diff --git a/meta-oe/recipes-security/nmap/nmap-7.92/0001-redefine-the-python-library-install-dir.patch b/meta-oe/recipes-security/nmap/nmap-7.92/0001-redefine-the-python-library-install-dir.patch new file mode 100644 index 0000000000..6298f7ea26 --- /dev/null +++ b/meta-oe/recipes-security/nmap/nmap-7.92/0001-redefine-the-python-library-install-dir.patch @@ -0,0 +1,31 @@ +From 67b4614ea529460dca9326bfe5d355bad6f9bdee Mon Sep 17 00:00:00 2001 +From: Roy Li +Date: Sun, 27 Apr 2025 16:33:08 +0800 +Subject: [PATCH] redefine the python library install dir + +If install-lib is not defined, it is always /usr/lib/, but it +maybe /usr/lib64 for multilib + +Upstream-Status: Pending + +Signed-off-by: Roy Li +--- + Makefile.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile.in b/Makefile.in +index ccfceda..6b25d27 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -387,7 +387,7 @@ build-nping: $(NPINGDIR)/Makefile build-nbase build-nsock build-netutil $(NPINGD + @cd $(NPINGDIR) && $(MAKE) + + install-ndiff: +- cd $(NDIFFDIR) && $(PYTHON) setup.py install --prefix "$(prefix)" $(if $(DESTDIR),--root "$(DESTDIR)") ++ cd $(NDIFFDIR) && $(PYTHON) setup.py install --prefix "$(prefix)" --install-lib="${PYTHON_SITEPACKAGES_DIR}" $(if $(DESTDIR),--root "$(DESTDIR)") + + NSE_FILES = scripts/script.db scripts/*.nse + NSE_LIB_LUA_FILES = nselib/*.lua nselib/*.luadoc +-- +2.34.1 + diff --git a/meta-oe/recipes-security/nmap/nmap-7.92/0002-replace-.-shtool-mkdir-with-coreutils-mkdir-command.patch b/meta-oe/recipes-security/nmap/nmap-7.92/0002-replace-.-shtool-mkdir-with-coreutils-mkdir-command.patch new file mode 100644 index 0000000000..f81e230b28 --- /dev/null +++ b/meta-oe/recipes-security/nmap/nmap-7.92/0002-replace-.-shtool-mkdir-with-coreutils-mkdir-command.patch @@ -0,0 +1,38 @@ +From 783333de42b06020f5c0852c415cd34972a773fb Mon Sep 17 00:00:00 2001 +From: Roy Li +Date: Sun, 27 Apr 2025 16:35:11 +0800 +Subject: [PATCH] replace "./shtool mkdir" with coreutils mkdir command + +"./shtool mkdir" is used when mkdir has not -p parameter, but mkdir in +today most release has supportted the -p parameter, not need to use +shtool, and it can not fix the race if two process are running mkdir to +create same dir + +Upstream-Status: Pending + +Signed-off-by: Roy Li +--- + ncat/Makefile.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/ncat/Makefile.in b/ncat/Makefile.in +index 4632a78..11a5e7c 100644 +--- a/ncat/Makefile.in ++++ b/ncat/Makefile.in +@@ -166,11 +166,11 @@ $(NSOCKDIR)/libnsock.a: $(NSOCKDIR)/Makefile + + install: $(TARGET) + @echo Installing Ncat; +- $(SHTOOL) mkdir -f -p -m 755 $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1 ++ mkdir -p -m 755 $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1 + $(INSTALL) -c -m 755 ncat $(DESTDIR)$(bindir)/ncat + $(STRIP) -x $(DESTDIR)$(bindir)/ncat + if [ -n "$(DATAFILES)" ]; then \ +- $(SHTOOL) mkdir -f -p -m 755 $(DESTDIR)$(pkgdatadir); \ ++ mkdir -p -m 755 $(DESTDIR)$(pkgdatadir); \ + $(INSTALL) -c -m 644 $(DATAFILES) $(DESTDIR)$(pkgdatadir)/; \ + fi + $(INSTALL) -c -m 644 docs/$(TARGET).1 $(DESTDIR)$(mandir)/man1/$(TARGET).1 +-- +2.34.1 + diff --git a/meta-oe/recipes-security/nmap/nmap-7.92/0003-Include-time.h-header-to-pass-clang-compilation.patch