kumquat-buildroot/package/atftp/atftp.mk

################################################################################
#
# atftp
#
################################################################################

ATFTP_VERSION = 0.7.5
ATFTP_SITE = http://sourceforge.net/projects/atftp/files
ATFTP_LICENSE = GPL-2.0+
ATFTP_LICENSE_FILES = LICENSE
ATFTP_CPE_ID_VENDOR = atftp_project
ATFTP_SELINUX_MODULES = tftp
ATFTP_CONF_OPTS = --disable-libwrap --disable-mtftp
# For static we need to explicitly link against libpthread
ATFTP_LIBS = -lpthread
# -fgnu89-inline is needed to avoid multiple definition error with gcc 5. See
# https://gcc.gnu.org/gcc-5/porting_to.html.
ATFTP_CONF_ENV = LIBS="$(ATFTP_LIBS)" \
	CFLAGS="$(TARGET_CFLAGS) -fgnu89-inline"

ifeq ($(BR2_PACKAGE_READLINE),y)
ATFTP_DEPENDENCIES += readline
ATFTP_CONF_OPTS += --enable-libreadline
# For static, readline links with ncurses
ATFTP_LIBS += -lncurses
else
ATFTP_CONF_OPTS += --disable-libreadline
endif

ifeq ($(BR2_PACKAGE_PCRE),y)
ATFTP_DEPENDENCIES += pcre
ATFTP_CONF_OPTS += --enable-libpcre
else
ATFTP_CONF_OPTS += --disable-libpcre
endif

$(eval $(autotools-package))
atftp: new package [Peter: note that readline is optional, drop trailing Config.in line] Signed-off-by: Ryan Barnett <ryan.barnett@rockwellcollins.com> CC: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2014-06-23 16:47:48 +02:00			`################################################################################`
			`#`
			`# atftp`
			`#`
			`################################################################################`

