iscsi-initiator-utils: Upgrade to 2.0.876

Fix build with musl along the way Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2026-06-05 02:50:46 +00:00 · 2018-02-05 23:46:17 -08:00
parent f6225a9f7e
commit e38db24115
16 changed files with 191 additions and 557 deletions
@@ -1,135 +0,0 @@
-From eb516ac5f9dddc80564f6becee08a0011e7aa58b Mon Sep 17 00:00:00 2001
-From: Lee Duncan <lduncan@suse.com>
-Date: Fri, 15 Dec 2017 10:36:11 -0800
-Subject: [PATCH 1/7] Check for root peer user for iscsiuio IPC
-
-This fixes a possible vulnerability where a non-root
-process could connect with iscsiuio. Fouund by Qualsys.
-
-CVE: CVE-2017-17840
-
-Upstream-Status: Backport
-
-Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
---
- iscsiuio/src/unix/Makefile.am  |  3 ++-
- iscsiuio/src/unix/iscsid_ipc.c | 47 ++++++++++++++++++++++++++++++++++++++++++
- 2 files changed, 49 insertions(+), 1 deletion(-)
-
-diff --git a/iscsiuio/src/unix/Makefile.am b/iscsiuio/src/unix/Makefile.am
-index 71d5463..a989ef0 100644
--- a/iscsiuio/src/unix/Makefile.am
-+++ b/iscsiuio/src/unix/Makefile.am
-@@ -20,7 +20,8 @@ iscsiuio_SOURCES =	build_date.c		\
- 			nic_utils.c		\
- 			packet.c		\
- 			iscsid_ipc.c		\
-			ping.c
-+			ping.c			\
-+			${top_srcdir}/../utils/sysdeps/sysdeps.c
- 
- iscsiuio_CFLAGS = 	$(AM_CFLAGS)		\
- 			$(LIBNL_CFLAGS)		\
-diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c
-index a2a59a8..08e49e5 100644
--- a/iscsiuio/src/unix/iscsid_ipc.c
-+++ b/iscsiuio/src/unix/iscsid_ipc.c
-@@ -37,6 +37,8 @@
-  *
-  */
- 
-+#define _GNU_SOURCE
-+
- #include <errno.h>
- #include <pthread.h>
- #include <signal.h>
-@@ -47,6 +49,8 @@
- #include <sys/socket.h>
- #include <sys/time.h>
- #include <sys/un.h>
-+#include <sys/types.h>
-+#include <pwd.h>
- 
- #define PFX "iscsi_ipc "
- 
-@@ -61,6 +65,7 @@
- #include "iscsid_ipc.h"
- #include "uip.h"
- #include "uip_mgmt_ipc.h"
-+#include "sysdeps.h"
- 
- #include "logger.h"
- #include "uip.h"
-@@ -102,6 +107,7 @@ struct iface_rec_decode {
- 	uint16_t		mtu;
- };
- 
-+#define PEERUSER_MAX	64
- 
- /******************************************************************************
-  *  iscsid_ipc Constants
-@@ -1029,6 +1035,40 @@ static void iscsid_loop_close(void *arg)
- 	LOG_INFO(PFX "iSCSI daemon socket closed");
- }
- 
-+/*
-+ * check that the peer user is privilidged
-+ *
-+ * return 1 if peer is ok else 0
-+ *
-+ * XXX: this function is copied from iscsid_ipc.c and should be
-+ * moved into a common library
-+ */
-+static int
-+mgmt_peeruser(int sock, char *user)
-+{
-+	struct ucred peercred;
-+	socklen_t so_len = sizeof(peercred);
-+	struct passwd *pass;
-+
-+	errno = 0;
-+	if (getsockopt(sock, SOL_SOCKET, SO_PEERCRED, &peercred,
-+		&so_len) != 0 || so_len != sizeof(peercred)) {
-+		/* We didn't get a valid credentials struct. */
-+		LOG_ERR(PFX "peeruser_unux: error receiving credentials: %m");
-+		return 0;
-+	}
-+
-+	pass = getpwuid(peercred.uid);
-+	if (pass == NULL) {
-+		LOG_ERR(PFX "peeruser_unix: unknown local user with uid %d",
-+				(int) peercred.uid);
-+		return 0;
-+	}
-+
-+	strlcpy(user, pass->pw_name, PEERUSER_MAX);
