summaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-security
diff options
context:
space:
mode:
Diffstat (limited to 'meta-oe/recipes-security')
-rw-r--r--meta-oe/recipes-security/audit/audit/0001-Fixed-swig-host-contamination-issue.patch13
-rw-r--r--meta-oe/recipes-security/audit/audit/0001-Replace-__attribute_malloc__-with-__attribute__-__ma.patch49
-rw-r--r--meta-oe/recipes-security/audit/audit/audit-volatile.conf1
-rw-r--r--meta-oe/recipes-security/audit/audit_4.0.5.bb (renamed from meta-oe/recipes-security/audit/audit_4.0.1.bb)26
-rw-r--r--meta-oe/recipes-security/bubblewrap/bubblewrap/0001-Use-stdbool.h-for-booleans.patch633
-rw-r--r--meta-oe/recipes-security/bubblewrap/bubblewrap_0.10.0.bb (renamed from meta-oe/recipes-security/bubblewrap/bubblewrap_0.8.0.bb)7
-rw-r--r--meta-oe/recipes-security/kernel-hardening-checker/kernel-hardening-checker_0.6.10.bb34
-rw-r--r--meta-oe/recipes-security/keyutils/keyutils_1.6.3.bb1
-rw-r--r--meta-oe/recipes-security/nmap/files/0001-Make-ndiff-support-python3.patch1720
-rw-r--r--meta-oe/recipes-security/nmap/files/0001-configure.ac-make-ndiff-depend-on-python3.patch48
-rw-r--r--meta-oe/recipes-security/nmap/files/0001-fix-racing-between-build-ncat-and-build-lua.patch55
-rw-r--r--meta-oe/recipes-security/nmap/files/0003-Fix-off-by-one-overflow-in-the-IP-protocol-table.patch165
-rw-r--r--meta-oe/recipes-security/nmap/files/nmap-redefine-the-python-library-dir.patch16
-rw-r--r--meta-oe/recipes-security/nmap/files/nmap-replace-shtool-mkdir-with-coreutils-mkdir-command.patch20
-rw-r--r--meta-oe/recipes-security/nmap/nmap-7.92/0001-redefine-the-python-library-install-dir.patch31
-rw-r--r--meta-oe/recipes-security/nmap/nmap-7.92/0002-replace-.-shtool-mkdir-with-coreutils-mkdir-command.patch38
-rw-r--r--meta-oe/recipes-security/nmap/nmap-7.92/0003-Include-time.h-header-to-pass-clang-compilation.patch76
-rw-r--r--meta-oe/recipes-security/nmap/nmap-7.92/0004-Fix-building-with-libc.patch79
-rw-r--r--meta-oe/recipes-security/nmap/nmap-7.92/0005-fix-racing-between-build-ncat-and-build-lua.patch55
-rw-r--r--meta-oe/recipes-security/nmap/nmap-7.92/0006-Fix-build-with-libpcap-1.10.5.patch47
-rw-r--r--meta-oe/recipes-security/nmap/nmap_7.92.bb66
-rw-r--r--meta-oe/recipes-security/nmap/nmap_7.95.bb (renamed from meta-oe/recipes-security/nmap/nmap_7.80.bb)20
-rw-r--r--meta-oe/recipes-security/softhsm/files/0002-Prevent-accessing-of-global-c-objects-once-they-are-.patch672
-rw-r--r--meta-oe/recipes-security/softhsm/softhsm_2.6.1.bb1
-rw-r--r--meta-oe/recipes-security/spectre-meltdown-checker/spectre-meltdown-checker_0.46.bb34
-rw-r--r--meta-oe/recipes-security/tomoyo-tools/tomoyo-tools_2.6.1.bb2
-rw-r--r--meta-oe/recipes-security/usbguard/usbguard/0001-Adapt-for-protobuf-30.0-API-changes.patch89
-rw-r--r--meta-oe/recipes-security/usbguard/usbguard/0001-include-missing-cstdint.patch45
-rw-r--r--meta-oe/recipes-security/usbguard/usbguard_1.1.3.bb (renamed from meta-oe/recipes-security/usbguard/usbguard_1.1.2.bb)9
29 files changed, 2119 insertions, 1933 deletions
diff --git a/meta-oe/recipes-security/audit/audit/0001-Fixed-swig-host-contamination-issue.patch b/meta-oe/recipes-security/audit/audit/0001-Fixed-swig-host-contamination-issue.patch
index f2755d5c08..f37fbf63a7 100644
--- a/meta-oe/recipes-security/audit/audit/0001-Fixed-swig-host-contamination-issue.patch
+++ b/meta-oe/recipes-security/audit/audit/0001-Fixed-swig-host-contamination-issue.patch
@@ -1,4 +1,4 @@
1From 5cdc667aeb7a014cdc1f8c7df8f8080408773dbe Mon Sep 17 00:00:00 2001 1From 4f78fcb8728cd4bf31175b3fa610a5c003e915d1 Mon Sep 17 00:00:00 2001
2From: Li xin <lixin.fnst@cn.fujitsu.com> 2From: Li xin <lixin.fnst@cn.fujitsu.com>
3Date: Sun, 19 Jul 2015 02:42:58 +0900 3Date: Sun, 19 Jul 2015 02:42:58 +0900
4Subject: [PATCH] Fixed swig host contamination issue 4Subject: [PATCH] Fixed swig host contamination issue
@@ -19,7 +19,7 @@ Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
19 2 files changed, 3 insertions(+), 2 deletions(-) 19 2 files changed, 3 insertions(+), 2 deletions(-)
20 20
21diff --git a/bindings/swig/python3/Makefile.am b/bindings/swig/python3/Makefile.am 21diff --git a/bindings/swig/python3/Makefile.am b/bindings/swig/python3/Makefile.am
22index c2c6def4..bcc2836c 100644 22index 428e40fa..f4dd45bc 100644
23--- a/bindings/swig/python3/Makefile.am 23--- a/bindings/swig/python3/Makefile.am
24+++ b/bindings/swig/python3/Makefile.am 24+++ b/bindings/swig/python3/Makefile.am
25@@ -23,6 +23,7 @@ 25@@ -23,6 +23,7 @@
@@ -30,7 +30,7 @@ index c2c6def4..bcc2836c 100644
30 LIBS = $(top_builddir)/lib/libaudit.la 30 LIBS = $(top_builddir)/lib/libaudit.la
31 SWIG_FLAGS = -python 31 SWIG_FLAGS = -python
32 SWIG_INCLUDES = -I. -I$(top_builddir) -I${top_srcdir}/lib $(PYTHON3_INCLUDES) 32 SWIG_INCLUDES = -I. -I$(top_builddir) -I${top_srcdir}/lib $(PYTHON3_INCLUDES)
33@@ -37,7 +38,7 @@ _audit_la_DEPENDENCIES =${top_srcdir}/lib/audit_logging.h ${top_builddir}/lib/li 33@@ -35,7 +36,7 @@ _audit_la_DEPENDENCIES =${top_srcdir}/lib/audit_logging.h ${top_builddir}/lib/li
34 _audit_la_LIBADD = ${top_builddir}/lib/libaudit.la 34 _audit_la_LIBADD = ${top_builddir}/lib/libaudit.la
35 nodist__audit_la_SOURCES = audit_wrap.c 35 nodist__audit_la_SOURCES = audit_wrap.c
36 audit.py audit_wrap.c: ${srcdir}/../src/auditswig.i 36 audit.py audit_wrap.c: ${srcdir}/../src/auditswig.i
@@ -40,10 +40,10 @@ index c2c6def4..bcc2836c 100644
40 CLEANFILES = audit.py* audit_wrap.c *~ 40 CLEANFILES = audit.py* audit_wrap.c *~
41 41
42diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i 42diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i
43index 6b267844..5a4e442f 100644 43index 2760e516..5d0ea8b6 100644
44--- a/bindings/swig/src/auditswig.i 44--- a/bindings/swig/src/auditswig.i
45+++ b/bindings/swig/src/auditswig.i 45+++ b/bindings/swig/src/auditswig.i
46@@ -50,7 +50,7 @@ typedef unsigned uid_t; 46@@ -52,7 +52,7 @@ typedef unsigned uid_t;
47 */ 47 */
48 %ignore audit_rule_data::buf; 48 %ignore audit_rule_data::buf;
49 49
@@ -52,6 +52,3 @@ index 6b267844..5a4e442f 100644
52 #define __extension__ /*nothing*/ 52 #define __extension__ /*nothing*/
53 %include <stdint.i> 53 %include <stdint.i>
54 %include "../lib/audit-records.h" 54 %include "../lib/audit-records.h"
55--
562.25.1
57
diff --git a/meta-oe/recipes-security/audit/audit/0001-Replace-__attribute_malloc__-with-__attribute__-__ma.patch b/meta-oe/recipes-security/audit/audit/0001-Replace-__attribute_malloc__-with-__attribute__-__ma.patch
deleted file mode 100644
index b1f324f22d..0000000000
--- a/meta-oe/recipes-security/audit/audit/0001-Replace-__attribute_malloc__-with-__attribute__-__ma.patch
+++ /dev/null
@@ -1,49 +0,0 @@
1From 88c9b2c5cebebf13f90890baebbadc60d9fe8d16 Mon Sep 17 00:00:00 2001
2From: Khem Raj <raj.khem@gmail.com>
3Date: Tue, 9 Aug 2022 23:57:03 -0700
4Subject: [PATCH] Replace __attribute_malloc__ with __attribute__((__malloc__))
5
6__attribute_malloc__ is not available on musl
7
8Fixes
9| ../../git/auparse/auparse.h:54:2: error: expected function body after function declarator
10| __attribute_malloc__ __attr_dealloc (auparse_destroy, 1);
11| ^
12
13Upstream-Status: Pending
14
15Signed-off-by: Khem Raj <raj.khem@gmail.com>
16---
17 audisp/plugins/remote/queue.h | 2 +-
18 auparse/auparse.h | 2 +-
19 2 files changed, 2 insertions(+), 2 deletions(-)
20
21diff --git a/audisp/plugins/remote/queue.h b/audisp/plugins/remote/queue.h
22index 36b70d04..031507dc 100644
23--- a/audisp/plugins/remote/queue.h
24+++ b/audisp/plugins/remote/queue.h
25@@ -53,7 +53,7 @@ void q_close(struct queue *q);
26 * On error, return NULL and set errno. */
27 struct queue *q_open(int q_flags, const char *path, size_t num_entries,
28 size_t entry_size)
29- __attribute_malloc__ __attr_dealloc (q_close, 1) __wur;
30+ __attribute__((__malloc__)) __attr_dealloc (q_close, 1) __wur;
31
32 /* Add DATA to tail of Q. Return 0 on success, -1 on error and set errno. */
33 int q_append(struct queue *q, const char *data);
34diff --git a/auparse/auparse.h b/auparse/auparse.h
35index c27f1ff9..87c52965 100644
36--- a/auparse/auparse.h
37+++ b/auparse/auparse.h
38@@ -55,7 +55,7 @@ typedef void (*auparse_callback_ptr)(auparse_state_t *au,
