buildroot/package/netsnmp/netsnmp.mk
Thomas Petazzoni 44243b4c80 package/netsnmp: revert back to 5.9.3, backport security fix
In commit 13fc9dcb34, netsnmp was bumped
from 5.9.3 to 5.9.4 to fix two CVEs.

However, even though it's a minor version bump, there are actually 163
commits upstream between those two minor releases, and some of them
are breaking existing use-cases. In particular upstream
a2cb167514ac0c7e1b04e8f151e0b015501362e0 now requires that config_()
macros in MIB files are terminated with a semicolon, causing a build
breakage with existing MIB files that were totally valid with 5.9.3.

This commit therefore proposes to revert back to 5.9.3, by reverting
those two commits:

56caafceab package/netsnmp: fix musl build
13fc9dcb34 package/netsnmp: security bump to version 5.9.4

and instead backport the one upstream commit that fixes both CVEs.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: fix typo as reported by Baruch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-11-26 18:23:49 +01:00

130 lines
3.6 KiB
Makefile

################################################################################
#
# netsnmp
#
################################################################################
NETSNMP_VERSION = 5.9.3
NETSNMP_SITE = https://downloads.sourceforge.net/project/net-snmp/net-snmp/$(NETSNMP_VERSION)
NETSNMP_SOURCE = net-snmp-$(NETSNMP_VERSION).tar.gz
NETSNMP_LICENSE = Various BSD-like
NETSNMP_LICENSE_FILES = COPYING
NETSNMP_CPE_ID_VENDOR = net-snmp
NETSNMP_CPE_ID_PRODUCT = $(NETSNMP_CPE_ID_VENDOR)
# 0001-snmp_agent-disallow-SET-with-NULL-varbind.patch
NETSNMP_IGNORE_CVES = \
CVE-2022-44792 \
CVE-2022-44793
NETSNMP_SELINUX_MODULES = snmp
NETSNMP_INSTALL_STAGING = YES
NETSNMP_CONF_ENV = \
ac_cv_NETSNMP_CAN_USE_SYSCTL=no \
ac_cv_path_PSPROG=/bin/ps
NETSNMP_CONF_OPTS = \
--with-persistent-directory=/var/lib/snmp \
--with-defaults \
--enable-mini-agent \
--without-rpm \
--with-logfile=none \
--without-kmem-usage \
--enable-as-needed \
--without-perl-modules \
--disable-embedded-perl \
--disable-perl-cc-checks \
--disable-scripts \
--with-default-snmp-version="1" \
--enable-silent-libtool \
--enable-mfd-rewrites \
--with-sys-contact="root@localhost" \
--with-sys-location="Unknown" \
--with-mib-modules="$(call qstrip,$(BR2_PACKAGE_NETSNMP_WITH_MIB_MODULES))" \
--with-out-mib-modules="$(call qstrip,$(BR2_PACKAGE_NETSNMP_WITHOUT_MIB_MODULES))" \
--disable-manuals
NETSNMP_INSTALL_STAGING_OPTS = DESTDIR=$(STAGING_DIR) LIB_LDCONFIG_CMD=true install
NETSNMP_INSTALL_TARGET_OPTS = DESTDIR=$(TARGET_DIR) LIB_LDCONFIG_CMD=true install
NETSNMP_MAKE = $(MAKE1)
NETSNMP_CONFIG_SCRIPTS = net-snmp-config
# We're patching configure.d/config_project_types
NETSNMP_AUTORECONF = YES
define NETSNMP_USERS
snmp -1 snmp -1 * - - - snmpd user
endef
ifeq ($(BR2_INIT_SYSTEMD),y)
NETSNMP_CONF_OPTS += --with-systemd
else
NETSNMP_CONF_OPTS += --without-systemd
endif
ifeq ($(BR2_ENDIAN),"BIG")
NETSNMP_CONF_OPTS += --with-endianness=big
else
NETSNMP_CONF_OPTS += --with-endianness=little
endif
ifeq ($(BR2_PACKAGE_LIBNL),y)
NETSNMP_DEPENDENCIES += host-pkgconf libnl
NETSNMP_CONF_OPTS += --with-nl
else
NETSNMP_CONF_OPTS += --without-nl
endif
# OpenSSL
ifeq ($(BR2_PACKAGE_OPENSSL),y)
NETSNMP_DEPENDENCIES += host-pkgconf openssl
NETSNMP_CONF_OPTS += \
--with-openssl=$(STAGING_DIR)/usr/include/openssl \
--with-security-modules="tsm,usm" \
--with-transports="DTLSUDP,TLSTCP"
NETSNMP_CONF_ENV += LIBS=`$(PKG_CONFIG_HOST_BINARY) --libs openssl`
else ifeq ($(BR2_PACKAGE_NETSNMP_OPENSSL_INTERNAL),y)
NETSNMP_CONF_OPTS += --with-openssl=internal
else
NETSNMP_CONF_OPTS += --without-openssl
endif
# There's no option to forcibly enable or disable it
ifeq ($(BR2_PACKAGE_PCIUTILS),y)
NETSNMP_DEPENDENCIES += pciutils
endif
# For ucd-snmp/lmsensorsMib
ifeq ($(BR2_PACKAGE_LM_SENSORS),y)
NETSNMP_DEPENDENCIES += lm-sensors
endif
ifneq ($(BR2_PACKAGE_NETSNMP_ENABLE_MIBS),y)
NETSNMP_CONF_OPTS += --disable-mib-loading
NETSNMP_CONF_OPTS += --disable-mibs
endif
ifneq ($(BR2_PACKAGE_NETSNMP_ENABLE_DEBUGGING),y)
NETSNMP_CONF_OPTS += --disable-debugging
endif
ifeq ($(BR2_PACKAGE_NETSNMP_SERVER),y)
NETSNMP_CONF_OPTS += --enable-agent
else
NETSNMP_CONF_OPTS += --disable-agent
endif
ifeq ($(BR2_PACKAGE_NETSNMP_CLIENTS),y)
NETSNMP_CONF_OPTS += --enable-applications
else
NETSNMP_CONF_OPTS += --disable-applications
endif
ifeq ($(BR2_PACKAGE_NETSNMP_SERVER),y)
define NETSNMP_INSTALL_INIT_SYSV
$(INSTALL) -D -m 0755 package/netsnmp/S59snmpd \
$(TARGET_DIR)/etc/init.d/S59snmpd
endef
define NETSNMP_INSTALL_INIT_SYSTEMD
$(INSTALL) -D -m 0644 package/netsnmp/snmpd.service \
$(TARGET_DIR)/usr/lib/systemd/system/snmpd.service
endef
endif
$(eval $(autotools-package))