-+	return 1;
-+}
-+
- /**
-  *  iscsid_loop() - This is the function which will process the broadcast
-  *                  messages from iscsid
-@@ -1038,6 +1078,7 @@ static void *iscsid_loop(void *arg)
- {
- 	int rc;
- 	sigset_t set;
-+	char user[PEERUSER_MAX];
- 
- 	pthread_cleanup_push(iscsid_loop_close, arg);
- 
-@@ -1077,6 +1118,12 @@ static void *iscsid_loop(void *arg)
- 			continue;
- 		}
- 
-+		if (!mgmt_peeruser(iscsid_opts.fd, user) || strncmp(user, "root", PEERUSER_MAX)) {
-+			close(s2);
-+			LOG_ERR(PFX "Access error: non-administrative connection rejected");
-+			break;
-+		}
-+
- 		process_iscsid_broadcast(s2);
- 		close(s2);
- 	}
-- 
-1.9.1
-
@@ -0,0 +1,25 @@
+From cfee58d5863a535b61aa54690ae205b876f57944 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 2 Feb 2018 22:53:29 -0800
+Subject: [PATCH 1/2] libopeniscsiusr: Include limit.h for PATH_MAX
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ libopeniscsiusr/iface.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libopeniscsiusr/iface.c b/libopeniscsiusr/iface.c
+index 79898df..a48ef36 100644
+--- a/libopeniscsiusr/iface.c
+++ b/libopeniscsiusr/iface.c
+@@ -30,6 +30,7 @@
+ #include <netdb.h>
+ #include <assert.h>
+ #include <inttypes.h>
+#include <limits.h>
+ 
+ #include "libopeniscsiusr/libopeniscsiusr.h"
+ #include "misc.h"
+-- 
+2.16.1
+
@@ -0,0 +1,25 @@
+From 197713ad7e3e944102bbd792e1ab9ec4a67100c0 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 2 Feb 2018 23:25:21 -0800
+Subject: [PATCH 1/4] qedi.c: Removed unused linux/ethtool.h
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ iscsiuio/src/unix/libs/qedi.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/iscsiuio/src/unix/libs/qedi.c b/iscsiuio/src/unix/libs/qedi.c
+index b81fecd..24cb89a 100644
+--- a/iscsiuio/src/unix/libs/qedi.c
+++ b/iscsiuio/src/unix/libs/qedi.c
+@@ -49,7 +49,6 @@
+ #include <arpa/inet.h>
+ #include <linux/types.h>
+ #include <linux/sockios.h>
+-#include <linux/ethtool.h>
+ #include <linux/netlink.h>
+ #include <sys/mman.h>
+ #include <sys/ioctl.h>
+-- 
+2.16.1
+
@@ -0,0 +1,25 @@
+From 2b39f85dcf020647544002cb0b0e734748391dfb Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 2 Feb 2018 23:27:25 -0800
+Subject: [PATCH 2/4] idbm.c: Include fcnl.h for O_RDWR and O_CREAT definitions
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ usr/idbm.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/usr/idbm.c b/usr/idbm.c
+index 5532202..0a51b85 100644
+--- a/usr/idbm.c
+++ b/usr/idbm.c
+@@ -27,6 +27,7 @@
+ #include <errno.h>
+ #include <dirent.h>
+ #include <limits.h>
+#include <fcntl.h>
+ #include <sys/stat.h>
+ #include <sys/file.h>
+ 
+-- 
+2.16.1
+
@@ -1,39 +0,0 @@
-From 035bb16845537351e1bccb16d38981754fd53129 Mon Sep 17 00:00:00 2001
-From: Lee Duncan <lduncan@suse.com>
-Date: Fri, 15 Dec 2017 10:37:56 -0800
-Subject: [PATCH 2/7] iscsiuio should ignore bogus iscsid broadcast packets
-
-When iscsiuio is receiving broadcast packets from iscsid,
-if the 'payload_len', carried in the packet, is too
-large then ignore the packet and print a message.
-Found by Qualsys.
