mirror of
git://git.openembedded.org/meta-openembedded
synced 2026-01-01 13:58:06 +00:00
fea53271d1
This upgrade adds some new features and fixes numerous bugs including
the following CVEs:
CVE: CVE-2017-16808 (AoE)
CVE: CVE-2018-14468 (FrameRelay)
CVE: CVE-2018-14469 (IKEv1)
CVE: CVE-2018-14470 (BABEL)
CVE: CVE-2018-14466 (AFS/RX)
CVE: CVE-2018-14461 (LDP)
CVE: CVE-2018-14462 (ICMP)
CVE: CVE-2018-14465 (RSVP)
CVE: CVE-2018-14881 (BGP)
CVE: CVE-2018-14464 (LMP)
CVE: CVE-2018-14463 (VRRP)
CVE: CVE-2018-14467 (BGP)
CVE: CVE-2018-10103 (SMB - partially fixed, but SMB printing disabled)
CVE: CVE-2018-10105 (SMB - too unreliably reproduced,
SMB printing disabled)
CVE: CVE-2018-14880 (OSPF6)
CVE: CVE-2018-16451 (SMB)
CVE: CVE-2018-14882 (RPL)
CVE: CVE-2018-16227 (802.11)
CVE: CVE-2018-16229 (DCCP)
CVE: CVE-2018-16301 (was fixed in libpcap)
CVE: CVE-2018-16230 (BGP)
CVE: CVE-2018-16452 (SMB)
CVE: CVE-2018-16300 (BGP)
CVE: CVE-2018-16228 (HNCP)
CVE: CVE-2019-15166 (LMP)
CVE: CVE-2019-15167 (VRRP)
CVE: CVE-2018-14879 (tcpdump -V)
Deleted patch "0001-CVE-2017-16808-AoE-Add-a-missing-bounds-check.patch"
since the fix is included in the upgrade.
Modified patches "avoid-absolute-path-when-searching-for-libdlpi.patch",
"unnecessary-to-check-libpcap.patch", and "add-ptest.path" since
the upgrade renamed configure.in to configure.ac and made changes
to the file.
Added PACKAGECONFIG for smb. It is disabled by default in
the upgraded version in both the package's configure script and this
bitbake recipe since it is insecure.
Modified the parsing of ptest result to align with the new output
format.
With core-image-minimal on qemux86-64/kvm:
Recipe | Passed | Failed | Skipped | Time(s)
Before | 408 | 0 | 2 | 4
After | 431 | 11 | 2 | 10
11 test failed after the upgrade since libpcap is not upgraded
alongside with tcpdump.
Signed-off-by: Peiran Hong <peiran.hong@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 71535e2f0e)
[Upgrade is a resonable path do to the # of patches needed to address
all this issues]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
52 lines
1.4 KiB
BlitzBasic
52 lines
1.4 KiB
BlitzBasic
SUMMARY = "A sophisticated network protocol analyzer"
|
|
HOMEPAGE = "http://www.tcpdump.org/"
|
|
SECTION = "net"
|
|
LICENSE = "BSD"
|
|
LIC_FILES_CHKSUM = "file://LICENSE;md5=1d4b0366557951c84a94fabe3529f867"
|
|
|
|
DEPENDS = "libpcap"
|
|
|
|
RDEPENDS_${PN}-ptest += " make perl \
|
|
perl-module-file-basename \
|
|
perl-module-posix \
|
|
perl-module-carp"
|
|
|
|
SRC_URI = " \
|
|
http://www.tcpdump.org/release/${BP}.tar.gz \
|
|
file://unnecessary-to-check-libpcap.patch \
|
|
file://avoid-absolute-path-when-searching-for-libdlpi.patch \
|
|
file://add-ptest.patch \
|
|
file://run-ptest \
|
|
"
|
|
|
|
SRC_URI[md5sum] = "a4ead41d371f91aa0a2287f589958bae"
|
|
SRC_URI[sha256sum] = "2cd47cb3d460b6ff75f4a9940f594317ad456cfbf2bd2c8e5151e16559db6410"
|
|
|
|
inherit autotools-brokensep ptest
|
|
|
|
PACKAGECONFIG ?= "openssl"
|
|
|
|
PACKAGECONFIG[libcap-ng] = "--with-cap-ng,--without-cap-ng,libcap-ng"
|
|
PACKAGECONFIG[openssl] = "--with-crypto,--without-openssl --without-crypto,openssl"
|
|
PACKAGECONFIG[smi] = "--with-smi,--without-smi,libsmi"
|
|
# Note: CVE-2018-10103 (SMB - partially fixed, but SMB printing disabled)
|
|
PACKAGECONFIG[smb] = "--enable-smb,--disable-smb"
|
|
|
|
EXTRA_AUTORECONF += "-I m4"
|
|
|
|
do_configure_prepend() {
|
|
mkdir -p ${S}/m4
|
|
if [ -f aclocal.m4 ]; then
|
|
mv aclocal.m4 ${S}/m4
|
|
fi
|
|
}
|
|
|
|
do_install_append() {
|
|
# make install installs an unneeded extra copy of the tcpdump binary
|
|
rm -f ${D}${sbindir}/tcpdump.${PV}
|
|
}
|
|
|
|
do_compile_ptest() {
|
|
oe_runmake buildtest-TESTS
|
|
}
|