix multilib builds.
-
-Upstream-Status: Backport [8109fcd3c7299fae859fb891ff416927581a9955]
-Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
-
-Index: git/mobile-broadband-provider-info.pc.in
-===================================================================
---- git.orig/mobile-broadband-provider-info.pc.in 2018-08-07 13:09:31.811364063 +0800
-+++ git/mobile-broadband-provider-info.pc.in 2018-08-10 17:49:25.645288320 +0800
-@@ -1,6 +1,5 @@
- prefix=@prefix@
- exec_prefix=@exec_prefix@
--libdir=@libdir@
- datarootdir = @datarootdir@
- pkgdatadir=${datarootdir}/@PACKAGE@
- includedir=@includedir@
diff --git a/external/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/external/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
index 7f1dd78c..0b0bbab1 100644
--- a/external/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
+++ b/external/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
@@ -3,13 +3,13 @@ HOMEPAGE = "http://live.gnome.org/NetworkManager/MobileBroadband/ServiceProvider
SECTION = "network"
LICENSE = "PD"
LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04"
-SRCREV = "befcbbc9867e742ac16415660b0b7521218a530c"
-PV = "20170310"
+SRCREV = "22b49d86fb7aded2c195a9d49e5924da696b3228"
+PV = "20190618"
PE = "1"
-SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https \
- file://multilibfix.patch \
-"
+SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https"
S = "${WORKDIR}/git"
inherit autotools
+
+DEPENDS += "libxslt-native"
diff --git a/external/poky/meta/recipes-connectivity/neard/neard_0.16.bb b/external/poky/meta/recipes-connectivity/neard/neard_0.16.bb
index cc6af4e1..7c124a3c 100644
--- a/external/poky/meta/recipes-connectivity/neard/neard_0.16.bb
+++ b/external/poky/meta/recipes-connectivity/neard/neard_0.16.bb
@@ -18,7 +18,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \
file://src/near.h;beginline=1;endline=20;md5=358e4deefef251a4761e1ffacc965d13 \
"
-inherit autotools pkgconfig systemd update-rc.d bluetooth
+inherit autotools pkgconfig systemd update-rc.d
PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
@@ -40,7 +40,7 @@ RDEPENDS_${PN} = "dbus"
# Bluez & Wifi are not mandatory except for handover
RRECOMMENDS_${PN} = "\
- ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', '${BLUEZ}', '', d)} \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez5', '', d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'wifi','wpa-supplicant', '', d)} \
"
diff --git a/external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch b/external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch
new file mode 100644
index 00000000..bd350144
--- /dev/null
+++ b/external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch
@@ -0,0 +1,299 @@
+From 690a90a5b7786e40b5447ad7c5f19a7657d27405 Mon Sep 17 00:00:00 2001
+From: Mingli Yu <Mingli.Yu@windriver.com>
+Date: Fri, 14 Dec 2018 17:44:32 +0800
+Subject: [PATCH] Makefile.am: fix undefined function for libnsm.a
+
+The source file of libnsm.a uses some function
+in ../support/misc/file.c, add ../support/misc/file.c
+to libnsm_a_SOURCES to fix build error when run
+"make -C tests statdb_dump":
+| ../support/nsm/libnsm.a(file.o): In function `nsm_make_pathname':
+| /usr/src/debug/nfs-utils/2.3.3-r0/nfs-utils-2.3.3/support/nsm/file.c:175: undefined reference to `generic_make_pathname'
+| /usr/src/debug/nfs-utils/2.3.3-r0/nfs-utils-2.3.3/support/nsm/file.c:175: undefined reference to `generic_make_pathname'
+| /usr/src/debug/nfs-utils/2.3.3-r0/nfs-utils-2.3.3/support/nsm/file.c:175: undefined reference to `generic_make_pathname'
+| ../support/nsm/libnsm.a(file.o): In function `nsm_setup_pathnames':
+| /usr/src/debug/nfs-utils/2.3.3-r0/nfs-utils-2.3.3/support/nsm/file.c:280: undefined reference to `generic_setup_basedir'
+| collect2: error: ld returned 1 exit status
+
+As there is already one source file named file.c
+as support/nsm/file.c in support/nsm/Makefile.am,
+so rename ../support/misc/file.c to ../support/misc/misc.c.
+
+Upstream-Status: Submitted[https://marc.info/?l=linux-nfs&m=154502780423058&w=2]
+
+Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
+
+Rebase it.
+
+Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
+---
+ support/misc/Makefile.am | 2 +-
+ support/misc/file.c | 115 ---------------------------------------------------------------------------------------------------------------
+ support/misc/misc.c | 111 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ support/nsm/Makefile.am | 2 +-
+ 4 files changed, 113 insertions(+), 117 deletions(-)
+
+diff --git a/support/misc/Makefile.am b/support/misc/Makefile.am
+index f9993e3..8b0e9db 100644
+--- a/support/misc/Makefile.am
++++ b/support/misc/Makefile.am
+@@ -1,7 +1,7 @@
+ ## Process this file with automake to produce Makefile.in
+
+ noinst_LIBRARIES = libmisc.a
+-libmisc_a_SOURCES = tcpwrapper.c from_local.c mountpoint.c file.c \
++libmisc_a_SOURCES = tcpwrapper.c from_local.c mountpoint.c misc.c \
+ nfsd_path.c workqueue.c xstat.c
+
+ MAINTAINERCLEANFILES = Makefile.in
+diff --git a/support/misc/file.c b/support/misc/file.c
+deleted file mode 100644
+index 06f6bb2..0000000
+--- a/support/misc/file.c
++++ /dev/null
+@@ -1,115 +0,0 @@
+-/*
+- * Copyright 2009 Oracle. All rights reserved.
+- * Copyright 2017 Red Hat, Inc. All rights reserved.
+- *
+- * This file is part of nfs-utils.
+- *
+- * nfs-utils is free software; you can redistribute it and/or modify
+- * it under the terms of the GNU General Public License as published by
+- * the Free Software Foundation; either version 2 of the License, or
+- * (at your option) any later version.
+- *
+- * nfs-utils is distributed in the hope that it will be useful,
+- * but WITHOUT ANY WARRANTY; without even the implied warranty of
+- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+- * GNU General Public License for more details.
+- *
+- * You should have received a copy of the GNU General Public License
+- * along with nfs-utils. If not, see <http://www.gnu.org/licenses/>.
+- */
+-
+-#ifdef HAVE_CONFIG_H
+-#include <config.h>
+-#endif
+-
+-#include <sys/stat.h>
+-
+-#include <string.h>
+-#include <libgen.h>
+-#include <stdio.h>
+-#include <errno.h>
+-#include <dirent.h>
+-#include <stdlib.h>
+-#include <stdbool.h>
+-#include <limits.h>
+-
+-#include "xlog.h"
+-#include "misc.h"
+-
+-/*
+- * Returns a dynamically allocated, '\0'-terminated buffer
+- * containing an appropriate pathname, or NULL if an error
+- * occurs. Caller must free the returned result with free(3).
+- */
+-__attribute__((__malloc__))
+-char *
+-generic_make_pathname(const char *base, const char *leaf)
+-{
+- size_t size;
+- char *path;
+- int len;
+-
+- size = strlen(base) + strlen(leaf) + 2;
+- if (size > PATH_MAX)
+- return NULL;
+-
+- path = malloc(size);
+- if (path == NULL)
+- return NULL;
+-
+- len = snprintf(path, size, "%s/%s", base, leaf);
+- if ((len < 0) || ((size_t)len >= size)) {
+- free(path);
+- return NULL;
+- }
+-
+- return path;
+-}
+-
+-
+-/**
+- * generic_setup_basedir - set up basedir
+- * @progname: C string containing name of program, for error messages
+- * @parentdir: C string containing pathname to on-disk state, or NULL
+- * @base: character buffer to contain the basedir that is set up
+- * @baselen: size of @base in bytes
+- *
+- * This runs before logging is set up, so error messages are directed
+- * to stderr.
+- *
+- * Returns true and sets up our basedir, if @parentdir was valid
+- * and usable; otherwise false is returned.
+- */
+-_Bool
+-generic_setup_basedir(const char *progname, const char *parentdir, char *base,
+- const size_t baselen)
+-{
+- static char buf[PATH_MAX];
+- struct stat st;
+- char *path;
+-
+- /* First: test length of name and whether it exists */
+- if ((strlen(parentdir) >= baselen) || (strlen(parentdir) >= PATH_MAX)) {
+- (void)fprintf(stderr, "%s: Directory name too long: %s",
+- progname, parentdir);
+- return false;
+- }
+- if (lstat(parentdir, &st) == -1) {
+- (void)fprintf(stderr, "%s: Failed to stat %s: %s",
+- progname, parentdir, strerror(errno));
+- return false;
+- }
+-
+- /* Ensure we have a clean directory pathname */
+- strncpy(buf, parentdir, sizeof(buf)-1);
+- path = dirname(buf);
+- if (*path == '.') {
+- (void)fprintf(stderr, "%s: Unusable directory %s",
+- progname, parentdir);
+- return false;
+- }
+-
+- xlog(D_CALL, "Using %s as the state directory", parentdir);
+- strcpy(base, parentdir);
+- return true;
+-}
+diff --git a/support/misc/misc.c b/support/misc/misc.c
+new file mode 100644
+index 0000000..e7c3819
+--- /dev/null
++++ b/support/misc/misc.c
+@@ -0,0 +1,111 @@
++/*
++ * Copyright 2009 Oracle. All rights reserved.
++ * Copyright 2017 Red Hat, Inc. All rights reserved.
++ *
++ * This file is part of nfs-utils.
++ *
++ * nfs-utils is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 2 of the License, or
++ * (at your option) any later version.
++ *
++ * nfs-utils is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with nfs-utils. If not, see <http://www.gnu.org/licenses/>.
++ */
++
++#include <sys/stat.h>
++
++#include <string.h>
++#include <libgen.h>
++#include <stdio.h>
++#include <errno.h>
++#include <dirent.h>
++#include <stdlib.h>
++#include <stdbool.h>
++#include <limits.h>
++
++#include "xlog.h"
++#include "misc.h"
++
++/*
++ * Returns a dynamically allocated, '\0'-terminated buffer
++ * containing an appropriate pathname, or NULL if an error
++ * occurs. Caller must free the returned result with free(3).
++ */
++__attribute__((__malloc__))
++char *
++generic_make_pathname(const char *base, const char *leaf)
++{
++ size_t size;
++ char *path;
++ int len;
++
++ size = strlen(base) + strlen(leaf) + 2;
++ if (size > PATH_MAX)
++ return NULL;
++
++ path = malloc(size);
++ if (path == NULL)
++ return NULL;
++
++ len = snprintf(path, size, "%s/%s", base, leaf);
++ if ((len < 0) || ((size_t)len >= size)) {
++ free(path);
++ return NULL;
++ }
++
++ return path;
++}
++
++
++/**
++ * generic_setup_basedir - set up basedir
++ * @progname: C string containing name of program, for error messages
++ * @parentdir: C string containing pathname to on-disk state, or NULL
++ * @base: character buffer to contain the basedir that is set up
++ * @baselen: size of @base in bytes
++ *
++ * This runs before logging is set up, so error messages are directed
++ * to stderr.
++ *
++ * Returns true and sets up our basedir, if @parentdir was valid
++ * and usable; otherwise false is returned.
++ */
++_Bool
++generic_setup_basedir(const char *progname, const char *parentdir, char *base,
++ const size_t baselen)
++{
++ static char buf[PATH_MAX];
++ struct stat st;
++ char *path;
++
++ /* First: test length of name and whether it exists */
++ if ((strlen(parentdir) >= baselen) || (strlen(parentdir) >= PATH_MAX)) {
++ (void)fprintf(stderr, "%s: Directory name too long: %s",
++ progname, parentdir);
++ return false;
++ }
++ if (lstat(parentdir, &st) == -1) {
++ (void)fprintf(stderr, "%s: Failed to stat %s: %s",
++ progname, parentdir, strerror(errno));
++ return false;
++ }
++
++ /* Ensure we have a clean directory pathname */
++ strncpy(buf, parentdir, sizeof(buf)-1);
++ path = dirname(buf);
++ if (*path == '.') {
++ (void)fprintf(stderr, "%s: Unusable directory %s",
++ progname, parentdir);
++ return false;
++ }
++
++ xlog(D_CALL, "Using %s as the state directory", parentdir);
++ strcpy(base, parentdir);
++ return true;
++}
+diff --git a/support/nsm/Makefile.am b/support/nsm/Makefile.am
+index 8f5874e..68f1a46 100644
+--- a/support/nsm/Makefile.am
++++ b/support/nsm/Makefile.am
+@@ -10,7 +10,7 @@ GENFILES = $(GENFILES_CLNT) $(GENFILES_SVC) $(GENFILES_XDR) $(GENFILES_H)
+ EXTRA_DIST = sm_inter.x
+
+ noinst_LIBRARIES = libnsm.a
+-libnsm_a_SOURCES = $(GENFILES) file.c rpc.c
++libnsm_a_SOURCES = $(GENFILES) ../misc/misc.c file.c rpc.c
+
+ BUILT_SOURCES = $(GENFILES)
+
diff --git a/external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-cacheio-use-intmax_t-for-formatted-IO.patch b/external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-cacheio-use-intmax_t-for-formatted-IO.patch
new file mode 100644
index 00000000..bafff5b9
--- /dev/null
+++ b/external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-cacheio-use-intmax_t-for-formatted-IO.patch
@@ -0,0 +1,38 @@
+From ac32b813f5d6f9a2de944015cf9bb98d68e0203a Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sat, 1 Dec 2018 10:02:12 -0800
+Subject: [PATCH] cacheio: use intmax_t for formatted IO
+
+time_t is not same size on x32 ABI (ILP32)
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ support/nfs/cacheio.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/support/nfs/cacheio.c b/support/nfs/cacheio.c
+index 9dc4cf1..2086a95 100644
+--- a/support/nfs/cacheio.c
++++ b/support/nfs/cacheio.c
+@@ -17,6 +17,7 @@
+
+ #include <nfslib.h>
+ #include <stdio.h>
++#include <inttypes.h>
+ #include <stdio_ext.h>
+ #include <string.h>
+ #include <ctype.h>
+@@ -234,7 +235,7 @@ cache_flush(int force)
+ stb.st_mtime > now)
+ stb.st_mtime = time(0);
+
+- sprintf(stime, "%ld\n", stb.st_mtime);
++ sprintf(stime, "%jd\n", (intmax_t)stb.st_mtime);
+ for (c=0; cachelist[c]; c++) {
+ int fd;
+ sprintf(path, "/proc/net/rpc/%s/flush", cachelist[c]);
+--
+2.19.2
+
diff --git a/external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/bugfix-adjust-statd-service-name.patch b/external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/bugfix-adjust-statd-service-name.patch
index 822939f0..f13d7b38 100644
--- a/external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/bugfix-adjust-statd-service-name.patch
+++ b/external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/bugfix-adjust-statd-service-name.patch
@@ -12,20 +12,28 @@ instead but forgot to update the mount.nfs helper 'start-statd' accordingly.
Upstream-Status: Inappropriate [other]
Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
+
+Rebase it.
+
+Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
- utils/statd/start-statd | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
+ utils/statd/start-statd | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
-Index: nfs-utils-2.1.1/utils/statd/start-statd
-===================================================================
---- nfs-utils-2.1.1.orig/utils/statd/start-statd
-+++ nfs-utils-2.1.1/utils/statd/start-statd
-@@ -28,7 +28,7 @@ fi
+diff --git a/utils/statd/start-statd b/utils/statd/start-statd
+index af5c950..df9b9be 100755
+--- a/utils/statd/start-statd
++++ b/utils/statd/start-statd
+@@ -28,10 +28,10 @@ fi
# First try systemd if it's installed.
if [ -d /run/systemd/system ]; then
# Quit only if the call worked.
-- systemctl start rpc-statd.service && exit
-+ systemctl start nfs-statd.service && exit
+- if systemctl start rpc-statd.service; then
++ if systemctl start nfs-statd.service; then
+ # Ensure systemd knows not to stop rpc.statd or its dependencies
+ # on 'systemctl isolate ..'
+- systemctl add-wants --runtime remote-fs.target rpc-statd.service
++ systemctl add-wants --runtime remote-fs.target nfs-statd.service
+ exit 0
+ fi
fi
-
- cd /
diff --git a/external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-warnings.patch b/external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-warnings.patch
new file mode 100644
index 00000000..20400fef
--- /dev/null
+++ b/external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-warnings.patch
@@ -0,0 +1,61 @@
+Detect warning options during configure
+
+Certain options maybe compiler specific therefore its better
+to detect them before use.
+
+nfs_error copies the format string and appends newline to it
+but compiler can forget that it was format string since its not
+same fmt string that was passed. Ignore the warning
+
+Wdiscarded-qualifiers is gcc specific and this is no longer needed
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -599,7 +599,6 @@ my_am_cflags="\
+ -Werror=parentheses \
+ -Werror=aggregate-return \
+ -Werror=unused-result \
+- -Wno-cast-function-type \
+ -fno-strict-aliasing \
+ "
+
+@@ -619,9 +618,10 @@ CHECK_CCSUPPORT([-Werror=format-overflow
+ CHECK_CCSUPPORT([-Werror=int-conversion], [flg2])
+ CHECK_CCSUPPORT([-Werror=incompatible-pointer-types], [flg3])
+ CHECK_CCSUPPORT([-Werror=misleading-indentation], [flg4])
++CHECK_CCSUPPORT([-Wno-cast-function-type], [flg5])
+ AX_GCC_FUNC_ATTRIBUTE([format])
+
+-AC_SUBST([AM_CFLAGS], ["$my_am_cflags $flg1 $flg2 $flg3 $flg4"])
++AC_SUBST([AM_CFLAGS], ["$my_am_cflags $flg1 $flg2 $flg3 $flg4 $flg5"])
+
+ # Make sure that $ACLOCAL_FLAGS are used during a rebuild
+ AC_SUBST([ACLOCAL_AMFLAGS], ["-I $ac_macro_dir \$(ACLOCAL_FLAGS)"])
+--- a/support/nfs/xcommon.c
++++ b/support/nfs/xcommon.c
+@@ -98,7 +98,10 @@ nfs_error (const char *fmt, ...) {
+
+ fmt2 = xstrconcat2 (fmt, "\n");
+ va_start (args, fmt);
++#pragma GCC diagnostic push
++#pragma GCC diagnostic ignored "-Wformat-nonliteral"
+ vfprintf (stderr, fmt2, args);
++#pragma GCC diagnostic pop
+ va_end (args);
+ free (fmt2);
+ }
+--- a/utils/mount/stropts.c
++++ b/utils/mount/stropts.c
+@@ -1094,9 +1094,7 @@ static int nfsmount_fg(struct nfsmount_i
+ if (nfs_try_mount(mi))
+ return EX_SUCCESS;
+
+-#pragma GCC diagnostic ignored "-Wdiscarded-qualifiers"
+ if (errno == EBUSY && is_mountpoint(mi->node)) {
+-#pragma GCC diagnostic warning "-Wdiscarded-qualifiers"
+ /*
+ * EBUSY can happen when mounting a filesystem that
+ * is already mounted or when the context= are
diff --git a/external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service b/external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service
index 27ea58d3..c01415de 100644
--- a/external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service
+++ b/external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service
@@ -1,6 +1,7 @@
[Unit]
Description=NFS Mount Daemon
DefaultDependencies=no
+After=rpcbind.socket
Requires=proc-fs-nfsd.mount
After=proc-fs-nfsd.mount
After=network.target local-fs.target
@@ -10,6 +11,7 @@ ConditionPathExists=@SYSCONFDIR@/exports
[Service]
EnvironmentFile=-@SYSCONFDIR@/nfs-utils.conf
ExecStart=@SBINDIR@/rpc.mountd -F $MOUNTD_OPTS
+LimitNOFILE=@HIGH_RLIMIT_NOFILE@
[Install]
WantedBy=multi-user.target
diff --git a/external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service b/external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service
index 6e196b8c..4fa64e19 100644
--- a/external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service
+++ b/external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service
@@ -8,6 +8,7 @@ After=network.target nss-lookup.target rpcbind.service
[Service]
EnvironmentFile=-@SYSCONFDIR@/nfs-utils.conf
ExecStart=@SBINDIR@/rpc.statd -F $STATD_OPTS
+LimitNOFILE=@HIGH_RLIMIT_NOFILE@
[Install]
WantedBy=multi-user.target
diff --git a/external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch b/external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch
deleted file mode 100644
index 993f1e5e..00000000
--- a/external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-nfs-utils: Do not pass CFLAGS to gcc while building
-
-Do not pass CFLAGS/LDFLAGS to gcc while building, The needed flags has
-been passed by xxx_CFLAGS=$(CFLAGS_FOR_BUILD).
-
-Upstream-Status: Pending
-
-Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
----
- tools/locktest/Makefile.am | 2 ++
- tools/rpcgen/Makefile.am | 2 ++
- 2 files changed, 4 insertions(+)
-
-diff --git a/tools/locktest/Makefile.am b/tools/locktest/Makefile.am
-index 3156815..1729fd1 100644
---- a/tools/locktest/Makefile.am
-+++ b/tools/locktest/Makefile.am
-@@ -1,6 +1,8 @@
- ## Process this file with automake to produce Makefile.in
-
- CC=$(CC_FOR_BUILD)
-+CFLAGS=
-+LDFLAGS=
- LIBTOOL = @LIBTOOL@ --tag=CC
-
- noinst_PROGRAMS = testlk
-diff --git a/tools/rpcgen/Makefile.am b/tools/rpcgen/Makefile.am
-index 8a9ec89..8bacdaa 100644
---- a/tools/rpcgen/Makefile.am
-+++ b/tools/rpcgen/Makefile.am
-@@ -1,6 +1,8 @@
- ## Process this file with automake to produce Makefile.in
-
- CC=$(CC_FOR_BUILD)
-+CFLAGS=
-+LDFLAGS=
- LIBTOOL = @LIBTOOL@ --tag=CC
-
- noinst_PROGRAMS = rpcgen
---
-1.7.9.5
-
diff --git a/external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-limits.patch b/external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-limits.patch
deleted file mode 100644
index 25ca4151..00000000
--- a/external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-limits.patch
+++ /dev/null
@@ -1,133 +0,0 @@
-Fixed:
-| file.c: In function 'generic_make_pathname':
-| file.c:48:13: error: 'PATH_MAX' undeclared (first use in this function); did you mean 'RAND_MAX'?
-| if (size > PATH_MAX)
-| ^~~~~~~~
-[snip]
-
-Upstream-Status: Pending [https://git.alpinelinux.org/cgit/aports/tree/main/nfs-utils/limits.patch?id=f6734a77d3caee73325f8cc1f77d1b5117a75096]
-
-Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
----
- support/export/export.c | 1 +
- support/export/xtab.c | 1 +
- support/misc/file.c | 1 +
- support/nfs/xcommon.c | 1 +
- support/nsm/file.c | 1 +
- utils/blkmapd/device-discovery.c | 1 +
- utils/gssd/krb5_util.c | 1 +
- utils/mountd/cache.c | 1 +
- utils/mountd/mountd.c | 1 +
- utils/mountd/rmtab.c | 1 +
- 10 files changed, 10 insertions(+)
-
-diff --git a/support/export/export.c b/support/export/export.c
---- a/support/export/export.c
-+++ b/support/export/export.c
-@@ -17,6 +17,7 @@
- #include <stdlib.h>
- #include <dirent.h>
- #include <errno.h>
-+#include <limits.h>
- #include "xmalloc.h"
- #include "nfslib.h"
- #include "exportfs.h"
-diff --git a/support/export/xtab.c b/support/export/xtab.c
---- a/support/export/xtab.c
-+++ b/support/export/xtab.c
-@@ -18,6 +18,7 @@
- #include <sys/stat.h>
- #include <errno.h>
- #include <libgen.h>
-+#include <limits.h>
-
- #include "nfslib.h"
- #include "exportfs.h"
-diff --git a/support/misc/file.c b/support/misc/file.c
---- a/support/misc/file.c
-+++ b/support/misc/file.c
-@@ -27,6 +27,7 @@
- #include <dirent.h>
- #include <stdlib.h>
- #include <stdbool.h>
-+#include <limits.h>
-
- #include "xlog.h"
- #include "misc.h"
-diff --git a/support/nfs/xcommon.c b/support/nfs/xcommon.c
---- a/support/nfs/xcommon.c
-+++ b/support/nfs/xcommon.c
-@@ -16,6 +16,7 @@
- #include <stdio.h>
- #include <stdlib.h>
- #include <string.h>
-+#include <limits.h>
-
- #include "xcommon.h"
- #include "nls.h" /* _() */
-diff --git a/support/nsm/file.c b/support/nsm/file.c
---- a/support/nsm/file.c
-+++ b/support/nsm/file.c
-@@ -85,6 +85,7 @@
- #include <fcntl.h>
- #include <dirent.h>
- #include <grp.h>
-+#include <limits.h>
-
- #include "xlog.h"
- #include "nsm.h"
-diff --git a/utils/blkmapd/device-discovery.c b/utils/blkmapd/device-discovery.c
---- a/utils/blkmapd/device-discovery.c
-+++ b/utils/blkmapd/device-discovery.c
-@@ -49,6 +49,7 @@
- #include <unistd.h>
- #include <libgen.h>
- #include <errno.h>
-+#include <limits.h>
- #include <libdevmapper.h>
-
- #ifdef HAVE_CONFIG_H
-diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
---- a/utils/gssd/krb5_util.c
-+++ b/utils/gssd/krb5_util.c
-@@ -120,6 +120,7 @@
- #endif
- #include <krb5.h>
- #include <rpc/auth_gss.h>
-+#include <limits.h>
-
- #include "gssd.h"
- #include "err_util.h"
-diff --git a/utils/mountd/cache.c b/utils/mountd/cache.c
---- a/utils/mountd/cache.c
-+++ b/utils/mountd/cache.c
-@@ -26,6 +26,7 @@
- #include <pwd.h>
- #include <grp.h>
- #include <mntent.h>
-+#include <limits.h>
- #include "misc.h"
- #include "nfslib.h"
- #include "exportfs.h"
-diff --git a/utils/mountd/mountd.c b/utils/mountd/mountd.c
---- a/utils/mountd/mountd.c
-+++ b/utils/mountd/mountd.c
-@@ -22,6 +22,7 @@
- #include <fcntl.h>
- #include <sys/resource.h>
- #include <sys/wait.h>
-+#include <limits.h>
-
- #include "conffile.h"
- #include "xmalloc.h"
-diff --git a/utils/mountd/rmtab.c b/utils/mountd/rmtab.c
---- a/utils/mountd/rmtab.c
-+++ b/utils/mountd/rmtab.c
-@@ -16,6 +16,7 @@
- #include <netinet/in.h>
- #include <arpa/inet.h>
- #include <netdb.h>
-+#include <limits.h>
-
- #include "misc.h"
- #include "exportfs.h"
diff --git a/external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-res_querydomain.patch b/external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-res_querydomain.patch
deleted file mode 100644
index a169e6a2..00000000
--- a/external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-res_querydomain.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-Fixed:
-configure: error: res_querydomain needed
-
-Upstream-Status: Pending [https://git.alpinelinux.org/cgit/aports/tree/main/nfs-utils/musl-res_querydomain.patch?id=f6734a77d3caee73325f8cc1f77d1b5117a75096]
-
-Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
----
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
---- a/configure.ac
-+++ b/configure.ac
-@@ -401,7 +401,7 @@ if test "$enable_gss" = yes; then
- fi
-
- dnl libdnsidmap specific checks
--AC_CHECK_LIB([resolv], [__res_querydomain], , AC_MSG_ERROR(res_querydomain needed))
-+AC_CHECK_LIB([resolv], [res_querydomain], , AC_MSG_ERROR(res_querydomain needed))
-
- AC_ARG_ENABLE([ldap],
- [AS_HELP_STRING([--disable-ldap],[Disable support for LDAP @<:default=detect@:>@])])
diff --git a/external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver b/external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver
index d5e9c38a..0f5747cc 100644
--- a/external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver
+++ b/external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver
@@ -107,7 +107,7 @@ stop_nfsd(){
#FIXME: need to create the /var/lib/nfs/... directories
case "$1" in
start)
- exportfs -r
+ test -r /etc/exports && exportfs -r
start_nfsd "$NFS_SERVERS"
start_mountd
test -r /etc/exports && exportfs -a;;
diff --git a/external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.3.1.bb b/external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.3.bb
index 6d450c75..9bdb6f4a 100644
--- a/external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.3.1.bb
+++ b/external/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.3.bb
@@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=95f3a93a5c3c7888de623b46ea085a84"
# util-linux for libblkid
DEPENDS = "libcap libevent util-linux sqlite3 libtirpc"
-RDEPENDS_${PN} = "${PN}-client bash"
+RDEPENDS_${PN} = "${PN}-client"
RRECOMMENDS_${PN} = "kernel-module-nfsd"
inherit useradd
@@ -26,16 +26,14 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.x
file://nfs-mountd.service \
file://nfs-statd.service \
file://proc-fs-nfsd.mount \
- file://nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch \
file://nfs-utils-debianize-start-statd.patch \
file://bugfix-adjust-statd-service-name.patch \
- file://nfs-utils-musl-limits.patch \
-"
-
-SRC_URI_append_libc-musl = " file://nfs-utils-musl-res_querydomain.patch"
-
-SRC_URI[md5sum] = "d77b182a9ee396aa6221ac2401ad7046"
-SRC_URI[sha256sum] = "96d06b5a86b185815760d8f04c34fdface8fa8b9949ff256ac05c3ebc08335a5"
+ file://0001-cacheio-use-intmax_t-for-formatted-IO.patch \
+ file://0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch \
+ file://clang-warnings.patch \
+ "
+SRC_URI[md5sum] = "06020c76f531ed97f3145514901e0e7c"
+SRC_URI[sha256sum] = "af65fce5dd8370cff9ead67baac5a6cd69c376dcadfef264dc2c78c904f26599"
# Only kernel-module-nfsd is required here (but can be built-in) - the nfsd module will
# pull in the remainder of the dependencies.
@@ -69,9 +67,9 @@ PACKAGECONFIG_remove_libc-musl = "tcp-wrappers"
PACKAGECONFIG[tcp-wrappers] = "--with-tcp-wrappers,--without-tcp-wrappers,tcp-wrappers"
PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
# libdevmapper is available in meta-oe
-PACKAGECONFIG[nfsv41] = "--enable-nfsv41,--disable-nfsv41,libdevmapper"
-# keyutils is available in meta-security
-PACKAGECONFIG[nfsv4] = "--enable-nfsv4,--disable-nfsv4,keyutils"
+PACKAGECONFIG[nfsv41] = "--enable-nfsv41,--disable-nfsv41,libdevmapper,libdevmapper"
+# keyutils is available in meta-oe
+PACKAGECONFIG[nfsv4] = "--enable-nfsv4,--disable-nfsv4,keyutils,python3-core"
PACKAGES =+ "${PN}-client ${PN}-mount ${PN}-stats"
@@ -96,14 +94,13 @@ FILES_${PN}-mount = "${base_sbindir}/*mount.nfs*"
FILES_${PN}-stats = "${sbindir}/mountstats ${sbindir}/nfsiostat"
RDEPENDS_${PN}-stats = "python3-core"
-FILES_${PN} += "${systemd_unitdir}"
+FILES_${PN}-staticdev += "${libdir}/libnfsidmap/*.a"
+
+FILES_${PN} += "${systemd_unitdir} ${libdir}/libnfsidmap/"
do_configure_prepend() {
sed -i -e 's,sbindir = /sbin,sbindir = ${base_sbindir},g' \
${S}/utils/mount/Makefile.am
-
- sed -i -e 's,sbindir = /sbin,sbindir = ${base_sbindir},g' \
- ${S}/utils/osd_login/Makefile.am
}
# Make clean needed because the package comes with
@@ -112,6 +109,9 @@ do_compile_prepend() {
make clean
}
+# Works on systemd only
+HIGH_RLIMIT_NOFILE ??= "4096"
+
do_install_append () {
install -d ${D}${sysconfdir}/init.d
install -m 0755 ${WORKDIR}/nfsserver ${D}${sysconfdir}/init.d/nfsserver
@@ -126,6 +126,7 @@ do_install_append () {
install -m 0644 ${WORKDIR}/nfs-statd.service ${D}${systemd_unitdir}/system/
sed -i -e 's,@SBINDIR@,${sbindir},g' \
-e 's,@SYSCONFDIR@,${sysconfdir},g' \
+ -e 's,@HIGH_RLIMIT_NOFILE@,${HIGH_RLIMIT_NOFILE},g' \
${D}${systemd_unitdir}/system/*.service
if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
install -m 0644 ${WORKDIR}/proc-fs-nfsd.mount ${D}${systemd_unitdir}/system/
@@ -140,11 +141,6 @@ do_install_append () {
chown -R rpcuser:rpcuser ${D}${localstatedir}/lib/nfs/statd
chmod 0644 ${D}${localstatedir}/lib/nfs/statd/state
- # the following are built by CC_FOR_BUILD
- rm -f ${D}${sbindir}/rpcdebug
- rm -f ${D}${sbindir}/rpcgen
- rm -f ${D}${sbindir}/locktest
-
# Make python tools use python 3
sed -i -e '1s,#!.*python.*,#!${bindir}/python3,' ${D}${sbindir}/mountstats ${D}${sbindir}/nfsiostat
diff --git a/external/poky/meta/recipes-connectivity/ofono/ofono/0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch b/external/poky/meta/recipes-connectivity/ofono/ofono/0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch
new file mode 100644
index 00000000..8a5a300a
--- /dev/null
+++ b/external/poky/meta/recipes-connectivity/ofono/ofono/0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch
@@ -0,0 +1,36 @@
+From 22b52db4842611ac31a356f023fc09595384e2ad Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Thu, 23 May 2019 18:11:22 -0700
+Subject: [PATCH] mbim: add an optional TEMP_FAILURE_RETRY macro copy
+
+Fixes build on musl which does not provide this macro
+
+Upstream-Status: Submitted [https://lists.ofono.org/pipermail/ofono/2019-May/019370.html]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ drivers/mbimmodem/mbim-private.h | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/drivers/mbimmodem/mbim-private.h b/drivers/mbimmodem/mbim-private.h
+index e159235..51693ea 100644
+--- a/drivers/mbimmodem/mbim-private.h
++++ b/drivers/mbimmodem/mbim-private.h
+@@ -21,6 +21,15 @@
+
+ #define align_len(len, boundary) (((len)+(boundary)-1) & ~((boundary)-1))
+
++#ifndef TEMP_FAILURE_RETRY
++#define TEMP_FAILURE_RETRY(expression) ({ \
++ __typeof(expression) __result; \
++ do { \
++ __result = (expression); \
++ } while (__result == -1 && errno == EINTR); \
++ __result; })
++#endif
++
+ enum mbim_control_message {
+ MBIM_OPEN_MSG = 0x1,
+ MBIM_CLOSE_MSG = 0x2,
+--
+2.21.0
+
diff --git a/external/poky/meta/recipes-connectivity/ofono/ofono/use-python3.patch b/external/poky/meta/recipes-connectivity/ofono/ofono/use-python3.patch
deleted file mode 100644
index 7b840752..00000000
--- a/external/poky/meta/recipes-connectivity/ofono/ofono/use-python3.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-set-ddr should use Python3 like all the other tests.
-
-Upstream-Status: Submitted
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 17b69cd1da4c5c5f732acb38ca1602446c567ee7 Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@intel.com>
-Date: Mon, 29 Jan 2018 11:31:25 +0000
-Subject: [PATCH] test/setddr: use Python 3
-
-All the other tests use Python 3, so this should to.
----
- test/set-ddr | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/test/set-ddr b/test/set-ddr
-index 5d061b95..33631f31 100755
---- a/test/set-ddr
-+++ b/test/set-ddr
-@@ -1,4 +1,4 @@
--#!/usr/bin/python
-+#!/usr/bin/python3
-
- import sys
- import dbus
---
-2.11.0
diff --git a/external/poky/meta/recipes-connectivity/ofono/ofono_1.24.bb b/external/poky/meta/recipes-connectivity/ofono/ofono_1.24.bb
deleted file mode 100644
index be7d9ea8..00000000
--- a/external/poky/meta/recipes-connectivity/ofono/ofono_1.24.bb
+++ /dev/null
@@ -1,9 +0,0 @@
-require ofono.inc
-
-SRC_URI = "\
- ${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
- file://ofono \
- file://use-python3.patch \
-"
-SRC_URI[md5sum] = "be24e80f6551f46fea0c5b5879964d6c"
-SRC_URI[sha256sum] = "9c8e351b7658f4b43f9a4380b731c47d2d7544a89987c48c3f227e73636c87ae"
diff --git a/external/poky/meta/recipes-connectivity/ofono/ofono.inc b/external/poky/meta/recipes-connectivity/ofono/ofono_1.31.bb
index 0472414b..7d0976ad 100644
--- a/external/poky/meta/recipes-connectivity/ofono/ofono.inc
+++ b/external/poky/meta/recipes-connectivity/ofono/ofono_1.31.bb
@@ -1,27 +1,34 @@
-HOMEPAGE = "http://www.ofono.org"
-SUMMARY = "open source telephony"
+SUMMARY = "open source telephony"
DESCRIPTION = "oFono is a stack for mobile telephony devices on Linux. oFono supports speaking to telephony devices through specific drivers, or with generic AT commands."
-LICENSE = "GPLv2"
+HOMEPAGE = "http://www.ofono.org"
+BUGTRACKER = "https://01.org/jira/browse/OF"
+LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \
file://src/ofono.h;beginline=1;endline=20;md5=3ce17d5978ef3445def265b98899c2ee"
+DEPENDS = "dbus glib-2.0 udev mobile-broadband-provider-info ell"
-inherit autotools pkgconfig update-rc.d systemd bluetooth gobject-introspection-data
+SRC_URI = "\
+ ${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
+ file://ofono \
+ file://0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch \
+"
+SRC_URI[md5sum] = "1c26340e3c6ed132cc812595081bb3dc"
+SRC_URI[sha256sum] = "a15c5d28096c10eb30e47a68b6dc2e7c4a5a99d7f4cfedf0b69624f33d859e9b"
-DEPENDS = "dbus glib-2.0 udev mobile-broadband-provider-info"
+inherit autotools pkgconfig update-rc.d systemd gobject-introspection-data
INITSCRIPT_NAME = "ofono"
INITSCRIPT_PARAMS = "defaults 22"
+SYSTEMD_SERVICE_${PN} = "ofono.service"
PACKAGECONFIG ??= "\
${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \
- "
+"
PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_unitdir}/system/,--with-systemdunitdir="
-PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, ${BLUEZ}"
+PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, bluez5"
-EXTRA_OECONF += "--enable-test"
-
-SYSTEMD_SERVICE_${PN} = "ofono.service"
+EXTRA_OECONF += "--enable-test --enable-external-ell"
do_install_append() {
install -d ${D}${sysconfdir}/init.d/
@@ -30,10 +37,14 @@ do_install_append() {
PACKAGES =+ "${PN}-tests"
-RDEPENDS_${PN} += "dbus"
-RRECOMMENDS_${PN} += "kernel-module-tun mobile-broadband-provider-info"
-
FILES_${PN} += "${systemd_unitdir}"
FILES_${PN}-tests = "${libdir}/${BPN}/test"
-RDEPENDS_${PN}-tests = "python3 python3-dbus"
-RDEPENDS_${PN}-tests += "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)}"
+
+RDEPENDS_${PN} += "dbus"
+RDEPENDS_${PN}-tests = "\
+ python3-core \
+ python3-dbus \
+ ${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)} \
+"
+
+RRECOMMENDS_${PN} += "kernel-module-tun mobile-broadband-provider-info"
diff --git a/external/poky/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch b/external/poky/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch
index 7e043a2d..20036da9 100644
--- a/external/poky/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch
+++ b/external/poky/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch
@@ -11,14 +11,17 @@ would lead to program abort.
Upstream-Status: Submitted [http://bugzilla.mindrot.org/show_bug.cgi?id=2608]
Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
+
+Complete the fix
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
- openbsd-compat/strlcat.c | 8 ++++++--
- openbsd-compat/strlcpy.c | 8 ++++++--
- openbsd-compat/strnlen.c | 8 ++++++--
- 3 files changed, 18 insertions(+), 6 deletions(-)
+ openbsd-compat/strlcat.c | 10 +++++++---
+ openbsd-compat/strlcpy.c | 8 ++++++--
+ openbsd-compat/strnlen.c | 8 ++++++--
+ 3 files changed, 19 insertions(+), 7 deletions(-)
diff --git a/openbsd-compat/strlcat.c b/openbsd-compat/strlcat.c
-index bcc1b61..e758ebf 100644
+index bcc1b61..124e1e3 100644
--- a/openbsd-compat/strlcat.c
+++ b/openbsd-compat/strlcat.c
@@ -23,6 +23,7 @@
@@ -29,6 +32,15 @@ index bcc1b61..e758ebf 100644
/*
* Appends src to string dst of size siz (unlike strncat, siz is the
+@@ -42,7 +43,7 @@ strlcat(char *dst, const char *src, size_t siz)
+ /* Find the end of dst and adjust bytes left but don't go past end */
+ while (n-- != 0 && *d != '\0')
+ d++;
+- dlen = d - dst;
++ dlen = (uintptr_t)d - (uintptr_t)dst;
+ n = siz - dlen;
+
+ if (n == 0)
@@ -55,8 +56,11 @@ strlcat(char *dst, const char *src, size_t siz)
s++;
}
@@ -70,7 +82,7 @@ index b4b1b60..b06f374 100644
#endif /* !HAVE_STRLCPY */
diff --git a/openbsd-compat/strnlen.c b/openbsd-compat/strnlen.c
-index 93d5155..9b8de5d 100644
+index 7ad3573..7040f1f 100644
--- a/openbsd-compat/strnlen.c
+++ b/openbsd-compat/strnlen.c
@@ -23,6 +23,7 @@
@@ -95,5 +107,5 @@ index 93d5155..9b8de5d 100644
}
#endif
--
-1.9.1
+2.17.1
diff --git a/external/poky/meta/recipes-connectivity/openssh/openssh/run-ptest b/external/poky/meta/recipes-connectivity/openssh/openssh/run-ptest
index 36a3d2a7..ae03e929 100755
--- a/external/poky/meta/recipes-connectivity/openssh/openssh/run-ptest
+++ b/external/poky/meta/recipes-connectivity/openssh/openssh/run-ptest
@@ -1,11 +1,12 @@
#!/bin/sh
export TEST_SHELL=sh
+export SKIP_UNIT=1
cd regress
sed -i "/\t\tagent-ptrace /d" Makefile
make -k .OBJDIR=`pwd` .CURDIR=`pwd` SUDO="sudo" tests \
- | sed -e 's/^skipped/SKIP: /g' -e 's/^ok /PASS: /g' -e 's/^failed/FAIL: /g'
+ | sed -u -e 's/^skipped/SKIP: /g' -e 's/^ok /PASS: /g' -e 's/^failed/FAIL: /g'
SSHAGENT=`which ssh-agent`
GDB=`which gdb`
diff --git a/external/poky/meta/recipes-connectivity/openssh/openssh_7.8p1+git.bb b/external/poky/meta/recipes-connectivity/openssh/openssh_8.2p1.bb
index f54dfb5d..d879efc2 100644
--- a/external/poky/meta/recipes-connectivity/openssh/openssh_7.8p1+git.bb
+++ b/external/poky/meta/recipes-connectivity/openssh/openssh_8.2p1.bb
@@ -5,13 +5,13 @@ Ssh (Secure Shell) is a program for logging into a remote machine \
and for executing commands on a remote machine."
HOMEPAGE = "http://www.openssh.com/"
SECTION = "console/network"
-LICENSE = "BSD"
-LIC_FILES_CHKSUM = "file://LICENCE;md5=429658c6612f3a9b1293782366ab29d8"
+LICENSE = "BSD & ISC & MIT"
+LIC_FILES_CHKSUM = "file://LICENCE;md5=18d9e5a8b3dd1790d73502f50426d4d3"
-DEPENDS = "zlib openssl"
+DEPENDS = "zlib openssl virtual/crypt"
DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
-SRC_URI = "git://github.com/openssh/openssh-portable;branch=master \
+SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.gz \
file://sshd_config \
file://ssh_config \
file://init \
@@ -25,14 +25,12 @@ SRC_URI = "git://github.com/openssh/openssh-portable;branch=master \
file://sshd_check_keys \
file://add-test-support-for-busybox.patch \
"
+SRC_URI[md5sum] = "3076e6413e8dbe56d33848c1054ac091"
+SRC_URI[sha256sum] = "43925151e6cf6cee1450190c0e9af4dc36b41c12737619edff8bcebdff64e671"
PAM_SRC_URI = "file://sshd"
-SRCREV = "cce8cbe0ed7d1ba3a575310e0b63c193326ae616"
-
-S = "${WORKDIR}/git"
-
-inherit useradd update-rc.d update-alternatives systemd
+inherit manpages useradd update-rc.d update-alternatives systemd
USERADD_PACKAGES = "${PN}-sshd"
USERADD_PARAM_${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd"
@@ -45,6 +43,12 @@ SYSTEMD_SERVICE_${PN}-sshd = "sshd.socket"
inherit autotools-brokensep ptest
+PACKAGECONFIG ??= ""
+PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5"
+PACKAGECONFIG[ldns] = "--with-ldns,--without-ldns,ldns"
+PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit"
+PACKAGECONFIG[manpages] = "--with-mantype=man,--with-mantype=cat"
+
EXTRA_AUTORECONF += "--exclude=aclocal"
# login path is hardcoded in sshd
@@ -146,7 +150,9 @@ FILES_${PN}-keygen = "${bindir}/ssh-keygen"
RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen"
RDEPENDS_${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}"
-RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make"
+RRECOMMENDS_${PN}-sshd_append_class-target = " rng-tools"
+# gdb would make attach-ptrace test pass rather than skip but not worth the build dependencies
+RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed sudo coreutils"
RPROVIDES_${PN}-ssh = "ssh"
RPROVIDES_${PN}-sshd = "sshd"
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch b/external/poky/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
index 80b62ab1..949c7883 100644
--- a/external/poky/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
+++ b/external/poky/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
@@ -20,6 +20,11 @@ https://patchwork.openembedded.org/patch/147229/
Upstream-Status: Inappropriate [OE specific]
Signed-off-by: Martin Hundebøll <martin@geanix.com>
+
+
+Update to fix buildpaths qa issue for '-fmacro-prefix-map'.
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
---
Configurations/unix-Makefile.tmpl | 10 +++++++++-
crypto/build.info | 2 +-
@@ -29,7 +34,7 @@ diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tm
index 16af4d2087..54c162784c 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
-@@ -317,13 +317,21 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (),
+@@ -317,13 +317,22 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (),
'$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
@@ -43,6 +48,7 @@ index 16af4d2087..54c162784c 100644
+CFLAGS_Q={- for (@{$config{CFLAGS}}) {
+ s|-fdebug-prefix-map=[^ ]+|-fdebug-prefix-map=|g;
++ s|-fmacro-prefix-map=[^ ]+|-fmacro-prefix-map=|g;
+ }
+ join(' ', @{$config{CFLAGS}}) -}
+
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl/CVE-2019-1543.patch b/external/poky/meta/recipes-connectivity/openssl/openssl/CVE-2019-1543.patch
deleted file mode 100644
index 900ef97f..00000000
--- a/external/poky/meta/recipes-connectivity/openssl/openssl/CVE-2019-1543.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-Upstream-Status: Backport [https://github.com/openssl/openssl/commit/f426625b6ae9a7831010750490a5f0ad689c5ba3]
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From f426625b6ae9a7831010750490a5f0ad689c5ba3 Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Tue, 5 Mar 2019 14:39:15 +0000
-Subject: [PATCH] Prevent over long nonces in ChaCha20-Poly1305
-
-ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for
-every encryption operation. RFC 7539 specifies that the nonce value (IV)
-should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and
-front pads the nonce with 0 bytes if it is less than 12 bytes. However it
-also incorrectly allows a nonce to be set of up to 16 bytes. In this case
-only the last 12 bytes are significant and any additional leading bytes are
-ignored.
-
-It is a requirement of using this cipher that nonce values are unique.
-Messages encrypted using a reused nonce value are susceptible to serious
-confidentiality and integrity attacks. If an application changes the
-default nonce length to be longer than 12 bytes and then makes a change to
-the leading bytes of the nonce expecting the new value to be a new unique
-nonce then such an application could inadvertently encrypt messages with a
-reused nonce.
-
-Additionally the ignored bytes in a long nonce are not covered by the
-integrity guarantee of this cipher. Any application that relies on the
-integrity of these ignored leading bytes of a long nonce may be further
-affected.
-
-Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe
-because no such use sets such a long nonce value. However user
-applications that use this cipher directly and set a non-default nonce
-length to be longer than 12 bytes may be vulnerable.
-
-CVE: CVE-2019-1543
-
-Fixes #8345
-
-Reviewed-by: Paul Dale <paul.dale@oracle.com>
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/8406)
-
-(cherry picked from commit 2a3d0ee9d59156c48973592331404471aca886d6)
----
- crypto/evp/e_chacha20_poly1305.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c
-index c1917bb86a6..d3e2c622a1b 100644
---- a/crypto/evp/e_chacha20_poly1305.c
-+++ b/crypto/evp/e_chacha20_poly1305.c
-@@ -30,6 +30,8 @@ typedef struct {
-
- #define data(ctx) ((EVP_CHACHA_KEY *)(ctx)->cipher_data)
-
-+#define CHACHA20_POLY1305_MAX_IVLEN 12
-+
- static int chacha_init_key(EVP_CIPHER_CTX *ctx,
- const unsigned char user_key[CHACHA_KEY_SIZE],
- const unsigned char iv[CHACHA_CTR_SIZE], int enc)
-@@ -533,7 +535,7 @@ static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
- return 1;
-
- case EVP_CTRL_AEAD_SET_IVLEN:
-- if (arg <= 0 || arg > CHACHA_CTR_SIZE)
-+ if (arg <= 0 || arg > CHACHA20_POLY1305_MAX_IVLEN)
- return 0;
- actx->nonce_len = arg;
- return 1;
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl/afalg.patch b/external/poky/meta/recipes-connectivity/openssl/openssl/afalg.patch
index 7c4b084f..b7c0e969 100644
--- a/external/poky/meta/recipes-connectivity/openssl/openssl/afalg.patch
+++ b/external/poky/meta/recipes-connectivity/openssl/openssl/afalg.patch
@@ -18,14 +18,14 @@ index 3baa8ce..9ef52ed 100755
- ($mi2) = $mi2 =~ /(\d+)/;
- my $ver = $ma*10000 + $mi1*100 + $mi2;
- if ($ver < $minver) {
-- $disabled{afalgeng} = "too-old-kernel";
+- disable('too-old-kernel', 'afalgeng');
- } else {
- push @{$config{engdirs}}, "afalg";
- }
- } else {
-- $disabled{afalgeng} = "cross-compiling";
+- disable('cross-compiling', 'afalgeng');
- }
+ push @{$config{engdirs}}, "afalg";
} else {
- $disabled{afalgeng} = "not-linux";
+ disable('not-linux', 'afalgeng');
}
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh b/external/poky/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh
deleted file mode 100644
index 6620fdcb..00000000
--- a/external/poky/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh
+++ /dev/null
@@ -1,222 +0,0 @@
-#!/bin/sh
-#
-# Ben Secrest <blsecres@gmail.com>
-#
-# sh c_rehash script, scan all files in a directory
-# and add symbolic links to their hash values.
-#
-# based on the c_rehash perl script distributed with openssl
-#
-# LICENSE: See OpenSSL license
-# ^^acceptable?^^
-#
-
-# default certificate location
-DIR=/etc/openssl
-
-# for filetype bitfield
-IS_CERT=$(( 1 << 0 ))
-IS_CRL=$(( 1 << 1 ))
-
-
-# check to see if a file is a certificate file or a CRL file
-# arguments:
-# 1. the filename to be scanned
-# returns:
-# bitfield of file type; uses ${IS_CERT} and ${IS_CRL}
-#
-check_file()
-{
- local IS_TYPE=0
-
- # make IFS a newline so we can process grep output line by line
- local OLDIFS=${IFS}
- IFS=$( printf "\n" )
-
- # XXX: could be more efficient to have two 'grep -m' but is -m portable?
