added my Recipes

meta-openembedded/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch

@@ -0,0 +1,35 @@
+From a7831a16c3e0e1463d5eb08a58af152cb75ca976 Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.zhao@windriver.com>
+Date: Mon, 15 Apr 2019 06:05:58 +0000
+Subject: [PATCH] Fix CVE-2019-7282 and CVE-2019-7283
+
+Description: Fix CVE-2018-20685 and CVE-2019-6111
+Bug-Debian: https://bugs.debian.org/920486
+Origin: https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2#diff-9f340c228413d5a9a9206ea2ed2bc624R1114
+
+Upstream-Status: Backport [Debian]
+[https://sources.debian.org/src/netkit-rsh/0.17-20/debian/patches/fix-CVE-2018-20685-and-CVE-2019-6111.patch]
+
+CVE: CVE-2019-7282 CVE-2019-7283
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ rcp/rcp.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/rcp/rcp.c b/rcp/rcp.c
+index ca61c18..77d8ff8 100644
+--- a/rcp/rcp.c
++++ b/rcp/rcp.c
+@@ -740,6 +740,11 @@ sink(int argc, char *argv[])
+ 			size = size * 10 + (*cp++ - '0');
+ 		if (*cp++ != ' ')
+ 			SCREWUP("size not delimited");
++		if (*cp == '\0' || strchr(cp, '/') != NULL ||
++		    strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) {
++			error("error: unexpected filename: %s", cp);
++			exit(1);
++		}
+ 		if (targisdir) {
+ 			static char *namebuf;
+ 			static int cursize;

meta-openembedded/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/fix-host-variable.patch

@@ -0,0 +1,27 @@
+fix host variable when rsh is renamed to other.
+
+Upstream-Status: Pending
+
+If rsh is renamed to other, like rsh.netkit, host variable is assigned to
+rsh.netkit, which is wrong.
+
+Signed-off-by: Roy.Li <rongqing.li@windriver.com>
+---
+ rsh/rsh.c |    1 -
+ 1 files changed, 0 insertions(+), 1 deletions(-)
+
+diff --git a/rsh/rsh.c b/rsh/rsh.c
+index ac594f9..11f533e 100644
+--- a/rsh/rsh.c
++++ b/rsh/rsh.c
+@@ -100,7 +100,6 @@ main(int argc, char *argv[])
+ #else
+ 	if (!strcmp(p, "rsh")) asrsh = 1;
+ #endif
+-	else host = p;
+ 
+ 	/* handle "rsh host flags" */
+ 	if (!host && argc > 2 && argv[1][0] != '-') {
+-- 
+1.7.5.4
+

meta-openembedded/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/fixup_wait3_api_change.patch

@@ -0,0 +1,34 @@
+Fix build issue do to Deprecate union wait and remove support from wait functions [BZ #19613]
+
+| rlogin.c: In function 'catch_child':
+| rlogin.c:463:13: error: storage size of 'status' isn't known
+|   union wait status;
+
+https://sourceware.org/ml/libc-alpha/2016-02/msg00342.html
+
+Upstream-Status: Inappropriate [ no upstream maintaner ]
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+Index: netkit-rsh-0.17/rlogin/rlogin.c
+===================================================================
+--- netkit-rsh-0.17.orig/rlogin/rlogin.c
++++ netkit-rsh-0.17/rlogin/rlogin.c
+@@ -460,7 +460,7 @@ writeroob(int ignore)
+ void
+ catch_child(int ignore)
+ {
+-	union wait status;
++	int status;
+ 	int pid;
+ 
+ 	(void)ignore;
+@@ -471,7 +471,7 @@ catch_child(int ignore)
+ 			return;
+ 		/* if the child (reader) dies, just quit */
+ 		if (pid < 0 || (pid == childpid && !WIFSTOPPED(status)))
+-			done((int)(status.w_termsig | status.w_retcode));
++            done((int)(WTERMSIG(status) | WEXITSTATUS(status)));
+ 	}
+ 	/* NOTREACHED */
+ }

meta-openembedded/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/netkit-rsh-0.17-rexec-ipv6.patch

