| Age | Commit message (Collapse) | Author |
|---|
|
Security fixes in this release (from the Debian changelog):
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Version 4.7.4 of tcpdump is not vulnerable to these issues according to:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8767
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8768
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8769
The tcpdump commit log seems to indicate that these issues were fixes in a
different way in the following commits:
CVE-2014-8767: 4038f83ebf654804829b258dde5e0a508c1c2003
CVE-2014-8768: 9255c9b05b0a04b8d89739b3efcb9f393a617fe9
CVE-2014-8769: 9ed7ddb48fd557dc993e73f22a50dda6cedf4df7
Just drop these patches.
Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
It is often difficult to know exactly when make will expand the
variable, and usually it can only be expanded after the dependencies
have been built (e.g. pkg-config or the .pc file). Using a backtick
instead makes it very clear that it will be expanded only while
executing the command.
This change is useful for two cases:
1. The per-package staging (and host) directory will be created as part
of the configure step, so any $(shell ...) variable that is used in
the configure step will fail because the directory doesn't exist
yet.
2. 'make printvars' evaluates the variables it prints. It will therefore
trigger a lot of errors from missing .pc files and others. The
backticks, on the other hand, are not expanded, so with this change
the output of 'make printvars' becomes clean again.
This commit contains only the easy changes: replace $(shell ...) with
`...`, and also replace ' with " where needed. Follow-up commits will
tackle the more complicated cases that need additional explanation.
After this change, the following instances of $(shell ...) will remain:
- All assignments that use :=
- All variables that are used in make conditionals (which don't expand
the backticks).
- All variables that only refer to system executables and make
variables that don't change.
- The calls to check-host-* in dependencies.mk, because it is eval'ed.
[Original patch by Fabio Porcedda, but extended quite a bit by Arnout.]
Signed-off-by: Fabio Porcedda <fabio.porcedda@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Fixes:
CVE-2015-0261 - issues with IPv6 mobility printer.
CVE-2015-2153 - issue with tcp printer.
CVE-2015-2154 - issue with ethernet printer.
CVE-2015-2155 - issue with force printer.
CVE-2014-9140 fix is upstream so patch dropped.
System libpcap upstream as well so dropped.
CVE-2014-8767, CVE-2014-8768 and CVE-2014-8769 don't seem to be upstream
so keep.
And add hash file.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
Since a while, the semantic of BR2_PREFER_STATIC_LIB has been changed
from "prefer static libraries when possible" to "use only static
libraries". The former semantic didn't make much sense, since the user
had absolutely no control/idea of which package would use static
libraries, and which packages would not. Therefore, for quite some
time, we have been starting to enforce that BR2_PREFER_STATIC_LIB
should really build everything with static libraries.
As a consequence, this patch renames BR2_PREFER_STATIC_LIB to
BR2_STATIC_LIBS, and adjust the Config.in option accordingly.
This also helps preparing the addition of other options to select
shared, shared+static or just static.
Note that we have verified that this commit can be reproduced by
simply doing a global rename of BR2_PREFER_STATIC_LIB to
BR2_STATIC_LIBS plus adding BR2_PREFER_STATIC_LIB to Config.in.legacy.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
|
|
Fixes CVE-2014-9140, PPP dissector vulnerability.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Fixes:
CVE-2014-8767 - denial of service in verbose mode using malformed OLSR
payload
OLSR payload
CVE-2014-8768 - denial of service in verbose mode using malformed Geonet
payload
CVE-2014-8769 - unreliable output using malformed AOVD payload
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Commit 746116d1eb2e (tcpdump: use libpcap shared library) broke static build
of tcpdump, because its configure script doesn't take into account indirect
dependencies of libpcap. Add these dependencies to the LIBS configure
parameter.
Fixes:
http://autobuild.buildroot.net/results/fd231d34e4bb0306609b021e9e74eb862b7bd6bd/
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Currently the tcpdump configure script finds libpcap.a in
output/build/libpcap-[version]. This check is hard coded in aclocal.m4. Add a
patch to optionally ignore local libpcap so that the system shared library
version is found instead. This reduces the tcpdump binary size in a few 100KB.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS,
make the same change for FOO_CONF_OPT.
