diff options
Diffstat (limited to 'external/meta-openembedded/meta-oe/recipes-security/nmap')
5 files changed, 289 insertions, 0 deletions
diff --git a/external/meta-openembedded/meta-oe/recipes-security/nmap/files/0001-include-time.h-for-time-structure-definition.patch b/external/meta-openembedded/meta-oe/recipes-security/nmap/files/0001-include-time.h-for-time-structure-definition.patch new file mode 100644 index 00000000..561c8c82 --- /dev/null +++ b/external/meta-openembedded/meta-oe/recipes-security/nmap/files/0001-include-time.h-for-time-structure-definition.patch @@ -0,0 +1,78 @@ +From c774f2b129fd5acd5647d92c57a2079ae638a62b Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Sun, 20 Jan 2019 23:07:39 -0800 +Subject: [PATCH] include time.h for time structure definition + +Exposed by musl/clang + +Upstream-Status: Pending + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + nmap_error.cc | 1 + + nping/EchoServer.cc | 1 + + osscan.cc | 1 + + osscan2.cc | 1 + + service_scan.cc | 1 + + 5 files changed, 5 insertions(+) + +diff --git a/nmap_error.cc b/nmap_error.cc +index 19beafb..ea14e08 100644 +--- a/nmap_error.cc ++++ b/nmap_error.cc +@@ -135,6 +135,7 @@ + #include "xml.h" + + #include <errno.h> ++#include <time.h> + + extern NmapOps o; + +diff --git a/nping/EchoServer.cc b/nping/EchoServer.cc +index 70f39b0..40cd4d6 100644 +--- a/nping/EchoServer.cc ++++ b/nping/EchoServer.cc +@@ -137,6 +137,7 @@ + #include "NpingOps.h" + #include "ProbeMode.h" + #include <signal.h> ++#include <time.h> + + extern NpingOps o; + extern EchoServer es; +diff --git a/osscan.cc b/osscan.cc +index f851f60..6ae0c83 100644 +--- a/osscan.cc ++++ b/osscan.cc +@@ -149,6 +149,7 @@ + # include <time.h> + # endif + #endif ++#include <time.h> + + #include <algorithm> + #include <list> +diff --git a/osscan2.cc b/osscan2.cc +index e341947..887fbd2 100644 +--- a/osscan2.cc ++++ b/osscan2.cc +@@ -147,6 +147,7 @@ + + #include <list> + #include <math.h> ++#include <time.h> + + extern NmapOps o; + #ifdef WIN32 +diff --git a/service_scan.cc b/service_scan.cc +index 9780ae3..e07b940 100644 +--- a/service_scan.cc ++++ b/service_scan.cc +@@ -145,6 +145,7 @@ + #include "nmap_tty.h" + + #include <errno.h> ++#include <time.h> + + #if HAVE_OPENSSL + /* OpenSSL 1.0.0 needs _WINSOCKAPI_ to be defined, otherwise it loads diff --git a/external/meta-openembedded/meta-oe/recipes-security/nmap/files/0002-Fix-building-with-libc.patch b/external/meta-openembedded/meta-oe/recipes-security/nmap/files/0002-Fix-building-with-libc.patch new file mode 100644 index 00000000..064be8ff --- /dev/null +++ b/external/meta-openembedded/meta-oe/recipes-security/nmap/files/0002-Fix-building-with-libc.patch @@ -0,0 +1,76 @@ +From 2a361989b5f84ec23ba7ccb6e527a5590ff55deb Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Sun, 20 Jan 2019 23:11:56 -0800 +Subject: [PATCH] Fix building with libc++ + +Upstream-Status: Pending + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + nping/EchoServer.cc | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/nping/EchoServer.cc b/nping/EchoServer.cc +index 40cd4d6..04433e1 100644 +--- a/nping/EchoServer.cc ++++ b/nping/EchoServer.cc +@@ -282,14 +282,14 @@ int