[PATCH 1/3] inetutils: fix CVE-2023-40303

[PATCH 1/3] inetutils: fix CVE-2023-40303

[ross.burton]

From: Ross Burton <ross.burton@arm.com>

Backport the patch from upstream.

Signed-off-by: Ross Burton <ross.burton@arm.com>
---
 ...rsh-rshd-uucpd-fix-check-set-id-retu.patch | 283 ++++++++++++++++++
 .../inetutils/inetutils_2.4.bb                |   1 +
 2 files changed, 284 insertions(+)
 create mode 100644 meta/recipes-connectivity/inetutils/inetutils/0001-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-check-set-id-retu.patch

diff --git a/meta/recipes-connectivity/inetutils/inetutils/0001-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-check-set-id-retu.patch b/meta/recipes-connectivity/inetutils/inetutils/0001-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-check-set-id-retu.patch
new file mode 100644
index 00000000000..42353d147c6
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/0001-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-check-set-id-retu.patch
@@ -0,0 +1,283 @@
+From 21a6e7be1935c966d7247bdeb7e2a2cec4b63ba9 Mon Sep 17 00:00:00 2001
+From: Jeffrey Bencteux <jeffbencteux@gmail.com>
+Date: Fri, 30 Jun 2023 19:02:45 +0200
+Subject: [PATCH] ftpd,rcp,rlogin,rsh,rshd,uucpd: fix: check set*id() return
+ values
+
+Several setuid(), setgid(), seteuid() and setguid() return values
+were not checked in ftpd/rcp/rlogin/rsh/rshd/uucpd code potentially
+leading to potential security issues.
+
+Signed-off-by: Jeffrey Bencteux <jeffbencteux@gmail.com>
+Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+CVE: CVE-2023-40303
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ ftpd/ftpd.c  | 10 +++++++---
+ src/rcp.c    | 39 +++++++++++++++++++++++++++++++++------
+ src/rlogin.c | 11 +++++++++--
+ src/rsh.c    | 25 +++++++++++++++++++++----
+ src/rshd.c   | 20 +++++++++++++++++---
+ src/uucpd.c  | 15 +++++++++++++--
+ 6 files changed, 100 insertions(+), 20 deletions(-)
+
+diff --git a/ftpd/ftpd.c b/ftpd/ftpd.c
+index 92b2cca5..28dd523f 100644
+--- a/ftpd/ftpd.c
++++ b/ftpd/ftpd.c
+@@ -862,7 +862,9 @@ end_login (struct credentials *pcred)
+   char *remotehost = pcred->remotehost;
+   int atype = pcred->auth_type;
+ 
+-  seteuid ((uid_t) 0);
++  if (seteuid ((uid_t) 0) == -1)
++    _exit (EXIT_FAILURE);
++
+   if (pcred->logged_in)
+     {
+       logwtmp_keep_open (ttyline, "", "");
+@@ -1151,7 +1153,8 @@ getdatasock (const char *mode)
+ 
+   if (data >= 0)
+     return fdopen (data, mode);
+-  seteuid ((uid_t) 0);
++  if (seteuid ((uid_t) 0) == -1)
++    _exit (EXIT_FAILURE);
+   s = socket (ctrl_addr.ss_family, SOCK_STREAM, 0);
+   if (s < 0)
+     goto bad;
+@@ -1978,7 +1981,8 @@ passive (int epsv, int af)
+   else	/* !AF_INET6 */
+     ((struct sockaddr_in *) &pasv_addr)->sin_port = 0;
+ 
+-  seteuid ((uid_t) 0);
++  if (seteuid ((uid_t) 0) == -1)
++    _exit (EXIT_FAILURE);
+   if (bind (pdata, (struct sockaddr *) &pasv_addr, pasv_addrlen) < 0)
+     {
+       if (seteuid ((uid_t) cred.uid))
+diff --git a/src/rcp.c b/src/rcp.c
+index 75adb253..cdcf8500 100644
+--- a/src/rcp.c
++++ b/src/rcp.c
+@@ -345,14 +345,23 @@ main (int argc, char *argv[])
+   if (from_option)
+     {				/* Follow "protocol", send data. */