-
-CVE: CVE-2017-17840
-
-Upstream-Status: Backport
-
-Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
---
- iscsiuio/src/unix/iscsid_ipc.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c
-index 08e49e5..dfdae63 100644
--- a/iscsiuio/src/unix/iscsid_ipc.c
-+++ b/iscsiuio/src/unix/iscsid_ipc.c
-@@ -950,6 +950,12 @@ int process_iscsid_broadcast(int s2)
- 
- 	cmd = data->header.command;
- 	payload_len = data->header.payload_len;
-+	if (payload_len > sizeof(data->u)) {
-+		LOG_ERR(PFX "Data payload length too large (%d). Corrupt payload?",
-+				payload_len);
-+		rc = -EINVAL;
-+		goto error;
-+	}
- 
- 	LOG_DEBUG(PFX "recv iscsid request: cmd: %d, payload_len: %d",
- 		  cmd, payload_len);
-- 
-1.9.1
-
@@ -0,0 +1,29 @@
+From 29571f71692e28ce9a17d1450097a98492f3b465 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 2 Feb 2018 22:54:04 -0800
+Subject: [PATCH 2/2] libopeniscsiusr: Add CFLAGS to linker cmdline
+
+This will ensure that -fPIC is passed to linker as
+well
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ libopeniscsiusr/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libopeniscsiusr/Makefile b/libopeniscsiusr/Makefile
+index 8b9b523..4f1d0d6 100644
+--- a/libopeniscsiusr/Makefile
+++ b/libopeniscsiusr/Makefile
+@@ -49,7 +49,7 @@ LIBADD =
+ all: $(LIBS) $(LIBS_MAJOR) $(TESTS) doc
+ 
+ $(LIBS): $(OBJS)
+-	$(CC) $(LDFLAGS) -shared -Wl,-soname=$@ -o $@ $(OBJS) $(LIBADD)
+	$(CC) $(CFLAGS) $(LDFLAGS) -shared -Wl,-soname=$@ -o $@ $(OBJS) $(LIBADD)
+ 	ln -sf $@ $(DEVLIB)
+ 
+ $(LIBS_MAJOR): $(LIBS)
+-- 
+2.16.1
+
@@ -1,34 +0,0 @@
-From 81d3106cf8f09c79fe20ad7d234d7e1dda27bddb Mon Sep 17 00:00:00 2001
-From: Lee Duncan <lduncan@suse.com>
-Date: Fri, 15 Dec 2017 11:11:17 -0800
-Subject: [PATCH 3/7] Ensure all fields in iscsiuio IPC response are set
-
-Make sure all fields in the response strcuture are set,
-or info from the stack can be leaked to our caller.
-Found by Qualsys.
-
-CVE: CVE-2017-17840
-
-Upstream-Status: Backport
-
-Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
---
- iscsiuio/src/unix/iscsid_ipc.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c
-index dfdae63..61e96cc 100644
--- a/iscsiuio/src/unix/iscsid_ipc.c
-+++ b/iscsiuio/src/unix/iscsid_ipc.c
-@@ -960,6 +960,8 @@ int process_iscsid_broadcast(int s2)
- 	LOG_DEBUG(PFX "recv iscsid request: cmd: %d, payload_len: %d",
- 		  cmd, payload_len);
- 
-+	memset(&rsp, 0, sizeof(rsp));
-+
- 	switch (cmd) {
- 	case ISCSID_UIP_IPC_GET_IFACE:
- 		size = fread(&data->u.iface_rec, payload_len, 1, fd);
-- 
-1.9.1
-
@@ -0,0 +1,49 @@
+From 9b7a32903b56ce4d41f264a345ca59a0b00d53b3 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 2 Feb 2018 23:28:33 -0800
+Subject: [PATCH 3/4] bnx2x.c: Reorder the includes to avoid duplicate defines
+ with musl
+
+including nic.h before linux/ethtool.h avoids redefinitions of
+eth structs
+
+/mnt/a/oe/build/tmp/work/cortexa7t2hf-neon-vfpv4-bec-linux-musleabi/iscsi-initiator-utils/2.0.876-r0/recipe-sysroot/
+usr/include/netinet/if_ether.h:104:8: error: redefinition of 'struct ethhdr'
+ struct ethhdr {
+        ^~~~~~
+In file included from /mnt/a/oe/build/tmp/work/cortexa7t2hf-neon-vfpv4-bec-linux-musleabi/iscsi-initiator-utils/2.0.
