From b315c1a024d8b1d1444934de738bb7a239eae9aa Mon Sep 17 00:00:00 2001 From: Peiran Hong Date: Mon, 23 Sep 2019 13:54:32 -0400 Subject: nmap: Update to 7.80 Updates nmap to v7.80, this solves the following CVEs: - CVE-2017-18594 - CVE-2018-15173 and addressed numerous bugs as well. The patch '0001-include-time.h-for-time-structure-definition.patch' is modified to be applicable to the new version while serving for the same purpose. The license changed in the commit https://github.com/nmap/nmap/commit/d639a53 and is only a date bump without modification of any content in the license. Signed-off-by: Peiran Hong Signed-off-by: Khem Raj --- ...e-time.h-header-to-pass-clang-compilation.patch | 73 ++++++++++++++++++++ ...lude-time.h-for-time-structure-definition.patch | 78 ---------------------- meta-oe/recipes-security/nmap/nmap_7.70.bb | 52 --------------- meta-oe/recipes-security/nmap/nmap_7.80.bb | 52 +++++++++++++++ 4 files changed, 125 insertions(+), 130 deletions(-) create mode 100644 meta-oe/recipes-security/nmap/files/0001-Include-time.h-header-to-pass-clang-compilation.patch delete mode 100644 meta-oe/recipes-security/nmap/files/0001-include-time.h-for-time-structure-definition.patch delete mode 100644 meta-oe/recipes-security/nmap/nmap_7.70.bb create mode 100644 meta-oe/recipes-security/nmap/nmap_7.80.bb diff --git a/meta-oe/recipes-security/nmap/files/0001-Include-time.h-header-to-pass-clang-compilation.patch b/meta-oe/recipes-security/nmap/files/0001-Include-time.h-header-to-pass-clang-compilation.patch new file mode 100644 index 0000000000..f93af2d793 --- /dev/null +++ b/meta-oe/recipes-security/nmap/files/0001-Include-time.h-header-to-pass-clang-compilation.patch @@ -0,0 +1,73 @@ +From a068952a20880fc864e8cb8b49f8a6b143a5ac30 Mon Sep 17 00:00:00 2001 +From: Peiran Hong +Date: Fri, 20 Sep 2019 15:02:45 -0400 +Subject: [PATCH] Include time.h header to pass clang compilation + +--- + nmap_error.cc | 11 +---------- + nping/EchoServer.cc | 1 + + osscan2.cc | 1 + + service_scan.cc | 1 + + 4 files changed, 4 insertions(+), 10 deletions(-) + +diff --git a/nmap_error.cc b/nmap_error.cc +index 588b13c33..254107ff5 100644 +--- a/nmap_error.cc ++++ b/nmap_error.cc +@@ -135,16 +135,7 @@ + #include "xml.h" + + #include +-#if TIME_WITH_SYS_TIME +-# include +-# include +-#else +-# if HAVE_SYS_TIME_H +-# include +-# else +-# include +-# endif +-#endif ++#include + + extern NmapOps o; + +diff --git a/nping/EchoServer.cc b/nping/EchoServer.cc +index ccdcf9c2d..c403aeda5 100644 +--- a/nping/EchoServer.cc ++++ b/nping/EchoServer.cc +@@ -137,6 +137,7 @@ + #include "NpingOps.h" + #include "ProbeMode.h" + #include ++#include + + extern NpingOps o; + extern EchoServer es; +diff --git a/osscan2.cc b/osscan2.cc +index aa31feb12..89673e108 100644 +--- a/osscan2.cc ++++ b/osscan2.cc +@@ -147,6 +147,7 @@ + + #include + #include ++#include + + extern NmapOps o; + #ifdef WIN32 +diff --git a/service_scan.cc b/service_scan.cc +index 57a92ed28..ef277bb1f 100644 +--- a/service_scan.cc ++++ b/service_scan.cc +@@ -145,6 +145,7 @@ + #include "nmap_tty.h" + + #include ++#include + + #if HAVE_OPENSSL + /* OpenSSL 1.0.0 needs _WINSOCKAPI_ to be defined, otherwise it loads +-- +2.21.0 + diff --git a/meta-oe/recipes-security/nmap/files/0001-include-time.h-for-time-structure-definition.patch