Sed command used:
find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g'
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
In the Config.in file of package foo, it often happens that there are other
symbols besides BR2_PACKAGE_FOO. Typically, these symbols only make sense
when foo itself is enabled. There are two ways to express this: with
depends on BR2_PACKAGE_FOO
in each extra symbol, or with
if BR2_PACKAGE_FOO
...
endif
around the entire set of extra symbols.
The if/endif approach avoids the repetition of 'depends on' statements on
multiple symbols, so this is clearly preferred. But even when there is only
one extra symbol, if/endif is a more logical choice:
- it is future-proof for when extra symbols are added
- it allows to have just one strategy instead of two (less confusion)
This patch modifies the Config.in files accordingly.
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
There is no real reason to keep copyright notices in just four
packages, while none of the other packages have such copyright
notices.
The license is already clearly announced by the COPYING file in the
top Buildroot source directory. The authors are clearly credited
through the Git history of the project.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
Also remove the redundant $(call ...).
This is a purely mechanical change, performed with
find package linux toolchain boot -name \*.mk | \
xargs sed -i -e 's/$(eval $(call GENTARGETS))/$(eval $(generic-package))/' \
-e 's/$(eval $(call AUTOTARGETS))/$(eval $(autotools-package))/' \
-e 's/$(eval $(call CMAKETARGETS))/$(eval $(cmake-package))/'
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
configure)
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
Thanks to the pkgparentdir and pkgname functions, we can rewrite the
AUTOTARGETS macro in a way that avoids the need for each package to
repeat its name and the directory in which it is present.
[Peter: pkgdir->pkgparentdir]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
dhcpdump 1.7 required tcpdump, but version 1.8 now uses libpcap
instead. Also version 1.8 is no longer autotools based, but just a
simple Makefile.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
For some reason, tcpdump and libpcap need to have some information
about the kernel version being used. This information is passed using
the ac_cv_linux_vers autoconf variable.
However, the current value is determined using
BR2_DEFAULT_KERNEL_HEADERS which is only defined when an internal
Buildroot toolchain is used. So it would break with an external
toolchain or the Crosstool-NG backend.
According to Mike Frysinger at
http://lists.busybox.net/pipermail/buildroot/2011-January/040861.html,
this value is only used to determine if the kernel version is 0.x, 1.x
or 2.x, so passing ac_cv_linux_vers=2 is sufficient since Buildroot
only supports the 2.6 kernel anyway.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
[Peter: slightly tweak patch]
Acked-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
The tcpdump package likes to install two binaries into /usr/sbin --
one named "tcpdump" and one named "tcpdump.<ver>". But it does this
by installing the file twice rather than using links. Since the alt
name is useless to us, just punt it.
[Peter: Rework to use POST_INSTALL_TARGET_HOOKS instead]
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
The old version didn't build with the updated libpcap anymore.
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
Now that <pkg>_INSTALL_TARGET_OPT always defaults to
'DESTDIR=$(TARGET_DIR) install', we can remove the
<pkg>_INSTALL_TARGET_OPT definition from a lot of packages.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
Now that TARGET_CC contains several space-separated words, it must be
used quoted everywhere.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
We have been passing -q to ./configure when using 'make -s' for
packages using Makefile.autotools.in for some time. Do the same
for packages using autotools, but not using the
Makefile.autotools.in infrastructure, taking care to not do it
for packages with hand written configure scripts.
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
A C library will have been built by the toolchain makefiles, so there is no
need for packages to explicitly depend on uclibc.
Signed-off-by: Will Newton <will.newton@gmail.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
|
|
|
|
'default n' is the default, so there's no need to say it explicitly.
|
|
|
|
- use $(STRIPCMD) in packages to avoid clashes with $(STRIP)
|
|
|
|
- honour BR2_INET_IPV6
|
|
|
|
|
|
|
|
|
|
|
