diff options
Diffstat (limited to 'meta-networking/recipes-devtools')
9 files changed, 163 insertions, 179 deletions
diff --git a/meta-networking/recipes-devtools/libcoap/libcoap/CVE-2024-0962.patch b/meta-networking/recipes-devtools/libcoap/libcoap/CVE-2024-0962.patch new file mode 100644 index 0000000000..add52483b7 --- /dev/null +++ b/meta-networking/recipes-devtools/libcoap/libcoap/CVE-2024-0962.patch @@ -0,0 +1,45 @@ +From bf6a303883bde40cf96b960c8574cddd89e71701 Mon Sep 17 00:00:00 2001 +From: Jon Shallow <supjps-libcoap@jpshallow.com> +Date: Thu, 25 Jan 2024 18:03:17 +0000 +Subject: [PATCH] coap_oscore.c: Fix parsing OSCORE configuration information + +A vulnerability was found in obgm libcoap 4.3.4. It has been rated as critical. +Affected by this issue is the function get_split_entry of the file src/coap_oscore.c of the component Configuration File Handler. +The manipulation leads to stack-based buffer overflow. + +CVE: CVE-2024-0962 + +Upstream-Status: Backport [https://github.com/obgm/libcoap/pull/1311] + +Signed-off-by: alperak <alperyasinak1@gmail.com> +--- + src/coap_oscore.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/coap_oscore.c b/src/coap_oscore.c +index 83f785c92..e0fb22947 100644 +--- a/src/coap_oscore.c ++++ b/src/coap_oscore.c +@@ -1678,11 +1678,12 @@ get_split_entry(const char **start, + oscore_value_t *value) { + const char *begin = *start; + const char *end; ++ const char *kend; + const char *split; + size_t i; + + retry: +- end = memchr(begin, '\n', size); ++ kend = end = memchr(begin, '\n', size); + if (end == NULL) + return 0; + +@@ -1693,7 +1694,7 @@ get_split_entry(const char **start, + + if (begin[0] == '#' || (end - begin) == 0) { + /* Skip comment / blank line */ +- size -= end - begin + 1; ++ size -= kend - begin + 1; + begin = *start; + goto retry; + } diff --git a/meta-networking/recipes-devtools/libcoap/libcoap/run-ptest b/meta-networking/recipes-devtools/libcoap/libcoap/run-ptest new file mode 100644 index 0000000000..b56ffe68f3 --- /dev/null +++ b/meta-networking/recipes-devtools/libcoap/libcoap/run-ptest @@ -0,0 +1,7 @@ +#!/bin/sh + +if /usr/lib/libcoap/ptest/testdriver; then + echo "PASS: libcoap" +else + echo "FAIL: libcoap" +fi diff --git a/meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb b/meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb new file mode 100644 index 0000000000..2f5d192a77 --- /dev/null +++ b/meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb @@ -0,0 +1,63 @@ +SUMMARY = "A C implementation of the Constrained Application Protocol" +DESCRIPTION = "libcoap implements a lightweight application-protocol for \ +devices that are constrained their resources such as computing power, \ +RF range, memory, bandwith, or network packet sizes." +HOMEPAGE ="https://libcoap.net/" + +LICENSE = "BSD-2-Clause & BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=1978dbc41673ab1c20e64b287c8317bc" + +SRC_URI = "git://github.com/obgm/libcoap.git;branch=main;protocol=https \ + file://run-ptest \ + file://CVE-2024-0962.patch \ + " +SRCREV = "5fd2f89ef068214130e5d60b7087ef48711fa615" + +S = "${WORKDIR}/git" + +inherit autotools manpages pkgconfig ptest + +DEPENDS += "ctags-native" + +PACKAGECONFIG ?