+876-r0/recipe-sysroot/usr/include/linux/ethtool.h:19:0,
+                 from qedi.c:52:
+/mnt/a/oe/build/tmp/work/cortexa7t2hf-neon-vfpv4-bec-linux-musleabi/iscsi-initiator-utils/2.0.876-r0/recipe-sysroot/
+usr/include/linux/if_ether.h:154:8: note: originally defined here
+ struct ethhdr {
+        ^~~~~~
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ iscsiuio/src/unix/libs/bnx2x.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/iscsiuio/src/unix/libs/bnx2x.c b/iscsiuio/src/unix/libs/bnx2x.c
+index 3df6d5f..62530d1 100644
+--- a/iscsiuio/src/unix/libs/bnx2x.c
+++ b/iscsiuio/src/unix/libs/bnx2x.c
+@@ -36,6 +36,7 @@
+  * bnx2x.c - bnx2x user space driver
+  *
+  */
+#include "nic.h"
+ #include <errno.h>
+ #include <stdio.h>
+ #include <string.h>
+@@ -58,7 +59,6 @@
+ #include "bnx2x.h"
+ #include "cnic.h"
+ #include "logger.h"
+-#include "nic.h"
+ #include "nic_id.h"
+ #include "nic_utils.h"
+ #include "options.h"
+-- 
+2.16.1
+
@@ -1,62 +0,0 @@
-From 8167e5ce99682f64918a20966ce393cd33ac67ef Mon Sep 17 00:00:00 2001
-From: Lee Duncan <lduncan@suse.com>
-Date: Fri, 15 Dec 2017 11:13:29 -0800
-Subject: [PATCH 4/7] Do not double-close IPC file stream to iscsid
-
-A double-close of a file descriptor and its associated FILE stream
-can be an issue in multi-threaded cases. Found by Qualsys.
-
-CVE: CVE-2017-17840
-
-Upstream-Status: Backport
-
-Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
---
- iscsiuio/src/unix/iscsid_ipc.c | 9 +++++++--
- 1 file changed, 7 insertions(+), 2 deletions(-)
-
-diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c
-index 61e96cc..bde8d66 100644
--- a/iscsiuio/src/unix/iscsid_ipc.c
-+++ b/iscsiuio/src/unix/iscsid_ipc.c
-@@ -913,6 +913,9 @@ early_exit:
- /**
-  *  process_iscsid_broadcast() - This function is used to process the
-  *                               broadcast messages from iscsid
-+ *
-+ *                               s2 is an open file descriptor, which
-+ *                               must not be left open upon return
-  */
- int process_iscsid_broadcast(int s2)
- {
-@@ -928,6 +931,7 @@ int process_iscsid_broadcast(int s2)
- 	if (fd == NULL) {
- 		LOG_ERR(PFX "Couldn't open file descriptor: %d(%s)",
- 			errno, strerror(errno));
-+		close(s2);
- 		return -EIO;
- 	}
- 
-@@ -1030,7 +1034,8 @@ int process_iscsid_broadcast(int s2)
- 	}
- 
- error:
-	free(data);
-+	if (data)
-+		free(data);
- 	fclose(fd);
- 
- 	return rc;
-@@ -1132,8 +1137,8 @@ static void *iscsid_loop(void *arg)
- 			break;
- 		}
- 
-+		/* this closes the file descriptor s2 */
- 		process_iscsid_broadcast(s2);
-		close(s2);
- 	}
- 
- 	pthread_cleanup_pop(0);
-- 
-1.9.1
-
@@ -0,0 +1,28 @@
+From 6f9c1a04d250388d1574cfaf20a1ff66a64beb48 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 2 Feb 2018 23:42:12 -0800
+Subject: [PATCH 4/4] fwparam_ppc.c: Do not use __compar_fn_t
+
+__compar_fn_t is not defined in musl
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ utils/fwparam_ibft/fwparam_ppc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/utils/fwparam_ibft/fwparam_ppc.c b/utils/fwparam_ibft/fwparam_ppc.c
+index c298b8c..391faa2 100644
+--- a/utils/fwparam_ibft/fwparam_ppc.c
+++ b/utils/fwparam_ibft/fwparam_ppc.c
+@@ -356,7 +356,7 @@ static int loop_devs(const char *devtree)
+ 	 * Sort the nics into "natural" order.	The proc fs
+ 	 * device-tree has them in somewhat random, or reversed order.