39 void auparse_destroy(auparse_state_t *au);
40 void auparse_destroy_ext(auparse_state_t *au, auparse_destroy_what_t what);
41 auparse_state_t *auparse_init(ausource_t source, const void *b)
42- __attribute_malloc__ __attr_dealloc (auparse_destroy, 1);
43+ __attribute__((__malloc__)) __attr_dealloc (auparse_destroy, 1);
44 int auparse_new_buffer(auparse_state_t *au, const char *data, size_t data_len)
45 __attr_access ((__read_only__, 2, 3));
46 int auparse_feed(auparse_state_t *au, const char *data, size_t data_len)
47--
482.25.1
49
diff --git a/meta-oe/recipes-security/audit/audit/audit-volatile.conf b/meta-oe/recipes-security/audit/audit/audit-volatile.conf
deleted file mode 100644
index 9cbe1547a3..0000000000
--- a/meta-oe/recipes-security/audit/audit/audit-volatile.conf
+++ /dev/null
@@ -1 +0,0 @@
1d /var/log/audit 0750 root root -
diff --git a/meta-oe/recipes-security/audit/audit_4.0.1.bb b/meta-oe/recipes-security/audit/audit_4.0.5.bb
index a37ae3bb84..58100b206d 100644
--- a/meta-oe/recipes-security/audit/audit_4.0.1.bb
+++ b/meta-oe/recipes-security/audit/audit_4.0.5.bb
@@ -10,13 +10,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
10SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=master;protocol=https \ 10SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=master;protocol=https \
11 file://0001-Fixed-swig-host-contamination-issue.patch \ 11 file://0001-Fixed-swig-host-contamination-issue.patch \
12 file://auditd \ 12 file://auditd \
13 file://audit-volatile.conf \
14 " 13 "
15 14
16SRC_URI:append:libc-musl = " file://0001-Replace-__attribute_malloc__-with-__attribute__-__ma.patch" 15SRCREV = "97c4ec3d68b5b199f2796d1e126c2144506bd228"
17
18S = "${WORKDIR}/git"
19SRCREV = "22ccbd984e493524050ac445f796e9a7e90e1149"
20 16
21inherit autotools python3targetconfig update-rc.d systemd 17inherit autotools python3targetconfig update-rc.d systemd
22 18
@@ -35,6 +31,7 @@ EXTRA_OECONF = " \
35 --with-python3 \ 31 --with-python3 \
36 --with-arm \ 32 --with-arm \
37 --with-aarch64 \ 33 --with-aarch64 \
34 --with-riscv \
38 --without-golang \ 35 --without-golang \
39 --disable-gssapi-krb5 \ 36 --disable-gssapi-krb5 \
40 --disable-zos-remote \ 37 --disable-zos-remote \
@@ -59,7 +56,9 @@ PACKAGES =+ "audispd-plugins"
59PACKAGES += "auditd ${PN}-python" 56PACKAGES += "auditd ${PN}-python"
60 57
61FILES:${PN} = "${sysconfdir}/libaudit.conf ${libdir}/libau*.so.*" 58FILES:${PN} = "${sysconfdir}/libaudit.conf ${libdir}/libau*.so.*"
62FILES:auditd = "${bindir}/* ${base_sbindir}/* ${sysconfdir}/* ${datadir}/audit-rules/* ${libexecdir}/*" 59FILES:auditd = "${bindir}/* ${base_sbindir}/* ${sysconfdir}/* \
60 ${datadir}/audit-rules/* ${libexecdir}/* \
61 ${nonarch_libdir}/tmpfiles.d/*.conf"
63FILES:audispd-plugins = "${sysconfdir}/audit/audisp-remote.conf \ 62FILES:audispd-plugins = "${sysconfdir}/audit/audisp-remote.conf \
64 ${sysconfdir}/audit/plugins.d/au-remote.conf \ 63 ${sysconfdir}/audit/plugins.d/au-remote.conf \
65 ${sysconfdir}/audit/plugins.d/syslog.conf \ 64 ${sysconfdir}/audit/plugins.d/syslog.conf \
@@ -89,15 +88,20 @@ do_install:append() {
89 # Based on the audit.spec "Copy default rules into place on new installation" 88 # Based on the audit.spec "Copy default rules into place on new installation"
90 install -m 0640 ${D}/etc/audit/rules.d/audit.rules ${D}/etc/audit/audit.rules 89 install -m 0640 ${D}/etc/audit/rules.d/audit.rules ${D}/etc/audit/audit.rules
91 90
92 if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then 91 if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then
93 install -D -m 0644 ${WORKDIR}/audit-volatile.conf ${D}${sysconfdir}/tmpfiles.d/audit.conf 92 install -D -m 0755 ${UNPACKDIR}/auditd ${D}/etc/init.d/auditd
94 fi 93 fi
95 94
96 if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then 95 if ! ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
97 install -D -m 0755 ${WORKDIR}/auditd ${D}/etc/init.d/auditd 96 rm -rf ${D}${nonarch_libdir}/systemd
98 rm -rf ${D}${libdir}/systemd 97 rm -rf ${D}${nonarch_libdir}/tmpfiles.d
98
99 # Remove empty directory when enable multilib
100 rmdir --ignore-fail-on-non-empty ${D}${nonarch_libdir}
99 fi 101 fi
100 102
101 # Create /var/spool/audit directory for audisp-remote 103 # Create /var/spool/audit directory for audisp-remote
102 install -d -m 0700 ${D}${localstatedir}/spool/audit 104 install -d -m 0700 ${D}${localstatedir}/spool/audit
103} 105}
106
107CVE_PRODUCT = "linux:audit"
diff --git a/meta-oe/recipes-security/bubblewrap/bubblewrap/0001-Use-stdbool.h-for-booleans.patch b/meta-oe/recipes-security/bubblewrap/bubblewrap/0001-Use-stdbool.h-for-booleans.patch
new file mode 100644
index 0000000000..2566314ce3
--- /dev/null
+++ b/meta-oe/recipes-security/bubblewrap/bubblewrap/0001-Use-stdbool.h-for-booleans.patch
@@ -0,0 +1,633 @@
1From 4572dd9378c876349e02403cf7f6031c45281f85 Mon Sep 17 00:00:00 2001
2From: "Simon McVittie" <smcv@collabora.com>
3Date: Tue, 8 Apr 2025 16:29:18 +0900
4Subject: [PATCH] Use stdbool.h for booleans
5
6* backport fix from:
7 https://github.com/containers/bubblewrap/pull/660
8 But patch rework for this version.
9 In gcc 15, bool became a reserved keyword in C23, causing conflicts with our custom bool definition.
10
11 See also, https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=55e3bd376b2214e200fa76d12b67ff259b06c212
12
13* to fix:
14 http://errors.yoctoproject.org/Errors/Details/851183/
15 ../bubblewrap-0.10.0/utils.h:46:13: error: 'bool' cannot be defined via 'typedef'
16 46 | typedef int bool;
17 | ^~~~
18
19Upstream-Status: Backport [https://github.com/containers/bubblewrap/pull/660]
20Signed-off-by: mark.yang <mark.yang@lge.com>
21---
22 bind-mount.c | 20 ++++----
23 bubblewrap.c | 134 +++++++++++++++++++++++++--------------------------
24 utils.c | 16 +++---
25 utils.h | 5 +-
26 4 files changed, 86 insertions(+), 89 deletions(-)
27
28diff --git a/bind-mount.c b/bind-mount.c
29index 2757cae..bf7f68d 100644
30--- a/bind-mount.c
31+++ b/bind-mount.c
32@@ -76,7 +76,7 @@ match_token (const char *token, const char *token_end, const char *str)
33 if (token == token_end)
34 return *str == 0;
35
36- return FALSE;
37+ return false;
38 }
39
40 static unsigned long
41@@ -281,12 +281,12 @@ parse_mountinfo (int proc_fd,
42 die ("Can't parse mountinfo line");
43 rest = line + consumed;
44
45- rest = skip_token (rest, TRUE); /* mountroot */
46+ rest = skip_token (rest, true); /* mountroot */
47 mountpoint = rest;
48- rest = skip_token (rest, FALSE); /* mountpoint */
49+ rest = skip_token (rest, false); /* mountpoint */
50 mountpoint_end = rest++;
51 options = rest;
52- rest = skip_token (rest, FALSE); /* vfs options */
53+ rest = skip_token (rest, false); /* vfs options */
54 options_end = rest;
55
56 *mountpoint_end = 0;
57@@ -324,7 +324,7 @@ parse_mountinfo (int proc_fd,
58 MountInfoLine *parent = by_id[this->parent_id];
59 MountInfoLine **to_sibling;
60 MountInfoLine *sibling;
61- bool covered = FALSE;
62+ bool covered = false;
63
64 if (!has_path_prefix (this->mountpoint, root_mount))
65 continue;
66@@ -333,7 +333,7 @@ parse_mountinfo (int proc_fd,
67 continue;
68
69 if (strcmp (parent->mountpoint, this->mountpoint) == 0)
70- parent->covered = TRUE;
71+ parent->covered = true;
72
73 to_sibling = &parent->first_child;
74 sibling = parent->first_child;
75@@ -344,7 +344,7 @@ parse_mountinfo (int proc_fd,
76 * covered by the sibling, and we drop it. */
77 if (has_path_prefix (this->mountpoint, sibling->mountpoint))
78 {
79- covered = TRUE;
80+ covered = true;
81 break;
82 }
83
84@@ -499,7 +499,7 @@ bind_mount_result_to_string (bind_mount_result res,
85 bool *want_errno_p)
86 {
87 char *string = NULL;
88- bool want_errno = TRUE;
89+ bool want_errno = true;
90
91 switch (res)
92 {
93@@ -521,7 +521,7 @@ bind_mount_result_to_string (bind_mount_result res,
94
95 case BIND_MOUNT_ERROR_FIND_DEST_MOUNT:
96 string = xasprintf ("Unable to find \"%s\" in mount table", failing_path);
97- want_errno = FALSE;
98+ want_errno = false;
99 break;
100
101 case BIND_MOUNT_ERROR_REMOUNT_DEST:
102@@ -557,7 +557,7 @@ die_with_bind_result (bind_mount_result res,
103 ...)