- for LINE in $( grep '^-----BEGIN .*-----' ${1} )
- do
- if echo ${LINE} \
- | grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----'
- then
- IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} ))
-
- if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ]
- then
- break
- fi
- elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----'
- then
- IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} ))
-
- if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ]
- then
- break
- fi
- fi
- done
-
- # restore IFS
- IFS=${OLDIFS}
-
- return ${IS_TYPE}
-}
-
-
-#
-# use openssl to fingerprint a file
-# arguments:
-# 1. the filename to fingerprint
-# 2. the method to use (x509, crl)
-# returns:
-# none
-# assumptions:
-# user will capture output from last stage of pipeline
-#
-fingerprint()
-{
- ${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':'
-}
-
-
-#
-# link_hash - create links to certificate files
-# arguments:
-# 1. the filename to create a link for
-# 2. the type of certificate being linked (x509, crl)
-# returns:
-# 0 on success, 1 otherwise
-#
-link_hash()
-{
- local FINGERPRINT=$( fingerprint ${1} ${2} )
- local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} )
- local SUFFIX=0
- local LINKFILE=''
- local TAG=''
-
- if [ ${2} = "crl" ]
- then
- TAG='r'
- fi
-
- LINKFILE=${HASH}.${TAG}${SUFFIX}
-
- while [ -f ${LINKFILE} ]
- do
- if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ]
- then
- echo "NOTE: Skipping duplicate file ${1}" >&2
- return 1
- fi
-
- SUFFIX=$(( ${SUFFIX} + 1 ))
- LINKFILE=${HASH}.${TAG}${SUFFIX}
- done
-
- echo "${3} => ${LINKFILE}"
-
- # assume any system with a POSIX shell will either support symlinks or
- # do something to handle this gracefully
- ln -s ${3} ${LINKFILE}
-
- return 0
-}
-
-
-# hash_dir create hash links in a given directory
-hash_dir()
-{
- echo "Doing ${1}"
-
- cd ${1}
-
- ls -1 * 2>/dev/null | while read FILE
- do
- if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \
- && [ -h "${FILE}" ]
- then
- rm ${FILE}
- fi
- done
-
- ls -1 *.pem *.cer *.crt *.crl 2>/dev/null | while read FILE
- do
- REAL_FILE=${FILE}
- # if we run on build host then get to the real files in rootfs
- if [ -n "${SYSROOT}" -a -h ${FILE} ]
- then
- FILE=$( readlink ${FILE} )
- # check the symlink is absolute (or dangling in other word)
- if [ "x/" = "x$( echo ${FILE} | cut -c1 -)" ]
- then
- REAL_FILE=${SYSROOT}/${FILE}
- fi
- fi
-
- check_file ${REAL_FILE}
- local FILE_TYPE=${?}
- local TYPE_STR=''
-
- if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ]
- then
- TYPE_STR='x509'
- elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ]
- then
- TYPE_STR='crl'
- else
- echo "NOTE: ${FILE} does not contain a certificate or CRL: skipping" >&2
- continue
- fi
-
- link_hash ${REAL_FILE} ${TYPE_STR} ${FILE}
- done
-}
-
-
-# choose the name of an ssl application
-if [ -n "${OPENSSL}" ]
-then
- SSL_CMD=$(which ${OPENSSL} 2>/dev/null)
-else
- SSL_CMD=/usr/bin/openssl
- OPENSSL=${SSL_CMD}
- export OPENSSL
-fi
-
-# fix paths
-PATH=${PATH}:${DIR}/bin
-export PATH
-
-# confirm existance/executability of ssl command
-if ! [ -x ${SSL_CMD} ]
-then
- echo "${0}: rehashing skipped ('openssl' program not available)" >&2
- exit 0
-fi
-
-# determine which directories to process
-old_IFS=$IFS
-if [ ${#} -gt 0 ]
-then
- IFS=':'
- DIRLIST=${*}
-elif [ -n "${SSL_CERT_DIR}" ]
-then
- DIRLIST=$SSL_CERT_DIR
-else
- DIRLIST=${DIR}/certs
-fi
-
-IFS=':'
-
-# process directories
-for CERT_DIR in ${DIRLIST}
-do
- if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ]
- then
- IFS=$old_IFS
- hash_dir ${CERT_DIR}
- IFS=':'
- fi
-done
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl/reproducible.patch b/external/poky/meta/recipes-connectivity/openssl/openssl/reproducible.patch
new file mode 100644
index 00000000..a24260c9
--- /dev/null
+++ b/external/poky/meta/recipes-connectivity/openssl/openssl/reproducible.patch
@@ -0,0 +1,32 @@
+The value for perl_archname can vary depending on the host, e.g.
+x86_64-linux-gnu-thread-multi or x86_64-linux-thread-multi which
+makes the ptest package non-reproducible. Its unused other than
+these references so drop it.
+
+RP 2020/2/6
+
+Upstream-Status: Pending
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+Index: openssl-1.1.1d/Configure
+===================================================================
+--- openssl-1.1.1d.orig/Configure
++++ openssl-1.1.1d/Configure
+@@ -286,7 +286,7 @@ if (defined env($local_config_envname))
+ # Save away perl command information
+ $config{perl_cmd} = $^X;
+ $config{perl_version} = $Config{version};
+-$config{perl_archname} = $Config{archname};
++#$config{perl_archname} = $Config{archname};
+
+ $config{prefix}="";
+ $config{openssldir}="";
+@@ -2517,7 +2517,7 @@ _____
+ @{$config{perlargv}}), "\n";
+ print "\nPerl information:\n\n";
+ print ' ',$config{perl_cmd},"\n";
+- print ' ',$config{perl_version},' for ',$config{perl_archname},"\n";
++ print ' ',$config{perl_version},"\n";
+ }
+ if ($dump || $options) {
+ my $longest = 0;
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl10/0001-Fix-BN_LLONG-breakage.patch b/external/poky/meta/recipes-connectivity/openssl/openssl10/0001-Fix-BN_LLONG-breakage.patch
deleted file mode 100644
index 13d39c91..00000000
--- a/external/poky/meta/recipes-connectivity/openssl/openssl10/0001-Fix-BN_LLONG-breakage.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 247b3188cde5f3347091cd54271127386d3aece0 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Wed, 6 Feb 2019 22:10:33 -0800
-Subject: [PATCH] Fix BN_LLONG breakage
-
-opensslconf.h is un-defining BN_LLONG only when included from bn.h which
-is not robust at all, especially when include guards are used and
-multiple inclusions of a given header is not allowed. so lets take out
-the nesting constraint and add OPENSSL_SYS_UEFI constraint instead
-
-Upstream-Status: Inappropriate [ fixed differently with OpenSSL 1.1+ ]
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- crypto/opensslconf.h.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/crypto/opensslconf.h.in b/crypto/opensslconf.h.in
-index 7a1c85d..a10c10f 100644
---- a/crypto/opensslconf.h.in
-+++ b/crypto/opensslconf.h.in
-@@ -56,7 +56,7 @@
- #endif
- #endif
-
--#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-+#if !defined(OPENSSL_SYS_UEFI) && !defined(CONFIG_HEADER_BN_H)
- #define CONFIG_HEADER_BN_H
- #undef BN_LLONG
-
---
-2.20.1
-
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl10/0001-Fix-DES_LONG-breakage.patch b/external/poky/meta/recipes-connectivity/openssl/openssl10/0001-Fix-DES_LONG-breakage.patch
deleted file mode 100644
index 7243fb41..00000000
--- a/external/poky/meta/recipes-connectivity/openssl/openssl10/0001-Fix-DES_LONG-breakage.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 1aec49cc45e7cf5ebc059a77081ac3ea2a5aff7b Mon Sep 17 00:00:00 2001
-From: Denys Dmytriyenko <denys@ti.com>
-Date: Fri, 1 Mar 2019 13:14:56 -0500
-Subject: [PATCH] Fix DES_LONG breakage
-
-Mimic previous BN_LLONG fix by Khem Raj here. Re-use its description:
-
-opensslconf.h is defining DES_LONG only when included from des.h which
-is not robust at all, especially when include guards are used and
-multiple inclusions of a given header is not allowed. so lets take out
-the nesting constraint and add OPENSSL_SYS_UEFI constraint instead
-
-Upstream-Status: Inappropriate [ fixed differently with OpenSSL 1.1+ ]
-
-Signed-off-by: Denys Dmytriyenko <denys@ti.com>
----
- crypto/opensslconf.h.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/crypto/opensslconf.h.in b/crypto/opensslconf.h.in
-index a10c10f..0147a4d 100644
---- a/crypto/opensslconf.h.in
-+++ b/crypto/opensslconf.h.in
-@@ -48,7 +48,7 @@
- #endif
- #endif
-
--#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
-+#if !defined(OPENSSL_SYS_UEFI) && !defined(DES_LONG)
- /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
- #ifndef DES_LONG
---
-2.7.4
-
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl10/0001-Fix-build-with-clang-using-external-assembler.patch b/external/poky/meta/recipes-connectivity/openssl/openssl10/0001-Fix-build-with-clang-using-external-assembler.patch
deleted file mode 100644
index 2270962a..00000000
--- a/external/poky/meta/recipes-connectivity/openssl/openssl10/0001-Fix-build-with-clang-using-external-assembler.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 2f6026cb8b16cf00726e3c5625c023f196680f07 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Fri, 17 Mar 2017 12:52:08 -0700
-Subject: [PATCH] Fix build with clang using external assembler
-
-Cherry-picked from
-https://github.com/openssl/openssl/commit/11208dcfb9105e8afa37233185decefd45e89e17
-https://github.com/openssl/openssl/commit/fbab8baddef8d3346ae40ff068871e2ddaf10270
-https://github.com/openssl/openssl/commit/6cf412c473d8145562b76219ce3da73b201b3255
-
-Fixes
-
-| ghash-armv4.S: Assembler messages:
-| ghash-armv4.S:81: Error: bad instruction `ldrbpl r12,[r2,r3]'
-| ghash-armv4.S:91: Error: bad instruction `ldrbpl r8,[r0,r3]'
-| ghash-armv4.S:137: Error: bad instruction `ldrbne r12,[r2,#15]'
-| ghash-armv4.S:224: Error: bad instruction `ldrbpl r12,[r0,r3]'
-| clang-4.0: error: assembler command failed with exit code 1 (use -v to see invocation)
-| make[2]: *** [<builtin>: ghash-armv4.o] Error 1
-
-Upstream-Status: Backport
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- crypto/modes/asm/ghash-armv4.pl | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/crypto/modes/asm/ghash-armv4.pl b/crypto/modes/asm/ghash-armv4.pl
-index 8ccc963ef..442fed4da 100644
---- a/crypto/modes/asm/ghash-armv4.pl
-+++ b/crypto/modes/asm/ghash-armv4.pl
-@@ -124,7 +124,10 @@ $code=<<___;
- #include "arm_arch.h"
-
- .text
-+#if defined(__thumb2__) || defined(__clang__)
-+.syntax unified
-+#endif
- .code 32
-
- #ifdef __clang__
- #define ldrplb ldrbpl
---
-2.12.0
-
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl10/0001-allow-manpages-to-be-disabled.patch b/external/poky/meta/recipes-connectivity/openssl/openssl10/0001-allow-manpages-to-be-disabled.patch
deleted file mode 100644
index 3f7d6499..00000000
--- a/external/poky/meta/recipes-connectivity/openssl/openssl10/0001-allow-manpages-to-be-disabled.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From e1c39b80b01d4d18feeadfdc6e45a3e1dd110634 Mon Sep 17 00:00:00 2001
-From: Andre McCurdy <armccurdy@gmail.com>
-Date: Fri, 27 Jul 2018 21:41:06 +0000
-Subject: [PATCH] allow manpages to be disabled
-
-Define OE_DISABLE_MANPAGES (via environment or the make command line)
-to skip creation and installation of manpages.
-
-Upstream-Status: Inappropriate [configuration]
-
-Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
----
- Makefile.org | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Makefile.org b/Makefile.org
-index ed98d2a..747d8cb 100644
---- a/Makefile.org
-+++ b/Makefile.org
-@@ -549,7 +549,7 @@ dist:
- @$(MAKE) SDIRS='$(SDIRS)' clean
- @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
-
--install: all install_docs install_sw
-+install: all $(if $(OE_DISABLE_MANPAGES),,install_docs) install_sw
-
- install_sw:
- @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
---
-1.9.1
-
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl10/0001-openssl-force-soft-link-to-avoid-rare-race.patch b/external/poky/meta/recipes-connectivity/openssl/openssl10/0001-openssl-force-soft-link-to-avoid-rare-race.patch
deleted file mode 100644
index dd1a9b1d..00000000
--- a/external/poky/meta/recipes-connectivity/openssl/openssl10/0001-openssl-force-soft-link-to-avoid-rare-race.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 3d9199423d48766649a2b2ebb3924e892ed16fa4 Mon Sep 17 00:00:00 2001
-From: Randy MacLeod <Randy.MacLeod@windriver.com>
-Date: Tue, 20 Jun 2017 15:32:08 -0400
-Subject: [PATCH] openssl: Force soft link to avoid rare race
-
-This patch works around a rare parallel build race condition.
-The error seen is:
-
-ln: failed to create symbolic link 'libssl.so': File exists
-make[4]: *** [Makefile.shared:171: link_a.gnu] Error 1
-make[4]: Leaving directory
-'/.../build/tmp-glibc/work/x86_64-linux/openssl-native/1.0.2k-r0/openssl-1.0.2k'
-
-The openssl team is rewriting their build files so it's not
-appropriate for openssl upstream and fixing the root cause of
-the Makefile race condition was also not pursued.
-
-Upstream-Status: Inappropriate [build rules rewrite in progress]
-Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
----
- Makefile.shared | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/Makefile.shared b/Makefile.shared
-index e8d222a..1bff92f 100644
---- a/Makefile.shared
-+++ b/Makefile.shared
-@@ -118,14 +118,14 @@
- if [ -n "$$SHLIB_COMPAT" ]; then \
- for x in $$SHLIB_COMPAT; do \
- ( $(SET_X); rm -f $$SHLIB$$x$$SHLIB_SUFFIX; \
-- ln -s $$prev $$SHLIB$$x$$SHLIB_SUFFIX ); \
-+ ln -sf $$prev $$SHLIB$$x$$SHLIB_SUFFIX ); \
- prev=$$SHLIB$$x$$SHLIB_SUFFIX; \
- done; \
- fi; \
- if [ -n "$$SHLIB_SOVER" ]; then \
- [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
- ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
-- ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
-+ ln -sf $$prev $$SHLIB$$SHLIB_SUFFIX ); \
- fi; \
- fi
-
---
-2.9.3
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl10/Makefiles-ptest.patch b/external/poky/meta/recipes-connectivity/openssl/openssl10/Makefiles-ptest.patch
deleted file mode 100644
index 1b8402af..00000000
--- a/external/poky/meta/recipes-connectivity/openssl/openssl10/Makefiles-ptest.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-From a176c69f4fdfbfa7e4ccb79d91c3b6602da7e69a Mon Sep 17 00:00:00 2001
-From: Anders Roxell <anders.roxell@enea.com>
-Date: Thu, 24 Apr 2014 19:28:25 +0200
-Subject: [PATCH 19/28] openssl: enable ptest support
-
-Add 'buildtest' and 'runtest' targets to Makefile, to build and run tests
-cross-compiled.
-
-Signed-off-by: Anders Roxell <anders.roxell@enea.com>
-Signed-off-by: Maxin B. John <maxin.john@enea.com>
-Upstream-Status: Pending
-
----
- Makefile.org | 10 +++++++++-
- test/Makefile | 13 +++++++++----
- 2 files changed, 18 insertions(+), 5 deletions(-)
-
-diff --git a/Makefile.org b/Makefile.org
-index 111fbba..8e7936c 100644
---- a/Makefile.org
-+++ b/Makefile.org
-@@ -467,8 +467,16 @@ rehash.time: certs apps
- test: tests
-
- tests: rehash
-+ $(MAKE) buildtest
-+ $(MAKE) runtest
-+
-+buildtest:
-+ @(cd test && \
-+ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf exe apps);
-+
-+runtest:
- @(cd test && echo "testing..." && \
-- $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests );
-+ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf alltests );
- OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
-
- report:
-diff --git a/test/Makefile b/test/Makefile
-index 55a6b50..d46b4d1 100644
---- a/test/Makefile
-+++ b/test/Makefile
-@@ -150,7 +150,7 @@ tests: exe apps $(TESTS)
- apps:
- @(cd ..; $(MAKE) DIRS=apps all)
-
--alltests: \
-+all-tests= \
- test_des test_idea test_sha test_md4 test_md5 test_hmac \
- test_md2 test_mdc2 test_wp \
- test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \
-@@ -162,6 +162,11 @@ alltests: \
- test_constant_time test_verify_extra test_clienthello test_sslv2conftest \
- test_dtls test_bad_dtls test_fatalerr test_x509_time
-
-+alltests:
-+ @(for i in $(all-tests); do \
-+ ( $(MAKE) $$i && echo "PASS: $$i" ) || echo "FAIL: $$i"; \
-+ done)
-+
- test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt
- ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
-
-@@ -230,7 +235,7 @@ test_x509: ../apps/openssl$(EXE_EXT) tx509 testx509.pem v3-cert1.pem v3-cert2.pe
- echo test second x509v3 certificate
- sh ./tx509 v3-cert2.pem 2>/dev/null
-
--test_rsa: $(RSATEST)$(EXE_EXT) ../apps/openssl$(EXE_EXT) trsa testrsa.pem
-+test_rsa: ../apps/openssl$(EXE_EXT) trsa testrsa.pem
- @sh ./trsa 2>/dev/null
- ../util/shlib_wrap.sh ./$(RSATEST)
-
-@@ -331,11 +336,11 @@ test_tsa: ../apps/openssl$(EXE_EXT) testtsa CAtsa.cnf ../util/shlib_wrap.sh
- sh ./testtsa; \
- fi
-
--test_ige: $(IGETEST)$(EXE_EXT)
-+test_ige:
- @echo "Test IGE mode"
- ../util/shlib_wrap.sh ./$(IGETEST)
-
--test_jpake: $(JPAKETEST)$(EXE_EXT)
-+test_jpake:
- @echo "Test JPAKE"
- ../util/shlib_wrap.sh ./$(JPAKETEST)
-
---
-2.15.1
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl10/Use-SHA256-not-MD5-as-default-digest.patch b/external/poky/meta/recipes-connectivity/openssl/openssl10/Use-SHA256-not-MD5-as-default-digest.patch
deleted file mode 100644
index 58c9ee78..00000000
--- a/external/poky/meta/recipes-connectivity/openssl/openssl10/Use-SHA256-not-MD5-as-default-digest.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From d795f5f20a29adecf92c09459a3ee07ffac01a99 Mon Sep 17 00:00:00 2001
-From: Rich Salz <rsalz@akamai.com>
-Date: Sat, 13 Jun 2015 17:03:39 -0400
-Subject: [PATCH] Use SHA256 not MD5 as default digest.
-
-Commit f8547f62c212837dbf44fb7e2755e5774a59a57b upstream.
-
-Upstream-Status: Backport
-Backport from OpenSSL 2.0 to OpenSSL 1.0.2
-Commit f8547f62c212837dbf44fb7e2755e5774a59a57b
-
-CVE: CVE-2004-2761
-
- The MD5 Message-Digest Algorithm is not collision resistant,
- which makes it easier for context-dependent attackers to
- conduct spoofing attacks, as demonstrated by attacks on the
- use of MD5 in the signature algorithm of an X.509 certificate.
-
-Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
-Signed-off-by: T.O. Radzy Radzykewycz <radzy@windriver.com>
----
- apps/ca.c | 2 +-
- apps/dgst.c | 2 +-
- apps/enc.c | 2 +-
- 3 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/apps/ca.c b/apps/ca.c
-index 3b7336c..8f3a84b 100644
---- a/apps/ca.c
-+++ b/apps/ca.c
-@@ -1612,7 +1612,7 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
- } else
- BIO_printf(bio_err, "Signature ok\n");
-
-- if ((rreq = X509_to_X509_REQ(req, NULL, EVP_md5())) == NULL)
-+ if ((rreq = X509_to_X509_REQ(req, NULL, NULL)) == NULL)
- goto err;
-
- ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj,
-diff --git a/apps/dgst.c b/apps/dgst.c
-index 95e5fa3..0d1529f 100644
---- a/apps/dgst.c
-+++ b/apps/dgst.c
-@@ -442,7 +442,7 @@ int MAIN(int argc, char **argv)
- goto end;
- }
- if (md == NULL)
-- md = EVP_md5();
-+ md = EVP_sha256();
- if (!EVP_DigestInit_ex(mctx, md, impl)) {
- BIO_printf(bio_err, "Error setting digest %s\n", pname);
- ERR_print_errors(bio_err);
-diff --git a/apps/enc.c b/apps/enc.c
-index 7b7c70b..a7d944c 100644
---- a/apps/enc.c
-+++ b/apps/enc.c
-@@ -344,7 +344,7 @@ int MAIN(int argc, char **argv)
- }
-
- if (dgst == NULL) {
-- dgst = EVP_md5();
-+ dgst = EVP_sha256();
- }
-
- if (bufsize != NULL) {
---
-1.9.1
-
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl10/configure-musl-target.patch b/external/poky/meta/recipes-connectivity/openssl/openssl10/configure-musl-target.patch
deleted file mode 100644
index f357b3f5..00000000
--- a/external/poky/meta/recipes-connectivity/openssl/openssl10/configure-musl-target.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-Add musl triplet support
-
-Upstream-Status: Pending
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
-Index: openssl-1.0.2a/Configure
-===================================================================
---- openssl-1.0.2a.orig/Configure
-+++ openssl-1.0.2a/Configure
-@@ -431,7 +431,7 @@ my %table=(
- #
- # ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8
- #
--"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-aarch64","gcc: -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- # Configure script adds minimally required -march for assembly support,
- # if no -march was specified at command line. mips32 and mips64 below
-@@ -504,4 +504,6 @@ my %table=(
- "linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-musleabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-musleabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
- "linux-avr32","$ENV{'CC'}:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).",
-
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl10/configure-targets.patch b/external/poky/meta/recipes-connectivity/openssl/openssl10/configure-targets.patch
deleted file mode 100644
index 1e015897..00000000
--- a/external/poky/meta/recipes-connectivity/openssl/openssl10/configure-targets.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-Upstream-Status: Inappropriate [embedded specific]
-
-The number of colons are important :)
-
-
----
- Configure | 16 ++++++++++++++++
- 1 file changed, 16 insertions(+)
-
-Index: openssl-1.0.2a/Configure
-===================================================================
---- openssl-1.0.2a.orig/Configure
-+++ openssl-1.0.2a/Configure
-@@ -443,6 +443,21 @@ my %table=(
- "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
- "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
-
-+
-+# Linux on ARM
-+"linux-elf-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-elf-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-gnueabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+
-+"linux-avr32","$ENV{'CC'}:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).",
-+
-+#### Linux on MIPS/MIPS64
-+"linux-mips","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-mips64","$ENV{'CC'}:-DB_ENDIAN -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-mips64el","$ENV{'CC'}:-DL_ENDIAN -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-mipsel","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+
- # Android: linux-* but without pointers to headers and libs.
- "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl10/debian/c_rehash-compat.patch b/external/poky/meta/recipes-connectivity/openssl/openssl10/debian/c_rehash-compat.patch
deleted file mode 100644
index 3820e3e3..00000000
--- a/external/poky/meta/recipes-connectivity/openssl/openssl10/debian/c_rehash-compat.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From 83f318d68bbdab1ca898c94576a838cc97df4700 Mon Sep 17 00:00:00 2001
-From: Ludwig Nussel <ludwig.nussel@suse.de>
-Date: Wed, 21 Apr 2010 15:52:10 +0200
-Subject: [PATCH] also create old hash for compatibility
-
-Upstream-Status: Backport [debian]
-
-Index: openssl-1.0.2n/tools/c_rehash.in
-===================================================================
---- openssl-1.0.2n.orig/tools/c_rehash.in
-+++ openssl-1.0.2n/tools/c_rehash.in
-@@ -8,8 +8,6 @@ my $prefix;
-
- my $openssl = $ENV{OPENSSL} || "openssl";
- my $pwd;
--my $x509hash = "-subject_hash";
--my $crlhash = "-hash";
- my $verbose = 0;
- my $symlink_exists=eval {symlink("",""); 1};
- my $removelinks = 1;
-@@ -18,10 +16,7 @@ my $removelinks = 1;
- while ( $ARGV[0] =~ /^-/ ) {
- my $flag = shift @ARGV;
- last if ( $flag eq '--');
-- if ( $flag eq '-old') {
-- $x509hash = "-subject_hash_old";
-- $crlhash = "-hash_old";
-- } elsif ( $flag eq '-h') {
-+ if ( $flag eq '-h') {
- help();
- } elsif ( $flag eq '-n' ) {
- $removelinks = 0;
-@@ -113,7 +108,9 @@ sub hash_dir {
- next;
- }
- link_hash_cert($fname) if($cert);
-+ link_hash_cert_old($fname) if($cert);
- link_hash_crl($fname) if($crl);
-+ link_hash_crl_old($fname) if($crl);
- }
- }
-
-@@ -146,6 +143,7 @@ sub check_file {
-
- sub link_hash_cert {
- my $fname = $_[0];
-+ my $x509hash = $_[1] || '-subject_hash';
- $fname =~ s/'/'\\''/g;
- my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
- chomp $hash;
-@@ -177,10 +175,20 @@ sub link_hash_cert {
- $hashlist{$hash} = $fprint;
- }
-
-+sub link_hash_cert_old {
-+ link_hash_cert($_[0], '-subject_hash_old');
-+}
-+
-+sub link_hash_crl_old {
-+ link_hash_crl($_[0], '-hash_old');
-+}
-+
-+
- # Same as above except for a CRL. CRL links are of the form <hash>.r<n>
-
- sub link_hash_crl {
- my $fname = $_[0];
-+ my $crlhash = $_[1] || "-hash";
- $fname =~ s/'/'\\''/g;
- my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
- chomp $hash;
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl10/debian/debian-targets.patch b/external/poky/meta/recipes-connectivity/openssl/openssl10/debian/debian-targets.patch
deleted file mode 100644
index 24709f4f..00000000
--- a/external/poky/meta/recipes-connectivity/openssl/openssl10/debian/debian-targets.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-Upstream-Status: Backport [debian]
-
-Index: openssl-1.0.2n/Configure
-===================================================================
---- openssl-1.0.2n.orig/Configure
-+++ openssl-1.0.2n/Configure
-@@ -133,6 +133,10 @@ my $clang_devteam_warn = "-Wno-unused-pa
- # Warn that "make depend" should be run?
- my $warn_make_depend = 0;
-
-+# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS
-+my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall";
-+$debian_cflags =~ s/\n/ /g;
-+
- my $strict_warnings = 0;
-
- my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
-@@ -369,6 +373,55 @@ my %table=(
- "osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
- "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
-
-+# Debian GNU/* (various architectures)
-+"debian-alpha","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-alpha-ev4","gcc:-DTERMIO ${debian_cflags} -mcpu=ev4::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-alpha-ev5","gcc:-DTERMIO ${debian_cflags} -mcpu=ev5::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-arm64","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-amd64", "gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::",
-+"debian-avr32", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -fomit-frame-pointer::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN -DTERMIOS ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-kfreebsd-i386","gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-hppa","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-hurd-i386","gcc:-DL_ENDIAN -DTERMIOS -O3 -Wa,--noexecstack -g -mtune=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-ia64","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-i386","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-i386-i486","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-i386-i586","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i586::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-i386-i686/cmov","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i686::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-m68k","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-mips", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-mipsel", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-mipsn32", "mips64-linux-gnuabin32-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-mipsn32el", "mips64el-linux-gnuabin32-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-mips64", "mips64-linux-gnuabi64-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-mips64el", "mips64el-linux-gnuabi64-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-netbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-netbsd-m68k", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags}::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-netbsd-sparc", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags} -mv8::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-openbsd-alpha","gcc:-DTERMIOS ${debian_cflags}::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-openbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-openbsd-mips","gcc:-DL_ENDIAN ${debian_cflags}::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-or1k", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-powerpcspe","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-ppc64el","gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-s390","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-s390x","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sh3", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sh4", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sh3eb", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sh4eb", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-m32r","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sparc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sparc-v8","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v8 -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sparc-v9","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v9 -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sparc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags} -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-x32","gcc:-mx32 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
-+
- ####
- #### Variety of LINUX:-)
- ####
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl10/debian/man-dir.patch b/external/poky/meta/recipes-connectivity/openssl/openssl10/debian/man-dir.patch
deleted file mode 100644
index 4085e3b1..00000000
--- a/external/poky/meta/recipes-connectivity/openssl/openssl10/debian/man-dir.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Upstream-Status: Backport [debian]
-
-Index: openssl-1.0.0c/Makefile.org
-===================================================================
---- openssl-1.0.0c.orig/Makefile.org 2010-12-12 16:11:27.000000000 +0100
-+++ openssl-1.0.0c/Makefile.org 2010-12-12 16:11:37.000000000 +0100
-@@ -131,7 +131,7 @@
-
- MAKEFILE= Makefile
-
--MANDIR=$(OPENSSLDIR)/man
-+MANDIR=/usr/share/man
- MAN1=1
- MAN3=3
- MANSUFFIX=
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl10/debian/man-section.patch b/external/poky/meta/recipes-connectivity/openssl/openssl10/debian/man-section.patch
deleted file mode 100644
index 21c1d1a4..00000000
--- a/external/poky/meta/recipes-connectivity/openssl/openssl10/debian/man-section.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-Upstream-Status: Backport [debian]
-
-Index: openssl-1.0.0c/Makefile.org
-===================================================================
---- openssl-1.0.0c.orig/Makefile.org 2010-12-12 16:11:37.000000000 +0100
-+++ openssl-1.0.0c/Makefile.org 2010-12-12 16:13:28.000000000 +0100
-@@ -160,7 +160,8 @@
- MANDIR=/usr/share/man
- MAN1=1
- MAN3=3
--MANSUFFIX=
-+MANSUFFIX=ssl
-+MANSECTION=SSL
- HTMLSUFFIX=html
- HTMLDIR=$(OPENSSLDIR)/html
- SHELL=/bin/sh
-@@ -651,7 +652,7 @@
- echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
- (cd `$(PERL) util/dirname.pl $$i`; \
- sh -c "$$pod2man \
-- --section=$$sec --center=OpenSSL \
-+ --section=$${sec}$(MANSECTION) --center=OpenSSL \
- --release=$(VERSION) `basename $$i`") \
- > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
- $(PERL) util/extract-names.pl < $$i | \
-@@ -668,7 +669,7 @@
- echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
- (cd `$(PERL) util/dirname.pl $$i`; \
- sh -c "$$pod2man \
-- --section=$$sec --center=OpenSSL \
-+ --section=$${sec}$(MANSECTION) --center=OpenSSL \
- --release=$(VERSION) `basename $$i`") \
- > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
- $(PERL) util/extract-names.pl < $$i | \
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl10/debian/no-rpath.patch b/external/poky/meta/recipes-connectivity/openssl/openssl10/debian/no-rpath.patch
deleted file mode 100644
index 1ccb3b86..00000000
--- a/external/poky/meta/recipes-connectivity/openssl/openssl10/debian/no-rpath.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Upstream-Status: Backport [debian]
-
-Index: openssl-1.0.0c/Makefile.shared
-===================================================================
---- openssl-1.0.0c.orig/Makefile.shared 2010-08-21 13:36:49.000000000 +0200
-+++ openssl-1.0.0c/Makefile.shared 2010-12-12 16:13:36.000000000 +0100
-@@ -153,7 +153,7 @@
- NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
-
--DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
-+DO_GNU_APP=LDFLAGS="$(CFLAGS)"
-
- #This is rather special. It's a special target with which one can link
- #applications without bothering with any features that have anything to
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl10/debian/no-symbolic.patch b/external/poky/meta/recipes-connectivity/openssl/openssl10/debian/no-symbolic.patch
deleted file mode 100644
index cc4408ab..00000000
--- a/external/poky/meta/recipes-connectivity/openssl/openssl10/debian/no-symbolic.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Upstream-Status: Backport [debian]
-
-Index: openssl-1.0.0c/Makefile.shared
-===================================================================
---- openssl-1.0.0c.orig/Makefile.shared 2010-12-12 16:13:36.000000000 +0100
-+++ openssl-1.0.0c/Makefile.shared 2010-12-12 16:13:44.000000000 +0100
-@@ -151,7 +151,7 @@
- SHLIB_SUFFIX=; \
- ALLSYMSFLAGS='-Wl,--whole-archive'; \
- NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
-- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
-+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
-
- DO_GNU_APP=LDFLAGS="$(CFLAGS)"
-
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl10/debian/pic.patch b/external/poky/meta/recipes-connectivity/openssl/openssl10/debian/pic.patch
deleted file mode 100644
index bfda3888..00000000
--- a/external/poky/meta/recipes-connectivity/openssl/openssl10/debian/pic.patch
+++ /dev/null
@@ -1,177 +0,0 @@
-Upstream-Status: Backport [debian]
-
-Index: openssl-1.0.1c/crypto/des/asm/desboth.pl
-===================================================================
---- openssl-1.0.1c.orig/crypto/des/asm/desboth.pl 2001-10-24 23:20:56.000000000 +0200
-+++ openssl-1.0.1c/crypto/des/asm/desboth.pl 2012-07-29 14:15:26.000000000 +0200
-@@ -16,6 +16,11 @@
-
- &push("edi");
-
-+ &call (&label("pic_point0"));
-+ &set_label("pic_point0");
-+ &blindpop("ebp");
-+ &add ("ebp", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]");
-+
- &comment("");
- &comment("Load the data words");
- &mov($L,&DWP(0,"ebx","",0));
-@@ -47,15 +52,21 @@
- &mov(&swtmp(2), (DWC(($enc)?"1":"0")));
- &mov(&swtmp(1), "eax");
- &mov(&swtmp(0), "ebx");
-- &call("DES_encrypt2");
-+ &exch("ebx", "ebp");
-+ &call("DES_encrypt2\@PLT");
-+ &exch("ebx", "ebp");
- &mov(&swtmp(2), (DWC(($enc)?"0":"1")));
- &mov(&swtmp(1), "edi");
- &mov(&swtmp(0), "ebx");
-- &call("DES_encrypt2");
-+ &exch("ebx", "ebp");
-+ &call("DES_encrypt2\@PLT");
-+ &exch("ebx", "ebp");
- &mov(&swtmp(2), (DWC(($enc)?"1":"0")));
- &mov(&swtmp(1), "esi");
- &mov(&swtmp(0), "ebx");
-- &call("DES_encrypt2");
-+ &exch("ebx", "ebp");
-+ &call("DES_encrypt2\@PLT");
-+ &exch("ebx", "ebp");
-
- &stack_pop(3);
- &mov($L,&DWP(0,"ebx","",0));
-Index: openssl-1.0.1c/crypto/perlasm/cbc.pl
-===================================================================
---- openssl-1.0.1c.orig/crypto/perlasm/cbc.pl 2011-07-13 08:22:46.000000000 +0200
-+++ openssl-1.0.1c/crypto/perlasm/cbc.pl 2012-07-29 14:15:26.000000000 +0200
-@@ -122,7 +122,11 @@
- &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call
- &mov(&DWP($data_off+4,"esp","",0), "ebx"); #
-
-- &call($enc_func);
-+ &call (&label("pic_point0"));
-+ &set_label("pic_point0");
-+ &blindpop("ebx");
-+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]");
-+ &call("$enc_func\@PLT");
-
- &mov("eax", &DWP($data_off,"esp","",0));
- &mov("ebx", &DWP($data_off+4,"esp","",0));
-@@ -185,7 +189,11 @@
- &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call
- &mov(&DWP($data_off+4,"esp","",0), "ebx"); #
-
-- &call($enc_func);
-+ &call (&label("pic_point1"));
-+ &set_label("pic_point1");
-+ &blindpop("ebx");
-+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point1") . "]");
-+ &call("$enc_func\@PLT");
-
- &mov("eax", &DWP($data_off,"esp","",0));
- &mov("ebx", &DWP($data_off+4,"esp","",0));
-@@ -218,7 +226,11 @@
- &mov(&DWP($data_off,"esp","",0), "eax"); # put back
- &mov(&DWP($data_off+4,"esp","",0), "ebx"); #
-
-- &call($dec_func);
-+ &call (&label("pic_point2"));
-+ &set_label("pic_point2");
-+ &blindpop("ebx");
-+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point2") . "]");
-+ &call("$dec_func\@PLT");
-
- &mov("eax", &DWP($data_off,"esp","",0)); # get return
- &mov("ebx", &DWP($data_off+4,"esp","",0)); #
-@@ -261,7 +273,11 @@
- &mov(&DWP($data_off,"esp","",0), "eax"); # put back
- &mov(&DWP($data_off+4,"esp","",0), "ebx"); #
-
-- &call($dec_func);
-+ &call (&label("pic_point3"));
-+ &set_label("pic_point3");
-+ &blindpop("ebx");
-+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point3") . "]");
-+ &call("$dec_func\@PLT");
-
- &mov("eax", &DWP($data_off,"esp","",0)); # get return
- &mov("ebx", &DWP($data_off+4,"esp","",0)); #
-Index: openssl-1.0.1c/crypto/perlasm/x86gas.pl
-===================================================================
---- openssl-1.0.1c.orig/crypto/perlasm/x86gas.pl 2011-12-09 20:16:35.000000000 +0100
-+++ openssl-1.0.1c/crypto/perlasm/x86gas.pl 2012-07-29 14:15:26.000000000 +0200
-@@ -161,6 +161,7 @@
- if ($::macosx) { push (@out,"$tmp,2\n"); }
- elsif ($::elf) { push (@out,"$tmp,4\n"); }
- else { push (@out,"$tmp\n"); }
-+ if ($::elf) { push (@out,".hidden\tOPENSSL_ia32cap_P\n"); }
- }
- push(@out,$initseg) if ($initseg);
- }
-@@ -218,8 +219,23 @@
- elsif ($::elf)
- { $initseg.=<<___;
- .section .init
-+___
-+ if ($::pic)
-+ { $initseg.=<<___;
-+ pushl %ebx
-+ call .pic_point0
-+.pic_point0:
-+ popl %ebx
-+ addl \$_GLOBAL_OFFSET_TABLE_+[.-.pic_point0],%ebx
-+ call $f\@PLT
-+ popl %ebx
-+___
-+ }
-+ else
-+ { $initseg.=<<___;
- call $f
- ___
-+ }
- }
- elsif ($::coff)
- { $initseg.=<<___; # applies to both Cygwin and Mingw
-Index: openssl-1.0.1c/crypto/x86cpuid.pl
-===================================================================
---- openssl-1.0.1c.orig/crypto/x86cpuid.pl 2012-02-28 15:20:34.000000000 +0100
-+++ openssl-1.0.1c/crypto/x86cpuid.pl 2012-07-29 14:15:26.000000000 +0200
-@@ -8,6 +8,8 @@
-
- for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
-
-+push(@out, ".hidden OPENSSL_ia32cap_P\n");
-+
- &function_begin("OPENSSL_ia32_cpuid");
- &xor ("edx","edx");
- &pushf ();
-@@ -139,9 +141,7 @@
- &set_label("nocpuid");
- &function_end("OPENSSL_ia32_cpuid");
-
--&external_label("OPENSSL_ia32cap_P");
--
--&function_begin_B("OPENSSL_rdtsc","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
-+&function_begin_B("OPENSSL_rdtsc");
- &xor ("eax","eax");
- &xor ("edx","edx");
- &picmeup("ecx","OPENSSL_ia32cap_P");
-@@ -155,7 +155,7 @@
- # This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host],
- # but it's safe to call it on any [supported] 32-bit platform...
- # Just check for [non-]zero return value...
--&function_begin_B("OPENSSL_instrument_halt","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
-+&function_begin_B("OPENSSL_instrument_halt");
- &picmeup("ecx","OPENSSL_ia32cap_P");
- &bt (&DWP(0,"ecx"),4);
- &jnc (&label("nohalt")); # no TSC
-@@ -222,7 +222,7 @@
- &ret ();
- &function_end_B("OPENSSL_far_spin");
-
--&function_begin_B("OPENSSL_wipe_cpu","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
-+&function_begin_B("OPENSSL_wipe_cpu");
- &xor ("eax","eax");
- &xor ("edx","edx");
- &picmeup("ecx","OPENSSL_ia32cap_P");
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl10/debian1.0.2/block_digicert_malaysia.patch b/external/poky/meta/recipes-connectivity/openssl/openssl10/debian1.0.2/block_digicert_malaysia.patch
deleted file mode 100644
index c43bcd1c..00000000
--- a/external/poky/meta/recipes-connectivity/openssl/openssl10/debian1.0.2/block_digicert_malaysia.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From: Raphael Geissert <geissert@debian.org>
-Description: make X509_verify_cert indicate that any certificate whose
- name contains "Digicert Sdn. Bhd." (from Malaysia) is revoked.
-Forwarded: not-needed
-Origin: vendor
-Last-Update: 2011-11-05
-
-Upstream-Status: Backport [debian]
-
-
-Index: openssl-1.0.2~beta1/crypto/x509/x509_vfy.c
-===================================================================
---- openssl-1.0.2~beta1.orig/crypto/x509/x509_vfy.c 2014-02-25 00:16:12.488028844 +0100
-+++ openssl-1.0.2~beta1/crypto/x509/x509_vfy.c 2014-02-25 00:16:12.484028929 +0100
-@@ -964,10 +964,11 @@
- for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
- {
- x = sk_X509_value(ctx->chain, i);
-- /* Mark DigiNotar certificates as revoked, no matter
-- * where in the chain they are.
-+ /* Mark certificates containing the following names as
-+ * revoked, no matter where in the chain they are.
- */
-- if (x->name && strstr(x->name, "DigiNotar"))
-+ if (x->name && (strstr(x->name, "DigiNotar") ||
-+ strstr(x->name, "Digicert Sdn. Bhd.")))
- {
- ctx->error = X509_V_ERR_CERT_REVOKED;
- ctx->error_depth = i;
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl10/debian1.0.2/block_diginotar.patch b/external/poky/meta/recipes-connectivity/openssl/openssl10/debian1.0.2/block_diginotar.patch
deleted file mode 100644
index d81e22cd..00000000
--- a/external/poky/meta/recipes-connectivity/openssl/openssl10/debian1.0.2/block_diginotar.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From: Raphael Geissert <geissert@debian.org>
-Description: make X509_verify_cert indicate that any certificate whose
- name contains "DigiNotar" is revoked.
-Forwarded: not-needed
-Origin: vendor
-Last-Update: 2011-09-08
-Bug: http://bugs.debian.org/639744
-Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
-Reviewed-by: Dr Stephen N Henson <shenson@drh-consultancy.co.uk>
-
-This is not meant as final patch.
-
-Upstream-Status: Backport [debian]
-
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
-Index: openssl-1.0.2g/crypto/x509/x509_vfy.c
-===================================================================
---- openssl-1.0.2g.orig/crypto/x509/x509_vfy.c
-+++ openssl-1.0.2g/crypto/x509/x509_vfy.c
-@@ -119,6 +119,7 @@ static int check_trust(X509_STORE_CTX *c
- static int check_revocation(X509_STORE_CTX *ctx);
- static int check_cert(X509_STORE_CTX *ctx);
- static int check_policy(X509_STORE_CTX *ctx);
-+static int check_ca_blacklist(X509_STORE_CTX *ctx);
-
- static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
- unsigned int *preasons, X509_CRL *crl, X509 *x);
-@@ -489,6 +490,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx
- if (!ok)
- goto err;
-
-+ ok = check_ca_blacklist(ctx);
-+ if(!ok) goto err;
-+
- #ifndef OPENSSL_NO_RFC3779
- /* RFC 3779 path validation, now that CRL check has been done */
- ok = v3_asid_validate_path(ctx);
-@@ -996,6 +1000,29 @@ static int check_crl_time(X509_STORE_CTX
- return 1;
- }
-
-+static int check_ca_blacklist(X509_STORE_CTX *ctx)
-+ {
-+ X509 *x;
-+ int i;
-+ /* Check all certificates against the blacklist */
-+ for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
-+ {
-+ x = sk_X509_value(ctx->chain, i);
-+ /* Mark DigiNotar certificates as revoked, no matter
-+ * where in the chain they are.
-+ */
-+ if (x->name && strstr(x->name, "DigiNotar"))
-+ {
-+ ctx->error = X509_V_ERR_CERT_REVOKED;
-+ ctx->error_depth = i;
-+ ctx->current_cert = x;
-+ if (!ctx->verify_cb(0,ctx))
-+ return 0;
-+ }
-+ }
-+ return 1;
-+ }
-+
- static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
- X509 **pissuer, int *pscore, unsigned int *preasons,
- STACK_OF(X509_CRL) *crls)
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl10/debian1.0.2/soname.patch b/external/poky/meta/recipes-connectivity/openssl/openssl10/debian1.0.2/soname.patch
deleted file mode 100644
index 09dd9eaf..00000000
--- a/external/poky/meta/recipes-connectivity/openssl/openssl10/debian1.0.2/soname.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Upstream-Status: Inappropriate
-
-Index: openssl-1.0.2d/crypto/opensslv.h
-===================================================================
---- openssl-1.0.2d.orig/crypto/opensslv.h
-+++ openssl-1.0.2d/crypto/opensslv.h
-@@ -88,7 +88,7 @@ extern "C" {
- * should only keep the versions that are binary compatible with the current.