@@ -0,0 +1,30 @@
+make rexec support ipv6
+
+Upstream-Status: Pending
+
+rexec equals rexec_af(... ,AF_INET) which only support ipv4,
+use rexec_af(..., AF_UNSPEC) to support both ipv6 and ipv4.
+
+Signed-off-by: Roy.Li <rongqing.li@windriver.com>
+---
+ rexec/rexec.c |    4 ++--
+ 1 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/rexec/rexec.c b/rexec/rexec.c
+index 0913c02..9c8f769 100644
+--- a/rexec/rexec.c
++++ b/rexec/rexec.c
+@@ -214,8 +214,8 @@ int main(int argc, char *argv[])
+     passwd = getpass("Password: ");
+   }
+ 
+-  if ( (sock = rexec(&host, port_exec, user_name, passwd, command, 
+-		     p_to_aux_sock)) < 0 )
++  if ( (sock = rexec_af(&host, port_exec, user_name, passwd, command, 
++		     p_to_aux_sock, AF_UNSPEC)) < 0 )
+  {
+     fprintf(stderr,"%s: Error in rexec system call: ",argv[0]);
+     perror(NULL);
+-- 
+1.7.4.1
+

meta-openembedded/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/no_pam_build_fix.patch

@@ -0,0 +1,39 @@
+netkit-rsh:
+Allow to build with no PAM enabled.
+
+Upstream-Status: Inappropriate [ no upstream maintaner ]
+
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: netkit-rsh-0.17/rshd/rshd.c
+===================================================================
+--- netkit-rsh-0.17.orig/rshd/rshd.c
++++ netkit-rsh-0.17/rshd/rshd.c
+@@ -110,9 +110,11 @@ extern	char	**environ;
+ static void error(const char *fmt, ...);
+ static void doit(struct sockaddr *fromp, socklen_t fromlen);
+ static char *getstr(char *, size_t, const char *);
++#ifdef USE_PAM
+ static int err_conv(
+ 	int, const struct pam_message **, struct pam_response **, void *
+ );
++#endif /* USE_PAM */
+ 
+ extern int _check_rhosts_file;
+ 
+@@ -256,6 +258,7 @@ static void stderr_parent(int sock, int
+ }
+ 
+ 
++#ifdef USE_PAM
+ static int err_conv(
+ 	int num_msg, const struct pam_message **msg,
+ 	struct pam_response **resp, void *appdata_ptr
+@@ -266,6 +269,7 @@ static int err_conv(
+ 	(void) appdata_ptr;
+ 	return PAM_CONV_ERR;
+ }
++#endif
+ 
+ static struct passwd *doauth(const char *remuser, 
+ 			     const char *hostname, 

meta-openembedded/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/rexec.pam

@@ -0,0 +1,10 @@
+#%PAM-1.0
+# For root login to succeed here with pam_securetty, "rexec" must be
+# listed in /etc/securetty.
+auth       required     pam_nologin.so
+auth       required     pam_env.so
+auth       include      common-auth
+account    include      common-account
+session	   optional     pam_keyinit.so    force revoke
+session    include      common-session
+session    required     pam_loginuid.so

meta-openembedded/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/rexec.xinetd.netkit

@@ -0,0 +1,20 @@
+# default: off
+# description:
+# Rexecd is the server for the rexec program. The server provides remote 
+# execution facilities with authentication based on user names and 
+# passwords.
+#
+service exec
+{
+	socket_type	= stream
+	protocol	= tcp
+	flags		= NAMEINARGS
+	wait		= no
+	user		= root
+	group		= root
+	log_on_success	+= USERID
+	log_on_failure	+= USERID
+	server		= /usr/sbin/tcpd
+	server_args	= /usr/sbin/in.rexecd
+	disable		= yes
+}

meta-openembedded/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/rlogin.pam

