[yocto] [meta-security][PATCH] ncrack: update to tip
Signed-off-by: Scott Ellis --- recipes-security/ncrack/ncrack_0.7.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/recipes-security/ncrack/ncrack_0.7.bb b/recipes-security/ncrack/ncrack_0.7.bb index 06ba2b6..ba26965 100644 --- a/recipes-security/ncrack/ncrack_0.7.bb +++ b/recipes-security/ncrack/ncrack_0.7.bb @@ -4,9 +4,9 @@ HOMEPAGE = "https://nmap.org/ncrack; SECTION = "security" LICENSE = "GPL-2.0" -LIC_FILES_CHKSUM = "file://COPYING;md5=198fa93d4e80225839e595336f3b5ff0" +LIC_FILES_CHKSUM = "file://COPYING;beginline=7;endline=12;md5=66938a7e5b4c118eda78271de14874c2" -SRCREV = "3a793a21820708466081825beda9fce857f36cb6" +SRCREV = "dc570e7e3cec1fb176c0168eaedc723084bd0426" SRC_URI = "git://github.com/nmap/ncrack.git" DEPENDS = "openssl zlib" -- 2.7.4 -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-security][PATCH] checksec: Remove old script
Should have been removed in previous patch.
Signed-off-by: Scott Ellis
---
recipes-security/checksec/files/checksec.sh | 882
1 file changed, 882 deletions(-)
delete mode 100644 recipes-security/checksec/files/checksec.sh
diff --git a/recipes-security/checksec/files/checksec.sh
b/recipes-security/checksec/files/checksec.sh
deleted file mode 100644
index dd1f72e..000
--- a/recipes-security/checksec/files/checksec.sh
+++ /dev/null
@@ -1,882 +0,0 @@
-#!/bin/bash
-#
-# The BSD License (http://www.opensource.org/licenses/bsd-license.php)
-# specifies the terms and conditions of use for checksec.sh:
-#
-# Copyright (c) 2009-2011, Tobias Klein.
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# * Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# * Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in
-# the documentation and/or other materials provided with the
-# distribution.
-# * Neither the name of Tobias Klein nor the name of trapkit.de may be
-# used to endorse or promote products derived from this software
-# without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
-# OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
-# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
-# THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
-# DAMAGE.
-#
-# Name: checksec.sh
-# Version : 1.5
-# Author : Tobias Klein
-# Date: November 2011
-# Download: http://www.trapkit.de/tools/checksec.html
-# Changes : http://www.trapkit.de/tools/checksec_changes.txt
-#
-# Description:
-#
-# Modern Linux distributions offer some mitigation techniques to make it
-# harder to exploit software vulnerabilities reliably. Mitigations such
-# as RELRO, NoExecute (NX), Stack Canaries, Address Space Layout
-# Randomization (ASLR) and Position Independent Executables (PIE) have
-# made reliably exploiting any vulnerabilities that do exist far more
-# challenging. The checksec.sh script is designed to test what *standard*
-# Linux OS and PaX (http://pax.grsecurity.net/) security features are being
-# used.
-#
-# As of version 1.3 the script also lists the status of various Linux kernel
-# protection mechanisms.
-#
-# Credits:
-#
-# Thanks to Brad Spengler (grsecurity.net) for the PaX support.
-# Thanks to Jon Oberheide (jon.oberheide.org) for the kernel support.
-# Thanks to Ollie Whitehouse (Research In Motion) for rpath/runpath support.
-#
-# Others that contributed to checksec.sh (in no particular order):
-#
-# Simon Ruderich, Denis Scherbakov, Stefan Kuttler, Radoslaw Madej,
-# Anthony G. Basile, Martin Vaeth and Brian Davis.
-#
-
-# global vars
-have_readelf=1
-verbose=false
-
-# FORTIFY_SOURCE vars
-FS_end=_chk
-FS_cnt_total=0
-FS_cnt_checked=0
-FS_cnt_unchecked=0
-FS_chk_func_libc=0
-FS_functions=0
-FS_libc=0
-
-# version information
-version() {
- echo "checksec v1.5, Tobias Klein, www.trapkit.de, November 2011"
- echo
-}
-
-# help
-help() {
- echo "Usage: checksec [OPTION]"
- echo
- echo "Options:"
- echo
- echo " --file "
- echo " --dir [-v]"
- echo " --proc "
- echo " --proc-all"
- echo " --proc-libs "
- echo " --kernel"
- echo " --fortify-file "
- echo " --fortify-proc "
- echo " --version"
- echo " --help"
- echo
- echo "For more information, see:"
- echo " http://www.trapkit.de/tools/checksec.html;
- echo
-}
-
-# check if command exists
-command_exists () {
- type $1 > /dev/null 2>&1;
-}
-
-# check if directory exists
-dir_exists () {
- if [ -d $1 ] ; then
-return 0
- else
-return 1
- fi
-}
-
-# check user privileges
-root_privs () {
- if [ $(/usr/bin/id -u) -eq 0 ] ; then
-return 0
- else
-return 1
- fi
-}
-
-# check if input is numeric
-isNumeric () {
- echo "$@" | grep -q -v "[^0-9]"
-}
-
-# check if input is a string
-isString () {
- echo "$@" | grep -q -v "[^A-Za-z]"
-}
-
-# check file(s)
-fil
[yocto] [meta-security][PATCH] checksec: Upgrade to latest upstream
More kernel checks, particularly arm64.