b/meta-oe/recipes-security/nmap/nmap-7.92/0003-Include-time.h-header-to-pass-clang-compilation.patch new file mode 100644 index 0000000000..b940124f98 --- /dev/null +++ b/meta-oe/recipes-security/nmap/nmap-7.92/0003-Include-time.h-header-to-pass-clang-compilation.patch @@ -0,0 +1,76 @@ +From e9d876bedc8a7bc96856ecf38bbeeafee2d5b206 Mon Sep 17 00:00:00 2001 +From: Peiran Hong +Date: Fri, 20 Sep 2019 15:02:45 -0400 +Subject: [PATCH] Include time.h header to pass clang compilation + +Upstream-Status: Pending + +Signed-off-by: Peiran Hong +--- + nmap_error.cc | 11 +---------- + nping/EchoServer.cc | 1 + + osscan2.cc | 1 + + service_scan.cc | 1 + + 4 files changed, 4 insertions(+), 10 deletions(-) + +diff --git a/nmap_error.cc b/nmap_error.cc +index 5ec938f..83ba6cc 100644 +--- a/nmap_error.cc ++++ b/nmap_error.cc +@@ -67,16 +67,7 @@ + #include "xml.h" + + #include +-#if TIME_WITH_SYS_TIME +-# include +-# include +-#else +-# if HAVE_SYS_TIME_H +-# include +-# else +-# include +-# endif +-#endif ++#include + + extern NmapOps o; + +diff --git a/nping/EchoServer.cc b/nping/EchoServer.cc +index dea2851..c80efb4 100644 +--- a/nping/EchoServer.cc ++++ b/nping/EchoServer.cc +@@ -69,6 +69,7 @@ + #include "NpingOps.h" + #include "ProbeMode.h" + #include ++#include + + extern NpingOps o; + extern EchoServer es; +diff --git a/osscan2.cc b/osscan2.cc +index efe6da0..392c65f 100644 +--- a/osscan2.cc ++++ b/osscan2.cc +@@ -80,6 +80,7 @@ + + #include + #include ++#include + + extern NmapOps o; + #ifdef WIN32 +diff --git a/service_scan.cc b/service_scan.cc +index 66e0d92..161f2a1 100644 +--- a/service_scan.cc ++++ b/service_scan.cc +@@ -77,6 +77,7 @@ + #include "nmap_tty.h" + + #include ++#include + + #if HAVE_OPENSSL + /* OpenSSL 1.0.0 needs _WINSOCKAPI_ to be defined, otherwise it loads +-- +2.34.1 + diff --git a/meta-oe/recipes-security/nmap/nmap-7.92/0004-Fix-building-with-libc.patch b/meta-oe/recipes-security/nmap/nmap-7.92/0004-Fix-building-with-libc.patch new file mode 100644 index 0000000000..295abe6d50 --- /dev/null +++ b/meta-oe/recipes-security/nmap/nmap-7.92/0004-Fix-building-with-libc.patch @@ -0,0 +1,79 @@ +From 4c54b00e6f3749924532c2636eae01daff9e4bcd Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Sun, 20 Jan 2019 23:11:56 -0800 +Subject: [PATCH] Fix building with libc++ + +Upstream-Status: Pending + +Signed-off-by: Khem Raj +--- + nping/EchoServer.cc | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/nping/EchoServer.cc b/nping/EchoServer.cc +index c80efb4..914bd54 100644 +--- a/nping/EchoServer.cc ++++ b/nping/EchoServer.cc +@@ -214,14 +214,14 @@ int EchoServer::nep_listen_socket(){ + server_addr6.sin6_len = sizeof(struct sockaddr_in6); + #endif + /* Bind to local address and the specified port */ +- if( bind(master_sd, (struct sockaddr *)&server_addr6, sizeof(server_addr6)) != 0 ){ ++ if( ::bind(master_sd, (struct sockaddr *)&server_addr6, sizeof(server_addr6)) != 0 ){ + nping_warning(QT_3, "Failed to bind to source address %s. Trying to bind to port %d...", IPtoa(server_addr6.sin6_addr), port); + /* If the bind failed for the supplied address, just try again with in6addr_any */ + if( o.spoofSource() ){ + server_addr6.sin6_addr = in6addr_any; +- if( bind(master_sd, (struct