= "\ + async openssl tcp \ + ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)} \ +" +PACKAGECONFIG[async] = "--enable-async,--disable-async" +PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls,,,openssl mbedtls" +PACKAGECONFIG[manpages] = "--enable-documentation --enable-doxygen --enable-manpages,--disable-documentation,asciidoc-native doxygen-native graphviz-native" +PACKAGECONFIG[mbedtls] = "--with-mbedtls,--without-mbedtls,mbedtls,,,gnutls openssl" +PACKAGECONFIG[openssl] = "--with-openssl,--without-openssl,openssl,,,gnutls mbedtls" +PACKAGECONFIG[small-stack] = "--enable-small-stack,--disable-small-stack" +PACKAGECONFIG[tcp] = "--enable-tcp,--disable-tcp" +PACKAGECONFIG[tests] = "--enable-tests,--disable-tests,cunit" + +EXTRA_OECONF = "\ + --with-epoll --enable-add-default-names \ + --without-tinydtls --without-submodule-tinydtls \ + ${@bb.utils.contains_any('PACKAGECONFIG', 'gnutls openssl mbedtls', '--enable-dtls', '--disable-dtls', d)} \ +" + +python () { + if d.getVar('PTEST_ENABLED') == "1": + d.setVar('DISABLE_STATIC', '') +} + +export SGML_CATALOG_FILES="file://${STAGING_ETCDIR_NATIVE}/xml/catalog" + +do_compile:prepend() { + oe_runmake update-map-file +} + +do_install_ptest () { + install -d ${D}${PTEST_PATH} + install -m 0755 ${UNPACKDIR}/run-ptest ${D}${PTEST_PATH}/run-ptest + install -m 0755 ${B}/tests/testdriver ${D}${PTEST_PATH}/testdriver +} + +PACKAGE_BEFORE_PN += "\ + ${PN}-bin \ +" + +FILES:${PN}-bin = "${bindir}" +FILES:${PN}-dev += "${datadir}/${BPN}/examples" diff --git a/meta-networking/recipes-devtools/perl/libauthen/libauthen-radius-perl/run-ptest b/meta-networking/recipes-devtools/perl/libauthen/libauthen-radius-perl/run-ptest deleted file mode 100644 index f1c833e6ca..0000000000 --- a/meta-networking/recipes-devtools/perl/libauthen/libauthen-radius-perl/run-ptest +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/sh -# - -# prepare testing config -CONF_USERS=`readlink -f /etc/raddb/users` -mv ${CONF_USERS} ${CONF_USERS}_orig -echo "testing Cleartext-Password := \"testpassword\"" > ${CONF_USERS} -cat ${CONF_USERS}_orig >> ${CONF_USERS} - -# restart radiusd server -systemctl restart radiusd || /etc/init.d/radiusd restart || { - echo "FAIL: Start radiusd service." - exit 1 -} - -# run teests -perl test.pl - -# restore the config and restart -mv ${CONF_USERS}_orig ${CONF_USERS} -systemctl restart radiusd || /etc/init.d/radiusd restart diff --git a/meta-networking/recipes-devtools/perl/libauthen/libauthen-radius-perl/test.pl-adjust-for-ptest.patch b/meta-networking/recipes-devtools/perl/libauthen/libauthen-radius-perl/test.pl-adjust-for-ptest.patch deleted file mode 100644 index 9798af497c..0000000000 --- a/meta-networking/recipes-devtools/perl/libauthen/libauthen-radius-perl/test.pl-adjust-for-ptest.patch +++ /dev/null @@ -1,90 +0,0 @@ -From 829302792bf0e4935d29efc23ca1f2e9e7ee7dfd Mon Sep 17 00:00:00 2001 -From: Jackie Huang <jackie.huang@windriver.com> -Date: Thu, 7 Jan 2016 03:12:38 -0500 -Subject: [PATCH] test.pl: adjust for ptest - -* Don't use interactive inputs, set default test - settings instead. -* Change the test results output to the ptest format - -Upstream-Status: Inappropriate [OE ptest specific] - -Signed-off-by: Jackie Huang <jackie.huang@windriver.com> ---- - test.pl | 31 ++++++++++++++++++------------- - 1 file changed, 18 insertions(+), 13 deletions(-) - -diff --git a/test.pl b/test.pl -index cfd1c1e..9b4f10e 100644 ---- a/test.pl -+++ b/test.pl -@@ -7,11 +7,11 @@ - # Change 1..1 below to 1..last_test_to_print . - # (It may become useful if the test is moved to ./t subdirectory.) - --BEGIN {print "1..5\n";} --END {print "not ok 1\n" unless $loaded;} -+BEGIN {print "Start testing for libauthen-radius-perl\n";} -+END {print "\nFAIL: test1\n" unless $loaded;} - use Authen::Radius; - $loaded = 1; --print "ok 1\n"; -+print "\nPASS: test1\n"; - - ######################### End of black magic. - -@@ -19,26 +19,31 @@ print "ok 1\n"; - # (correspondingly "not ok 13") depending on the success of chunk 13 - # of the test code): - -+$host = "127.0.0.1"; -+$secret = "testing123"; -+$user = "testing"; -+$pwd = "testpassword"; -+ - print "Make sure this machine is in your Radius clients file!