104 {
105 va_list args;
106- bool want_errno = TRUE;
107+ bool want_errno = true;
108 char *message;
109
110 fprintf (stderr, "bwrap: ");
111diff --git a/bubblewrap.c b/bubblewrap.c
112index bc75da4..1504449 100644
113--- a/bubblewrap.c
114+++ b/bubblewrap.c
115@@ -74,19 +74,19 @@ static bool opt_as_pid_1;
116
117 static const char *opt_argv0 = NULL;
118 static const char *opt_chdir_path = NULL;
119-static bool opt_assert_userns_disabled = FALSE;
120-static bool opt_disable_userns = FALSE;
121-static bool opt_unshare_user = FALSE;
122-static bool opt_unshare_user_try = FALSE;
123-static bool opt_unshare_pid = FALSE;
124-static bool opt_unshare_ipc = FALSE;
125-static bool opt_unshare_net = FALSE;
126-static bool opt_unshare_uts = FALSE;
127-static bool opt_unshare_cgroup = FALSE;
128-static bool opt_unshare_cgroup_try = FALSE;
129-static bool opt_needs_devpts = FALSE;
130-static bool opt_new_session = FALSE;
131-static bool opt_die_with_parent = FALSE;
132+static bool opt_assert_userns_disabled = false;
133+static bool opt_disable_userns = false;
134+static bool opt_unshare_user = false;
135+static bool opt_unshare_user_try = false;
136+static bool opt_unshare_pid = false;
137+static bool opt_unshare_ipc = false;
138+static bool opt_unshare_net = false;
139+static bool opt_unshare_uts = false;
140+static bool opt_unshare_cgroup = false;
141+static bool opt_unshare_cgroup_try = false;
142+static bool opt_needs_devpts = false;
143+static bool opt_new_session = false;
144+static bool opt_die_with_parent = false;
145 static uid_t opt_sandbox_uid = -1;
146 static gid_t opt_sandbox_gid = -1;
147 static int opt_sync_fd = -1;
148@@ -476,7 +476,7 @@ report_child_exit_status (int exitc, int setup_finished_fd)
149 return;
150
151 output = xasprintf ("{ \"exit-code\": %i }\n", exitc);
152- dump_info (opt_json_status_fd, output, FALSE);
153+ dump_info (opt_json_status_fd, output, false);
154 close (opt_json_status_fd);
155 opt_json_status_fd = -1;
156 close (setup_finished_fd);
157@@ -621,7 +621,7 @@ do_init (int event_fd, pid_t initial_pid)
158
159 seccomp_programs_apply ();
160
161- while (TRUE)
162+ while (true)
163 {
164 pid_t child;
165 int status;
166@@ -765,16 +765,16 @@ prctl_caps (uint32_t *caps, bool do_cap_bounding, bool do_set_ambient)
167 */
168 for (cap = 0; cap <= CAP_LAST_CAP; cap++)
169 {
170- bool keep = FALSE;
171+ bool keep = false;
172 if (cap < 32)
173 {
174 if (CAP_TO_MASK_0 (cap) & caps[0])
175- keep = TRUE;
176+ keep = true;
177 }
178 else
179 {
180 if (CAP_TO_MASK_1 (cap) & caps[1])
181- keep = TRUE;
182+ keep = true;
183 }
184
185 if (keep && do_set_ambient)
186@@ -803,11 +803,11 @@ static void
187 drop_cap_bounding_set (bool drop_all)
188 {
189 if (!drop_all)
190- prctl_caps (requested_caps, TRUE, FALSE);
191+ prctl_caps (requested_caps, true, false);
192 else
193 {
194 uint32_t no_caps[2] = {0, 0};
195- prctl_caps (no_caps, TRUE, FALSE);
196+ prctl_caps (no_caps, true, false);
197 }
198 }
199
200@@ -816,7 +816,7 @@ set_ambient_capabilities (void)
201 {
202 if (is_privileged)
203 return;
204- prctl_caps (requested_caps, FALSE, TRUE);
205+ prctl_caps (requested_caps, false, true);
206 }
207
208 /* This acquires the privileges that the bwrap will need it to work.
209@@ -846,7 +846,7 @@ acquire_privs (void)
210 if (euid != 0)
211 die ("Unexpected setuid user %d, should be 0", euid);
212
213- is_privileged = TRUE;
214+ is_privileged = true;
215 /* We want to keep running as euid=0 until at the clone()
216 * operation because doing so will make the user namespace be
217 * owned by root, which makes it not ptrace:able by the user as
218@@ -867,7 +867,7 @@ acquire_privs (void)
219 die ("Unable to set fsuid (was %d)", (int)new_fsuid);
220
221 /* We never need capabilities after execve(), so lets drop everything from the bounding set */
222- drop_cap_bounding_set (TRUE);
223+ drop_cap_bounding_set (true);
224
225 /* Keep only the required capabilities for setup */
226 set_required_caps ();
227@@ -904,7 +904,7 @@ switch_to_user_with_privs (void)
228 {
229 /* If we're in a new user namespace, we got back the bounding set, clear it again */
230 if (opt_unshare_user || opt_userns_fd != -1)
231- drop_cap_bounding_set (FALSE);
232+ drop_cap_bounding_set (false);
233
234 /* If we switched to a new user namespace it may allow other uids/gids, so switch to the target one */
235 if (opt_userns_fd != -1)
236@@ -1211,7 +1211,7 @@ setup_newroot (bool unshare_pid,
237 parent_mode &= ~0005U;
238
239 dest = get_newroot_path (op->dest);
240- if (mkdir_with_parents (dest, parent_mode, FALSE) != 0)
241+ if (mkdir_with_parents (dest, parent_mode, false) != 0)
242 die_with_error ("Can't mkdir parents for %s", op->dest);
243 }
244
245@@ -1761,7 +1761,7 @@ parse_args_recurse (int *argcp,
246 }
247
248 data_argv_copy = data_argv; /* Don't change data_argv, we need to free it */
249- parse_args_recurse (&data_argc, &data_argv_copy, TRUE, total_parsed_argc_p);
250+ parse_args_recurse (&data_argc, &data_argv_copy, true, total_parsed_argc_p);
251
252 argv += 1;
253 argc -= 1;
254@@ -1786,45 +1786,45 @@ parse_args_recurse (int *argcp,
255 */
256 opt_unshare_user_try = opt_unshare_ipc = opt_unshare_pid =
257 opt_unshare_uts = opt_unshare_cgroup_try =
258- opt_unshare_net = TRUE;
259+ opt_unshare_net = true;
260 }
261 /* Begin here the older individual --unshare variants */
262 else if (strcmp (arg, "--unshare-user") == 0)
263 {
264- opt_unshare_user = TRUE;
265+ opt_unshare_user = true;
266 }
267 else if (strcmp (arg, "--unshare-user-try") == 0)
268 {
269- opt_unshare_user_try = TRUE;
270+ opt_unshare_user_try = true;
271 }
272 else if (strcmp (arg, "--unshare-ipc") == 0)
273 {
274- opt_unshare_ipc = TRUE;
275+ opt_unshare_ipc = true;
276 }
277 else if (strcmp (arg, "--unshare-pid") == 0)
278 {
279- opt_unshare_pid = TRUE;
280+ opt_unshare_pid = true;
281 }
282 else if (strcmp (arg, "--unshare-net") == 0)
283 {
284- opt_unshare_net = TRUE;
285+ opt_unshare_net = true;
286 }
287 else if (strcmp (arg, "--unshare-uts") == 0)
288 {
289- opt_unshare_uts = TRUE;
290+ opt_unshare_uts = true;
291 }
292 else if (strcmp (arg, "--unshare-cgroup") == 0)
293 {
294- opt_unshare_cgroup = TRUE;
295+ opt_unshare_cgroup = true;
296 }
297 else if (strcmp (arg, "--unshare-cgroup-try") == 0)
298 {
299- opt_unshare_cgroup_try = TRUE;
300+ opt_unshare_cgroup_try = true;
301 }
302 /* Begin here the newer --share variants */
303 else if (strcmp (arg, "--share-net") == 0)
304 {
305- opt_unshare_net = FALSE;
306+ opt_unshare_net = false;
307 }
308 /* End --share variants, other arguments begin */
309 else if (strcmp (arg, "--chdir") == 0)
310@@ -1841,11 +1841,11 @@ parse_args_recurse (int *argcp,
311 }
312 else if (strcmp (arg, "--disable-userns") == 0)
313 {
314- opt_disable_userns = TRUE;
315+ opt_disable_userns = true;
316 }
317 else if (strcmp (arg, "--assert-userns-disabled") == 0)
318 {
319- opt_assert_userns_disabled = TRUE;
320+ opt_assert_userns_disabled = true;
321 }
322 else if (strcmp (arg, "--remount-ro") == 0)
323 {
324@@ -1975,7 +1975,7 @@ parse_args_recurse (int *argcp,
325
326 op = setup_op_new (SETUP_MOUNT_DEV);
327 op->dest = argv[1];
328- opt_needs_devpts = TRUE;
329+ opt_needs_devpts = true;
330
331 argv += 1;
332 argc -= 1;
333@@ -2425,15 +2425,15 @@ parse_args_recurse (int *argcp,
334 }
335 else if (strcmp (arg, "--new-session") == 0)
336 {
337- opt_new_session = TRUE;
338+ opt_new_session = true;
339 }
340 else if (strcmp (arg, "--die-with-parent") == 0)
341 {
342- opt_die_with_parent = TRUE;
343+ opt_die_with_parent = true;
344 }
345 else if (strcmp (arg, "--as-pid-1") == 0)
346 {
347- opt_as_pid_1 = TRUE;
348+ opt_as_pid_1 = true;
349 }
350 else if (strcmp (arg, "--cap-add") == 0)
351 {
352@@ -2441,7 +2441,7 @@ parse_args_recurse (int *argcp,
353 if (argc < 2)
354 die ("--cap-add takes an argument");
355
356- opt_cap_add_or_drop_used = TRUE;
357+ opt_cap_add_or_drop_used = true;
358
359 if (strcasecmp (argv[1], "ALL") == 0)
360 {
361@@ -2467,7 +2467,7 @@ parse_args_recurse (int *argcp,
362 if (argc < 2)
363 die ("--cap-drop takes an argument");
364
365- opt_cap_add_or_drop_used = TRUE;
366+ opt_cap_add_or_drop_used = true;
367
368 if (strcasecmp (argv[1], "ALL") == 0)
369 {
370@@ -2610,7 +2610,7 @@ parse_args (int *argcp,
371 {
372 int total_parsed_argc = *argcp;
373
374- parse_args_recurse (argcp, argvp, FALSE, &total_parsed_argc);
375+ parse_args_recurse (argcp, argvp, false, &total_parsed_argc);
376 }
377
378 static void
379@@ -2656,7 +2656,7 @@ namespace_ids_read (pid_t pid)
380 int r;
381
382 /* if we don't unshare this ns, ignore it */
383- if (do_unshare && *do_unshare == FALSE)
384+ if (do_unshare && *do_unshare == false)
385 continue;
386
387 r = fstatat (ns_fd, info->name, &st, 0);
388@@ -2691,7 +2691,7 @@ namespace_ids_write (int fd,
389 output = xasprintf (",%s\"%s-namespace\": %ju",
390 indent, info->name, nsid);
391
392- dump_info (fd, output, TRUE);
393+ dump_info (fd, output, true);
394 }
395 }
396
397@@ -2799,18 +2799,18 @@ main (int argc,
398 /* We have to do this if we weren't installed setuid (and we're not
399 * root), so let's just DWIM */
400 if (!is_privileged && getuid () != 0 && opt_userns_fd == -1)
401- opt_unshare_user = TRUE;