sockaddr *)&server_addr6, sizeof(server_addr6)) != 0 ){ ++ if( ::bind(master_sd, (struct sockaddr *)&server_addr6, sizeof(server_addr6)) != 0 ){ + nping_fatal(QT_3, "Could not bind to port %d (%s).", port, strerror(errno)); +- }else{ ++ }else{ + nping_print(VB_1, "Server bound to port %d", port); + } + } +@@ -252,12 +252,12 @@ int EchoServer::nep_listen_socket(){ + #endif + + /* Bind to local address and the specified port */ +- if( bind(master_sd, (struct sockaddr *)&server_addr4, sizeof(server_addr4)) != 0 ){ ++ if( ::bind(master_sd, (struct sockaddr *)&server_addr4, sizeof(server_addr4)) != 0 ){ + nping_warning(QT_3, "Failed to bind to source address %s. Trying to bind to port %d...", IPtoa(server_addr4.sin_addr), port); + /* If the bind failed for the supplied address, just try again with in6addr_any */ + if( o.spoofSource() ){ + server_addr4.sin_addr.s_addr=INADDR_ANY; +- if( bind(master_sd, (struct sockaddr *)&server_addr4, sizeof(server_addr4)) != 0 ){ ++ if( ::bind(master_sd, (struct sockaddr *)&server_addr4, sizeof(server_addr4)) != 0 ){ + nping_fatal(QT_3, "Could not bind to port %d (%s).", port, strerror(errno)); + }else{ + nping_print(VB_1, "Server bound to port %d", port); +@@ -493,7 +493,7 @@ clientid_t EchoServer::nep_match_headers(IPv4Header *ip4, IPv6Header *ip6, TCPHe + nping_print(DBG_3, ";"); + /* The payload magic may affect the score only between + * zero and 4 bytes. This is done to prevent long +- * common strings like "GET / HTTP/1.1\r\n" ++ * common strings like "GET / HTTP/1.1\r\n" + * increasing the score a lot and cause problems for + * the matching logic. */ + current_score+= MIN(4, fspec->len)*FACTOR_PAYLOAD_MAGIC; +@@ -503,7 +503,7 @@ clientid_t EchoServer::nep_match_headers(IPv4Header *ip4, IPv6Header *ip6, TCPHe + default: + nping_warning(QT_2, "Bogus field specifier found in client #%d context. Please report a bug", ctx->getIdentifier()); + break; +- } ++ } + } /* End of field specifiers loop */ + + nping_print(DBG_3, "%s() current_score=%.02f candidate_score=%.02f", __func__, current_score, candidate_score); +@@ -582,7 +582,7 @@ clientid_t EchoServer::nep_match_packet(const u8 *pkt, size_t pktlen){ + }else{ + if( (tcplen=tcp.validate())==OP_FAILURE){ + return CLIENT_NOT_FOUND; +- }else{ ++ }else{ + if( (int)pktlen > (iplen+tcplen) ){ + if( payload.storeRecvData(pkt+iplen+tcplen, pktlen-iplen-tcplen)!=OP_FAILURE) + payload_included=true; +-- +2.34.1 + diff --git a/meta-oe/recipes-security/nmap/nmap-7.92/0005-fix-racing-between-build-ncat-and-build-lua.patch b/meta-oe/recipes-security/nmap/nmap-7.92/0005-fix-racing-between-build-ncat-and-build-lua.patch new file mode 100644 index 0000000000..f660719640 --- /dev/null +++ b/meta-oe/recipes-security/nmap/nmap-7.92/0005-fix-racing-between-build-ncat-and-build-lua.patch @@ -0,0 +1,55 @@ +From c1b436da46a7e3089b657f3f92308defc0ebb735 Mon Sep 17 00:00:00 2001 +From: Hongxu Jia +Date: Sun, 9 Feb 2025 00:45:36 +0000 +Subject: [PATCH] fix racing between build-ncat and build-lua + +There are two build-lua rules, one in Makefile.in, another in +ncat/Makefile.in which is required by build-ncat + +Build them may cause potential racing + +$ bitbake lib32-nmap +$ grep -e "Compiling liblua" -e 'nmap-7.95/liblua' -e ": error" -n