3557a7b599
An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory. This occurs in cdp_decode in daemon/protocols/cdp.c. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
73 lines
2.3 KiB
Makefile
73 lines
2.3 KiB
Makefile
################################################################################
|
|
#
|
|
# lldpd
|
|
#
|
|
################################################################################
|
|
|
|
LLDPD_VERSION = 1.0.15
|
|
LLDPD_SITE = https://media.luffy.cx/files/lldpd
|
|
LLDPD_DEPENDENCIES = \
|
|
$(if $(BR2_PACKAGE_CHECK),check) \
|
|
host-pkgconf \
|
|
$(if $(BR2_PACKAGE_LIBCAP),libcap) \
|
|
libevent \
|
|
$(if $(BR2_PACKAGE_VALGRIND),valgrind)
|
|
LLDPD_LICENSE = ISC
|
|
LLDPD_LICENSE_FILES = LICENSE
|
|
LLDPD_CPE_ID_VENDOR = lldpd_project
|
|
|
|
# 0001-daemon-fix-read-overflow-when-parsing-CDP-addresses.patch
|
|
LLDPD_IGNORE_CVES += CVE-2023-41910
|
|
|
|
# Detection of c99 support in configure fails without WCHAR. To enable
|
|
# automatic detection of c99 support by configure, we need to enable
|
|
# WCHAR in toolchain. But actually we do not need WCHAR at lldpd
|
|
# runtime. So requesting WCHAR in toolchain just for automatic detection
|
|
# will be overkill. To solve this, explicitly -specify c99 here.
|
|
LLDPD_CONF_ENV = ac_cv_prog_cc_c99=-std=gnu99
|
|
|
|
LLDPD_CONF_OPTS = \
|
|
--without-embedded-libevent \
|
|
--without-seccomp \
|
|
--without-libbsd \
|
|
--disable-hardening \
|
|
--disable-privsep \
|
|
$(if $(BR2_PACKAGE_LLDPD_CDP),--enable-cdp,--disable-cdp) \
|
|
$(if $(BR2_PACKAGE_LLDPD_FDP),--enable-fdp,--disable-fdp) \
|
|
$(if $(BR2_PACKAGE_LLDPD_EDP),--enable-edp,--disable-edp) \
|
|
$(if $(BR2_PACKAGE_LLDPD_SONMP),--enable-sonmp,--disable-sonmp) \
|
|
$(if $(BR2_PACKAGE_LLDPD_LLDPMED),--enable-lldpmed,--disable-lldpmed) \
|
|
$(if $(BR2_PACKAGE_LLDPD_DOT1),--enable-dot1,--disable-dot1) \
|
|
$(if $(BR2_PACKAGE_LLDPD_DOT3),--enable-dot3,--disable-dot3) \
|
|
$(if $(BR2_PACKAGE_LLDPD_CUSTOM_TLV),--enable-custom,--disable-custom)
|
|
|
|
ifeq ($(BR2_PACKAGE_LIBXML2),y)
|
|
LLDPD_CONF_OPTS += --with-xml
|
|
LLDPD_DEPENDENCIES += libxml2
|
|
else
|
|
LLDPD_CONF_OPTS += --without-xml
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_NETSNMP),y)
|
|
LLDPD_CONF_OPTS += --with-snmp
|
|
LLDPD_DEPENDENCIES += netsnmp
|
|
LLDPD_CONF_ENV += \
|
|
ac_cv_path_NETSNMP_CONFIG=$(STAGING_DIR)/usr/bin/net-snmp-config
|
|
else
|
|
LLDPD_CONF_OPTS += --without-snmp
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_READLINE),y)
|
|
LLDPD_CONF_OPTS += --with-readline
|
|
LLDPD_DEPENDENCIES += readline
|
|
else
|
|
LLDPD_CONF_OPTS += --without-readline
|
|
endif
|
|
|
|
define LLDPD_INSTALL_INIT_SYSV
|
|
$(INSTALL) -D -m 0755 package/lldpd/S60lldpd \
|
|
$(TARGET_DIR)/etc/init.d/S60lldpd
|
|
endef
|
|
|
|
$(eval $(autotools-package))
|