+ 	 */
+-	qsort(niclist, nic_count, sizeof(char *), (__compar_fn_t)nic_cmp);
+	qsort(niclist, nic_count, sizeof(char *), nic_cmp);
+ 
+ 	snprintf(prefix, sizeof(prefix), "%s/%s", devtree, "aliases");
+ 	dev_count = 0;
+-- 
+2.16.1
+
@@ -1,78 +0,0 @@
-From c9fc86a50459776d9a7abb609f6503c57d69e034 Mon Sep 17 00:00:00 2001
-From: Lee Duncan <lduncan@suse.com>
-Date: Fri, 15 Dec 2017 11:15:26 -0800
-Subject: [PATCH 5/7] Ensure strings from peer are copied correctly.
-
-The method of using strlen() and strcpy()/strncpy() has
-a couple of holes. Do not try to measure the length of
-strings supplied from peer, and ensure copied strings are
-NULL-terminated. Use the new strlcpy() instead.
-Found by Qualsys.
-
-CVE: CVE-2017-17840
-
-Upstream-Status: Backport
-
-Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
---
- iscsiuio/src/unix/iscsid_ipc.c | 24 ++++++------------------
- 1 file changed, 6 insertions(+), 18 deletions(-)
-
-diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c
-index bde8d66..52ae8c6 100644
--- a/iscsiuio/src/unix/iscsid_ipc.c
-+++ b/iscsiuio/src/unix/iscsid_ipc.c
-@@ -152,10 +152,7 @@ static int decode_cidr(char *in_ipaddr_str, struct iface_rec_decode *ird)
- 	struct in_addr ia;
- 	struct in6_addr ia6;
- 
-	if (strlen(in_ipaddr_str) > NI_MAXHOST)
-		strncpy(ipaddr_str, in_ipaddr_str, NI_MAXHOST);
-	else
-		strcpy(ipaddr_str, in_ipaddr_str);
-+	strlcpy(ipaddr_str, in_ipaddr_str, NI_MAXHOST);
- 
- 	/* Find the CIDR if any */
- 	tmp = strchr(ipaddr_str, '/');
-@@ -287,22 +284,16 @@ static int decode_iface(struct iface_rec_decode *ird, struct iface_rec *rec)
- 
- 			/* For LL on, ignore the IPv6 addr in the iface */
- 			if (ird->linklocal_autocfg == IPV6_LL_AUTOCFG_OFF) {
-				if (strlen(rec->ipv6_linklocal) > NI_MAXHOST)
-					strncpy(ipaddr_str, rec->ipv6_linklocal,
-						NI_MAXHOST);
-				else
-					strcpy(ipaddr_str, rec->ipv6_linklocal);
-+				strlcpy(ipaddr_str, rec->ipv6_linklocal,
-+					NI_MAXHOST);
- 				inet_pton(AF_INET6, ipaddr_str,
- 					  &ird->ipv6_linklocal);
- 			}
- 
- 			/* For RTR on, ignore the IPv6 addr in the iface */
- 			if (ird->router_autocfg == IPV6_RTR_AUTOCFG_OFF) {
-				if (strlen(rec->ipv6_router) > NI_MAXHOST)
-					strncpy(ipaddr_str, rec->ipv6_router,
-						NI_MAXHOST);
-				else
-					strcpy(ipaddr_str, rec->ipv6_router);
-+				strlcpy(ipaddr_str, rec->ipv6_router,
-+					NI_MAXHOST);
- 				inet_pton(AF_INET6, ipaddr_str,
- 					  &ird->ipv6_router);
- 			}
-@@ -316,10 +307,7 @@ static int decode_iface(struct iface_rec_decode *ird, struct iface_rec *rec)
- 					calculate_default_netmask(
- 							ird->ipv4_addr.s_addr);
- 
-			if (strlen(rec->gateway) > NI_MAXHOST)
-				strncpy(ipaddr_str, rec->gateway, NI_MAXHOST);
-			else
-				strcpy(ipaddr_str, rec->gateway);
-+			strlcpy(ipaddr_str, rec->gateway, NI_MAXHOST);
- 			inet_pton(AF_INET, ipaddr_str, &ird->ipv4_gateway);
- 		}
- 	} else {
-- 
-1.9.1
-
@@ -1,44 +0,0 @@
-From a6efed7601c890ac051ad1425582ec67dbd3f5ff Mon Sep 17 00:00:00 2001
-From: Lee Duncan <lduncan@suse.com>
-Date: Fri, 15 Dec 2017 11:18:35 -0800
-Subject: [PATCH 6/7] Skip useless strcopy, and validate CIDR length
-
-Remove a useless strcpy() that copies a string onto itself,
-and ensure the CIDR length "keepbits" is not negative.