\n"; --print "Enter hostname[:port] of your Radius server: "; chomp ($host = <STDIN>); --print "Enter shared-secret of your Radius server: "; chomp ($secret = <STDIN>); --print "Enter a username to be validated: "; chomp ($user = <STDIN>); --print "Enter this user's password: "; chomp ($pwd = <STDIN>); -+print "hostname of your Radius server: $host\n"; -+print "shared-secret of your Radius server: $secret\n"; -+print "The username to be validated: $user\n"; -+print "The user's password: $pwd\n"; - - $t = 2; - if ($host ne '') { - $r = new Authen::Radius(Host => $host, Secret => $secret, Debug => 1); -- print defined($r) ? "" : "not ", "ok $t\n"; $t++; -+ print defined($r) ? "\nPASS: test$t\n" : "\nFAIL: test$t\n"; $t++; - #Authen::Radius->load_dictionary; -- print $r->check_pwd($user, $pwd) ? "" : "not ", "ok $t\n"; $t++; -+ print $r->check_pwd($user, $pwd) ? "\nPASS: test$t\n" : "\nFAIL: test$t\n"; $t++; - @a = $r->get_attributes; -- print $#a != -1 ? "" : "not ", "ok $t\n"; $t++; -+ print $#a != -1 ? "\nPASS: test$t\n" : "\nFAIL: test$t\n"; $t++; - #for $a (@a) { - # print "attr: name=$a->{'Name'} value=$a->{'Value'}\n"; - #} - } else { - foreach my $t (2..4) { -- print "skipped $t\n"; -+ print "\nSKIP test$t\n"; - } - } - -@@ -53,9 +58,9 @@ my $data = "what do ya want for nothing?"; - my $etalon_digest = hex_to_ascii("750c783e6ab0b503eaa86e310a5db738"); - my $digest = Authen::Radius::hmac_md5(undef, $data, $key); - if ($etalon_digest eq $digest) { -- print "ok 5\n"; -+ print "\nPASS: test5\n"; - } else { -- print "not ok 5\n"; -+ print "\nFAIL: test5\n"; - } - - exit; --- -1.9.1 - diff --git a/meta-networking/recipes-devtools/perl/libauthen/libauthen-radius-perl_0.22.bb b/meta-networking/recipes-devtools/perl/libauthen/libauthen-radius-perl_0.22.bb deleted file mode 100644 index ea5bb1b0c9..0000000000 --- a/meta-networking/recipes-devtools/perl/libauthen/libauthen-radius-perl_0.22.bb +++ /dev/null @@ -1,39 +0,0 @@ -SUMMARY = "Authen::Radius - provide simple Radius client facilities" -DESCRIPTION = "The Authen::Radius module provides a simple class that \ - allows you to send/receive Radius requests/responses to/from a \ - Radius server. \ -" - -HOMEPAGE = "http://search.cpan.org/~manowar/RadiusPerl" -SECTION = "libs" - -LICENSE = "Artistic-2.0" -LIC_FILES_CHKSUM = "file://LICENSE;md5=78ab6ea0cba1f1ec1680ebb149e3bc11" - -DEPENDS = "perl" - -SRC_URI = "http://search.cpan.org/CPAN/authors/id/M/MA/MANOWAR/RadiusPerl-${PV}.tar.gz \ - file://test.pl-adjust-for-ptest.patch \ - file://run-ptest \ -" -SRC_URI[md5sum] = "d1fe2d6ecf7ea99299e4e3a8f945aad8" -SRC_URI[sha256sum] = "3b276506986ccaa4949d92b13ce053a0017ad11562a991cc753364923fe81ca7" - -S = "${WORKDIR}/Authen-Radius-${PV}" - -inherit cpan ptest - -do_install_ptest() { - install -m 0755 ${S}/test.pl ${D}${PTEST_PATH} -} - -RDEPENDS_${PN} += "\ - libdata-hexdump-perl \ - perl-module-digest-md5 \ - perl-module-data-dumper \ - perl-module-io-select \ - perl-module-io-socket \ -" -RDEPENDS_${PN}-ptest += "${PN} freeradius" - -BBCLASSEXTEND = "native" diff --git a/meta-networking/recipes-devtools/python/python-ldap_2.4.41.bb b/meta-networking/recipes-devtools/python/python-ldap_2.4.41.bb deleted file mode 100644 index 3dbc8b13e5..0000000000 --- a/meta-networking/recipes-devtools/python/python-ldap_2.4.41.bb +++ /dev/null @@ -1,29 +0,0 @@ -# -# Copyright (C) 2012 Wind River Systems, Inc. -# -SUMMARY = "Provides a wrapper in Python to LDAP" -DESCRIPTION = "This module provides access to the LDAP \ -(Lightweight Directory Access Protocol) through Python operations \ -instead of C API. The module mainly acts as a wrapper for the \ -OpenLDAP 2.x libraries. Errors will appear as exceptions." - -LICENSE = "PSF" -HOMEPAGE = "http://www.python-ldap.org/" -DEPENDS = "python openldap cyrus-sasl" - -PYPI_PACKAGE = "python-ldap" -inherit pypi setuptools - -LIC_FILES_CHKSUM = "file://LICENCE;md5=a41c82edffa04912007cae1d20cac555" -SRC_URI[md5sum] = "18db2d009150ec1864710fea3ed76173" -SRC_URI[sha256sum] = "6d430ecf040f2fc704ee316d3390cb1f5419c191371e1e131baef54a0e42cef0" - -do_configure_prepend() { - sed -i -e 's:^library_dirs =.*::' setup.cfg - sed -i -e 's:^include_dirs =.*:include_dirs = =/usr/include/sasl/:' setup.cfg -} - -RDEPENDS_${PN} = " \ - ${PYTHON_PN}-pprint \ - ${PYTHON_PN}-threading \ -" diff --git a/meta-networking/recipes-devtools/python/python3-scapy/run-ptest b/meta-networking/recipes-devtools/python/python3-scapy/run-ptest new file mode 100644 index 0000000000..417e21053c --- /dev/null +++ b/meta-networking/recipes-devtools/python/python3-scapy/run-ptest @@ -0,0 +1,4 @@ +#!/bin/sh +python3 UTscapy.py -t regression.uts -f text -l -C \ + -o @PTEST_PATH@/scapy_ptest_$(date +%Y%m%d-%H%M%S).log \ + 2>&1 | sed -e 's/^passed None/PASS:/' -e 's/^failed None/FAIL:/' diff --git a/meta-networking/recipes-devtools/python/python3-scapy_2.5.0.bb b/meta-networking/recipes-devtools/python/python3-scapy_2.5.0.bb new file mode 100644 index 0000000000..d57cb977e4 --- /dev/null +++ b/meta-networking/recipes-devtools/python/python3-scapy_2.5.0.bb @@ -0,0 +1,44 @@ +SUMMARY = "Network scanning and manipulation tool" +DESCRIPTION = "Scapy is a powerful interactive packet manipulation program. \ +It is able to forge or decode packets of a wide number of protocols, send \ +them on the wire, capture them, match requests and replies, and much more. \ +It can easily handle most classical tasks like scanning, tracerouting, probing, \ +unit tests, attacks or network discovery (it can replace hping, 85% of nmap, \ +arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.). It also performs very \ +well at a lot of other specific tasks that most other tools can't handle, like \ +sending invalid frames, injecting your own 802.11 frames, combining technics \ +(VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, ...), etc." +SECTION = "security" +LICENSE = "GPL-2.0-only" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263" + +# If you want ptest support, use the git repo +# UTscapy does not exist in the pypi pkg +# +SRCREV = "0474c37bf1d147c969173d52ab3ac76d2404d981" +SRC_URI = "git://github.com/secdev/scapy.git;branch=master;protocol=https \ + file://run-ptest" + +S = "${WORKDIR}/git" + +UPSTREAM_CHECK_COMMITS = "1" + +inherit setuptools3 ptest + +do_install:append() { + mv ${D}${bindir}/scapy ${D}${bindir}/scapy3 +} + +do_install_ptest() { + install -m 0644 ${S}/scapy/tools/UTscapy.py ${D}${PTEST_PATH} + install -m 0644 ${S}/test/regression.uts ${D}${PTEST_PATH} + sed -i 's,@PTEST_PATH@,${PTEST_PATH},' ${D}${PTEST_PATH}/run-ptest +} + +RDEPENDS:${PN} = "tcpdump python3-compression python3-cryptography python3-netclient \ + python3-netserver python3-pydoc python3-pkgutil python3-shell \ + python3-threading python3-numbers python3-fcntl python3-logging \ + python3-difflib" +RDEPENDS:${PN}-ptest += "python3-json python3-mock python3-multiprocessing \ + iproute2 tshark" |