@@ -0,0 +1,12 @@
+#%PAM-1.0
+# For root login to succeed here with pam_securetty, "rlogin" must be
+# listed in /etc/securetty.
+auth       required     pam_nologin.so
+auth       required     pam_securetty.so
+auth       required     pam_env.so
+auth       include      common-auth
+account    include      common-account
+password   include      common-password
+session	   optional     pam_keyinit.so    force revoke
+session    include      common-session
+session    required     pam_loginuid.so

meta-openembedded/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/rlogin.xinetd.netkit

@@ -0,0 +1,23 @@
+# default: off
+# description:
+# Rlogind is a server for the rlogin program. The server provides remote 
+# execution with authentication based on privileged port numbers from trusted
+# host
+#
+service login
+{
+	socket_type	= stream
+	protocol	= tcp
+	flags		= NAMEINARGS
+	wait		= no
+	user		= root
+	group		= root
+	log_on_success	+= USERID
+	log_on_failure	+= USERID
+	server		= /usr/sbin/tcpd
+	server_args	= /usr/sbin/in.rlogind -a
+	disable		= yes
+}
+							
+							
+							

meta-openembedded/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/rsh-redone_link_order_file.patch

@@ -0,0 +1,77 @@
+This fixes a build issue caused by linking order.
+
+Upstream-Status: Inappropriate
+Most distos have there own verison of this fix. This was derived by
+* Fix link order to list libraries after the objects that require them
+(LP: #771080).
+
+-- Colin Watson <cjwatson@ubuntu.com>  Tue, 13 Sep 2011 10:07:08 +0100
+
+
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: netkit-rsh-0.17/rsh/Makefile
+===================================================================
+--- netkit-rsh-0.17.orig/rsh/Makefile
++++ netkit-rsh-0.17/rsh/Makefile
+@@ -6,7 +6,7 @@ include ../MRULES
+ OBJS = rsh.o
+ 
+ rsh: $(OBJS)
+-	$(CC) $(LDFLAGS) $^ $(LIBS) -o $@
++	$(CC) $^ -o $@ $(LDFLAGS) $(LIBS)
+ 
+ install: rsh
+ 	install -o root -m$(SUIDMODE) rsh $(INSTALLROOT)$(BINDIR)
+Index: netkit-rsh-0.17/rshd/Makefile
+===================================================================
+--- netkit-rsh-0.17.orig/rshd/Makefile
++++ netkit-rsh-0.17/rshd/Makefile
+@@ -11,7 +11,7 @@ LIBS += -ldl -lpam
+ endif
+ 
+ rshd: $(OBJS)
+-	$(CC) $(LDFLAGS) $^ $(LIBS) -o $@
++	$(CC) $^ -o $@ $(LDFLAGS) $(LIBS)
+ 
+ install: rshd
+ 	install -m$(DAEMONMODE) rshd $(INSTALLROOT)$(SBINDIR)/in.rshd
+Index: netkit-rsh-0.17/rlogin/Makefile
+===================================================================
+--- netkit-rsh-0.17.orig/rlogin/Makefile
++++ netkit-rsh-0.17/rlogin/Makefile
+@@ -7,7 +7,7 @@ PROG=rlogin
+ OBJS=rlogin.o
+ 
+ $(PROG): $(OBJS)
+-	$(CC) $(LDFLAGS) $^ $(LIBS) -o $@
++	$(CC) $^ -o $@ $(LDFLAGS) $(LIBS)
+ 
+ install: $(PROG)
+ 	install -o root -m$(SUIDMODE) $(PROG) $(INSTALLROOT)$(BINDIR)
+Index: netkit-rsh-0.17/rlogind/Makefile
+===================================================================
+--- netkit-rsh-0.17.orig/rlogind/Makefile
++++ netkit-rsh-0.17/rlogind/Makefile
+@@ -13,7 +13,7 @@ LIBS += -ldl -lpam -lpam_misc
+ endif
+ 
+ rlogind: $(OBJS)
+-	$(CC) $(LDFLAGS) $^ $(LIBS) -o $@
++	$(CC) $^ -o $@ $(LDFLAGS) $(LIBS)
+ 
+ rlogind.o: pathnames.h logwtmp.h rlogind.h ../version.h
+ logwtmp.o: logwtmp.h
+Index: netkit-rsh-0.17/rexecd/Makefile
+===================================================================
+--- netkit-rsh-0.17.orig/rexecd/Makefile
++++ netkit-rsh-0.17/rexecd/Makefile
+@@ -24,7 +24,7 @@ endif
+ CFLAGS += -DRESTRICT_FTP=1
+ 
+ rexecd: rexecd.o
+-	$(CC) $(LDFLAGS) $^ $(LIBS) -o $@
++	$(CC) $^ -o $@ $(LDFLAGS) $(LIBS)
+ 
+ install: rexecd
+ 	install -m$(DAEMONMODE) rexecd $(INSTALLROOT)$(SBINDIR)/in.rexecd