- */
- # define SHLIB_VERSION_HISTORY ""
--# define SHLIB_VERSION_NUMBER "1.0.0"
-+# define SHLIB_VERSION_NUMBER "1.0.2"
-
-
- #ifdef __cplusplus
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl10/debian1.0.2/version-script.patch b/external/poky/meta/recipes-connectivity/openssl/openssl10/debian1.0.2/version-script.patch
deleted file mode 100644
index e404ee33..00000000
--- a/external/poky/meta/recipes-connectivity/openssl/openssl10/debian1.0.2/version-script.patch
+++ /dev/null
@@ -1,4658 +0,0 @@
-Upstream-Status: Inappropriate
-
-Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure
-===================================================================
---- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure 2014-02-24 21:02:30.000000000 +0100
-+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure 2014-02-24 21:02:30.000000000 +0100
-@@ -1651,6 +1651,8 @@
- }
- }
-
-+$shared_ldflag .= " -Wl,--version-script=openssl.ld";
-+
- open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
- unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
- open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
-Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld 2014-02-24 22:19:08.601827266 +0100
-@@ -0,0 +1,4608 @@
-+OPENSSL_1.0.2d {
-+ global:
-+ BIO_f_ssl;
-+ BIO_new_buffer_ssl_connect;
-+ BIO_new_ssl;
-+ BIO_new_ssl_connect;
-+ BIO_proxy_ssl_copy_session_id;
-+ BIO_ssl_copy_session_id;
-+ BIO_ssl_shutdown;
-+ d2i_SSL_SESSION;
-+ DTLSv1_client_method;
-+ DTLSv1_method;
-+ DTLSv1_server_method;
-+ ERR_load_SSL_strings;
-+ i2d_SSL_SESSION;
-+ kssl_build_principal_2;
-+ kssl_cget_tkt;
-+ kssl_check_authent;
-+ kssl_ctx_free;
-+ kssl_ctx_new;
-+ kssl_ctx_setkey;
-+ kssl_ctx_setprinc;
-+ kssl_ctx_setstring;
-+ kssl_ctx_show;
-+ kssl_err_set;
-+ kssl_krb5_free_data_contents;
-+ kssl_sget_tkt;
-+ kssl_skip_confound;
-+ kssl_validate_times;
-+ PEM_read_bio_SSL_SESSION;
-+ PEM_read_SSL_SESSION;
-+ PEM_write_bio_SSL_SESSION;
-+ PEM_write_SSL_SESSION;
-+ SSL_accept;
-+ SSL_add_client_CA;
-+ SSL_add_dir_cert_subjects_to_stack;
-+ SSL_add_dir_cert_subjs_to_stk;
-+ SSL_add_file_cert_subjects_to_stack;
-+ SSL_add_file_cert_subjs_to_stk;
-+ SSL_alert_desc_string;
-+ SSL_alert_desc_string_long;
-+ SSL_alert_type_string;
-+ SSL_alert_type_string_long;
-+ SSL_callback_ctrl;
-+ SSL_check_private_key;
-+ SSL_CIPHER_description;
-+ SSL_CIPHER_get_bits;
-+ SSL_CIPHER_get_name;
-+ SSL_CIPHER_get_version;
-+ SSL_clear;
-+ SSL_COMP_add_compression_method;
-+ SSL_COMP_get_compression_methods;
-+ SSL_COMP_get_compress_methods;
-+ SSL_COMP_get_name;
-+ SSL_connect;
-+ SSL_copy_session_id;
-+ SSL_ctrl;
-+ SSL_CTX_add_client_CA;
-+ SSL_CTX_add_session;
-+ SSL_CTX_callback_ctrl;
-+ SSL_CTX_check_private_key;
-+ SSL_CTX_ctrl;
-+ SSL_CTX_flush_sessions;
-+ SSL_CTX_free;
-+ SSL_CTX_get_cert_store;
-+ SSL_CTX_get_client_CA_list;
-+ SSL_CTX_get_client_cert_cb;
-+ SSL_CTX_get_ex_data;
-+ SSL_CTX_get_ex_new_index;
-+ SSL_CTX_get_info_callback;
-+ SSL_CTX_get_quiet_shutdown;
-+ SSL_CTX_get_timeout;
-+ SSL_CTX_get_verify_callback;
-+ SSL_CTX_get_verify_depth;
-+ SSL_CTX_get_verify_mode;
-+ SSL_CTX_load_verify_locations;
-+ SSL_CTX_new;
-+ SSL_CTX_remove_session;
-+ SSL_CTX_sess_get_get_cb;
-+ SSL_CTX_sess_get_new_cb;
-+ SSL_CTX_sess_get_remove_cb;
-+ SSL_CTX_sessions;
-+ SSL_CTX_sess_set_get_cb;
-+ SSL_CTX_sess_set_new_cb;
-+ SSL_CTX_sess_set_remove_cb;
-+ SSL_CTX_set1_param;
-+ SSL_CTX_set_cert_store;
-+ SSL_CTX_set_cert_verify_callback;
-+ SSL_CTX_set_cert_verify_cb;
-+ SSL_CTX_set_cipher_list;
-+ SSL_CTX_set_client_CA_list;
-+ SSL_CTX_set_client_cert_cb;
-+ SSL_CTX_set_client_cert_engine;
-+ SSL_CTX_set_cookie_generate_cb;
-+ SSL_CTX_set_cookie_verify_cb;
-+ SSL_CTX_set_default_passwd_cb;
-+ SSL_CTX_set_default_passwd_cb_userdata;
-+ SSL_CTX_set_default_verify_paths;
-+ SSL_CTX_set_def_passwd_cb_ud;
-+ SSL_CTX_set_def_verify_paths;
-+ SSL_CTX_set_ex_data;
-+ SSL_CTX_set_generate_session_id;
-+ SSL_CTX_set_info_callback;
-+ SSL_CTX_set_msg_callback;
-+ SSL_CTX_set_psk_client_callback;
-+ SSL_CTX_set_psk_server_callback;
-+ SSL_CTX_set_purpose;
-+ SSL_CTX_set_quiet_shutdown;
-+ SSL_CTX_set_session_id_context;
-+ SSL_CTX_set_ssl_version;
-+ SSL_CTX_set_timeout;
-+ SSL_CTX_set_tmp_dh_callback;
-+ SSL_CTX_set_tmp_ecdh_callback;
-+ SSL_CTX_set_tmp_rsa_callback;
-+ SSL_CTX_set_trust;
-+ SSL_CTX_set_verify;
-+ SSL_CTX_set_verify_depth;
-+ SSL_CTX_use_cert_chain_file;
-+ SSL_CTX_use_certificate;
-+ SSL_CTX_use_certificate_ASN1;
-+ SSL_CTX_use_certificate_chain_file;
-+ SSL_CTX_use_certificate_file;
-+ SSL_CTX_use_PrivateKey;
-+ SSL_CTX_use_PrivateKey_ASN1;
-+ SSL_CTX_use_PrivateKey_file;
-+ SSL_CTX_use_psk_identity_hint;
-+ SSL_CTX_use_RSAPrivateKey;
-+ SSL_CTX_use_RSAPrivateKey_ASN1;
-+ SSL_CTX_use_RSAPrivateKey_file;
-+ SSL_do_handshake;
-+ SSL_dup;
-+ SSL_dup_CA_list;
-+ SSLeay_add_ssl_algorithms;
-+ SSL_free;
-+ SSL_get1_session;
-+ SSL_get_certificate;
-+ SSL_get_cipher_list;
-+ SSL_get_ciphers;
-+ SSL_get_client_CA_list;
-+ SSL_get_current_cipher;
-+ SSL_get_current_compression;
-+ SSL_get_current_expansion;
-+ SSL_get_default_timeout;
-+ SSL_get_error;
-+ SSL_get_ex_data;
-+ SSL_get_ex_data_X509_STORE_CTX_idx;
-+ SSL_get_ex_d_X509_STORE_CTX_idx;
-+ SSL_get_ex_new_index;
-+ SSL_get_fd;
-+ SSL_get_finished;
-+ SSL_get_info_callback;
-+ SSL_get_peer_cert_chain;
-+ SSL_get_peer_certificate;
-+ SSL_get_peer_finished;
-+ SSL_get_privatekey;
-+ SSL_get_psk_identity;
-+ SSL_get_psk_identity_hint;
-+ SSL_get_quiet_shutdown;
-+ SSL_get_rbio;
-+ SSL_get_read_ahead;
-+ SSL_get_rfd;
-+ SSL_get_servername;
-+ SSL_get_servername_type;
-+ SSL_get_session;
-+ SSL_get_shared_ciphers;
-+ SSL_get_shutdown;
-+ SSL_get_SSL_CTX;
-+ SSL_get_ssl_method;
-+ SSL_get_verify_callback;
-+ SSL_get_verify_depth;
-+ SSL_get_verify_mode;
-+ SSL_get_verify_result;
-+ SSL_get_version;
-+ SSL_get_wbio;
-+ SSL_get_wfd;
-+ SSL_has_matching_session_id;
-+ SSL_library_init;
-+ SSL_load_client_CA_file;
-+ SSL_load_error_strings;
-+ SSL_new;
-+ SSL_peek;
-+ SSL_pending;
-+ SSL_read;
-+ SSL_renegotiate;
-+ SSL_renegotiate_pending;
-+ SSL_rstate_string;
-+ SSL_rstate_string_long;
-+ SSL_SESSION_cmp;
-+ SSL_SESSION_free;
-+ SSL_SESSION_get_ex_data;
-+ SSL_SESSION_get_ex_new_index;
-+ SSL_SESSION_get_id;
-+ SSL_SESSION_get_time;
-+ SSL_SESSION_get_timeout;
-+ SSL_SESSION_hash;
-+ SSL_SESSION_new;
-+ SSL_SESSION_print;
-+ SSL_SESSION_print_fp;
-+ SSL_SESSION_set_ex_data;
-+ SSL_SESSION_set_time;
-+ SSL_SESSION_set_timeout;
-+ SSL_set1_param;
-+ SSL_set_accept_state;
-+ SSL_set_bio;
-+ SSL_set_cipher_list;
-+ SSL_set_client_CA_list;
-+ SSL_set_connect_state;
-+ SSL_set_ex_data;
-+ SSL_set_fd;
-+ SSL_set_generate_session_id;
-+ SSL_set_info_callback;
-+ SSL_set_msg_callback;
-+ SSL_set_psk_client_callback;
-+ SSL_set_psk_server_callback;
-+ SSL_set_purpose;
-+ SSL_set_quiet_shutdown;
-+ SSL_set_read_ahead;
-+ SSL_set_rfd;
-+ SSL_set_session;
-+ SSL_set_session_id_context;
-+ SSL_set_session_secret_cb;
-+ SSL_set_session_ticket_ext;
-+ SSL_set_session_ticket_ext_cb;
-+ SSL_set_shutdown;
-+ SSL_set_SSL_CTX;
-+ SSL_set_ssl_method;
-+ SSL_set_tmp_dh_callback;
-+ SSL_set_tmp_ecdh_callback;
-+ SSL_set_tmp_rsa_callback;
-+ SSL_set_trust;
-+ SSL_set_verify;
-+ SSL_set_verify_depth;
-+ SSL_set_verify_result;
-+ SSL_set_wfd;
-+ SSL_shutdown;
-+ SSL_state;
-+ SSL_state_string;
-+ SSL_state_string_long;
-+ SSL_use_certificate;
-+ SSL_use_certificate_ASN1;
-+ SSL_use_certificate_file;
-+ SSL_use_PrivateKey;
-+ SSL_use_PrivateKey_ASN1;
-+ SSL_use_PrivateKey_file;
-+ SSL_use_psk_identity_hint;
-+ SSL_use_RSAPrivateKey;
-+ SSL_use_RSAPrivateKey_ASN1;
-+ SSL_use_RSAPrivateKey_file;
-+ SSLv23_client_method;
-+ SSLv23_method;
-+ SSLv23_server_method;
-+ SSLv2_client_method;
-+ SSLv2_method;
-+ SSLv2_server_method;
-+ SSLv3_client_method;
-+ SSLv3_method;
-+ SSLv3_server_method;
-+ SSL_version;
-+ SSL_want;
-+ SSL_write;
-+ TLSv1_client_method;
-+ TLSv1_method;
-+ TLSv1_server_method;
-+
-+
-+ SSLeay;
-+ SSLeay_version;
-+ ASN1_BIT_STRING_asn1_meth;
-+ ASN1_HEADER_free;
-+ ASN1_HEADER_new;
-+ ASN1_IA5STRING_asn1_meth;
-+ ASN1_INTEGER_get;
-+ ASN1_INTEGER_set;
-+ ASN1_INTEGER_to_BN;
-+ ASN1_OBJECT_create;
-+ ASN1_OBJECT_free;
-+ ASN1_OBJECT_new;
-+ ASN1_PRINTABLE_type;
-+ ASN1_STRING_cmp;
-+ ASN1_STRING_dup;
-+ ASN1_STRING_free;
-+ ASN1_STRING_new;
-+ ASN1_STRING_print;
-+ ASN1_STRING_set;
-+ ASN1_STRING_type_new;
-+ ASN1_TYPE_free;
-+ ASN1_TYPE_new;
-+ ASN1_UNIVERSALSTRING_to_string;
-+ ASN1_UTCTIME_check;
-+ ASN1_UTCTIME_print;
-+ ASN1_UTCTIME_set;
-+ ASN1_check_infinite_end;
-+ ASN1_d2i_bio;
-+ ASN1_d2i_fp;
-+ ASN1_digest;
-+ ASN1_dup;
-+ ASN1_get_object;
-+ ASN1_i2d_bio;
-+ ASN1_i2d_fp;
-+ ASN1_object_size;
-+ ASN1_parse;
-+ ASN1_put_object;
-+ ASN1_sign;
-+ ASN1_verify;
-+ BF_cbc_encrypt;
-+ BF_cfb64_encrypt;
-+ BF_ecb_encrypt;
-+ BF_encrypt;
-+ BF_ofb64_encrypt;
-+ BF_options;
-+ BF_set_key;
-+ BIO_CONNECT_free;
-+ BIO_CONNECT_new;
-+ BIO_accept;
-+ BIO_ctrl;
-+ BIO_int_ctrl;
-+ BIO_debug_callback;
-+ BIO_dump;
-+ BIO_dup_chain;
-+ BIO_f_base64;
-+ BIO_f_buffer;
-+ BIO_f_cipher;
-+ BIO_f_md;
-+ BIO_f_null;
-+ BIO_f_proxy_server;
-+ BIO_fd_non_fatal_error;
-+ BIO_fd_should_retry;
-+ BIO_find_type;
-+ BIO_free;
-+ BIO_free_all;
-+ BIO_get_accept_socket;
-+ BIO_get_filter_bio;
-+ BIO_get_host_ip;
-+ BIO_get_port;
-+ BIO_get_retry_BIO;
-+ BIO_get_retry_reason;
-+ BIO_gethostbyname;
-+ BIO_gets;
-+ BIO_new;
-+ BIO_new_accept;
-+ BIO_new_connect;
-+ BIO_new_fd;
-+ BIO_new_file;
-+ BIO_new_fp;
-+ BIO_new_socket;
-+ BIO_pop;
-+ BIO_printf;
-+ BIO_push;
-+ BIO_puts;
-+ BIO_read;
-+ BIO_s_accept;
-+ BIO_s_connect;
-+ BIO_s_fd;
-+ BIO_s_file;
-+ BIO_s_mem;
-+ BIO_s_null;
-+ BIO_s_proxy_client;
-+ BIO_s_socket;
-+ BIO_set;
-+ BIO_set_cipher;
-+ BIO_set_tcp_ndelay;
-+ BIO_sock_cleanup;
-+ BIO_sock_error;
-+ BIO_sock_init;
-+ BIO_sock_non_fatal_error;
-+ BIO_sock_should_retry;
-+ BIO_socket_ioctl;
-+ BIO_write;
-+ BN_CTX_free;
-+ BN_CTX_new;
-+ BN_MONT_CTX_free;
-+ BN_MONT_CTX_new;
-+ BN_MONT_CTX_set;
-+ BN_add;
-+ BN_add_word;
-+ BN_hex2bn;
-+ BN_bin2bn;
-+ BN_bn2hex;
-+ BN_bn2bin;
-+ BN_clear;
-+ BN_clear_bit;
-+ BN_clear_free;
-+ BN_cmp;
-+ BN_copy;
-+ BN_div;
-+ BN_div_word;
-+ BN_dup;
-+ BN_free;
-+ BN_from_montgomery;
-+ BN_gcd;
-+ BN_generate_prime;
-+ BN_get_word;
-+ BN_is_bit_set;
-+ BN_is_prime;
-+ BN_lshift;
-+ BN_lshift1;
-+ BN_mask_bits;
-+ BN_mod;
-+ BN_mod_exp;
-+ BN_mod_exp_mont;
-+ BN_mod_exp_simple;
-+ BN_mod_inverse;
-+ BN_mod_mul;
-+ BN_mod_mul_montgomery;
-+ BN_mod_word;
-+ BN_mul;
-+ BN_new;
-+ BN_num_bits;
-+ BN_num_bits_word;
-+ BN_options;
-+ BN_print;
-+ BN_print_fp;
-+ BN_rand;
-+ BN_reciprocal;
-+ BN_rshift;
-+ BN_rshift1;
-+ BN_set_bit;
-+ BN_set_word;
-+ BN_sqr;
-+ BN_sub;
-+ BN_to_ASN1_INTEGER;
-+ BN_ucmp;
-+ BN_value_one;
-+ BUF_MEM_free;
-+ BUF_MEM_grow;
-+ BUF_MEM_new;
-+ BUF_strdup;
-+ CONF_free;
-+ CONF_get_number;
-+ CONF_get_section;
-+ CONF_get_string;
-+ CONF_load;
-+ CRYPTO_add_lock;
-+ CRYPTO_dbg_free;
-+ CRYPTO_dbg_malloc;
-+ CRYPTO_dbg_realloc;
-+ CRYPTO_dbg_remalloc;
-+ CRYPTO_free;
-+ CRYPTO_get_add_lock_callback;
-+ CRYPTO_get_id_callback;
-+ CRYPTO_get_lock_name;
-+ CRYPTO_get_locking_callback;
-+ CRYPTO_get_mem_functions;
-+ CRYPTO_lock;
-+ CRYPTO_malloc;
-+ CRYPTO_mem_ctrl;
-+ CRYPTO_mem_leaks;
-+ CRYPTO_mem_leaks_cb;
-+ CRYPTO_mem_leaks_fp;
-+ CRYPTO_realloc;
-+ CRYPTO_remalloc;
-+ CRYPTO_set_add_lock_callback;
-+ CRYPTO_set_id_callback;
-+ CRYPTO_set_locking_callback;
-+ CRYPTO_set_mem_functions;
-+ CRYPTO_thread_id;
-+ DH_check;
-+ DH_compute_key;
-+ DH_free;
-+ DH_generate_key;
-+ DH_generate_parameters;
-+ DH_new;
-+ DH_size;
-+ DHparams_print;
-+ DHparams_print_fp;
-+ DSA_free;
-+ DSA_generate_key;
-+ DSA_generate_parameters;
-+ DSA_is_prime;
-+ DSA_new;
-+ DSA_print;
-+ DSA_print_fp;
-+ DSA_sign;
-+ DSA_sign_setup;
-+ DSA_size;
-+ DSA_verify;
-+ DSAparams_print;
-+ DSAparams_print_fp;
-+ ERR_clear_error;
-+ ERR_error_string;
-+ ERR_free_strings;
-+ ERR_func_error_string;
-+ ERR_get_err_state_table;
-+ ERR_get_error;
-+ ERR_get_error_line;
-+ ERR_get_state;
-+ ERR_get_string_table;
-+ ERR_lib_error_string;
-+ ERR_load_ASN1_strings;
-+ ERR_load_BIO_strings;
-+ ERR_load_BN_strings;
-+ ERR_load_BUF_strings;
-+ ERR_load_CONF_strings;
-+ ERR_load_DH_strings;
-+ ERR_load_DSA_strings;
-+ ERR_load_ERR_strings;
-+ ERR_load_EVP_strings;
-+ ERR_load_OBJ_strings;
-+ ERR_load_PEM_strings;
-+ ERR_load_PROXY_strings;
-+ ERR_load_RSA_strings;
-+ ERR_load_X509_strings;
-+ ERR_load_crypto_strings;
-+ ERR_load_strings;
-+ ERR_peek_error;
-+ ERR_peek_error_line;
-+ ERR_print_errors;
-+ ERR_print_errors_fp;
-+ ERR_put_error;
-+ ERR_reason_error_string;
-+ ERR_remove_state;
-+ EVP_BytesToKey;
-+ EVP_CIPHER_CTX_cleanup;
-+ EVP_CipherFinal;
-+ EVP_CipherInit;
-+ EVP_CipherUpdate;
-+ EVP_DecodeBlock;
-+ EVP_DecodeFinal;
-+ EVP_DecodeInit;
-+ EVP_DecodeUpdate;
-+ EVP_DecryptFinal;
-+ EVP_DecryptInit;
-+ EVP_DecryptUpdate;
-+ EVP_DigestFinal;
-+ EVP_DigestInit;
-+ EVP_DigestUpdate;
-+ EVP_EncodeBlock;
-+ EVP_EncodeFinal;
-+ EVP_EncodeInit;
-+ EVP_EncodeUpdate;
-+ EVP_EncryptFinal;
-+ EVP_EncryptInit;
-+ EVP_EncryptUpdate;
-+ EVP_OpenFinal;
-+ EVP_OpenInit;
-+ EVP_PKEY_assign;
-+ EVP_PKEY_copy_parameters;
-+ EVP_PKEY_free;
-+ EVP_PKEY_missing_parameters;
-+ EVP_PKEY_new;
-+ EVP_PKEY_save_parameters;
-+ EVP_PKEY_size;
-+ EVP_PKEY_type;
-+ EVP_SealFinal;
-+ EVP_SealInit;
-+ EVP_SignFinal;
-+ EVP_VerifyFinal;
-+ EVP_add_alias;
-+ EVP_add_cipher;
-+ EVP_add_digest;
-+ EVP_bf_cbc;
-+ EVP_bf_cfb64;
-+ EVP_bf_ecb;
-+ EVP_bf_ofb;
-+ EVP_cleanup;
-+ EVP_des_cbc;
-+ EVP_des_cfb64;
-+ EVP_des_ecb;
-+ EVP_des_ede;
-+ EVP_des_ede3;
-+ EVP_des_ede3_cbc;
-+ EVP_des_ede3_cfb64;
-+ EVP_des_ede3_ofb;
-+ EVP_des_ede_cbc;
-+ EVP_des_ede_cfb64;
-+ EVP_des_ede_ofb;
-+ EVP_des_ofb;
-+ EVP_desx_cbc;
-+ EVP_dss;
-+ EVP_dss1;
-+ EVP_enc_null;
-+ EVP_get_cipherbyname;
-+ EVP_get_digestbyname;
-+ EVP_get_pw_prompt;
-+ EVP_idea_cbc;
-+ EVP_idea_cfb64;
-+ EVP_idea_ecb;
-+ EVP_idea_ofb;
-+ EVP_md2;
-+ EVP_md5;
-+ EVP_md_null;
-+ EVP_rc2_cbc;
-+ EVP_rc2_cfb64;
-+ EVP_rc2_ecb;
-+ EVP_rc2_ofb;
-+ EVP_rc4;
-+ EVP_read_pw_string;
-+ EVP_set_pw_prompt;
-+ EVP_sha;
-+ EVP_sha1;
-+ MD2;
-+ MD2_Final;
-+ MD2_Init;
-+ MD2_Update;
-+ MD2_options;
-+ MD5;
-+ MD5_Final;
-+ MD5_Init;
-+ MD5_Update;
-+ MDC2;
-+ MDC2_Final;
-+ MDC2_Init;
-+ MDC2_Update;
-+ NETSCAPE_SPKAC_free;
-+ NETSCAPE_SPKAC_new;
-+ NETSCAPE_SPKI_free;
-+ NETSCAPE_SPKI_new;
-+ NETSCAPE_SPKI_sign;
-+ NETSCAPE_SPKI_verify;
-+ OBJ_add_object;
-+ OBJ_bsearch;
-+ OBJ_cleanup;
-+ OBJ_cmp;
-+ OBJ_create;
-+ OBJ_dup;
-+ OBJ_ln2nid;
-+ OBJ_new_nid;
-+ OBJ_nid2ln;
-+ OBJ_nid2obj;
-+ OBJ_nid2sn;
-+ OBJ_obj2nid;
-+ OBJ_sn2nid;
-+ OBJ_txt2nid;
-+ PEM_ASN1_read;
-+ PEM_ASN1_read_bio;
-+ PEM_ASN1_write;
-+ PEM_ASN1_write_bio;
-+ PEM_SealFinal;
-+ PEM_SealInit;
-+ PEM_SealUpdate;
-+ PEM_SignFinal;
-+ PEM_SignInit;
-+ PEM_SignUpdate;
-+ PEM_X509_INFO_read;
-+ PEM_X509_INFO_read_bio;
-+ PEM_X509_INFO_write_bio;
-+ PEM_dek_info;
-+ PEM_do_header;
-+ PEM_get_EVP_CIPHER_INFO;
-+ PEM_proc_type;
-+ PEM_read;
-+ PEM_read_DHparams;
-+ PEM_read_DSAPrivateKey;
-+ PEM_read_DSAparams;
-+ PEM_read_PKCS7;
-+ PEM_read_PrivateKey;
-+ PEM_read_RSAPrivateKey;
-+ PEM_read_X509;
-+ PEM_read_X509_CRL;
-+ PEM_read_X509_REQ;
-+ PEM_read_bio;
-+ PEM_read_bio_DHparams;
-+ PEM_read_bio_DSAPrivateKey;
-+ PEM_read_bio_DSAparams;
-+ PEM_read_bio_PKCS7;
-+ PEM_read_bio_PrivateKey;
-+ PEM_read_bio_RSAPrivateKey;
-+ PEM_read_bio_X509;
-+ PEM_read_bio_X509_CRL;
-+ PEM_read_bio_X509_REQ;
-+ PEM_write;
-+ PEM_write_DHparams;
-+ PEM_write_DSAPrivateKey;
-+ PEM_write_DSAparams;
-+ PEM_write_PKCS7;
-+ PEM_write_PrivateKey;
-+ PEM_write_RSAPrivateKey;
-+ PEM_write_X509;
-+ PEM_write_X509_CRL;
-+ PEM_write_X509_REQ;
-+ PEM_write_bio;
-+ PEM_write_bio_DHparams;
-+ PEM_write_bio_DSAPrivateKey;
-+ PEM_write_bio_DSAparams;
-+ PEM_write_bio_PKCS7;
-+ PEM_write_bio_PrivateKey;
-+ PEM_write_bio_RSAPrivateKey;
-+ PEM_write_bio_X509;
-+ PEM_write_bio_X509_CRL;
-+ PEM_write_bio_X509_REQ;
-+ PKCS7_DIGEST_free;
-+ PKCS7_DIGEST_new;
-+ PKCS7_ENCRYPT_free;
-+ PKCS7_ENCRYPT_new;
-+ PKCS7_ENC_CONTENT_free;
-+ PKCS7_ENC_CONTENT_new;
-+ PKCS7_ENVELOPE_free;
-+ PKCS7_ENVELOPE_new;
-+ PKCS7_ISSUER_AND_SERIAL_digest;
-+ PKCS7_ISSUER_AND_SERIAL_free;
-+ PKCS7_ISSUER_AND_SERIAL_new;
-+ PKCS7_RECIP_INFO_free;
-+ PKCS7_RECIP_INFO_new;
-+ PKCS7_SIGNED_free;
-+ PKCS7_SIGNED_new;
-+ PKCS7_SIGNER_INFO_free;
-+ PKCS7_SIGNER_INFO_new;
-+ PKCS7_SIGN_ENVELOPE_free;
-+ PKCS7_SIGN_ENVELOPE_new;
-+ PKCS7_dup;
-+ PKCS7_free;
-+ PKCS7_new;
-+ PROXY_ENTRY_add_noproxy;
-+ PROXY_ENTRY_clear_noproxy;
-+ PROXY_ENTRY_free;
-+ PROXY_ENTRY_get_noproxy;
-+ PROXY_ENTRY_new;
-+ PROXY_ENTRY_set_server;
-+ PROXY_add_noproxy;
-+ PROXY_add_server;
-+ PROXY_check_by_host;
-+ PROXY_check_url;
-+ PROXY_clear_noproxy;
-+ PROXY_free;
-+ PROXY_get_noproxy;
-+ PROXY_get_proxies;
-+ PROXY_get_proxy_entry;
-+ PROXY_load_conf;
-+ PROXY_new;
-+ PROXY_print;
-+ RAND_bytes;
-+ RAND_cleanup;
-+ RAND_file_name;
-+ RAND_load_file;
-+ RAND_screen;
-+ RAND_seed;
-+ RAND_write_file;
-+ RC2_cbc_encrypt;
-+ RC2_cfb64_encrypt;
-+ RC2_ecb_encrypt;
-+ RC2_encrypt;
-+ RC2_ofb64_encrypt;
-+ RC2_set_key;
-+ RC4;
-+ RC4_options;
-+ RC4_set_key;
-+ RSAPrivateKey_asn1_meth;
-+ RSAPrivateKey_dup;
-+ RSAPublicKey_dup;
-+ RSA_PKCS1_SSLeay;
-+ RSA_free;
-+ RSA_generate_key;
-+ RSA_new;
-+ RSA_new_method;
-+ RSA_print;
-+ RSA_print_fp;
-+ RSA_private_decrypt;
-+ RSA_private_encrypt;
-+ RSA_public_decrypt;
-+ RSA_public_encrypt;
-+ RSA_set_default_method;
-+ RSA_sign;
-+ RSA_sign_ASN1_OCTET_STRING;
-+ RSA_size;
-+ RSA_verify;
-+ RSA_verify_ASN1_OCTET_STRING;
-+ SHA;
-+ SHA1;
-+ SHA1_Final;
-+ SHA1_Init;
-+ SHA1_Update;
-+ SHA_Final;
-+ SHA_Init;
-+ SHA_Update;
-+ OpenSSL_add_all_algorithms;
-+ OpenSSL_add_all_ciphers;
-+ OpenSSL_add_all_digests;
-+ TXT_DB_create_index;
-+ TXT_DB_free;
-+ TXT_DB_get_by_index;
-+ TXT_DB_insert;
-+ TXT_DB_read;
-+ TXT_DB_write;
-+ X509_ALGOR_free;
-+ X509_ALGOR_new;
-+ X509_ATTRIBUTE_free;
-+ X509_ATTRIBUTE_new;
-+ X509_CINF_free;
-+ X509_CINF_new;
-+ X509_CRL_INFO_free;
-+ X509_CRL_INFO_new;
-+ X509_CRL_add_ext;
-+ X509_CRL_cmp;
-+ X509_CRL_delete_ext;
-+ X509_CRL_dup;
-+ X509_CRL_free;
-+ X509_CRL_get_ext;
-+ X509_CRL_get_ext_by_NID;
-+ X509_CRL_get_ext_by_OBJ;
-+ X509_CRL_get_ext_by_critical;
-+ X509_CRL_get_ext_count;
-+ X509_CRL_new;
-+ X509_CRL_sign;
-+ X509_CRL_verify;
-+ X509_EXTENSION_create_by_NID;
-+ X509_EXTENSION_create_by_OBJ;
-+ X509_EXTENSION_dup;
-+ X509_EXTENSION_free;
-+ X509_EXTENSION_get_critical;
-+ X509_EXTENSION_get_data;
-+ X509_EXTENSION_get_object;
-+ X509_EXTENSION_new;
-+ X509_EXTENSION_set_critical;
-+ X509_EXTENSION_set_data;
-+ X509_EXTENSION_set_object;
-+ X509_INFO_free;
-+ X509_INFO_new;
-+ X509_LOOKUP_by_alias;
-+ X509_LOOKUP_by_fingerprint;
-+ X509_LOOKUP_by_issuer_serial;
-+ X509_LOOKUP_by_subject;
-+ X509_LOOKUP_ctrl;
-+ X509_LOOKUP_file;
-+ X509_LOOKUP_free;
-+ X509_LOOKUP_hash_dir;
-+ X509_LOOKUP_init;
-+ X509_LOOKUP_new;
-+ X509_LOOKUP_shutdown;
-+ X509_NAME_ENTRY_create_by_NID;
-+ X509_NAME_ENTRY_create_by_OBJ;
-+ X509_NAME_ENTRY_dup;
-+ X509_NAME_ENTRY_free;
-+ X509_NAME_ENTRY_get_data;
-+ X509_NAME_ENTRY_get_object;
-+ X509_NAME_ENTRY_new;
-+ X509_NAME_ENTRY_set_data;
-+ X509_NAME_ENTRY_set_object;
-+ X509_NAME_add_entry;
-+ X509_NAME_cmp;
-+ X509_NAME_delete_entry;
-+ X509_NAME_digest;
-+ X509_NAME_dup;
-+ X509_NAME_entry_count;
-+ X509_NAME_free;
-+ X509_NAME_get_entry;
-+ X509_NAME_get_index_by_NID;
-+ X509_NAME_get_index_by_OBJ;
-+ X509_NAME_get_text_by_NID;
-+ X509_NAME_get_text_by_OBJ;
-+ X509_NAME_hash;
-+ X509_NAME_new;
-+ X509_NAME_oneline;
-+ X509_NAME_print;
-+ X509_NAME_set;
-+ X509_OBJECT_free_contents;
-+ X509_OBJECT_retrieve_by_subject;
-+ X509_OBJECT_up_ref_count;
-+ X509_PKEY_free;
-+ X509_PKEY_new;
-+ X509_PUBKEY_free;
-+ X509_PUBKEY_get;
-+ X509_PUBKEY_new;
-+ X509_PUBKEY_set;
-+ X509_REQ_INFO_free;
-+ X509_REQ_INFO_new;
-+ X509_REQ_dup;
-+ X509_REQ_free;
-+ X509_REQ_get_pubkey;
-+ X509_REQ_new;
-+ X509_REQ_print;
-+ X509_REQ_print_fp;
-+ X509_REQ_set_pubkey;
-+ X509_REQ_set_subject_name;
-+ X509_REQ_set_version;
-+ X509_REQ_sign;
-+ X509_REQ_to_X509;
-+ X509_REQ_verify;
-+ X509_REVOKED_add_ext;
-+ X509_REVOKED_delete_ext;
-+ X509_REVOKED_free;
-+ X509_REVOKED_get_ext;
-+ X509_REVOKED_get_ext_by_NID;
-+ X509_REVOKED_get_ext_by_OBJ;
-+ X509_REVOKED_get_ext_by_critical;
-+ X509_REVOKED_get_ext_by_critic;
-+ X509_REVOKED_get_ext_count;
-+ X509_REVOKED_new;
-+ X509_SIG_free;
-+ X509_SIG_new;
-+ X509_STORE_CTX_cleanup;
-+ X509_STORE_CTX_init;
-+ X509_STORE_add_cert;
-+ X509_STORE_add_lookup;
-+ X509_STORE_free;
-+ X509_STORE_get_by_subject;
-+ X509_STORE_load_locations;
-+ X509_STORE_new;
-+ X509_STORE_set_default_paths;
-+ X509_VAL_free;
-+ X509_VAL_new;
-+ X509_add_ext;
-+ X509_asn1_meth;
-+ X509_certificate_type;
-+ X509_check_private_key;
-+ X509_cmp_current_time;
-+ X509_delete_ext;
-+ X509_digest;
-+ X509_dup;
-+ X509_free;
-+ X509_get_default_cert_area;
-+ X509_get_default_cert_dir;
-+ X509_get_default_cert_dir_env;
-+ X509_get_default_cert_file;
-+ X509_get_default_cert_file_env;
-+ X509_get_default_private_dir;
-+ X509_get_ext;
-+ X509_get_ext_by_NID;
-+ X509_get_ext_by_OBJ;
-+ X509_get_ext_by_critical;
-+ X509_get_ext_count;
-+ X509_get_issuer_name;
-+ X509_get_pubkey;
-+ X509_get_pubkey_parameters;
-+ X509_get_serialNumber;
-+ X509_get_subject_name;
-+ X509_gmtime_adj;
-+ X509_issuer_and_serial_cmp;
-+ X509_issuer_and_serial_hash;
-+ X509_issuer_name_cmp;
-+ X509_issuer_name_hash;
-+ X509_load_cert_file;
-+ X509_new;
-+ X509_print;
-+ X509_print_fp;
-+ X509_set_issuer_name;
-+ X509_set_notAfter;
-+ X509_set_notBefore;
-+ X509_set_pubkey;
-+ X509_set_serialNumber;
-+ X509_set_subject_name;
-+ X509_set_version;
-+ X509_sign;
-+ X509_subject_name_cmp;
-+ X509_subject_name_hash;
-+ X509_to_X509_REQ;
-+ X509_verify;
-+ X509_verify_cert;
-+ X509_verify_cert_error_string;
-+ X509v3_add_ext;
-+ X509v3_add_extension;
-+ X509v3_add_netscape_extensions;
-+ X509v3_add_standard_extensions;
-+ X509v3_cleanup_extensions;
-+ X509v3_data_type_by_NID;
-+ X509v3_data_type_by_OBJ;
-+ X509v3_delete_ext;
-+ X509v3_get_ext;
-+ X509v3_get_ext_by_NID;
-+ X509v3_get_ext_by_OBJ;
-+ X509v3_get_ext_by_critical;
-+ X509v3_get_ext_count;
-+ X509v3_pack_string;
-+ X509v3_pack_type_by_NID;
-+ X509v3_pack_type_by_OBJ;
-+ X509v3_unpack_string;
-+ _des_crypt;
-+ a2d_ASN1_OBJECT;
-+ a2i_ASN1_INTEGER;
-+ a2i_ASN1_STRING;
-+ asn1_Finish;
-+ asn1_GetSequence;
-+ bn_div_words;
-+ bn_expand2;
-+ bn_mul_add_words;
-+ bn_mul_words;
-+ BN_uadd;
-+ BN_usub;
-+ bn_sqr_words;
-+ _ossl_old_crypt;
-+ d2i_ASN1_BIT_STRING;
-+ d2i_ASN1_BOOLEAN;
-+ d2i_ASN1_HEADER;
-+ d2i_ASN1_IA5STRING;
-+ d2i_ASN1_INTEGER;
-+ d2i_ASN1_OBJECT;
-+ d2i_ASN1_OCTET_STRING;
-+ d2i_ASN1_PRINTABLE;
-+ d2i_ASN1_PRINTABLESTRING;
-+ d2i_ASN1_SET;
-+ d2i_ASN1_T61STRING;
-+ d2i_ASN1_TYPE;
-+ d2i_ASN1_UTCTIME;
-+ d2i_ASN1_bytes;
-+ d2i_ASN1_type_bytes;
-+ d2i_DHparams;
-+ d2i_DSAPrivateKey;
-+ d2i_DSAPrivateKey_bio;
-+ d2i_DSAPrivateKey_fp;
-+ d2i_DSAPublicKey;
-+ d2i_DSAparams;
-+ d2i_NETSCAPE_SPKAC;
-+ d2i_NETSCAPE_SPKI;
-+ d2i_Netscape_RSA;
-+ d2i_PKCS7;
-+ d2i_PKCS7_DIGEST;
-+ d2i_PKCS7_ENCRYPT;
-+ d2i_PKCS7_ENC_CONTENT;
-+ d2i_PKCS7_ENVELOPE;
-+ d2i_PKCS7_ISSUER_AND_SERIAL;
-+ d2i_PKCS7_RECIP_INFO;
-+ d2i_PKCS7_SIGNED;
-+ d2i_PKCS7_SIGNER_INFO;
-+ d2i_PKCS7_SIGN_ENVELOPE;
-+ d2i_PKCS7_bio;
-+ d2i_PKCS7_fp;
-+ d2i_PrivateKey;
-+ d2i_PublicKey;
-+ d2i_RSAPrivateKey;
-+ d2i_RSAPrivateKey_bio;
-+ d2i_RSAPrivateKey_fp;
-+ d2i_RSAPublicKey;
-+ d2i_X509;
-+ d2i_X509_ALGOR;
-+ d2i_X509_ATTRIBUTE;
-+ d2i_X509_CINF;
-+ d2i_X509_CRL;
-+ d2i_X509_CRL_INFO;
-+ d2i_X509_CRL_bio;
-+ d2i_X509_CRL_fp;
-+ d2i_X509_EXTENSION;
-+ d2i_X509_NAME;
-+ d2i_X509_NAME_ENTRY;
-+ d2i_X509_PKEY;
-+ d2i_X509_PUBKEY;
-+ d2i_X509_REQ;
-+ d2i_X509_REQ_INFO;
-+ d2i_X509_REQ_bio;
-+ d2i_X509_REQ_fp;
-+ d2i_X509_REVOKED;
-+ d2i_X509_SIG;
-+ d2i_X509_VAL;
-+ d2i_X509_bio;
-+ d2i_X509_fp;
-+ DES_cbc_cksum;
-+ DES_cbc_encrypt;
-+ DES_cblock_print_file;
-+ DES_cfb64_encrypt;
-+ DES_cfb_encrypt;
-+ DES_decrypt3;
-+ DES_ecb3_encrypt;
-+ DES_ecb_encrypt;
-+ DES_ede3_cbc_encrypt;
-+ DES_ede3_cfb64_encrypt;
-+ DES_ede3_ofb64_encrypt;
-+ DES_enc_read;
-+ DES_enc_write;
-+ DES_encrypt1;
-+ DES_encrypt2;
-+ DES_encrypt3;
-+ DES_fcrypt;
-+ DES_is_weak_key;
-+ DES_key_sched;
-+ DES_ncbc_encrypt;
-+ DES_ofb64_encrypt;
-+ DES_ofb_encrypt;
-+ DES_options;
-+ DES_pcbc_encrypt;
-+ DES_quad_cksum;
-+ DES_random_key;
-+ _ossl_old_des_random_seed;
-+ _ossl_old_des_read_2passwords;
-+ _ossl_old_des_read_password;
-+ _ossl_old_des_read_pw;
-+ _ossl_old_des_read_pw_string;
-+ DES_set_key;
-+ DES_set_odd_parity;
-+ DES_string_to_2keys;
-+ DES_string_to_key;
-+ DES_xcbc_encrypt;
-+ DES_xwhite_in2out;
-+ fcrypt_body;
-+ i2a_ASN1_INTEGER;
-+ i2a_ASN1_OBJECT;
-+ i2a_ASN1_STRING;
-+ i2d_ASN1_BIT_STRING;
-+ i2d_ASN1_BOOLEAN;
-+ i2d_ASN1_HEADER;
-+ i2d_ASN1_IA5STRING;
-+ i2d_ASN1_INTEGER;
-+ i2d_ASN1_OBJECT;
-+ i2d_ASN1_OCTET_STRING;
-+ i2d_ASN1_PRINTABLE;
-+ i2d_ASN1_SET;
-+ i2d_ASN1_TYPE;
-+ i2d_ASN1_UTCTIME;
-+ i2d_ASN1_bytes;
-+ i2d_DHparams;
-+ i2d_DSAPrivateKey;
-+ i2d_DSAPrivateKey_bio;
-+ i2d_DSAPrivateKey_fp;
-+ i2d_DSAPublicKey;
-+ i2d_DSAparams;
-+ i2d_NETSCAPE_SPKAC;
-+ i2d_NETSCAPE_SPKI;
-+ i2d_Netscape_RSA;
-+ i2d_PKCS7;
-+ i2d_PKCS7_DIGEST;
-+ i2d_PKCS7_ENCRYPT;
-+ i2d_PKCS7_ENC_CONTENT;
-+ i2d_PKCS7_ENVELOPE;
-+ i2d_PKCS7_ISSUER_AND_SERIAL;
-+ i2d_PKCS7_RECIP_INFO;
-+ i2d_PKCS7_SIGNED;
-+ i2d_PKCS7_SIGNER_INFO;
-+ i2d_PKCS7_SIGN_ENVELOPE;
-+ i2d_PKCS7_bio;
-+ i2d_PKCS7_fp;
-+ i2d_PrivateKey;
-+ i2d_PublicKey;
-+ i2d_RSAPrivateKey;
-+ i2d_RSAPrivateKey_bio;
-+ i2d_RSAPrivateKey_fp;
-+ i2d_RSAPublicKey;
-+ i2d_X509;
-+ i2d_X509_ALGOR;
-+ i2d_X509_ATTRIBUTE;
-+ i2d_X509_CINF;
-+ i2d_X509_CRL;
-+ i2d_X509_CRL_INFO;
-+ i2d_X509_CRL_bio;
-+ i2d_X509_CRL_fp;
-+ i2d_X509_EXTENSION;
-+ i2d_X509_NAME;
-+ i2d_X509_NAME_ENTRY;
-+ i2d_X509_PKEY;
-+ i2d_X509_PUBKEY;
-+ i2d_X509_REQ;
-+ i2d_X509_REQ_INFO;
-+ i2d_X509_REQ_bio;
-+ i2d_X509_REQ_fp;
-+ i2d_X509_REVOKED;
-+ i2d_X509_SIG;
-+ i2d_X509_VAL;
-+ i2d_X509_bio;
-+ i2d_X509_fp;
-+ idea_cbc_encrypt;
-+ idea_cfb64_encrypt;
-+ idea_ecb_encrypt;
-+ idea_encrypt;
-+ idea_ofb64_encrypt;
-+ idea_options;
-+ idea_set_decrypt_key;
-+ idea_set_encrypt_key;
-+ lh_delete;
-+ lh_doall;
-+ lh_doall_arg;
-+ lh_free;
-+ lh_insert;
-+ lh_new;
-+ lh_node_stats;
-+ lh_node_stats_bio;
-+ lh_node_usage_stats;
-+ lh_node_usage_stats_bio;
-+ lh_retrieve;
-+ lh_stats;
-+ lh_stats_bio;
-+ lh_strhash;
-+ sk_delete;
-+ sk_delete_ptr;
-+ sk_dup;
-+ sk_find;
-+ sk_free;
-+ sk_insert;
-+ sk_new;
-+ sk_pop;
-+ sk_pop_free;
-+ sk_push;
-+ sk_set_cmp_func;
-+ sk_shift;
-+ sk_unshift;
-+ sk_zero;
-+ BIO_f_nbio_test;
-+ ASN1_TYPE_get;
-+ ASN1_TYPE_set;
-+ PKCS7_content_free;
-+ ERR_load_PKCS7_strings;
-+ X509_find_by_issuer_and_serial;
-+ X509_find_by_subject;
-+ PKCS7_ctrl;
-+ PKCS7_set_type;
-+ PKCS7_set_content;
-+ PKCS7_SIGNER_INFO_set;
-+ PKCS7_add_signer;
-+ PKCS7_add_certificate;
-+ PKCS7_add_crl;
-+ PKCS7_content_new;
-+ PKCS7_dataSign;
-+ PKCS7_dataVerify;
-+ PKCS7_dataInit;
-+ PKCS7_add_signature;
-+ PKCS7_cert_from_signer_info;
-+ PKCS7_get_signer_info;
-+ EVP_delete_alias;
-+ EVP_mdc2;
-+ PEM_read_bio_RSAPublicKey;
-+ PEM_write_bio_RSAPublicKey;
-+ d2i_RSAPublicKey_bio;
-+ i2d_RSAPublicKey_bio;
-+ PEM_read_RSAPublicKey;
-+ PEM_write_RSAPublicKey;
-+ d2i_RSAPublicKey_fp;
-+ i2d_RSAPublicKey_fp;
-+ BIO_copy_next_retry;
-+ RSA_flags;
-+ X509_STORE_add_crl;
-+ X509_load_crl_file;
-+ EVP_rc2_40_cbc;
-+ EVP_rc4_40;
-+ EVP_CIPHER_CTX_init;
-+ HMAC;
-+ HMAC_Init;
-+ HMAC_Update;
-+ HMAC_Final;
-+ ERR_get_next_error_library;
-+ EVP_PKEY_cmp_parameters;
-+ HMAC_cleanup;
-+ BIO_ptr_ctrl;
-+ BIO_new_file_internal;
-+ BIO_new_fp_internal;
-+ BIO_s_file_internal;
-+ BN_BLINDING_convert;
-+ BN_BLINDING_invert;
-+ BN_BLINDING_update;
-+ RSA_blinding_on;
-+ RSA_blinding_off;
-+ i2t_ASN1_OBJECT;
-+ BN_BLINDING_new;
-+ BN_BLINDING_free;
-+ EVP_cast5_cbc;
-+ EVP_cast5_cfb64;
-+ EVP_cast5_ecb;
-+ EVP_cast5_ofb;
-+ BF_decrypt;
-+ CAST_set_key;
-+ CAST_encrypt;
-+ CAST_decrypt;
-+ CAST_ecb_encrypt;
-+ CAST_cbc_encrypt;
-+ CAST_cfb64_encrypt;
-+ CAST_ofb64_encrypt;
-+ RC2_decrypt;
-+ OBJ_create_objects;
-+ BN_exp;
-+ BN_mul_word;
-+ BN_sub_word;
-+ BN_dec2bn;
-+ BN_bn2dec;
-+ BIO_ghbn_ctrl;
-+ CRYPTO_free_ex_data;
-+ CRYPTO_get_ex_data;
-+ CRYPTO_set_ex_data;
-+ ERR_load_CRYPTO_strings;
-+ ERR_load_CRYPTOlib_strings;
-+ EVP_PKEY_bits;
-+ MD5_Transform;
-+ SHA1_Transform;
-+ SHA_Transform;
-+ X509_STORE_CTX_get_chain;
-+ X509_STORE_CTX_get_current_cert;
-+ X509_STORE_CTX_get_error;
-+ X509_STORE_CTX_get_error_depth;
-+ X509_STORE_CTX_get_ex_data;
-+ X509_STORE_CTX_set_cert;
-+ X509_STORE_CTX_set_chain;
-+ X509_STORE_CTX_set_error;
-+ X509_STORE_CTX_set_ex_data;
-+ CRYPTO_dup_ex_data;
-+ CRYPTO_get_new_lockid;
-+ CRYPTO_new_ex_data;
-+ RSA_set_ex_data;
-+ RSA_get_ex_data;
-+ RSA_get_ex_new_index;
-+ RSA_padding_add_PKCS1_type_1;
-+ RSA_padding_add_PKCS1_type_2;
-+ RSA_padding_add_SSLv23;
-+ RSA_padding_add_none;
-+ RSA_padding_check_PKCS1_type_1;
-+ RSA_padding_check_PKCS1_type_2;
-+ RSA_padding_check_SSLv23;
-+ RSA_padding_check_none;
-+ bn_add_words;
-+ d2i_Netscape_RSA_2;
-+ CRYPTO_get_ex_new_index;
-+ RIPEMD160_Init;
-+ RIPEMD160_Update;
-+ RIPEMD160_Final;
-+ RIPEMD160;
-+ RIPEMD160_Transform;
-+ RC5_32_set_key;
-+ RC5_32_ecb_encrypt;
-+ RC5_32_encrypt;
-+ RC5_32_decrypt;
-+ RC5_32_cbc_encrypt;
-+ RC5_32_cfb64_encrypt;
-+ RC5_32_ofb64_encrypt;
-+ BN_bn2mpi;
-+ BN_mpi2bn;
-+ ASN1_BIT_STRING_get_bit;
-+ ASN1_BIT_STRING_set_bit;
-+ BIO_get_ex_data;
-+ BIO_get_ex_new_index;
-+ BIO_set_ex_data;
-+ X509v3_get_key_usage;
-+ X509v3_set_key_usage;
-+ a2i_X509v3_key_usage;
-+ i2a_X509v3_key_usage;
-+ EVP_PKEY_decrypt;
-+ EVP_PKEY_encrypt;
-+ PKCS7_RECIP_INFO_set;
-+ PKCS7_add_recipient;
-+ PKCS7_add_recipient_info;
-+ PKCS7_set_cipher;
-+ ASN1_TYPE_get_int_octetstring;
-+ ASN1_TYPE_get_octetstring;
-+ ASN1_TYPE_set_int_octetstring;
-+ ASN1_TYPE_set_octetstring;
-+ ASN1_UTCTIME_set_string;
-+ ERR_add_error_data;
-+ ERR_set_error_data;
-+ EVP_CIPHER_asn1_to_param;
-+ EVP_CIPHER_param_to_asn1;
-+ EVP_CIPHER_get_asn1_iv;
-+ EVP_CIPHER_set_asn1_iv;
-+ EVP_rc5_32_12_16_cbc;
-+ EVP_rc5_32_12_16_cfb64;
-+ EVP_rc5_32_12_16_ecb;
-+ EVP_rc5_32_12_16_ofb;
-+ asn1_add_error;
-+ d2i_ASN1_BMPSTRING;
-+ i2d_ASN1_BMPSTRING;
-+ BIO_f_ber;
-+ BN_init;
-+ COMP_CTX_new;
-+ COMP_CTX_free;
-+ COMP_CTX_compress_block;
-+ COMP_CTX_expand_block;
-+ X509_STORE_CTX_get_ex_new_index;
-+ OBJ_NAME_add;
-+ BIO_socket_nbio;
-+ EVP_rc2_64_cbc;
-+ OBJ_NAME_cleanup;
-+ OBJ_NAME_get;
-+ OBJ_NAME_init;
-+ OBJ_NAME_new_index;
-+ OBJ_NAME_remove;
-+ BN_MONT_CTX_copy;
-+ BIO_new_socks4a_connect;
-+ BIO_s_socks4a_connect;
-+ PROXY_set_connect_mode;
-+ RAND_SSLeay;
-+ RAND_set_rand_method;
-+ RSA_memory_lock;
-+ bn_sub_words;
-+ bn_mul_normal;
-+ bn_mul_comba8;
-+ bn_mul_comba4;
-+ bn_sqr_normal;
-+ bn_sqr_comba8;
-+ bn_sqr_comba4;
-+ bn_cmp_words;
-+ bn_mul_recursive;
-+ bn_mul_part_recursive;
-+ bn_sqr_recursive;
-+ bn_mul_low_normal;
-+ BN_RECP_CTX_init;
-+ BN_RECP_CTX_new;
-+ BN_RECP_CTX_free;
-+ BN_RECP_CTX_set;
-+ BN_mod_mul_reciprocal;
-+ BN_mod_exp_recp;
-+ BN_div_recp;
-+ BN_CTX_init;
-+ BN_MONT_CTX_init;
-+ RAND_get_rand_method;
-+ PKCS7_add_attribute;
-+ PKCS7_add_signed_attribute;
-+ PKCS7_digest_from_attributes;
-+ PKCS7_get_attribute;
-+ PKCS7_get_issuer_and_serial;
-+ PKCS7_get_signed_attribute;
-+ COMP_compress_block;
-+ COMP_expand_block;
-+ COMP_rle;
-+ COMP_zlib;
-+ ms_time_diff;
-+ ms_time_new;
-+ ms_time_free;
-+ ms_time_cmp;
-+ ms_time_get;
-+ PKCS7_set_attributes;
-+ PKCS7_set_signed_attributes;
-+ X509_ATTRIBUTE_create;
-+ X509_ATTRIBUTE_dup;
-+ ASN1_GENERALIZEDTIME_check;
-+ ASN1_GENERALIZEDTIME_print;
-+ ASN1_GENERALIZEDTIME_set;
-+ ASN1_GENERALIZEDTIME_set_string;
-+ ASN1_TIME_print;
-+ BASIC_CONSTRAINTS_free;
-+ BASIC_CONSTRAINTS_new;
-+ ERR_load_X509V3_strings;
-+ NETSCAPE_CERT_SEQUENCE_free;
-+ NETSCAPE_CERT_SEQUENCE_new;
-+ OBJ_txt2obj;
-+ PEM_read_NETSCAPE_CERT_SEQUENCE;
-+ PEM_read_NS_CERT_SEQ;
-+ PEM_read_bio_NETSCAPE_CERT_SEQUENCE;
-+ PEM_read_bio_NS_CERT_SEQ;
-+ PEM_write_NETSCAPE_CERT_SEQUENCE;
-+ PEM_write_NS_CERT_SEQ;
-+ PEM_write_bio_NETSCAPE_CERT_SEQUENCE;
-+ PEM_write_bio_NS_CERT_SEQ;
-+ X509V3_EXT_add;
-+ X509V3_EXT_add_alias;
-+ X509V3_EXT_add_conf;
-+ X509V3_EXT_cleanup;
-+ X509V3_EXT_conf;
-+ X509V3_EXT_conf_nid;
-+ X509V3_EXT_get;
-+ X509V3_EXT_get_nid;
-+ X509V3_EXT_print;
-+ X509V3_EXT_print_fp;
-+ X509V3_add_standard_extensions;
-+ X509V3_add_value;
-+ X509V3_add_value_bool;
-+ X509V3_add_value_int;
-+ X509V3_conf_free;
-+ X509V3_get_value_bool;
-+ X509V3_get_value_int;
-+ X509V3_parse_list;
-+ d2i_ASN1_GENERALIZEDTIME;
-+ d2i_ASN1_TIME;
-+ d2i_BASIC_CONSTRAINTS;
-+ d2i_NETSCAPE_CERT_SEQUENCE;
-+ d2i_ext_ku;
-+ ext_ku_free;
-+ ext_ku_new;
-+ i2d_ASN1_GENERALIZEDTIME;
-+ i2d_ASN1_TIME;
-+ i2d_BASIC_CONSTRAINTS;
-+ i2d_NETSCAPE_CERT_SEQUENCE;
-+ i2d_ext_ku;
-+ EVP_MD_CTX_copy;
-+ i2d_ASN1_ENUMERATED;
-+ d2i_ASN1_ENUMERATED;
-+ ASN1_ENUMERATED_set;
-+ ASN1_ENUMERATED_get;
-+ BN_to_ASN1_ENUMERATED;
-+ ASN1_ENUMERATED_to_BN;
-+ i2a_ASN1_ENUMERATED;
-+ a2i_ASN1_ENUMERATED;
-+ i2d_GENERAL_NAME;
-+ d2i_GENERAL_NAME;
-+ GENERAL_NAME_new;
-+ GENERAL_NAME_free;
-+ GENERAL_NAMES_new;
-+ GENERAL_NAMES_free;
-+ d2i_GENERAL_NAMES;
-+ i2d_GENERAL_NAMES;
-+ i2v_GENERAL_NAMES;
-+ i2s_ASN1_OCTET_STRING;
-+ s2i_ASN1_OCTET_STRING;
-+ X509V3_EXT_check_conf;
-+ hex_to_string;
-+ string_to_hex;
-+ DES_ede3_cbcm_encrypt;
-+ RSA_padding_add_PKCS1_OAEP;
-+ RSA_padding_check_PKCS1_OAEP;
-+ X509_CRL_print_fp;
-+ X509_CRL_print;
-+ i2v_GENERAL_NAME;
-+ v2i_GENERAL_NAME;
-+ i2d_PKEY_USAGE_PERIOD;
-+ d2i_PKEY_USAGE_PERIOD;
-+ PKEY_USAGE_PERIOD_new;
-+ PKEY_USAGE_PERIOD_free;