+       response ();
+-      setuid (userid);
++
++      if (setuid (userid) == -1)
++      {
++        error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
++      }
++
+       source (argc, argv);
+       exit (errs);
+     }
+ 
+   if (to_option)
+     {				/* Receive data. */
+-      setuid (userid);
++      if (setuid (userid) == -1)
++      {
++        error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
++      }
++
+       sink (argc, argv);
+       exit (errs);
+     }
+@@ -537,7 +546,11 @@ toremote (char *targ, int argc, char *argv[])
+ 	      if (response () < 0)
+ 		exit (EXIT_FAILURE);
+ 	      free (bp);
+-	      setuid (userid);
++
++	      if (setuid (userid) == -1)
++              {
++                error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
++              }
+ 	    }
+ 	  source (1, argv + i);
+ 	  close (rem);
+@@ -630,7 +643,12 @@ tolocal (int argc, char *argv[])
+ 	  ++errs;
+ 	  continue;
+ 	}
+-      seteuid (userid);
++
++      if (seteuid (userid) == -1)
++      {
++        error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
++      }
++
+ #if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT
+       sslen = sizeof (ss);
+       (void) getpeername (rem, (struct sockaddr *) &ss, &sslen);
+@@ -643,7 +661,12 @@ tolocal (int argc, char *argv[])
+ #endif
+       vect[0] = target;
+       sink (1, vect);
+-      seteuid (effuid);
++
++      if (seteuid (effuid) == -1)
++      {
++        error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
++      }
++
+       close (rem);
+       rem = -1;
+ #ifdef SHISHI
+@@ -1441,7 +1464,11 @@ susystem (char *s, int userid)
+       return (127);
+ 
+     case 0:
+-      setuid (userid);
++      if (setuid (userid) == -1)
++      {
++        error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
++      }
++
+       execl (PATH_BSHELL, "sh", "-c", s, NULL);
+       _exit (127);
+     }
+diff --git a/src/rlogin.c b/src/rlogin.c
+index aa6426fb..c543de0c 100644
+--- a/src/rlogin.c
++++ b/src/rlogin.c
+@@ -647,8 +647,15 @@ try_connect:
+   /* Now change to the real user ID.  We have to be set-user-ID root
+      to get the privileged port that rcmd () uses.  We now want, however,
+      to run as the real user who invoked us.  */
+-  seteuid (uid);
+-  setuid (uid);
++  if (seteuid (uid) == -1)
++  {
++    error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
++  }
++
++  if (setuid (uid) == -1)
++  {
++    error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
++  }
+ 
+   doit (&osmask);	/* The old mask will activate SIGURG and SIGUSR1!  */
+ 
+diff --git a/src/rsh.c b/src/rsh.c
+index 2d622ca4..6f60667d 100644
+--- a/src/rsh.c
++++ b/src/rsh.c
+@@ -276,8 +276,17 @@ main (int argc, char **argv)
+     {
+       if (asrsh)
+ 	*argv = (char *) "rlogin";
+-      seteuid (getuid ());
+-      setuid (getuid ());
++
++      if (seteuid (getuid ()) == -1)
++      {
++        error (EXIT_FAILURE, errno, "seteuid() failed");
++      }
++
++      if (setuid (getuid ()) == -1)
++      {
++        error (EXIT_FAILURE, errno, "setuid() failed");
++      }
++
+       execv (PATH_RLOGIN, argv);