402+ opt_unshare_user = true;
403
404 #ifdef ENABLE_REQUIRE_USERNS
405 /* In this build option, we require userns. */
406 if (is_privileged && getuid () != 0 && opt_userns_fd == -1)
407- opt_unshare_user = TRUE;
408+ opt_unshare_user = true;
409 #endif
410
411 if (opt_unshare_user_try &&
412 stat ("/proc/self/ns/user", &sbuf) == 0)
413 {
414- bool disabled = FALSE;
415+ bool disabled = false;
416
417 /* RHEL7 has a kernel module parameter that lets you enable user namespaces */
418 if (stat ("/sys/module/user_namespace/parameters/enable", &sbuf) == 0)
419@@ -2818,7 +2818,7 @@ main (int argc,
420 cleanup_free char *enable = NULL;
421 enable = load_file_at (AT_FDCWD, "/sys/module/user_namespace/parameters/enable");
422 if (enable != NULL && enable[0] == 'N')
423- disabled = TRUE;
424+ disabled = true;
425 }
426
427 /* Check for max_user_namespaces */
428@@ -2827,7 +2827,7 @@ main (int argc,
429 cleanup_free char *max_user_ns = NULL;
430 max_user_ns = load_file_at (AT_FDCWD, "/proc/sys/user/max_user_namespaces");
431 if (max_user_ns != NULL && strcmp(max_user_ns, "0\n") == 0)
432- disabled = TRUE;
433+ disabled = true;
434 }
435
436 /* Debian lets you disable *unprivileged* user namespaces. However this is not
437@@ -2835,7 +2835,7 @@ main (int argc,
438 already, and there is not much we can do, its just a non-working setup. */
439
440 if (!disabled)
441- opt_unshare_user = TRUE;
442+ opt_unshare_user = true;
443 }
444
445 if (argc <= 0)
446@@ -2993,7 +2993,7 @@ main (int argc,
447 */
448 write_uid_gid_map (ns_uid, real_uid,
449 ns_gid, real_gid,
450- pid, TRUE, opt_needs_devpts);
451+ pid, true, opt_needs_devpts);
452 }
453
454 /* Initial launched process, wait for pid 1 or exec:ed command to exit */
455@@ -3002,7 +3002,7 @@ main (int argc,
456 die_with_error ("Setting userns2 failed");
457
458 /* We don't need any privileges in the launcher, drop them immediately. */
459- drop_privs (FALSE, FALSE);
460+ drop_privs (false, false);
461
462 /* Optionally bind our lifecycle to that of the parent */
463 handle_die_with_parent ();
464@@ -3010,17 +3010,17 @@ main (int argc,
465 if (opt_info_fd != -1)
466 {
467 cleanup_free char *output = xasprintf ("{\n \"child-pid\": %i", pid);
468- dump_info (opt_info_fd, output, TRUE);
469- namespace_ids_write (opt_info_fd, FALSE);
470- dump_info (opt_info_fd, "\n}\n", TRUE);
471+ dump_info (opt_info_fd, output, true);
472+ namespace_ids_write (opt_info_fd, false);
473+ dump_info (opt_info_fd, "\n}\n", true);
474 close (opt_info_fd);
475 }
476 if (opt_json_status_fd != -1)
477 {
478 cleanup_free char *output = xasprintf ("{ \"child-pid\": %i", pid);
479- dump_info (opt_json_status_fd, output, TRUE);
480- namespace_ids_write (opt_json_status_fd, TRUE);
481- dump_info (opt_json_status_fd, " }\n", TRUE);
482+ dump_info (opt_json_status_fd, output, true);
483+ namespace_ids_write (opt_json_status_fd, true);
484+ dump_info (opt_json_status_fd, " }\n", true);
485 }
486
487 if (opt_userns_block_fd != -1)
488@@ -3116,7 +3116,7 @@ main (int argc,
489
490 write_uid_gid_map (ns_uid, real_uid,
491 ns_gid, real_gid,
492- -1, TRUE, FALSE);
493+ -1, true, false);
494 }
495
496 old_umask = umask (0);
497@@ -3177,7 +3177,7 @@ main (int argc,
498 if (child == 0)
499 {
500 /* Unprivileged setup process */
501- drop_privs (FALSE, TRUE);
502+ drop_privs (false, true);
503 close (privsep_sockets[0]);
504 setup_newroot (opt_unshare_pid, privsep_sockets[1]);
505 exit (0);
506@@ -3289,11 +3289,11 @@ main (int argc,
507 die_with_error ("unshare user ns");
508
509 /* We're in a new user namespace, we got back the bounding set, clear it again */
510- drop_cap_bounding_set (FALSE);
511+ drop_cap_bounding_set (false);
512
513 write_uid_gid_map (opt_sandbox_uid, ns_uid,
514 opt_sandbox_gid, ns_gid,
515- -1, FALSE, FALSE);
516+ -1, false, false);
517 }
518
519 if (opt_disable_userns || opt_assert_userns_disabled)
520@@ -3306,7 +3306,7 @@ main (int argc,
521 }
522
523 /* All privileged ops are done now, so drop caps we don't need */
524- drop_privs (!is_privileged, TRUE);
525+ drop_privs (!is_privileged, true);
526
527 if (opt_block_fd != -1)
528 {
529@@ -3370,7 +3370,7 @@ main (int argc,
530
531 if (pid != 0)
532 {
533- drop_all_caps (FALSE);
534+ drop_all_caps (false);
535
536 /* Close fds in pid 1, except stdio and optionally event_fd
537 (for syncing pid 2 lifetime with monitor_child) and
538diff --git a/utils.c b/utils.c
539index 43c8d79..7c562b1 100644
540--- a/utils.c
541+++ b/utils.c
542@@ -206,7 +206,7 @@ bool
543 has_path_prefix (const char *str,
544 const char *prefix)
545 {
546- while (TRUE)
547+ while (true)
548 {
549 /* Skip consecutive slashes to reach next path
550 element */
551@@ -217,13 +217,13 @@ has_path_prefix (const char *str,
552
553 /* No more prefix path elements? Done! */
554 if (*prefix == 0)
555- return TRUE;
556+ return true;
557
558 /* Compare path element */
559 while (*prefix != 0 && *prefix != '/')
560 {
561 if (*str != *prefix)
562- return FALSE;
563+ return false;
564 str++;
565 prefix++;
566 }
567@@ -231,7 +231,7 @@ has_path_prefix (const char *str,
568 /* Matched prefix path element,
569 must be entire str path element */
570 if (*str != '/' && *str != 0)
571- return FALSE;
572+ return false;
573 }
574 }
575
576@@ -239,7 +239,7 @@ bool
577 path_equal (const char *path1,
578 const char *path2)
579 {
580- while (TRUE)
581+ while (true)
582 {
583 /* Skip consecutive slashes to reach next path
584 element */
585@@ -256,14 +256,14 @@ path_equal (const char *path1,
586 while (*path1 != 0 && *path1 != '/')
587 {
588 if (*path1 != *path2)
589- return FALSE;
590+ return false;
591 path1++;
592 path2++;
593 }
594
595 /* Matched path1 path element, must be entire path element */
596 if (*path2 != '/' && *path2 != 0)
597- return FALSE;
598+ return false;
599 }
600 }
601
602@@ -526,7 +526,7 @@ copy_file_data (int sfd,
603 char buffer[BUFSIZE];
604 ssize_t bytes_read;
605
606- while (TRUE)
607+ while (true)
608 {
609 bytes_read = read (sfd, buffer, BUFSIZE);
610 if (bytes_read == -1)
611diff --git a/utils.h b/utils.h
612index 9f17297..2c37ccb 100644
613--- a/utils.h
614+++ b/utils.h
615@@ -24,6 +24,7 @@
616 #include <errno.h>
617 #include <fcntl.h>
618 #include <stdarg.h>
619+#include <stdbool.h>
620 #include <stdio.h>
621 #include <stdlib.h>
622 #include <string.h>
623@@ -41,10 +42,6 @@
624
625 #define N_ELEMENTS(arr) (sizeof (arr) / sizeof ((arr)[0]))
626
627-#define TRUE 1
628-#define FALSE 0
629-typedef int bool;
630-
631 #define PIPE_READ_END 0
632 #define PIPE_WRITE_END 1
633
diff --git a/meta-oe/recipes-security/bubblewrap/bubblewrap_0.8.0.bb b/meta-oe/recipes-security/bubblewrap/bubblewrap_0.10.0.bb
index 06c42addbf..41ab0cfc32 100644
--- a/meta-oe/recipes-security/bubblewrap/bubblewrap_0.8.0.bb
+++ b/meta-oe/recipes-security/bubblewrap/bubblewrap_0.10.0.bb
@@ -5,8 +5,11 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=5f30f0716dfdd0d91eb439ebec522ec2"
5 5
6DEPENDS = "libcap" 6DEPENDS = "libcap"
7 7
8SRC_URI = "https://github.com/containers/${BPN}/releases/download/v${PV}/${BP}.tar.xz" 8SRC_URI = " \
9SRC_URI[sha256sum] = "957ad1149db9033db88e988b12bcebe349a445e1efc8a9b59ad2939a113d333a" 9 https://github.com/containers/${BPN}/releases/download/v${PV}/${BP}.tar.xz \
10 file://0001-Use-stdbool.h-for-booleans.patch \
11"
12SRC_URI[sha256sum] = "65d92cf44a63a51e1b7771f70c05013dce5bd6b0b2841c4b4be54b0c45565471"
10 13
11inherit autotools bash-completion github-releases manpages pkgconfig 14inherit autotools bash-completion github-releases manpages pkgconfig
12 15
diff --git a/meta-oe/recipes-security/kernel-hardening-checker/kernel-hardening-checker_0.6.10.bb b/meta-oe/recipes-security/kernel-hardening-checker/kernel-hardening-checker_0.6.10.bb
new file mode 100644
index 0000000000..e7610ac785
--- /dev/null
+++ b/meta-oe/recipes-security/kernel-hardening-checker/kernel-hardening-checker_0.6.10.bb
@@ -0,0 +1,34 @@
1SUMMARY = "A tool for checking the security hardening options of the Linux kernel"
2DESCRIPTION = "\
3 There are plenty of security hardening options for the Linux kernel; Kconfig \
4 options (compile-time); Kernel cmdline arguments (boot-time); Sysctl \
5 parameters (runtime). A lot of them have to be enabled manually to make the \
6 system more secure which is difficult to track. This tool helps with this \
7 task by checking and reporting about the settings compared to a list of \
8 recommendation. \
9"
10HOMEPAGE = "https://github.com/a13xp0p0v/kernel-hardening-checker"
11BUGTRACKER = "https://github.com/a13xp0p0v/kernel-hardening-checker/issues"
12LICENSE = "GPL-3.0-only"
13LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=d32239bcb673463ab874e80d47fae504"
14
15SRC_URI = "git://github.com/a13xp0p0v/kernel-hardening-checker;protocol=https;branch=master"
16SRCREV = "f4dbe258ff3d37489962ea9cf210192ae7ff9280"
17
18
19PACKAGE_ARCH = "${MACHINE_ARCH}"
20
21RDEPENDS:${PN} = "\
22 python3-json \
23"
24
25# /boot/config is required for the analysis
26RRECOMMENDS:${PN}:class-target = "\
27 kernel-dev \
28"
29
30inherit setuptools3
31
32# allow to run on build host, if you don't want it in the image
33# oe-run-native kernel-hardening-checker-native kernel-hardening-checker ...