patch-to/temp/log.do_compile +Compiling liblua +make[1]: Entering directory 'path-to/build/tmp/work/corei7-32-wrsmllib32-linux/lib32-nmap/7.95/nmap-7.95/liblua' +Compiling liblua +make[2]: Entering directory 'path-to/build/tmp/work/corei7-32-wrsmllib32-linux/lib32-nmap/7.95/nmap-7.95/liblua' +make[2]: Leaving directory 'path-to/tmp/work/corei7-32-wrsmllib32-linux/lib32-nmap/7.95/nmap-7.95/liblua' +path-to/tmp/work/corei7-32-wrsmllib32-linux/lib32-nmap/7.95/recipe-sysroot-native/usr/bin/i686-wrsmllib32-linux/../../libexec/i686-wrsmllib32-linux/gcc/i686-wrsmllib32-linux/14.2.0/ld: ./../liblua/liblua.a: error adding symbols: no more archived files +collect2: error: ld returned 1 exit status +make[1]: Leaving directory 'path-to/tmp/work/corei7-32-wrsmllib32-linux/lib32-nmap/7.95/nmap-7.95/liblua' + +Explicitly make build-ncat depends on build-lua to avoid racing, +after applying the patch +... +Compiling liblua +make[1]: Entering directory 'path-to/tmp/work/corei7-32-wrsmllib32-linux/lib32-nmap/7.95/nmap-7.95/liblua' +make[1]: Leaving directory 'path-to/tmp/work/corei7-32-wrsmllib32-linux/lib32-nmap/7.95/nmap-7.95/liblua' +Compiling liblua +make[2]: Entering directory 'path-to/tmp/work/corei7-32-wrsmllib32-linux/lib32-nmap/7.95/nmap-7.95/liblua' +make[2]: Leaving directory 'path-to/tmp/work/corei7-32-wrsmllib32-linux/lib32-nmap/7.95/nmap-7.95/liblua' +... + +Upstream-Status: Submitted [https://github.com/nmap/nmap/pull/3025] + +Signed-off-by: Hongxu Jia +--- + Makefile.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile.in b/Makefile.in +index 6b25d27..b0a2719 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -159,7 +159,7 @@ build-netutil: libnetutil/Makefile + @echo Compiling libnetutil; + cd libnetutil && $(MAKE) + +-build-ncat: $(NCATDIR)/Makefile build-nbase build-nsock $(NCATDIR)/ncat.h @PCAP_BUILD@ ++build-ncat: $(NCATDIR)/Makefile build-nbase build-nsock build-lua $(NCATDIR)/ncat.h @PCAP_BUILD@ + cd $(NCATDIR) && $(MAKE) + + build-lua: $(LIBLUADIR)/Makefile +-- +2.34.1 + diff --git a/meta-oe/recipes-security/nmap/nmap-7.92/0006-Fix-build-with-libpcap-1.10.5.patch b/meta-oe/recipes-security/nmap/nmap-7.92/0006-Fix-build-with-libpcap-1.10.5.patch new file mode 100644 index 0000000000..4ee4a7295e --- /dev/null +++ b/meta-oe/recipes-security/nmap/nmap-7.92/0006-Fix-build-with-libpcap-1.10.5.patch @@ -0,0 +1,47 @@ +From ba7b4a8cc570f0ce154f186fbe840f0ac23b2b96 Mon Sep 17 00:00:00 2001 +From: Yi Zhao +Date: Mon, 28 Apr 2025 10:04:46 +0800 +Subject: [PATCH] Fix build with libpcap 1.10.5 + +Fixes: +In file included from /build/tmp/work/core2-64-poky-linux/nmap/7.92/recipe-sysroot/usr/include/pcap/pcap.h:130, + from /build/tmp/work/core2-64-poky-linux/nmap/7.92/recipe-sysroot/usr/include/pcap.h:43, + from tcpip.h:72, + from nse_nsock.cc:4: +nse_nsock.cc:36:3: error: expected identifier before 'int' + 36 | PCAP_SOCKET = lua_upvalueindex(3), /* pcap socket metatable */ + | ^~~~~~~~~~~ +nse_nsock.cc:36:3: error: expected '}' before 'int' +nse_nsock.cc:33:6: note: to match this '{' + 33 | enum { + | ^ +nse_nsock.cc:36:15: error: expected unqualified-id before '=' token + 36 | PCAP_SOCKET = lua_upvalueindex(3), /* pcap socket metatable */ + | ^ +nse_nsock.cc:40:1: error: expected declaration