meta-openembedded/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/rsh.pam

@@ -0,0 +1,10 @@
+#%PAM-1.0
+# For root login to succeed here with pam_securetty, "rsh" must be
+# listed in /etc/securetty.
+auth       required     pam_nologin.so
+auth       required     pam_securetty.so
+auth       required     pam_env.so
+account    include      common-account
+session	   optional     pam_keyinit.so    force revoke
+session    include      common-session
+session    required     pam_loginuid.so

meta-openembedded/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/rsh.xinetd.netkit

@@ -0,0 +1,21 @@
+# default: off
+# description:
+# The rshd server is a server for the rcmd(3) routine and, 
+# consequently, for the rsh(1) program. The server provides 
+# remote execution facilities with authentication based on 
+# privileged port numbers from trusted hosts.
+#
+service shell
+{
+	socket_type	= stream
+	protocol	= tcp
+	flags		= NAMEINARGS
+	wait		= no
+	user		= root
+	group		= root
+	log_on_success	+= USERID
+	log_on_failure	+= USERID
+	server		= /usr/sbin/tcpd
+	server_args	= /usr/sbin/in.rshd -aL
+	disable		= yes
+}

meta-openembedded/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb

@@ -0,0 +1,105 @@
+DESCRIPTION = "netkit-rsh includes the rsh daemon and client."
+SECTION = "net"
+HOMEPAGE="ftp://ftp.uk.linux.org/pub/linux/Networking/netkit"
+LICENSE = "BSD-4-Clause"
+DEPENDS = "xinetd libgcrypt virtual/crypt"
+
+LIC_FILES_CHKSUM = "file://rsh/rsh.c;endline=32;md5=487b3c637bdc181d32b2a8543d41b606"
+
+SRC_URI = "${DEBIAN_MIRROR}/main/n/netkit-rsh/netkit-rsh_${PV}.orig.tar.gz;name=archive \
+            ${DEBIAN_MIRROR}/main/n/netkit-rsh/netkit-rsh_${PV}-15.diff.gz;name=patch15 \
+            file://rsh-redone_link_order_file.patch \
+            file://no_pam_build_fix.patch \
+            file://rexec.xinetd.netkit \
+            file://rlogin.xinetd.netkit \
+            file://rsh.xinetd.netkit \
+            file://netkit-rsh-0.17-rexec-ipv6.patch \
+            file://fix-host-variable.patch \
+            file://fixup_wait3_api_change.patch \
+            file://CVE-2019-7282-and-CVE-2019-7283.patch \
+"
+
+SRC_URI[archive.md5sum] = "65f5f28e2fe22d9ad8b17bb9a10df096"
+SRC_URI[archive.sha256sum] = "edcac7fa18015f0bc04e573f3f54ae3b638d71335df1ad7dae692779914ad669"
+SRC_URI[patch15.md5sum] = "655efc0d541b03ca5de0ae506c805ea3"
+SRC_URI[patch15.sha256sum] = "2bc071c438e8b0ed42a0bd2db2d8b681b27a1e9b1798694d9874733293bc2aa9"
+
+# Other support files
+PAM_SRC_URI = "file://rexec.pam \
+    file://rlogin.pam \
+    file://rsh.pam \
+"
+SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)}"