34BBCLASSEXTEND = "native"
diff --git a/meta-oe/recipes-security/keyutils/keyutils_1.6.3.bb b/meta-oe/recipes-security/keyutils/keyutils_1.6.3.bb
index 7b3d728216..86f45656f6 100644
--- a/meta-oe/recipes-security/keyutils/keyutils_1.6.3.bb
+++ b/meta-oe/recipes-security/keyutils/keyutils_1.6.3.bb
@@ -26,7 +26,6 @@ SRC_URI = "git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git;p
26 " 26 "
27SRCREV = "cb3bb194cca88211cbfcdde2f10c0f43c3fb8ec3" 27SRCREV = "cb3bb194cca88211cbfcdde2f10c0f43c3fb8ec3"
28 28
29S = "${WORKDIR}/git"
30 29
31PACKAGECONFIG ?= "" 30PACKAGECONFIG ?= ""
32PACKAGECONFIG[manpages] = "" 31PACKAGECONFIG[manpages] = ""
diff --git a/meta-oe/recipes-security/nmap/files/0001-Make-ndiff-support-python3.patch b/meta-oe/recipes-security/nmap/files/0001-Make-ndiff-support-python3.patch
deleted file mode 100644
index 2ca18b0efb..0000000000
--- a/meta-oe/recipes-security/nmap/files/0001-Make-ndiff-support-python3.patch
+++ /dev/null
@@ -1,1720 +0,0 @@
1From bbbf474b2ebdbdac4d557e3351210f3fe2175c33 Mon Sep 17 00:00:00 2001
2From: Mingli Yu <mingli.yu@windriver.com>
3Date: Fri, 14 Feb 2020 10:09:55 +0000
4Subject: [PATCH] Make ndiff support python3
5
6Backport a patch from debian to make ndiff support
7python3.
8
9Refer to https://sources.debian.org/data/main/n/nmap/7.80+dfsg1-2/debian/patches/0004-Python3-port-of-ndiff.patch
10
11Upstream-Status: Pending
12
13Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
14---
15 Makefile.in | 12 +-
16 ndiff/ndiff.py | 495 +++++++++++++++++-----------------
17 ndiff/ndifftest.py | 94 +++----
18 ndiff/scripts/ndiff | 14 +-
19 ndiff/setup.py | 34 +--
20 ndiff/test-scans/anonymize.py | 18 +-
21 6 files changed, 333 insertions(+), 334 deletions(-)
22 mode change 100644 => 100755 ndiff/setup.py
23
24diff --git a/Makefile.in b/Makefile.in
25index eee8863..32f86ba 100644
26--- a/Makefile.in
27+++ b/Makefile.in
28@@ -35,6 +35,7 @@ ZENMAPDIR = @ZENMAPDIR@
29 NDIFFDIR = @NDIFFDIR@
30 NPINGDIR = @NPINGDIR@
31 PYTHON = @PYTHON@
32+PYTHON3 = /usr/bin/env python3
33 DEFS = @DEFS@ -DNMAP_PLATFORM=\"$(NMAP_PLATFORM)\" -DNMAPDATADIR=\"$(nmapdatadir)\"
34 # With GCC, add extra security checks to source code.
35 # http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html
36@@ -260,7 +261,7 @@ clean-zenmap:
37 rm -f $(ZENMAPDIR)/zenmapCore/Name.pyc
38
39 clean-ndiff:
40- -cd $(NDIFFDIR) && $(PYTHON) setup.py clean --all
41+ -cd $(NDIFFDIR) && $(PYTHON3) setup.py clean --all
42
43 clean-nping:
44 -cd $(NPINGDIR) && $(MAKE) clean
45@@ -368,6 +369,7 @@ tests/check_dns: $(OBJS)
46 # this as the location of the interpreter whenever we're not doing a
47 # local installation.
48 DEFAULT_PYTHON_PATH = /usr/bin/env python
49+DEFAULT_PYTHON3_PATH = /usr/bin/env python3
50
51 build-zenmap: $(ZENMAPDIR)/setup.py $(ZENMAPDIR)/zenmapCore/Version.py
52 # When DESTDIR is defined, assume we're building an executable
53@@ -388,13 +390,13 @@ install-zenmap: $(ZENMAPDIR)/setup.py
54 ln -sf zenmap $(DESTDIR)$(bindir)/xnmap
55
56 build-ndiff:
57- cd $(NDIFFDIR) && $(PYTHON) setup.py build $(if $(DESTDIR),--executable "$(DEFAULT_PYTHON_PATH)")
58+ cd $(NDIFFDIR) && $(PYTHON3) setup.py build $(if $(DESTDIR),--executable "$(DEFAULT_PYTHON3_PATH)")
59
60 build-nping: $(NPINGDIR)/Makefile build-nbase build-nsock build-netutil $(NPINGDIR)/nping.h @DNET_BUILD@ @PCAP_BUILD@
61 @cd $(NPINGDIR) && $(MAKE)
62
63 install-ndiff:
64- cd $(NDIFFDIR) && $(PYTHON) setup.py install --prefix "$(prefix)" --install-lib="${PYTHON_SITEPACKAGES_DIR}" $(if $(DESTDIR),--root "$(DESTDIR)")
65+ cd $(NDIFFDIR) && $(PYTHON3) setup.py install --prefix "$(prefix)" --install-lib="${PYTHON_SITEPACKAGES_DIR}" $(if $(DESTDIR),--root "$(DESTDIR)")
66
67 NSE_FILES = scripts/script.db scripts/*.nse
68 NSE_LIB_LUA_FILES = nselib/*.lua nselib/*.luadoc
69@@ -443,7 +445,7 @@ uninstall-zenmap:
70 rm -f $(DESTDIR)$(bindir)/xnmap
71
72 uninstall-ndiff:
73- cd $(NDIFFDIR) && $(PYTHON) setup.py uninstall
74+ cd $(NDIFFDIR) && $(PYTHON3) setup.py uninstall
75
76 uninstall-ncat:
77 @cd $(NCATDIR) && $(MAKE) uninstall
78@@ -458,7 +460,7 @@ check-ncat:
79 @cd $(NCATDIR) && $(MAKE) check
80
81 check-ndiff:
82- @cd $(NDIFFDIR) && $(PYTHON) ndifftest.py
83+ @cd $(NDIFFDIR) && $(PYTHON3) ndifftest.py
84
85 check-nsock:
86 @cd $(NSOCKDIR)/src && $(MAKE) check
87diff --git a/ndiff/ndiff.py b/ndiff/ndiff.py
88index 043273f..abbd1c5 100755
89--- a/ndiff/ndiff.py
90+++ b/ndiff/ndiff.py
91@@ -1,4 +1,4 @@
92-#!/usr/bin/env python
93+#!/usr/bin/env python3
94
95 # Ndiff
96 #
97@@ -26,11 +26,11 @@ xml.__path__ = [x for x in xml.__path__ if "_xmlplus" not in x]
98 import xml.sax
99 import xml.sax.saxutils
100 import xml.dom.minidom
101-from StringIO import StringIO
102+from io import StringIO
103
104 verbose = False
105
106-NDIFF_XML_VERSION = u"1"
107+NDIFF_XML_VERSION = "1"
108
109
110 class OverrideEntityResolver(xml.sax.handler.EntityResolver):
111@@ -78,35 +78,35 @@ class Scan(object):
112 def write_nmaprun_open(self, writer):
113 attrs = {}
114 if self.scanner is not None:
115- attrs[u"scanner"] = self.scanner
116+ attrs["scanner"] = self.scanner
117 if self.args is not None:
118- attrs[u"args"] = self.args
119+ attrs["args"] = self.args
120 if self.start_date is not None:
121- attrs[u"start"] = "%d" % time.mktime(self.start_date.timetuple())
122- attrs[u"startstr"] = self.start_date.strftime(
123+ attrs["start"] = "%d" % time.mktime(self.start_date.timetuple())
124+ attrs["startstr"] = self.start_date.strftime(
125 "%a %b %d %H:%M:%S %Y")
126 if self.version is not None:
127- attrs[u"version"] = self.version
128- writer.startElement(u"nmaprun", attrs)
129+ attrs["version"] = self.version
130+ writer.startElement("nmaprun", attrs)
131
132 def write_nmaprun_close(self, writer):
133- writer.endElement(u"nmaprun")
134+ writer.endElement("nmaprun")
135
136 def nmaprun_to_dom_fragment(self, document):
137 frag = document.createDocumentFragment()
138- elem = document.createElement(u"nmaprun")
139+ elem = document.createElement("nmaprun")
140 if self.scanner is not None:
141- elem.setAttribute(u"scanner", self.scanner)
142+ elem.setAttribute("scanner", self.scanner)
143 if self.args is not None:
144- elem.setAttribute(u"args", self.args)
145+ elem.setAttribute("args", self.args)
146 if self.start_date is not None:
147 elem.setAttribute(
148- u"start", "%d" % time.mktime(self.start_date.timetuple()))
149+ "start", "%d" % time.mktime(self.start_date.timetuple()))
150 elem.setAttribute(
151- u"startstr",
152+ "startstr",
153 self.start_date.strftime("%a %b %d %H:%M:%S %Y"))
154 if self.version is not None:
155- elem.setAttribute(u"version", self.version)
156+ elem.setAttribute("version", self.version)
157 frag.appendChild(elem)
158 return frag
159
160@@ -136,17 +136,17 @@ class Host(object):
161
162 def format_name(self):
163 """Return a human-readable identifier for this host."""