Signed-off-by: Scott Ellis
---
recipes-security/checksec/checksec_1.11.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/recipes-security/checksec/checksec_1.11.bb
b/recipes-security/checksec/checksec_1.11.bb
index 59a67bd..0ca6e07 100644
--- a/recipes-security/checksec/checksec_1.11.bb
+++ b/recipes-security/checksec/checksec_1.11.bb
@@ -6,7 +6,7 @@ HOMEPAGE="https://github.com/slimm609/checksec.sh;
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=93fddcca19f6c897871f9b5f9a035f4a"
-SRCREV = "a57e03c4f62dbaca0ec949bbc58491fb0c461447"
+SRCREV = "afcbaf954169771fc88ebba7727acdd2d26c27c7"
SRC_URI = "git://github.com/slimm609/checksec.sh"
S = "${WORKDIR}/git"
--
2.7.4
--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-security][PATCH] scapy: Fix shebang for python3
Both scapy and UTscapy have python in the shebang line
regardless of whether python3-scapy or python-scapy
was built.
Signed-off-by: Scott Ellis
---
recipes-security/scapy/python-scapy.inc | 7 +++
1 file changed, 7 insertions(+)
diff --git a/recipes-security/scapy/python-scapy.inc
b/recipes-security/scapy/python-scapy.inc
index f90b93d..43ef959 100644
--- a/recipes-security/scapy/python-scapy.inc
+++ b/recipes-security/scapy/python-scapy.inc
@@ -10,6 +10,13 @@ SRC_URI[sha256sum] =
"1baa048936207ceb1a4281a0e1e3b4317667c754872a0bb4734c5213c4
inherit pypi
+do_install_append() {
+if [ "${PYTHON_PN}" = "python3" ]; then
+sed -i -e 's/python/python3/' ${D}${bindir}/scapy
+sed -i -e 's/python/python3/' ${D}${bindir}/UTscapy
+fi
+}
+
RDEPENDS_${PN} = "tcpdump ${PYTHON_PN}-compression ${PYTHON_PN}-cryptography
${PYTHON_PN}-netclient \
${PYTHON_PN}-netserver ${PYTHON_PN}-pydoc
${PYTHON_PN}-pkgutil ${PYTHON_PN}-shell \
${PYTHON_PN}-threading ${PYTHON_PN}-numbers
${PYTHON_PN}-pycrypto"
--
2.7.4
--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-security][PATCH] scapy: Add python-cryptography to RDEPENDS
Signed-off-by: Scott Ellis
---
recipes-security/scapy/python-scapy.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/recipes-security/scapy/python-scapy.inc
b/recipes-security/scapy/python-scapy.inc
index 95e5312..f90b93d 100644
--- a/recipes-security/scapy/python-scapy.inc
+++ b/recipes-security/scapy/python-scapy.inc
@@ -10,6 +10,6 @@ SRC_URI[sha256sum] =
"1baa048936207ceb1a4281a0e1e3b4317667c754872a0bb4734c5213c4
inherit pypi
-RDEPENDS_${PN} = "tcpdump ${PYTHON_PN}-compression ${PYTHON_PN}-netclient \
+RDEPENDS_${PN} = "tcpdump ${PYTHON_PN}-compression ${PYTHON_PN}-cryptography
${PYTHON_PN}-netclient \
${PYTHON_PN}-netserver ${PYTHON_PN}-pydoc
${PYTHON_PN}-pkgutil ${PYTHON_PN}-shell \
${PYTHON_PN}-threading ${PYTHON_PN}-numbers
${PYTHON_PN}-pycrypto"
--
2.7.4
--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-security][PATCHv2] Upgrade scapy to 2.4.2
Upstream MANIFEST.in removed doc and test directories
so remove ptest.