-+ v2i_GENERAL_NAMES;
-+ i2s_ASN1_INTEGER;
-+ X509V3_EXT_d2i;
-+ name_cmp;
-+ str_dup;
-+ i2s_ASN1_ENUMERATED;
-+ i2s_ASN1_ENUMERATED_TABLE;
-+ BIO_s_log;
-+ BIO_f_reliable;
-+ PKCS7_dataFinal;
-+ PKCS7_dataDecode;
-+ X509V3_EXT_CRL_add_conf;
-+ BN_set_params;
-+ BN_get_params;
-+ BIO_get_ex_num;
-+ BIO_set_ex_free_func;
-+ EVP_ripemd160;
-+ ASN1_TIME_set;
-+ i2d_AUTHORITY_KEYID;
-+ d2i_AUTHORITY_KEYID;
-+ AUTHORITY_KEYID_new;
-+ AUTHORITY_KEYID_free;
-+ ASN1_seq_unpack;
-+ ASN1_seq_pack;
-+ ASN1_unpack_string;
-+ ASN1_pack_string;
-+ PKCS12_pack_safebag;
-+ PKCS12_MAKE_KEYBAG;
-+ PKCS8_encrypt;
-+ PKCS12_MAKE_SHKEYBAG;
-+ PKCS12_pack_p7data;
-+ PKCS12_pack_p7encdata;
-+ PKCS12_add_localkeyid;
-+ PKCS12_add_friendlyname_asc;
-+ PKCS12_add_friendlyname_uni;
-+ PKCS12_get_friendlyname;
-+ PKCS12_pbe_crypt;
-+ PKCS12_decrypt_d2i;
-+ PKCS12_i2d_encrypt;
-+ PKCS12_init;
-+ PKCS12_key_gen_asc;
-+ PKCS12_key_gen_uni;
-+ PKCS12_gen_mac;
-+ PKCS12_verify_mac;
-+ PKCS12_set_mac;
-+ PKCS12_setup_mac;
-+ OPENSSL_asc2uni;
-+ OPENSSL_uni2asc;
-+ i2d_PKCS12_BAGS;
-+ PKCS12_BAGS_new;
-+ d2i_PKCS12_BAGS;
-+ PKCS12_BAGS_free;
-+ i2d_PKCS12;
-+ d2i_PKCS12;
-+ PKCS12_new;
-+ PKCS12_free;
-+ i2d_PKCS12_MAC_DATA;
-+ PKCS12_MAC_DATA_new;
-+ d2i_PKCS12_MAC_DATA;
-+ PKCS12_MAC_DATA_free;
-+ i2d_PKCS12_SAFEBAG;
-+ PKCS12_SAFEBAG_new;
-+ d2i_PKCS12_SAFEBAG;
-+ PKCS12_SAFEBAG_free;
-+ ERR_load_PKCS12_strings;
-+ PKCS12_PBE_add;
-+ PKCS8_add_keyusage;
-+ PKCS12_get_attr_gen;
-+ PKCS12_parse;
-+ PKCS12_create;
-+ i2d_PKCS12_bio;
-+ i2d_PKCS12_fp;
-+ d2i_PKCS12_bio;
-+ d2i_PKCS12_fp;
-+ i2d_PBEPARAM;
-+ PBEPARAM_new;
-+ d2i_PBEPARAM;
-+ PBEPARAM_free;
-+ i2d_PKCS8_PRIV_KEY_INFO;
-+ PKCS8_PRIV_KEY_INFO_new;
-+ d2i_PKCS8_PRIV_KEY_INFO;
-+ PKCS8_PRIV_KEY_INFO_free;
-+ EVP_PKCS82PKEY;
-+ EVP_PKEY2PKCS8;
-+ PKCS8_set_broken;
-+ EVP_PBE_ALGOR_CipherInit;
-+ EVP_PBE_alg_add;
-+ PKCS5_pbe_set;
-+ EVP_PBE_cleanup;
-+ i2d_SXNET;
-+ d2i_SXNET;
-+ SXNET_new;
-+ SXNET_free;
-+ i2d_SXNETID;
-+ d2i_SXNETID;
-+ SXNETID_new;
-+ SXNETID_free;
-+ DSA_SIG_new;
-+ DSA_SIG_free;
-+ DSA_do_sign;
-+ DSA_do_verify;
-+ d2i_DSA_SIG;
-+ i2d_DSA_SIG;
-+ i2d_ASN1_VISIBLESTRING;
-+ d2i_ASN1_VISIBLESTRING;
-+ i2d_ASN1_UTF8STRING;
-+ d2i_ASN1_UTF8STRING;
-+ i2d_DIRECTORYSTRING;
-+ d2i_DIRECTORYSTRING;
-+ i2d_DISPLAYTEXT;
-+ d2i_DISPLAYTEXT;
-+ d2i_ASN1_SET_OF_X509;
-+ i2d_ASN1_SET_OF_X509;
-+ i2d_PBKDF2PARAM;
-+ PBKDF2PARAM_new;
-+ d2i_PBKDF2PARAM;
-+ PBKDF2PARAM_free;
-+ i2d_PBE2PARAM;
-+ PBE2PARAM_new;
-+ d2i_PBE2PARAM;
-+ PBE2PARAM_free;
-+ d2i_ASN1_SET_OF_GENERAL_NAME;
-+ i2d_ASN1_SET_OF_GENERAL_NAME;
-+ d2i_ASN1_SET_OF_SXNETID;
-+ i2d_ASN1_SET_OF_SXNETID;
-+ d2i_ASN1_SET_OF_POLICYQUALINFO;
-+ i2d_ASN1_SET_OF_POLICYQUALINFO;
-+ d2i_ASN1_SET_OF_POLICYINFO;
-+ i2d_ASN1_SET_OF_POLICYINFO;
-+ SXNET_add_id_asc;
-+ SXNET_add_id_ulong;
-+ SXNET_add_id_INTEGER;
-+ SXNET_get_id_asc;
-+ SXNET_get_id_ulong;
-+ SXNET_get_id_INTEGER;
-+ X509V3_set_conf_lhash;
-+ i2d_CERTIFICATEPOLICIES;
-+ CERTIFICATEPOLICIES_new;
-+ CERTIFICATEPOLICIES_free;
-+ d2i_CERTIFICATEPOLICIES;
-+ i2d_POLICYINFO;
-+ POLICYINFO_new;
-+ d2i_POLICYINFO;
-+ POLICYINFO_free;
-+ i2d_POLICYQUALINFO;
-+ POLICYQUALINFO_new;
-+ d2i_POLICYQUALINFO;
-+ POLICYQUALINFO_free;
-+ i2d_USERNOTICE;
-+ USERNOTICE_new;
-+ d2i_USERNOTICE;
-+ USERNOTICE_free;
-+ i2d_NOTICEREF;
-+ NOTICEREF_new;
-+ d2i_NOTICEREF;
-+ NOTICEREF_free;
-+ X509V3_get_string;
-+ X509V3_get_section;
-+ X509V3_string_free;
-+ X509V3_section_free;
-+ X509V3_set_ctx;
-+ s2i_ASN1_INTEGER;
-+ CRYPTO_set_locked_mem_functions;
-+ CRYPTO_get_locked_mem_functions;
-+ CRYPTO_malloc_locked;
-+ CRYPTO_free_locked;
-+ BN_mod_exp2_mont;
-+ ERR_get_error_line_data;
-+ ERR_peek_error_line_data;
-+ PKCS12_PBE_keyivgen;
-+ X509_ALGOR_dup;
-+ d2i_ASN1_SET_OF_DIST_POINT;
-+ i2d_ASN1_SET_OF_DIST_POINT;
-+ i2d_CRL_DIST_POINTS;
-+ CRL_DIST_POINTS_new;
-+ CRL_DIST_POINTS_free;
-+ d2i_CRL_DIST_POINTS;
-+ i2d_DIST_POINT;
-+ DIST_POINT_new;
-+ d2i_DIST_POINT;
-+ DIST_POINT_free;
-+ i2d_DIST_POINT_NAME;
-+ DIST_POINT_NAME_new;
-+ DIST_POINT_NAME_free;
-+ d2i_DIST_POINT_NAME;
-+ X509V3_add_value_uchar;
-+ d2i_ASN1_SET_OF_X509_ATTRIBUTE;
-+ i2d_ASN1_SET_OF_ASN1_TYPE;
-+ d2i_ASN1_SET_OF_X509_EXTENSION;
-+ d2i_ASN1_SET_OF_X509_NAME_ENTRY;
-+ d2i_ASN1_SET_OF_ASN1_TYPE;
-+ i2d_ASN1_SET_OF_X509_ATTRIBUTE;
-+ i2d_ASN1_SET_OF_X509_EXTENSION;
-+ i2d_ASN1_SET_OF_X509_NAME_ENTRY;
-+ X509V3_EXT_i2d;
-+ X509V3_EXT_val_prn;
-+ X509V3_EXT_add_list;
-+ EVP_CIPHER_type;
-+ EVP_PBE_CipherInit;
-+ X509V3_add_value_bool_nf;
-+ d2i_ASN1_UINTEGER;
-+ sk_value;
-+ sk_num;
-+ sk_set;
-+ i2d_ASN1_SET_OF_X509_REVOKED;
-+ sk_sort;
-+ d2i_ASN1_SET_OF_X509_REVOKED;
-+ i2d_ASN1_SET_OF_X509_ALGOR;
-+ i2d_ASN1_SET_OF_X509_CRL;
-+ d2i_ASN1_SET_OF_X509_ALGOR;
-+ d2i_ASN1_SET_OF_X509_CRL;
-+ i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO;
-+ i2d_ASN1_SET_OF_PKCS7_RECIP_INFO;
-+ d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO;
-+ d2i_ASN1_SET_OF_PKCS7_RECIP_INFO;
-+ PKCS5_PBE_add;
-+ PEM_write_bio_PKCS8;
-+ i2d_PKCS8_fp;
-+ PEM_read_bio_PKCS8_PRIV_KEY_INFO;
-+ PEM_read_bio_P8_PRIV_KEY_INFO;
-+ d2i_PKCS8_bio;
-+ d2i_PKCS8_PRIV_KEY_INFO_fp;
-+ PEM_write_bio_PKCS8_PRIV_KEY_INFO;
-+ PEM_write_bio_P8_PRIV_KEY_INFO;
-+ PEM_read_PKCS8;
-+ d2i_PKCS8_PRIV_KEY_INFO_bio;
-+ d2i_PKCS8_fp;
-+ PEM_write_PKCS8;
-+ PEM_read_PKCS8_PRIV_KEY_INFO;
-+ PEM_read_P8_PRIV_KEY_INFO;
-+ PEM_read_bio_PKCS8;
-+ PEM_write_PKCS8_PRIV_KEY_INFO;
-+ PEM_write_P8_PRIV_KEY_INFO;
-+ PKCS5_PBE_keyivgen;
-+ i2d_PKCS8_bio;
-+ i2d_PKCS8_PRIV_KEY_INFO_fp;
-+ i2d_PKCS8_PRIV_KEY_INFO_bio;
-+ BIO_s_bio;
-+ PKCS5_pbe2_set;
-+ PKCS5_PBKDF2_HMAC_SHA1;
-+ PKCS5_v2_PBE_keyivgen;
-+ PEM_write_bio_PKCS8PrivateKey;
-+ PEM_write_PKCS8PrivateKey;
-+ BIO_ctrl_get_read_request;
-+ BIO_ctrl_pending;
-+ BIO_ctrl_wpending;
-+ BIO_new_bio_pair;
-+ BIO_ctrl_get_write_guarantee;
-+ CRYPTO_num_locks;
-+ CONF_load_bio;
-+ CONF_load_fp;
-+ i2d_ASN1_SET_OF_ASN1_OBJECT;
-+ d2i_ASN1_SET_OF_ASN1_OBJECT;
-+ PKCS7_signatureVerify;
-+ RSA_set_method;
-+ RSA_get_method;
-+ RSA_get_default_method;
-+ RSA_check_key;
-+ OBJ_obj2txt;
-+ DSA_dup_DH;
-+ X509_REQ_get_extensions;
-+ X509_REQ_set_extension_nids;
-+ BIO_nwrite;
-+ X509_REQ_extension_nid;
-+ BIO_nread;
-+ X509_REQ_get_extension_nids;
-+ BIO_nwrite0;
-+ X509_REQ_add_extensions_nid;
-+ BIO_nread0;
-+ X509_REQ_add_extensions;
-+ BIO_new_mem_buf;
-+ DH_set_ex_data;
-+ DH_set_method;
-+ DSA_OpenSSL;
-+ DH_get_ex_data;
-+ DH_get_ex_new_index;
-+ DSA_new_method;
-+ DH_new_method;
-+ DH_OpenSSL;
-+ DSA_get_ex_new_index;
-+ DH_get_default_method;
-+ DSA_set_ex_data;
-+ DH_set_default_method;
-+ DSA_get_ex_data;
-+ X509V3_EXT_REQ_add_conf;
-+ NETSCAPE_SPKI_print;
-+ NETSCAPE_SPKI_set_pubkey;
-+ NETSCAPE_SPKI_b64_encode;
-+ NETSCAPE_SPKI_get_pubkey;
-+ NETSCAPE_SPKI_b64_decode;
-+ UTF8_putc;
-+ UTF8_getc;
-+ RSA_null_method;
-+ ASN1_tag2str;
-+ BIO_ctrl_reset_read_request;
-+ DISPLAYTEXT_new;
-+ ASN1_GENERALIZEDTIME_free;
-+ X509_REVOKED_get_ext_d2i;
-+ X509_set_ex_data;
-+ X509_reject_set_bit_asc;
-+ X509_NAME_add_entry_by_txt;
-+ X509_NAME_add_entry_by_NID;
-+ X509_PURPOSE_get0;
-+ PEM_read_X509_AUX;
-+ d2i_AUTHORITY_INFO_ACCESS;
-+ PEM_write_PUBKEY;
-+ ACCESS_DESCRIPTION_new;
-+ X509_CERT_AUX_free;
-+ d2i_ACCESS_DESCRIPTION;
-+ X509_trust_clear;
-+ X509_TRUST_add;
-+ ASN1_VISIBLESTRING_new;
-+ X509_alias_set1;
-+ ASN1_PRINTABLESTRING_free;
-+ EVP_PKEY_get1_DSA;
-+ ASN1_BMPSTRING_new;
-+ ASN1_mbstring_copy;
-+ ASN1_UTF8STRING_new;
-+ DSA_get_default_method;
-+ i2d_ASN1_SET_OF_ACCESS_DESCRIPTION;
-+ ASN1_T61STRING_free;
-+ DSA_set_method;
-+ X509_get_ex_data;
-+ ASN1_STRING_type;
-+ X509_PURPOSE_get_by_sname;
-+ ASN1_TIME_free;
-+ ASN1_OCTET_STRING_cmp;
-+ ASN1_BIT_STRING_new;
-+ X509_get_ext_d2i;
-+ PEM_read_bio_X509_AUX;
-+ ASN1_STRING_set_default_mask_asc;
-+ ASN1_STRING_set_def_mask_asc;
-+ PEM_write_bio_RSA_PUBKEY;
-+ ASN1_INTEGER_cmp;
-+ d2i_RSA_PUBKEY_fp;
-+ X509_trust_set_bit_asc;
-+ PEM_write_bio_DSA_PUBKEY;
-+ X509_STORE_CTX_free;
-+ EVP_PKEY_set1_DSA;
-+ i2d_DSA_PUBKEY_fp;
-+ X509_load_cert_crl_file;
-+ ASN1_TIME_new;
-+ i2d_RSA_PUBKEY;
-+ X509_STORE_CTX_purpose_inherit;
-+ PEM_read_RSA_PUBKEY;
-+ d2i_X509_AUX;
-+ i2d_DSA_PUBKEY;
-+ X509_CERT_AUX_print;
-+ PEM_read_DSA_PUBKEY;
-+ i2d_RSA_PUBKEY_bio;
-+ ASN1_BIT_STRING_num_asc;
-+ i2d_PUBKEY;
-+ ASN1_UTCTIME_free;
-+ DSA_set_default_method;
-+ X509_PURPOSE_get_by_id;
-+ ACCESS_DESCRIPTION_free;
-+ PEM_read_bio_PUBKEY;
-+ ASN1_STRING_set_by_NID;
-+ X509_PURPOSE_get_id;
-+ DISPLAYTEXT_free;
-+ OTHERNAME_new;
-+ X509_CERT_AUX_new;
-+ X509_TRUST_cleanup;
-+ X509_NAME_add_entry_by_OBJ;
-+ X509_CRL_get_ext_d2i;
-+ X509_PURPOSE_get0_name;
-+ PEM_read_PUBKEY;
-+ i2d_DSA_PUBKEY_bio;
-+ i2d_OTHERNAME;
-+ ASN1_OCTET_STRING_free;
-+ ASN1_BIT_STRING_set_asc;
-+ X509_get_ex_new_index;
-+ ASN1_STRING_TABLE_cleanup;
-+ X509_TRUST_get_by_id;
-+ X509_PURPOSE_get_trust;
-+ ASN1_STRING_length;
-+ d2i_ASN1_SET_OF_ACCESS_DESCRIPTION;
-+ ASN1_PRINTABLESTRING_new;
-+ X509V3_get_d2i;
-+ ASN1_ENUMERATED_free;
-+ i2d_X509_CERT_AUX;
-+ X509_STORE_CTX_set_trust;
-+ ASN1_STRING_set_default_mask;
-+ X509_STORE_CTX_new;
-+ EVP_PKEY_get1_RSA;
-+ DIRECTORYSTRING_free;
-+ PEM_write_X509_AUX;
-+ ASN1_OCTET_STRING_set;
-+ d2i_DSA_PUBKEY_fp;
-+ d2i_RSA_PUBKEY;
-+ X509_TRUST_get0_name;
-+ X509_TRUST_get0;
-+ AUTHORITY_INFO_ACCESS_free;
-+ ASN1_IA5STRING_new;
-+ d2i_DSA_PUBKEY;
-+ X509_check_purpose;
-+ ASN1_ENUMERATED_new;
-+ d2i_RSA_PUBKEY_bio;
-+ d2i_PUBKEY;
-+ X509_TRUST_get_trust;
-+ X509_TRUST_get_flags;
-+ ASN1_BMPSTRING_free;
-+ ASN1_T61STRING_new;
-+ ASN1_UTCTIME_new;
-+ i2d_AUTHORITY_INFO_ACCESS;
-+ EVP_PKEY_set1_RSA;
-+ X509_STORE_CTX_set_purpose;
-+ ASN1_IA5STRING_free;
-+ PEM_write_bio_X509_AUX;
-+ X509_PURPOSE_get_count;
-+ CRYPTO_add_info;
-+ X509_NAME_ENTRY_create_by_txt;
-+ ASN1_STRING_get_default_mask;
-+ X509_alias_get0;
-+ ASN1_STRING_data;
-+ i2d_ACCESS_DESCRIPTION;
-+ X509_trust_set_bit;
-+ ASN1_BIT_STRING_free;
-+ PEM_read_bio_RSA_PUBKEY;
-+ X509_add1_reject_object;
-+ X509_check_trust;
-+ PEM_read_bio_DSA_PUBKEY;
-+ X509_PURPOSE_add;
-+ ASN1_STRING_TABLE_get;
-+ ASN1_UTF8STRING_free;
-+ d2i_DSA_PUBKEY_bio;
-+ PEM_write_RSA_PUBKEY;
-+ d2i_OTHERNAME;
-+ X509_reject_set_bit;
-+ PEM_write_DSA_PUBKEY;
-+ X509_PURPOSE_get0_sname;
-+ EVP_PKEY_set1_DH;
-+ ASN1_OCTET_STRING_dup;
-+ ASN1_BIT_STRING_set;
-+ X509_TRUST_get_count;
-+ ASN1_INTEGER_free;
-+ OTHERNAME_free;
-+ i2d_RSA_PUBKEY_fp;
-+ ASN1_INTEGER_dup;
-+ d2i_X509_CERT_AUX;
-+ PEM_write_bio_PUBKEY;
-+ ASN1_VISIBLESTRING_free;
-+ X509_PURPOSE_cleanup;
-+ ASN1_mbstring_ncopy;
-+ ASN1_GENERALIZEDTIME_new;
-+ EVP_PKEY_get1_DH;
-+ ASN1_OCTET_STRING_new;
-+ ASN1_INTEGER_new;
-+ i2d_X509_AUX;
-+ ASN1_BIT_STRING_name_print;
-+ X509_cmp;
-+ ASN1_STRING_length_set;
-+ DIRECTORYSTRING_new;
-+ X509_add1_trust_object;
-+ PKCS12_newpass;
-+ SMIME_write_PKCS7;
-+ SMIME_read_PKCS7;
-+ DES_set_key_checked;
-+ PKCS7_verify;
-+ PKCS7_encrypt;
-+ DES_set_key_unchecked;
-+ SMIME_crlf_copy;
-+ i2d_ASN1_PRINTABLESTRING;
-+ PKCS7_get0_signers;
-+ PKCS7_decrypt;
-+ SMIME_text;
-+ PKCS7_simple_smimecap;
-+ PKCS7_get_smimecap;
-+ PKCS7_sign;
-+ PKCS7_add_attrib_smimecap;
-+ CRYPTO_dbg_set_options;
-+ CRYPTO_remove_all_info;
-+ CRYPTO_get_mem_debug_functions;
-+ CRYPTO_is_mem_check_on;
-+ CRYPTO_set_mem_debug_functions;
-+ CRYPTO_pop_info;
-+ CRYPTO_push_info_;
-+ CRYPTO_set_mem_debug_options;
-+ PEM_write_PKCS8PrivateKey_nid;
-+ PEM_write_bio_PKCS8PrivateKey_nid;
-+ PEM_write_bio_PKCS8PrivKey_nid;
-+ d2i_PKCS8PrivateKey_bio;
-+ ASN1_NULL_free;
-+ d2i_ASN1_NULL;
-+ ASN1_NULL_new;
-+ i2d_PKCS8PrivateKey_bio;
-+ i2d_PKCS8PrivateKey_fp;
-+ i2d_ASN1_NULL;
-+ i2d_PKCS8PrivateKey_nid_fp;
-+ d2i_PKCS8PrivateKey_fp;
-+ i2d_PKCS8PrivateKey_nid_bio;
-+ i2d_PKCS8PrivateKeyInfo_fp;
-+ i2d_PKCS8PrivateKeyInfo_bio;
-+ PEM_cb;
-+ i2d_PrivateKey_fp;
-+ d2i_PrivateKey_bio;
-+ d2i_PrivateKey_fp;
-+ i2d_PrivateKey_bio;
-+ X509_reject_clear;
-+ X509_TRUST_set_default;
-+ d2i_AutoPrivateKey;
-+ X509_ATTRIBUTE_get0_type;
-+ X509_ATTRIBUTE_set1_data;
-+ X509at_get_attr;
-+ X509at_get_attr_count;
-+ X509_ATTRIBUTE_create_by_NID;
-+ X509_ATTRIBUTE_set1_object;
-+ X509_ATTRIBUTE_count;
-+ X509_ATTRIBUTE_create_by_OBJ;
-+ X509_ATTRIBUTE_get0_object;
-+ X509at_get_attr_by_NID;
-+ X509at_add1_attr;
-+ X509_ATTRIBUTE_get0_data;
-+ X509at_delete_attr;
-+ X509at_get_attr_by_OBJ;
-+ RAND_add;
-+ BIO_number_written;
-+ BIO_number_read;
-+ X509_STORE_CTX_get1_chain;
-+ ERR_load_RAND_strings;
-+ RAND_pseudo_bytes;
-+ X509_REQ_get_attr_by_NID;
-+ X509_REQ_get_attr;
-+ X509_REQ_add1_attr_by_NID;
-+ X509_REQ_get_attr_by_OBJ;
-+ X509at_add1_attr_by_NID;
-+ X509_REQ_add1_attr_by_OBJ;
-+ X509_REQ_get_attr_count;
-+ X509_REQ_add1_attr;
-+ X509_REQ_delete_attr;
-+ X509at_add1_attr_by_OBJ;
-+ X509_REQ_add1_attr_by_txt;
-+ X509_ATTRIBUTE_create_by_txt;
-+ X509at_add1_attr_by_txt;
-+ BN_pseudo_rand;
-+ BN_is_prime_fasttest;
-+ BN_CTX_end;
-+ BN_CTX_start;
-+ BN_CTX_get;
-+ EVP_PKEY2PKCS8_broken;
-+ ASN1_STRING_TABLE_add;
-+ CRYPTO_dbg_get_options;
-+ AUTHORITY_INFO_ACCESS_new;
-+ CRYPTO_get_mem_debug_options;
-+ DES_crypt;
-+ PEM_write_bio_X509_REQ_NEW;
-+ PEM_write_X509_REQ_NEW;
-+ BIO_callback_ctrl;
-+ RAND_egd;
-+ RAND_status;
-+ bn_dump1;
-+ DES_check_key_parity;
-+ lh_num_items;
-+ RAND_event;
-+ DSO_new;
-+ DSO_new_method;
-+ DSO_free;
-+ DSO_flags;
-+ DSO_up;
-+ DSO_set_default_method;
-+ DSO_get_default_method;
-+ DSO_get_method;
-+ DSO_set_method;
-+ DSO_load;
-+ DSO_bind_var;
-+ DSO_METHOD_null;
-+ DSO_METHOD_openssl;
-+ DSO_METHOD_dlfcn;
-+ DSO_METHOD_win32;
-+ ERR_load_DSO_strings;
-+ DSO_METHOD_dl;
-+ NCONF_load;
-+ NCONF_load_fp;
-+ NCONF_new;
-+ NCONF_get_string;
-+ NCONF_free;
-+ NCONF_get_number;
-+ CONF_dump_fp;
-+ NCONF_load_bio;
-+ NCONF_dump_fp;
-+ NCONF_get_section;
-+ NCONF_dump_bio;
-+ CONF_dump_bio;
-+ NCONF_free_data;
-+ CONF_set_default_method;
-+ ERR_error_string_n;
-+ BIO_snprintf;
-+ DSO_ctrl;
-+ i2d_ASN1_SET_OF_ASN1_INTEGER;
-+ i2d_ASN1_SET_OF_PKCS12_SAFEBAG;
-+ i2d_ASN1_SET_OF_PKCS7;
-+ BIO_vfree;
-+ d2i_ASN1_SET_OF_ASN1_INTEGER;
-+ d2i_ASN1_SET_OF_PKCS12_SAFEBAG;
-+ ASN1_UTCTIME_get;
-+ X509_REQ_digest;
-+ X509_CRL_digest;
-+ d2i_ASN1_SET_OF_PKCS7;
-+ EVP_CIPHER_CTX_set_key_length;
-+ EVP_CIPHER_CTX_ctrl;
-+ BN_mod_exp_mont_word;
-+ RAND_egd_bytes;
-+ X509_REQ_get1_email;
-+ X509_get1_email;
-+ X509_email_free;
-+ i2d_RSA_NET;
-+ d2i_RSA_NET_2;
-+ d2i_RSA_NET;
-+ DSO_bind_func;
-+ CRYPTO_get_new_dynlockid;
-+ sk_new_null;
-+ CRYPTO_set_dynlock_destroy_callback;
-+ CRYPTO_set_dynlock_destroy_cb;
-+ CRYPTO_destroy_dynlockid;
-+ CRYPTO_set_dynlock_size;
-+ CRYPTO_set_dynlock_create_callback;
-+ CRYPTO_set_dynlock_create_cb;
-+ CRYPTO_set_dynlock_lock_callback;
-+ CRYPTO_set_dynlock_lock_cb;
-+ CRYPTO_get_dynlock_lock_callback;
-+ CRYPTO_get_dynlock_lock_cb;
-+ CRYPTO_get_dynlock_destroy_callback;
-+ CRYPTO_get_dynlock_destroy_cb;
-+ CRYPTO_get_dynlock_value;
-+ CRYPTO_get_dynlock_create_callback;
-+ CRYPTO_get_dynlock_create_cb;
-+ c2i_ASN1_BIT_STRING;
-+ i2c_ASN1_BIT_STRING;
-+ RAND_poll;
-+ c2i_ASN1_INTEGER;
-+ i2c_ASN1_INTEGER;
-+ BIO_dump_indent;
-+ ASN1_parse_dump;
-+ c2i_ASN1_OBJECT;
-+ X509_NAME_print_ex_fp;
-+ ASN1_STRING_print_ex_fp;
-+ X509_NAME_print_ex;
-+ ASN1_STRING_print_ex;
-+ MD4;
-+ MD4_Transform;
-+ MD4_Final;
-+ MD4_Update;
-+ MD4_Init;
-+ EVP_md4;
-+ i2d_PUBKEY_bio;
-+ i2d_PUBKEY_fp;
-+ d2i_PUBKEY_bio;
-+ ASN1_STRING_to_UTF8;
-+ BIO_vprintf;
-+ BIO_vsnprintf;
-+ d2i_PUBKEY_fp;
-+ X509_cmp_time;
-+ X509_STORE_CTX_set_time;
-+ X509_STORE_CTX_get1_issuer;
-+ X509_OBJECT_retrieve_match;
-+ X509_OBJECT_idx_by_subject;
-+ X509_STORE_CTX_set_flags;
-+ X509_STORE_CTX_trusted_stack;
-+ X509_time_adj;
-+ X509_check_issued;
-+ ASN1_UTCTIME_cmp_time_t;
-+ DES_set_weak_key_flag;
-+ DES_check_key;
-+ DES_rw_mode;
-+ RSA_PKCS1_RSAref;
-+ X509_keyid_set1;
-+ BIO_next;
-+ DSO_METHOD_vms;
-+ BIO_f_linebuffer;
-+ BN_bntest_rand;
-+ OPENSSL_issetugid;
-+ BN_rand_range;
-+ ERR_load_ENGINE_strings;
-+ ENGINE_set_DSA;
-+ ENGINE_get_finish_function;
-+ ENGINE_get_default_RSA;
-+ ENGINE_get_BN_mod_exp;
-+ DSA_get_default_openssl_method;
-+ ENGINE_set_DH;
-+ ENGINE_set_def_BN_mod_exp_crt;
-+ ENGINE_set_default_BN_mod_exp_crt;
-+ ENGINE_init;
-+ DH_get_default_openssl_method;
-+ RSA_set_default_openssl_method;
-+ ENGINE_finish;
-+ ENGINE_load_public_key;
-+ ENGINE_get_DH;
-+ ENGINE_ctrl;
-+ ENGINE_get_init_function;
-+ ENGINE_set_init_function;
-+ ENGINE_set_default_DSA;
-+ ENGINE_get_name;
-+ ENGINE_get_last;
-+ ENGINE_get_prev;
-+ ENGINE_get_default_DH;
-+ ENGINE_get_RSA;
-+ ENGINE_set_default;
-+ ENGINE_get_RAND;
-+ ENGINE_get_first;
-+ ENGINE_by_id;
-+ ENGINE_set_finish_function;
-+ ENGINE_get_def_BN_mod_exp_crt;
-+ ENGINE_get_default_BN_mod_exp_crt;
-+ RSA_get_default_openssl_method;
-+ ENGINE_set_RSA;
-+ ENGINE_load_private_key;
-+ ENGINE_set_default_RAND;
-+ ENGINE_set_BN_mod_exp;
-+ ENGINE_remove;
-+ ENGINE_free;
-+ ENGINE_get_BN_mod_exp_crt;
-+ ENGINE_get_next;
-+ ENGINE_set_name;
-+ ENGINE_get_default_DSA;
-+ ENGINE_set_default_BN_mod_exp;
-+ ENGINE_set_default_RSA;
-+ ENGINE_get_default_RAND;
-+ ENGINE_get_default_BN_mod_exp;
-+ ENGINE_set_RAND;
-+ ENGINE_set_id;
-+ ENGINE_set_BN_mod_exp_crt;
-+ ENGINE_set_default_DH;
-+ ENGINE_new;
-+ ENGINE_get_id;
-+ DSA_set_default_openssl_method;
-+ ENGINE_add;
-+ DH_set_default_openssl_method;
-+ ENGINE_get_DSA;
-+ ENGINE_get_ctrl_function;
-+ ENGINE_set_ctrl_function;
-+ BN_pseudo_rand_range;
-+ X509_STORE_CTX_set_verify_cb;
-+ ERR_load_COMP_strings;
-+ PKCS12_item_decrypt_d2i;
-+ ASN1_UTF8STRING_it;
-+ ENGINE_unregister_ciphers;
-+ ENGINE_get_ciphers;
-+ d2i_OCSP_BASICRESP;
-+ KRB5_CHECKSUM_it;
-+ EC_POINT_add;
-+ ASN1_item_ex_i2d;
-+ OCSP_CERTID_it;
-+ d2i_OCSP_RESPBYTES;
-+ X509V3_add1_i2d;
-+ PKCS7_ENVELOPE_it;
-+ UI_add_input_boolean;
-+ ENGINE_unregister_RSA;
-+ X509V3_EXT_nconf;
-+ ASN1_GENERALSTRING_free;
-+ d2i_OCSP_CERTSTATUS;
-+ X509_REVOKED_set_serialNumber;
-+ X509_print_ex;
-+ OCSP_ONEREQ_get1_ext_d2i;
-+ ENGINE_register_all_RAND;
-+ ENGINE_load_dynamic;
-+ PBKDF2PARAM_it;
-+ EXTENDED_KEY_USAGE_new;
-+ EC_GROUP_clear_free;
-+ OCSP_sendreq_bio;
-+ ASN1_item_digest;
-+ OCSP_BASICRESP_delete_ext;
-+ OCSP_SIGNATURE_it;
-+ X509_CRL_it;
-+ OCSP_BASICRESP_add_ext;
-+ KRB5_ENCKEY_it;
-+ UI_method_set_closer;
-+ X509_STORE_set_purpose;
-+ i2d_ASN1_GENERALSTRING;
-+ OCSP_response_status;
-+ i2d_OCSP_SERVICELOC;
-+ ENGINE_get_digest_engine;
-+ EC_GROUP_set_curve_GFp;
-+ OCSP_REQUEST_get_ext_by_OBJ;
-+ _ossl_old_des_random_key;
-+ ASN1_T61STRING_it;
-+ EC_GROUP_method_of;
-+ i2d_KRB5_APREQ;
-+ _ossl_old_des_encrypt;
-+ ASN1_PRINTABLE_new;
-+ HMAC_Init_ex;
-+ d2i_KRB5_AUTHENT;
-+ OCSP_archive_cutoff_new;
-+ EC_POINT_set_Jprojective_coordinates_GFp;
-+ EC_POINT_set_Jproj_coords_GFp;
-+ _ossl_old_des_is_weak_key;
-+ OCSP_BASICRESP_get_ext_by_OBJ;
-+ EC_POINT_oct2point;
-+ OCSP_SINGLERESP_get_ext_count;
-+ UI_ctrl;
-+ _shadow_DES_rw_mode;
-+ asn1_do_adb;
-+ ASN1_template_i2d;
-+ ENGINE_register_DH;
-+ UI_construct_prompt;
-+ X509_STORE_set_trust;
-+ UI_dup_input_string;
-+ d2i_KRB5_APREQ;
-+ EVP_MD_CTX_copy_ex;
-+ OCSP_request_is_signed;
-+ i2d_OCSP_REQINFO;
-+ KRB5_ENCKEY_free;
-+ OCSP_resp_get0;
-+ GENERAL_NAME_it;
-+ ASN1_GENERALIZEDTIME_it;
-+ X509_STORE_set_flags;
-+ EC_POINT_set_compressed_coordinates_GFp;
-+ EC_POINT_set_compr_coords_GFp;
-+ OCSP_response_status_str;
-+ d2i_OCSP_REVOKEDINFO;
-+ OCSP_basic_add1_cert;
-+ ERR_get_implementation;
-+ EVP_CipherFinal_ex;
-+ OCSP_CERTSTATUS_new;
-+ CRYPTO_cleanup_all_ex_data;
-+ OCSP_resp_find;
-+ BN_nnmod;
-+ X509_CRL_sort;
-+ X509_REVOKED_set_revocationDate;
-+ ENGINE_register_RAND;
-+ OCSP_SERVICELOC_new;
-+ EC_POINT_set_affine_coordinates_GFp;
-+ EC_POINT_set_affine_coords_GFp;
-+ _ossl_old_des_options;
-+ SXNET_it;
-+ UI_dup_input_boolean;
-+ PKCS12_add_CSPName_asc;
-+ EC_POINT_is_at_infinity;
-+ ENGINE_load_cryptodev;
-+ DSO_convert_filename;
-+ POLICYQUALINFO_it;
-+ ENGINE_register_ciphers;
-+ BN_mod_lshift_quick;
-+ DSO_set_filename;
-+ ASN1_item_free;
-+ KRB5_TKTBODY_free;
-+ AUTHORITY_KEYID_it;
-+ KRB5_APREQBODY_new;
-+ X509V3_EXT_REQ_add_nconf;
-+ ENGINE_ctrl_cmd_string;
-+ i2d_OCSP_RESPDATA;
-+ EVP_MD_CTX_init;
-+ EXTENDED_KEY_USAGE_free;
-+ PKCS7_ATTR_SIGN_it;
-+ UI_add_error_string;
-+ KRB5_CHECKSUM_free;
-+ OCSP_REQUEST_get_ext;
-+ ENGINE_load_ubsec;
-+ ENGINE_register_all_digests;
-+ PKEY_USAGE_PERIOD_it;
-+ PKCS12_unpack_authsafes;
-+ ASN1_item_unpack;
-+ NETSCAPE_SPKAC_it;
-+ X509_REVOKED_it;
-+ ASN1_STRING_encode;
-+ EVP_aes_128_ecb;
-+ KRB5_AUTHENT_free;
-+ OCSP_BASICRESP_get_ext_by_critical;
-+ OCSP_BASICRESP_get_ext_by_crit;
-+ OCSP_cert_status_str;
-+ d2i_OCSP_REQUEST;
-+ UI_dup_info_string;
-+ _ossl_old_des_xwhite_in2out;
-+ PKCS12_it;
-+ OCSP_SINGLERESP_get_ext_by_critical;
-+ OCSP_SINGLERESP_get_ext_by_crit;
-+ OCSP_CERTSTATUS_free;
-+ _ossl_old_des_crypt;
-+ ASN1_item_i2d;
-+ EVP_DecryptFinal_ex;
-+ ENGINE_load_openssl;
-+ ENGINE_get_cmd_defns;
-+ ENGINE_set_load_privkey_function;
-+ ENGINE_set_load_privkey_fn;
-+ EVP_EncryptFinal_ex;
-+ ENGINE_set_default_digests;
-+ X509_get0_pubkey_bitstr;
-+ asn1_ex_i2c;
-+ ENGINE_register_RSA;
-+ ENGINE_unregister_DSA;
-+ _ossl_old_des_key_sched;
-+ X509_EXTENSION_it;
-+ i2d_KRB5_AUTHENT;
-+ SXNETID_it;
-+ d2i_OCSP_SINGLERESP;
-+ EDIPARTYNAME_new;
-+ PKCS12_certbag2x509;
-+ _ossl_old_des_ofb64_encrypt;
-+ d2i_EXTENDED_KEY_USAGE;
-+ ERR_print_errors_cb;
-+ ENGINE_set_ciphers;
-+ d2i_KRB5_APREQBODY;
-+ UI_method_get_flusher;
-+ X509_PUBKEY_it;
-+ _ossl_old_des_enc_read;
-+ PKCS7_ENCRYPT_it;
-+ i2d_OCSP_RESPONSE;
-+ EC_GROUP_get_cofactor;
-+ PKCS12_unpack_p7data;
-+ d2i_KRB5_AUTHDATA;
-+ OCSP_copy_nonce;
-+ KRB5_AUTHDATA_new;
-+ OCSP_RESPDATA_new;
-+ EC_GFp_mont_method;
-+ OCSP_REVOKEDINFO_free;
-+ UI_get_ex_data;
-+ KRB5_APREQBODY_free;
-+ EC_GROUP_get0_generator;
-+ UI_get_default_method;
-+ X509V3_set_nconf;
-+ PKCS12_item_i2d_encrypt;
-+ X509_add1_ext_i2d;
-+ PKCS7_SIGNER_INFO_it;
-+ KRB5_PRINCNAME_new;
-+ PKCS12_SAFEBAG_it;
-+ EC_GROUP_get_order;
-+ d2i_OCSP_RESPID;
-+ OCSP_request_verify;
-+ NCONF_get_number_e;
-+ _ossl_old_des_decrypt3;
-+ X509_signature_print;
-+ OCSP_SINGLERESP_free;
-+ ENGINE_load_builtin_engines;
-+ i2d_OCSP_ONEREQ;
-+ OCSP_REQUEST_add_ext;
-+ OCSP_RESPBYTES_new;
-+ EVP_MD_CTX_create;
-+ OCSP_resp_find_status;
-+ X509_ALGOR_it;
-+ ASN1_TIME_it;
-+ OCSP_request_set1_name;
-+ OCSP_ONEREQ_get_ext_count;
-+ UI_get0_result;
-+ PKCS12_AUTHSAFES_it;
-+ EVP_aes_256_ecb;
-+ PKCS12_pack_authsafes;
-+ ASN1_IA5STRING_it;
-+ UI_get_input_flags;
-+ EC_GROUP_set_generator;
-+ _ossl_old_des_string_to_2keys;
-+ OCSP_CERTID_free;
-+ X509_CERT_AUX_it;
-+ CERTIFICATEPOLICIES_it;
-+ _ossl_old_des_ede3_cbc_encrypt;
-+ RAND_set_rand_engine;
-+ DSO_get_loaded_filename;
-+ X509_ATTRIBUTE_it;
-+ OCSP_ONEREQ_get_ext_by_NID;
-+ PKCS12_decrypt_skey;
-+ KRB5_AUTHENT_it;
-+ UI_dup_error_string;
-+ RSAPublicKey_it;
-+ i2d_OCSP_REQUEST;
-+ PKCS12_x509crl2certbag;
-+ OCSP_SERVICELOC_it;
-+ ASN1_item_sign;
-+ X509_CRL_set_issuer_name;
-+ OBJ_NAME_do_all_sorted;
-+ i2d_OCSP_BASICRESP;
-+ i2d_OCSP_RESPBYTES;
-+ PKCS12_unpack_p7encdata;
-+ HMAC_CTX_init;
-+ ENGINE_get_digest;
-+ OCSP_RESPONSE_print;
-+ KRB5_TKTBODY_it;
-+ ACCESS_DESCRIPTION_it;
-+ PKCS7_ISSUER_AND_SERIAL_it;
-+ PBE2PARAM_it;
-+ PKCS12_certbag2x509crl;
-+ PKCS7_SIGNED_it;
-+ ENGINE_get_cipher;
-+ i2d_OCSP_CRLID;
-+ OCSP_SINGLERESP_new;
-+ ENGINE_cmd_is_executable;
-+ RSA_up_ref;
-+ ASN1_GENERALSTRING_it;
-+ ENGINE_register_DSA;
-+ X509V3_EXT_add_nconf_sk;
-+ ENGINE_set_load_pubkey_function;
-+ PKCS8_decrypt;
-+ PEM_bytes_read_bio;
-+ DIRECTORYSTRING_it;
-+ d2i_OCSP_CRLID;
-+ EC_POINT_is_on_curve;
-+ CRYPTO_set_locked_mem_ex_functions;
-+ CRYPTO_set_locked_mem_ex_funcs;
-+ d2i_KRB5_CHECKSUM;
-+ ASN1_item_dup;
-+ X509_it;
-+ BN_mod_add;
-+ KRB5_AUTHDATA_free;
-+ _ossl_old_des_cbc_cksum;
-+ ASN1_item_verify;
-+ CRYPTO_set_mem_ex_functions;
-+ EC_POINT_get_Jprojective_coordinates_GFp;
-+ EC_POINT_get_Jproj_coords_GFp;
-+ ZLONG_it;
-+ CRYPTO_get_locked_mem_ex_functions;
-+ CRYPTO_get_locked_mem_ex_funcs;
-+ ASN1_TIME_check;
-+ UI_get0_user_data;
-+ HMAC_CTX_cleanup;
-+ DSA_up_ref;
-+ _ossl_old_des_ede3_cfb64_encrypt;
-+ _ossl_odes_ede3_cfb64_encrypt;
-+ ASN1_BMPSTRING_it;
-+ ASN1_tag2bit;
-+ UI_method_set_flusher;
-+ X509_ocspid_print;
-+ KRB5_ENCDATA_it;
-+ ENGINE_get_load_pubkey_function;
-+ UI_add_user_data;
-+ OCSP_REQUEST_delete_ext;
-+ UI_get_method;
-+ OCSP_ONEREQ_free;
-+ ASN1_PRINTABLESTRING_it;
-+ X509_CRL_set_nextUpdate;
-+ OCSP_REQUEST_it;
-+ OCSP_BASICRESP_it;
-+ AES_ecb_encrypt;
-+ BN_mod_sqr;
-+ NETSCAPE_CERT_SEQUENCE_it;
-+ GENERAL_NAMES_it;
-+ AUTHORITY_INFO_ACCESS_it;
-+ ASN1_FBOOLEAN_it;
-+ UI_set_ex_data;
-+ _ossl_old_des_string_to_key;
-+ ENGINE_register_all_RSA;
-+ d2i_KRB5_PRINCNAME;
-+ OCSP_RESPBYTES_it;
-+ X509_CINF_it;
-+ ENGINE_unregister_digests;
-+ d2i_EDIPARTYNAME;
-+ d2i_OCSP_SERVICELOC;
-+ ENGINE_get_digests;
-+ _ossl_old_des_set_odd_parity;
-+ OCSP_RESPDATA_free;
-+ d2i_KRB5_TICKET;
-+ OTHERNAME_it;
-+ EVP_MD_CTX_cleanup;
-+ d2i_ASN1_GENERALSTRING;
-+ X509_CRL_set_version;
-+ BN_mod_sub;
-+ OCSP_SINGLERESP_get_ext_by_NID;
-+ ENGINE_get_ex_new_index;
-+ OCSP_REQUEST_free;
-+ OCSP_REQUEST_add1_ext_i2d;
-+ X509_VAL_it;
-+ EC_POINTs_make_affine;
-+ EC_POINT_mul;
-+ X509V3_EXT_add_nconf;
-+ X509_TRUST_set;
-+ X509_CRL_add1_ext_i2d;
-+ _ossl_old_des_fcrypt;
-+ DISPLAYTEXT_it;
-+ X509_CRL_set_lastUpdate;
-+ OCSP_BASICRESP_free;
-+ OCSP_BASICRESP_add1_ext_i2d;
-+ d2i_KRB5_AUTHENTBODY;
-+ CRYPTO_set_ex_data_implementation;
-+ CRYPTO_set_ex_data_impl;
-+ KRB5_ENCDATA_new;
-+ DSO_up_ref;
-+ OCSP_crl_reason_str;
-+ UI_get0_result_string;
-+ ASN1_GENERALSTRING_new;
-+ X509_SIG_it;
-+ ERR_set_implementation;
-+ ERR_load_EC_strings;
-+ UI_get0_action_string;
-+ OCSP_ONEREQ_get_ext;
-+ EC_POINT_method_of;
-+ i2d_KRB5_APREQBODY;
-+ _ossl_old_des_ecb3_encrypt;
-+ CRYPTO_get_mem_ex_functions;
-+ ENGINE_get_ex_data;
-+ UI_destroy_method;
-+ ASN1_item_i2d_bio;
-+ OCSP_ONEREQ_get_ext_by_OBJ;
-+ ASN1_primitive_new;
-+ ASN1_PRINTABLE_it;
-+ EVP_aes_192_ecb;
-+ OCSP_SIGNATURE_new;
-+ LONG_it;
-+ ASN1_VISIBLESTRING_it;
-+ OCSP_SINGLERESP_add1_ext_i2d;
-+ d2i_OCSP_CERTID;
-+ ASN1_item_d2i_fp;
-+ CRL_DIST_POINTS_it;
-+ GENERAL_NAME_print;
-+ OCSP_SINGLERESP_delete_ext;
-+ PKCS12_SAFEBAGS_it;
-+ d2i_OCSP_SIGNATURE;
-+ OCSP_request_add1_nonce;
-+ ENGINE_set_cmd_defns;
-+ OCSP_SERVICELOC_free;
-+ EC_GROUP_free;
-+ ASN1_BIT_STRING_it;
-+ X509_REQ_it;
-+ _ossl_old_des_cbc_encrypt;
-+ ERR_unload_strings;
-+ PKCS7_SIGN_ENVELOPE_it;
-+ EDIPARTYNAME_free;
-+ OCSP_REQINFO_free;
-+ EC_GROUP_new_curve_GFp;
-+ OCSP_REQUEST_get1_ext_d2i;
-+ PKCS12_item_pack_safebag;
-+ asn1_ex_c2i;
-+ ENGINE_register_digests;
-+ i2d_OCSP_REVOKEDINFO;
-+ asn1_enc_restore;
-+ UI_free;
-+ UI_new_method;
-+ EVP_EncryptInit_ex;
-+ X509_pubkey_digest;
-+ EC_POINT_invert;
-+ OCSP_basic_sign;
-+ i2d_OCSP_RESPID;
-+ OCSP_check_nonce;
-+ ENGINE_ctrl_cmd;
-+ d2i_KRB5_ENCKEY;
-+ OCSP_parse_url;
-+ OCSP_SINGLERESP_get_ext;
-+ OCSP_CRLID_free;
-+ OCSP_BASICRESP_get1_ext_d2i;
-+ RSAPrivateKey_it;
-+ ENGINE_register_all_DH;
-+ i2d_EDIPARTYNAME;
-+ EC_POINT_get_affine_coordinates_GFp;
-+ EC_POINT_get_affine_coords_GFp;
-+ OCSP_CRLID_new;
-+ ENGINE_get_flags;
-+ OCSP_ONEREQ_it;
-+ UI_process;
-+ ASN1_INTEGER_it;
-+ EVP_CipherInit_ex;
-+ UI_get_string_type;
-+ ENGINE_unregister_DH;
-+ ENGINE_register_all_DSA;
-+ OCSP_ONEREQ_get_ext_by_critical;
-+ bn_dup_expand;
-+ OCSP_cert_id_new;
-+ BASIC_CONSTRAINTS_it;
-+ BN_mod_add_quick;
-+ EC_POINT_new;
-+ EVP_MD_CTX_destroy;
-+ OCSP_RESPBYTES_free;
-+ EVP_aes_128_cbc;
-+ OCSP_SINGLERESP_get1_ext_d2i;
-+ EC_POINT_free;
-+ DH_up_ref;
-+ X509_NAME_ENTRY_it;
-+ UI_get_ex_new_index;
-+ BN_mod_sub_quick;
-+ OCSP_ONEREQ_add_ext;
-+ OCSP_request_sign;
-+ EVP_DigestFinal_ex;
-+ ENGINE_set_digests;
-+ OCSP_id_issuer_cmp;
-+ OBJ_NAME_do_all;
-+ EC_POINTs_mul;
-+ ENGINE_register_complete;
-+ X509V3_EXT_nconf_nid;
-+ ASN1_SEQUENCE_it;
-+ UI_set_default_method;
-+ RAND_query_egd_bytes;
-+ UI_method_get_writer;
-+ UI_OpenSSL;
-+ PEM_def_callback;
-+ ENGINE_cleanup;
-+ DIST_POINT_it;
-+ OCSP_SINGLERESP_it;
-+ d2i_KRB5_TKTBODY;
-+ EC_POINT_cmp;
-+ OCSP_REVOKEDINFO_new;
-+ i2d_OCSP_CERTSTATUS;
-+ OCSP_basic_add1_nonce;
-+ ASN1_item_ex_d2i;
-+ BN_mod_lshift1_quick;
-+ UI_set_method;
-+ OCSP_id_get0_info;
-+ BN_mod_sqrt;
-+ EC_GROUP_copy;
-+ KRB5_ENCDATA_free;
-+ _ossl_old_des_cfb_encrypt;
-+ OCSP_SINGLERESP_get_ext_by_OBJ;
-+ OCSP_cert_to_id;
-+ OCSP_RESPID_new;
-+ OCSP_RESPDATA_it;
-+ d2i_OCSP_RESPDATA;
-+ ENGINE_register_all_complete;
-+ OCSP_check_validity;
-+ PKCS12_BAGS_it;
-+ OCSP_url_svcloc_new;
-+ ASN1_template_free;
-+ OCSP_SINGLERESP_add_ext;
-+ KRB5_AUTHENTBODY_it;
-+ X509_supported_extension;
-+ i2d_KRB5_AUTHDATA;
-+ UI_method_get_opener;
-+ ENGINE_set_ex_data;
-+ OCSP_REQUEST_print;
-+ CBIGNUM_it;
-+ KRB5_TICKET_new;
-+ KRB5_APREQ_new;
-+ EC_GROUP_get_curve_GFp;
-+ KRB5_ENCKEY_new;
-+ ASN1_template_d2i;
-+ _ossl_old_des_quad_cksum;
-+ OCSP_single_get0_status;
-+ BN_swap;
-+ POLICYINFO_it;
-+ ENGINE_set_destroy_function;
-+ asn1_enc_free;
-+ OCSP_RESPID_it;
-+ EC_GROUP_new;
-+ EVP_aes_256_cbc;
-+ i2d_KRB5_PRINCNAME;
-+ _ossl_old_des_encrypt2;
-+ _ossl_old_des_encrypt3;
-+ PKCS8_PRIV_KEY_INFO_it;
-+ OCSP_REQINFO_it;
-+ PBEPARAM_it;
-+ KRB5_AUTHENTBODY_new;
-+ X509_CRL_add0_revoked;
-+ EDIPARTYNAME_it;
-+ NETSCAPE_SPKI_it;
-+ UI_get0_test_string;
-+ ENGINE_get_cipher_engine;
-+ ENGINE_register_all_ciphers;
-+ EC_POINT_copy;
-+ BN_kronecker;
-+ _ossl_old_des_ede3_ofb64_encrypt;
-+ _ossl_odes_ede3_ofb64_encrypt;
-+ UI_method_get_reader;
-+ OCSP_BASICRESP_get_ext_count;
-+ ASN1_ENUMERATED_it;
-+ UI_set_result;
-+ i2d_KRB5_TICKET;
-+ X509_print_ex_fp;
-+ EVP_CIPHER_CTX_set_padding;
-+ d2i_OCSP_RESPONSE;
-+ ASN1_UTCTIME_it;
-+ _ossl_old_des_enc_write;
-+ OCSP_RESPONSE_new;
-+ AES_set_encrypt_key;
-+ OCSP_resp_count;
-+ KRB5_CHECKSUM_new;
-+ ENGINE_load_cswift;
-+ OCSP_onereq_get0_id;
-+ ENGINE_set_default_ciphers;
-+ NOTICEREF_it;
-+ X509V3_EXT_CRL_add_nconf;
-+ OCSP_REVOKEDINFO_it;
-+ AES_encrypt;
-+ OCSP_REQUEST_new;
-+ ASN1_ANY_it;
-+ CRYPTO_ex_data_new_class;
-+ _ossl_old_des_ncbc_encrypt;
-+ i2d_KRB5_TKTBODY;
-+ EC_POINT_clear_free;
-+ AES_decrypt;
-+ asn1_enc_init;
-+ UI_get_result_maxsize;
-+ OCSP_CERTID_new;
-+ ENGINE_unregister_RAND;
-+ UI_method_get_closer;
-+ d2i_KRB5_ENCDATA;
-+ OCSP_request_onereq_count;
-+ OCSP_basic_verify;
-+ KRB5_AUTHENTBODY_free;
-+ ASN1_item_d2i;
-+ ASN1_primitive_free;
-+ i2d_EXTENDED_KEY_USAGE;
-+ i2d_OCSP_SIGNATURE;
-+ asn1_enc_save;
-+ ENGINE_load_nuron;
-+ _ossl_old_des_pcbc_encrypt;
-+ PKCS12_MAC_DATA_it;
-+ OCSP_accept_responses_new;
-+ asn1_do_lock;
-+ PKCS7_ATTR_VERIFY_it;
-+ KRB5_APREQBODY_it;
-+ i2d_OCSP_SINGLERESP;
-+ ASN1_item_ex_new;
-+ UI_add_verify_string;
-+ _ossl_old_des_set_key;
-+ KRB5_PRINCNAME_it;
-+ EVP_DecryptInit_ex;
-+ i2d_OCSP_CERTID;
-+ ASN1_item_d2i_bio;
-+ EC_POINT_dbl;
-+ asn1_get_choice_selector;
-+ i2d_KRB5_CHECKSUM;
-+ ENGINE_set_table_flags;
-+ AES_options;
-+ ENGINE_load_chil;
-+ OCSP_id_cmp;
-+ OCSP_BASICRESP_new;
-+ OCSP_REQUEST_get_ext_by_NID;
-+ KRB5_APREQ_it;
-+ ENGINE_get_destroy_function;
-+ CONF_set_nconf;
-+ ASN1_PRINTABLE_free;
-+ OCSP_BASICRESP_get_ext_by_NID;
-+ DIST_POINT_NAME_it;
-+ X509V3_extensions_print;
-+ _ossl_old_des_cfb64_encrypt;
-+ X509_REVOKED_add1_ext_i2d;
-+ _ossl_old_des_ofb_encrypt;
-+ KRB5_TKTBODY_new;
-+ ASN1_OCTET_STRING_it;
-+ ERR_load_UI_strings;
-+ i2d_KRB5_ENCKEY;
-+ ASN1_template_new;
-+ OCSP_SIGNATURE_free;
-+ ASN1_item_i2d_fp;
-+ KRB5_PRINCNAME_free;
-+ PKCS7_RECIP_INFO_it;
-+ EXTENDED_KEY_USAGE_it;
-+ EC_GFp_simple_method;
-+ EC_GROUP_precompute_mult;
-+ OCSP_request_onereq_get0;
-+ UI_method_set_writer;
-+ KRB5_AUTHENT_new;
-+ X509_CRL_INFO_it;
-+ DSO_set_name_converter;
-+ AES_set_decrypt_key;
-+ PKCS7_DIGEST_it;
-+ PKCS12_x5092certbag;
-+ EVP_DigestInit_ex;
-+ i2a_ACCESS_DESCRIPTION;
-+ OCSP_RESPONSE_it;
-+ PKCS7_ENC_CONTENT_it;
-+ OCSP_request_add0_id;
-+ EC_POINT_make_affine;
-+ DSO_get_filename;
-+ OCSP_CERTSTATUS_it;
-+ OCSP_request_add1_cert;
-+ UI_get0_output_string;
-+ UI_dup_verify_string;
-+ BN_mod_lshift;
-+ KRB5_AUTHDATA_it;
-+ asn1_set_choice_selector;
-+ OCSP_basic_add1_status;
-+ OCSP_RESPID_free;
-+ asn1_get_field_ptr;
-+ UI_add_input_string;
-+ OCSP_CRLID_it;
-+ i2d_KRB5_AUTHENTBODY;
-+ OCSP_REQUEST_get_ext_count;
-+ ENGINE_load_atalla;
-+ X509_NAME_it;
-+ USERNOTICE_it;
-+ OCSP_REQINFO_new;
-+ OCSP_BASICRESP_get_ext;
-+ CRYPTO_get_ex_data_implementation;
-+ CRYPTO_get_ex_data_impl;
-+ ASN1_item_pack;
-+ i2d_KRB5_ENCDATA;
-+ X509_PURPOSE_set;
-+ X509_REQ_INFO_it;
-+ UI_method_set_opener;
-+ ASN1_item_ex_free;
-+ ASN1_BOOLEAN_it;
-+ ENGINE_get_table_flags;
-+ UI_create_method;
-+ OCSP_ONEREQ_add1_ext_i2d;
-+ _shadow_DES_check_key;
-+ d2i_OCSP_REQINFO;
-+ UI_add_info_string;
-+ UI_get_result_minsize;
-+ ASN1_NULL_it;
-+ BN_mod_lshift1;
-+ d2i_OCSP_ONEREQ;
-+ OCSP_ONEREQ_new;
-+ KRB5_TICKET_it;
-+ EVP_aes_192_cbc;
-+ KRB5_TICKET_free;
-+ UI_new;
-+ OCSP_response_create;
-+ _ossl_old_des_xcbc_encrypt;
-+ PKCS7_it;
-+ OCSP_REQUEST_get_ext_by_critical;
-+ OCSP_REQUEST_get_ext_by_crit;
-+ ENGINE_set_flags;
-+ _ossl_old_des_ecb_encrypt;
-+ OCSP_response_get1_basic;
-+ EVP_Digest;
-+ OCSP_ONEREQ_delete_ext;
-+ ASN1_TBOOLEAN_it;
-+ ASN1_item_new;
-+ ASN1_TIME_to_generalizedtime;
-+ BIGNUM_it;
-+ AES_cbc_encrypt;
-+ ENGINE_get_load_privkey_function;
-+ ENGINE_get_load_privkey_fn;
-+ OCSP_RESPONSE_free;
-+ UI_method_set_reader;
-+ i2d_ASN1_T61STRING;
-+ EC_POINT_set_to_infinity;
-+ ERR_load_OCSP_strings;
-+ EC_POINT_point2oct;
-+ KRB5_APREQ_free;
-+ ASN1_OBJECT_it;
-+ OCSP_crlID_new;
-+ OCSP_crlID2_new;
-+ CONF_modules_load_file;
-+ CONF_imodule_set_usr_data;
-+ ENGINE_set_default_string;
-+ CONF_module_get_usr_data;
-+ ASN1_add_oid_module;
-+ CONF_modules_finish;