164- address_s = u", ".join(a.s for a in sorted(self.addresses))
165- hostname_s = u", ".join(sorted(self.hostnames))
166+ address_s = ", ".join(a.s for a in sorted(self.addresses))
167+ hostname_s = ", ".join(sorted(self.hostnames))
168 if len(hostname_s) > 0:
169 if len(address_s) > 0:
170- return u"%s (%s)" % (hostname_s, address_s)
171+ return "%s (%s)" % (hostname_s, address_s)
172 else:
173 return hostname_s
174 elif len(address_s) > 0:
175 return address_s
176 else:
177- return u"<no name>"
178+ return "<no name>"
179
180 def add_port(self, port):
181 self.ports[port.spec] = port
182@@ -163,46 +163,46 @@ class Host(object):
183 return state is None or state in self.extraports
184
185 def extraports_string(self):
186- list = [(count, state) for (state, count) in self.extraports.items()]
187+ locallist = [(count, state) for (state, count) in list(self.extraports.items())]
188 # Reverse-sort by count.
189- list.sort(reverse=True)
190- return u", ".join(
191- [u"%d %s ports" % (count, state) for (count, state) in list])
192+ locallist.sort(reverse=True)
193+ return ", ".join(
194+ ["%d %s ports" % (count, state) for (count, state) in locallist])
195
196 def state_to_dom_fragment(self, document):
197 frag = document.createDocumentFragment()
198 if self.state is not None:
199- elem = document.createElement(u"status")
200- elem.setAttribute(u"state", self.state)
201+ elem = document.createElement("status")
202+ elem.setAttribute("state", self.state)
203 frag.appendChild(elem)
204 return frag
205
206 def hostname_to_dom_fragment(self, document, hostname):
207 frag = document.createDocumentFragment()
208- elem = document.createElement(u"hostname")
209- elem.setAttribute(u"name", hostname)
210+ elem = document.createElement("hostname")
211+ elem.setAttribute("name", hostname)
212 frag.appendChild(elem)
213 return frag
214
215 def extraports_to_dom_fragment(self, document):
216 frag = document.createDocumentFragment()
217- for state, count in self.extraports.items():
218- elem = document.createElement(u"extraports")
219- elem.setAttribute(u"state", state)
220- elem.setAttribute(u"count", unicode(count))
221+ for state, count in list(self.extraports.items()):
222+ elem = document.createElement("extraports")
223+ elem.setAttribute("state", state)
224+ elem.setAttribute("count", str(count))
225 frag.appendChild(elem)
226 return frag
227
228 def os_to_dom_fragment(self, document, os):
229 frag = document.createDocumentFragment()
230- elem = document.createElement(u"osmatch")
231- elem.setAttribute(u"name", os)
232+ elem = document.createElement("osmatch")
233+ elem.setAttribute("name", os)
234 frag.appendChild(elem)
235 return frag
236
237 def to_dom_fragment(self, document):
238 frag = document.createDocumentFragment()
239- elem = document.createElement(u"host")
240+ elem = document.createElement("host")
241
242 if self.state is not None:
243 elem.appendChild(self.state_to_dom_fragment(document))
244@@ -211,13 +211,13 @@ class Host(object):
245 elem.appendChild(addr.to_dom_fragment(document))
246
247 if len(self.hostnames) > 0:
248- hostnames_elem = document.createElement(u"hostnames")
249+ hostnames_elem = document.createElement("hostnames")
250 for hostname in self.hostnames:
251 hostnames_elem.appendChild(
252 self.hostname_to_dom_fragment(document, hostname))
253 elem.appendChild(hostnames_elem)
254
255- ports_elem = document.createElement(u"ports")
256+ ports_elem = document.createElement("ports")
257 ports_elem.appendChild(self.extraports_to_dom_fragment(document))
258 for port in sorted(self.ports.values()):
259 if not self.is_extraports(port.state):
260@@ -226,13 +226,13 @@ class Host(object):
261 elem.appendChild(ports_elem)
262
263 if len(self.os) > 0:
264- os_elem = document.createElement(u"os")
265+ os_elem = document.createElement("os")
266 for os in self.os:
267 os_elem.appendChild(self.os_to_dom_fragment(document, os))
268 elem.appendChild(os_elem)
269
270 if len(self.script_results) > 0:
271- hostscript_elem = document.createElement(u"hostscript")
272+ hostscript_elem = document.createElement("hostscript")
273 for sr in self.script_results:
274 hostscript_elem.appendChild(sr.to_dom_fragment(document))
275 elem.appendChild(hostscript_elem)
276@@ -246,7 +246,7 @@ class Address(object):
277 self.s = s
278
279 def __eq__(self, other):
280- return self.__cmp__(other) == 0
281+ return self.sort_key() == other.sort_key()
282
283 def __ne__(self, other):
284 return not self.__eq__(other)
285@@ -254,8 +254,8 @@ class Address(object):
286 def __hash__(self):
287 return hash(self.sort_key())
288
289- def __cmp__(self, other):
290- return cmp(self.sort_key(), other.sort_key())
291+ def __lt__(self, other):
292+ return self.sort_key() < other.sort_key()
293
294 def __str__(self):
295 return str(self.s)
296@@ -264,21 +264,21 @@ class Address(object):
297 return self.s
298
299 def new(type, s):
300- if type == u"ipv4":
301+ if type == "ipv4":
302 return IPv4Address(s)
303- elif type == u"ipv6":
304+ elif type == "ipv6":
305 return IPv6Address(s)
306- elif type == u"mac":
307+ elif type == "mac":
308 return MACAddress(s)
309 else:
310- raise ValueError(u"Unknown address type %s." % type)
311+ raise ValueError("Unknown address type %s." % type)
312 new = staticmethod(new)
313
314 def to_dom_fragment(self, document):
315 frag = document.createDocumentFragment()
316- elem = document.createElement(u"address")
317- elem.setAttribute(u"addr", self.s)
318- elem.setAttribute(u"addrtype", self.type)
319+ elem = document.createElement("address")
320+ elem.setAttribute("addr", self.s)
321+ elem.setAttribute("addrtype", self.type)
322 frag.appendChild(elem)
323 return frag
324
325@@ -287,21 +287,21 @@ class Address(object):
326
327
328 class IPv4Address(Address):
329- type = property(lambda self: u"ipv4")
330+ type = property(lambda self: "ipv4")
331
332 def sort_key(self):
333 return (0, self.s)
334
335
336 class IPv6Address(Address):
337- type = property(lambda self: u"ipv6")
338+ type = property(lambda self: "ipv6")
339
340 def sort_key(self):
341 return (1, self.s)
342
343
344 class MACAddress(Address):
345- type = property(lambda self: u"mac")
346+ type = property(lambda self: "mac")
347
348 def sort_key(self):
349 return (2, self.s)
350@@ -320,28 +320,25 @@ class Port(object):
351
352 def state_string(self):
353 if self.state is None:
354- return u"unknown"
355+ return "unknown"
356 else:
357- return unicode(self.state)
358+ return str(self.state)
359
360 def spec_string(self):
361- return u"%d/%s" % self.spec
362+ return "%d/%s" % self.spec
363
364- def __cmp__(self, other):
365- d = cmp(self.spec, other.spec)
366- if d != 0:
367- return d
368- return cmp((self.spec, self.service, self.script_results),
369- (other.spec, other.service, other.script_results))
370+ def __lt__(self, other):
371+ return (self.spec, self.service, self.script_results) < (
372+ other.spec, other.service, other.script_results)
373
374 def to_dom_fragment(self, document):
375 frag = document.createDocumentFragment()
376- elem = document.createElement(u"port")
377- elem.setAttribute(u"portid", unicode(self.spec[0]))
378- elem.setAttribute(u"protocol", self.spec[1])
379+ elem = document.createElement("port")
380+ elem.setAttribute("portid", str(self.spec[0]))
381+ elem.setAttribute("protocol", self.spec[1])
382 if self.state is not None:
383- state_elem = document.createElement(u"state")
384- state_elem.setAttribute(u"state", self.state)
385+ state_elem = document.createElement("state")
386+ state_elem.setAttribute("state", self.state)
387 elem.appendChild(state_elem)
388 elem.appendChild(self.service.to_dom_fragment(document))
389 for sr in self.script_results:
390@@ -385,7 +382,7 @@ class Service(object):
391 if len(parts) == 0:
392 return None
393 else:
394- return u"/".join(parts)
395+ return "/".join(parts)
396
397 def version_string(self):
398 """Get a string like in the VERSION column of Nmap output."""