+       error (EXIT_FAILURE, errno, "cannot execute %s", PATH_RLOGIN);
+     }
+@@ -541,8 +550,16 @@ try_connect:
+ 	error (0, errno, "setsockopt DEBUG (ignored)");
+     }
+ 
+-  seteuid (uid);
+-  setuid (uid);
++  if (seteuid (uid) == -1)
++  {
++    error (EXIT_FAILURE, errno, "seteuid() failed");
++  }
++
++  if (setuid (uid) == -1)
++  {
++    error (EXIT_FAILURE, errno, "setuid() failed");
++  }
++
+ #ifdef HAVE_SIGACTION
+   sigemptyset (&sigs);
+   sigaddset (&sigs, SIGINT);
+diff --git a/src/rshd.c b/src/rshd.c
+index d1c0d0cd..707790e7 100644
+--- a/src/rshd.c
++++ b/src/rshd.c
+@@ -1847,8 +1847,18 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
+     pwd->pw_shell = PATH_BSHELL;
+ 
+   /* Set the gid, then uid to become the user specified by "locuser" */
+-  setegid ((gid_t) pwd->pw_gid);
+-  setgid ((gid_t) pwd->pw_gid);
++  if (setegid ((gid_t) pwd->pw_gid) == -1)
++  {
++    rshd_error ("Cannot drop privileges (setegid() failed)\n");
++    exit (EXIT_FAILURE);
++  }
++
++  if (setgid ((gid_t) pwd->pw_gid) == -1)
++  {
++    rshd_error ("Cannot drop privileges (setgid() failed)\n");
++    exit (EXIT_FAILURE);
++  }
++
+ #ifdef HAVE_INITGROUPS
+   initgroups (pwd->pw_name, pwd->pw_gid);	/* BSD groups */
+ #endif
+@@ -1870,7 +1880,11 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
+     }
+ #endif /* WITH_PAM */
+ 
+-  setuid ((uid_t) pwd->pw_uid);
++  if (setuid ((uid_t) pwd->pw_uid) == -1)
++  {
++    rshd_error ("Cannot drop privileges (setuid() failed)\n");
++    exit (EXIT_FAILURE);
++  }
+ 
+   /* We'll execute the client's command in the home directory
+    * of locuser. Note, that the chdir must be executed after
+diff --git a/src/uucpd.c b/src/uucpd.c
+index 107589e1..29cfce35 100644
+--- a/src/uucpd.c
++++ b/src/uucpd.c
+@@ -252,7 +252,12 @@ doit (struct sockaddr *sap, socklen_t salen)
+   snprintf (Username, sizeof (Username), "USER=%s", user);
+   snprintf (Logname, sizeof (Logname), "LOGNAME=%s", user);
+   dologin (pw, sap, salen);
+-  setgid (pw->pw_gid);
++
++  if (setgid (pw->pw_gid) == -1)
++  {
++    fprintf (stderr, "setgid() failed");
++    return;
++  }
+ #ifdef HAVE_INITGROUPS
+   initgroups (pw->pw_name, pw->pw_gid);
+ #endif
+@@ -261,7 +266,13 @@ doit (struct sockaddr *sap, socklen_t salen)
+       fprintf (stderr, "Login incorrect.");
+       return;
+     }
+-  setuid (pw->pw_uid);
++
++  if (setuid (pw->pw_uid) == -1)
++  {
++    fprintf (stderr, "setuid() failed");
++    return;
++  }
++
+   execl (uucico_location, "uucico", NULL);
+   perror ("uucico server: execl");
+ }
+-- 
+2.34.1
+
diff --git a/meta/recipes-connectivity/inetutils/inetutils_2.4.bb b/meta/recipes-connectivity/inetutils/inetutils_2.4.bb
index bcc3a0258e6..9b4c98d63cc 100644
--- a/meta/recipes-connectivity/inetutils/inetutils_2.4.bb
+++ b/meta/recipes-connectivity/inetutils/inetutils_2.4.bb
@@ -22,6 +22,7 @@ SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \
            file://tftpd.xinetd.inetutils \
            file://inetutils-1.9-PATH_PROCNET_DEV.patch \
            file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \
+           file://0001-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-check-set-id-retu.patch \
 "
 