Signed-off-by: Scott Ellis
---
recipes-security/scapy/files/run-ptest| 4
recipes-security/scapy/python-scapy.inc | 11 +++
recipes-security/scapy/python-scapy_2.4.0.bb | 6 --
recipes-security/scapy/python-scapy_2.4.2.bb | 4
recipes-security/scapy/python3-scapy_2.4.0.bb | 4
recipes-security/scapy/python3-scapy_2.4.2.bb | 2 ++
6 files changed, 9 insertions(+), 22 deletions(-)
delete mode 100755 recipes-security/scapy/files/run-ptest
delete mode 100644 recipes-security/scapy/python-scapy_2.4.0.bb
create mode 100644 recipes-security/scapy/python-scapy_2.4.2.bb
delete mode 100644 recipes-security/scapy/python3-scapy_2.4.0.bb
create mode 100644 recipes-security/scapy/python3-scapy_2.4.2.bb
diff --git a/recipes-security/scapy/files/run-ptest
b/recipes-security/scapy/files/run-ptest
deleted file mode 100755
index 91b29f9..000
--- a/recipes-security/scapy/files/run-ptest
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/sh
-UTscapy -t regression.uts -f text -l -C \
--o @PTEST_PATH@/scapy_ptest_$(date +%Y%m%d-%H%M%S).log \
-2>&1 | sed -e 's/^passed None/PASS:/' -e 's/^failed None/FAIL:/'
diff --git a/recipes-security/scapy/python-scapy.inc
b/recipes-security/scapy/python-scapy.inc
index 5abe7db..95e5312 100644
--- a/recipes-security/scapy/python-scapy.inc
+++ b/recipes-security/scapy/python-scapy.inc
@@ -5,15 +5,10 @@ LICENSE = "GPLv2"
LIC_FILES_CHKSUM =
"file://bin/scapy;beginline=9;endline=13;md5=1d5249872cc54cd4ca3d3879262d0c69"
-SRC_URI[md5sum] = "d7d3c4294f5a718e234775d38dbeb7ec"
-SRC_URI[sha256sum] =
"452f714f5c2eac6fd0a6146b1dbddfc24dd5f4103f3ed76227995a488cfb2b73"
+SRC_URI[md5sum] = "e6a03d8c924a6bbde1e86fc58bd2b9d6"
+SRC_URI[sha256sum] =
"1baa048936207ceb1a4281a0e1e3b4317667c754872a0bb4734c5213c468e86a"
-inherit pypi ptest
-
-do_install_ptest() {
-install -m 0644 ${S}/test/regression.uts ${D}${PTEST_PATH}
-sed -i 's,@PTEST_PATH@,${PTEST_PATH},' ${D}${PTEST_PATH}/run-ptest
-}
+inherit pypi
RDEPENDS_${PN} = "tcpdump ${PYTHON_PN}-compression ${PYTHON_PN}-netclient \
${PYTHON_PN}-netserver ${PYTHON_PN}-pydoc
${PYTHON_PN}-pkgutil ${PYTHON_PN}-shell \
diff --git a/recipes-security/scapy/python-scapy_2.4.0.bb
b/recipes-security/scapy/python-scapy_2.4.0.bb
deleted file mode 100644
index 98db1fd..000
--- a/recipes-security/scapy/python-scapy_2.4.0.bb
+++ /dev/null
@@ -1,6 +0,0 @@
-inherit setuptools
-require python-scapy.inc
-
-SRC_URI += "file://run-ptest"
-
-RDEPENDS_${PN} += "${PYTHON_PN}-subprocess"
diff --git a/recipes-security/scapy/python-scapy_2.4.2.bb
b/recipes-security/scapy/python-scapy_2.4.2.bb
new file mode 100644
index 000..ea8764a
--- /dev/null
+++ b/recipes-security/scapy/python-scapy_2.4.2.bb
@@ -0,0 +1,4 @@
+inherit setuptools
+require python-scapy.inc
+
+RDEPENDS_${PN} += "${PYTHON_PN}-subprocess"
diff --git a/recipes-security/scapy/python3-scapy_2.4.0.bb
b/recipes-security/scapy/python3-scapy_2.4.0.bb
deleted file mode 100644
index 93ca7be..000
--- a/recipes-security/scapy/python3-scapy_2.4.0.bb
+++ /dev/null
@@ -1,4 +0,0 @@
-inherit setuptools3
-require python-scapy.inc
-
-SRC_URI += "file://run-ptest"
diff --git a/recipes-security/scapy/python3-scapy_2.4.2.bb
b/recipes-security/scapy/python3-scapy_2.4.2.bb
new file mode 100644
index 000..34eb2a3
--- /dev/null
+++ b/recipes-security/scapy/python3-scapy_2.4.2.bb
@@ -0,0 +1,2 @@
+inherit setuptools3
+require python-scapy.inc
--
2.7.4
--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-security][python3-scapy] scapy script is broken
The shebang line in /usr/bin/scapy and /usr/bin/UTscapy is always set
for python not python3 and so doesn't work with the python3 scapy install.
This problem existed in the 2.4.0 version as well.
I am currently using this patch in my local repo to fix python3-scapy
builds.
diff --git a/recipes-security/scapy/python-scapy.inc
b/recipes-security/scapy/python-scapy.inc
index d5a70fe..97036e0 100644
--- a/recipes-security/scapy/python-scapy.inc
+++ b/recipes-security/scapy/python-scapy.inc
@@ -15,6 +15,20 @@ do_install_ptest() {
sed -i 's,@PTEST_PATH@,${PTEST_PATH},' ${D}${PTEST_PATH}/run-ptest
}
+do_install_append() {
+if [ "${PYTHON_BASEVERSION}" != "2.7" ]; then
+bbwarn "Fixing shebang line for scapy and UTscapy"
+
+if [ -e ${D}${bindir}/scapy ]; then
+ sed -i -e 's/python/python3/' ${D}${bindir}/scapy
+fi
+
+if [ -e ${D}${bindir}/UTscapy ]; then
+ sed -i -e 's/python/python3/' ${D}${bindir}/UTscapy
+fi
+fi
+}
+
...
scapy is just a small wrapper script to launch an interactive scrapy
session.