EchoServer::nep_listen_socket(){ + server_addr6.sin6_len = sizeof(struct sockaddr_in6); + #endif + /* Bind to local address and the specified port */ +- if( bind(master_sd, (struct sockaddr *)&server_addr6, sizeof(server_addr6)) != 0 ){ ++ if( ::bind(master_sd, (struct sockaddr *)&server_addr6, sizeof(server_addr6)) != 0 ){ + nping_warning(QT_3, "Failed to bind to source address %s. Trying to bind to port %d...", IPtoa(server_addr6.sin6_addr), port); + /* If the bind failed for the supplied address, just try again with in6addr_any */ + if( o.spoofSource() ){ + server_addr6.sin6_addr = in6addr_any; +- if( bind(master_sd, (struct sockaddr *)&server_addr6, sizeof(server_addr6)) != 0 ){ ++ if( ::bind(master_sd, (struct sockaddr *)&server_addr6, sizeof(server_addr6)) != 0 ){ + nping_fatal(QT_3, "Could not bind to port %d (%s).", port, strerror(errno)); +- }else{ ++ }else{ + nping_print(VB_1, "Server bound to port %d", port); + } + } +@@ -320,12 +320,12 @@ int EchoServer::nep_listen_socket(){ + #endif + + /* Bind to local address and the specified port */ +- if( bind(master_sd, (struct sockaddr *)&server_addr4, sizeof(server_addr4)) != 0 ){ ++ if( ::bind(master_sd, (struct sockaddr *)&server_addr4, sizeof(server_addr4)) != 0 ){ + nping_warning(QT_3, "Failed to bind to source address %s. Trying to bind to port %d...", IPtoa(server_addr4.sin_addr), port); + /* If the bind failed for the supplied address, just try again with in6addr_any */ + if( o.spoofSource() ){ + server_addr4.sin_addr.s_addr=INADDR_ANY; +- if( bind(master_sd, (struct sockaddr *)&server_addr4, sizeof(server_addr4)) != 0 ){ ++ if( ::bind(master_sd, (struct sockaddr *)&server_addr4, sizeof(server_addr4)) != 0 ){ + nping_fatal(QT_3, "Could not bind to port %d (%s).", port, strerror(errno)); + }else{ + nping_print(VB_1, "Server bound to port %d", port); +@@ -561,7 +561,7 @@ clientid_t EchoServer::nep_match_headers(IPv4Header *ip4, IPv6Header *ip6, TCPHe + nping_print(DBG_3, ";"); + /* The payload magic may affect the score only between + * zero and 4 bytes. This is done to prevent long +- * common strings like "GET / HTTP/1.1\r\n" ++ * common strings like "GET / HTTP/1.1\r\n" + * increasing the score a lot and cause problems for + * the matching logic. */ + current_score+= MIN(4, fspec->len)*FACTOR_PAYLOAD_MAGIC; +@@ -571,7 +571,7 @@ clientid_t EchoServer::nep_match_headers(IPv4Header *ip4, IPv6Header *ip6, TCPHe + default: + nping_warning(QT_2, "Bogus field specifier found in client #%d context. Please report a bug", ctx->getIdentifier()); + break; +- } ++ } + } /* End of field specifiers loop */ + + nping_print(DBG_3, "%s() current_score=%.02f candidate_score=%.02f", __func__, current_score, candidate_score); +@@ -650,7 +650,7 @@ clientid_t EchoServer::nep_match_packet(const u8 *pkt, size_t pktlen){ + }else{ + if( (tcplen=tcp.validate())==OP_FAILURE){ + return CLIENT_NOT_FOUND; +- }else{ ++ }else{ + if( (int)pktlen > (iplen+tcplen) ){ + if( payload.storeRecvData(pkt+iplen+tcplen, pktlen-iplen-tcplen)!