-+ OPENSSL_config;
-+ CONF_modules_unload;
-+ CONF_imodule_get_value;
-+ CONF_module_set_usr_data;
-+ CONF_parse_list;
-+ CONF_module_add;
-+ CONF_get1_default_config_file;
-+ CONF_imodule_get_flags;
-+ CONF_imodule_get_module;
-+ CONF_modules_load;
-+ CONF_imodule_get_name;
-+ ERR_peek_top_error;
-+ CONF_imodule_get_usr_data;
-+ CONF_imodule_set_flags;
-+ ENGINE_add_conf_module;
-+ ERR_peek_last_error_line;
-+ ERR_peek_last_error_line_data;
-+ ERR_peek_last_error;
-+ DES_read_2passwords;
-+ DES_read_password;
-+ UI_UTIL_read_pw;
-+ UI_UTIL_read_pw_string;
-+ ENGINE_load_aep;
-+ ENGINE_load_sureware;
-+ OPENSSL_add_all_algorithms_noconf;
-+ OPENSSL_add_all_algo_noconf;
-+ OPENSSL_add_all_algorithms_conf;
-+ OPENSSL_add_all_algo_conf;
-+ OPENSSL_load_builtin_modules;
-+ AES_ofb128_encrypt;
-+ AES_ctr128_encrypt;
-+ AES_cfb128_encrypt;
-+ ENGINE_load_4758cca;
-+ _ossl_096_des_random_seed;
-+ EVP_aes_256_ofb;
-+ EVP_aes_192_ofb;
-+ EVP_aes_128_cfb128;
-+ EVP_aes_256_cfb128;
-+ EVP_aes_128_ofb;
-+ EVP_aes_192_cfb128;
-+ CONF_modules_free;
-+ NCONF_default;
-+ OPENSSL_no_config;
-+ NCONF_WIN32;
-+ ASN1_UNIVERSALSTRING_new;
-+ EVP_des_ede_ecb;
-+ i2d_ASN1_UNIVERSALSTRING;
-+ ASN1_UNIVERSALSTRING_free;
-+ ASN1_UNIVERSALSTRING_it;
-+ d2i_ASN1_UNIVERSALSTRING;
-+ EVP_des_ede3_ecb;
-+ X509_REQ_print_ex;
-+ ENGINE_up_ref;
-+ BUF_MEM_grow_clean;
-+ CRYPTO_realloc_clean;
-+ BUF_strlcat;
-+ BIO_indent;
-+ BUF_strlcpy;
-+ OpenSSLDie;
-+ OPENSSL_cleanse;
-+ ENGINE_setup_bsd_cryptodev;
-+ ERR_release_err_state_table;
-+ EVP_aes_128_cfb8;
-+ FIPS_corrupt_rsa;
-+ FIPS_selftest_des;
-+ EVP_aes_128_cfb1;
-+ EVP_aes_192_cfb8;
-+ FIPS_mode_set;
-+ FIPS_selftest_dsa;
-+ EVP_aes_256_cfb8;
-+ FIPS_allow_md5;
-+ DES_ede3_cfb_encrypt;
-+ EVP_des_ede3_cfb8;
-+ FIPS_rand_seeded;
-+ AES_cfbr_encrypt_block;
-+ AES_cfb8_encrypt;
-+ FIPS_rand_seed;
-+ FIPS_corrupt_des;
-+ EVP_aes_192_cfb1;
-+ FIPS_selftest_aes;
-+ FIPS_set_prng_key;
-+ EVP_des_cfb8;
-+ FIPS_corrupt_dsa;
-+ FIPS_test_mode;
-+ FIPS_rand_method;
-+ EVP_aes_256_cfb1;
-+ ERR_load_FIPS_strings;
-+ FIPS_corrupt_aes;
-+ FIPS_selftest_sha1;
-+ FIPS_selftest_rsa;
-+ FIPS_corrupt_sha1;
-+ EVP_des_cfb1;
-+ FIPS_dsa_check;
-+ AES_cfb1_encrypt;
-+ EVP_des_ede3_cfb1;
-+ FIPS_rand_check;
-+ FIPS_md5_allowed;
-+ FIPS_mode;
-+ FIPS_selftest_failed;
-+ sk_is_sorted;
-+ X509_check_ca;
-+ HMAC_CTX_set_flags;
-+ d2i_PROXY_CERT_INFO_EXTENSION;
-+ PROXY_POLICY_it;
-+ i2d_PROXY_POLICY;
-+ i2d_PROXY_CERT_INFO_EXTENSION;
-+ d2i_PROXY_POLICY;
-+ PROXY_CERT_INFO_EXTENSION_new;
-+ PROXY_CERT_INFO_EXTENSION_free;
-+ PROXY_CERT_INFO_EXTENSION_it;
-+ PROXY_POLICY_free;
-+ PROXY_POLICY_new;
-+ BN_MONT_CTX_set_locked;
-+ FIPS_selftest_rng;
-+ EVP_sha384;
-+ EVP_sha512;
-+ EVP_sha224;
-+ EVP_sha256;
-+ FIPS_selftest_hmac;
-+ FIPS_corrupt_rng;
-+ BN_mod_exp_mont_consttime;
-+ RSA_X931_hash_id;
-+ RSA_padding_check_X931;
-+ RSA_verify_PKCS1_PSS;
-+ RSA_padding_add_X931;
-+ RSA_padding_add_PKCS1_PSS;
-+ PKCS1_MGF1;
-+ BN_X931_generate_Xpq;
-+ RSA_X931_generate_key;
-+ BN_X931_derive_prime;
-+ BN_X931_generate_prime;
-+ RSA_X931_derive;
-+ BIO_new_dgram;
-+ BN_get0_nist_prime_384;
-+ ERR_set_mark;
-+ X509_STORE_CTX_set0_crls;
-+ ENGINE_set_STORE;
-+ ENGINE_register_ECDSA;
-+ STORE_meth_set_list_start_fn;
-+ STORE_method_set_list_start_function;
-+ BN_BLINDING_invert_ex;
-+ NAME_CONSTRAINTS_free;
-+ STORE_ATTR_INFO_set_number;
-+ BN_BLINDING_get_thread_id;
-+ X509_STORE_CTX_set0_param;
-+ POLICY_MAPPING_it;
-+ STORE_parse_attrs_start;
-+ POLICY_CONSTRAINTS_free;
-+ EVP_PKEY_add1_attr_by_NID;
-+ BN_nist_mod_192;
-+ EC_GROUP_get_trinomial_basis;
-+ STORE_set_method;
-+ GENERAL_SUBTREE_free;
-+ NAME_CONSTRAINTS_it;
-+ ECDH_get_default_method;
-+ PKCS12_add_safe;
-+ EC_KEY_new_by_curve_name;
-+ STORE_meth_get_update_store_fn;
-+ STORE_method_get_update_store_function;
-+ ENGINE_register_ECDH;
-+ SHA512_Update;
-+ i2d_ECPrivateKey;
-+ BN_get0_nist_prime_192;
-+ STORE_modify_certificate;
-+ EC_POINT_set_affine_coordinates_GF2m;
-+ EC_POINT_set_affine_coords_GF2m;
-+ BN_GF2m_mod_exp_arr;
-+ STORE_ATTR_INFO_modify_number;
-+ X509_keyid_get0;
-+ ENGINE_load_gmp;
-+ pitem_new;
-+ BN_GF2m_mod_mul_arr;
-+ STORE_list_public_key_endp;
-+ o2i_ECPublicKey;
-+ EC_KEY_copy;
-+ BIO_dump_fp;
-+ X509_policy_node_get0_parent;
-+ EC_GROUP_check_discriminant;
-+ i2o_ECPublicKey;
-+ EC_KEY_precompute_mult;
-+ a2i_IPADDRESS;
-+ STORE_meth_set_initialise_fn;
-+ STORE_method_set_initialise_function;
-+ X509_STORE_CTX_set_depth;
-+ X509_VERIFY_PARAM_inherit;
-+ EC_POINT_point2bn;
-+ STORE_ATTR_INFO_set_dn;
-+ X509_policy_tree_get0_policies;
-+ EC_GROUP_new_curve_GF2m;
-+ STORE_destroy_method;
-+ ENGINE_unregister_STORE;
-+ EVP_PKEY_get1_EC_KEY;
-+ STORE_ATTR_INFO_get0_number;
-+ ENGINE_get_default_ECDH;
-+ EC_KEY_get_conv_form;
-+ ASN1_OCTET_STRING_NDEF_it;
-+ STORE_delete_public_key;
-+ STORE_get_public_key;
-+ STORE_modify_arbitrary;
-+ ENGINE_get_static_state;
-+ pqueue_iterator;
-+ ECDSA_SIG_new;
-+ OPENSSL_DIR_end;
-+ BN_GF2m_mod_sqr;
-+ EC_POINT_bn2point;
-+ X509_VERIFY_PARAM_set_depth;
-+ EC_KEY_set_asn1_flag;
-+ STORE_get_method;
-+ EC_KEY_get_key_method_data;
-+ ECDSA_sign_ex;
-+ STORE_parse_attrs_end;
-+ EC_GROUP_get_point_conversion_form;
-+ EC_GROUP_get_point_conv_form;
-+ STORE_method_set_store_function;
-+ STORE_ATTR_INFO_in;
-+ PEM_read_bio_ECPKParameters;
-+ EC_GROUP_get_pentanomial_basis;
-+ EVP_PKEY_add1_attr_by_txt;
-+ BN_BLINDING_set_flags;
-+ X509_VERIFY_PARAM_set1_policies;
-+ X509_VERIFY_PARAM_set1_name;
-+ X509_VERIFY_PARAM_set_purpose;
-+ STORE_get_number;
-+ ECDSA_sign_setup;
-+ BN_GF2m_mod_solve_quad_arr;
-+ EC_KEY_up_ref;
-+ POLICY_MAPPING_free;
-+ BN_GF2m_mod_div;
-+ X509_VERIFY_PARAM_set_flags;
-+ EC_KEY_free;
-+ STORE_meth_set_list_next_fn;
-+ STORE_method_set_list_next_function;
-+ PEM_write_bio_ECPrivateKey;
-+ d2i_EC_PUBKEY;
-+ STORE_meth_get_generate_fn;
-+ STORE_method_get_generate_function;
-+ STORE_meth_set_list_end_fn;
-+ STORE_method_set_list_end_function;
-+ pqueue_print;
-+ EC_GROUP_have_precompute_mult;
-+ EC_KEY_print_fp;
-+ BN_GF2m_mod_arr;
-+ PEM_write_bio_X509_CERT_PAIR;
-+ EVP_PKEY_cmp;
-+ X509_policy_level_node_count;
-+ STORE_new_engine;
-+ STORE_list_public_key_start;
-+ X509_VERIFY_PARAM_new;
-+ ECDH_get_ex_data;
-+ EVP_PKEY_get_attr;
-+ ECDSA_do_sign;
-+ ENGINE_unregister_ECDH;
-+ ECDH_OpenSSL;
-+ EC_KEY_set_conv_form;
-+ EC_POINT_dup;
-+ GENERAL_SUBTREE_new;
-+ STORE_list_crl_endp;
-+ EC_get_builtin_curves;
-+ X509_policy_node_get0_qualifiers;
-+ X509_pcy_node_get0_qualifiers;
-+ STORE_list_crl_end;
-+ EVP_PKEY_set1_EC_KEY;
-+ BN_GF2m_mod_sqrt_arr;
-+ i2d_ECPrivateKey_bio;
-+ ECPKParameters_print_fp;
-+ pqueue_find;
-+ ECDSA_SIG_free;
-+ PEM_write_bio_ECPKParameters;
-+ STORE_method_set_ctrl_function;
-+ STORE_list_public_key_end;
-+ EC_KEY_set_private_key;
-+ pqueue_peek;
-+ STORE_get_arbitrary;
-+ STORE_store_crl;
-+ X509_policy_node_get0_policy;
-+ PKCS12_add_safes;
-+ BN_BLINDING_convert_ex;
-+ X509_policy_tree_free;
-+ OPENSSL_ia32cap_loc;
-+ BN_GF2m_poly2arr;
-+ STORE_ctrl;
-+ STORE_ATTR_INFO_compare;
-+ BN_get0_nist_prime_224;
-+ i2d_ECParameters;
-+ i2d_ECPKParameters;
-+ BN_GENCB_call;
-+ d2i_ECPKParameters;
-+ STORE_meth_set_generate_fn;
-+ STORE_method_set_generate_function;
-+ ENGINE_set_ECDH;
-+ NAME_CONSTRAINTS_new;
-+ SHA256_Init;
-+ EC_KEY_get0_public_key;
-+ PEM_write_bio_EC_PUBKEY;
-+ STORE_ATTR_INFO_set_cstr;
-+ STORE_list_crl_next;
-+ STORE_ATTR_INFO_in_range;
-+ ECParameters_print;
-+ STORE_meth_set_delete_fn;
-+ STORE_method_set_delete_function;
-+ STORE_list_certificate_next;
-+ ASN1_generate_nconf;
-+ BUF_memdup;
-+ BN_GF2m_mod_mul;
-+ STORE_meth_get_list_next_fn;
-+ STORE_method_get_list_next_function;
-+ STORE_ATTR_INFO_get0_dn;
-+ STORE_list_private_key_next;
-+ EC_GROUP_set_seed;
-+ X509_VERIFY_PARAM_set_trust;
-+ STORE_ATTR_INFO_free;
-+ STORE_get_private_key;
-+ EVP_PKEY_get_attr_count;
-+ STORE_ATTR_INFO_new;
-+ EC_GROUP_get_curve_GF2m;
-+ STORE_meth_set_revoke_fn;
-+ STORE_method_set_revoke_function;
-+ STORE_store_number;
-+ BN_is_prime_ex;
-+ STORE_revoke_public_key;
-+ X509_STORE_CTX_get0_param;
-+ STORE_delete_arbitrary;
-+ PEM_read_X509_CERT_PAIR;
-+ X509_STORE_set_depth;
-+ ECDSA_get_ex_data;
-+ SHA224;
-+ BIO_dump_indent_fp;
-+ EC_KEY_set_group;
-+ BUF_strndup;
-+ STORE_list_certificate_start;
-+ BN_GF2m_mod;
-+ X509_REQ_check_private_key;
-+ EC_GROUP_get_seed_len;
-+ ERR_load_STORE_strings;
-+ PEM_read_bio_EC_PUBKEY;
-+ STORE_list_private_key_end;
-+ i2d_EC_PUBKEY;
-+ ECDSA_get_default_method;
-+ ASN1_put_eoc;
-+ X509_STORE_CTX_get_explicit_policy;
-+ X509_STORE_CTX_get_expl_policy;
-+ X509_VERIFY_PARAM_table_cleanup;
-+ STORE_modify_private_key;
-+ X509_VERIFY_PARAM_free;
-+ EC_METHOD_get_field_type;
-+ EC_GFp_nist_method;
-+ STORE_meth_set_modify_fn;
-+ STORE_method_set_modify_function;
-+ STORE_parse_attrs_next;
-+ ENGINE_load_padlock;
-+ EC_GROUP_set_curve_name;
-+ X509_CERT_PAIR_it;
-+ STORE_meth_get_revoke_fn;
-+ STORE_method_get_revoke_function;
-+ STORE_method_set_get_function;
-+ STORE_modify_number;
-+ STORE_method_get_store_function;
-+ STORE_store_private_key;
-+ BN_GF2m_mod_sqr_arr;
-+ RSA_setup_blinding;
-+ BIO_s_datagram;
-+ STORE_Memory;
-+ sk_find_ex;
-+ EC_GROUP_set_curve_GF2m;
-+ ENGINE_set_default_ECDSA;
-+ POLICY_CONSTRAINTS_new;
-+ BN_GF2m_mod_sqrt;
-+ ECDH_set_default_method;
-+ EC_KEY_generate_key;
-+ SHA384_Update;
-+ BN_GF2m_arr2poly;
-+ STORE_method_get_get_function;
-+ STORE_meth_set_cleanup_fn;
-+ STORE_method_set_cleanup_function;
-+ EC_GROUP_check;
-+ d2i_ECPrivateKey_bio;
-+ EC_KEY_insert_key_method_data;
-+ STORE_meth_get_lock_store_fn;
-+ STORE_method_get_lock_store_function;
-+ X509_VERIFY_PARAM_get_depth;
-+ SHA224_Final;
-+ STORE_meth_set_update_store_fn;
-+ STORE_method_set_update_store_function;
-+ SHA224_Update;
-+ d2i_ECPrivateKey;
-+ ASN1_item_ndef_i2d;
-+ STORE_delete_private_key;
-+ ERR_pop_to_mark;
-+ ENGINE_register_all_STORE;
-+ X509_policy_level_get0_node;
-+ i2d_PKCS7_NDEF;
-+ EC_GROUP_get_degree;
-+ ASN1_generate_v3;
-+ STORE_ATTR_INFO_modify_cstr;
-+ X509_policy_tree_level_count;
-+ BN_GF2m_add;
-+ EC_KEY_get0_group;
-+ STORE_generate_crl;
-+ STORE_store_public_key;
-+ X509_CERT_PAIR_free;
-+ STORE_revoke_private_key;
-+ BN_nist_mod_224;
-+ SHA512_Final;
-+ STORE_ATTR_INFO_modify_dn;
-+ STORE_meth_get_initialise_fn;
-+ STORE_method_get_initialise_function;
-+ STORE_delete_number;
-+ i2d_EC_PUBKEY_bio;
-+ BIO_dgram_non_fatal_error;
-+ EC_GROUP_get_asn1_flag;
-+ STORE_ATTR_INFO_in_ex;
-+ STORE_list_crl_start;
-+ ECDH_get_ex_new_index;
-+ STORE_meth_get_modify_fn;
-+ STORE_method_get_modify_function;
-+ v2i_ASN1_BIT_STRING;
-+ STORE_store_certificate;
-+ OBJ_bsearch_ex;
-+ X509_STORE_CTX_set_default;
-+ STORE_ATTR_INFO_set_sha1str;
-+ BN_GF2m_mod_inv;
-+ BN_GF2m_mod_exp;
-+ STORE_modify_public_key;
-+ STORE_meth_get_list_start_fn;
-+ STORE_method_get_list_start_function;
-+ EC_GROUP_get0_seed;
-+ STORE_store_arbitrary;
-+ STORE_meth_set_unlock_store_fn;
-+ STORE_method_set_unlock_store_function;
-+ BN_GF2m_mod_div_arr;
-+ ENGINE_set_ECDSA;
-+ STORE_create_method;
-+ ECPKParameters_print;
-+ EC_KEY_get0_private_key;
-+ PEM_write_EC_PUBKEY;
-+ X509_VERIFY_PARAM_set1;
-+ ECDH_set_method;
-+ v2i_GENERAL_NAME_ex;
-+ ECDH_set_ex_data;
-+ STORE_generate_key;
-+ BN_nist_mod_521;
-+ X509_policy_tree_get0_level;
-+ EC_GROUP_set_point_conversion_form;
-+ EC_GROUP_set_point_conv_form;
-+ PEM_read_EC_PUBKEY;
-+ i2d_ECDSA_SIG;
-+ ECDSA_OpenSSL;
-+ STORE_delete_crl;
-+ EC_KEY_get_enc_flags;
-+ ASN1_const_check_infinite_end;
-+ EVP_PKEY_delete_attr;
-+ ECDSA_set_default_method;
-+ EC_POINT_set_compressed_coordinates_GF2m;
-+ EC_POINT_set_compr_coords_GF2m;
-+ EC_GROUP_cmp;
-+ STORE_revoke_certificate;
-+ BN_get0_nist_prime_256;
-+ STORE_meth_get_delete_fn;
-+ STORE_method_get_delete_function;
-+ SHA224_Init;
-+ PEM_read_ECPrivateKey;
-+ SHA512_Init;
-+ STORE_parse_attrs_endp;
-+ BN_set_negative;
-+ ERR_load_ECDSA_strings;
-+ EC_GROUP_get_basis_type;
-+ STORE_list_public_key_next;
-+ i2v_ASN1_BIT_STRING;
-+ STORE_OBJECT_free;
-+ BN_nist_mod_384;
-+ i2d_X509_CERT_PAIR;
-+ PEM_write_ECPKParameters;
-+ ECDH_compute_key;
-+ STORE_ATTR_INFO_get0_sha1str;
-+ ENGINE_register_all_ECDH;
-+ pqueue_pop;
-+ STORE_ATTR_INFO_get0_cstr;
-+ POLICY_CONSTRAINTS_it;
-+ STORE_get_ex_new_index;
-+ EVP_PKEY_get_attr_by_OBJ;
-+ X509_VERIFY_PARAM_add0_policy;
-+ BN_GF2m_mod_solve_quad;
-+ SHA256;
-+ i2d_ECPrivateKey_fp;
-+ X509_policy_tree_get0_user_policies;
-+ X509_pcy_tree_get0_usr_policies;
-+ OPENSSL_DIR_read;
-+ ENGINE_register_all_ECDSA;
-+ X509_VERIFY_PARAM_lookup;
-+ EC_POINT_get_affine_coordinates_GF2m;
-+ EC_POINT_get_affine_coords_GF2m;
-+ EC_GROUP_dup;
-+ ENGINE_get_default_ECDSA;
-+ EC_KEY_new;
-+ SHA256_Transform;
-+ EC_KEY_set_enc_flags;
-+ ECDSA_verify;
-+ EC_POINT_point2hex;
-+ ENGINE_get_STORE;
-+ SHA512;
-+ STORE_get_certificate;
-+ ECDSA_do_sign_ex;
-+ ECDSA_do_verify;
-+ d2i_ECPrivateKey_fp;
-+ STORE_delete_certificate;
-+ SHA512_Transform;
-+ X509_STORE_set1_param;
-+ STORE_method_get_ctrl_function;
-+ STORE_free;
-+ PEM_write_ECPrivateKey;
-+ STORE_meth_get_unlock_store_fn;
-+ STORE_method_get_unlock_store_function;
-+ STORE_get_ex_data;
-+ EC_KEY_set_public_key;
-+ PEM_read_ECPKParameters;
-+ X509_CERT_PAIR_new;
-+ ENGINE_register_STORE;
-+ RSA_generate_key_ex;
-+ DSA_generate_parameters_ex;
-+ ECParameters_print_fp;
-+ X509V3_NAME_from_section;
-+ EVP_PKEY_add1_attr;
-+ STORE_modify_crl;
-+ STORE_list_private_key_start;
-+ POLICY_MAPPINGS_it;
-+ GENERAL_SUBTREE_it;
-+ EC_GROUP_get_curve_name;
-+ PEM_write_X509_CERT_PAIR;
-+ BIO_dump_indent_cb;
-+ d2i_X509_CERT_PAIR;
-+ STORE_list_private_key_endp;
-+ asn1_const_Finish;
-+ i2d_EC_PUBKEY_fp;
-+ BN_nist_mod_256;
-+ X509_VERIFY_PARAM_add0_table;
-+ pqueue_free;
-+ BN_BLINDING_create_param;
-+ ECDSA_size;
-+ d2i_EC_PUBKEY_bio;
-+ BN_get0_nist_prime_521;
-+ STORE_ATTR_INFO_modify_sha1str;
-+ BN_generate_prime_ex;
-+ EC_GROUP_new_by_curve_name;
-+ SHA256_Final;
-+ DH_generate_parameters_ex;
-+ PEM_read_bio_ECPrivateKey;
-+ STORE_meth_get_cleanup_fn;
-+ STORE_method_get_cleanup_function;
-+ ENGINE_get_ECDH;
-+ d2i_ECDSA_SIG;
-+ BN_is_prime_fasttest_ex;
-+ ECDSA_sign;
-+ X509_policy_check;
-+ EVP_PKEY_get_attr_by_NID;
-+ STORE_set_ex_data;
-+ ENGINE_get_ECDSA;
-+ EVP_ecdsa;
-+ BN_BLINDING_get_flags;
-+ PKCS12_add_cert;
-+ STORE_OBJECT_new;
-+ ERR_load_ECDH_strings;
-+ EC_KEY_dup;
-+ EVP_CIPHER_CTX_rand_key;
-+ ECDSA_set_method;
-+ a2i_IPADDRESS_NC;
-+ d2i_ECParameters;
-+ STORE_list_certificate_end;
-+ STORE_get_crl;
-+ X509_POLICY_NODE_print;
-+ SHA384_Init;
-+ EC_GF2m_simple_method;
-+ ECDSA_set_ex_data;
-+ SHA384_Final;
-+ PKCS7_set_digest;
-+ EC_KEY_print;
-+ STORE_meth_set_lock_store_fn;
-+ STORE_method_set_lock_store_function;
-+ ECDSA_get_ex_new_index;
-+ SHA384;
-+ POLICY_MAPPING_new;
-+ STORE_list_certificate_endp;
-+ X509_STORE_CTX_get0_policy_tree;
-+ EC_GROUP_set_asn1_flag;
-+ EC_KEY_check_key;
-+ d2i_EC_PUBKEY_fp;
-+ PKCS7_set0_type_other;
-+ PEM_read_bio_X509_CERT_PAIR;
-+ pqueue_next;
-+ STORE_meth_get_list_end_fn;
-+ STORE_method_get_list_end_function;
-+ EVP_PKEY_add1_attr_by_OBJ;
-+ X509_VERIFY_PARAM_set_time;
-+ pqueue_new;
-+ ENGINE_set_default_ECDH;
-+ STORE_new_method;
-+ PKCS12_add_key;
-+ DSO_merge;
-+ EC_POINT_hex2point;
-+ BIO_dump_cb;
-+ SHA256_Update;
-+ pqueue_insert;
-+ pitem_free;
-+ BN_GF2m_mod_inv_arr;
-+ ENGINE_unregister_ECDSA;
-+ BN_BLINDING_set_thread_id;
-+ get_rfc3526_prime_8192;
-+ X509_VERIFY_PARAM_clear_flags;
-+ get_rfc2409_prime_1024;
-+ DH_check_pub_key;
-+ get_rfc3526_prime_2048;
-+ get_rfc3526_prime_6144;
-+ get_rfc3526_prime_1536;
-+ get_rfc3526_prime_3072;
-+ get_rfc3526_prime_4096;
-+ get_rfc2409_prime_768;
-+ X509_VERIFY_PARAM_get_flags;
-+ EVP_CIPHER_CTX_new;
-+ EVP_CIPHER_CTX_free;
-+ Camellia_cbc_encrypt;
-+ Camellia_cfb128_encrypt;
-+ Camellia_cfb1_encrypt;
-+ Camellia_cfb8_encrypt;
-+ Camellia_ctr128_encrypt;
-+ Camellia_cfbr_encrypt_block;
-+ Camellia_decrypt;
-+ Camellia_ecb_encrypt;
-+ Camellia_encrypt;
-+ Camellia_ofb128_encrypt;
-+ Camellia_set_key;
-+ EVP_camellia_128_cbc;
-+ EVP_camellia_128_cfb128;
-+ EVP_camellia_128_cfb1;
-+ EVP_camellia_128_cfb8;
-+ EVP_camellia_128_ecb;
-+ EVP_camellia_128_ofb;
-+ EVP_camellia_192_cbc;
-+ EVP_camellia_192_cfb128;
-+ EVP_camellia_192_cfb1;
-+ EVP_camellia_192_cfb8;
-+ EVP_camellia_192_ecb;
-+ EVP_camellia_192_ofb;
-+ EVP_camellia_256_cbc;
-+ EVP_camellia_256_cfb128;
-+ EVP_camellia_256_cfb1;
-+ EVP_camellia_256_cfb8;
-+ EVP_camellia_256_ecb;
-+ EVP_camellia_256_ofb;
-+ a2i_ipadd;
-+ ASIdentifiers_free;
-+ i2d_ASIdOrRange;
-+ EVP_CIPHER_block_size;
-+ v3_asid_is_canonical;
-+ IPAddressChoice_free;
-+ EVP_CIPHER_CTX_set_app_data;
-+ BIO_set_callback_arg;
-+ v3_addr_add_prefix;
-+ IPAddressOrRange_it;
-+ BIO_set_flags;
-+ ASIdentifiers_it;
-+ v3_addr_get_range;
-+ BIO_method_type;
-+ v3_addr_inherits;
-+ IPAddressChoice_it;
-+ AES_ige_encrypt;
-+ v3_addr_add_range;
-+ EVP_CIPHER_CTX_nid;
-+ d2i_ASRange;
-+ v3_addr_add_inherit;
-+ v3_asid_add_id_or_range;
-+ v3_addr_validate_resource_set;
-+ EVP_CIPHER_iv_length;
-+ EVP_MD_type;
-+ v3_asid_canonize;
-+ IPAddressRange_free;
-+ v3_asid_add_inherit;
-+ EVP_CIPHER_CTX_key_length;
-+ IPAddressRange_new;
-+ ASIdOrRange_new;
-+ EVP_MD_size;
-+ EVP_MD_CTX_test_flags;
-+ BIO_clear_flags;
-+ i2d_ASRange;
-+ IPAddressRange_it;
-+ IPAddressChoice_new;
-+ ASIdentifierChoice_new;
-+ ASRange_free;
-+ EVP_MD_pkey_type;
-+ EVP_MD_CTX_clear_flags;
-+ IPAddressFamily_free;
-+ i2d_IPAddressFamily;
-+ IPAddressOrRange_new;
-+ EVP_CIPHER_flags;
-+ v3_asid_validate_resource_set;
-+ d2i_IPAddressRange;
-+ AES_bi_ige_encrypt;
-+ BIO_get_callback;
-+ IPAddressOrRange_free;
-+ v3_addr_subset;
-+ d2i_IPAddressFamily;
-+ v3_asid_subset;
-+ BIO_test_flags;
-+ i2d_ASIdentifierChoice;
-+ ASRange_it;
-+ d2i_ASIdentifiers;
-+ ASRange_new;
-+ d2i_IPAddressChoice;
-+ v3_addr_get_afi;
-+ EVP_CIPHER_key_length;
-+ EVP_Cipher;
-+ i2d_IPAddressOrRange;
-+ ASIdOrRange_it;
-+ EVP_CIPHER_nid;
-+ i2d_IPAddressChoice;
-+ EVP_CIPHER_CTX_block_size;
-+ ASIdentifiers_new;
-+ v3_addr_validate_path;
-+ IPAddressFamily_new;
-+ EVP_MD_CTX_set_flags;
-+ v3_addr_is_canonical;
-+ i2d_IPAddressRange;
-+ IPAddressFamily_it;
-+ v3_asid_inherits;
-+ EVP_CIPHER_CTX_cipher;
-+ EVP_CIPHER_CTX_get_app_data;
-+ EVP_MD_block_size;
-+ EVP_CIPHER_CTX_flags;
-+ v3_asid_validate_path;
-+ d2i_IPAddressOrRange;
-+ v3_addr_canonize;
-+ ASIdentifierChoice_it;
-+ EVP_MD_CTX_md;
-+ d2i_ASIdentifierChoice;
-+ BIO_method_name;
-+ EVP_CIPHER_CTX_iv_length;
-+ ASIdOrRange_free;
-+ ASIdentifierChoice_free;
-+ BIO_get_callback_arg;
-+ BIO_set_callback;
-+ d2i_ASIdOrRange;
-+ i2d_ASIdentifiers;
-+ SEED_decrypt;
-+ SEED_encrypt;
-+ SEED_cbc_encrypt;
-+ EVP_seed_ofb;
-+ SEED_cfb128_encrypt;
-+ SEED_ofb128_encrypt;
-+ EVP_seed_cbc;
-+ SEED_ecb_encrypt;
-+ EVP_seed_ecb;
-+ SEED_set_key;
-+ EVP_seed_cfb128;
-+ X509_EXTENSIONS_it;
-+ X509_get1_ocsp;
-+ OCSP_REQ_CTX_free;
-+ i2d_X509_EXTENSIONS;
-+ OCSP_sendreq_nbio;
-+ OCSP_sendreq_new;
-+ d2i_X509_EXTENSIONS;
-+ X509_ALGORS_it;
-+ X509_ALGOR_get0;
-+ X509_ALGOR_set0;
-+ AES_unwrap_key;
-+ AES_wrap_key;
-+ X509at_get0_data_by_OBJ;
-+ ASN1_TYPE_set1;
-+ ASN1_STRING_set0;
-+ i2d_X509_ALGORS;
-+ BIO_f_zlib;
-+ COMP_zlib_cleanup;
-+ d2i_X509_ALGORS;
-+ CMS_ReceiptRequest_free;
-+ PEM_write_CMS;
-+ CMS_add0_CertificateChoices;
-+ CMS_unsigned_add1_attr_by_OBJ;
-+ ERR_load_CMS_strings;
-+ CMS_sign_receipt;
-+ i2d_CMS_ContentInfo;
-+ CMS_signed_delete_attr;
-+ d2i_CMS_bio;
-+ CMS_unsigned_get_attr_by_NID;
-+ CMS_verify;
-+ SMIME_read_CMS;
-+ CMS_decrypt_set1_key;
-+ CMS_SignerInfo_get0_algs;
-+ CMS_add1_cert;
-+ CMS_set_detached;
-+ CMS_encrypt;
-+ CMS_EnvelopedData_create;
-+ CMS_uncompress;
-+ CMS_add0_crl;
-+ CMS_SignerInfo_verify_content;
-+ CMS_unsigned_get0_data_by_OBJ;
-+ PEM_write_bio_CMS;
-+ CMS_unsigned_get_attr;
-+ CMS_RecipientInfo_ktri_cert_cmp;
-+ CMS_RecipientInfo_ktri_get0_algs;
-+ CMS_RecipInfo_ktri_get0_algs;
-+ CMS_ContentInfo_free;
-+ CMS_final;
-+ CMS_add_simple_smimecap;
-+ CMS_SignerInfo_verify;
-+ CMS_data;
-+ CMS_ContentInfo_it;
-+ d2i_CMS_ReceiptRequest;
-+ CMS_compress;
-+ CMS_digest_create;
-+ CMS_SignerInfo_cert_cmp;
-+ CMS_SignerInfo_sign;
-+ CMS_data_create;
-+ i2d_CMS_bio;
-+ CMS_EncryptedData_set1_key;
-+ CMS_decrypt;
-+ int_smime_write_ASN1;
-+ CMS_unsigned_delete_attr;
-+ CMS_unsigned_get_attr_count;
-+ CMS_add_smimecap;
-+ PEM_read_CMS;
-+ CMS_signed_get_attr_by_OBJ;
-+ d2i_CMS_ContentInfo;
-+ CMS_add_standard_smimecap;
-+ CMS_ContentInfo_new;
-+ CMS_RecipientInfo_type;
-+ CMS_get0_type;
-+ CMS_is_detached;
-+ CMS_sign;
-+ CMS_signed_add1_attr;
-+ CMS_unsigned_get_attr_by_OBJ;
-+ SMIME_write_CMS;
-+ CMS_EncryptedData_decrypt;
-+ CMS_get0_RecipientInfos;
-+ CMS_add0_RevocationInfoChoice;
-+ CMS_decrypt_set1_pkey;
-+ CMS_SignerInfo_set1_signer_cert;
-+ CMS_get0_signers;
-+ CMS_ReceiptRequest_get0_values;
-+ CMS_signed_get0_data_by_OBJ;
-+ CMS_get0_SignerInfos;
-+ CMS_add0_cert;
-+ CMS_EncryptedData_encrypt;
-+ CMS_digest_verify;
-+ CMS_set1_signers_certs;
-+ CMS_signed_get_attr;
-+ CMS_RecipientInfo_set0_key;
-+ CMS_SignedData_init;
-+ CMS_RecipientInfo_kekri_get0_id;
-+ CMS_verify_receipt;
-+ CMS_ReceiptRequest_it;
-+ PEM_read_bio_CMS;
-+ CMS_get1_crls;
-+ CMS_add0_recipient_key;
-+ SMIME_read_ASN1;
-+ CMS_ReceiptRequest_new;
-+ CMS_get0_content;
-+ CMS_get1_ReceiptRequest;
-+ CMS_signed_add1_attr_by_OBJ;
-+ CMS_RecipientInfo_kekri_id_cmp;
-+ CMS_add1_ReceiptRequest;
-+ CMS_SignerInfo_get0_signer_id;
-+ CMS_unsigned_add1_attr_by_NID;
-+ CMS_unsigned_add1_attr;
-+ CMS_signed_get_attr_by_NID;
-+ CMS_get1_certs;
-+ CMS_signed_add1_attr_by_NID;
-+ CMS_unsigned_add1_attr_by_txt;
-+ CMS_dataFinal;
-+ CMS_RecipientInfo_ktri_get0_signer_id;
-+ CMS_RecipInfo_ktri_get0_sigr_id;
-+ i2d_CMS_ReceiptRequest;
-+ CMS_add1_recipient_cert;
-+ CMS_dataInit;
-+ CMS_signed_add1_attr_by_txt;
-+ CMS_RecipientInfo_decrypt;
-+ CMS_signed_get_attr_count;
-+ CMS_get0_eContentType;
-+ CMS_set1_eContentType;
-+ CMS_ReceiptRequest_create0;
-+ CMS_add1_signer;
-+ CMS_RecipientInfo_set0_pkey;
-+ ENGINE_set_load_ssl_client_cert_function;
-+ ENGINE_set_ld_ssl_clnt_cert_fn;
-+ ENGINE_get_ssl_client_cert_function;
-+ ENGINE_get_ssl_client_cert_fn;
-+ ENGINE_load_ssl_client_cert;
-+ ENGINE_load_capi;
-+ OPENSSL_isservice;
-+ FIPS_dsa_sig_decode;
-+ EVP_CIPHER_CTX_clear_flags;
-+ FIPS_rand_status;
-+ FIPS_rand_set_key;
-+ CRYPTO_set_mem_info_functions;
-+ RSA_X931_generate_key_ex;
-+ int_ERR_set_state_func;
-+ int_EVP_MD_set_engine_callbacks;
-+ int_CRYPTO_set_do_dynlock_callback;
-+ FIPS_rng_stick;
-+ EVP_CIPHER_CTX_set_flags;
-+ BN_X931_generate_prime_ex;
-+ FIPS_selftest_check;
-+ FIPS_rand_set_dt;
-+ CRYPTO_dbg_pop_info;
-+ FIPS_dsa_free;
-+ RSA_X931_derive_ex;
-+ FIPS_rsa_new;
-+ FIPS_rand_bytes;
-+ fips_cipher_test;
-+ EVP_CIPHER_CTX_test_flags;
-+ CRYPTO_malloc_debug_init;
-+ CRYPTO_dbg_push_info;
-+ FIPS_corrupt_rsa_keygen;
-+ FIPS_dh_new;
-+ FIPS_corrupt_dsa_keygen;
-+ FIPS_dh_free;
-+ fips_pkey_signature_test;
-+ EVP_add_alg_module;
-+ int_RAND_init_engine_callbacks;
-+ int_EVP_CIPHER_set_engine_callbacks;
-+ int_EVP_MD_init_engine_callbacks;
-+ FIPS_rand_test_mode;
-+ FIPS_rand_reset;
-+ FIPS_dsa_new;
-+ int_RAND_set_callbacks;
-+ BN_X931_derive_prime_ex;
-+ int_ERR_lib_init;
-+ int_EVP_CIPHER_init_engine_callbacks;
-+ FIPS_rsa_free;
-+ FIPS_dsa_sig_encode;
-+ CRYPTO_dbg_remove_all_info;
-+ OPENSSL_init;
-+ CRYPTO_strdup;
-+ JPAKE_STEP3A_process;
-+ JPAKE_STEP1_release;
-+ JPAKE_get_shared_key;
-+ JPAKE_STEP3B_init;
-+ JPAKE_STEP1_generate;
-+ JPAKE_STEP1_init;
-+ JPAKE_STEP3B_process;
-+ JPAKE_STEP2_generate;
-+ JPAKE_CTX_new;
-+ JPAKE_CTX_free;
-+ JPAKE_STEP3B_release;
-+ JPAKE_STEP3A_release;
-+ JPAKE_STEP2_process;
-+ JPAKE_STEP3B_generate;
-+ JPAKE_STEP1_process;
-+ JPAKE_STEP3A_generate;
-+ JPAKE_STEP2_release;
-+ JPAKE_STEP3A_init;
-+ ERR_load_JPAKE_strings;
-+ JPAKE_STEP2_init;
-+ pqueue_size;
-+ i2d_TS_ACCURACY;
-+ i2d_TS_MSG_IMPRINT_fp;
-+ i2d_TS_MSG_IMPRINT;
-+ EVP_PKEY_print_public;
-+ EVP_PKEY_CTX_new;
-+ i2d_TS_TST_INFO;
-+ EVP_PKEY_asn1_find;
-+ DSO_METHOD_beos;
-+ TS_CONF_load_cert;
-+ TS_REQ_get_ext;
-+ EVP_PKEY_sign_init;
-+ ASN1_item_print;
-+ TS_TST_INFO_set_nonce;
-+ TS_RESP_dup;
-+ ENGINE_register_pkey_meths;
-+ EVP_PKEY_asn1_add0;
-+ PKCS7_add0_attrib_signing_time;
-+ i2d_TS_TST_INFO_fp;
-+ BIO_asn1_get_prefix;
-+ TS_TST_INFO_set_time;
-+ EVP_PKEY_meth_set_decrypt;
-+ EVP_PKEY_set_type_str;
-+ EVP_PKEY_CTX_get_keygen_info;
-+ TS_REQ_set_policy_id;
-+ d2i_TS_RESP_fp;
-+ ENGINE_get_pkey_asn1_meth_engine;
-+ ENGINE_get_pkey_asn1_meth_eng;
-+ WHIRLPOOL_Init;
-+ TS_RESP_set_status_info;
-+ EVP_PKEY_keygen;
-+ EVP_DigestSignInit;
-+ TS_ACCURACY_set_millis;
-+ TS_REQ_dup;
-+ GENERAL_NAME_dup;
-+ ASN1_SEQUENCE_ANY_it;
-+ WHIRLPOOL;
-+ X509_STORE_get1_crls;
-+ ENGINE_get_pkey_asn1_meth;
-+ EVP_PKEY_asn1_new;
-+ BIO_new_NDEF;
-+ ENGINE_get_pkey_meth;
-+ TS_MSG_IMPRINT_set_algo;
-+ i2d_TS_TST_INFO_bio;
-+ TS_TST_INFO_set_ordering;
-+ TS_TST_INFO_get_ext_by_OBJ;
-+ CRYPTO_THREADID_set_pointer;
-+ TS_CONF_get_tsa_section;
-+ SMIME_write_ASN1;
-+ TS_RESP_CTX_set_signer_key;
-+ EVP_PKEY_encrypt_old;
-+ EVP_PKEY_encrypt_init;
-+ CRYPTO_THREADID_cpy;
-+ ASN1_PCTX_get_cert_flags;
-+ i2d_ESS_SIGNING_CERT;
-+ TS_CONF_load_key;
-+ i2d_ASN1_SEQUENCE_ANY;
-+ d2i_TS_MSG_IMPRINT_bio;
-+ EVP_PKEY_asn1_set_public;
-+ b2i_PublicKey_bio;
-+ BIO_asn1_set_prefix;
-+ EVP_PKEY_new_mac_key;
-+ BIO_new_CMS;
-+ CRYPTO_THREADID_cmp;
-+ TS_REQ_ext_free;
-+ EVP_PKEY_asn1_set_free;
-+ EVP_PKEY_get0_asn1;
-+ d2i_NETSCAPE_X509;
-+ EVP_PKEY_verify_recover_init;
-+ EVP_PKEY_CTX_set_data;
-+ EVP_PKEY_keygen_init;
-+ TS_RESP_CTX_set_status_info;
-+ TS_MSG_IMPRINT_get_algo;
-+ TS_REQ_print_bio;
-+ EVP_PKEY_CTX_ctrl_str;
-+ EVP_PKEY_get_default_digest_nid;
-+ PEM_write_bio_PKCS7_stream;
-+ TS_MSG_IMPRINT_print_bio;
-+ BN_asc2bn;
-+ TS_REQ_get_policy_id;
-+ ENGINE_set_default_pkey_asn1_meths;
-+ ENGINE_set_def_pkey_asn1_meths;
-+ d2i_TS_ACCURACY;
-+ DSO_global_lookup;
-+ TS_CONF_set_tsa_name;
-+ i2d_ASN1_SET_ANY;
-+ ENGINE_load_gost;
-+ WHIRLPOOL_BitUpdate;
-+ ASN1_PCTX_get_flags;
-+ TS_TST_INFO_get_ext_by_NID;
-+ TS_RESP_new;
-+ ESS_CERT_ID_dup;
-+ TS_STATUS_INFO_dup;
-+ TS_REQ_delete_ext;
-+ EVP_DigestVerifyFinal;
-+ EVP_PKEY_print_params;
-+ i2d_CMS_bio_stream;
-+ TS_REQ_get_msg_imprint;
-+ OBJ_find_sigid_by_algs;
-+ TS_TST_INFO_get_serial;
-+ TS_REQ_get_nonce;
-+ X509_PUBKEY_set0_param;
-+ EVP_PKEY_CTX_set0_keygen_info;
-+ DIST_POINT_set_dpname;
-+ i2d_ISSUING_DIST_POINT;
-+ ASN1_SET_ANY_it;
-+ EVP_PKEY_CTX_get_data;
-+ TS_STATUS_INFO_print_bio;
-+ EVP_PKEY_derive_init;
-+ d2i_TS_TST_INFO;
-+ EVP_PKEY_asn1_add_alias;
-+ d2i_TS_RESP_bio;
-+ OTHERNAME_cmp;
-+ GENERAL_NAME_set0_value;
-+ PKCS7_RECIP_INFO_get0_alg;
-+ TS_RESP_CTX_new;
-+ TS_RESP_set_tst_info;
-+ PKCS7_final;
-+ EVP_PKEY_base_id;
-+ TS_RESP_CTX_set_signer_cert;
-+ TS_REQ_set_msg_imprint;
-+ EVP_PKEY_CTX_ctrl;
-+ TS_CONF_set_digests;
-+ d2i_TS_MSG_IMPRINT;
-+ EVP_PKEY_meth_set_ctrl;
-+ TS_REQ_get_ext_by_NID;
-+ PKCS5_pbe_set0_algor;
-+ BN_BLINDING_thread_id;
-+ TS_ACCURACY_new;
-+ X509_CRL_METHOD_free;
-+ ASN1_PCTX_get_nm_flags;
-+ EVP_PKEY_meth_set_sign;
-+ CRYPTO_THREADID_current;
-+ EVP_PKEY_decrypt_init;
-+ NETSCAPE_X509_free;
-+ i2b_PVK_bio;
-+ EVP_PKEY_print_private;
-+ GENERAL_NAME_get0_value;
-+ b2i_PVK_bio;
-+ ASN1_UTCTIME_adj;
-+ TS_TST_INFO_new;
-+ EVP_MD_do_all_sorted;
-+ TS_CONF_set_default_engine;
-+ TS_ACCURACY_set_seconds;
-+ TS_TST_INFO_get_time;
-+ PKCS8_pkey_get0;
-+ EVP_PKEY_asn1_get0;
-+ OBJ_add_sigid;
-+ PKCS7_SIGNER_INFO_sign;
-+ EVP_PKEY_paramgen_init;
-+ EVP_PKEY_sign;
-+ OBJ_sigid_free;
-+ EVP_PKEY_meth_set_init;
-+ d2i_ESS_ISSUER_SERIAL;
-+ ISSUING_DIST_POINT_new;
-+ ASN1_TIME_adj;
-+ TS_OBJ_print_bio;
-+ EVP_PKEY_meth_set_verify_recover;
-+ EVP_PKEY_meth_set_vrfy_recover;
-+ TS_RESP_get_status_info;
-+ CMS_stream;
-+ EVP_PKEY_CTX_set_cb;
-+ PKCS7_to_TS_TST_INFO;
-+ ASN1_PCTX_get_oid_flags;
-+ TS_TST_INFO_add_ext;
-+ EVP_PKEY_meth_set_derive;
-+ i2d_TS_RESP_fp;
-+ i2d_TS_MSG_IMPRINT_bio;
-+ TS_RESP_CTX_set_accuracy;
-+ TS_REQ_set_nonce;
-+ ESS_CERT_ID_new;
-+ ENGINE_pkey_asn1_find_str;
-+ TS_REQ_get_ext_count;
-+ BUF_reverse;
-+ TS_TST_INFO_print_bio;
-+ d2i_ISSUING_DIST_POINT;
-+ ENGINE_get_pkey_meths;
-+ i2b_PrivateKey_bio;
-+ i2d_TS_RESP;
-+ b2i_PublicKey;
-+ TS_VERIFY_CTX_cleanup;
-+ TS_STATUS_INFO_free;
-+ TS_RESP_verify_token;
-+ OBJ_bsearch_ex_;
-+ ASN1_bn_print;
-+ EVP_PKEY_asn1_get_count;
-+ ENGINE_register_pkey_asn1_meths;
-+ ASN1_PCTX_set_nm_flags;
-+ EVP_DigestVerifyInit;
-+ ENGINE_set_default_pkey_meths;
-+ TS_TST_INFO_get_policy_id;
-+ TS_REQ_get_cert_req;
-+ X509_CRL_set_meth_data;
-+ PKCS8_pkey_set0;
-+ ASN1_STRING_copy;
-+ d2i_TS_TST_INFO_fp;
-+ X509_CRL_match;
-+ EVP_PKEY_asn1_set_private;
-+ TS_TST_INFO_get_ext_d2i;
-+ TS_RESP_CTX_add_policy;
-+ d2i_TS_RESP;
-+ TS_CONF_load_certs;
-+ TS_TST_INFO_get_msg_imprint;
-+ ERR_load_TS_strings;
-+ TS_TST_INFO_get_version;
-+ EVP_PKEY_CTX_dup;
-+ EVP_PKEY_meth_set_verify;
-+ i2b_PublicKey_bio;
-+ TS_CONF_set_certs;
-+ EVP_PKEY_asn1_get0_info;
-+ TS_VERIFY_CTX_free;
-+ TS_REQ_get_ext_by_critical;
-+ TS_RESP_CTX_set_serial_cb;
-+ X509_CRL_get_meth_data;
-+ TS_RESP_CTX_set_time_cb;
-+ TS_MSG_IMPRINT_get_msg;
-+ TS_TST_INFO_ext_free;
-+ TS_REQ_get_version;
-+ TS_REQ_add_ext;
-+ EVP_PKEY_CTX_set_app_data;
-+ OBJ_bsearch_;
-+ EVP_PKEY_meth_set_verifyctx;
-+ i2d_PKCS7_bio_stream;
-+ CRYPTO_THREADID_set_numeric;
-+ PKCS7_sign_add_signer;
-+ d2i_TS_TST_INFO_bio;
-+ TS_TST_INFO_get_ordering;
-+ TS_RESP_print_bio;
-+ TS_TST_INFO_get_exts;
-+ HMAC_CTX_copy;
-+ PKCS5_pbe2_set_iv;
-+ ENGINE_get_pkey_asn1_meths;
-+ b2i_PrivateKey;
-+ EVP_PKEY_CTX_get_app_data;
-+ TS_REQ_set_cert_req;
-+ CRYPTO_THREADID_set_callback;
-+ TS_CONF_set_serial;
-+ TS_TST_INFO_free;
-+ d2i_TS_REQ_fp;
-+ TS_RESP_verify_response;
-+ i2d_ESS_ISSUER_SERIAL;
-+ TS_ACCURACY_get_seconds;
-+ EVP_CIPHER_do_all;
-+ b2i_PrivateKey_bio;
-+ OCSP_CERTID_dup;
-+ X509_PUBKEY_get0_param;
-+ TS_MSG_IMPRINT_dup;
-+ PKCS7_print_ctx;
-+ i2d_TS_REQ_bio;
-+ EVP_whirlpool;
-+ EVP_PKEY_asn1_set_param;
-+ EVP_PKEY_meth_set_encrypt;
-+ ASN1_PCTX_set_flags;
-+ i2d_ESS_CERT_ID;
-+ TS_VERIFY_CTX_new;
-+ TS_RESP_CTX_set_extension_cb;
-+ ENGINE_register_all_pkey_meths;
-+ TS_RESP_CTX_set_status_info_cond;
-+ TS_RESP_CTX_set_stat_info_cond;
-+ EVP_PKEY_verify;
-+ WHIRLPOOL_Final;
-+ X509_CRL_METHOD_new;
-+ EVP_DigestSignFinal;
-+ TS_RESP_CTX_set_def_policy;
-+ NETSCAPE_X509_it;
-+ TS_RESP_create_response;
-+ PKCS7_SIGNER_INFO_get0_algs;
-+ TS_TST_INFO_get_nonce;
-+ EVP_PKEY_decrypt_old;
-+ TS_TST_INFO_set_policy_id;
-+ TS_CONF_set_ess_cert_id_chain;
-+ EVP_PKEY_CTX_get0_pkey;
-+ d2i_TS_REQ;
-+ EVP_PKEY_asn1_find_str;
-+ BIO_f_asn1;
-+ ESS_SIGNING_CERT_new;
-+ EVP_PBE_find;
-+ X509_CRL_get0_by_cert;
-+ EVP_PKEY_derive;
-+ i2d_TS_REQ;
-+ TS_TST_INFO_delete_ext;
-+ ESS_ISSUER_SERIAL_free;
-+ ASN1_PCTX_set_str_flags;
-+ ENGINE_get_pkey_asn1_meth_str;
-+ TS_CONF_set_signer_key;
-+ TS_ACCURACY_get_millis;
-+ TS_RESP_get_token;
-+ TS_ACCURACY_dup;
-+ ENGINE_register_all_pkey_asn1_meths;
-+ ENGINE_reg_all_pkey_asn1_meths;
-+ X509_CRL_set_default_method;
-+ CRYPTO_THREADID_hash;
-+ CMS_ContentInfo_print_ctx;
-+ TS_RESP_free;
-+ ISSUING_DIST_POINT_free;
-+ ESS_ISSUER_SERIAL_new;
-+ CMS_add1_crl;
-+ PKCS7_add1_attrib_digest;
-+ TS_RESP_CTX_add_md;
-+ TS_TST_INFO_dup;
-+ ENGINE_set_pkey_asn1_meths;
-+ PEM_write_bio_Parameters;
-+ TS_TST_INFO_get_accuracy;
-+ X509_CRL_get0_by_serial;
-+ TS_TST_INFO_set_version;
-+ TS_RESP_CTX_get_tst_info;
-+ TS_RESP_verify_signature;
-+ CRYPTO_THREADID_get_callback;
-+ TS_TST_INFO_get_tsa;
-+ TS_STATUS_INFO_new;
-+ EVP_PKEY_CTX_get_cb;
-+ TS_REQ_get_ext_d2i;
-+ GENERAL_NAME_set0_othername;
-+ TS_TST_INFO_get_ext_count;
-+ TS_RESP_CTX_get_request;
-+ i2d_NETSCAPE_X509;
-+ ENGINE_get_pkey_meth_engine;
-+ EVP_PKEY_meth_set_signctx;
-+ EVP_PKEY_asn1_copy;
-+ ASN1_TYPE_cmp;
-+ EVP_CIPHER_do_all_sorted;
-+ EVP_PKEY_CTX_free;
-+ ISSUING_DIST_POINT_it;
-+ d2i_TS_MSG_IMPRINT_fp;
-+ X509_STORE_get1_certs;
-+ EVP_PKEY_CTX_get_operation;
-+ d2i_ESS_SIGNING_CERT;
-+ TS_CONF_set_ordering;
-+ EVP_PBE_alg_add_type;
-+ TS_REQ_set_version;
-+ EVP_PKEY_get0;
-+ BIO_asn1_set_suffix;
-+ i2d_TS_STATUS_INFO;
-+ EVP_MD_do_all;
-+ TS_TST_INFO_set_accuracy;
-+ PKCS7_add_attrib_content_type;
-+ ERR_remove_thread_state;
-+ EVP_PKEY_meth_add0;
-+ TS_TST_INFO_set_tsa;
-+ EVP_PKEY_meth_new;
-+ WHIRLPOOL_Update;
-+ TS_CONF_set_accuracy;
-+ ASN1_PCTX_set_oid_flags;
-+ ESS_SIGNING_CERT_dup;
-+ d2i_TS_REQ_bio;
-+ X509_time_adj_ex;
-+ TS_RESP_CTX_add_flags;
-+ d2i_TS_STATUS_INFO;
-+ TS_MSG_IMPRINT_set_msg;
-+ BIO_asn1_get_suffix;
-+ TS_REQ_free;
-+ EVP_PKEY_meth_free;
-+ TS_REQ_get_exts;
-+ TS_RESP_CTX_set_clock_precision_digits;
-+ TS_RESP_CTX_set_clk_prec_digits;
-+ TS_RESP_CTX_add_failure_info;
-+ i2d_TS_RESP_bio;
-+ EVP_PKEY_CTX_get0_peerkey;
-+ PEM_write_bio_CMS_stream;
-+ TS_REQ_new;
-+ TS_MSG_IMPRINT_new;
-+ EVP_PKEY_meth_find;
-+ EVP_PKEY_id;
-+ TS_TST_INFO_set_serial;
-+ a2i_GENERAL_NAME;
-+ TS_CONF_set_crypto_device;
-+ EVP_PKEY_verify_init;
-+ TS_CONF_set_policies;
-+ ASN1_PCTX_new;
-+ ESS_CERT_ID_free;
-+ ENGINE_unregister_pkey_meths;
-+ TS_MSG_IMPRINT_free;
-+ TS_VERIFY_CTX_init;
-+ PKCS7_stream;
-+ TS_RESP_CTX_set_certs;
-+ TS_CONF_set_def_policy;
-+ ASN1_GENERALIZEDTIME_adj;
-+ NETSCAPE_X509_new;
-+ TS_ACCURACY_free;
-+ TS_RESP_get_tst_info;
-+ EVP_PKEY_derive_set_peer;
-+ PEM_read_bio_Parameters;
-+ TS_CONF_set_clock_precision_digits;
-+ TS_CONF_set_clk_prec_digits;
-+ ESS_ISSUER_SERIAL_dup;
-+ TS_ACCURACY_get_micros;
-+ ASN1_PCTX_get_str_flags;
-+ NAME_CONSTRAINTS_check;
-+ ASN1_BIT_STRING_check;
-+ X509_check_akid;
-+ ENGINE_unregister_pkey_asn1_meths;
-+ ENGINE_unreg_pkey_asn1_meths;