Adding the do_install_append() to the python3-scapy.bb doesn't work
(never gets called) so I had to add the PYTHON_BASEVERSION check and put
it in the *.inc
Open to suggestions on a better fix.
--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-security][PATCH] Upgrade scapy to 2.4.2
Signed-off-by: Scott Ellis
---
recipes-security/scapy/python-scapy.inc | 4 ++--
.../scapy/{python-scapy_2.4.0.bb => python-scapy_2.4.2.bb}| 0
.../scapy/{python3-scapy_2.4.0.bb => python3-scapy_2.4.2.bb} | 0
3 files changed, 2 insertions(+), 2 deletions(-)
rename recipes-security/scapy/{python-scapy_2.4.0.bb => python-scapy_2.4.2.bb}
(100%)
rename recipes-security/scapy/{python3-scapy_2.4.0.bb =>
python3-scapy_2.4.2.bb} (100%)
diff --git a/recipes-security/scapy/python-scapy.inc
b/recipes-security/scapy/python-scapy.inc
index 5abe7db..d5a70fe 100644
--- a/recipes-security/scapy/python-scapy.inc
+++ b/recipes-security/scapy/python-scapy.inc
@@ -5,8 +5,8 @@ LICENSE = "GPLv2"
LIC_FILES_CHKSUM =
"file://bin/scapy;beginline=9;endline=13;md5=1d5249872cc54cd4ca3d3879262d0c69"
-SRC_URI[md5sum] = "d7d3c4294f5a718e234775d38dbeb7ec"
-SRC_URI[sha256sum] =
"452f714f5c2eac6fd0a6146b1dbddfc24dd5f4103f3ed76227995a488cfb2b73"
+SRC_URI[md5sum] = "e6a03d8c924a6bbde1e86fc58bd2b9d6"
+SRC_URI[sha256sum] =
"1baa048936207ceb1a4281a0e1e3b4317667c754872a0bb4734c5213c468e86a"
inherit pypi ptest
diff --git a/recipes-security/scapy/python-scapy_2.4.0.bb
b/recipes-security/scapy/python-scapy_2.4.2.bb
similarity index 100%
rename from recipes-security/scapy/python-scapy_2.4.0.bb
rename to recipes-security/scapy/python-scapy_2.4.2.bb
diff --git a/recipes-security/scapy/python3-scapy_2.4.0.bb
b/recipes-security/scapy/python3-scapy_2.4.2.bb
similarity index 100%
rename from recipes-security/scapy/python3-scapy_2.4.0.bb
rename to recipes-security/scapy/python3-scapy_2.4.2.bb
--
2.17.1
--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-security][PATCH] Add recipe for ncrack
Ncrack is a network authentication cracking tool.
Signed-off-by: Scott Ellis
---
recipes-security/ncrack/ncrack_0.7.bb | 18 ++
1 file changed, 18 insertions(+)
create mode 100644 recipes-security/ncrack/ncrack_0.7.bb
diff --git a/recipes-security/ncrack/ncrack_0.7.bb
b/recipes-security/ncrack/ncrack_0.7.bb
new file mode 100644
index 000..06ba2b6
--- /dev/null
+++ b/recipes-security/ncrack/ncrack_0.7.bb
@@ -0,0 +1,18 @@
+SUMMARY = "Network authentication cracking tool"
+DESCRIPTION = "Ncrack is designed for high-speed parallel testing of network
devices for poor passwords."
+HOMEPAGE = "https://nmap.org/ncrack;
+SECTION = "security"
+
+LICENSE = "GPL-2.0"
+LIC_FILES_CHKSUM = "file://COPYING;md5=198fa93d4e80225839e595336f3b5ff0"
+
+SRCREV = "3a793a21820708466081825beda9fce857f36cb6"
+SRC_URI = "git://github.com/nmap/ncrack.git"
+
+DEPENDS = "openssl zlib"
+
+inherit autotools-brokensep
+
+S = "${WORKDIR}/git"
+
+INSANE_SKIP_${PN} = "already-stripped"
--
2.7.4
--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-security][PATCH] checksec: Upgrade to 1.11.0
Switch source to a more up to date github repo.
Signed-off-by: Scott Ellis
---
recipes-security/checksec/checksec_1.11.bb | 19 +++
1 file changed, 19 insertions(+)
create mode 100644 recipes-security/checksec/checksec_1.11.bb
diff --git a/recipes-security/checksec/checksec_1.11.bb
b/recipes-security/checksec/checksec_1.11.bb
new file mode 100644
index 000..59a67bd
--- /dev/null
+++ b/recipes-security/checksec/checksec_1.11.bb
@@ -0,0 +1,19 @@
+SUMMARY = "Linux system security checks"
+DESCRIPTION = "The checksec script is designed to test what standard Linux OS
and PaX security features are being used."