-Found by Qualsys.
-
-CVE: CVE-2017-17840
-
-Upstream-Status: Backport
-
-Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
---
- iscsiuio/src/unix/iscsid_ipc.c | 5 ++---
- 1 file changed, 2 insertions(+), 3 deletions(-)
-
-diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c
-index 52ae8c6..85742da 100644
--- a/iscsiuio/src/unix/iscsid_ipc.c
-+++ b/iscsiuio/src/unix/iscsid_ipc.c
-@@ -148,7 +148,7 @@ static int decode_cidr(char *in_ipaddr_str, struct iface_rec_decode *ird)
- 	char *tmp, *tok;
- 	char ipaddr_str[NI_MAXHOST];
- 	char str[INET6_ADDRSTRLEN];
-	int keepbits = 0;
-+	unsigned long keepbits = 0;
- 	struct in_addr ia;
- 	struct in6_addr ia6;
- 
-@@ -161,8 +161,7 @@ static int decode_cidr(char *in_ipaddr_str, struct iface_rec_decode *ird)
- 		tmp = ipaddr_str;
- 		tok = strsep(&tmp, "/");
- 		LOG_INFO(PFX "in cidr: bitmask '%s' ip '%s'", tmp, tok);
-		keepbits = atoi(tmp);
-		strcpy(ipaddr_str, tok);
-+		keepbits = strtoull(tmp, NULL, 10);
- 	}
- 
- 	/*  Determine if the IP address passed from the iface file is
-- 
-1.9.1
-
@@ -1,64 +0,0 @@
-From 5df60ad8b22194391af34c1a7e54776b0372ffed Mon Sep 17 00:00:00 2001
-From: Lee Duncan <lduncan@suse.com>
-Date: Fri, 15 Dec 2017 11:21:15 -0800
-Subject: [PATCH 7/7] Check iscsiuio ping data length for validity
-
-We do not trust that the received ping packet data length
-is correct, so sanity check it. Found by Qualsys.