399@@ -395,17 +392,17 @@ class Service(object):
400 if self.version is not None:
401 parts.append(self.version)
402 if self.extrainfo is not None:
403- parts.append(u"(%s)" % self.extrainfo)
404+ parts.append("(%s)" % self.extrainfo)
405
406 if len(parts) == 0:
407 return None
408 else:
409- return u" ".join(parts)
410+ return " ".join(parts)
411
412 def to_dom_fragment(self, document):
413 frag = document.createDocumentFragment()
414- elem = document.createElement(u"service")
415- for attr in (u"name", u"product", u"version", u"extrainfo", u"tunnel"):
416+ elem = document.createElement("service")
417+ for attr in ("name", "product", "version", "extrainfo", "tunnel"):
418 v = getattr(self, attr)
419 if v is None:
420 continue
421@@ -435,53 +432,53 @@ class ScriptResult(object):
422 result = []
423 lines = self.output.splitlines()
424 if len(lines) > 0:
425- lines[0] = self.id + u": " + lines[0]
426+ lines[0] = self.id + ": " + lines[0]
427 for line in lines[:-1]:
428- result.append(u"| " + line)
429+ result.append("| " + line)
430 if len(lines) > 0:
431- result.append(u"|_ " + lines[-1])
432+ result.append("|_ " + lines[-1])
433 return result
434
435 def to_dom_fragment(self, document):
436 frag = document.createDocumentFragment()
437- elem = document.createElement(u"script")
438- elem.setAttribute(u"id", self.id)
439- elem.setAttribute(u"output", self.output)
440+ elem = document.createElement("script")
441+ elem.setAttribute("id", self.id)
442+ elem.setAttribute("output", self.output)
443 frag.appendChild(elem)
444 return frag
445
446
447 def format_banner(scan):
448 """Format a startup banner more or less like Nmap does."""
449- scanner = u"Nmap"
450- if scan.scanner is not None and scan.scanner != u"nmap":
451+ scanner = "Nmap"
452+ if scan.scanner is not None and scan.scanner != "nmap":
453 scanner = scan.scanner
454 parts = [scanner]
455 if scan.version is not None:
456 parts.append(scan.version)
457- parts.append(u"scan")
458+ parts.append("scan")
459 if scan.start_date is not None:
460- parts.append(u"initiated %s" % scan.start_date.strftime(
461+ parts.append("initiated %s" % scan.start_date.strftime(
462 "%a %b %d %H:%M:%S %Y"))
463 if scan.args is not None:
464- parts.append(u"as: %s" % scan.args)
465- return u" ".join(parts)
466+ parts.append("as: %s" % scan.args)
467+ return " ".join(parts)
468
469
470 def print_script_result_diffs_text(title, script_results_a, script_results_b,
471 script_result_diffs, f=sys.stdout):
472- table = Table(u"*")
473+ table = Table("*")
474 for sr_diff in script_result_diffs:
475 sr_diff.append_to_port_table(table)
476 if len(table) > 0:
477- print >> f
478+ print(file=f)
479 if len(script_results_b) == 0:
480- print >> f, u"-%s:" % title
481+ print("-%s:" % title, file=f)
482 elif len(script_results_a) == 0:
483- print >> f, u"+%s:" % title
484+ print("+%s:" % title, file=f)
485 else:
486- print >> f, u" %s:" % title
487- print >> f, table
488+ print(" %s:" % title, file=f)
489+ print(table, file=f)
490
491
492 def script_result_diffs_to_dom_fragment(elem, script_results_a,
493@@ -489,13 +486,13 @@ def script_result_diffs_to_dom_fragment(elem, script_results_a,
494 if len(script_results_a) == 0 and len(script_results_b) == 0:
495 return document.createDocumentFragment()
496 elif len(script_results_b) == 0:
497- a_elem = document.createElement(u"a")
498+ a_elem = document.createElement("a")
499 for sr in script_results_a:
500 elem.appendChild(sr.to_dom_fragment(document))
501 a_elem.appendChild(elem)
502 return a_elem
503 elif len(script_results_a) == 0:
504- b_elem = document.createElement(u"b")
505+ b_elem = document.createElement("b")
506 for sr in script_results_b:
507 elem.appendChild(sr.to_dom_fragment(document))
508 b_elem.appendChild(elem)
509@@ -581,10 +578,10 @@ class ScanDiffText(ScanDiff):
510 banner_a = format_banner(self.scan_a)
511 banner_b = format_banner(self.scan_b)
512 if banner_a != banner_b:
513- print >> self.f, u"-%s" % banner_a
514- print >> self.f, u"+%s" % banner_b
515+ print("-%s" % banner_a, file=self.f)
516+ print("+%s" % banner_b, file=self.f)
517 elif verbose:
518- print >> self.f, u" %s" % banner_a
519+ print(" %s" % banner_a, file=self.f)
520
521 def output_pre_scripts(self, pre_script_result_diffs):
522 print_script_result_diffs_text("Pre-scan script results",
523@@ -597,7 +594,7 @@ class ScanDiffText(ScanDiff):
524 post_script_result_diffs, self.f)
525
526 def output_host_diff(self, h_diff):
527- print >> self.f
528+ print(file=self.f)
529 h_diff.print_text(self.f)
530
531 def output_ending(self):
532@@ -622,8 +619,8 @@ class ScanDiffXML(ScanDiff):
533
534 def output_beginning(self):
535 self.writer.startDocument()
536- self.writer.startElement(u"nmapdiff", {u"version": NDIFF_XML_VERSION})
537- self.writer.startElement(u"scandiff", {})
538+ self.writer.startElement("nmapdiff", {"version": NDIFF_XML_VERSION})
539+ self.writer.startElement("scandiff", {})
540
541 if self.nmaprun_differs():
542 self.writer.frag_a(
543@@ -636,7 +633,7 @@ class ScanDiffXML(ScanDiff):
544
545 def output_pre_scripts(self, pre_script_result_diffs):
546 if len(pre_script_result_diffs) > 0 or verbose:
547- prescript_elem = self.document.createElement(u"prescript")
548+ prescript_elem = self.document.createElement("prescript")
549 frag = script_result_diffs_to_dom_fragment(
550 prescript_elem, self.scan_a.pre_script_results,
551 self.scan_b.pre_script_results, pre_script_result_diffs,
552@@ -646,7 +643,7 @@ class ScanDiffXML(ScanDiff):
553
554 def output_post_scripts(self, post_script_result_diffs):
555 if len(post_script_result_diffs) > 0 or verbose:
556- postscript_elem = self.document.createElement(u"postscript")
557+ postscript_elem = self.document.createElement("postscript")
558 frag = script_result_diffs_to_dom_fragment(
559 postscript_elem, self.scan_a.post_script_results,
560 self.scan_b.post_script_results, post_script_result_diffs,
561@@ -660,8 +657,8 @@ class ScanDiffXML(ScanDiff):
562 frag.unlink()
563
564 def output_ending(self):
565- self.writer.endElement(u"scandiff")
566- self.writer.endElement(u"nmapdiff")
567+ self.writer.endElement("scandiff")
568+ self.writer.endElement("nmapdiff")
569 self.writer.endDocument()
570
571
572@@ -719,9 +716,9 @@ class HostDiff(object):
573 self.cost += os_cost
574
575 extraports_a = tuple((count, state)
576- for (state, count) in self.host_a.extraports.items())
577+ for (state, count) in list(self.host_a.extraports.items()))
578 extraports_b = tuple((count, state)
579- for (state, count) in self.host_b.extraports.items())
580+ for (state, count) in list(self.host_b.extraports.items()))
581 if extraports_a != extraports_b:
582 self.extraports_changed = True
583 self.cost += 1
584@@ -747,69 +744,69 @@ class HostDiff(object):
585 # Names and addresses.
586 if self.id_changed:
587 if host_a.state is not None:
588- print >> f, u"-%s:" % host_a.format_name()
589+ print("-%s:" % host_a.format_name(), file=f)
590 if self.host_b.state is not None:
591- print >> f, u"+%s:" % host_b.format_name()
592+ print("+%s:" % host_b.format_name(), file=f)
593 else:
594- print >> f, u" %s:" % host_a.format_name()
595+ print(" %s:" % host_a.format_name(), file=f)
596
597 # State.
598 if self.state_changed:
599 if host_a.state is not None:
600- print >> f, u"-Host is %s." % host_a.state
601+ print("-Host is %s." % host_a.state, file=f)
602 if host_b.state is not None:
603- print >> f, u"+Host is %s." % host_b.state
604+ print("+Host is %s." % host_b.state, file=f)
605 elif verbose:
606- print >> f, u" Host is %s." % host_b.state
607+ print(" Host is %s." % host_b.state, file=f)
608
609 # Extraports.
610 if self.extraports_changed:
611 if len(host_a.extraports) > 0:
612- print >> f, u"-Not shown: %s" % host_a.extraports_string()
613+ print("-Not shown: %s" % host_a.extraports_string(), file=f)
614 if len(host_b.extraports) > 0:
615- print >> f, u"+Not shown: %s" % host_b.extraports_string()
616+ print("+Not shown: %s" % host_b.extraports_string(), file=f)
617 elif verbose:
618 if len(host_a.extraports) > 0:
619- print >> f, u" Not shown: %s" % host_a.extraports_string()
620+ print(" Not shown: %s" % host_a.extraports_string(), file=f)
621
622 # Port table.
623- port_table = Table(u"** * * *")
624+ port_table = Table("** * * *")
625 if host_a.state is None:
626- mark = u"+"
627+ mark = "+"
628 elif host_b.state is None:
629- mark = u"-"
630+ mark = "-"
631 else:
632- mark = u" "
633- port_table.append((mark, u"PORT", u"STATE", u"SERVICE", u"VERSION"))
634+ mark = " "
635+ port_table.append((mark, "PORT", "STATE", "SERVICE", "VERSION"))
636
637 for port in self.ports:
638 port_diff = self.port_diffs[port]
639 port_diff.append_to_port_table(port_table, host_a, host_b)
640
641 if len(port_table) > 1:
642- print >> f, port_table
643+ print(port_table, file=f)
644
645 # OS changes.
646 if self.os_changed or verbose:
647 if len(host_a.os) > 0:
648 if len(host_b.os) > 0:
649- print >> f, u" OS details:"
650+ print(" OS details:", file=f)
651 else:
652- print >> f, u"-OS details:"
653+ print("-OS details:", file=f)
654 elif len(host_b.os) > 0:
655- print >> f, u"+OS details:"
656+ print("+OS details:", file=f)
657 # os_diffs is a list of 5-tuples returned by
658 # difflib.SequenceMatcher.