+SECTION = "security"
+LICENSE = "BSD"
+HOMEPAGE="https://github.com/slimm609/checksec.sh;
+
+LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=93fddcca19f6c897871f9b5f9a035f4a"
+
+SRCREV = "a57e03c4f62dbaca0ec949bbc58491fb0c461447"
+SRC_URI = "git://github.com/slimm609/checksec.sh"
+
+S = "${WORKDIR}/git"
+
+do_install() {
+install -d ${D}${bindir}
+install -m 0755 ${S}/checksec ${D}${bindir}
+}
+
+RDEPENDS_${PN} = "bash openssl-bin"
--
2.7.4
--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
[yocto] [PATCH] nikto: upgrade to 2.1.6 (v2)
Source now on github.
Signed-off-by: Scott Ellis
---
recipes-security/nikto/files/CVE-2018-11652.patch | 106 ---
recipes-security/nikto/files/location.patch | 32 +++---
recipes-security/nikto/nikto_2.1.5.bb | 108
recipes-security/nikto/nikto_2.1.6.bb | 118 ++
4 files changed, 134 insertions(+), 230 deletions(-)
delete mode 100644 recipes-security/nikto/files/CVE-2018-11652.patch
delete mode 100644 recipes-security/nikto/nikto_2.1.5.bb
create mode 100644 recipes-security/nikto/nikto_2.1.6.bb
diff --git a/recipes-security/nikto/files/CVE-2018-11652.patch
b/recipes-security/nikto/files/CVE-2018-11652.patch
deleted file mode 100644
index 5ddb169..000
--- a/recipes-security/nikto/files/CVE-2018-11652.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-From e759b3300aace5314fe3d30800c8bd83c81c29f7 Mon Sep 17 00:00:00 2001
-From: sullo
-Date: Thu, 31 May 2018 23:30:03 -0400
-Subject: [PATCH] Fix CSV injection issue if server responds with a malicious
- Server string & CSV output is opened in Excel or other spreadsheet app.
- Potentially malicious cell start characters are now prefaced with a ' mark.
- Thanks to Adam (@bytesoverbombs) for letting me know!
-
-Also fixed a crash in the outdated plugin if the $sepr field ends up being
something that triggers a panic in split().
-
-CVE: CVE-2018-11652
-Upstream-Status: Backport
-Signed-off-by: Nagalakshmi Veeramallu
- plugins/nikto_outdated.plugin | 2 +-
- plugins/nikto_report_csv.plugin | 42 +
- 2 files changed, 31 insertions(+), 13 deletions(-)
-
-diff --git a/plugins/nikto_outdated.plugin b/plugins/nikto_outdated.plugin
-index 72379cc..eb1d889 100644
a/plugins/nikto_outdated.plugin
-+++ b/plugins/nikto_outdated.plugin
-@@ -83,7 +83,7 @@ sub nikto_outdated {
- $sepr = substr($sepr, (length($sepr) - 1), 1);
-
- # break up ID string on $sepr
--my @T = split(/$sepr/, $mark->{'banner'});
-+my @T = split(/\\$sepr/, $mark->{'banner'});
-
- # assume last is version...
- for ($i = 0 ; $i < $#T ; $i++) { $MATCHSTRING .= "$T[$i] "; }
-diff --git a/plugins/nikto_report_csv.plugin b/plugins/nikto_report_csv.plugin
-index d13acab..b942e78 100644
a/plugins/nikto_report_csv.plugin
-+++ b/plugins/nikto_report_csv.plugin
-@@ -52,10 +52,12 @@ sub csv_open {
- sub csv_host_start {
- my ($handle, $mark) = @_;
- $mark->{'banner'} =~ s/"/\\"/g;
--print OUT "\"$mark->{'hostname'}\","
-- . "\"$mark->{'ip'}\","
-- . "\"$mark->{'port'}\"," . "\"\"," . "\"\"," . "\"\","
-- . "\"$mark->{'banner'}\"\n";
-+print $handle "\"" . csv_safecell($hostname) . "\","
-+ . "\"" . csv_safecell($mark->{'ip'}) . "\","
-+ . "\"" . csv_safecell($mark->{'port'}) . "\"," . "\"\"," . "\"\"," .