 inherit autotools gettext update-alternatives texinfo
-- 
2.34.1

[PATCH 2/3] inetutils: don't guess target paths

[ross.burton]

From: Ross Burton <ross.burton@arm.com>

inetutils guesses a lot of target paths in cross builds, and warns that
some of them are known to be wrong (for example, whether /proc/net/dev
exists is guessed as 'no').

Add a post-configure function to check for these warnings, and pass
--with-path-* as appropriate to set the paths explicitly.

This means we can remove the patch which was setting PATH_PROCNET_DEV,
and the autoconf cache value inetutils_cv_path_login.

The downside is that these --with-path-* options are not real autoconf
options, so the "unknown options" warning is emitted.  Losing those is
an acceptable compromise, so disable it.

Signed-off-by: Ross Burton <ross.burton@arm.com>
---
 .../inetutils-1.9-PATH_PROCNET_DEV.patch      | 37 -------------------
 .../inetutils/inetutils_2.4.bb                | 18 ++++++++-
 2 files changed, 16 insertions(+), 39 deletions(-)
 delete mode 100644 meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch

diff --git a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch
deleted file mode 100644
index 460ddf98300..00000000000
--- a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 101130f422dd5c01a1459645d7b2a5b8d19720ab Mon Sep 17 00:00:00 2001
-From: Martin Jansa <martin.jansa@gmail.com>
-Date: Wed, 6 Mar 2019 09:36:11 -0500
-Subject: [PATCH] inetutils: define PATH_PROCNET_DEV if not already defined
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-this prevents the following compilation error :
-system/linux.c:401:15: error: 'PATH_PROCNET_DEV' undeclared (first use in this function)
-
-this patch comes from :
- http://repository.timesys.com/buildsources/i/inetutils/inetutils-1.9/
-
-Upstream-Status: Inappropriate [not author]
-
-Signed-of-by: Eric Bénard <eric@eukrea.com>
-
----
- ifconfig/system/linux.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/ifconfig/system/linux.c b/ifconfig/system/linux.c
-index e453b46..4268ca9 100644
---- a/ifconfig/system/linux.c
-+++ b/ifconfig/system/linux.c
-@@ -53,6 +53,10 @@
- #include "../ifconfig.h"
- \f
- 
-+#ifndef PATH_PROCNET_DEV
-+  #define PATH_PROCNET_DEV "/proc/net/dev"
-+#endif
-+
- /* ARPHRD stuff.  */
- 
- static void
diff --git a/meta/recipes-connectivity/inetutils/inetutils_2.4.bb b/meta/recipes-connectivity/inetutils/inetutils_2.4.bb
index 9b4c98d63cc..16e40cc20f8 100644
--- a/meta/recipes-connectivity/inetutils/inetutils_2.4.bb
+++ b/meta/recipes-connectivity/inetutils/inetutils_2.4.bb
@@ -20,7 +20,6 @@ SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \
            file://rsh.xinetd.inetutils \
            file://telnet.xinetd.inetutils \
            file://tftpd.xinetd.inetutils \
-           file://inetutils-1.9-PATH_PROCNET_DEV.patch \
            file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \
            file://0001-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-check-set-id-retu.patch \
 "
@@ -42,15 +41,30 @@ PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6 gl_cv_socket_ipv6=no,"
 PACKAGECONFIG[ping6] = "--enable-ping6,--disable-ping6,"
 
 EXTRA_OECONF = "--with-ncurses-include-dir=${STAGING_INCDIR} \
-        inetutils_cv_path_login=${base_bindir}/login \
         --with-libreadline-prefix=${STAGING_LIBDIR} \
         --enable-rpath=no \
 "
 
+EXTRA_OECONF += "--with-path-login=${base_bindir}/login \
+                 --with-path-cp=${base_bindir}/cp \
+                 --with-path-uucico=${libexecdir}/uuico \
+                 --with-path-procnet-dev=/proc/net/dev"
+
 # These are horrible for security, disable them
 EXTRA_OECONF:append = " --disable-rsh --disable-rshd --disable-rcp \
         --disable-rlogin --disable-rlogind --disable-rexec --disable-rexecd"
 
+# The configure script guesses many paths in cross builds, check for this happening
+do_configure_cross_check() {
+    if grep "may be incorrect because of cross-compilation" ${B}/config.log; then
+        bberror Default path values used, these must be set explicitly
+    fi
+}
+do_configure[postfuncs] += "do_configure_cross_check"
+
+# The --with-path options are not actually options, so this check needs to be silenced
+ERROR_QA:remove = "unknown-configure-option"
+
 do_configure:prepend () {
     export HELP2MAN='true'
     cp ${STAGING_DATADIR_NATIVE}/gettext/config.rpath ${S}/build-aux/config.rpath
-- 
2.34.1

[PATCH 3/3] inetutils: remove obsolete patches

[ross.burton]

From: Ross Burton <ross.burton@arm.com>

fix-disable-ipv6.patch: we don't support uclibc, and most libcs don't
have optional support for IPv6.

inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch and
inetutils-1.8-0003-wchar.patch: these don't appear to be needed anymore.

inetutils-only-check-pam_appl.h-when-pam-enabled.patch: configure.ac
doesn't fail if PAM is disabled anymore.

Signed-off-by: Ross Burton <ross.burton@arm.com>
---
 .../inetutils/fix-disable-ipv6.patch          | 85 -------------------
 ...rse-pull-in-features.h-for-__GLIBC__.patch | 27 ------
 .../inetutils/inetutils-1.8-0003-wchar.patch  | 25 ------
 ...ly-check-pam_appl.h-when-pam-enabled.patch | 49 -----------
 .../inetutils/inetutils_2.4.bb                |  7 +-
 5 files changed, 1 insertion(+), 192 deletions(-)
 delete mode 100644 meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch
 delete mode 100644 meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch
 delete mode 100644 meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch
 delete mode 100644 meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch

diff --git a/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch b/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch
deleted file mode 100644
index 603d2baf9d2..00000000000
--- a/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-From c7c27ba763c613f83c1561e56448b49315c271c5 Mon Sep 17 00:00:00 2001
-From: Jackie Huang <jackie.huang@windriver.com>
-Date: Wed, 6 Mar 2019 09:36:11 -0500
-Subject: [PATCH] Upstream:
- http://www.mail-archive.com/bug-inetutils@gnu.org/msg02103.html
-
-Upstream-Status: Pending
-
-Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
-
----
- ping/ping_common.h | 20 ++++++++++++++++++++
- 1 file changed, 20 insertions(+)
-
-diff --git a/ping/ping_common.h b/ping/ping_common.h
-index 65e3e60..3e84db0 100644
---- a/ping/ping_common.h
-+++ b/ping/ping_common.h
-@@ -18,10 +18,14 @@
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see `http://www.gnu.org/licenses/'. */
- 
-+#include <config.h>
-+
- #include <netinet/in_systm.h>
- #include <netinet/in.h>
- #include <netinet/ip.h>
-+#ifdef HAVE_IPV6
- #include <netinet/icmp6.h>
-+#endif
- #include <icmp.h>
- #include <error.h>
- #include <progname.h>
-@@ -63,7 +67,12 @@ struct ping_stat
-    want to follow the traditional behaviour of ping.  */
- #define DEFAULT_PING_COUNT 0
- 
-+#ifdef HAVE_IPV6
- #define PING_HEADER_LEN (USE_IPV6 ? sizeof (struct icmp6_hdr) : ICMP_MINLEN)
-+#else
-+#define PING_HEADER_LEN (ICMP_MINLEN)
-+#endif
-+
- #define PING_TIMING(s)  ((s) >= sizeof (struct timeval))
- #define PING_DATALEN    (64 - PING_HEADER_LEN)  /* default data length */
- 
-@@ -78,13 +87,20 @@ struct ping_stat
- 
- #define PING_MIN_USER_INTERVAL (200000/PING_PRECISION)
- 
-+#ifdef HAVE_IPV6
- /* FIXME: Adjust IPv6 case for options and their consumption.  */
- #define _PING_BUFLEN(p, u) ((u)? ((p)->ping_datalen + sizeof (struct icmp6_hdr)) : \
- 				   (MAXIPLEN + (p)->ping_datalen + ICMP_TSLEN))
- 
-+#else
-+#define _PING_BUFLEN(p, u) (MAXIPLEN + (p)->ping_datalen + ICMP_TSLEN)
-+#endif
-+
-+#ifdef HAVE_IPV6
- typedef int (*ping_efp6) (int code, void *closure, struct sockaddr_in6 * dest,
- 			  struct sockaddr_in6 * from, struct icmp6_hdr * icmp,
- 			  int datalen);
-+#endif
- 
- typedef int (*ping_efp) (int code,
- 			 void *closure,
-@@ -93,13 +109,17 @@ typedef int (*ping_efp) (int code,
- 			 struct ip * ip, icmphdr_t * icmp, int datalen);
- 
- union event {
-+#ifdef HAVE_IPV6
-   ping_efp6 handler6;
-+#endif
-   ping_efp handler;
- };
- 
- union ping_address {
-   struct sockaddr_in ping_sockaddr;
-+#ifdef HAVE_IPV6
-   struct sockaddr_in6 ping_sockaddr6;
-+#endif
- };
- 
- typedef struct ping_data PING;
diff --git a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch
deleted file mode 100644
index 2974bd4f94d..00000000000
--- a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From f7f785c21306010b2367572250b2822df5bc7728 Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier at gentoo.org>
-Date: Thu, 18 Nov 2010 16:59:14 -0500
-Subject: [PATCH] printf-parse: pull in features.h for __GLIBC__
-
-Upstream-Status: Pending
-
-Signed-off-by: Mike Frysinger <vapier at gentoo.org>
-
----
- lib/printf-parse.h | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/lib/printf-parse.h b/lib/printf-parse.h
-index e7d0f82..d7b4534 100644
---- a/lib/printf-parse.h
-+++ b/lib/printf-parse.h
-@@ -28,6 +28,9 @@
- 
- #include "printf-args.h"
- 
-+#ifdef HAVE_FEATURES_H
-+# include <features.h>	/* for __GLIBC__ */
-+#endif
- 
- /* Flags */
- #define FLAG_GROUP       1      /* ' flag */
diff --git a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch
deleted file mode 100644
index 1ef7e210738..00000000000
--- a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 9089c6eafbf5903174dce87b68476e35db80beb9 Mon Sep 17 00:00:00 2001
-From: Martin Jansa <martin.jansa@gmail.com>
-Date: Wed, 6 Mar 2019 09:36:11 -0500
-Subject: [PATCH] inetutils: Import version 1.9.4