before '}' token + 40 | }; + | ^ + +Upstream-Status: Pending + +Signed-off-by: Yi Zhao +--- + nse_nsock.cc | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/nse_nsock.cc b/nse_nsock.cc +index 75ddeb6..a3c5186 100644 +--- a/nse_nsock.cc ++++ b/nse_nsock.cc +@@ -29,6 +29,8 @@ + + #define DEFAULT_TIMEOUT 30000 + ++#undef PCAP_SOCKET ++ + /* Upvalues for library variables */ + enum { + NSOCK_POOL = lua_upvalueindex(1), +-- +2.34.1 + diff --git a/meta-oe/recipes-security/nmap/nmap_7.92.bb b/meta-oe/recipes-security/nmap/nmap_7.92.bb new file mode 100644 index 0000000000..98969fe001 --- /dev/null +++ b/meta-oe/recipes-security/nmap/nmap_7.92.bb @@ -0,0 +1,66 @@ +SUMMARY = "network auditing tool" +DESCRIPTION = "Nmap (Network Mapper) is a free and open source (license) utility for network discovery and security auditing.\nGui support via appending to IMAGE_FEATURES x11-base in local.conf" +SECTION = "security" +LICENSE = "GPL-2.0-only" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=b8823a06822788010eae05b4f5e921b3" + +SRC_URI = "http://nmap.org/dist/${BP}.tar.bz2 \ + file://0001-redefine-the-python-library-install-dir.patch \ + file://0002-replace-.-shtool-mkdir-with-coreutils-mkdir-command.patch \ + file://0003-Include-time.h-header-to-pass-clang-compilation.patch \ + file://0004-Fix-building-with-libc.patch \ + file://0005-fix-racing-between-build-ncat-and-build-lua.patch \ + file://0006-Fix-build-with-libpcap-1.10.5.patch \ + " +SRC_URI[sha256sum] = "a5479f2f8a6b0b2516767d2f7189c386c1dc858d997167d7ec5cfc798c7571a1" + +UPSTREAM_CHECK_REGEX = "nmap-(?P\d+(\.\d+)+)\.tar" + +inherit autotools-brokensep pkgconfig python3native + +PACKAGECONFIG ?= "pcre ncat nping pcap" + +PACKAGECONFIG[pcap] = "--with-pcap=linux, --without-pcap, libpcap, libpcap" +PACKAGECONFIG[pcre] = "--with-libpcre=${STAGING_LIBDIR}/.., --with-libpcre=included, libpcre" +PACKAGECONFIG[ssl] = "--with-openssl=${STAGING_LIBDIR}/.., --without-openssl, openssl, openssl" +PACKAGECONFIG[ssh2] = "--with-openssh2=${STAGING_LIBDIR}/.., --without-openssh2, libssh2, libssh2" +PACKAGECONFIG[libz] = "--with-libz=${STAGING_LIBDIR}/.., --without-libz, zlib, zlib" + +# disable/enable packages +PACKAGECONFIG[nping] = ",--without-nping," +PACKAGECONFIG[ncat] = ",--without-ncat," +PACKAGECONFIG[ndiff] = "--with-ndiff=yes,--without-ndiff,python3 python3-setuptools-native" +PACKAGECONFIG[update] = ",--without-nmap-update," + +EXTRA_OECONF = "--with-libdnet=included --with-liblinear=included --without-subversion --with-liblua=included" + +# zenmap needs python-pygtk which has been removed +# it also only works with python2 +# disable for now until py3 is supported +EXTRA_OECONF += "--without-zenmap" + +export PYTHON_SITEPACKAGES_DIR + +do_configure() { + autoconf + install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.guess ${S} + install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.sub ${S} + oe_runconf +} + +do_install:append() { + for f in ndiff uninstall_ndiff; do + if [ -f ${D}${bindir}/$f ]; then + sed -i 's@^#!.*$@#!/usr/bin/env python3@g' ${D}${bindir}/$f + fi + done +} + +FILES:${PN} += "${PYTHON_SITEPACKAGES_DIR} ${datadir}/ncat" + +RDEPENDS:${PN} += " \ + python3-difflib \ + python3-asyncio \ + python3-xml \ +"