-+ ASN1_PCTX_free;
-+ PEM_write_bio_ASN1_stream;
-+ i2d_ASN1_bio_stream;
-+ TS_X509_ALGOR_print_bio;
-+ EVP_PKEY_meth_set_cleanup;
-+ EVP_PKEY_asn1_free;
-+ ESS_SIGNING_CERT_free;
-+ TS_TST_INFO_set_msg_imprint;
-+ GENERAL_NAME_cmp;
-+ d2i_ASN1_SET_ANY;
-+ ENGINE_set_pkey_meths;
-+ i2d_TS_REQ_fp;
-+ d2i_ASN1_SEQUENCE_ANY;
-+ GENERAL_NAME_get0_otherName;
-+ d2i_ESS_CERT_ID;
-+ OBJ_find_sigid_algs;
-+ EVP_PKEY_meth_set_keygen;
-+ PKCS5_PBKDF2_HMAC;
-+ EVP_PKEY_paramgen;
-+ EVP_PKEY_meth_set_paramgen;
-+ BIO_new_PKCS7;
-+ EVP_PKEY_verify_recover;
-+ TS_ext_print_bio;
-+ TS_ASN1_INTEGER_print_bio;
-+ check_defer;
-+ DSO_pathbyaddr;
-+ EVP_PKEY_set_type;
-+ TS_ACCURACY_set_micros;
-+ TS_REQ_to_TS_VERIFY_CTX;
-+ EVP_PKEY_meth_set_copy;
-+ ASN1_PCTX_set_cert_flags;
-+ TS_TST_INFO_get_ext;
-+ EVP_PKEY_asn1_set_ctrl;
-+ TS_TST_INFO_get_ext_by_critical;
-+ EVP_PKEY_CTX_new_id;
-+ TS_REQ_get_ext_by_OBJ;
-+ TS_CONF_set_signer_cert;
-+ X509_NAME_hash_old;
-+ ASN1_TIME_set_string;
-+ EVP_MD_flags;
-+ TS_RESP_CTX_free;
-+ DSAparams_dup;
-+ DHparams_dup;
-+ OCSP_REQ_CTX_add1_header;
-+ OCSP_REQ_CTX_set1_req;
-+ X509_STORE_set_verify_cb;
-+ X509_STORE_CTX_get0_current_crl;
-+ X509_STORE_CTX_get0_parent_ctx;
-+ X509_STORE_CTX_get0_current_issuer;
-+ X509_STORE_CTX_get0_cur_issuer;
-+ X509_issuer_name_hash_old;
-+ X509_subject_name_hash_old;
-+ EVP_CIPHER_CTX_copy;
-+ UI_method_get_prompt_constructor;
-+ UI_method_get_prompt_constructr;
-+ UI_method_set_prompt_constructor;
-+ UI_method_set_prompt_constructr;
-+ EVP_read_pw_string_min;
-+ CRYPTO_cts128_encrypt;
-+ CRYPTO_cts128_decrypt_block;
-+ CRYPTO_cfb128_1_encrypt;
-+ CRYPTO_cbc128_encrypt;
-+ CRYPTO_ctr128_encrypt;
-+ CRYPTO_ofb128_encrypt;
-+ CRYPTO_cts128_decrypt;
-+ CRYPTO_cts128_encrypt_block;
-+ CRYPTO_cbc128_decrypt;
-+ CRYPTO_cfb128_encrypt;
-+ CRYPTO_cfb128_8_encrypt;
-+ SSL_renegotiate_abbreviated;
-+ TLSv1_1_method;
-+ TLSv1_1_client_method;
-+ TLSv1_1_server_method;
-+ SSL_CTX_set_srp_client_pwd_callback;
-+ SSL_CTX_set_srp_client_pwd_cb;
-+ SSL_get_srp_g;
-+ SSL_CTX_set_srp_username_callback;
-+ SSL_CTX_set_srp_un_cb;
-+ SSL_get_srp_userinfo;
-+ SSL_set_srp_server_param;
-+ SSL_set_srp_server_param_pw;
-+ SSL_get_srp_N;
-+ SSL_get_srp_username;
-+ SSL_CTX_set_srp_password;
-+ SSL_CTX_set_srp_strength;
-+ SSL_CTX_set_srp_verify_param_callback;
-+ SSL_CTX_set_srp_vfy_param_cb;
-+ SSL_CTX_set_srp_cb_arg;
-+ SSL_CTX_set_srp_username;
-+ SSL_CTX_SRP_CTX_init;
-+ SSL_SRP_CTX_init;
-+ SRP_Calc_A_param;
-+ SRP_generate_server_master_secret;
-+ SRP_gen_server_master_secret;
-+ SSL_CTX_SRP_CTX_free;
-+ SRP_generate_client_master_secret;
-+ SRP_gen_client_master_secret;
-+ SSL_srp_server_param_with_username;
-+ SSL_srp_server_param_with_un;
-+ SSL_SRP_CTX_free;
-+ SSL_set_debug;
-+ SSL_SESSION_get0_peer;
-+ TLSv1_2_client_method;
-+ SSL_SESSION_set1_id_context;
-+ TLSv1_2_server_method;
-+ SSL_cache_hit;
-+ SSL_get0_kssl_ctx;
-+ SSL_set0_kssl_ctx;
-+ SSL_set_state;
-+ SSL_CIPHER_get_id;
-+ TLSv1_2_method;
-+ kssl_ctx_get0_client_princ;
-+ SSL_export_keying_material;
-+ SSL_set_tlsext_use_srtp;
-+ SSL_CTX_set_next_protos_advertised_cb;
-+ SSL_CTX_set_next_protos_adv_cb;
-+ SSL_get0_next_proto_negotiated;
-+ SSL_get_selected_srtp_profile;
-+ SSL_CTX_set_tlsext_use_srtp;
-+ SSL_select_next_proto;
-+ SSL_get_srtp_profiles;
-+ SSL_CTX_set_next_proto_select_cb;
-+ SSL_CTX_set_next_proto_sel_cb;
-+ SSL_SESSION_get_compress_id;
-+
-+ SRP_VBASE_get_by_user;
-+ SRP_Calc_server_key;
-+ SRP_create_verifier;
-+ SRP_create_verifier_BN;
-+ SRP_Calc_u;
-+ SRP_VBASE_free;
-+ SRP_Calc_client_key;
-+ SRP_get_default_gN;
-+ SRP_Calc_x;
-+ SRP_Calc_B;
-+ SRP_VBASE_new;
-+ SRP_check_known_gN_param;
-+ SRP_Calc_A;
-+ SRP_Verify_A_mod_N;
-+ SRP_VBASE_init;
-+ SRP_Verify_B_mod_N;
-+ EC_KEY_set_public_key_affine_coordinates;
-+ EC_KEY_set_pub_key_aff_coords;
-+ EVP_aes_192_ctr;
-+ EVP_PKEY_meth_get0_info;
-+ EVP_PKEY_meth_copy;
-+ ERR_add_error_vdata;
-+ EVP_aes_128_ctr;
-+ EVP_aes_256_ctr;
-+ EC_GFp_nistp224_method;
-+ EC_KEY_get_flags;
-+ RSA_padding_add_PKCS1_PSS_mgf1;
-+ EVP_aes_128_xts;
-+ EVP_aes_256_xts;
-+ EVP_aes_128_gcm;
-+ EC_KEY_clear_flags;
-+ EC_KEY_set_flags;
-+ EVP_aes_256_ccm;
-+ RSA_verify_PKCS1_PSS_mgf1;
-+ EVP_aes_128_ccm;
-+ EVP_aes_192_gcm;
-+ X509_ALGOR_set_md;
-+ RAND_init_fips;
-+ EVP_aes_256_gcm;
-+ EVP_aes_192_ccm;
-+ CMAC_CTX_copy;
-+ CMAC_CTX_free;
-+ CMAC_CTX_get0_cipher_ctx;
-+ CMAC_CTX_cleanup;
-+ CMAC_Init;
-+ CMAC_Update;
-+ CMAC_resume;
-+ CMAC_CTX_new;
-+ CMAC_Final;
-+ CRYPTO_ctr128_encrypt_ctr32;
-+ CRYPTO_gcm128_release;
-+ CRYPTO_ccm128_decrypt_ccm64;
-+ CRYPTO_ccm128_encrypt;
-+ CRYPTO_gcm128_encrypt;
-+ CRYPTO_xts128_encrypt;
-+ EVP_rc4_hmac_md5;
-+ CRYPTO_nistcts128_decrypt_block;
-+ CRYPTO_gcm128_setiv;
-+ CRYPTO_nistcts128_encrypt;
-+ EVP_aes_128_cbc_hmac_sha1;
-+ CRYPTO_gcm128_tag;
-+ CRYPTO_ccm128_encrypt_ccm64;
-+ ENGINE_load_rdrand;
-+ CRYPTO_ccm128_setiv;
-+ CRYPTO_nistcts128_encrypt_block;
-+ CRYPTO_gcm128_aad;
-+ CRYPTO_ccm128_init;
-+ CRYPTO_nistcts128_decrypt;
-+ CRYPTO_gcm128_new;
-+ CRYPTO_ccm128_tag;
-+ CRYPTO_ccm128_decrypt;
-+ CRYPTO_ccm128_aad;
-+ CRYPTO_gcm128_init;
-+ CRYPTO_gcm128_decrypt;
-+ ENGINE_load_rsax;
-+ CRYPTO_gcm128_decrypt_ctr32;
-+ CRYPTO_gcm128_encrypt_ctr32;
-+ CRYPTO_gcm128_finish;
-+ EVP_aes_256_cbc_hmac_sha1;
-+ PKCS5_pbkdf2_set;
-+ CMS_add0_recipient_password;
-+ CMS_decrypt_set1_password;
-+ CMS_RecipientInfo_set0_password;
-+ RAND_set_fips_drbg_type;
-+ X509_REQ_sign_ctx;
-+ RSA_PSS_PARAMS_new;
-+ X509_CRL_sign_ctx;
-+ X509_signature_dump;
-+ d2i_RSA_PSS_PARAMS;
-+ RSA_PSS_PARAMS_it;
-+ RSA_PSS_PARAMS_free;
-+ X509_sign_ctx;
-+ i2d_RSA_PSS_PARAMS;
-+ ASN1_item_sign_ctx;
-+ EC_GFp_nistp521_method;
-+ EC_GFp_nistp256_method;
-+ OPENSSL_stderr;
-+ OPENSSL_cpuid_setup;
-+ OPENSSL_showfatal;
-+ BIO_new_dgram_sctp;
-+ BIO_dgram_sctp_msg_waiting;
-+ BIO_dgram_sctp_wait_for_dry;
-+ BIO_s_datagram_sctp;
-+ BIO_dgram_is_sctp;
-+ BIO_dgram_sctp_notification_cb;
-+ CRYPTO_memcmp;
-+ SSL_CTX_set_alpn_protos;
-+ SSL_set_alpn_protos;
-+ SSL_CTX_set_alpn_select_cb;
-+ SSL_get0_alpn_selected;
-+ SSL_CTX_set_custom_cli_ext;
-+ SSL_CTX_set_custom_srv_ext;
-+ SSL_CTX_set_srv_supp_data;
-+ SSL_CTX_set_cli_supp_data;
-+ SSL_set_cert_cb;
-+ SSL_CTX_use_serverinfo;
-+ SSL_CTX_use_serverinfo_file;
-+ SSL_CTX_set_cert_cb;
-+ SSL_CTX_get0_param;
-+ SSL_get0_param;
-+ SSL_certs_clear;
-+ DTLSv1_2_method;
-+ DTLSv1_2_server_method;
-+ DTLSv1_2_client_method;
-+ DTLS_method;
-+ DTLS_server_method;
-+ DTLS_client_method;
-+ SSL_CTX_get_ssl_method;
-+ SSL_CTX_get0_certificate;
-+ SSL_CTX_get0_privatekey;
-+ SSL_COMP_set0_compression_methods;
-+ SSL_COMP_free_compression_methods;
-+ SSL_CIPHER_find;
-+ SSL_is_server;
-+ SSL_CONF_CTX_new;
-+ SSL_CONF_CTX_finish;
-+ SSL_CONF_CTX_free;
-+ SSL_CONF_CTX_set_flags;
-+ SSL_CONF_CTX_clear_flags;
-+ SSL_CONF_CTX_set1_prefix;
-+ SSL_CONF_CTX_set_ssl;
-+ SSL_CONF_CTX_set_ssl_ctx;
-+ SSL_CONF_cmd;
-+ SSL_CONF_cmd_argv;
-+ SSL_CONF_cmd_value_type;
-+ SSL_trace;
-+ SSL_CIPHER_standard_name;
-+ SSL_get_tlsa_record_byname;
-+ ASN1_TIME_diff;
-+ BIO_hex_string;
-+ CMS_RecipientInfo_get0_pkey_ctx;
-+ CMS_RecipientInfo_encrypt;
-+ CMS_SignerInfo_get0_pkey_ctx;
-+ CMS_SignerInfo_get0_md_ctx;
-+ CMS_SignerInfo_get0_signature;
-+ CMS_RecipientInfo_kari_get0_alg;
-+ CMS_RecipientInfo_kari_get0_reks;
-+ CMS_RecipientInfo_kari_get0_orig_id;
-+ CMS_RecipientInfo_kari_orig_id_cmp;
-+ CMS_RecipientEncryptedKey_get0_id;
-+ CMS_RecipientEncryptedKey_cert_cmp;
-+ CMS_RecipientInfo_kari_set0_pkey;
-+ CMS_RecipientInfo_kari_get0_ctx;
-+ CMS_RecipientInfo_kari_decrypt;
-+ CMS_SharedInfo_encode;
-+ DH_compute_key_padded;
-+ d2i_DHxparams;
-+ i2d_DHxparams;
-+ DH_get_1024_160;
-+ DH_get_2048_224;
-+ DH_get_2048_256;
-+ DH_KDF_X9_42;
-+ ECDH_KDF_X9_62;
-+ ECDSA_METHOD_new;
-+ ECDSA_METHOD_free;
-+ ECDSA_METHOD_set_app_data;
-+ ECDSA_METHOD_get_app_data;
-+ ECDSA_METHOD_set_sign;
-+ ECDSA_METHOD_set_sign_setup;
-+ ECDSA_METHOD_set_verify;
-+ ECDSA_METHOD_set_flags;
-+ ECDSA_METHOD_set_name;
-+ EVP_des_ede3_wrap;
-+ EVP_aes_128_wrap;
-+ EVP_aes_192_wrap;
-+ EVP_aes_256_wrap;
-+ EVP_aes_128_cbc_hmac_sha256;
-+ EVP_aes_256_cbc_hmac_sha256;
-+ CRYPTO_128_wrap;
-+ CRYPTO_128_unwrap;
-+ OCSP_REQ_CTX_nbio;
-+ OCSP_REQ_CTX_new;
-+ OCSP_set_max_response_length;
-+ OCSP_REQ_CTX_i2d;
-+ OCSP_REQ_CTX_nbio_d2i;
-+ OCSP_REQ_CTX_get0_mem_bio;
-+ OCSP_REQ_CTX_http;
-+ RSA_padding_add_PKCS1_OAEP_mgf1;
-+ RSA_padding_check_PKCS1_OAEP_mgf1;
-+ RSA_OAEP_PARAMS_free;
-+ RSA_OAEP_PARAMS_it;
-+ RSA_OAEP_PARAMS_new;
-+ SSL_get_sigalgs;
-+ SSL_get_shared_sigalgs;
-+ SSL_check_chain;
-+ X509_chain_up_ref;
-+ X509_http_nbio;
-+ X509_CRL_http_nbio;
-+ X509_REVOKED_dup;
-+ i2d_re_X509_tbs;
-+ X509_get0_signature;
-+ X509_get_signature_nid;
-+ X509_CRL_diff;
-+ X509_chain_check_suiteb;
-+ X509_CRL_check_suiteb;
-+ X509_check_host;
-+ X509_check_email;
-+ X509_check_ip;
-+ X509_check_ip_asc;
-+ X509_STORE_set_lookup_crls_cb;
-+ X509_STORE_CTX_get0_store;
-+ X509_VERIFY_PARAM_set1_host;
-+ X509_VERIFY_PARAM_add1_host;
-+ X509_VERIFY_PARAM_set_hostflags;
-+ X509_VERIFY_PARAM_get0_peername;
-+ X509_VERIFY_PARAM_set1_email;
-+ X509_VERIFY_PARAM_set1_ip;
-+ X509_VERIFY_PARAM_set1_ip_asc;
-+ X509_VERIFY_PARAM_get0_name;
-+ X509_VERIFY_PARAM_get_count;
-+ X509_VERIFY_PARAM_get0;
-+ X509V3_EXT_free;
-+ EC_GROUP_get_mont_data;
-+ EC_curve_nid2nist;
-+ EC_curve_nist2nid;
-+ PEM_write_bio_DHxparams;
-+ PEM_write_DHxparams;
-+ SSL_CTX_add_client_custom_ext;
-+ SSL_CTX_add_server_custom_ext;
-+ SSL_extension_supported;
-+ BUF_strnlen;
-+ sk_deep_copy;
-+ SSL_test_functions;
-+
-+ local:
-+ *;
-+};
-+
-+OPENSSL_1.0.2g {
-+ global:
-+ SRP_VBASE_get1_by_user;
-+ SRP_user_pwd_free;
-+} OPENSSL_1.0.2d;
-+
-Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld 2014-02-24 21:02:30.000000000 +0100
-@@ -0,0 +1,10 @@
-+OPENSSL_1.0.2 {
-+ global:
-+ bind_engine;
-+ v_check;
-+ OPENSSL_init;
-+ OPENSSL_finish;
-+ local:
-+ *;
-+};
-+
-Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld 2014-02-24 21:02:30.000000000 +0100
-@@ -0,0 +1,10 @@
-+OPENSSL_1.0.2 {
-+ global:
-+ bind_engine;
-+ v_check;
-+ OPENSSL_init;
-+ OPENSSL_finish;
-+ local:
-+ *;
-+};
-+
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl10/engines-install-in-libdir-ssl.patch b/external/poky/meta/recipes-connectivity/openssl/openssl10/engines-install-in-libdir-ssl.patch
deleted file mode 100644
index a5746483..00000000
--- a/external/poky/meta/recipes-connectivity/openssl/openssl10/engines-install-in-libdir-ssl.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-Upstream-Status: Inappropriate [configuration]
-
-
-Index: openssl-1.0.2/engines/Makefile
-===================================================================
---- openssl-1.0.2.orig/engines/Makefile
-+++ openssl-1.0.2/engines/Makefile
-@@ -107,13 +107,13 @@ install:
- @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
- @if [ -n "$(SHARED_LIBS)" ]; then \
- set -e; \
-- $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines; \
-+ $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines; \
- for l in $(LIBNAMES); do \
- ( echo installing $$l; \
- pfx=lib; \
- if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
- sfx=".so"; \
-- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
-+ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
- else \
- case "$(CFLAGS)" in \
- *DSO_BEOS*) sfx=".so";; \
-@@ -122,10 +122,10 @@ install:
- *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
- *) sfx=".bad";; \
- esac; \
-- cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
-+ cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
- fi; \
-- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
-- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
-+ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
-+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx ); \
- done; \
- fi
- @target=install; $(RECURSIVE_MAKE)
-Index: openssl-1.0.2/engines/ccgost/Makefile
-===================================================================
---- openssl-1.0.2.orig/engines/ccgost/Makefile
-+++ openssl-1.0.2/engines/ccgost/Makefile
-@@ -47,7 +47,7 @@ install:
- pfx=lib; \
- if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
- sfx=".so"; \
-- cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
-+ cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
- else \
- case "$(CFLAGS)" in \
- *DSO_BEOS*) sfx=".so";; \
-@@ -56,10 +56,10 @@ install:
- *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
- *) sfx=".bad";; \
- esac; \
-- cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
-+ cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
- fi; \
-- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
-- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
-+ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
-+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx; \
- fi
-
- links:
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl10/oe-ldflags.patch b/external/poky/meta/recipes-connectivity/openssl/openssl10/oe-ldflags.patch
deleted file mode 100644
index 292e13dc..00000000
--- a/external/poky/meta/recipes-connectivity/openssl/openssl10/oe-ldflags.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-Upstream-Status: Inappropriate [open-embedded]
-
-Index: openssl-1.0.0/Makefile.shared
-===================================================================
---- openssl-1.0.0.orig/Makefile.shared
-+++ openssl-1.0.0/Makefile.shared
-@@ -92,7 +92,7 @@
- LINK_APP= \
- ( $(SET_X); \
- LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
-- LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \
-+ LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$(OE_LDFLAGS) $${LDFLAGS:-$(CFLAGS)}"; \
- LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
- LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
- LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
-@@ -102,7 +102,7 @@
- ( $(SET_X); \
- LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
- SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \
-- SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
-+ SHAREDFLAGS="$(OE_LDFLAGS) $${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
- LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
- LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
- LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl10/openssl-c_rehash.sh b/external/poky/meta/recipes-connectivity/openssl/openssl10/openssl-c_rehash.sh
deleted file mode 100644
index 6620fdcb..00000000
--- a/external/poky/meta/recipes-connectivity/openssl/openssl10/openssl-c_rehash.sh
+++ /dev/null
@@ -1,222 +0,0 @@
-#!/bin/sh
-#
-# Ben Secrest <blsecres@gmail.com>
-#
-# sh c_rehash script, scan all files in a directory
-# and add symbolic links to their hash values.
-#
-# based on the c_rehash perl script distributed with openssl
-#
-# LICENSE: See OpenSSL license
-# ^^acceptable?^^
-#
-
-# default certificate location
-DIR=/etc/openssl
-
-# for filetype bitfield
-IS_CERT=$(( 1 << 0 ))
-IS_CRL=$(( 1 << 1 ))
-
-
-# check to see if a file is a certificate file or a CRL file
-# arguments:
-# 1. the filename to be scanned
-# returns:
-# bitfield of file type; uses ${IS_CERT} and ${IS_CRL}
-#
-check_file()
-{
- local IS_TYPE=0
-
- # make IFS a newline so we can process grep output line by line
- local OLDIFS=${IFS}
- IFS=$( printf "\n" )
-
- # XXX: could be more efficient to have two 'grep -m' but is -m portable?
- for LINE in $( grep '^-----BEGIN .*-----' ${1} )
- do
- if echo ${LINE} \
- | grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----'
- then
- IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} ))
-
- if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ]
- then
- break
- fi
- elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----'
- then
- IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} ))
-
- if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ]
- then
- break
- fi
- fi
- done
-
- # restore IFS
- IFS=${OLDIFS}
-
- return ${IS_TYPE}
-}
-
-
-#
-# use openssl to fingerprint a file
-# arguments:
-# 1. the filename to fingerprint
-# 2. the method to use (x509, crl)
-# returns:
-# none
-# assumptions:
-# user will capture output from last stage of pipeline
-#
-fingerprint()
-{
- ${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':'
-}
-
-
-#
-# link_hash - create links to certificate files
-# arguments:
-# 1. the filename to create a link for
-# 2. the type of certificate being linked (x509, crl)
-# returns:
-# 0 on success, 1 otherwise
-#
-link_hash()
-{
- local FINGERPRINT=$( fingerprint ${1} ${2} )
- local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} )
- local SUFFIX=0
- local LINKFILE=''
- local TAG=''
-
- if [ ${2} = "crl" ]
- then
- TAG='r'
- fi
-
- LINKFILE=${HASH}.${TAG}${SUFFIX}
-
- while [ -f ${LINKFILE} ]
- do
- if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ]
- then
- echo "NOTE: Skipping duplicate file ${1}" >&2
- return 1
- fi
-
- SUFFIX=$(( ${SUFFIX} + 1 ))
- LINKFILE=${HASH}.${TAG}${SUFFIX}
- done
-
- echo "${3} => ${LINKFILE}"
-
- # assume any system with a POSIX shell will either support symlinks or
- # do something to handle this gracefully
- ln -s ${3} ${LINKFILE}
-
- return 0
-}
-
-
-# hash_dir create hash links in a given directory
-hash_dir()
-{
- echo "Doing ${1}"
-
- cd ${1}
-
- ls -1 * 2>/dev/null | while read FILE
- do
- if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \
- && [ -h "${FILE}" ]
- then
- rm ${FILE}
- fi
- done
-
- ls -1 *.pem *.cer *.crt *.crl 2>/dev/null | while read FILE
- do
- REAL_FILE=${FILE}
- # if we run on build host then get to the real files in rootfs
- if [ -n "${SYSROOT}" -a -h ${FILE} ]
- then
- FILE=$( readlink ${FILE} )
- # check the symlink is absolute (or dangling in other word)
- if [ "x/" = "x$( echo ${FILE} | cut -c1 -)" ]
- then
- REAL_FILE=${SYSROOT}/${FILE}
- fi
- fi
-
- check_file ${REAL_FILE}
- local FILE_TYPE=${?}
- local TYPE_STR=''
-
- if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ]
- then
- TYPE_STR='x509'
- elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ]
- then
- TYPE_STR='crl'
- else
- echo "NOTE: ${FILE} does not contain a certificate or CRL: skipping" >&2
- continue
- fi
-
- link_hash ${REAL_FILE} ${TYPE_STR} ${FILE}
- done
-}
-
-
-# choose the name of an ssl application
-if [ -n "${OPENSSL}" ]
-then
- SSL_CMD=$(which ${OPENSSL} 2>/dev/null)
-else
- SSL_CMD=/usr/bin/openssl
- OPENSSL=${SSL_CMD}
- export OPENSSL
-fi
-
-# fix paths
-PATH=${PATH}:${DIR}/bin
-export PATH
-
-# confirm existance/executability of ssl command
-if ! [ -x ${SSL_CMD} ]
-then
- echo "${0}: rehashing skipped ('openssl' program not available)" >&2
- exit 0
-fi
-
-# determine which directories to process
-old_IFS=$IFS
-if [ ${#} -gt 0 ]
-then
- IFS=':'
- DIRLIST=${*}
-elif [ -n "${SSL_CERT_DIR}" ]
-then
- DIRLIST=$SSL_CERT_DIR
-else
- DIRLIST=${DIR}/certs
-fi
-
-IFS=':'
-
-# process directories
-for CERT_DIR in ${DIRLIST}
-do
- if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ]
- then
- IFS=$old_IFS
- hash_dir ${CERT_DIR}
- IFS=':'
- fi
-done
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl10/openssl-fix-des.pod-error.patch b/external/poky/meta/recipes-connectivity/openssl/openssl10/openssl-fix-des.pod-error.patch
deleted file mode 100644
index de49729e..00000000
--- a/external/poky/meta/recipes-connectivity/openssl/openssl10/openssl-fix-des.pod-error.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-openssl: Fix pod2man des.pod error on Ubuntu 12.04
-
-This is a formatting fix, '=back' is required before
-'=head1' on Ubuntu 12.04.
-
-Upstream-Status: Pending
-Signed-off-by: Baogen Shang <baogen.shang@windriver.com>
-diff -urpN a_origin/des.pod b_modify/des.pod
---- a_origin/crypto/des/des.pod 2013-08-15 15:02:56.211674589 +0800
-+++ b_modify/crypto/des/des.pod 2013-08-15 15:04:14.439674580 +0800
-@@ -181,6 +181,8 @@ the uuencoded file to embed in the begin
- output. If there is no name specified after the B<-u>, the name text.des
- will be embedded in the header.
-
-+=back
-+
- =head1 SEE ALSO
-
- ps(1),
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl10/openssl_fix_for_x32.patch b/external/poky/meta/recipes-connectivity/openssl/openssl10/openssl_fix_for_x32.patch
deleted file mode 100644
index 0f08a642..00000000
--- a/external/poky/meta/recipes-connectivity/openssl/openssl10/openssl_fix_for_x32.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-Upstream-Status: Pending
-
-Received from H J Liu @ Intel
-Make the assembly syntax compatible with x32 gcc. Othewise x32 gcc throws errors.
-Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13
-
-ported the patch to the 1.0.0e version
-Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01
-Index: openssl-1.0.2/crypto/bn/bn.h
-===================================================================
---- openssl-1.0.2.orig/crypto/bn/bn.h
-+++ openssl-1.0.2/crypto/bn/bn.h
-@@ -173,6 +173,13 @@ extern "C" {
- # endif
- # endif
-
-+/* Address type. */
-+#ifdef _WIN64
-+#define BN_ADDR unsigned long long
-+#else
-+#define BN_ADDR unsigned long
-+#endif
-+
- /*
- * assuming long is 64bit - this is the DEC Alpha unsigned long long is only
- * 64 bits :-(, don't define BN_LLONG for the DEC Alpha
-Index: openssl-1.0.2/crypto/bn/bn_exp.c
-===================================================================
---- openssl-1.0.2.orig/crypto/bn/bn_exp.c
-+++ openssl-1.0.2/crypto/bn/bn_exp.c
-@@ -638,7 +638,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
- * multiple.
- */
- #define MOD_EXP_CTIME_ALIGN(x_) \
-- ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
-+ ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
-
- /*
- * This variant of BN_mod_exp_mont() uses fixed windows and the special
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl10/parallel.patch b/external/poky/meta/recipes-connectivity/openssl/openssl10/parallel.patch
deleted file mode 100644
index 41abf3d6..00000000
--- a/external/poky/meta/recipes-connectivity/openssl/openssl10/parallel.patch
+++ /dev/null
@@ -1,368 +0,0 @@
-From 7fb1192f112c1920bfd39f4185f34e9afff3cff2 Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@intel.com>
-Date: Sat, 5 Mar 2016 00:12:02 +0000
-Subject: [PATCH 24/28] Fix the parallel races in the Makefiles.
-
-This patch was taken from the Gentoo packaging:
-https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1.0.2g-parallel-build.patch
-
-Upstream-Status: Pending
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-Refreshed for 1.0.2i
-Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
-
----
- Makefile.org | 14 ++--
- Makefile.shared | 2 +
- crypto/Makefile | 10 +--
- engines/Makefile | 6 +-
- test/Makefile | 94 +++++++++++-----------
- 5 files changed, 64 insertions(+), 62 deletions(-)
-
-diff --git a/Makefile.org b/Makefile.org
-index efcfafb..82eab91 100644
---- a/Makefile.org
-+++ b/Makefile.org
-@@ -282,17 +282,17 @@ build_libcrypto: build_crypto build_engines libcrypto.pc
- build_libssl: build_ssl libssl.pc
-
- build_crypto:
-- @dir=crypto; target=all; $(BUILD_ONE_CMD)
-+ +@dir=crypto; target=all; $(BUILD_ONE_CMD)
- build_ssl: build_crypto
-- @dir=ssl; target=all; $(BUILD_ONE_CMD)
-+ +@dir=ssl; target=all; $(BUILD_ONE_CMD)
- build_engines: build_crypto
-- @dir=engines; target=all; $(BUILD_ONE_CMD)
-+ +@dir=engines; target=all; $(BUILD_ONE_CMD)
- build_apps: build_libs
-- @dir=apps; target=all; $(BUILD_ONE_CMD)
-+ +@dir=apps; target=all; $(BUILD_ONE_CMD)
- build_tests: build_libs
-- @dir=test; target=all; $(BUILD_ONE_CMD)
-+ +@dir=test; target=all; $(BUILD_ONE_CMD)
- build_tools: build_libs
-- @dir=tools; target=all; $(BUILD_ONE_CMD)
-+ +@dir=tools; target=all; $(BUILD_ONE_CMD)
-
- all_testapps: build_libs build_testapps
- build_testapps:
-@@ -564,7 +564,7 @@ install_sw:
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done;
-- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
-+ +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
- @set -e; liblist="$(LIBS)"; for i in $$liblist ;\
- do \
- if [ -f "$$i" ]; then \
-diff --git a/Makefile.shared b/Makefile.shared
-index bbefb2b..18013a9 100644
---- a/Makefile.shared
-+++ b/Makefile.shared
-@@ -105,6 +105,7 @@ LINK_SO= \
- SHAREDFLAGS="$(OE_LDFLAGS) $${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
- LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
- LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
-+ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
- LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
- $${SHAREDCMD} $${SHAREDFLAGS} \
- -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
-@@ -122,6 +123,7 @@ SYMLINK_SO= \
- done; \
- fi; \
- if [ -n "$$SHLIB_SOVER" ]; then \
-+ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
- ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
- ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
- fi; \
-diff --git a/crypto/Makefile b/crypto/Makefile
-index 875ea1a..c22b683 100644
---- a/crypto/Makefile
-+++ b/crypto/Makefile
-@@ -85,11 +85,11 @@ testapps:
- @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
-
- subdirs:
-- @target=all; $(RECURSIVE_MAKE)
-+ +@target=all; $(RECURSIVE_MAKE)
-
- files:
- $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
-- @target=files; $(RECURSIVE_MAKE)
-+ +@target=files; $(RECURSIVE_MAKE)
-
- links:
- @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
-@@ -100,7 +100,7 @@ links:
- # lib: $(LIB): are splitted to avoid end-less loop
- lib: $(LIB)
- @touch lib
--$(LIB): $(LIBOBJ)
-+$(LIB): $(LIBOBJ) | subdirs
- $(AR) $(LIB) $(LIBOBJ)
- test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
- $(RANLIB) $(LIB) || echo Never mind.
-@@ -111,7 +111,7 @@ shared: buildinf.h lib subdirs
- fi
-
- libs:
-- @target=lib; $(RECURSIVE_MAKE)
-+ +@target=lib; $(RECURSIVE_MAKE)
-
- install:
- @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-@@ -120,7 +120,7 @@ install:
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done;
-- @target=install; $(RECURSIVE_MAKE)
-+ +@target=install; $(RECURSIVE_MAKE)
-
- lint:
- @target=lint; $(RECURSIVE_MAKE)
-diff --git a/engines/Makefile b/engines/Makefile
-index fe8e9ca..a43d21b 100644
---- a/engines/Makefile
-+++ b/engines/Makefile
-@@ -72,7 +72,7 @@ top:
-
- all: lib subdirs
-
--lib: $(LIBOBJ)
-+lib: $(LIBOBJ) | subdirs
- @if [ -n "$(SHARED_LIBS)" ]; then \
- set -e; \
- for l in $(LIBNAMES); do \
-@@ -89,7 +89,7 @@ lib: $(LIBOBJ)
-
- subdirs:
- echo $(EDIRS)
-- @target=all; $(RECURSIVE_MAKE)
-+ +@target=all; $(RECURSIVE_MAKE)
-
- files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-@@ -128,7 +128,7 @@ install:
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx ); \
- done; \
- fi
-- @target=install; $(RECURSIVE_MAKE)
-+ +@target=install; $(RECURSIVE_MAKE)
-
- tags:
- ctags $(SRC)
-diff --git a/test/Makefile b/test/Makefile
-index 36506cf..c69af8b 100644
---- a/test/Makefile
-+++ b/test/Makefile
-@@ -145,7 +145,7 @@ install:
- tags:
- ctags $(SRC)
-
--tests: exe apps $(TESTS)
-+tests: exe $(TESTS)
-
- apps:
- @(cd ..; $(MAKE) DIRS=apps all)
-@@ -448,142 +448,142 @@ BUILD_CMD_STATIC=shlib_target=; \
- link_app.$${shlib_target}
-
- $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
-- @target=$(RSATEST); $(BUILD_CMD)
-+ +@target=$(RSATEST); $(BUILD_CMD)
-
- $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
-- @target=$(BNTEST); $(BUILD_CMD)
-+ +@target=$(BNTEST); $(BUILD_CMD)
-
- $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
-- @target=$(ECTEST); $(BUILD_CMD)
-+ +@target=$(ECTEST); $(BUILD_CMD)
-
- $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
-- @target=$(EXPTEST); $(BUILD_CMD)
-+ +@target=$(EXPTEST); $(BUILD_CMD)
-
- $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
-- @target=$(IDEATEST); $(BUILD_CMD)
-+ +@target=$(IDEATEST); $(BUILD_CMD)
-
- $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
-- @target=$(MD2TEST); $(BUILD_CMD)
-+ +@target=$(MD2TEST); $(BUILD_CMD)
-
- $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
-- @target=$(SHATEST); $(BUILD_CMD)
-+ +@target=$(SHATEST); $(BUILD_CMD)
-
- $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
-- @target=$(SHA1TEST); $(BUILD_CMD)
-+ +@target=$(SHA1TEST); $(BUILD_CMD)
-
- $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
-- @target=$(SHA256TEST); $(BUILD_CMD)
-+ +@target=$(SHA256TEST); $(BUILD_CMD)
-
- $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
-- @target=$(SHA512TEST); $(BUILD_CMD)
-+ +@target=$(SHA512TEST); $(BUILD_CMD)
-
- $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
-- @target=$(RMDTEST); $(BUILD_CMD)
-+ +@target=$(RMDTEST); $(BUILD_CMD)
-
- $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
-- @target=$(MDC2TEST); $(BUILD_CMD)
-+ +@target=$(MDC2TEST); $(BUILD_CMD)
-
- $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
-- @target=$(MD4TEST); $(BUILD_CMD)
-+ +@target=$(MD4TEST); $(BUILD_CMD)
-
- $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
-- @target=$(MD5TEST); $(BUILD_CMD)
-+ +@target=$(MD5TEST); $(BUILD_CMD)
-
- $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
-- @target=$(HMACTEST); $(BUILD_CMD)
-+ +@target=$(HMACTEST); $(BUILD_CMD)
-
- $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
-- @target=$(WPTEST); $(BUILD_CMD)
-+ +@target=$(WPTEST); $(BUILD_CMD)
-
- $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
-- @target=$(RC2TEST); $(BUILD_CMD)
-+ +@target=$(RC2TEST); $(BUILD_CMD)
-
- $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
-- @target=$(BFTEST); $(BUILD_CMD)
-+ +@target=$(BFTEST); $(BUILD_CMD)
-
- $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
-- @target=$(CASTTEST); $(BUILD_CMD)
-+ +@target=$(CASTTEST); $(BUILD_CMD)
-
- $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
-- @target=$(RC4TEST); $(BUILD_CMD)
-+ +@target=$(RC4TEST); $(BUILD_CMD)
-
- $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
-- @target=$(RC5TEST); $(BUILD_CMD)
-+ +@target=$(RC5TEST); $(BUILD_CMD)
-
- $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
-- @target=$(DESTEST); $(BUILD_CMD)
-+ +@target=$(DESTEST); $(BUILD_CMD)
-
- $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
-- @target=$(RANDTEST); $(BUILD_CMD)
-+ +@target=$(RANDTEST); $(BUILD_CMD)
-
- $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
-- @target=$(DHTEST); $(BUILD_CMD)
-+ +@target=$(DHTEST); $(BUILD_CMD)
-
- $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
-- @target=$(DSATEST); $(BUILD_CMD)
-+ +@target=$(DSATEST); $(BUILD_CMD)
-
- $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
-- @target=$(METHTEST); $(BUILD_CMD)
-+ +@target=$(METHTEST); $(BUILD_CMD)
-
- $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
-- @target=$(SSLTEST); $(FIPS_BUILD_CMD)
-+ +@target=$(SSLTEST); $(FIPS_BUILD_CMD)
-
- $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
-- @target=$(ENGINETEST); $(BUILD_CMD)
-+ +@target=$(ENGINETEST); $(BUILD_CMD)
-
- $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
-- @target=$(EVPTEST); $(BUILD_CMD)
-+ +@target=$(EVPTEST); $(BUILD_CMD)
-
- $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO)
-- @target=$(EVPEXTRATEST); $(BUILD_CMD)
-+ +@target=$(EVPEXTRATEST); $(BUILD_CMD)
-
- $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
-- @target=$(ECDSATEST); $(BUILD_CMD)
-+ +@target=$(ECDSATEST); $(BUILD_CMD)
-
- $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
-- @target=$(ECDHTEST); $(BUILD_CMD)
-+ +@target=$(ECDHTEST); $(BUILD_CMD)
-
- $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
-- @target=$(IGETEST); $(BUILD_CMD)
-+ +@target=$(IGETEST); $(BUILD_CMD)
-
- $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
-- @target=$(JPAKETEST); $(BUILD_CMD)
-+ +@target=$(JPAKETEST); $(BUILD_CMD)
-
- $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
-- @target=$(ASN1TEST); $(BUILD_CMD)
-+ +@target=$(ASN1TEST); $(BUILD_CMD)
-
- $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
-- @target=$(SRPTEST); $(BUILD_CMD)
-+ +@target=$(SRPTEST); $(BUILD_CMD)
-
- $(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO)
-- @target=$(V3NAMETEST); $(BUILD_CMD)
-+ +@target=$(V3NAMETEST); $(BUILD_CMD)
-
- $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
-- @target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
-+ +@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
-
- $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o
-- @target=$(CONSTTIMETEST) $(BUILD_CMD)
-+ +@target=$(CONSTTIMETEST) $(BUILD_CMD)
-
- $(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o
-- @target=$(VERIFYEXTRATEST) $(BUILD_CMD)
-+ +@target=$(VERIFYEXTRATEST) $(BUILD_CMD)
-
- $(CLIENTHELLOTEST)$(EXE_EXT): $(CLIENTHELLOTEST).o
-- @target=$(CLIENTHELLOTEST) $(BUILD_CMD)
-+ +@target=$(CLIENTHELLOTEST) $(BUILD_CMD)
-
- $(BADDTLSTEST)$(EXE_EXT): $(BADDTLSTEST).o
-- @target=$(BADDTLSTEST) $(BUILD_CMD)
-+ +@target=$(BADDTLSTEST) $(BUILD_CMD)
-
- $(FATALERRTEST)$(EXE_EXT): $(FATALERRTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO)
- @target=$(FATALERRTEST); exobj=ssltestlib.o; $(BUILD_CMD)
-
- $(X509TIMETEST)$(EXE_EXT): $(X509TIMETEST).o
-- @target=$(X509TIMETEST) $(BUILD_CMD)
-+ +@target=$(X509TIMETEST) $(BUILD_CMD)
-
- $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o
-- @target=$(SSLV2CONFTEST) $(BUILD_CMD)
-+ +@target=$(SSLV2CONFTEST) $(BUILD_CMD)
-
- $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO)
-- @target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD)
-+ +@target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD)
-
- #$(AESTEST).o: $(AESTEST).c
- # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
-@@ -596,7 +596,7 @@ $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO)
- # fi
-
- dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
-- @target=dummytest; $(BUILD_CMD)
-+ +@target=dummytest; $(BUILD_CMD)
-
- # DO NOT DELETE THIS LINE -- make depend depends on it.