-
-Upstream-Status: Pending
-
----
- lib/wchar.in.h | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/lib/wchar.in.h b/lib/wchar.in.h
-index cdda680..043866a 100644
---- a/lib/wchar.in.h
-+++ b/lib/wchar.in.h
-@@ -77,6 +77,9 @@
- /* The include_next requires a split double-inclusion guard.  */
- #if @HAVE_WCHAR_H@
- # @INCLUDE_NEXT@ @NEXT_WCHAR_H@
-+#else
-+# include <stddef.h>
-+# define MB_CUR_MAX 1
- #endif
- 
- #undef _GL_ALREADY_INCLUDING_WCHAR_H
diff --git a/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch b/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch
deleted file mode 100644
index 2343c03cb48..00000000000
--- a/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From cc66e842e037fba9f06761f942abe5c4856492b8 Mon Sep 17 00:00:00 2001
-From: Kai Kang <kai.kang@windriver.com>
-Date: Wed, 6 Mar 2019 09:36:11 -0500
-Subject: [PATCH] inetutils: Import version 1.9.4
-
-Only check security/pam_appl.h which is provided by package libpam when pam is
-enabled.
-
-Upstream-Status: Pending
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
-
----
- configure.ac | 15 ++++++++++++++-
- 1 file changed, 14 insertions(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index 5e16c3a..18510a8 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -182,6 +182,19 @@ AC_SUBST(LIBUTIL)
- 
- # See if we have libpam.a.  Investigate PAM versus Linux-PAM.
- if test "$with_pam" = yes ; then
-+  AC_CHECK_HEADERS([security/pam_appl.h], [], [], [
-+#include <sys/types.h>
-+#ifdef HAVE_NETINET_IN_SYSTM_H
-+# include <netinet/in_systm.h>
-+#endif
-+#include <netinet/in.h>
-+#ifdef HAVE_NETINET_IP_H
-+# include <netinet/ip.h>
-+#endif
-+#ifdef HAVE_SYS_PARAM_H
-+# include <sys/param.h>
-+#endif
-+])
-   AC_CHECK_LIB(dl, dlopen, LIBDL=-ldl)
-   AC_CHECK_LIB(pam, pam_authenticate, LIBPAM=-lpam)
-   if test "$ac_cv_lib_pam_pam_authenticate" = yes ; then
-@@ -617,7 +630,7 @@ AC_HEADER_DIRENT
- AC_CHECK_HEADERS([arpa/nameser.h arpa/tftp.h fcntl.h features.h \
- 		  glob.h memory.h netinet/ether.h netinet/in_systm.h \
- 		  netinet/ip.h netinet/ip_icmp.h netinet/ip_var.h \
--		  security/pam_appl.h shadow.h \
-+		  shadow.h \
- 		  stropts.h sys/tty.h \
- 		  sys/utsname.h sys/ptyvar.h sys/msgbuf.h sys/filio.h \
- 		  sys/ioctl_compat.h sys/cdefs.h sys/stream.h sys/mkdev.h \
diff --git a/meta/recipes-connectivity/inetutils/inetutils_2.4.bb b/meta/recipes-connectivity/inetutils/inetutils_2.4.bb
index 16e40cc20f8..3cd058e2916 100644
--- a/meta/recipes-connectivity/inetutils/inetutils_2.4.bb
+++ b/meta/recipes-connectivity/inetutils/inetutils_2.4.bb
@@ -13,23 +13,18 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=0c7051aef9219dc7237f206c5c4179a7"
 
 SRC_URI[sha256sum] = "1789d6b1b1a57dfe2a7ab7b533ee9f5dfd9cbf5b59bb1bb3c2612ed08d0f68b2"
 SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \
-           file://inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch \
-           file://inetutils-1.8-0003-wchar.patch \
+           file://0001-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-check-set-id-retu.patch \
            file://rexec.xinetd.inetutils  \
            file://rlogin.xinetd.inetutils \
            file://rsh.xinetd.inetutils \
            file://telnet.xinetd.inetutils \
            file://tftpd.xinetd.inetutils \
-           file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \
-           file://0001-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-check-set-id-retu.patch \
 "
 
 inherit autotools gettext update-alternatives texinfo
 
 acpaths = "-I ./m4"
 
-SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', '', 'file://fix-disable-ipv6.patch', d)}"
-
 PACKAGECONFIG ??= "ftp uucpd \
                    ${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \
                    ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6 ping6', '', d)} \
-- 
2.34.1