kumquat-buildroot/package/tcpdump/tcpdump.mk

33 lines
989 B
Makefile
Raw Normal View History

################################################################################
#
# tcpdump
#
################################################################################
tcpdump: security bump to version 4.9.0 Security fixes in this release (from the Debian changelog): + CVE-2016-7922: buffer overflow in print-ah.c:ah_print(). + CVE-2016-7923: buffer overflow in print-arp.c:arp_print(). + CVE-2016-7924: buffer overflow in print-atm.c:oam_print(). + CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print(). + CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print(). + CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print(). + CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print(). + CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header(). + CVE-2016-7930: buffer overflow in print-llc.c:llc_print(). + CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print(). + CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum(). + CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print(). + CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print(). + CVE-2016-7935: buffer overflow in print-udp.c:rtp_print(). + CVE-2016-7936: buffer overflow in print-udp.c:udp_print(). + CVE-2016-7937: buffer overflow in print-udp.c:vat_print(). + CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame(). + CVE-2016-7939: buffer overflow in print-gre.c, multiple functions. + CVE-2016-7940: buffer overflow in print-stp.c, multiple functions. + CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions. + CVE-2016-7974: buffer overflow in print-ip.c, multiple functions. + CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print(). + CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print(). + CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print(). + CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print(). + CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions. + CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print(). + CVE-2016-7993: a bug in util-print.c:relts_print() could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM). + CVE-2016-8574: buffer overflow in print-fr.c:frf15_print(). + CVE-2016-8575: buffer overflow in print-fr.c:q933_print(). + CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print(). + CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print(). + CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print(). + CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print(). + CVE-2017-5341: buffer overflow in print-otv.c:otv_print(). + CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print(). + CVE-2017-5482: buffer overflow in print-fr.c:q933_print(). + CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse(). + CVE-2017-5484: buffer overflow in print-atm.c:sig_print(). + CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap(). + CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print(). Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-03 06:43:43 +01:00
TCPDUMP_VERSION = 4.9.0
TCPDUMP_SITE = http://www.tcpdump.org/release
TCPDUMP_LICENSE = BSD-3c
TCPDUMP_LICENSE_FILES = LICENSE
TCPDUMP_CONF_ENV = \
ac_cv_linux_vers=2 \
td_cv_buggygetaddrinfo=no \
PCAP_CONFIG=$(STAGING_DIR)/usr/bin/pcap-config
TCPDUMP_CONF_OPTS = \
--without-crypto \
--with-system-libpcap \
$(if $(BR2_PACKAGE_TCPDUMP_SMB),--enable-smb,--disable-smb)
TCPDUMP_DEPENDENCIES = zlib libpcap
ifeq ($(BR2_STATIC_LIBS),y)
packages: use backtick instead of $(shell ...) make function It is often difficult to know exactly when make will expand the variable, and usually it can only be expanded after the dependencies have been built (e.g. pkg-config or the .pc file). Using a backtick instead makes it very clear that it will be expanded only while executing the command. This change is useful for two cases: 1. The per-package staging (and host) directory will be created as part of the configure step, so any $(shell ...) variable that is used in the configure step will fail because the directory doesn't exist yet. 2. 'make printvars' evaluates the variables it prints. It will therefore trigger a lot of errors from missing .pc files and others. The backticks, on the other hand, are not expanded, so with this change the output of 'make printvars' becomes clean again. This commit contains only the easy changes: replace $(shell ...) with `...`, and also replace ' with " where needed. Follow-up commits will tackle the more complicated cases that need additional explanation. After this change, the following instances of $(shell ...) will remain: - All assignments that use := - All variables that are used in make conditionals (which don't expand the backticks). - All variables that only refer to system executables and make variables that don't change. - The calls to check-host-* in dependencies.mk, because it is eval'ed. [Original patch by Fabio Porcedda, but extended quite a bit by Arnout.] Signed-off-by: Fabio Porcedda <fabio.porcedda@gmail.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-07-12 16:35:26 +02:00
TCPDUMP_CONF_OPTS += LIBS="`$(STAGING_DIR)/usr/bin/pcap-config --static --additional-libs`"
endif
# make install installs an unneeded extra copy of the tcpdump binary
define TCPDUMP_REMOVE_DUPLICATED_BINARY
rm -f $(TARGET_DIR)/usr/sbin/tcpdump.$(TCPDUMP_VERSION)
endef
TCPDUMP_POST_INSTALL_TARGET_HOOKS += TCPDUMP_REMOVE_DUPLICATED_BINARY
$(eval $(autotools-package))