package/atftp: security bump to version 0.7.5 - Fix CVE-2021-41054: tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of data, OACK, and other options. - Update hash of license file (license replaced with current version of the GPL text: https://sourceforge.net/p/atftp/code/ci/bf22ccaef34f5dcdbd48de8b0bea3ef97b9d3545) https://sourceforge.net/p/atftp/code/ci/v0.7.5/tree/Changelog Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> 2021-09-27 23:18:37 +02:00			`ATFTP_VERSION = 0.7.5`
package: remove the trailing slash sign from <PKG>_SITE variable Since the trailing slash is stripped from $($(PKG)_SITE) by pkg-generic.mk: $(call DOWNLOAD,$($(PKG)_SITE:/=)/$($(PKG)_SOURCE)) so it is redundant. This patch removes it from $(PKG)_SITE variable for BR consistency. Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2014-07-31 10:46:58 +02:00			`ATFTP_SITE = http://sourceforge.net/projects/atftp/files`
boot, linux, package: use SPDX short identifier for GPLv2/GPLv2+ We want to use SPDX identifier for license strings as much as possible. SPDX short identifier for GPLv2/GPLv2+ is GPL-2.0/GPL-2.0+. This change is done by using following command. find . -name "*.mk" \| xargs sed -ri '/LICENSE( )?[\+:]?=/s/\<GPLv2\>/GPL-2.0/g' Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-03-30 15:43:32 +02:00			`ATFTP_LICENSE = GPL-2.0+`
atftp: new package [Peter: note that readline is optional, drop trailing Config.in line] Signed-off-by: Ryan Barnett <ryan.barnett@rockwellcollins.com> CC: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2014-06-23 16:47:48 +02:00			`ATFTP_LICENSE_FILES = LICENSE`
package: drop _CPE_ID_VALID, use _CPE_ID_VENDOR FOO_CPE_ID_VALID really ought to be an internal implementaion detail. Packages that really want to trigger their CPE defintitions really should set one of the actual variables to a meaningful value. There are two CPE-related variables that we could chose to set to replace FOO_CPE_ID_VALID: FOO_CPE_ID_VENDOR and FOO_CPE_ID_PRODUCT. Between those two, _VENDOR more often diverges from the default than _PRODUCT does, so that's what we use. ---8<------8<------8<------8<------8<--- #!/bin/bash # Replace FOO_CPE_ID_VALID = YES with FOO_CPE_ID_VENDOR = foo_project for i in $(git grep -l -E '[^)]_CPE_ID_VALID = YES' package support); do pkg="$(basename "${i%/*}")" sed -r -i -e "s/_CPE_ID_VALID = YES/_CPE_ID_VENDOR = ${pkg}_project/" "${i}" done ---8<------8<------8<------8<------8<--- Reported-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Cc: Matthew Weber <matthew.weber@rockwellcollins.com> Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com> [Peter: update cpe-test comment to reflect pkg3 change] Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2021-03-05 23:27:44 +01:00			`ATFTP_CPE_ID_VENDOR = atftp_project`
package/atftp: add SELinux module Support for atftp is added by the services/tftp module in the SELinux refpolicy. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> 2021-07-25 23:30:48 +02:00			`ATFTP_SELINUX_MODULES = tftp`
packages: rename FOO_CONF_OPT into FOO_CONF_OPTS To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS, make the same change for FOO_CONF_OPT. Sed command used: find * -type f \| xargs sed -i 's#_CONF_OPT\>#&S#g' Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2014-09-27 21:32:44 +02:00			`ATFTP_CONF_OPTS = --disable-libwrap --disable-mtftp`
atftp: fix static linking Readline uses ncurses hence pull it in, also needs to explicitly link against libpthread. Fixes: http://autobuild.buildroot.net/results/259/2592612be38a2c1dde21b44be2ecf25d1cc5211a/ Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2014-07-10 15:59:23 +02:00			`# For static we need to explicitly link against libpthread`
			`ATFTP_LIBS = -lpthread`
package/atftp: security bump to version 0.7.2 Fixes the following security issues: CVE-2019-11365: An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple instances of this vulnerable strncpy pattern within the code base, specifically within tftpd_file.c, tftp_file.c, tftpd_mtftp.c, and tftp_mtftp.c. CVE-2019-11366: An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If thread_data is NULL when assigned to current, and modified by another thread before a certain tftpd_list.c check, there is a crash when dereferencing current->next. For details, see https://pulsesecurity.co.nz/advisories/atftpd-multiple-vulnerabilities Patch 0001-Makefile.am-link-against-libpthread-for-atftp.patch patches Makefile.am, so add _AUTORECONF. CFLAGS is now correctly handled since commit f9dbb96844167f (configure.ac: fix hard setting of CFLAGS), so drop the workaround about passing -fgnu89-inline in CPPFLAGS. Add a hash for the license file. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Reviewed-by: Ryan Barnett <ryan.barnett@rockwellcollins.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2019-05-08 08:35:19 +02:00			`# -fgnu89-inline is needed to avoid multiple definition error with gcc 5. See`
atftp: fix build with gcc5 gcc5 defaults to -std=gnu11 which changes the inline semantics. This leads to multiple definition error with 'extern inline'. See https://gcc.gnu.org/gcc-5/porting_to.html for the details. Fixes: http://autobuild.buildroot.net/results/762/762bce2bbc1f994cc796f0442bfa73b7ad64e272/ http://autobuild.buildroot.net/results/28b/28bf6018dcf91ddacfb76f54a92313da8bf182e1/ http://autobuild.buildroot.net/results/fde/fdee23ecd0c5c66fda1ed38efe43048ce934b733/ Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-07-13 21:19:38 +02:00			`# https://gcc.gnu.org/gcc-5/porting_to.html.`
			`ATFTP_CONF_ENV = LIBS="$(ATFTP_LIBS)" \`
package/atftp: security bump to version 0.7.2 Fixes the following security issues: CVE-2019-11365: An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple instances of this vulnerable strncpy pattern within the code base, specifically within tftpd_file.c, tftp_file.c, tftpd_mtftp.c, and tftp_mtftp.c. CVE-2019-11366: An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If thread_data is NULL when assigned to current, and modified by another thread before a certain tftpd_list.c check, there is a crash when dereferencing current->next. For details, see https://pulsesecurity.co.nz/advisories/atftpd-multiple-vulnerabilities Patch 0001-Makefile.am-link-against-libpthread-for-atftp.patch patches Makefile.am, so add _AUTORECONF. CFLAGS is now correctly handled since commit f9dbb96844167f (configure.ac: fix hard setting of CFLAGS), so drop the workaround about passing -fgnu89-inline in CPPFLAGS. Add a hash for the license file. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Reviewed-by: Ryan Barnett <ryan.barnett@rockwellcollins.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2019-05-08 08:35:19 +02:00			`CFLAGS="$(TARGET_CFLAGS) -fgnu89-inline"`
atftp: new package [Peter: note that readline is optional, drop trailing Config.in line] Signed-off-by: Ryan Barnett <ryan.barnett@rockwellcollins.com> CC: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2014-06-23 16:47:48 +02:00
			`ifeq ($(BR2_PACKAGE_READLINE),y)`
			`ATFTP_DEPENDENCIES += readline`
packages: rename FOO_CONF_OPT into FOO_CONF_OPTS To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS, make the same change for FOO_CONF_OPT. Sed command used: find * -type f \| xargs sed -i 's#_CONF_OPT\>#&S#g' Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2014-09-27 21:32:44 +02:00			`ATFTP_CONF_OPTS += --enable-libreadline`
atftp: fix static linking Readline uses ncurses hence pull it in, also needs to explicitly link against libpthread. Fixes: http://autobuild.buildroot.net/results/259/2592612be38a2c1dde21b44be2ecf25d1cc5211a/ Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2014-07-10 15:59:23 +02:00			`# For static, readline links with ncurses`
			`ATFTP_LIBS += -lncurses`
atftp: new package [Peter: note that readline is optional, drop trailing Config.in line] Signed-off-by: Ryan Barnett <ryan.barnett@rockwellcollins.com> CC: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2014-06-23 16:47:48 +02:00			`else`
packages: rename FOO_CONF_OPT into FOO_CONF_OPTS To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS, make the same change for FOO_CONF_OPT. Sed command used: find * -type f \| xargs sed -i 's#_CONF_OPT\>#&S#g' Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2014-09-27 21:32:44 +02:00			`ATFTP_CONF_OPTS += --disable-libreadline`
atftp: new package [Peter: note that readline is optional, drop trailing Config.in line] Signed-off-by: Ryan Barnett <ryan.barnett@rockwellcollins.com> CC: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2014-06-23 16:47:48 +02:00			`endif`