b/meta-oe/recipes-security/nmap/files/0001-include-time.h-for-time-structure-definition.patch deleted file mode 100644 index 561c8c82cf..0000000000 --- a/meta-oe/recipes-security/nmap/files/0001-include-time.h-for-time-structure-definition.patch +++ /dev/null @@ -1,78 +0,0 @@ -From c774f2b129fd5acd5647d92c57a2079ae638a62b Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Sun, 20 Jan 2019 23:07:39 -0800 -Subject: [PATCH] include time.h for time structure definition - -Exposed by musl/clang - -Upstream-Status: Pending - -Signed-off-by: Khem Raj ---- - nmap_error.cc | 1 + - nping/EchoServer.cc | 1 + - osscan.cc | 1 + - osscan2.cc | 1 + - service_scan.cc | 1 + - 5 files changed, 5 insertions(+) - -diff --git a/nmap_error.cc b/nmap_error.cc -index 19beafb..ea14e08 100644 ---- a/nmap_error.cc -+++ b/nmap_error.cc -@@ -135,6 +135,7 @@ - #include "xml.h" - - #include -+#include - - extern NmapOps o; - -diff --git a/nping/EchoServer.cc b/nping/EchoServer.cc -index 70f39b0..40cd4d6 100644 ---- a/nping/EchoServer.cc -+++ b/nping/EchoServer.cc -@@ -137,6 +137,7 @@ - #include "NpingOps.h" - #include "ProbeMode.h" - #include -+#include - - extern NpingOps o; - extern EchoServer es; -diff --git a/osscan.cc b/osscan.cc -index f851f60..6ae0c83 100644 ---- a/osscan.cc -+++ b/osscan.cc -@@ -149,6 +149,7 @@ - # include - # endif - #endif -+#include - - #include - #include -diff --git a/osscan2.cc b/osscan2.cc -index e341947..887fbd2 100644 ---- a/osscan2.cc -+++ b/osscan2.cc -@@ -147,6 +147,7 @@ - - #include - #include -+#include - - extern NmapOps o; - #ifdef WIN32 -diff --git a/service_scan.cc b/service_scan.cc -index 9780ae3..e07b940 100644 ---- a/service_scan.cc -+++ b/service_scan.cc -@@ -145,6 +145,7 @@ - #include "nmap_tty.h" - - #include -+#include - - #if HAVE_OPENSSL - /* OpenSSL 1.0.0 needs _WINSOCKAPI_ to be defined, otherwise it loads diff --git a/meta-oe/recipes-security/nmap/nmap_7.70.bb b/meta-oe/recipes-security/nmap/nmap_7.70.bb deleted file mode 100644 index b1b150a7d0..0000000000 --- a/meta-oe/recipes-security/nmap/nmap_7.70.bb +++ /dev/null @@ -1,52 +0,0 @@ -SUMMARY = "network auditing tool" -DESCRIPTION = "Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing.\nGui support via appending to IMAGE_FEATURES x11-base in local.conf" -SECTION = "security" -LICENSE = "GPL-2.0" - -LIC_FILES_CHKSUM = "file://COPYING;beginline=7;endline=12;md5=1489288f46af415fadc4e8b6345ab9f4" - -SRC_URI = "http://nmap.org/dist/${BP}.tar.bz2 \ - file://nmap-redefine-the-python-library-dir.patch \ - file://nmap-replace-shtool-mkdir-with-coreutils-mkdir-command.patch \ - file://0001-include-time.h-for-time-structure-definition.patch \ - file://0002-Fix-building-with-libc.patch \ - " - -SRC_URI[md5sum] = "84eb6fbe788e0d4918c2b1e39421bf79" -SRC_URI[sha256sum] = "847b068955f792f4cc247593aca6dc3dc4aae12976169873247488de147a6e18" - -inherit autotools-brokensep pkgconfig pythonnative - -PACKAGECONFIG ?