"\"\","
-+ #. "\"" . $mark->{'banner'} . "\"\n";
-+ . "\"" . csv_safecell($mark->{'banner'}) . "\"\n";
-+
- return;
- }
-
-@@ -65,26 +67,42 @@ sub csv_item {
- my ($handle, $mark, $item) = @_;
- foreach my $uri (split(' ', $item->{'uri'})) {
- my $line = '';
--$line .= "\"$item->{'mark'}->{'hostname'}\",";
--$line .= "\"$item->{'mark'}->{'ip'}\",";
--$line .= "\"$item->{'mark'}->{'port'}\",";
-+$line .= "\"" . csv_safecell($hostname) . "\",";
-+$line .= "\"" . csv_safecell($item->{'mark'}->{'ip'}) . \",";
-+$line .= "\"" . csv_safecell($item->{'mark'}->{'port'}) . "\",";
-
- $line .= "\"";
- if ($item->{'osvdb'} ne '') { $line .= "OSVDB-" . $item->{'osvdb'}; }
- $line .= "\",";
-
- $line .= "\"";
--if ($item->{'method'} ne '') { $line .= $item->{'method'}; }
-+if ($item->{'method'} ne '') { $line .=
csv_safecell($item->{'method'}); }
- $line .= "\",";
-
- $line .= "\"";
--if ($uri ne '') { $line .= $mark->{'root'} . $uri; }
-+ { $line .= csv_safecell($mark->{'root'}) . $uri; }
-+ else { $line .= csv_safecell($ur
- $line .= "\",";
-
--$item->{'message'} =~ s/"/\\"/g;
--$line .= "\"$item->{'message'}\"";
--pr
[yocto] [meta-security][PATCH] nikto: upgrade to 2.1.6
Source now on github.
Signed-off-by: Scott Ellis
---
recipes-security/nikto/files/CVE-2018-11652.patch | 106 ---
recipes-security/nikto/files/location.patch | 32 +++---
recipes-security/nikto/nikto_2.1.5.bb | 108
recipes-security/nikto/nikto_2.1.6.bb | 118 ++
4 files changed, 134 insertions(+), 230 deletions(-)
delete mode 100644 recipes-security/nikto/files/CVE-2018-11652.patch
delete mode 100644 recipes-security/nikto/nikto_2.1.5.bb
create mode 100644 recipes-security/nikto/nikto_2.1.6.bb
diff --git a/recipes-security/nikto/files/CVE-2018-11652.patch
b/recipes-security/nikto/files/CVE-2018-11652.patch
deleted file mode 100644
index 5ddb169..000
--- a/recipes-security/nikto/files/CVE-2018-11652.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-From e759b3300aace5314fe3d30800c8bd83c81c29f7 Mon Sep 17 00:00:00 2001
-From: sullo
-Date: Thu, 31 May 2018 23:30:03 -0400
-Subject: [PATCH] Fix CSV injection issue if server responds with a malicious
- Server string & CSV output is opened in Excel or other spreadsheet app.
- Potentially malicious cell start characters are now prefaced with a ' mark.
- Thanks to Adam (@bytesoverbombs) for letting me know!
-
-Also fixed a crash in the outdated plugin if the $sepr field ends up being
something that triggers a panic in split().
-
-CVE: CVE-2018-11652
-Upstream-Status: Backport
-Signed-off-by: Nagalakshmi Veeramallu
- plugins/nikto_outdated.plugin | 2 +-
- plugins/nikto_report_csv.plugin | 42 +
- 2 files changed, 31 insertions(+), 13 deletions(-)
-
-diff --git a/plugins/nikto_outdated.plugin b/plugins/nikto_outdated.plugin
-index 72379cc..eb1d889 100644
a/plugins/nikto_outdated.plugin
-+++ b/plugins/nikto_outdated.plugin
-@@ -83,7 +83,7 @@ sub nikto_outdated {
- $sepr = substr($sepr, (length($sepr) - 1), 1);
-
- # break up ID string on $sepr
--my @T = split(/$sepr/, $mark->{'banner'});
-+my @T = split(/\\$sepr/, $mark->{'banner'});
-
- # assume last is version...
- for ($i = 0 ; $i < $#T ; $i++) { $MATCHSTRING .= "$T[$i] "; }
-diff --git a/plugins/nikto_report_csv.plugin b/plugins/nikto_report_csv.plugin
-index d13acab..b942e78 100644
a/plugins/nikto_report_csv.plugin
-+++ b/plugins/nikto_report_csv.plugin
-@@ -52,10 +52,12 @@ sub csv_open {
- sub csv_host_start {
- my ($handle, $mark) = @_;
- $mark->{'banner'} =~ s/"/\\"/g;
--print OUT "\"$mark->{'hostname'}\","
-- . "\"$mark->{'ip'}\","
-- . "\"$mark->{'port'}\"," . "\"\"," . "\"\"," . "\"\","
-- . "\"$mark->{'banner'}\"\n";
-+print $handle "\"" . csv_safecell($hostname) . "\","
-+ . "\"" . csv_safecell($mark->{'ip'}) . "\","
-+ . "\"" . csv_safecell($mark->{'port'}) . "\"," . "\"\"," . "\"\"," .
