mirror of
https://git.busybox.net/buildroot.git
synced 2024-12-03 18:33:48 +08:00
44243b4c80
In commit13fc9dcb34
, netsnmp was bumped from 5.9.3 to 5.9.4 to fix two CVEs. However, even though it's a minor version bump, there are actually 163 commits upstream between those two minor releases, and some of them are breaking existing use-cases. In particular upstream a2cb167514ac0c7e1b04e8f151e0b015501362e0 now requires that config_() macros in MIB files are terminated with a semicolon, causing a build breakage with existing MIB files that were totally valid with 5.9.3. This commit therefore proposes to revert back to 5.9.3, by reverting those two commits:56caafceab
package/netsnmp: fix musl build13fc9dcb34
package/netsnmp: security bump to version 5.9.4 and instead backport the one upstream commit that fixes both CVEs. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> [yann.morin.1998@free.fr: fix typo as reported by Baruch] Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
130 lines
3.6 KiB
Makefile
130 lines
3.6 KiB
Makefile
################################################################################
|
|
#
|
|
# netsnmp
|
|
#
|
|
################################################################################
|
|
|
|
NETSNMP_VERSION = 5.9.3
|
|
NETSNMP_SITE = https://downloads.sourceforge.net/project/net-snmp/net-snmp/$(NETSNMP_VERSION)
|
|
NETSNMP_SOURCE = net-snmp-$(NETSNMP_VERSION).tar.gz
|
|
NETSNMP_LICENSE = Various BSD-like
|
|
NETSNMP_LICENSE_FILES = COPYING
|
|
NETSNMP_CPE_ID_VENDOR = net-snmp
|
|
NETSNMP_CPE_ID_PRODUCT = $(NETSNMP_CPE_ID_VENDOR)
|
|
# 0001-snmp_agent-disallow-SET-with-NULL-varbind.patch
|
|
NETSNMP_IGNORE_CVES = \
|
|
CVE-2022-44792 \
|
|
CVE-2022-44793
|
|
NETSNMP_SELINUX_MODULES = snmp
|
|
NETSNMP_INSTALL_STAGING = YES
|
|
NETSNMP_CONF_ENV = \
|
|
ac_cv_NETSNMP_CAN_USE_SYSCTL=no \
|
|
ac_cv_path_PSPROG=/bin/ps
|
|
NETSNMP_CONF_OPTS = \
|
|
--with-persistent-directory=/var/lib/snmp \
|
|
--with-defaults \
|
|
--enable-mini-agent \
|
|
--without-rpm \
|
|
--with-logfile=none \
|
|
--without-kmem-usage \
|
|
--enable-as-needed \
|
|
--without-perl-modules \
|
|
--disable-embedded-perl \
|
|
--disable-perl-cc-checks \
|
|
--disable-scripts \
|
|
--with-default-snmp-version="1" \
|
|
--enable-silent-libtool \
|
|
--enable-mfd-rewrites \
|
|
--with-sys-contact="root@localhost" \
|
|
--with-sys-location="Unknown" \
|
|
--with-mib-modules="$(call qstrip,$(BR2_PACKAGE_NETSNMP_WITH_MIB_MODULES))" \
|
|
--with-out-mib-modules="$(call qstrip,$(BR2_PACKAGE_NETSNMP_WITHOUT_MIB_MODULES))" \
|
|
--disable-manuals
|
|
NETSNMP_INSTALL_STAGING_OPTS = DESTDIR=$(STAGING_DIR) LIB_LDCONFIG_CMD=true install
|
|
NETSNMP_INSTALL_TARGET_OPTS = DESTDIR=$(TARGET_DIR) LIB_LDCONFIG_CMD=true install
|
|
NETSNMP_MAKE = $(MAKE1)
|
|
NETSNMP_CONFIG_SCRIPTS = net-snmp-config
|
|
# We're patching configure.d/config_project_types
|
|
NETSNMP_AUTORECONF = YES
|
|
|
|
define NETSNMP_USERS
|
|
snmp -1 snmp -1 * - - - snmpd user
|
|
endef
|
|
|
|
ifeq ($(BR2_INIT_SYSTEMD),y)
|
|
NETSNMP_CONF_OPTS += --with-systemd
|
|
else
|
|
NETSNMP_CONF_OPTS += --without-systemd
|
|
endif
|
|
|
|
ifeq ($(BR2_ENDIAN),"BIG")
|
|
NETSNMP_CONF_OPTS += --with-endianness=big
|
|
else
|
|
NETSNMP_CONF_OPTS += --with-endianness=little
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_LIBNL),y)
|
|
NETSNMP_DEPENDENCIES += host-pkgconf libnl
|
|
NETSNMP_CONF_OPTS += --with-nl
|
|
else
|
|
NETSNMP_CONF_OPTS += --without-nl
|
|
endif
|
|
|
|
# OpenSSL
|
|
ifeq ($(BR2_PACKAGE_OPENSSL),y)
|
|
NETSNMP_DEPENDENCIES += host-pkgconf openssl
|
|
NETSNMP_CONF_OPTS += \
|
|
--with-openssl=$(STAGING_DIR)/usr/include/openssl \
|
|
--with-security-modules="tsm,usm" \
|
|
--with-transports="DTLSUDP,TLSTCP"
|
|
NETSNMP_CONF_ENV += LIBS=`$(PKG_CONFIG_HOST_BINARY) --libs openssl`
|
|
else ifeq ($(BR2_PACKAGE_NETSNMP_OPENSSL_INTERNAL),y)
|
|
NETSNMP_CONF_OPTS += --with-openssl=internal
|
|
else
|
|
NETSNMP_CONF_OPTS += --without-openssl
|
|
endif
|
|
|
|
# There's no option to forcibly enable or disable it
|
|
ifeq ($(BR2_PACKAGE_PCIUTILS),y)
|
|
NETSNMP_DEPENDENCIES += pciutils
|
|
endif
|
|
|
|
# For ucd-snmp/lmsensorsMib
|
|
ifeq ($(BR2_PACKAGE_LM_SENSORS),y)
|
|
NETSNMP_DEPENDENCIES += lm-sensors
|
|
endif
|
|
|
|
ifneq ($(BR2_PACKAGE_NETSNMP_ENABLE_MIBS),y)
|
|
NETSNMP_CONF_OPTS += --disable-mib-loading
|
|
NETSNMP_CONF_OPTS += --disable-mibs
|
|
endif
|
|
|
|
ifneq ($(BR2_PACKAGE_NETSNMP_ENABLE_DEBUGGING),y)
|
|
NETSNMP_CONF_OPTS += --disable-debugging
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_NETSNMP_SERVER),y)
|
|
NETSNMP_CONF_OPTS += --enable-agent
|
|
else
|
|
NETSNMP_CONF_OPTS += --disable-agent
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_NETSNMP_CLIENTS),y)
|
|
NETSNMP_CONF_OPTS += --enable-applications
|
|
else
|
|
NETSNMP_CONF_OPTS += --disable-applications
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_NETSNMP_SERVER),y)
|
|
define NETSNMP_INSTALL_INIT_SYSV
|
|
$(INSTALL) -D -m 0755 package/netsnmp/S59snmpd \
|
|
$(TARGET_DIR)/etc/init.d/S59snmpd
|
|
endef
|
|
define NETSNMP_INSTALL_INIT_SYSTEMD
|
|
$(INSTALL) -D -m 0644 package/netsnmp/snmpd.service \
|
|
$(TARGET_DIR)/usr/lib/systemd/system/snmpd.service
|
|
endef
|
|
endif
|
|
|
|
$(eval $(autotools-package))
|