-
---
-2.15.1
-
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl10/ptest-deps.patch b/external/poky/meta/recipes-connectivity/openssl/openssl10/ptest-deps.patch
deleted file mode 100644
index ef6d1793..00000000
--- a/external/poky/meta/recipes-connectivity/openssl/openssl10/ptest-deps.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-Remove Makefile dependencies for test targets
-
-These are probably here because the executables aren't always built for
-other platforms (e.g. Windows); however we can safely assume they'll
-always be there. None of the other test targets have such dependencies
-and if we don't remove them, make tries to rebuild the executables and
-fails during run-ptest.
-
-Upstream-Status: Inappropriate [config]
-
-Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
-
-Index: openssl-1.0.2/test/Makefile
-===================================================================
---- openssl-1.0.2.orig/test/Makefile
-+++ openssl-1.0.2/test/Makefile
-@@ -330,7 +330,7 @@ test_cms: ../apps/openssl$(EXE_EXT) cms-
- @echo "CMS consistency test"
- $(PERL) cms-test.pl
-
--test_srp: $(SRPTEST)$(EXE_EXT)
-+test_srp:
- @echo "Test SRP"
- ../util/shlib_wrap.sh ./srptest
-
-@@ -342,7 +342,7 @@ test_v3name: $(V3NAMETEST)$(EXE_EXT)
- @echo "Test X509v3_check_*"
- ../util/shlib_wrap.sh ./$(V3NAMETEST)
-
--test_heartbeat: $(HEARTBEATTEST)$(EXE_EXT)
-+test_heartbeat:
- ../util/shlib_wrap.sh ./$(HEARTBEATTEST)
-
- test_constant_time: $(CONSTTIMETEST)$(EXE_EXT)
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl10/ptest_makefile_deps.patch b/external/poky/meta/recipes-connectivity/openssl/openssl10/ptest_makefile_deps.patch
deleted file mode 100644
index 4202e61d..00000000
--- a/external/poky/meta/recipes-connectivity/openssl/openssl10/ptest_makefile_deps.patch
+++ /dev/null
@@ -1,248 +0,0 @@
-Additional Makefile dependencies removal for test targets
-
-Removing the dependency check for test targets as these tests are
-causing a number of failures and "noise" during ptest execution.
-
-Upstream-Status: Inappropriate [config]
-
-Signed-off-by: Maxin B. John <maxin.john@intel.com>
-
-diff -Naur openssl-1.0.2d-orig/test/Makefile openssl-1.0.2d/test/Makefile
---- openssl-1.0.2d-orig/test/Makefile 2015-09-28 12:50:41.530022979 +0300
-+++ openssl-1.0.2d/test/Makefile 2015-09-28 12:57:45.930717240 +0300
-@@ -155,67 +155,67 @@
- ( $(MAKE) $$i && echo "PASS: $$i" ) || echo "FAIL: $$i"; \
- done)
-
--test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt
-+test_evp:
- ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
-
--test_evp_extra: $(EVPEXTRATEST)$(EXE_EXT)
-+test_evp_extra:
- ../util/shlib_wrap.sh ./$(EVPEXTRATEST)
-
--test_des: $(DESTEST)$(EXE_EXT)
-+test_des:
- ../util/shlib_wrap.sh ./$(DESTEST)
-
--test_idea: $(IDEATEST)$(EXE_EXT)
-+test_idea:
- ../util/shlib_wrap.sh ./$(IDEATEST)
-
--test_sha: $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(SHA256TEST)$(EXE_EXT) $(SHA512TEST)$(EXE_EXT)
-+test_sha:
- ../util/shlib_wrap.sh ./$(SHATEST)
- ../util/shlib_wrap.sh ./$(SHA1TEST)
- ../util/shlib_wrap.sh ./$(SHA256TEST)
- ../util/shlib_wrap.sh ./$(SHA512TEST)
-
--test_mdc2: $(MDC2TEST)$(EXE_EXT)
-+test_mdc2:
- ../util/shlib_wrap.sh ./$(MDC2TEST)
-
--test_md5: $(MD5TEST)$(EXE_EXT)
-+test_md5:
- ../util/shlib_wrap.sh ./$(MD5TEST)
-
--test_md4: $(MD4TEST)$(EXE_EXT)
-+test_md4:
- ../util/shlib_wrap.sh ./$(MD4TEST)
-
--test_hmac: $(HMACTEST)$(EXE_EXT)
-+test_hmac:
- ../util/shlib_wrap.sh ./$(HMACTEST)
-
--test_wp: $(WPTEST)$(EXE_EXT)
-+test_wp:
- ../util/shlib_wrap.sh ./$(WPTEST)
-
--test_md2: $(MD2TEST)$(EXE_EXT)
-+test_md2:
- ../util/shlib_wrap.sh ./$(MD2TEST)
-
--test_rmd: $(RMDTEST)$(EXE_EXT)
-+test_rmd:
- ../util/shlib_wrap.sh ./$(RMDTEST)
-
--test_bf: $(BFTEST)$(EXE_EXT)
-+test_bf:
- ../util/shlib_wrap.sh ./$(BFTEST)
-
--test_cast: $(CASTTEST)$(EXE_EXT)
-+test_cast:
- ../util/shlib_wrap.sh ./$(CASTTEST)
-
--test_rc2: $(RC2TEST)$(EXE_EXT)
-+test_rc2:
- ../util/shlib_wrap.sh ./$(RC2TEST)
-
--test_rc4: $(RC4TEST)$(EXE_EXT)
-+test_rc4:
- ../util/shlib_wrap.sh ./$(RC4TEST)
-
--test_rc5: $(RC5TEST)$(EXE_EXT)
-+test_rc5:
- ../util/shlib_wrap.sh ./$(RC5TEST)
-
--test_rand: $(RANDTEST)$(EXE_EXT)
-+test_rand:
- ../util/shlib_wrap.sh ./$(RANDTEST)
-
--test_enc: ../apps/openssl$(EXE_EXT) testenc
-+test_enc:
- @sh ./testenc
-
--test_x509: ../apps/openssl$(EXE_EXT) tx509 testx509.pem v3-cert1.pem v3-cert2.pem
-+test_x509:
- echo test normal x509v1 certificate
- sh ./tx509 2>/dev/null
- echo test first x509v3 certificate
-@@ -223,25 +223,25 @@
- echo test second x509v3 certificate
- sh ./tx509 v3-cert2.pem 2>/dev/null
-
--test_rsa: ../apps/openssl$(EXE_EXT) trsa testrsa.pem
-+test_rsa:
- @sh ./trsa 2>/dev/null
- ../util/shlib_wrap.sh ./$(RSATEST)
-
--test_crl: ../apps/openssl$(EXE_EXT) tcrl testcrl.pem
-+test_crl:
- @sh ./tcrl 2>/dev/null
-
--test_sid: ../apps/openssl$(EXE_EXT) tsid testsid.pem
-+test_sid:
- @sh ./tsid 2>/dev/null
-
--test_req: ../apps/openssl$(EXE_EXT) treq testreq.pem testreq2.pem
-+test_req:
- @sh ./treq 2>/dev/null
- @sh ./treq testreq2.pem 2>/dev/null
-
--test_pkcs7: ../apps/openssl$(EXE_EXT) tpkcs7 tpkcs7d testp7.pem pkcs7-1.pem
-+test_pkcs7:
- @sh ./tpkcs7 2>/dev/null
- @sh ./tpkcs7d 2>/dev/null
-
--test_bn: $(BNTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) bctest
-+test_bn:
- @echo starting big number library test, could take a while...
- @../util/shlib_wrap.sh ./$(BNTEST) >tmp.bntest
- @echo quit >>tmp.bntest
-@@ -250,33 +250,33 @@
- @echo 'test a^b%c implementations'
- ../util/shlib_wrap.sh ./$(EXPTEST)
-
--test_ec: $(ECTEST)$(EXE_EXT)
-+test_ec:
- @echo 'test elliptic curves'
- ../util/shlib_wrap.sh ./$(ECTEST)
-
--test_ecdsa: $(ECDSATEST)$(EXE_EXT)
-+test_ecdsa:
- @echo 'test ecdsa'
- ../util/shlib_wrap.sh ./$(ECDSATEST)
-
--test_ecdh: $(ECDHTEST)$(EXE_EXT)
-+test_ecdh:
- @echo 'test ecdh'
- ../util/shlib_wrap.sh ./$(ECDHTEST)
-
--test_verify: ../apps/openssl$(EXE_EXT)
-+test_verify:
- @echo "The following command should have some OK's and some failures"
- @echo "There are definitly a few expired certificates"
- ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo ../certs/demo/*.pem
-
--test_dh: $(DHTEST)$(EXE_EXT)
-+test_dh:
- @echo "Generate a set of DH parameters"
- ../util/shlib_wrap.sh ./$(DHTEST)
-
--test_dsa: $(DSATEST)$(EXE_EXT)
-+test_dsa:
- @echo "Generate a set of DSA parameters"
- ../util/shlib_wrap.sh ./$(DSATEST)
- ../util/shlib_wrap.sh ./$(DSATEST) -app2_1
-
--test_gen testreq.pem: ../apps/openssl$(EXE_EXT) testgen test.cnf
-+test_gen testreq.pem:
- @echo "Generate and verify a certificate request"
- @sh ./testgen
-
-@@ -288,13 +288,11 @@
- @cat certCA.ss certU.ss > intP1.ss
- @cat certCA.ss certU.ss certP1.ss > intP2.ss
-
--test_engine: $(ENGINETEST)$(EXE_EXT)
-+test_engine:
- @echo "Manipulate the ENGINE structures"
- ../util/shlib_wrap.sh ./$(ENGINETEST)
-
--test_ssl: keyU.ss certU.ss certCA.ss certP1.ss keyP1.ss certP2.ss keyP2.ss \
-- intP1.ss intP2.ss $(SSLTEST)$(EXE_EXT) testssl testsslproxy \
-- ../apps/server2.pem serverinfo.pem
-+test_ssl:
- @echo "test SSL protocol"
- @if [ -n "$(FIPSCANLIB)" ]; then \
- sh ./testfipsssl keyU.ss certU.ss certCA.ss; \
-@@ -304,7 +302,7 @@
- @sh ./testsslproxy keyP1.ss certP1.ss intP1.ss
- @sh ./testsslproxy keyP2.ss certP2.ss intP2.ss
-
--test_ca: ../apps/openssl$(EXE_EXT) testca CAss.cnf Uss.cnf
-+test_ca:
- @if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \
- echo "skipping CA.sh test -- requires RSA"; \
- else \
-@@ -312,11 +310,11 @@
- sh ./testca; \
- fi
-
--test_aes: #$(AESTEST)
-+test_aes:
- # @echo "test Rijndael"
- # ../util/shlib_wrap.sh ./$(AESTEST)
-
--test_tsa: ../apps/openssl$(EXE_EXT) testtsa CAtsa.cnf ../util/shlib_wrap.sh
-+test_tsa:
- @if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \
- echo "skipping testtsa test -- requires RSA"; \
- else \
-@@ -331,7 +329,7 @@
- @echo "Test JPAKE"
- ../util/shlib_wrap.sh ./$(JPAKETEST)
-
--test_cms: ../apps/openssl$(EXE_EXT) cms-test.pl smcont.txt
-+test_cms:
- @echo "CMS consistency test"
- $(PERL) cms-test.pl
-
-@@ -339,22 +337,22 @@
- @echo "Test SRP"
- ../util/shlib_wrap.sh ./srptest
-
--test_ocsp: ../apps/openssl$(EXE_EXT) tocsp
-+test_ocsp:
- @echo "Test OCSP"
- @sh ./tocsp
-
--test_v3name: $(V3NAMETEST)$(EXE_EXT)
-+test_v3name:
- @echo "Test X509v3_check_*"
- ../util/shlib_wrap.sh ./$(V3NAMETEST)
-
- test_heartbeat:
- ../util/shlib_wrap.sh ./$(HEARTBEATTEST)
-
--test_constant_time: $(CONSTTIMETEST)$(EXE_EXT)
-+test_constant_time:
- @echo "Test constant time utilites"
- ../util/shlib_wrap.sh ./$(CONSTTIMETEST)
-
--test_verify_extra: $(VERIFYEXTRATEST)$(EXE_EXT)
-+test_verify_extra:
- @echo $(START) $@
- ../util/shlib_wrap.sh ./$(VERIFYEXTRATEST)
-
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl10/reproducible-cflags.patch b/external/poky/meta/recipes-connectivity/openssl/openssl10/reproducible-cflags.patch
deleted file mode 100644
index 2803cb03..00000000
--- a/external/poky/meta/recipes-connectivity/openssl/openssl10/reproducible-cflags.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-Allow passing custom c-flags to mkbuildinf.pl in order to pass
-flags without any build host references
-
-Upstream-Status: Inappropriate [OE specific]
-
-Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
-
---- Makefile 2018-03-06 14:50:18.342138147 -0800
-+++ Makefile 2018-03-06 15:24:04.794239071 -0800
---- a/crypto/Makefile
-+++ b/crypto/Makefile
-@@ -55,7 +55,7 @@
- all: shared
-
- buildinf.h: ../Makefile
-- $(PERL) $(TOP)/util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)" >buildinf.h
-+ $(PERL) $(TOP)/util/mkbuildinf.pl "$(CC_INFO)" "$(PLATFORM)" >buildinf.h
-
- x86cpuid.s: x86cpuid.pl perlasm/x86asm.pl
- $(PERL) x86cpuid.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl10/reproducible-mkbuildinf.patch b/external/poky/meta/recipes-connectivity/openssl/openssl10/reproducible-mkbuildinf.patch
deleted file mode 100644
index b5567312..00000000
--- a/external/poky/meta/recipes-connectivity/openssl/openssl10/reproducible-mkbuildinf.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-If SOURCE_DATE_EPOCH is present in the environment, use it as build date.
-Also make sure to use UTC time.
-
-Upstream-Status: Backport [ https://github.com/openssl/openssl/blob/master/util/mkbuildinf.pl ]
-
-Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
-
---- mkbuildinf.pl 2018-03-06 14:20:09.438048058 -0800
-+++ mkbuildinf.pl 2018-03-06 14:19:20.722045632 -0800
---- a/util/mkbuildinf.pl
-+++ b/util/mkbuildinf.pl
-@@ -3,7 +3,8 @@
- my ($cflags, $platform) = @ARGV;
-
- $cflags = "compiler: $cflags";
--$date = localtime();
-+my $date = gmtime($ENV{'SOURCE_DATE_EPOCH'} || time()) . " UTC";
-+
- print <<"END_OUTPUT";
- #ifndef MK1MF_BUILD
- /* auto-generated by util/mkbuildinf.pl for crypto/cversion.c */
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl10/run-ptest b/external/poky/meta/recipes-connectivity/openssl/openssl10/run-ptest
deleted file mode 100755
index 3b20fce1..00000000
--- a/external/poky/meta/recipes-connectivity/openssl/openssl10/run-ptest
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/sh
-make -k runtest
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl10/shared-libs.patch b/external/poky/meta/recipes-connectivity/openssl/openssl10/shared-libs.patch
deleted file mode 100644
index a7ca0a30..00000000
--- a/external/poky/meta/recipes-connectivity/openssl/openssl10/shared-libs.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-Upstream-Status: Inappropriate [configuration]
-
-Index: openssl-1.0.1e/crypto/Makefile
-===================================================================
---- openssl-1.0.1e.orig/crypto/Makefile
-+++ openssl-1.0.1e/crypto/Makefile
-@@ -108,7 +108,7 @@ $(LIB): $(LIBOBJ)
-
- shared: buildinf.h lib subdirs
- if [ -n "$(SHARED_LIBS)" ]; then \
-- (cd ..; $(MAKE) $(SHARED_LIB)); \
-+ (cd ..; $(MAKE) -e $(SHARED_LIB)); \
- fi
-
- libs:
-Index: openssl-1.0.1e/Makefile.org
-===================================================================
---- openssl-1.0.1e.orig/Makefile.org
-+++ openssl-1.0.1e/Makefile.org
-@@ -310,7 +310,7 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_
-
- libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
- @if [ "$(SHLIB_TARGET)" != "" ]; then \
-- $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
-+ $(MAKE) -e SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
- else \
- echo "There's no support for shared libraries on this platform" >&2; \
- exit 1; \
-Index: openssl-1.0.1e/ssl/Makefile
-===================================================================
---- openssl-1.0.1e.orig/ssl/Makefile
-+++ openssl-1.0.1e/ssl/Makefile
-@@ -62,7 +62,7 @@ lib: $(LIBOBJ)
-
- shared: lib
- if [ -n "$(SHARED_LIBS)" ]; then \
-- (cd ..; $(MAKE) $(SHARED_LIB)); \
-+ (cd ..; $(MAKE) -e $(SHARED_LIB)); \
- fi
-
- files:
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb b/external/poky/meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb
deleted file mode 100644
index da7223dc..00000000
--- a/external/poky/meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb
+++ /dev/null
@@ -1,363 +0,0 @@
-SUMMARY = "Secure Socket Layer"
-DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
-HOMEPAGE = "http://www.openssl.org/"
-BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
-SECTION = "libs/network"
-
-# "openssl | SSLeay" dual license
-LICENSE = "openssl"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=f475368924827d06d4b416111c8bdb77"
-
-DEPENDS = "hostperl-runtime-native"
-DEPENDS_append_class-target = " openssl-native"
-
-SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
- file://run-ptest \
- file://openssl-c_rehash.sh \
- file://configure-targets.patch \
- file://shared-libs.patch \
- file://oe-ldflags.patch \
- file://engines-install-in-libdir-ssl.patch \
- file://debian1.0.2/block_diginotar.patch \
- file://debian1.0.2/block_digicert_malaysia.patch \
- file://debian/c_rehash-compat.patch \
- file://debian/debian-targets.patch \
- file://debian/man-dir.patch \
- file://debian/man-section.patch \
- file://debian/no-rpath.patch \
- file://debian/no-symbolic.patch \
- file://debian/pic.patch \
- file://debian1.0.2/version-script.patch \
- file://debian1.0.2/soname.patch \
- file://openssl_fix_for_x32.patch \
- file://openssl-fix-des.pod-error.patch \
- file://Makefiles-ptest.patch \
- file://ptest-deps.patch \
- file://ptest_makefile_deps.patch \
- file://configure-musl-target.patch \
- file://parallel.patch \
- file://Use-SHA256-not-MD5-as-default-digest.patch \
- file://0001-Fix-build-with-clang-using-external-assembler.patch \
- file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \
- file://0001-allow-manpages-to-be-disabled.patch \
- file://0001-Fix-BN_LLONG-breakage.patch \
- file://0001-Fix-DES_LONG-breakage.patch \
- "
-
-SRC_URI_append_class-target = " \
- file://reproducible-cflags.patch \
- file://reproducible-mkbuildinf.patch \
- "
-
-SRC_URI_append_class-nativesdk = " \
- file://environment.d-openssl.sh \
- "
-
-SRC_URI[md5sum] = "0d2baaf04c56d542f6cc757b9c2a2aac"
-SRC_URI[sha256sum] = "ae51d08bba8a83958e894946f15303ff894d75c2b8bbd44a852b64e3fe11d0d6"
-
-S = "${WORKDIR}/openssl-${PV}"
-
-UPSTREAM_CHECK_REGEX = "openssl-(?P<pver>1\.0.+)\.tar"
-
-inherit pkgconfig siteinfo multilib_header ptest manpages
-
-PACKAGECONFIG ?= "cryptodev-linux"
-PACKAGECONFIG_class-native = ""
-PACKAGECONFIG_class-nativesdk = ""
-
-PACKAGECONFIG[cryptodev-linux] = "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS,,cryptodev-linux"
-PACKAGECONFIG[manpages] = ",,,"
-PACKAGECONFIG[perl] = ",,,"
-
-# Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE
-# vulnerability
-EXTRA_OECONF = "no-ssl3"
-
-EXTRA_OEMAKE = "${@bb.utils.contains('PACKAGECONFIG', 'manpages', '', 'OE_DISABLE_MANPAGES=1', d)}"
-
-export OE_LDFLAGS = "${LDFLAGS}"
-
-# openssl fails with ccache: https://bugzilla.yoctoproject.org/show_bug.cgi?id=12810
-CCACHE = ""
-
-TERMIO ?= "-DTERMIO"
-TERMIO_libc-musl = "-DTERMIOS"
-EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm"
-
-CFLAG = "${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
- ${TERMIO} ${CFLAGS} -Wall"
-
-# Avoid binaries being marked as requiring an executable stack since they don't
-# (and it causes issues with SELinux)
-CFLAG += "-Wa,--noexecstack"
-
-CFLAG_append_class-native = " -fPIC"
-
-do_configure () {
- # The crypto_use_bigint patch means that perl's bignum module needs to be
- # installed, but some distributions (for example Fedora 23) don't ship it by
- # default. As the resulting error is very misleading check for bignum before
- # building.
- if ! perl -Mbigint -e true; then
- bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake."
- fi
-
- ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/
-
- os=${HOST_OS}
- case $os in
- linux-gnueabi |\
- linux-gnuspe |\
- linux-musleabi |\
- linux-muslspe |\
- linux-musl )
- os=linux
- ;;
- *)
- ;;
- esac
- target="$os-${HOST_ARCH}"
- case $target in
- linux-arm)
- target=linux-armv4
- ;;
- linux-armeb)
- target=linux-elf-armeb
- ;;
- linux-aarch64*)
- target=linux-aarch64
- ;;
- linux-sh3)
- target=debian-sh3
- ;;
- linux-sh4)
- target=debian-sh4
- ;;
- linux-i486)
- target=debian-i386-i486
- ;;
- linux-i586 | linux-viac3)
- target=debian-i386-i586
- ;;
- linux-i686)
- target=debian-i386-i686/cmov
- ;;
- linux-gnux32-x86_64 | linux-muslx32-x86_64 )
- target=linux-x32
- ;;
- linux-gnu64-x86_64)
- target=linux-x86_64
- ;;
- linux-gnun32-mips*el)
- target=debian-mipsn32el
- ;;
- linux-gnun32-mips*)
- target=debian-mipsn32
- ;;
- linux-mips*64*el)
- target=debian-mips64el
- ;;
- linux-mips*64*)
- target=debian-mips64
- ;;
- linux-mips*el)
- target=debian-mipsel
- ;;
- linux-mips*)
- target=debian-mips
- ;;
- linux-microblaze* | linux-nios2* | linux-gnu*ilp32** | linux-arc*)
- target=linux-generic32
- ;;
- linux-powerpc)
- target=linux-ppc
- ;;
- linux-powerpc64)
- target=linux-ppc64
- ;;
- linux-riscv32)
- target=linux-generic32
- ;;
- linux-riscv64)
- target=linux-generic64
- ;;
- linux-sparc | linux-supersparc)
- target=linux-sparcv8
- ;;
- esac
-
- # inject machine-specific flags
- sed -i -e "s|^\(\"$target\",\s*\"[^:]\+\):\([^:]\+\)|\1:${CFLAG}|g" Configure
-
- useprefix=${prefix}
- if [ "x$useprefix" = "x" ]; then
- useprefix=/
- fi
- libdirleaf="$( echo "${libdir}" | sed "s:^$useprefix/*::" )"
- perl ./Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=$libdirleaf $target
-}
-
-do_compile () {
- oe_runmake depend
- oe_runmake
-}
-
-do_compile_class-target () {
- sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile
- oe_runmake depend
- cc_sanitized=$(echo "${CC} ${CFLAG}" | sed -e 's,--sysroot=${STAGING_DIR_TARGET},,g' -e 's|${DEBUG_PREFIX_MAP}||g' -e 's/[ \t]\+/ /g')
- oe_runmake CC_INFO="$cc_sanitized"
-}
-
-do_compile_ptest () {
- oe_runmake buildtest
-}
-
-do_install () {
- # Create ${D}/${prefix} to fix parallel issues
- mkdir -p ${D}/${prefix}/
-
- oe_runmake INSTALL_PREFIX="${D}" MANDIR="${mandir}" install
-
- oe_libinstall -so libcrypto ${D}${libdir}
- oe_libinstall -so libssl ${D}${libdir}
-
- install -d ${D}${includedir}
- cp --dereference -R include/openssl ${D}${includedir}
-
- oe_multilib_header openssl/opensslconf.h
-
- install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
- sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
-
- if [ "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}" ]; then
- sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl
- sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget
- else
- rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
- fi
-
- # Create SSL structure for packages such as ca-certificates which
- # contain hard-coded paths to /etc/ssl. Debian does the same.
- install -d ${D}${sysconfdir}/ssl
- mv ${D}${libdir}/ssl/certs \
- ${D}${libdir}/ssl/private \
- ${D}${libdir}/ssl/openssl.cnf \
- ${D}${sysconfdir}/ssl/
-
- # Although absolute symlinks would be OK for the target, they become
- # invalid if native or nativesdk are relocated from sstate.
- ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl/certs
- ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl/private
- ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl/openssl.cnf
-
- # Rename man pages to prefix openssl10-*
- for f in `find ${D}${mandir} -type f`; do
- mv $f $(dirname $f)/openssl10-$(basename $f)
- done
- for f in `find ${D}${mandir} -type l`; do
- ln_f=`readlink $f`
- rm -f $f
- ln -s openssl10-$ln_f $(dirname $f)/openssl10-$(basename $f)
- done
-}
-
-do_install_append_class-native () {
- create_wrapper ${D}${bindir}/openssl \
- OPENSSL_CONF=${libdir}/ssl/openssl.cnf \
- SSL_CERT_DIR=${libdir}/ssl/certs \
- SSL_CERT_FILE=${libdir}/ssl/cert.pem \
- OPENSSL_ENGINES=${libdir}/ssl/engines
-}
-
-do_install_append_class-nativesdk () {
- mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
- install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
-}
-
-do_install_ptest () {
- cp -r -L Makefile.org Makefile test ${D}${PTEST_PATH}
-
- # Replace the path to native perl with the path to target perl
- sed -i 's,^PERL=.*,PERL=${bindir}/perl,' ${D}${PTEST_PATH}/Makefile
-
- cp Configure config e_os.h ${D}${PTEST_PATH}
- cp -r -L include ${D}${PTEST_PATH}
- ln -sf ${libdir}/libcrypto.a ${D}${PTEST_PATH}
- ln -sf ${libdir}/libssl.a ${D}${PTEST_PATH}
- mkdir -p ${D}${PTEST_PATH}/crypto
- cp crypto/constant_time_locl.h ${D}${PTEST_PATH}/crypto
- cp -r certs ${D}${PTEST_PATH}
- mkdir -p ${D}${PTEST_PATH}/apps
- ln -sf ${libdir}/ssl/misc/CA.sh ${D}${PTEST_PATH}/apps
- ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
- ln -sf ${bindir}/openssl ${D}${PTEST_PATH}/apps
- cp apps/server.pem ${D}${PTEST_PATH}/apps
- cp apps/server2.pem ${D}${PTEST_PATH}/apps
- mkdir -p ${D}${PTEST_PATH}/util
- install util/opensslwrap.sh ${D}${PTEST_PATH}/util
- install util/shlib_wrap.sh ${D}${PTEST_PATH}/util
- # Time stamps are relevant for "make alltests", otherwise
- # make may try to recompile binaries. Not only must the
- # binary files be newer than the sources, they also must
- # be more recent than the header files in /usr/include.
- #
- # Using "cp -a" is not sufficient, because do_install
- # does not preserve the original time stamps.
- #
- # So instead of using the original file stamps, we set
- # the current time for all files. Binaries will get
- # modified again later when stripping them, but that's okay.
- touch ${D}${PTEST_PATH}
- find ${D}${PTEST_PATH} -type f -print0 | xargs --verbose -0 touch -r ${D}${PTEST_PATH}
-
- # exclude binary files or the package won't install
- for d in ssltest_old v3ext x509aux; do
- rm -rf ${D}${libdir}/${BPN}/ptest/test/$d
- done
-
- # Remove build host references
- sed -i \
- -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \
- -e 's|${DEBUG_PREFIX_MAP}||g' \
- ${D}${PTEST_PATH}/Makefile ${D}${PTEST_PATH}/Configure
-}
-
-# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
-# package RRECOMMENDS on this package. This will enable the configuration
-# file to be installed for both the base openssl package and the libcrypto
-# package since the base openssl package depends on the libcrypto package.
-
-PACKAGES =+ "libcrypto10 libssl10 openssl10-conf ${PN}-engines ${PN}-misc"
-
-FILES_libcrypto10 = "${libdir}/libcrypto${SOLIBS}"
-FILES_libssl10 = "${libdir}/libssl${SOLIBS}"
-FILES_openssl10-conf = "${sysconfdir}/ssl/openssl.cnf"
-FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
-FILES_${PN}-misc = "${libdir}/ssl/misc"
-FILES_${PN} =+ "${libdir}/ssl/*"
-FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
-
-CONFFILES_openssl10-conf = "${sysconfdir}/ssl/openssl.cnf"
-
-RRECOMMENDS_libcrypto10 += "openssl10-conf"
-RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}"
-RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
-
-BBCLASSEXTEND = "native nativesdk"
-PACKAGE_PREPROCESS_FUNCS += "openssl_package_preprocess"
-
-# openssl 1.0 development files and executable binaries clash with openssl 1.1
-# files when installed into target rootfs. So we don't put them into
-# packages, but they continue to be provided via target sysroot for
-# cross-compilation on the host, if some software still depends on openssl 1.0.
-openssl_package_preprocess () {
- for file in `find ${PKGD} -name *.h -o -name *.pc -o -name *.so`; do
- rm $file
- done
- rm ${PKGD}${bindir}/openssl
- rm ${PKGD}${bindir}/c_rehash
- rmdir ${PKGD}${bindir}
-
-}
diff --git a/external/poky/meta/recipes-connectivity/openssl/openssl_1.1.1b.bb b/external/poky/meta/recipes-connectivity/openssl/openssl_1.1.1g.bb
index 337aaa17..81595583 100644
--- a/external/poky/meta/recipes-connectivity/openssl/openssl_1.1.1b.bb
+++ b/external/poky/meta/recipes-connectivity/openssl/openssl_1.1.1g.bb
@@ -13,27 +13,26 @@ DEPENDS = "hostperl-runtime-native"
SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://run-ptest \
- file://openssl-c_rehash.sh \
file://0001-skip-test_symbol_presence.patch \
file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
file://afalg.patch \
- file://CVE-2019-1543.patch \
+ file://reproducible.patch \
"
SRC_URI_append_class-nativesdk = " \
file://environment.d-openssl.sh \
"
-SRC_URI[md5sum] = "4532712e7bcc9414f5bce995e4e13930"
-SRC_URI[sha256sum] = "5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b"
+SRC_URI[sha256sum] = "ddb04774f1e32f0c49751e21b67216ac87852ceb056b75209af2443400636d46"
-inherit lib_package multilib_header ptest
+inherit lib_package multilib_header multilib_script ptest
+MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
PACKAGECONFIG ?= ""
PACKAGECONFIG_class-native = ""
PACKAGECONFIG_class-nativesdk = ""
-PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux"
+PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module"
B = "${WORKDIR}/build"
do_configure[cleandirs] = "${B}"
@@ -44,10 +43,10 @@ do_configure[cleandirs] = "${B}"
EXTRA_OECONF_append_libc-musl = " no-async"
EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm"
-# This prevents openssl from using getrandom() which is not available on older glibc versions
+# adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions
# (native versions can be built with newer glibc, but then relocated onto a system with older glibc)
-EXTRA_OECONF_class-native = "--with-rand-seed=devrandom"
-EXTRA_OECONF_class-nativesdk = "--with-rand-seed=devrandom"
+EXTRA_OECONF_class-native = "--with-rand-seed=os,devrandom"
+EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom"
# Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate.
CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
@@ -102,6 +101,9 @@ do_configure () {
linux-powerpc64)
target=linux-ppc64
;;
+ linux-powerpc64le)
+ target=linux-ppc64le
+ ;;
linux-riscv32)
target=linux-generic32
;;
@@ -119,8 +121,9 @@ do_configure () {
fi
# WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the
# environment variables set by bitbake. Adjust the environment variables instead.
- PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \
+ HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \
perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target
+ perl ${B}/configdata.pm --dump
}
do_install () {
@@ -148,13 +151,7 @@ do_install_append_class-native () {
OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \
SSL_CERT_DIR=${libdir}/ssl-1.1/certs \
SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \
- OPENSSL_ENGINES=${libdir}/ssl-1.1/engines
-
- # Install a custom version of c_rehash that can handle sysroots properly.
- # This version is used for example when installing ca-certificates during
- # image creation.
- install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
- sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
+ OPENSSL_ENGINES=${libdir}/engines-1.1
}
do_install_append_class-nativesdk () {
@@ -173,8 +170,8 @@ do_install_ptest () {
cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH}
# For test_shlibload
- ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/libcrypto.so
- ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/libssl.so
+ ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/
+ ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/
install -d ${D}${PTEST_PATH}/apps
ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps
@@ -194,7 +191,9 @@ PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc"
FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
FILES_libssl = "${libdir}/libssl${SOLIBS}"
-FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
+FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf \
+ ${libdir}/ssl-1.1/openssl.cnf* \
+ "
FILES_${PN}-engines = "${libdir}/engines-1.1"
FILES_${PN}-misc = "${libdir}/ssl-1.1/misc"
FILES_${PN} =+ "${libdir}/ssl-1.1/*"
@@ -203,16 +202,14 @@ FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/open
CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
RRECOMMENDS_libcrypto += "openssl-conf"
-RDEPENDS_${PN}-bin = "perl"
-RDEPENDS_${PN}-misc = "perl"
RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash"
-RPROVIDES_openssl-conf = "openssl10-conf"
-RREPLACES_openssl-conf = "openssl10-conf"
-RCONFLICTS_openssl-conf = "openssl10-conf"
+RDEPENDS_${PN}-bin += "openssl-conf"
BBCLASSEXTEND = "native nativesdk"
-inherit multilib_script
+CVE_PRODUCT = "openssl:openssl"
-MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
+# Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37
+# Apache in meta-webserver is already recent enough
+CVE_CHECK_WHITELIST += "CVE-2019-0190"
diff --git a/external/poky/meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch b/external/poky/meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch
new file mode 100644
index 00000000..b7ba7ba6
--- /dev/null
+++ b/external/poky/meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch
@@ -0,0 +1,47 @@
+From 8d7970b8f3db727fe798b65f3377fe6787575426 Mon Sep 17 00:00:00 2001
+From: Paul Mackerras <paulus@ozlabs.org>
+Date: Mon, 3 Feb 2020 15:53:28 +1100
+Subject: [PATCH] pppd: Fix bounds check in EAP code
+
+Given that we have just checked vallen < len, it can never be the case
+that vallen >= len + sizeof(rhostname). This fixes the check so we
+actually avoid overflowing the rhostname array.
+
+Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
+Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
+
+Upstream-Status: Backport
+[https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426]
+
+CVE: CVE-2020-8597
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ pppd/eap.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/pppd/eap.c b/pppd/eap.c
+index 94407f5..1b93db0 100644
+--- a/pppd/eap.c
++++ b/pppd/eap.c
+@@ -1420,7 +1420,7 @@ int len;
+ }
+
+ /* Not so likely to happen. */
+- if (vallen >= len + sizeof (rhostname)) {
++ if (len - vallen >= sizeof (rhostname)) {
+ dbglog("EAP: trimming really long peer name down");
+ BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
+ rhostname[sizeof (rhostname) - 1] = '\0';
+@@ -1846,7 +1846,7 @@ int len;
+ }
+
+ /* Not so likely to happen. */
+- if (vallen >= len + sizeof (rhostname)) {
++ if (len - vallen >= sizeof (rhostname)) {
+ dbglog("EAP: trimming really long peer name down");
+ BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
+ rhostname[sizeof (rhostname) - 1] = '\0';
+--
+2.17.1
+
diff --git a/external/poky/meta/recipes-connectivity/ppp/ppp_2.4.7.bb b/external/poky/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
index 644cde45..60c56dd0 100644
--- a/external/poky/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
+++ b/external/poky/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
@@ -33,6 +33,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \
file://0001-pppoe-include-netinet-in.h-before-linux-in.h.patch \
file://0001-ppp-Remove-unneeded-include.patch \
file://ppp-2.4.7-DES-openssl.patch \
+ file://0001-pppd-Fix-bounds-check-in-EAP-code.patch \
"
SRC_URI_append_libc-musl = "\
diff --git a/external/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.79.bb b/external/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.82.bb
index 85501772..67959576 100644
--- a/external/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.79.bb
+++ b/external/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.82.bb
@@ -11,13 +11,14 @@ AUTHOR = "Thomas Hood"
HOMEPAGE = "http://packages.debian.org/resolvconf"
RDEPENDS_${PN} = "bash"
-SRC_URI = "http://snapshot.debian.org/archive/debian/20160520T044340Z/pool/main/r/${BPN}/${BPN}_1.79.tar.xz \
+SRC_URI = "git://salsa.debian.org/debian/resolvconf.git;protocol=https \
file://fix-path-for-busybox.patch \
file://99_resolvconf \
"
-SRC_URI[md5sum] = "aab2382020fc518f06a06e924c56d300"
-SRC_URI[sha256sum] = "8e2843cd4162b706f0481b3c281657728cbc2822e50a64fff79b79bd8aa870a0"
+SRCREV = "cb19bbfbe7e52174332f68bf2f295b39d119fad3"
+
+S = "${WORKDIR}/git"
# the package is taken from snapshots.debian.org; that source is static and goes stale
# so we check the latest upstream from a directory that does get updated
diff --git a/external/poky/meta/recipes-connectivity/socat/socat/0001-Access-c_ispeed-and-c_ospeed-via-APIs.patch b/external/poky/meta/recipes-connectivity/socat/socat/0001-Access-c_ispeed-and-c_ospeed-via-APIs.patch
deleted file mode 100644
index c0e27f3d..00000000
--- a/external/poky/meta/recipes-connectivity/socat/socat/0001-Access-c_ispeed-and-c_ospeed-via-APIs.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From fb10ab134d630705cae0c7be42437cc289af7d32 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Tue, 15 Mar 2016 21:36:02 +0000
-Subject: [PATCH] Use __c_ispeed and __c_ospeed on musl
-
-Original intention of these asserts is to find if termios structure
-is mapped correctly to locally define union, the get* APIs for
-baudrate would not do the right thing since they do not return the
-value from c_ospeed/c_ispeed but the value which is stored in iflag
-for baudrate.
-
-So we check if we are on Linux but not using glibc then we use
-__c_ispeed and __c_ospeed as defined in musl, however these are
-internal elements of structs it should not have been used this
-way.
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
----
-Upstream-Status: Pending
-
- xioinitialize.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/xioinitialize.c b/xioinitialize.c
-index 9f50155..8fb2e4c 100644
---- a/xioinitialize.c
-+++ b/xioinitialize.c
-@@ -65,6 +65,12 @@ int xioinitialize(void) {
- #if HAVE_TERMIOS_ISPEED && (ISPEED_OFFSET != -1) && (OSPEED_OFFSET != -1)
- #if defined(ISPEED_OFFSET) && (ISPEED_OFFSET != -1)
- #if defined(OSPEED_OFFSET) && (OSPEED_OFFSET != -1)
-+#if defined(__linux__) && !defined(__GLIBC__)
-+ tdata.termarg.__c_ispeed = 0x56789abc;
-+ tdata.termarg.__c_ospeed = 0x6789abcd;
-+ assert(tdata.termarg.__c_ispeed == tdata.speeds[ISPEED_OFFSET]);
-+ assert(tdata.termarg.__c_ospeed == tdata.speeds[OSPEED_OFFSET]);
-+#else
- tdata.termarg.c_ispeed = 0x56789abc;
- tdata.termarg.c_ospeed = 0x6789abcd;
- assert(tdata.termarg.c_ispeed == tdata.speeds[ISPEED_OFFSET]);
-@@ -72,6 +78,7 @@ int xioinitialize(void) {
- #endif
- #endif
- #endif
-+#endif
- }
- #endif
-
---
-2.8.0
-
diff --git a/external/poky/meta/recipes-connectivity/socat/socat/0001-define-NETDB_INTERNAL-to-1-if-not-available.patch b/external/poky/meta/recipes-connectivity/socat/socat/0001-define-NETDB_INTERNAL-to-1-if-not-available.patch
deleted file mode 100644
index 4bbd3676..00000000
--- a/external/poky/meta/recipes-connectivity/socat/socat/0001-define-NETDB_INTERNAL-to-1-if-not-available.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From e6a7d96fa3675bdd3f4d7a3d7682381789eef22f Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Mon, 15 Feb 2016 20:25:34 +0000
-Subject: [PATCH] define NETDB_INTERNAL to -1 if not available
-
-helps build with musl
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
-Upstream-Status: Pending
-
- compat.h | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/compat.h b/compat.h
-index c8bee4d..bfb013a 100644
---- a/compat.h
-+++ b/compat.h
-@@ -666,6 +666,10 @@ typedef int sig_atomic_t;
- # define NETDB_INTERNAL h_NETDB_INTERNAL
- #endif
-
-+#if !defined(NETDB_INTERNAL)
-+# define NETDB_INTERNAL (-1)
-+#endif
-+
- #ifndef INET_ADDRSTRLEN
- # define INET_ADDRSTRLEN sizeof(struct sockaddr_in)
- #endif
---
-2.7.1
-
diff --git a/external/poky/meta/recipes-connectivity/socat/socat/Makefile.in-fix-for-parallel-build.patch b/external/poky/meta/recipes-connectivity/socat/socat/Makefile.in-fix-for-parallel-build.patch
deleted file mode 100644
index aa4db65a..00000000
--- a/external/poky/meta/recipes-connectivity/socat/socat/Makefile.in-fix-for-parallel-build.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From c6f0080b55679b6e8b5d332d6e05fdcbda1e4064 Mon Sep 17 00:00:00 2001
-From: Robert Yang <liezhi.yang@windriver.com>
-Date: Mon, 4 May 2015 00:58:47 -0700
-Subject: [PATCH] Makefile.in: fix for parallel build
-
-Fixed:
-vsnprintf_r.o: file not recognized: File truncated
-collect2: error: ld returned 3 exit status
-Makefile:122: recipe for target 'filan' failed
-
-Let filan depend on vsnprintf_r.o and snprinterr.o to fix the issue.
-
-Upstream-Status: Pending
-
-Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
----
- Makefile.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Makefile.in b/Makefile.in
-index f2a6edb..88b784b 100644
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -118,7 +118,7 @@ PROCAN_OBJS=procan_main.o procan.o procan-cdefs.o hostan.o error.o sycls.o sysut
- procan: $(PROCAN_OBJS)
- $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(PROCAN_OBJS) $(CLIBS)
-
--filan: filan_main.o filan.o fdname.o error.o sycls.o sysutils.o utils.o
-+filan: filan_main.o filan.o fdname.o error.o sycls.o sysutils.o utils.o vsnprintf_r.o snprinterr.o
- $(CC) $(CFLAGS) $(LDFLAGS) -o $@ filan_main.o filan.o fdname.o error.o sycls.o sysutils.o utils.o vsnprintf_r.o snprinterr.o $(CLIBS)
-
- libxio.a: $(XIOOBJS) $(UTLOBJS)
---
-1.7.9.5
-
diff --git a/external/poky/meta/recipes-connectivity/socat/socat_1.7.3.2.bb b/external/poky/meta/recipes-connectivity/socat/socat_1.7.3.4.bb
index b2d6b1de..9b0d4071 100644
--- a/external/poky/meta/recipes-connectivity/socat/socat_1.7.3.2.bb
+++ b/external/poky/meta/recipes-connectivity/socat/socat_1.7.3.4.bb
@@ -5,20 +5,17 @@ HOMEPAGE = "http://www.dest-unreach.org/socat/"
SECTION = "console/network"
-DEPENDS = "openssl readline"
+DEPENDS = "openssl"
LICENSE = "GPL-2.0-with-OpenSSL-exception"
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
file://README;beginline=257;endline=287;md5=338c05eadd013872abb1d6e198e10a3f"
SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \
- file://Makefile.in-fix-for-parallel-build.patch \
- file://0001-define-NETDB_INTERNAL-to-1-if-not-available.patch \
- file://0001-Access-c_ispeed-and-c_ospeed-via-APIs.patch \
"
-SRC_URI[md5sum] = "607a24c15bd2cb54e9328bfbbd3a1ae9"
-SRC_URI[sha256sum] = "e3561f808739383eb10fada1e5d4f26883f0311b34fd0af7837d0c95ef379251"
+SRC_URI[md5sum] = "3cca4f8cd9d2d1caabd9cc099451bac9"
+SRC_URI[sha256sum] = "972374ca86f65498e23e3259c2ee1b8f9dbeb04d12c2a78c0c9b5d1cb97dfdfc"
inherit autotools
@@ -42,9 +39,12 @@ TERMBITS_SHIFTS_powerpc64 = "sc_cv_sys_crdly_shift=12 \
sc_cv_sys_tabdly_shift=10 \
sc_cv_sys_csize_shift=8"
-PACKAGECONFIG_class-target ??= "tcp-wrappers"
-PACKAGECONFIG ??= ""
+PACKAGECONFIG_class-target ??= "tcp-wrappers readline"
+PACKAGECONFIG ??= "readline"
PACKAGECONFIG[tcp-wrappers] = "--enable-libwrap,--disable-libwrap,tcp-wrappers"
+PACKAGECONFIG[readline] = "--enable-readline,--disable-readline,readline"
+
+CFLAGS += "-fcommon"
do_install_prepend () {
mkdir -p ${D}${bindir}
diff --git a/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch b/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
new file mode 100644
index 00000000..7b0713cf
--- /dev/null
+++ b/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
@@ -0,0 +1,82 @@
+hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication
+of disconnection in certain situations because source address validation is
+mishandled. This is a denial of service that should have been prevented by PMF
+(aka management frame protection). The attacker must send a crafted 802.11 frame
+from a location that is within the 802.11 communications range.
+
+CVE: CVE-2019-16275
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Thu, 29 Aug 2019 11:52:04 +0300
+Subject: [PATCH] AP: Silently ignore management frame from unexpected source
+ address
+
+Do not process any received Management frames with unexpected/invalid SA
+so that we do not add any state for unexpected STA addresses or end up
+sending out frames to unexpected destination. This prevents unexpected
+sequences where an unprotected frame might end up causing the AP to send
+out a response to another device and that other device processing the
+unexpected response.
+
+In particular, this prevents some potential denial of service cases
+where the unexpected response frame from the AP might result in a
+connected station dropping its association.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/ap/drv_callbacks.c | 13 +++++++++++++
+ src/ap/ieee802_11.c | 12 ++++++++++++
+ 2 files changed, 25 insertions(+)
+
+diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
+index 31587685fe3b..34ca379edc3d 100644
+--- a/src/ap/drv_callbacks.c
++++ b/src/ap/drv_callbacks.c
+@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
+ "hostapd_notif_assoc: Skip event with no address");
+ return -1;
+ }
++
++ if (is_multicast_ether_addr(addr) ||
++ is_zero_ether_addr(addr) ||
++ os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
++ /* Do not process any frames with unexpected/invalid SA so that
++ * we do not add any state for unexpected STA addresses or end
++ * up sending out frames to unexpected destination. */
++ wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
++ " in received indication - ignore this indication silently",
++ __func__, MAC2STR(addr));
++ return 0;
++ }
++
+ random_add_randomness(addr, ETH_ALEN);
+
+ hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
+diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
+index c85a28db44b7..e7065372e158 100644
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
+ fc = le_to_host16(mgmt->frame_control);
+ stype = WLAN_FC_GET_STYPE(fc);
+
++ if (is_multicast_ether_addr(mgmt->sa) ||
++ is_zero_ether_addr(mgmt->sa) ||
++ os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
++ /* Do not process any frames with unexpected/invalid SA so that
++ * we do not add any state for unexpected STA addresses or end
++ * up sending out frames to unexpected destination. */
++ wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
++ " in received frame - ignore this frame silently",
++ MAC2STR(mgmt->sa));
++ return 0;
++ }
++
+ if (stype == WLAN_FC_STYPE_BEACON) {
+ handle_beacon(hapd, mgmt, len, fi);
+ return 1;
+--
+2.20.1
diff --git a/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch b/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
new file mode 100644
index 00000000..53ad5d02
--- /dev/null
+++ b/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
@@ -0,0 +1,151 @@
+From 5b78c8f961f25f4dc22d6f2b77ddd06d712cec63 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@codeaurora.org>
+Date: Wed, 3 Jun 2020 23:17:35 +0300
+Subject: [PATCH 1/3] WPS UPnP: Do not allow event subscriptions with URLs to
+ other networks
+
+The UPnP Device Architecture 2.0 specification errata ("UDA errata
+16-04-2020.docx") addresses a problem with notifications being allowed
+to go out to other domains by disallowing such cases. Do such filtering
+for the notification callback URLs to avoid undesired connections to
+external networks based on subscriptions that any device in the local
+network could request when WPS support for external registrars is
+enabled (the upnp_iface parameter in hostapd configuration).