"\"\","
-+ #. "\"" . $mark->{'banner'} . "\"\n";
-+ . "\"" . csv_safecell($mark->{'banner'}) . "\"\n";
-+
- return;
- }
-
-@@ -65,26 +67,42 @@ sub csv_item {
- my ($handle, $mark, $item) = @_;
- foreach my $uri (split(' ', $item->{'uri'})) {
- my $line = '';
--$line .= "\"$item->{'mark'}->{'hostname'}\",";
--$line .= "\"$item->{'mark'}->{'ip'}\",";
--$line .= "\"$item->{'mark'}->{'port'}\",";
-+$line .= "\"" . csv_safecell($hostname) . "\",";
-+$line .= "\"" . csv_safecell($item->{'mark'}->{'ip'}) . \",";
-+$line .= "\"" . csv_safecell($item->{'mark'}->{'port'}) . "\",";
-
- $line .= "\"";
- if ($item->{'osvdb'} ne '') { $line .= "OSVDB-" . $item->{'osvdb'}; }
- $line .= "\",";
-
- $line .= "\"";
--if ($item->{'method'} ne '') { $line .= $item->{'method'}; }
-+if ($item->{'method'} ne '') { $line .=
csv_safecell($item->{'method'}); }
- $line .= "\",";
-
- $line .= "\"";
--if ($uri ne '') { $line .= $mark->{'root'} . $uri; }
-+ { $line .= csv_safecell($mark->{'root'}) . $uri; }
-+ else { $line .= csv_safecell($ur
- $line .= "\",";
-
--$item->{'message'} =~ s/"/\\"/g;
--$line .= "\"$item->{'message'}\"";
--pr
[yocto] [meta-raspberrypi][PATCH] userland: Add bash to RDEPENDS
WARNING: userland-git-r5 do_package_qa: QA Issue: /usr/bin/dtoverlay-post
contained in package userland requires /bin/bash, but no providers found
in RDEPENDS_userland? [file-rdeps]
Signed-off-by: Scott Ellis <sc...@jumpnowtek.com>
---
recipes-graphics/userland/userland_git.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/recipes-graphics/userland/userland_git.bb
b/recipes-graphics/userland/userland_git.bb
index 6e73ca7..99cf02c 100644
--- a/recipes-graphics/userland/userland_git.bb
+++ b/recipes-graphics/userland/userland_git.bb
@@ -71,3 +71,5 @@ FILES_${PN}-doc += "${datadir}/install"
FILES_${PN}-dbg += "${libdir}/plugins/.debug"
PACKAGE_ARCH = "${MACHINE_ARCH}"
+
+RDEPENDS_${PN} += "bash"
--
2.7.4
--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] [PATCH][coreutils] Add attr build dependency
The 'something' would be 'xattr' PACKAGECONFIG[attr] = "--enable-xattr,--disable-xattr,attr," What should the default be? The acl option for coreutils looks in DISTRO_FEATURES. Should I do the same for this? "Khem Raj" <raj.k...@gmail.com> said: > Scott > > Thanks for patch. You might want to send into to oe-core mailing list. > >> On Jan 14, 2016, at 6:54 AM, Scott Ellis <sc...@jumpnowtek.com> wrote: >> >> Fixes this warning: >> >> WARNING: QA Issue: coreutils rdepends on libattr, but it isn't a build >> dependency? [build-deps] >> >> Signed-off-by: Scott Ellis <sc...@jumpnowtek.com> >> --- >> meta/recipes-core/coreutils/coreutils_8.24.bb | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/meta/recipes-core/coreutils/coreutils_8.24.bb >> b/meta/recipes-core/coreutils/coreutils_8.24.bb >> index f042346..47a25f3 100644 >> --- a/meta/recipes-core/coreutils/coreutils_8.24.bb >> +++ b/meta/recipes-core/coreutils/coreutils_8.24.bb >> @@ -7,7 +7,7 @@ BUGTRACKER = "http://debbugs.gnu.org/coreutils; >> LICENSE = "GPLv3+" >> LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504\ >> >> file://src/ls.c;beginline=5;endline=16;md5=38b79785ca88537b75871782a2a3c6b8" >> -DEPENDS = "gmp libcap" >> +DEPENDS = "attr gmp lib cap” > > while this fix is good. We can make this into a packageconfig knob > > PACKAGECONFIG[attr] = "--enable-something,--disable-something,attr," > >> DEPENDS_class-native = "" >> >> inherit autotools gettext texinfo >> -- >> 2.5.0 >> >> -- >> ___ >> yocto mailing list >> yocto@yoctoproject.org >> https://lists.yoctoproject.org/listinfo/yocto > > -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] [PATCH][coreutils] Add attr build dependency
Fixes this warning:
WARNING: QA Issue: coreutils rdepends on libattr, but it isn't a build
dependency? [build-deps]
Signed-off-by: Scott Ellis <sc...@jumpnowtek.com>
---
meta/recipes-core/coreutils/coreutils_8.24.bb | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-core/coreutils/coreutils_8.24.bb
b/meta/recipes-core/coreutils/coreutils_8.24.bb
index f042346..6a09c59 100644
--- a/meta/recipes-core/coreutils/coreutils_8.24.bb
+++ b/meta/recipes-core/coreutils/coreutils_8.24.bb
@@ -28,14 +28,19 @@ SRC_URI[manpages.sha256sum] =
"cf0333b5f134a331e0b46e2ddf90666f8bdc3281c1ca2c7cc
EXTRA_OECONF_class-native = "--without-gmp"
EXTRA_OECONF_class-target = "--enable-install-program=arch
--libexecdir=${libdir}"
-# acl is not a default feature
+# acl and xattr are not default features
#
-PACKAGECONFIG_class-target ??= "${@bb.utils.contains('DISTRO_FEATURES', 'acl',
'acl', '', d)}"
+PACKAGECONFIG_class-target ??= "\
+${@bb.utils.contains('DISTRO_FEATURES', 'acl', 'acl', '', d)} \
+${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'xattr', '', d)} \
+"
+
PACKAGECONFIG_class-native ??= ""
# with, without, depends, rdepends
#
PACKAGECONFIG[acl] = "--enable-acl,--disable-acl,acl,"
+PACKAGECONFIG[xattr] = "--enable-xattr,--disable-xattr,attr,"
# [ df mktemp base64 gets a special treatment and is not included in this
bindir_progs = "arch basename chcon cksum comm csplit cut dir dircolors
dirname du \
--
2.5.0
"Khem Raj" <raj.k...@gmail.com> said:
>
>> On Jan 15, 2016, at 7:15 AM, Scott Ellis <sc...@jumpnowtek.com> wrote:
>>
>> The 'something' would be 'xattr'
>>
>> PACKAGECONFIG[attr] = "--enable-xattr,--disable-xattr,attr,"
>>
>> What should the default be?