			`ifeq ($(BR2_PACKAGE_PCRE),y)`
			`ATFTP_DEPENDENCIES += pcre`
packages: rename FOO_CONF_OPT into FOO_CONF_OPTS To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS, make the same change for FOO_CONF_OPT. Sed command used: find * -type f \| xargs sed -i 's#_CONF_OPT\>#&S#g' Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2014-09-27 21:32:44 +02:00			`ATFTP_CONF_OPTS += --enable-libpcre`
atftp: new package [Peter: note that readline is optional, drop trailing Config.in line] Signed-off-by: Ryan Barnett <ryan.barnett@rockwellcollins.com> CC: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2014-06-23 16:47:48 +02:00			`else`
packages: rename FOO_CONF_OPT into FOO_CONF_OPTS To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS, make the same change for FOO_CONF_OPT. Sed command used: find * -type f \| xargs sed -i 's#_CONF_OPT\>#&S#g' Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2014-09-27 21:32:44 +02:00			`ATFTP_CONF_OPTS += --disable-libpcre`
atftp: new package [Peter: note that readline is optional, drop trailing Config.in line] Signed-off-by: Ryan Barnett <ryan.barnett@rockwellcollins.com> CC: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2014-06-23 16:47:48 +02:00			`endif`

			`$(eval $(autotools-package))`