+
+Upstream-Status: Backport
+CVE: CVE-2020-12695 patch #1
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ src/wps/wps_er.c | 2 +-
+ src/wps/wps_upnp.c | 38 ++++++++++++++++++++++++++++++++++++--
+ src/wps/wps_upnp_i.h | 3 ++-
+ 3 files changed, 39 insertions(+), 4 deletions(-)
+
+Index: wpa_supplicant-2.9/src/wps/wps_er.c
+===================================================================
+--- wpa_supplicant-2.9.orig/src/wps/wps_er.c
++++ wpa_supplicant-2.9/src/wps/wps_er.c
+@@ -1298,7 +1298,7 @@ wps_er_init(struct wps_context *wps, con
+ "with %s", filter);
+ }
+ if (get_netif_info(er->ifname, &er->ip_addr, &er->ip_addr_text,
+- er->mac_addr)) {
++ NULL, er->mac_addr)) {
+ wpa_printf(MSG_INFO, "WPS UPnP: Could not get IP/MAC address "
+ "for %s. Does it have IP address?", er->ifname);
+ wps_er_deinit(er, NULL, NULL);
+Index: wpa_supplicant-2.9/src/wps/wps_upnp.c
+===================================================================
+--- wpa_supplicant-2.9.orig/src/wps/wps_upnp.c
++++ wpa_supplicant-2.9/src/wps/wps_upnp.c
+@@ -303,6 +303,14 @@ static void subscr_addr_free_all(struct
+ }
+
+
++static int local_network_addr(struct upnp_wps_device_sm *sm,
++ struct sockaddr_in *addr)
++{
++ return (addr->sin_addr.s_addr & sm->netmask.s_addr) ==
++ (sm->ip_addr & sm->netmask.s_addr);
++}
++
++
+ /* subscr_addr_add_url -- add address(es) for one url to subscription */
+ static void subscr_addr_add_url(struct subscription *s, const char *url,
+ size_t url_len)
+@@ -381,6 +389,7 @@ static void subscr_addr_add_url(struct s
+
+ for (rp = result; rp; rp = rp->ai_next) {
+ struct subscr_addr *a;
++ struct sockaddr_in *addr = (struct sockaddr_in *) rp->ai_addr;
+
+ /* Limit no. of address to avoid denial of service attack */
+ if (dl_list_len(&s->addr_list) >= MAX_ADDR_PER_SUBSCRIPTION) {
+@@ -389,6 +398,13 @@ static void subscr_addr_add_url(struct s
+ break;
+ }
+
++ if (!local_network_addr(s->sm, addr)) {
++ wpa_printf(MSG_INFO,
++ "WPS UPnP: Ignore a delivery URL that points to another network %s",
++ inet_ntoa(addr->sin_addr));
++ continue;
++ }
++
+ a = os_zalloc(sizeof(*a) + alloc_len);
+ if (a == NULL)
+ break;
+@@ -889,11 +905,12 @@ static int eth_get(const char *device, u
+ * @net_if: Selected network interface name
+ * @ip_addr: Buffer for returning IP address in network byte order
+ * @ip_addr_text: Buffer for returning a pointer to allocated IP address text
++ * @netmask: Buffer for returning netmask or %NULL if not needed
+ * @mac: Buffer for returning MAC address
+ * Returns: 0 on success, -1 on failure
+ */
+ int get_netif_info(const char *net_if, unsigned *ip_addr, char **ip_addr_text,
+- u8 mac[ETH_ALEN])
++ struct in_addr *netmask, u8 mac[ETH_ALEN])
+ {
+ struct ifreq req;
+ int sock = -1;
+@@ -919,6 +936,19 @@ int get_netif_info(const char *net_if, u
+ in_addr.s_addr = *ip_addr;
+ os_snprintf(*ip_addr_text, 16, "%s", inet_ntoa(in_addr));
+
++ if (netmask) {
++ os_memset(&req, 0, sizeof(req));
++ os_strlcpy(req.ifr_name, net_if, sizeof(req.ifr_name));
++ if (ioctl(sock, SIOCGIFNETMASK, &req) < 0) {
++ wpa_printf(MSG_ERROR,
++ "WPS UPnP: SIOCGIFNETMASK failed: %d (%s)",
++ errno, strerror(errno));
++ goto fail;
++ }
++ addr = (struct sockaddr_in *) &req.ifr_netmask;
++ netmask->s_addr = addr->sin_addr.s_addr;
++ }
++
+ #ifdef __linux__
+ os_strlcpy(req.ifr_name, net_if, sizeof(req.ifr_name));
+ if (ioctl(sock, SIOCGIFHWADDR, &req) < 0) {
+@@ -1025,11 +1055,15 @@ static int upnp_wps_device_start(struct
+
+ /* Determine which IP and mac address we're using */
+ if (get_netif_info(net_if, &sm->ip_addr, &sm->ip_addr_text,
+- sm->mac_addr)) {
++ &sm->netmask, sm->mac_addr)) {
+ wpa_printf(MSG_INFO, "WPS UPnP: Could not get IP/MAC address "
+ "for %s. Does it have IP address?", net_if);
+ goto fail;
+ }
++ wpa_printf(MSG_DEBUG, "WPS UPnP: Local IP address %s netmask %s hwaddr "
++ MACSTR,
++ sm->ip_addr_text, inet_ntoa(sm->netmask),
++ MAC2STR(sm->mac_addr));
+
+ /* Listen for incoming TCP connections so that others
+ * can fetch our "xml files" from us.
+Index: wpa_supplicant-2.9/src/wps/wps_upnp_i.h
+===================================================================
+--- wpa_supplicant-2.9.orig/src/wps/wps_upnp_i.h
++++ wpa_supplicant-2.9/src/wps/wps_upnp_i.h
+@@ -128,6 +128,7 @@ struct upnp_wps_device_sm {
+ u8 mac_addr[ETH_ALEN]; /* mac addr of network i.f. we use */
+ char *ip_addr_text; /* IP address of network i.f. we use */
+ unsigned ip_addr; /* IP address of network i.f. we use (host order) */
++ struct in_addr netmask;
+ int multicast_sd; /* send multicast messages over this socket */
+ int ssdp_sd; /* receive discovery UPD packets on socket */
+ int ssdp_sd_registered; /* nonzero if we must unregister */
+@@ -158,7 +159,7 @@ struct subscription * subscription_find(
+ const u8 uuid[UUID_LEN]);
+ void subscr_addr_delete(struct subscr_addr *a);
+ int get_netif_info(const char *net_if, unsigned *ip_addr, char **ip_addr_text,
+- u8 mac[ETH_ALEN]);
++ struct in_addr *netmask, u8 mac[ETH_ALEN]);
+
+ /* wps_upnp_ssdp.c */
+ void msearchreply_state_machine_stop(struct advertisement_state_machine *a);
diff --git a/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch b/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
new file mode 100644
index 00000000..59640859
--- /dev/null
+++ b/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
@@ -0,0 +1,62 @@
+From f7d268864a2660b7239b9a8ff5ad37faeeb751ba Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@codeaurora.org>
+Date: Wed, 3 Jun 2020 22:41:02 +0300
+Subject: [PATCH 2/3] WPS UPnP: Fix event message generation using a long URL
+ path
+
+More than about 700 character URL ended up overflowing the wpabuf used
+for building the event notification and this resulted in the wpabuf
+buffer overflow checks terminating the hostapd process. Fix this by
+allocating the buffer to be large enough to contain the full URL path.
+However, since that around 700 character limit has been the practical
+limit for more than ten years, start explicitly enforcing that as the
+limit or the callback URLs since any longer ones had not worked before
+and there is no need to enable them now either.
+
+Upstream-Status: Backport
+CVE: CVE-2020-12695 patch #2
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ src/wps/wps_upnp.c | 9 +++++++--
+ src/wps/wps_upnp_event.c | 3 ++-
+ 2 files changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/src/wps/wps_upnp.c b/src/wps/wps_upnp.c
+index 7d4b7439940e..ab685d52ecab 100644
+--- a/src/wps/wps_upnp.c
++++ b/src/wps/wps_upnp.c
+@@ -328,9 +328,14 @@ static void subscr_addr_add_url(struct subscription *s, const char *url,
+ int rerr;
+ size_t host_len, path_len;
+
+- /* url MUST begin with http: */
+- if (url_len < 7 || os_strncasecmp(url, "http://", 7))
++ /* URL MUST begin with HTTP scheme. In addition, limit the length of
++ * the URL to 700 characters which is around the limit that was
++ * implicitly enforced for more than 10 years due to a bug in
++ * generating the event messages. */
++ if (url_len < 7 || os_strncasecmp(url, "http://", 7) || url_len > 700) {
++ wpa_printf(MSG_DEBUG, "WPS UPnP: Reject an unacceptable URL");
+ goto fail;
++ }
+ url += 7;
+ url_len -= 7;
+
+diff --git a/src/wps/wps_upnp_event.c b/src/wps/wps_upnp_event.c
+index d7e6edcc6503..08a23612f338 100644
+--- a/src/wps/wps_upnp_event.c
++++ b/src/wps/wps_upnp_event.c
+@@ -147,7 +147,8 @@ static struct wpabuf * event_build_message(struct wps_event_ *e)
+ struct wpabuf *buf;
+ char *b;
+
+- buf = wpabuf_alloc(1000 + wpabuf_len(e->data));
++ buf = wpabuf_alloc(1000 + os_strlen(e->addr->path) +
++ wpabuf_len(e->data));
+ if (buf == NULL)
+ return NULL;
+ wpabuf_printf(buf, "NOTIFY %s HTTP/1.1\r\n", e->addr->path);
+--
+2.20.1
diff --git a/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch b/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
new file mode 100644
index 00000000..8a014ef2
--- /dev/null
+++ b/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
@@ -0,0 +1,50 @@
+From 85aac526af8612c21b3117dadc8ef5944985b476 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@codeaurora.org>
+Date: Thu, 4 Jun 2020 21:24:04 +0300
+Subject: [PATCH 3/3] WPS UPnP: Handle HTTP initiation failures for events more
+ properly
+
+While it is appropriate to try to retransmit the event to another
+callback URL on a failure to initiate the HTTP client connection, there
+is no point in trying the exact same operation multiple times in a row.
+Replve the event_retry() calls with event_addr_failure() for these cases
+to avoid busy loops trying to repeat the same failing operation.
+
+These potential busy loops would go through eloop callbacks, so the
+process is not completely stuck on handling them, but unnecessary CPU
+would be used to process the continues retries that will keep failing
+for the same reason.
+
+Upstream-Status: Backport
+CVE: CVE-2020-12695 patch #2
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ src/wps/wps_upnp_event.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/wps/wps_upnp_event.c b/src/wps/wps_upnp_event.c
+index 08a23612f338..c0d9e41d9a38 100644
+--- a/src/wps/wps_upnp_event.c
++++ b/src/wps/wps_upnp_event.c
+@@ -294,7 +294,7 @@ static int event_send_start(struct subscription *s)
+
+ buf = event_build_message(e);
+ if (buf == NULL) {
+- event_retry(e, 0);
++ event_addr_failure(e);
+ return -1;
+ }
+
+@@ -302,7 +302,7 @@ static int event_send_start(struct subscription *s)
+ event_http_cb, e);
+ if (e->http_event == NULL) {
+ wpabuf_free(buf);
+- event_retry(e, 0);
++ event_addr_failure(e);
+ return -1;
+ }
+
+--
+2.20.1
diff --git a/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple1.patch b/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple1.patch
deleted file mode 100644
index d4d49e7f..00000000
--- a/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple1.patch
+++ /dev/null
@@ -1,191 +0,0 @@
-The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
-result in unauthenticated clients gaining access to the network.
-
-Backport a number of patches from upstream to fix this.
-
-CVE: CVE-2017-13077
-CVE: CVE-2017-13078
-CVE: CVE-2017-13079
-CVE: CVE-2017-13080
-CVE: CVE-2017-13081
-CVE: CVE-2017-13082
-CVE: CVE-2017-13086
-CVE: CVE-2017-13087
-CVE: CVE-2017-13088
-
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001
-From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
-Date: Fri, 14 Jul 2017 15:15:35 +0200
-Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake
-
-Do not reinstall TK to the driver during Reassociation Response frame
-processing if the first attempt of setting the TK succeeded. This avoids
-issues related to clearing the TX/RX PN that could result in reusing
-same PN values for transmitted frames (e.g., due to CCM nonce reuse and
-also hitting replay protection on the receiver) and accepting replayed
-frames on RX side.
-
-This issue was introduced by the commit
-0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
-authenticator') which allowed wpa_ft_install_ptk() to be called multiple
-times with the same PTK. While the second configuration attempt is
-needed with some drivers, it must be done only if the first attempt
-failed.
-
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
----
- src/ap/ieee802_11.c | 16 +++++++++++++---
- src/ap/wpa_auth.c | 11 +++++++++++
- src/ap/wpa_auth.h | 3 ++-
- src/ap/wpa_auth_ft.c | 10 ++++++++++
- src/ap/wpa_auth_i.h | 1 +
- 5 files changed, 37 insertions(+), 4 deletions(-)
-
-diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
-index 4e04169..333035f 100644
---- a/src/ap/ieee802_11.c
-+++ b/src/ap/ieee802_11.c
-@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd,
- {
- struct ieee80211_ht_capabilities ht_cap;
- struct ieee80211_vht_capabilities vht_cap;
-+ int set = 1;
-
- /*
- * Remove the STA entry to ensure the STA PS state gets cleared and
-@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd,
- * FT-over-the-DS, where a station re-associates back to the same AP but
- * skips the authentication flow, or if working with a driver that
- * does not support full AP client state.
-+ *
-+ * Skip this if the STA has already completed FT reassociation and the
-+ * TK has been configured since the TX/RX PN must not be reset to 0 for
-+ * the same key.
- */
-- if (!sta->added_unassoc)
-+ if (!sta->added_unassoc &&
-+ (!(sta->flags & WLAN_STA_AUTHORIZED) ||
-+ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {
- hostapd_drv_sta_remove(hapd, sta->addr);
-+ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
-+ set = 0;
-+ }
-
- #ifdef CONFIG_IEEE80211N
- if (sta->flags & WLAN_STA_HT)
-@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd,
- sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
- sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
- sta->vht_opmode, sta->p2p_ie ? 1 : 0,
-- sta->added_unassoc)) {
-+ set)) {
- hostapd_logger(hapd, sta->addr,
- HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
- "Could not %s STA to kernel driver",
-- sta->added_unassoc ? "set" : "add");
-+ set ? "set" : "add");
-
- if (sta->added_unassoc) {
- hostapd_drv_sta_remove(hapd, sta->addr);
-diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
-index 3587086..707971d 100644
---- a/src/ap/wpa_auth.c
-+++ b/src/ap/wpa_auth.c
-@@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)
- #else /* CONFIG_IEEE80211R */
- break;
- #endif /* CONFIG_IEEE80211R */
-+ case WPA_DRV_STA_REMOVED:
-+ sm->tk_already_set = FALSE;
-+ return 0;
- }
-
- #ifdef CONFIG_IEEE80211R
-@@ -3250,6 +3253,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
- }
-
-
-+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)
-+{
-+ if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
-+ return 0;
-+ return sm->tk_already_set;
-+}
-+
-+
- int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
- struct rsn_pmksa_cache_entry *entry)
- {
-diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
-index 0de8d97..97461b0 100644
---- a/src/ap/wpa_auth.h
-+++ b/src/ap/wpa_auth.h
-@@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
- u8 *data, size_t data_len);
- enum wpa_event {
- WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
-- WPA_REAUTH_EAPOL, WPA_ASSOC_FT
-+ WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED
- };
- void wpa_remove_ptk(struct wpa_state_machine *sm);
- int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event);
-@@ -280,6 +280,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm);
- int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
- int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
- int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
-+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
- int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
- struct rsn_pmksa_cache_entry *entry);
- struct rsn_pmksa_cache_entry *
-diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
-index 42242a5..e63b99a 100644
---- a/src/ap/wpa_auth_ft.c
-+++ b/src/ap/wpa_auth_ft.c
-@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
- return;
- }
-
-+ if (sm->tk_already_set) {
-+ /* Must avoid TK reconfiguration to prevent clearing of TX/RX
-+ * PN in the driver */
-+ wpa_printf(MSG_DEBUG,
-+ "FT: Do not re-install same PTK to the driver");
-+ return;
-+ }
-+
- /* FIX: add STA entry to kernel/driver here? The set_key will fail
- * most likely without this.. At the moment, STA entry is added only
- * after association has been completed. This function will be called
-@@ -792,6 +800,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
-
- /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
- sm->pairwise_set = TRUE;
-+ sm->tk_already_set = TRUE;
- }
-
-
-@@ -898,6 +907,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,
-
- sm->pairwise = pairwise;
- sm->PTK_valid = TRUE;
-+ sm->tk_already_set = FALSE;
- wpa_ft_install_ptk(sm);
-
- buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
-diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
-index 72b7eb3..7fd8f05 100644
---- a/src/ap/wpa_auth_i.h
-+++ b/src/ap/wpa_auth_i.h
-@@ -65,6 +65,7 @@ struct wpa_state_machine {
- struct wpa_ptk PTK;
- Boolean PTK_valid;
- Boolean pairwise_set;
-+ Boolean tk_already_set;
- int keycount;
- Boolean Pair;
- struct wpa_key_replay_counter {
---
-2.7.4 \ No newline at end of file
diff --git a/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple2.patch b/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple2.patch
deleted file mode 100644
index 501bb4b5..00000000
--- a/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple2.patch
+++ /dev/null
@@ -1,267 +0,0 @@
-The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
-result in unauthenticated clients gaining access to the network.
-
-Backport a number of patches from upstream to fix this.
-
-CVE: CVE-2017-13077
-CVE: CVE-2017-13078
-CVE: CVE-2017-13079
-CVE: CVE-2017-13080
-CVE: CVE-2017-13081
-CVE: CVE-2017-13082
-CVE: CVE-2017-13086
-CVE: CVE-2017-13087
-CVE: CVE-2017-13088
-
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 927f891007c402fefd1ff384645b3f07597c3ede Mon Sep 17 00:00:00 2001
-From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
-Date: Wed, 12 Jul 2017 16:03:24 +0200
-Subject: [PATCH 2/8] Prevent reinstallation of an already in-use group key
-
-Track the current GTK and IGTK that is in use and when receiving a
-(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do
-not install the given key if it is already in use. This prevents an
-attacker from trying to trick the client into resetting or lowering the
-sequence counter associated to the group key.
-
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
----
- src/common/wpa_common.h | 11 +++++
- src/rsn_supp/wpa.c | 116 ++++++++++++++++++++++++++++++------------------
- src/rsn_supp/wpa_i.h | 4 ++
- 3 files changed, 87 insertions(+), 44 deletions(-)
-
-diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
-index af1d0f0..d200285 100644
---- a/src/common/wpa_common.h
-+++ b/src/common/wpa_common.h
-@@ -217,6 +217,17 @@ struct wpa_ptk {
- size_t tk_len;
- };
-
-+struct wpa_gtk {
-+ u8 gtk[WPA_GTK_MAX_LEN];
-+ size_t gtk_len;
-+};
-+
-+#ifdef CONFIG_IEEE80211W
-+struct wpa_igtk {
-+ u8 igtk[WPA_IGTK_MAX_LEN];
-+ size_t igtk_len;
-+};
-+#endif /* CONFIG_IEEE80211W */
-
- /* WPA IE version 1
- * 00-50-f2:1 (OUI:OUI type)
-diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
-index 3c47879..95bd7be 100644
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -714,6 +714,15 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
- const u8 *_gtk = gd->gtk;
- u8 gtk_buf[32];
-
-+ /* Detect possible key reinstallation */
-+ if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
-+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
-+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
-+ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
-+ gd->keyidx, gd->tx, gd->gtk_len);
-+ return 0;
-+ }
-+
- wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
-@@ -748,6 +757,9 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
- }
- os_memset(gtk_buf, 0, sizeof(gtk_buf));
-
-+ sm->gtk.gtk_len = gd->gtk_len;
-+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
-+
- return 0;
- }
-
-@@ -854,6 +866,48 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
- }
-
-
-+#ifdef CONFIG_IEEE80211W
-+static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
-+ const struct wpa_igtk_kde *igtk)
-+{
-+ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
-+ u16 keyidx = WPA_GET_LE16(igtk->keyid);
-+
-+ /* Detect possible key reinstallation */
-+ if (sm->igtk.igtk_len == len &&
-+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
-+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
-+ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
-+ keyidx);
-+ return 0;
-+ }
-+
-+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
-+ "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x",
-+ keyidx, MAC2STR(igtk->pn));
-+ wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len);
-+ if (keyidx > 4095) {
-+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
-+ "WPA: Invalid IGTK KeyID %d", keyidx);
-+ return -1;
-+ }
-+ if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
-+ broadcast_ether_addr,
-+ keyidx, 0, igtk->pn, sizeof(igtk->pn),
-+ igtk->igtk, len) < 0) {
-+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
-+ "WPA: Failed to configure IGTK to the driver");
-+ return -1;
-+ }
-+
-+ sm->igtk.igtk_len = len;
-+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
-+
-+ return 0;
-+}
-+#endif /* CONFIG_IEEE80211W */
-+
-+
- static int ieee80211w_set_keys(struct wpa_sm *sm,
- struct wpa_eapol_ie_parse *ie)
- {
-@@ -864,30 +918,14 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
- if (ie->igtk) {
- size_t len;
- const struct wpa_igtk_kde *igtk;
-- u16 keyidx;
-+
- len = wpa_cipher_key_len(sm->mgmt_group_cipher);
- if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
- return -1;
-+
- igtk = (const struct wpa_igtk_kde *) ie->igtk;
-- keyidx = WPA_GET_LE16(igtk->keyid);
-- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d "
-- "pn %02x%02x%02x%02x%02x%02x",
-- keyidx, MAC2STR(igtk->pn));
-- wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
-- igtk->igtk, len);
-- if (keyidx > 4095) {
-- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
-- "WPA: Invalid IGTK KeyID %d", keyidx);
-- return -1;
-- }
-- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
-- broadcast_ether_addr,
-- keyidx, 0, igtk->pn, sizeof(igtk->pn),
-- igtk->igtk, len) < 0) {
-- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
-- "WPA: Failed to configure IGTK to the driver");
-+ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
- return -1;
-- }
- }
-
- return 0;
-@@ -2307,7 +2345,7 @@ void wpa_sm_deinit(struct wpa_sm *sm)
- */
- void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
- {
-- int clear_ptk = 1;
-+ int clear_keys = 1;
-
- if (sm == NULL)
- return;
-@@ -2333,11 +2371,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
- /* Prepare for the next transition */
- wpa_ft_prepare_auth_request(sm, NULL);
-
-- clear_ptk = 0;
-+ clear_keys = 0;
- }
- #endif /* CONFIG_IEEE80211R */
-
-- if (clear_ptk) {
-+ if (clear_keys) {
- /*
- * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
- * this is not part of a Fast BSS Transition.
-@@ -2347,6 +2385,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
- os_memset(&sm->ptk, 0, sizeof(sm->ptk));
- sm->tptk_set = 0;
- os_memset(&sm->tptk, 0, sizeof(sm->tptk));
-+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
-+#ifdef CONFIG_IEEE80211W
-+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
-+#endif /* CONFIG_IEEE80211W */
- }
-
- #ifdef CONFIG_TDLS
-@@ -2877,6 +2919,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
- os_memset(sm->pmk, 0, sizeof(sm->pmk));
- os_memset(&sm->ptk, 0, sizeof(sm->ptk));
- os_memset(&sm->tptk, 0, sizeof(sm->tptk));
-+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
-+#ifdef CONFIG_IEEE80211W
-+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
-+#endif /* CONFIG_IEEE80211W */
- #ifdef CONFIG_IEEE80211R
- os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
- os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
-@@ -2949,29 +2995,11 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
- os_memset(&gd, 0, sizeof(gd));
- #ifdef CONFIG_IEEE80211W
- } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
-- struct wpa_igtk_kde igd;
-- u16 keyidx;
--
-- os_memset(&igd, 0, sizeof(igd));
-- keylen = wpa_cipher_key_len(sm->mgmt_group_cipher);
-- os_memcpy(igd.keyid, buf + 2, 2);
-- os_memcpy(igd.pn, buf + 4, 6);
--
-- keyidx = WPA_GET_LE16(igd.keyid);
-- os_memcpy(igd.igtk, buf + 10, keylen);
--
-- wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)",
-- igd.igtk, keylen);
-- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
-- broadcast_ether_addr,
-- keyidx, 0, igd.pn, sizeof(igd.pn),
-- igd.igtk, keylen) < 0) {
-- wpa_printf(MSG_DEBUG, "Failed to install the IGTK in "
-- "WNM mode");
-- os_memset(&igd, 0, sizeof(igd));
-+ const struct wpa_igtk_kde *igtk;
-+
-+ igtk = (const struct wpa_igtk_kde *) (buf + 2);
-+ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
- return -1;
-- }
-- os_memset(&igd, 0, sizeof(igd));
- #endif /* CONFIG_IEEE80211W */
- } else {
- wpa_printf(MSG_DEBUG, "Unknown element id");
-diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
-index f653ba6..afc9e37 100644
---- a/src/rsn_supp/wpa_i.h
-+++ b/src/rsn_supp/wpa_i.h
-@@ -31,6 +31,10 @@ struct wpa_sm {
- u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
- int rx_replay_counter_set;
- u8 request_counter[WPA_REPLAY_COUNTER_LEN];
-+ struct wpa_gtk gtk;
-+#ifdef CONFIG_IEEE80211W
-+ struct wpa_igtk igtk;
-+#endif /* CONFIG_IEEE80211W */
-
- struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
-
---
-2.7.4 \ No newline at end of file
diff --git a/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple3.patch b/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple3.patch
deleted file mode 100644
index 2e226558..00000000
--- a/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple3.patch
+++ /dev/null
@@ -1,201 +0,0 @@
-The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
-result in unauthenticated clients gaining access to the network.
-
-Backport a number of patches from upstream to fix this.
-
-CVE: CVE-2017-13077
-CVE: CVE-2017-13078
-CVE: CVE-2017-13079
-CVE: CVE-2017-13080
-CVE: CVE-2017-13081
-CVE: CVE-2017-13082
-CVE: CVE-2017-13086
-CVE: CVE-2017-13087
-CVE: CVE-2017-13088
-
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 8280294e74846ea342389a0cd17215050fa5afe8 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sun, 1 Oct 2017 12:12:24 +0300
-Subject: [PATCH 3/8] Extend protection of GTK/IGTK reinstallation of WNM-Sleep
- Mode cases
-
-This extends the protection to track last configured GTK/IGTK value
-separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a
-corner case where these two different mechanisms may get used when the
-GTK/IGTK has changed and tracking a single value is not sufficient to
-detect a possible key reconfiguration.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/rsn_supp/wpa.c | 53 +++++++++++++++++++++++++++++++++++++---------------
- src/rsn_supp/wpa_i.h | 2 ++
- 2 files changed, 40 insertions(+), 15 deletions(-)
-
-diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
-index 95bd7be..7a2c68d 100644
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -709,14 +709,17 @@ struct wpa_gtk_data {
-
- static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
- const struct wpa_gtk_data *gd,
-- const u8 *key_rsc)
-+ const u8 *key_rsc, int wnm_sleep)
- {
- const u8 *_gtk = gd->gtk;
- u8 gtk_buf[32];
-
- /* Detect possible key reinstallation */
-- if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
-- os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
-+ if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
-+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) ||
-+ (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
-+ os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
-+ sm->gtk_wnm_sleep.gtk_len) == 0)) {
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
- gd->keyidx, gd->tx, gd->gtk_len);
-@@ -757,8 +760,14 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
- }
- os_memset(gtk_buf, 0, sizeof(gtk_buf));
-
-- sm->gtk.gtk_len = gd->gtk_len;
-- os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
-+ if (wnm_sleep) {
-+ sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
-+ os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
-+ sm->gtk_wnm_sleep.gtk_len);
-+ } else {
-+ sm->gtk.gtk_len = gd->gtk_len;
-+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
-+ }
-
- return 0;
- }
-@@ -852,7 +861,7 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
- (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
- gtk_len, gtk_len,
- &gd.key_rsc_len, &gd.alg) ||
-- wpa_supplicant_install_gtk(sm, &gd, key_rsc))) {
-+ wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) {
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- "RSN: Failed to install GTK");
- os_memset(&gd, 0, sizeof(gd));
-@@ -868,14 +877,18 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
-
- #ifdef CONFIG_IEEE80211W
- static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
-- const struct wpa_igtk_kde *igtk)
-+ const struct wpa_igtk_kde *igtk,
-+ int wnm_sleep)
- {
- size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
- u16 keyidx = WPA_GET_LE16(igtk->keyid);
-
- /* Detect possible key reinstallation */
-- if (sm->igtk.igtk_len == len &&
-- os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
-+ if ((sm->igtk.igtk_len == len &&
-+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) ||
-+ (sm->igtk_wnm_sleep.igtk_len == len &&
-+ os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
-+ sm->igtk_wnm_sleep.igtk_len) == 0)) {
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
- keyidx);
-@@ -900,8 +913,14 @@ static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
- return -1;
- }
-
-- sm->igtk.igtk_len = len;
-- os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
-+ if (wnm_sleep) {
-+ sm->igtk_wnm_sleep.igtk_len = len;
-+ os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
-+ sm->igtk_wnm_sleep.igtk_len);
-+ } else {
-+ sm->igtk.igtk_len = len;
-+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
-+ }
-
- return 0;
- }
-@@ -924,7 +943,7 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
- return -1;
-
- igtk = (const struct wpa_igtk_kde *) ie->igtk;
-- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
-+ if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
- return -1;
- }
-
-@@ -1574,7 +1593,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
- if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
- key_rsc = null_rsc;
-
-- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) ||
-+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) ||
- wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
- goto failed;
- os_memset(&gd, 0, sizeof(gd));
-@@ -2386,8 +2405,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
- sm->tptk_set = 0;
- os_memset(&sm->tptk, 0, sizeof(sm->tptk));
- os_memset(&sm->gtk, 0, sizeof(sm->gtk));
-+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
- #ifdef CONFIG_IEEE80211W
- os_memset(&sm->igtk, 0, sizeof(sm->igtk));
-+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
- #endif /* CONFIG_IEEE80211W */
- }
-
-@@ -2920,8 +2941,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
- os_memset(&sm->ptk, 0, sizeof(sm->ptk));
- os_memset(&sm->tptk, 0, sizeof(sm->tptk));
- os_memset(&sm->gtk, 0, sizeof(sm->gtk));
-+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
- #ifdef CONFIG_IEEE80211W
- os_memset(&sm->igtk, 0, sizeof(sm->igtk));
-+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
- #endif /* CONFIG_IEEE80211W */
- #ifdef CONFIG_IEEE80211R
- os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
-@@ -2986,7 +3009,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
-
- wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
- gd.gtk, gd.gtk_len);
-- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
-+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
- os_memset(&gd, 0, sizeof(gd));
- wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
- "WNM mode");
-@@ -2998,7 +3021,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
- const struct wpa_igtk_kde *igtk;
-
- igtk = (const struct wpa_igtk_kde *) (buf + 2);
-- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
-+ if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
- return -1;
- #endif /* CONFIG_IEEE80211W */
- } else {
-diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
-index afc9e37..9a54631 100644
---- a/src/rsn_supp/wpa_i.h
-+++ b/src/rsn_supp/wpa_i.h
-@@ -32,8 +32,10 @@ struct wpa_sm {
- int rx_replay_counter_set;
- u8 request_counter[WPA_REPLAY_COUNTER_LEN];
- struct wpa_gtk gtk;
-+ struct wpa_gtk gtk_wnm_sleep;
- #ifdef CONFIG_IEEE80211W
- struct wpa_igtk igtk;
-+ struct wpa_igtk igtk_wnm_sleep;
- #endif /* CONFIG_IEEE80211W */
-
- struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
---
-2.7.4 \ No newline at end of file
diff --git a/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple4.patch b/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple4.patch
deleted file mode 100644
index 6c194869..00000000
--- a/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple4.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
-result in unauthenticated clients gaining access to the network.
-
-Backport a number of patches from upstream to fix this.
-
-CVE: CVE-2017-13077
-CVE: CVE-2017-13078
-CVE: CVE-2017-13079
-CVE: CVE-2017-13080
-CVE: CVE-2017-13081
-CVE: CVE-2017-13082
-CVE: CVE-2017-13086
-CVE: CVE-2017-13087
-CVE: CVE-2017-13088
-
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 8f82bc94e8697a9d47fa8774dfdaaede1084912c Mon Sep 17 00:00:00 2001
-From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
-Date: Fri, 29 Sep 2017 04:22:51 +0200
-Subject: [PATCH 4/8] Prevent installation of an all-zero TK
-
-Properly track whether a PTK has already been installed to the driver
-and the TK part cleared from memory. This prevents an attacker from
-trying to trick the client into installing an all-zero TK.
-
-This fixes the earlier fix in commit
-ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the
-driver in EAPOL-Key 3/4 retry case') which did not take into account
-possibility of an extra message 1/4 showing up between retries of
-message 3/4.
-
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
----
- src/common/wpa_common.h | 1 +
- src/rsn_supp/wpa.c | 5 ++---
- src/rsn_supp/wpa_i.h | 1 -
- 3 files changed, 3 insertions(+), 4 deletions(-)
-
-diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
-index d200285..1021ccb 100644
---- a/src/common/wpa_common.h
-+++ b/src/common/wpa_common.h
-@@ -215,6 +215,7 @@ struct wpa_ptk {
- size_t kck_len;
- size_t kek_len;
- size_t tk_len;
-+ int installed; /* 1 if key has already been installed to driver */
- };
-
- struct wpa_gtk {
-diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
-index 7a2c68d..0550a41 100644
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -510,7 +510,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
- os_memset(buf, 0, sizeof(buf));
- }
- sm->tptk_set = 1;
-- sm->tk_to_set = 1;
-
- kde = sm->assoc_wpa_ie;
- kde_len = sm->assoc_wpa_ie_len;
-@@ -615,7 +614,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
- enum wpa_alg alg;
- const u8 *key_rsc;
-
-- if (!sm->tk_to_set) {
-+ if (sm->ptk.installed) {
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- "WPA: Do not re-install same PTK to the driver");
- return 0;
-@@ -659,7 +658,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
-
- /* TK is not needed anymore in supplicant */
- os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
-- sm->tk_to_set = 0;
-+ sm->ptk.installed = 1;
-
- if (sm->wpa_ptk_rekey) {
- eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
-diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
-index 9a54631..41f371f 100644
---- a/src/rsn_supp/wpa_i.h
-+++ b/src/rsn_supp/wpa_i.h
-@@ -24,7 +24,6 @@ struct wpa_sm {
- struct wpa_ptk ptk, tptk;
- int ptk_set, tptk_set;
- unsigned int msg_3_of_4_ok:1;
-- unsigned int tk_to_set:1;
- u8 snonce[WPA_NONCE_LEN];
- u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
- int renew_snonce;
---
-2.7.4 \ No newline at end of file
diff --git a/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple5.patch b/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple5.patch
deleted file mode 100644
index b262dcac..00000000
--- a/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple5.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
-result in unauthenticated clients gaining access to the network.
-
-Backport a number of patches from upstream to fix this.
-
-CVE: CVE-2017-13077
-CVE: CVE-2017-13078
-CVE: CVE-2017-13079
-CVE: CVE-2017-13080
-CVE: CVE-2017-13081
-CVE: CVE-2017-13082
-CVE: CVE-2017-13086
-CVE: CVE-2017-13087
-CVE: CVE-2017-13088
-
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sun, 1 Oct 2017 12:32:57 +0300
-Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce
-
-The Authenticator state machine path for PTK rekeying ended up bypassing
-the AUTHENTICATION2 state where a new ANonce is generated when going
-directly to the PTKSTART state since there is no need to try to
-determine the PMK again in such a case. This is far from ideal since the
-new PTK would depend on a new nonce only from the supplicant.
-
-Fix this by generating a new ANonce when moving to the PTKSTART state
-for the purpose of starting new 4-way handshake to rekey PTK.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/ap/wpa_auth.c | 24 +++++++++++++++++++++---
- 1 file changed, 21 insertions(+), 3 deletions(-)
-
-diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
-index 707971d..bf10cc1 100644
---- a/src/ap/wpa_auth.c
-+++ b/src/ap/wpa_auth.c
-@@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
- }
-
-
-+static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
-+{
-+ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
-+ wpa_printf(MSG_ERROR,
-+ "WPA: Failed to get random data for ANonce");
-+ sm->Disconnect = TRUE;
-+ return -1;
-+ }
-+ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
-+ WPA_NONCE_LEN);
-+ sm->TimeoutCtr = 0;
-+ return 0;
-+}
-+
-+
- SM_STATE(WPA_PTK, INITPMK)
- {
- u8 msk[2 * PMK_LEN];
-@@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK)
- SM_ENTER(WPA_PTK, AUTHENTICATION);
- else if (sm->ReAuthenticationRequest)
- SM_ENTER(WPA_PTK, AUTHENTICATION2);
-- else if (sm->PTKRequest)
-- SM_ENTER(WPA_PTK, PTKSTART);
-- else switch (sm->wpa_ptk_state) {
-+ else if (sm->PTKRequest) {
-+ if (wpa_auth_sm_ptk_update(sm) < 0)
-+ SM_ENTER(WPA_PTK, DISCONNECTED);
-+ else
-+ SM_ENTER(WPA_PTK, PTKSTART);
-+ } else switch (sm->wpa_ptk_state) {
- case WPA_PTK_INITIALIZE:
- break;
- case WPA_PTK_DISCONNECT:
---
-2.7.4 \ No newline at end of file
diff --git a/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple6.patch b/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple6.patch
deleted file mode 100644
index 15183f40..00000000
--- a/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple6.patch
+++ /dev/null
@@ -1,149 +0,0 @@
-The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
-result in unauthenticated clients gaining access to the network.
-
-Backport a number of patches from upstream to fix this.
-
-CVE: CVE-2017-13077
-CVE: CVE-2017-13078
-CVE: CVE-2017-13079
-CVE: CVE-2017-13080
-CVE: CVE-2017-13081
-CVE: CVE-2017-13082
-CVE: CVE-2017-13086
-CVE: CVE-2017-13087
-CVE: CVE-2017-13088
-
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 6c4bed4f47d1960ec04981a9d50e5076aea5223d Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Fri, 22 Sep 2017 11:03:15 +0300
-Subject: [PATCH 6/8] TDLS: Reject TPK-TK reconfiguration
-
-Do not try to reconfigure the same TPK-TK to the driver after it has
-been successfully configured. This is an explicit check to avoid issues
-related to resetting the TX/RX packet number. There was already a check
-for this for TPK M2 (retries of that message are ignored completely), so
-that behavior does not get modified.
-
-For TPK M3, the TPK-TK could have been reconfigured, but that was
-followed by immediate teardown of the link due to an issue in updating
-the STA entry. Furthermore, for TDLS with any real security (i.e.,
-ignoring open/WEP), the TPK message exchange is protected on the AP path
-and simple replay attacks are not feasible.
-
-As an additional corner case, make sure the local nonce gets updated if
-the peer uses a very unlikely "random nonce" of all zeros.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/rsn_supp/tdls.c | 38 ++++++++++++++++++++++++++++++++++++--
- 1 file changed, 36 insertions(+), 2 deletions(-)
-
-diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c
-index e424168..9eb9738 100644
---- a/src/rsn_supp/tdls.c
-+++ b/src/rsn_supp/tdls.c
-@@ -112,6 +112,7 @@ struct wpa_tdls_peer {
- u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */
- } tpk;
- int tpk_set;
-+ int tk_set; /* TPK-TK configured to the driver */
- int tpk_success;
- int tpk_in_progress;
-
-@@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
- u8 rsc[6];
- enum wpa_alg alg;
-
-+ if (peer->tk_set) {
-+ /*
-+ * This same TPK-TK has already been configured to the driver
-+ * and this new configuration attempt (likely due to an
-+ * unexpected retransmitted frame) would result in clearing
-+ * the TX/RX sequence number which can break security, so must
-+ * not allow that to happen.
-+ */
-+ wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR
-+ " has already been configured to the driver - do not reconfigure",
-+ MAC2STR(peer->addr));
-+ return -1;
-+ }
-+
- os_memset(rsc, 0, 6);
-
- switch (peer->cipher) {
-@@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
- return -1;
- }
-
-+ wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR,
-+ MAC2STR(peer->addr));
- if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1,
- rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) {
- wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the "
- "driver");
- return -1;
- }
-+ peer->tk_set = 1;
- return 0;
- }
-
-@@ -696,7 +714,7 @@ static void wpa_tdls_peer_clear(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
- peer->cipher = 0;
- peer->qos_info = 0;
- peer->wmm_capable = 0;
-- peer->tpk_set = peer->tpk_success = 0;
-+ peer->tk_set = peer->tpk_set = peer->tpk_success = 0;
- peer->chan_switch_enabled = 0;
- os_memset(&peer->tpk, 0, sizeof(peer->tpk));
- os_memset(peer->inonce, 0, WPA_NONCE_LEN);
-@@ -1159,6 +1177,7 @@ skip_rsnie:
- wpa_tdls_peer_free(sm, peer);
- return -1;
- }
-+ peer->tk_set = 0; /* A new nonce results in a new TK */
- wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake",
- peer->inonce, WPA_NONCE_LEN);
- os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
-@@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct wpa_sm *sm, struct wpa_tdls_peer *peer,
- }
-
-
-+static int tdls_nonce_set(const u8 *nonce)
-+{
-+ int i;
-+
-+ for (i = 0; i < WPA_NONCE_LEN; i++) {
-+ if (nonce[i])
-+ return 1;
-+ }
-+
-+ return 0;
-+}
-+
-+
- static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr,
- const u8 *buf, size_t len)
- {
-@@ -2004,7 +2036,8 @@ skip_rsn:
- peer->rsnie_i_len = kde.rsn_ie_len;
- peer->cipher = cipher;
-
-- if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) {
-+ if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 ||
-+ !tdls_nonce_set(peer->inonce)) {
- /*
- * There is no point in updating the RNonce for every obtained
- * TPK M1 frame (e.g., retransmission due to timeout) with the
-@@ -2020,6 +2053,7 @@ skip_rsn:
- "TDLS: Failed to get random data for responder nonce");
- goto error;
- }
-+ peer->tk_set = 0; /* A new nonce results in a new TK */
- }
-
- #if 0
---
-2.7.4 \ No newline at end of file
diff --git a/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple7.patch b/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple7.patch
deleted file mode 100644
index 2e12bc75..00000000
--- a/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple7.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
-result in unauthenticated clients gaining access to the network.
-
-Backport a number of patches from upstream to fix this.
-
-CVE: CVE-2017-13077
-CVE: CVE-2017-13078
-CVE: CVE-2017-13079
-CVE: CVE-2017-13080
-CVE: CVE-2017-13081
-CVE: CVE-2017-13082
-CVE: CVE-2017-13086
-CVE: CVE-2017-13087
-CVE: CVE-2017-13088
-
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 53c5eb58e95004f86e65ee9fbfccbc291b139057 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Fri, 22 Sep 2017 11:25:02 +0300
-Subject: [PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending
- request
-
-Commit 03ed0a52393710be6bdae657d1b36efa146520e5 ('WNM: Ignore WNM-Sleep
-Mode Response if WNM-Sleep Mode has not been used') started ignoring the
-response when no WNM-Sleep Mode Request had been used during the
-association. This can be made tighter by clearing the used flag when
-successfully processing a response. This adds an additional layer of
-protection against unexpected retransmissions of the response frame.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- wpa_supplicant/wnm_sta.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c
-index 1b3409c..67a07ff 100644
---- a/wpa_supplicant/wnm_sta.c
-+++ b/wpa_supplicant/wnm_sta.c
-@@ -260,7 +260,7 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s,
-
- if (!wpa_s->wnmsleep_used) {
- wpa_printf(MSG_DEBUG,
-- "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode has not been used in this association");
-+ "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested");
- return;
- }
-
-@@ -299,6 +299,8 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s,
- return;
- }
-
-+ wpa_s->wnmsleep_used = 0;
-+
- if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT ||
- wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) {
- wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response "
---
-2.7.4 \ No newline at end of file
diff --git a/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple8.patch b/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple8.patch
deleted file mode 100644
index 7f5390c3..00000000
--- a/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple8.patch
+++ /dev/null
@@ -1,99 +0,0 @@
-The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
-result in unauthenticated clients gaining access to the network.
-
-Backport a number of patches from upstream to fix this.
-
-CVE: CVE-2017-13077
-CVE: CVE-2017-13078
-CVE: CVE-2017-13079
-CVE: CVE-2017-13080
-CVE: CVE-2017-13081
-CVE: CVE-2017-13082
-CVE: CVE-2017-13086
-CVE: CVE-2017-13087
-CVE: CVE-2017-13088
-
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From b372ab0b7daea719749194dc554b26e6367603f2 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Fri, 22 Sep 2017 12:06:37 +0300
-Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames
-
-The driver is expected to not report a second association event without
-the station having explicitly request a new association. As such, this
-case should not be reachable. However, since reconfiguring the same
-pairwise or group keys to the driver could result in nonce reuse issues,
-be extra careful here and do an additional state check to avoid this
-even if the local driver ends up somehow accepting an unexpected
-Reassociation Response frame.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/rsn_supp/wpa.c | 3 +++
- src/rsn_supp/wpa_ft.c | 8 ++++++++
- src/rsn_supp/wpa_i.h | 1 +
- 3 files changed, 12 insertions(+)
-
-diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
-index 0550a41..2a53c6f 100644
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm)
- #ifdef CONFIG_TDLS
- wpa_tdls_disassoc(sm);
- #endif /* CONFIG_TDLS */
-+#ifdef CONFIG_IEEE80211R
-+ sm->ft_reassoc_completed = 0;
-+#endif /* CONFIG_IEEE80211R */
-
- /* Keys are not needed in the WPA state machine anymore */
- wpa_sm_drop_sa(sm);
-diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
-index 205793e..d45bb45 100644
---- a/src/rsn_supp/wpa_ft.c
-+++ b/src/rsn_supp/wpa_ft.c
-@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len,
- u16 capab;
-
- sm->ft_completed = 0;
-+ sm->ft_reassoc_completed = 0;
-
- buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
- 2 + sm->r0kh_id_len + ric_ies_len + 100;
-@@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
- return -1;
- }
-
-+ if (sm->ft_reassoc_completed) {
-+ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission");
-+ return 0;
-+ }
-+
- if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
- wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
- return -1;
-@@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
- return -1;
- }
-
-+ sm->ft_reassoc_completed = 1;
-+
- if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
- return -1;
-
-diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
-index 41f371f..56f88dc 100644
---- a/src/rsn_supp/wpa_i.h
-+++ b/src/rsn_supp/wpa_i.h
-@@ -128,6 +128,7 @@ struct wpa_sm {
- size_t r0kh_id_len;
- u8 r1kh_id[FT_R1KH_ID_LEN];
- int ft_completed;
-+ int ft_reassoc_completed;
- int over_the_ds_in_progress;
- u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
- int set_ptk_after_assoc;
---
-2.7.4 \ No newline at end of file
diff --git a/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant-CVE-2018-14526.patch b/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant-CVE-2018-14526.patch
deleted file mode 100644
index e800a410..00000000
--- a/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant-CVE-2018-14526.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-wpa_supplicant-2.6: Fix CVE-2018-14526
-
-[No upstream tracking] -- https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
-
-wpa: Ignore unauthenticated encrypted EAPOL-Key data
-
-Ignore unauthenticated encrypted EAPOL-Key data in supplicant
-processing. When using WPA2, these are frames that have the Encrypted
-flag set, but not the MIC flag.
-
-When using WPA2, EAPOL-Key frames that had the Encrypted flag set but
-not the MIC flag, had their data field decrypted without first verifying
-the MIC. In case the data field was encrypted using RC4 (i.e., when
-negotiating TKIP as the pairwise cipher), this meant that
-unauthenticated but decrypted data would then be processed. An adversary
-could abuse this as a decryption oracle to recover sensitive information
-in the data field of EAPOL-Key messages (e.g., the group key).
-
-Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/src/rsn_supp/wpa.c?id=3e34cfdff6b192fe337c6fb3f487f73e96582961]
-CVE: CVE-2018-14526
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
-index 3c47879..6bdf923 100644
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -2016,6 +2016,17 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
-
- if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) &&
- (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
-+ /*
-+ * Only decrypt the Key Data field if the frame's authenticity
-+ * was verified. When using AES-SIV (FILS), the MIC flag is not
-+ * set, so this check should only be performed if mic_len != 0
-+ * which is the case in this code branch.
-+ */
-+ if (!(key_info & WPA_KEY_INFO_MIC)) {
-+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
-+ "WPA: Ignore EAPOL-Key with encrypted but unauthenticated data");
-+ goto out;
-+ }
- if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data,
- &key_data_len))
- goto out;
diff --git a/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb b/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
index c92ed4ab..7cc03fef 100644
--- a/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb
+++ b/external/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
@@ -2,10 +2,10 @@ SUMMARY = "Client for Wi-Fi Protected Access (WPA)"
HOMEPAGE = "http://w1.fi/wpa_supplicant/"
BUGTRACKER = "http://w1.fi/security/"
SECTION = "network"
-LICENSE = "BSD"
-LIC_FILES_CHKSUM = "file://COPYING;md5=292eece3f2ebbaa25608eed8464018a3 \
- file://README;beginline=1;endline=56;md5=3f01d778be8f953962388307ee38ed2b \
- file://wpa_supplicant/wpa_supplicant.c;beginline=1;endline=12;md5=4061612fc5715696134e3baf933e8aba"
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://COPYING;md5=279b4f5abb9c153c285221855ddb78cc \
+ file://README;beginline=1;endline=56;md5=e7d3dbb01f75f0b9799e192731d1e1ff \
+ file://wpa_supplicant/wpa_supplicant.c;beginline=1;endline=12;md5=0a8b56d3543498b742b9c0e94cc2d18b"
DEPENDS = "dbus libnl"
RRECOMMENDS_${PN} = "wpa-supplicant-passphrase wpa-supplicant-cli"
@@ -15,7 +15,7 @@ PACKAGECONFIG[openssl] = ",,openssl"
inherit pkgconfig systemd
-SYSTEMD_SERVICE_${PN} = "wpa_supplicant.service wpa_supplicant-nl80211@.service wpa_supplicant-wired@.service"
+SYSTEMD_SERVICE_${PN} = "wpa_supplicant.service"
SYSTEMD_AUTO_ENABLE = "disable"
SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \
@@ -24,19 +24,14 @@ SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \
file://wpa_supplicant.conf \
file://wpa_supplicant.conf-sane \
file://99_wpa_supplicant \
- file://key-replay-cve-multiple1.patch \
- file://key-replay-cve-multiple2.patch \
- file://key-replay-cve-multiple3.patch \
- file://key-replay-cve-multiple4.patch \
- file://key-replay-cve-multiple5.patch \
- file://key-replay-cve-multiple6.patch \
- file://key-replay-cve-multiple7.patch \
- file://key-replay-cve-multiple8.patch \
- file://wpa_supplicant-CVE-2018-14526.patch \
file://0001-replace-systemd-install-Alias-with-WantedBy.patch \
+ file://0001-AP-Silently-ignore-management-frame-from-unexpected-.patch \
+ file://0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch \
+ file://0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch \
+ file://0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch \
"
-SRC_URI[md5sum] = "091569eb4440b7d7f2b4276dbfc03c3c"
-SRC_URI[sha256sum] = "b4936d34c4e6cdd44954beba74296d964bc2c9668ecaa5255e499636fe2b1450"
+SRC_URI[md5sum] = "2d2958c782576dc9901092fbfecb4190"
+SRC_URI[sha256sum] = "fcbdee7b4a64bea8177973299c8c824419c413ec2e3a95db63dd6a5dc3541f17"
CVE_PRODUCT = "wpa_supplicant"
@@ -45,15 +40,13 @@ S = "${WORKDIR}/wpa_supplicant-${PV}"
PACKAGES_prepend = "wpa-supplicant-passphrase wpa-supplicant-cli "
FILES_wpa-supplicant-passphrase = "${bindir}/wpa_passphrase"
FILES_wpa-supplicant-cli = "${sbindir}/wpa_cli"
-FILES_${PN} += "${datadir}/dbus-1/system-services/*"
+FILES_${PN} += "${datadir}/dbus-1/system-services/* ${systemd_system_unitdir}/*"
CONFFILES_${PN} += "${sysconfdir}/wpa_supplicant.conf"
do_configure () {
${MAKE} -C wpa_supplicant clean
install -m 0755 ${WORKDIR}/defconfig wpa_supplicant/.config
- echo "CFLAGS +=\"-I${STAGING_INCDIR}/libnl3\"" >> wpa_supplicant/.config
- echo "DRV_CFLAGS +=\"-I${STAGING_INCDIR}/libnl3\"" >> wpa_supplicant/.config
-
+
if echo "${PACKAGECONFIG}" | grep -qw "openssl"; then
ssl=openssl
elif echo "${PACKAGECONFIG}" | grep -qw "gnutls"; then