= "ncat nping ndiff pcap" - -PACKAGECONFIG[pcap] = "--with-pcap=linux, --without-pcap, libpcap, libpcap" -PACKAGECONFIG[pcre] = "--with-libpcre=${STAGING_LIBDIR}/.., --with-libpcre=included, libpcre" -PACKAGECONFIG[ssl] = "--with-openssl=${STAGING_LIBDIR}/.., --without-openssl, openssl, openssl" -PACKAGECONFIG[ssh2] = "--with-openssh2=${STAGING_LIBDIR}/.., --without-openssh2, libssh2, libssh2" -PACKAGECONFIG[libz] = "--with-libz=${STAGING_LIBDIR}/.., --without-libz, zlib, zlib" - -#disable/enable packages -PACKAGECONFIG[nping] = ",--without-nping," -PACKAGECONFIG[ncat] = ",--without-ncat," -PACKAGECONFIG[ndiff] = ",--without-ndiff,python" -PACKAGECONFIG[update] = ",--without-nmap-update," - -EXTRA_OECONF = "--with-libdnet=included --with-liblinear=included --without-subversion --with-liblua=included" - -# zenmap needs python-pygtk which has been removed -# it also only works with python2 -# disable for now until py3 is supported -EXTRA_OECONF += "--without-zenmap" - -export PYTHON_SITEPACKAGES_DIR - -do_configure() { - autoconf - install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.guess ${S} - install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.sub ${S} - oe_runconf -} - -FILES_${PN} += "${PYTHON_SITEPACKAGES_DIR} ${datadir}/ncat" - -RDEPENDS_${PN} = "python" diff --git a/meta-oe/recipes-security/nmap/nmap_7.80.bb b/meta-oe/recipes-security/nmap/nmap_7.80.bb new file mode 100644 index 0000000000..f24194da76 --- /dev/null +++ b/meta-oe/recipes-security/nmap/nmap_7.80.bb @@ -0,0 +1,52 @@ +SUMMARY = "network auditing tool" +DESCRIPTION = "Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing.\nGui support via appending to IMAGE_FEATURES x11-base in local.conf" +SECTION = "security" +LICENSE = "GPL-2.0" + +LIC_FILES_CHKSUM = "file://COPYING;beginline=7;endline=12;md5=66938a7e5b4c118eda78271de14874c2" + +SRC_URI = "http://nmap.org/dist/${BP}.tar.bz2 \ + file://nmap-redefine-the-python-library-dir.patch \ + file://nmap-replace-shtool-mkdir-with-coreutils-mkdir-command.patch \ + file://0001-Include-time.h-header-to-pass-clang-compilation.patch \ + file://0002-Fix-building-with-libc.patch \ + " + +SRC_URI[md5sum] = "d37b75b06d1d40f27b76d60db420a1f5" +SRC_URI[sha256sum] = "fcfa5a0e42099e12e4bf7a68ebe6fde05553383a682e816a7ec9256ab4773faa" + +inherit autotools-brokensep pkgconfig pythonnative + +PACKAGECONFIG ?= "ncat nping ndiff pcap" + +PACKAGECONFIG[pcap] = "--with-pcap=linux, --without-pcap, libpcap, libpcap" +PACKAGECONFIG[pcre] = "--with-libpcre=${STAGING_LIBDIR}/.., --with-libpcre=included, libpcre" +PACKAGECONFIG[ssl] = "--with-openssl=${STAGING_LIBDIR}/.., --without-openssl, openssl, openssl" +PACKAGECONFIG[ssh2] = "--with-openssh2=${STAGING_LIBDIR}/.., --without-openssh2, libssh2, libssh2" +PACKAGECONFIG[libz] = "--with-libz=${STAGING_LIBDIR}/.., --without-libz, zlib, zlib" + +#disable/enable packages +PACKAGECONFIG[nping] = ",--without-nping," +PACKAGECONFIG[ncat] = ",--without-ncat," +PACKAGECONFIG[ndiff] = ",--without-ndiff,python" +PACKAGECONFIG[update] = ",--without-nmap-update," + +EXTRA_OECONF = "--with-libdnet=included --with-liblinear=included --without-subversion --with-liblua=included" + +# zenmap needs python-pygtk which has been removed +# it also only works with python2 +# disable for now until py3 is supported +EXTRA_OECONF += "--without-zenmap" + +export PYTHON_SITEPACKAGES_DIR + +do_configure() { + autoconf + install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.guess ${S} + install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.sub ${S} + oe_runconf +} + +FILES_${PN} += "${PYTHON_SITEPACKAGES_DIR} ${datadir}/ncat" + +RDEPENDS_${PN} = "python" -- cgit 1.2.3-korg