-
-CVE: CVE-2017-17840
-
-Upstream-Status: Backport
-
-Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
---
- iscsiuio/src/unix/iscsid_ipc.c | 5 +++++
- iscsiuio/src/unix/packet.c     | 2 +-
- iscsiuio/src/unix/packet.h     | 2 ++
- 3 files changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c
-index 85742da..a2caacc 100644
--- a/iscsiuio/src/unix/iscsid_ipc.c
-+++ b/iscsiuio/src/unix/iscsid_ipc.c
-@@ -333,6 +333,11 @@ static void *perform_ping(void *arg)
- 
- 	data = (iscsid_uip_broadcast_t *)png_c->data;
- 	datalen = data->u.ping_rec.datalen;
-+	if ((datalen > STD_MTU_SIZE) || (datalen < 0)) {
-+		LOG_ERR(PFX "Ping datalen invalid: %d", datalen);
-+		rc = -EINVAL;
-+		goto ping_done;
-+	}
- 
- 	memset(dst_addr, 0, sizeof(uip_ip6addr_t));
- 	if (nic_iface->protocol == AF_INET) {
-diff --git a/iscsiuio/src/unix/packet.c b/iscsiuio/src/unix/packet.c
-index ecea09b..3ce2c6b 100644
--- a/iscsiuio/src/unix/packet.c
-+++ b/iscsiuio/src/unix/packet.c
-@@ -112,7 +112,7 @@ int alloc_free_queue(nic_t *nic, size_t num_of_packets)
- 	for (i = 0; i < num_of_packets; i++) {
- 		packet_t *pkt;
- 
-		pkt = alloc_packet(1500, 1500);
-+		pkt = alloc_packet(STD_MTU_SIZE, STD_MTU_SIZE);
- 		if (pkt == NULL) {
- 			goto done;
- 		}
-diff --git a/iscsiuio/src/unix/packet.h b/iscsiuio/src/unix/packet.h
-index b63d688..19d1db9 100644
--- a/iscsiuio/src/unix/packet.h
-+++ b/iscsiuio/src/unix/packet.h
-@@ -43,6 +43,8 @@
- 
- #include "nic.h"
- 
-+#define	STD_MTU_SIZE	1500
-+
- struct nic;
- struct nic_interface;
- 
-- 
-1.9.1
-
@@ -1,44 +0,0 @@
-From 4ebab8add4a549c16ab8b124137546c0a7b46a9b Mon Sep 17 00:00:00 2001
-From: Joe MacDonald <joe_macdonald@mentor.com>
-Date: Tue, 15 Nov 2016 11:11:30 -0500
-Subject: [PATCH] Do not clean kernel source
-
-The default behaviour should not be to attempt to clean the kernel source
-tree when building userspace.  When not cross-compiling, however, this action is
-harmless, but when attempting to build within the sysroot and since this package
-is purely userspace, the clean step will fail.
-
-Removing the clean step eliminates an unnecessary dependency on the kernel build
-infrastructure.
-
-Upstream-status: Inappropriate (embedded specific)
-
-Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
---
- Makefile | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/Makefile b/Makefile
-index c8cd00e..9576bba 100644
--- a/Makefile
-+++ b/Makefile
-@@ -37,7 +37,7 @@ endif
- 
- all: user
- 
-user: iscsiuio/Makefile
-+user:
- 	$(MAKE) -C utils/sysdeps
- 	$(MAKE) -C utils/fwparam_ibft
- 	$(MAKE) -C usr
-@@ -75,7 +75,6 @@ clean:
- 	$(MAKE) -C utils/fwparam_ibft clean
- 	$(MAKE) -C utils clean
- 	$(MAKE) -C usr clean
-	$(MAKE) -C kernel clean
- 	[ ! -f iscsiuio/Makefile ] || $(MAKE) -C iscsiuio clean
- 	[ ! -f iscsiuio/Makefile ] || $(MAKE) -C iscsiuio distclean
- 
-- 
-1.9.1
-
@@ -1,35 +0,0 @@
-From 79bea58a554205dd185509fbc4e76b5fc40f9038 Mon Sep 17 00:00:00 2001
-From: Joe MacDonald <joe_macdonald@mentor.com>
-Date: Tue, 15 Nov 2016 12:36:45 -0500
-Subject: [PATCH] fw_context: add include for NI_MAXHOST definiton
-
-This appears to build successfully with gcc 4.x but fails on gcc 5+, though it's
-not immediately clear why NI_MAXHOST isn't being defined from the include
-chain.  Currently engaging with the upstream devs to determine the best course
-of action, but this is an adequate workaround.