+
+inherit pkgconfig update-alternatives
+
+CFLAGS += " -D_GNU_SOURCE -Wno-deprecated-declarations"
+LDFLAGS += " -L${STAGING_LIBDIR} -lutil -lcrypt"
+
+PACKAGECONFIG ??= ""
+PACKAGECONFIG:append = " ${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}"
+PACKAGECONFIG[pam] = " , --without-pam, libpam, libpam"
+
+COMPATIBLE_HOST:libc-musl = 'null'
+
+do_configure () {
+    ./configure --prefix=${prefix} --exec-prefix=${exec_prefix}
+    echo "INSTALLROOT=${D}" > MCONFIG
+
+    if [ "${@bb.utils.filter('PACKAGECONFIG', 'pam', d)}" ]; then
+        echo "USE_PAM=1" >> MCONFIG
+    fi
+
+    # didn't want to patch these next changes
+    sed -i 's/netkit-//' ${S}/rsh/pathnames.h
+    sed -i 's/netkit-//' ${S}/rcp/pathnames.h
+}
+
+do_install () {
+    install -d ${D}${bindir}
+    install -d ${D}${sbindir}
+    install -d ${D}${mandir}/man1
+    install -d ${D}${mandir}/man8
+    install -d ${D}${sysconfdir}/xinetd.d
+
+    oe_runmake 'INSTALLROOT=${D}' 'BINMODE=0755' \
+    'DAEMONMODE=0755' 'MANMODE=0644' \
+    'SUIDMODE=4755' \
+    'BINDIR=${bindir}' 'SBINDIR=${sbindir}' \
+    'MANDIR=${mandir}' install
+
+    if [ "${@bb.utils.filter('PACKAGECONFIG', 'pam', d)}" ]; then
+        install -d ${D}${sysconfdir}/pam.d
+        install -m 0644 debian/hosts.equiv ${D}/${sysconfdir}
+        install -m 0644 ${WORKDIR}/rexec.pam ${D}/${sysconfdir}/pam.d/rexec
+        install -m 0644 ${WORKDIR}/rlogin.pam ${D}/${sysconfdir}/pam.d/rlogin
+        install -m 0644 ${WORKDIR}/rsh.pam ${D}/${sysconfdir}/pam.d/rsh
+    fi
+    cp ${WORKDIR}/rexec.xinetd.netkit  ${D}/${sysconfdir}/xinetd.d/rexec
+    cp ${WORKDIR}/rlogin.xinetd.netkit  ${D}/${sysconfdir}/xinetd.d/rlogin
+    cp ${WORKDIR}/rsh.xinetd.netkit  ${D}/${sysconfdir}/xinetd.d/rsh
+}
+
+PACKAGES = "${PN}-client ${PN}-server ${PN}-doc ${BPN}-dbg"
+
+FILES:${PN}-client = "${bindir}/*"
+FILES:${PN}-server = "${sbindir}/* ${sysconfdir}"
+FILES:${PN}-doc = "${mandir}"
+FILES:${PN}-dbg = "${prefix}/src/debug \
+                   ${sbindir}/.debug ${bindir}/.debug"
+
+ALTERNATIVE_PRIORITY = "80"
+ALTERNATIVE:${PN}-client = "rcp rexec rlogin rsh"
+ALTERNATIVE:${PN}-server = "rshd rexecd rlogind"
+ALTERNATIVE_LINK_NAME[server] = "${bindir}/rshd"
+ALTERNATIVE_TARGET[rshd] = "${sbindir}/in.rshd"
+ALTERNATIVE_LINK_NAME[rexecd] = "${bindir}/rexecd"
+ALTERNATIVE_TARGET[rexecd] = "${sbindir}/in.rexecd"
+ALTERNATIVE_LINK_NAME[rlogind] = "${bindir}/rlogind"
+ALTERNATIVE_TARGET[rlogind] = "${sbindir}/in.rlogind"
+
+RCONFLICTS:${PN}-server += "inetutils-rshd"
+RPROVIDES:${PN}-server = "rshd"
+
+RDEPENDS:${PN}-server = "xinetd"
+RDEPENDS:${PN}-server += "tcp-wrappers"