>>
>> The acl option for coreutils looks in DISTRO_FEATURES.
>>
>> Should I do the same for this?
>
> if it depends on some DISTRO_FEATURE then definitely yes. Otherwise define the
> packageconfig
> and then weakly assign a default with ??=
>
>>
>> "Khem Raj" <raj.k...@gmail.com> said:
>>
>>> Scott
>>>
>>> Thanks for patch. You might want to send into to oe-core mailing list.
>>>
>>>> On Jan 14, 2016, at 6:54 AM, Scott Ellis <sc...@jumpnowtek.com> wrote:
>>>>
>>>> Fixes this warning:
>>>>
>>>> WARNING: QA Issue: coreutils rdepends on libattr, but it isn't a build
>>>> dependency? [build-deps]
>>>>
>>>> Signed-off-by: Scott Ellis <sc...@jumpnowtek.com>
>>>> ---
>>>> meta/recipes-core/coreutils/coreutils_8.24.bb | 2 +-
>>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>>
>>>> diff --git a/meta/recipes-core/coreutils/coreutils_8.24.bb
>>>> b/meta/recipes-core/coreutils/coreutils_8.24.bb
>>>> index f042346..47a25f3 100644
>>>> --- a/meta/recipes-core/coreutils/coreutils_8.24.bb
>>>> +++ b/meta/recipes-core/coreutils/coreutils_8.24.bb
>>>> @@ -7,7 +7,7 @@ BUGTRACKER = "http://debbugs.gnu.org/coreutils;
>>>> LICENSE = "GPLv3+"
>>>> LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504\
>>>>
>>>> file://src/ls.c;beginline=5;endline=16;md5=38b79785ca88537b75871782a2a3c6b8"
>>>> -DEPENDS = "gmp libcap"
>>>> +DEPENDS = "attr gmp lib cap”
>>>
>>> while this fix is good. We can make this into a packageconfig knob
>>>
>>> PACKAGECONFIG[attr] = "--enable-something,--disable-something,attr,"
>>>
>>>> DEPENDS_class-native = ""
>>>>
>>>> inherit autotools gettext texinfo
>>>> --
>>>> 2.5.0
>>>>
>>>> --
>>>> ___
>>>> yocto mailing list
>>>> yocto@yoctoproject.org
>>>> https://lists.yoctoproject.org/listinfo/yocto
>>>
>>>
>>
>>
>> --
>> ___
>> yocto mailing list
>> yocto@yoctoproject.org
>> https://lists.yoctoproject.org/listinfo/yocto
>
>
--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
[yocto] [PATCH][coreutils] Add attr build dependency
Fixes this warning: WARNING: QA Issue: coreutils rdepends on libattr, but it isn't a build dependency? [build-deps] Signed-off-by: Scott Ellis <sc...@jumpnowtek.com> --- meta/recipes-core/coreutils/coreutils_8.24.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-core/coreutils/coreutils_8.24.bb b/meta/recipes-core/coreutils/coreutils_8.24.bb index f042346..47a25f3 100644 --- a/meta/recipes-core/coreutils/coreutils_8.24.bb +++ b/meta/recipes-core/coreutils/coreutils_8.24.bb @@ -7,7 +7,7 @@ BUGTRACKER = "http://debbugs.gnu.org/coreutils; LICENSE = "GPLv3+" LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504\ file://src/ls.c;beginline=5;endline=16;md5=38b79785ca88537b75871782a2a3c6b8" -DEPENDS = "gmp libcap" +DEPENDS = "attr gmp libcap" DEPENDS_class-native = "" inherit autotools gettext texinfo -- 2.5.0 -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