=OP_FAILURE) + payload_included=true; diff --git a/external/meta-openembedded/meta-oe/recipes-security/nmap/files/nmap-redefine-the-python-library-dir.patch b/external/meta-openembedded/meta-oe/recipes-security/nmap/files/nmap-redefine-the-python-library-dir.patch new file mode 100644 index 00000000..356b5071 --- /dev/null +++ b/external/meta-openembedded/meta-oe/recipes-security/nmap/files/nmap-redefine-the-python-library-dir.patch @@ -0,0 +1,37 @@ +[PATCH] redefine the python library install dir + +Upstream-Status: Pending + +If install-lib is not defined, it is always /usr/lib/, but it +maybe /usr/lib64 for multilib + +Signed-off-by: Roy Li <rongqing.li@windriver.com> +--- + Makefile.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/Makefile.in b/Makefile.in +index 1bb062c..cced2fb 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -311,7 +311,7 @@ build-zenmap: $(ZENMAPDIR)/setup.py $(ZENMAPDIR)/zenmapCore/Version.py + + install-zenmap: $(ZENMAPDIR)/setup.py + $(INSTALL) -d $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1 +- cd $(ZENMAPDIR) && $(PYTHON) setup.py --quiet install --prefix "$(prefix)" --force $(if $(DESTDIR),--root "$(DESTDIR)") ++ cd $(ZENMAPDIR) && $(PYTHON) setup.py --quiet install --prefix "$(prefix)" --install-lib="${PYTHON_SITEPACKAGES_DIR}" --force $(if $(DESTDIR),--root "$(DESTDIR)") + $(INSTALL) -c -m 644 docs/zenmap.1 $(DESTDIR)$(mandir)/man1/ + # Create a symlink from nmapfe to zenmap if nmapfe doesn't exist or is + # already a link. +@@ -328,7 +328,7 @@ build-nping: $(NPINGDIR)/Makefile nbase_build nsock_build netutil_build $(NPINGD + @cd $(NPINGDIR) && $(MAKE) + + install-ndiff: +- cd $(NDIFFDIR) && $(PYTHON) setup.py install --prefix "$(prefix)" $(if $(DESTDIR),--root "$(DESTDIR)") ++ cd $(NDIFFDIR) && $(PYTHON) setup.py install --prefix "$(prefix)" --install-lib="${PYTHON_SITEPACKAGES_DIR}" $(if $(DESTDIR),--root "$(DESTDIR)") + + NSE_FILES = scripts/script.db scripts/*.nse + NSE_LIB_LUA_FILES = nselib/*.lua nselib/*.luadoc +-- +1.9.1 + diff --git a/external/meta-openembedded/meta-oe/recipes-security/nmap/files/nmap-replace-shtool-mkdir-with-coreutils-mkdir-command.patch b/external/meta-openembedded/meta-oe/recipes-security/nmap/files/nmap-replace-shtool-mkdir-with-coreutils-mkdir-command.patch new file mode 100644 index 00000000..cfe043af --- /dev/null +++ b/external/meta-openembedded/meta-oe/recipes-security/nmap/files/nmap-replace-shtool-mkdir-with-coreutils-mkdir-command.patch @@ -0,0 +1,48 @@ +[PATCH] replace "./shtool mkdir" with coreutils mkdir command + +Upstream-Status: Pending + +"./shtool mkdir" is used when mkdir has not -p parameter, but mkdir in today +most release has supportted the -p parameter, not need to use shtool, and it +can not fix the race if two process are running mkdir to create same dir + +Signed-off-by: Roy Li <rongqing.li@windriver.com> +--- + ncat/Makefile.in | 4 ++-- + nmap-update/Makefile.in | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/ncat/Makefile.in b/ncat/Makefile.in +index cfd306d..2166e08 100644 +--- a/ncat/Makefile.in ++++ b/ncat/Makefile.in +@@ -163,11 +163,11 @@ $(NSOCKDIR)/libnsock.a: $(NSOCKDIR)/Makefile + + install: $(TARGET) + @echo Installing Ncat; +- $(SHTOOL) mkdir -f -p -m 755 $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1 ++ mkdir -p -m 755 $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1 + $(INSTALL) -c -m 755 ncat $(DESTDIR)$(bindir)/ncat + $(STRIP) -x $(DESTDIR)$(bindir)/ncat + if [ -n "$(DATAFILES)" ]; then \ +- $(SHTOOL) mkdir -f -p -m 755 $(DESTDIR)$(pkgdatadir); \ ++ mkdir -p -m 755 $(DESTDIR)$(pkgdatadir); \ + $(INSTALL) -c -m 644 $(DATAFILES) $(DESTDIR)$(pkgdatadir)/; \ + fi + $(INSTALL) -c -m 644 docs/$(TARGET).1 $(DESTDIR)$(mandir)/man1/$(TARGET).1 +diff --git a/nmap-update/Makefile.in b/nmap-update/Makefile.in +index 89ff928..93f48d8 100644 +--- a/nmap-update/Makefile.in ++++ b/nmap-update/Makefile.in +@@ -37,7 +37,7 @@ $(NBASELIB): + cd $(NBASEDIR) && $(MAKE) + + install: nmap-update +- $(SHTOOL) mkdir -f -p -m 755 $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1 ++ mkdir -p -m 755 $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1 + $(INSTALL) -c -m 755 nmap-update $(DESTDIR)$(bindir) + $(STRIP) -x $(DESTDIR)$(bindir)/nmap-update + $(INSTALL) -c -m 644 ../docs/nmap-update.1 $(DESTDIR)$(mandir)/man1/ +-- +1.9.1 + diff --git a/external/meta-openembedded/meta-oe/recipes-security/nmap/nmap_7.70.bb b/external/meta-openembedded/meta-oe/recipes-security/nmap/nmap_7.70.bb new file mode 100644 index 00000000..e8780382 --- /dev/null +++ b/external/meta-openembedded/meta-oe/recipes-security/nmap/nmap_7.70.bb @@ -0,0 +1,50 @@ +SUMMARY = "network auditing tool" +DESCRIPTION = "Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing.\nGui support via appending to IMAGE_FEATURES x11-base in local.conf" +SECTION = "security" +LICENSE = "GPL-2.0" + +LIC_FILES_CHKSUM = "file://COPYING;beginline=7;endline=12;md5=1489288f46af415fadc4e8b6345ab9f4" + +SRC_URI = "http://nmap.org/dist/${BP}.tar.bz2 \ + file://nmap-redefine-the-python-library-dir.patch \ + file://nmap-replace-shtool-mkdir-with-coreutils-mkdir-command.patch \ + file://0001-include-time.h-for-time-structure-definition.patch \ + file://0002-Fix-building-with-libc.patch \ + " + +SRC_URI[md5sum] = "84eb6fbe788e0d4918c2b1e39421bf79" +SRC_URI[sha256sum] = "847b068955f792f4cc247593aca6dc3dc4aae12976169873247488de147a6e18" + +inherit autotools-brokensep pkgconfig pythonnative + +PACKAGECONFIG ?= "ncat nping ndiff pcap" + +PACKAGECONFIG[pcap] = "--with-pcap=linux, --without-pcap, libpcap, libpcap" +PACKAGECONFIG[pcre] = "--with-libpcre=${STAGING_LIBDIR}/.., --with-libpcre=included, libpcre" +PACKAGECONFIG[ssl] = "--with-openssl=${STAGING_LIBDIR}/.., --without-openssl, openssl, openssl" +PACKAGECONFIG[ssh2] = "--with-openssh2=${STAGING_LIBDIR}/.., --without-openssh2, libssh2, libssh2" +PACKAGECONFIG[libz] = "--with-libz=${STAGING_LIBDIR}/.., --without-libz, zlib, zlib" + +#disable/enable packages +PACKAGECONFIG[nping] = ",--without-nping," +PACKAGECONFIG[ncat] = ",--without-ncat," +PACKAGECONFIG[ndiff] = ",--without-ndiff,python" +PACKAGECONFIG[update] = ",--without-nmap-update," + +EXTRA_OECONF = "--with-libdnet=included --with-liblinear=included --without-subversion --with-liblua=included" + +# zenmap needs python-pygtk which has been removed +# it also only works with python2 +# disable for now until py3 is supported +EXTRA_OECONF += "--without-zenmap" + +export PYTHON_SITEPACKAGES_DIR + +do_configure() { + autoconf + oe_runconf +} + +FILES_${PN} += "${PYTHON_SITEPACKAGES_DIR} ${datadir}/ncat" + +RDEPENDS_${PN} = "python" |