-
-Upstream-status: Pending
-
-Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
---
- include/fw_context.h | 4 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/include/fw_context.h b/include/fw_context.h
-index 44053d8..0b05cea 100644
--- a/include/fw_context.h
-+++ b/include/fw_context.h
-@@ -21,6 +21,10 @@
- #ifndef FWPARAM_CONTEXT_H_
- #define FWPARAM_CONTEXT_H_
- 
-+#include <sys/socket.h>
-+#ifndef NI_MAXHOST
-+#define NI_MAXHOST 1025
-+#endif
- #include <netdb.h>
- #include <net/if.h>
- 
-- 
-2.1.4
-
@@ -11,26 +11,22 @@ DEPENDS = "openssl flex-native bison-native open-isns util-linux"

 LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"

-SRCREV ?= "8db9717e73d32d2c5131da4f9ad86dfd9065f74b"
+SRCREV ?= "24580adc4c174bbc5dde3ae7594a46d57635e906"

 SRC_URI = "git://github.com/open-iscsi/open-iscsi \
-    file://iscsi-initiator-utils-Do-not-clean-kernel-source.patch \
-    file://iscsi-initiator-utils-fw_context-add-include-for-NI_MAXHOST-definiton.patch \
    file://initd.debian \
    file://99_iscsi-initiator-utils \
    file://iscsi-initiator \
    file://iscsi-initiator.service \
    file://iscsi-initiator-targets.service \
    file://set_initiatorname \
-    file://0001-Check-for-root-peer-user-for-iscsiuio-IPC.patch \
-    file://0002-iscsiuio-should-ignore-bogus-iscsid-broadcast-packet.patch \
-    file://0003-Ensure-all-fields-in-iscsiuio-IPC-response-are-set.patch \
-    file://0004-Do-not-double-close-IPC-file-stream-to-iscsid.patch \
-    file://0005-Ensure-strings-from-peer-are-copied-correctly.patch \
-    file://0006-Skip-useless-strcopy-and-validate-CIDR-length.patch \
-    file://0007-Check-iscsiuio-ping-data-length-for-validity.patch \
+    file://0001-libopeniscsiusr-Include-limit.h-for-PATH_MAX.patch \
+    file://0002-libopeniscsiusr-Add-CFLAGS-to-linker-cmdline.patch \
+    file://0001-qedi.c-Removed-unused-linux-ethtool.h.patch \
+    file://0002-idbm.c-Include-fcnl.h-for-O_RDWR-and-O_CREAT-definit.patch \
+    file://0003-bnx2x.c-Reorder-the-includes-to-avoid-duplicate-defi.patch \
+    file://0004-fwparam_ppc.c-Do-not-use-__compar_fn_t.patch \
 "
-
 S = "${WORKDIR}/git"
 B = "${WORKDIR}/build"

@@ -39,25 +35,15 @@ inherit update-rc.d systemd autotools
 EXTRA_OECONF = " \
    --target=${TARGET_SYS} \
    --host=${BUILD_SYS} \
-    --prefix=${prefix} \
-    --libdir=${libdir} \
 "

 EXTRA_OEMAKE = ' \
-    CC="${CC}" \
-    AR="${AR}" \
-    RANLIB="${RANLIB}" \
-    CFLAGS="${CFLAGS} ${CPPFLAGS} -D_GNU_SOURCE -I. -I../include -I../../include -I../usr -I../../usr" \
-    LDFLAGS="${LDFLAGS}" \
-    LD="${LD}" \
    OS="${TARGET_SYS}" \
    TARGET="${TARGET_OS}" \
    BASE="${prefix}" \
    MANDIR="${mandir}" \
 '

-TARGET_CC_ARCH += "${LDFLAGS}"
-
 do_configure () {
    cd ${S}/iscsiuio ; autoreconf --install; ./configure ${EXTRA_OECONF}
 }
@@ -81,12 +67,14 @@ do_install () {
        ${D}${localstatedir}/lib/iscsi/isns \
        ${D}${localstatedir}/lib/iscsi/slp \
        ${D}${localstatedir}/lib/iscsi/ifaces \
-        ${D}/${mandir}/man8
+        ${D}${libdir} \
+        ${D}${mandir}/man8

    install -p -m 755 ${S}/usr/iscsid ${S}/usr/iscsiadm \
        ${S}/utils/iscsi-iname \
        ${S}/usr/iscsistart ${D}/${sbindir}

+    cp -dR ${S}/libopeniscsiusr/libopeniscsiusr.so* ${D}${libdir}
    install -p -m 644 ${S}/doc/iscsiadm.8 ${S}/doc/iscsid.8 ${D}/${mandir}/man8
    install -p -m 644 ${S}/etc/iscsid.conf ${D}${sysconfdir}/iscsi
    install -p -m 755 ${WORKDIR}/initd.debian ${D}${sysconfdir}/init.d/iscsid