659 for op, i1, i2, j1, j2 in self.os_diffs:
660 if op == "replace" or op == "delete":
661 for i in range(i1, i2):
662- print >> f, "- %s" % host_a.os[i]
663+ print("- %s" % host_a.os[i], file=f)
664 if op == "replace" or op == "insert":
665 for i in range(j1, j2):
666- print >> f, "+ %s" % host_b.os[i]
667+ print("+ %s" % host_b.os[i], file=f)
668 if op == "equal":
669 for i in range(i1, i2):
670- print >> f, " %s" % host_a.os[i]
671+ print(" %s" % host_a.os[i], file=f)
672
673 print_script_result_diffs_text("Host script results",
674 host_a.script_results, host_b.script_results,
675@@ -820,32 +817,32 @@ class HostDiff(object):
676 host_b = self.host_b
677
678 frag = document.createDocumentFragment()
679- hostdiff_elem = document.createElement(u"hostdiff")
680+ hostdiff_elem = document.createElement("hostdiff")
681 frag.appendChild(hostdiff_elem)
682
683 if host_a.state is None or host_b.state is None:
684 # The host is missing in one scan. Output the whole thing.
685 if host_a.state is not None:
686- a_elem = document.createElement(u"a")
687+ a_elem = document.createElement("a")
688 a_elem.appendChild(host_a.to_dom_fragment(document))
689 hostdiff_elem.appendChild(a_elem)
690 elif host_b.state is not None:
691- b_elem = document.createElement(u"b")
692+ b_elem = document.createElement("b")
693 b_elem.appendChild(host_b.to_dom_fragment(document))
694 hostdiff_elem.appendChild(b_elem)
695 return frag
696
697- host_elem = document.createElement(u"host")
698+ host_elem = document.createElement("host")
699
700 # State.
701 if host_a.state == host_b.state:
702 if verbose:
703 host_elem.appendChild(host_a.state_to_dom_fragment(document))
704 else:
705- a_elem = document.createElement(u"a")
706+ a_elem = document.createElement("a")
707 a_elem.appendChild(host_a.state_to_dom_fragment(document))
708 host_elem.appendChild(a_elem)
709- b_elem = document.createElement(u"b")
710+ b_elem = document.createElement("b")
711 b_elem.appendChild(host_b.state_to_dom_fragment(document))
712 host_elem.appendChild(b_elem)
713
714@@ -854,31 +851,31 @@ class HostDiff(object):
715 addrset_b = set(host_b.addresses)
716 for addr in sorted(addrset_a.intersection(addrset_b)):
717 host_elem.appendChild(addr.to_dom_fragment(document))
718- a_elem = document.createElement(u"a")
719+ a_elem = document.createElement("a")
720 for addr in sorted(addrset_a - addrset_b):
721 a_elem.appendChild(addr.to_dom_fragment(document))
722 if a_elem.hasChildNodes():
723 host_elem.appendChild(a_elem)
724- b_elem = document.createElement(u"b")
725+ b_elem = document.createElement("b")
726 for addr in sorted(addrset_b - addrset_a):
727 b_elem.appendChild(addr.to_dom_fragment(document))
728 if b_elem.hasChildNodes():
729 host_elem.appendChild(b_elem)
730
731 # Host names.
732- hostnames_elem = document.createElement(u"hostnames")
733+ hostnames_elem = document.createElement("hostnames")
734 hostnameset_a = set(host_a.hostnames)
735 hostnameset_b = set(host_b.hostnames)
736 for hostname in sorted(hostnameset_a.intersection(hostnameset_b)):
737 hostnames_elem.appendChild(
738 host_a.hostname_to_dom_fragment(document, hostname))
739- a_elem = document.createElement(u"a")
740+ a_elem = document.createElement("a")
741 for hostname in sorted(hostnameset_a - hostnameset_b):
742 a_elem.appendChild(
743 host_a.hostname_to_dom_fragment(document, hostname))
744 if a_elem.hasChildNodes():
745 hostnames_elem.appendChild(a_elem)
746- b_elem = document.createElement(u"b")
747+ b_elem = document.createElement("b")
748 for hostname in sorted(hostnameset_b - hostnameset_a):
749 b_elem.appendChild(
750 host_b.hostname_to_dom_fragment(document, hostname))
751@@ -887,15 +884,15 @@ class HostDiff(object):
752 if hostnames_elem.hasChildNodes():
753 host_elem.appendChild(hostnames_elem)
754
755- ports_elem = document.createElement(u"ports")
756+ ports_elem = document.createElement("ports")
757 # Extraports.
758 if host_a.extraports == host_b.extraports:
759 ports_elem.appendChild(host_a.extraports_to_dom_fragment(document))
760 else:
761- a_elem = document.createElement(u"a")
762+ a_elem = document.createElement("a")
763 a_elem.appendChild(host_a.extraports_to_dom_fragment(document))
764 ports_elem.appendChild(a_elem)
765- b_elem = document.createElement(u"b")
766+ b_elem = document.createElement("b")
767 b_elem.appendChild(host_b.extraports_to_dom_fragment(document))
768 ports_elem.appendChild(b_elem)
769 # Port list.
770@@ -911,18 +908,18 @@ class HostDiff(object):
771
772 # OS changes.
773 if self.os_changed or verbose:
774- os_elem = document.createElement(u"os")
775+ os_elem = document.createElement("os")
776 # os_diffs is a list of 5-tuples returned by
777 # difflib.SequenceMatcher.
778 for op, i1, i2, j1, j2 in self.os_diffs:
779 if op == "replace" or op == "delete":
780- a_elem = document.createElement(u"a")
781+ a_elem = document.createElement("a")
782 for i in range(i1, i2):
783 a_elem.appendChild(host_a.os_to_dom_fragment(
784 document, host_a.os[i]))
785 os_elem.appendChild(a_elem)
786 if op == "replace" or op == "insert":
787- b_elem = document.createElement(u"b")
788+ b_elem = document.createElement("b")
789 for i in range(j1, j2):
790 b_elem.appendChild(host_b.os_to_dom_fragment(
791 document, host_b.os[i]))
792@@ -936,7 +933,7 @@ class HostDiff(object):
793
794 # Host script changes.
795 if len(self.script_result_diffs) > 0 or verbose:
796- hostscript_elem = document.createElement(u"hostscript")
797+ hostscript_elem = document.createElement("hostscript")
798 host_elem.appendChild(script_result_diffs_to_dom_fragment(
799 hostscript_elem, host_a.script_results,
800 host_b.script_results, self.script_result_diffs,
801@@ -989,38 +986,38 @@ class PortDiff(object):
802 self.port_b.service.version_string()]
803 if a_columns == b_columns:
804 if verbose or self.script_result_diffs > 0:
805- table.append([u" "] + a_columns)
806+ table.append([" "] + a_columns)
807 else:
808 if not host_a.is_extraports(self.port_a.state):
809- table.append([u"-"] + a_columns)
810+ table.append(["-"] + a_columns)
811 if not host_b.is_extraports(self.port_b.state):
812- table.append([u"+"] + b_columns)
813+ table.append(["+"] + b_columns)
814
815 for sr_diff in self.script_result_diffs:
816 sr_diff.append_to_port_table(table)
817
818 def to_dom_fragment(self, document):
819 frag = document.createDocumentFragment()
820- portdiff_elem = document.createElement(u"portdiff")
821+ portdiff_elem = document.createElement("portdiff")
822 frag.appendChild(portdiff_elem)
823 if (self.port_a.spec == self.port_b.spec and
824 self.port_a.state == self.port_b.state):
825- port_elem = document.createElement(u"port")
826- port_elem.setAttribute(u"portid", unicode(self.port_a.spec[0]))
827- port_elem.setAttribute(u"protocol", self.port_a.spec[1])
828+ port_elem = document.createElement("port")
829+ port_elem.setAttribute("portid", str(self.port_a.spec[0]))
830+ port_elem.setAttribute("protocol", self.port_a.spec[1])
831 if self.port_a.state is not None:
832- state_elem = document.createElement(u"state")
833- state_elem.setAttribute(u"state", self.port_a.state)
834+ state_elem = document.createElement("state")
835+ state_elem.setAttribute("state", self.port_a.state)
836 port_elem.appendChild(state_elem)
837 if self.port_a.service == self.port_b.service:
838 port_elem.appendChild(
839 self.port_a.service.to_dom_fragment(document))
840 else:
841- a_elem = document.createElement(u"a")
842+ a_elem = document.createElement("a")
843 a_elem.appendChild(
844 self.port_a.service.to_dom_fragment(document))
845 port_elem.appendChild(a_elem)
846- b_elem = document.createElement(u"b")
847+ b_elem = document.createElement("b")
848 b_elem.appendChild(
849 self.port_b.service.to_dom_fragment(document))
850 port_elem.appendChild(b_elem)
851@@ -1028,10 +1025,10 @@ class PortDiff(object):
852 port_elem.appendChild(sr_diff.to_dom_fragment(document))
853 portdiff_elem.appendChild(port_elem)
854 else:
855- a_elem = document.createElement(u"a")
856+ a_elem = document.createElement("a")
857 a_elem.appendChild(self.port_a.to_dom_fragment(document))
858 portdiff_elem.appendChild(a_elem)
859- b_elem = document.createElement(u"b")
860+ b_elem = document.createElement("b")
861 b_elem.appendChild(self.port_b.to_dom_fragment(document))
862 portdiff_elem.appendChild(b_elem)
863
864@@ -1086,13 +1083,13 @@ class ScriptResultDiff(object):
865 for op, i1, i2, j1, j2 in diffs.get_opcodes():
866 if op == "replace" or op == "delete":
867 for k in range(i1, i2):
868- table.append_raw(u"-" + a_lines[k])
869+ table.append_raw("-" + a_lines[k])
870 if op == "replace" or op == "insert":
871 for k in range(j1, j2):
872- table.append_raw(u"+" + b_lines[k])
873+ table.append_raw("+" + b_lines[k])
874 if op == "equal":
875 for k in range(i1, i2):
876- table.append_raw(u" " + a_lines[k])
877+ table.append_raw(" " + a_lines[k])
878
879 def to_dom_fragment(self, document):
880 frag = document.createDocumentFragment()
881@@ -1102,11 +1099,11 @@ class ScriptResultDiff(object):
882 frag.appendChild(self.sr_a.to_dom_fragment(document))
883 else:
884 if self.sr_a is not None:
885- a_elem = document.createElement(u"a")
886+ a_elem = document.createElement("a")
887 a_elem.appendChild(self.sr_a.to_dom_fragment(document))
888 frag.appendChild(a_elem)
889 if self.sr_b is not None:
890- b_elem = document.createElement(u"b")
891+ b_elem = document.createElement("b")
892 b_elem.appendChild(self.sr_b.to_dom_fragment(document))
893 frag.appendChild(b_elem)
894 return frag
895@@ -1120,7 +1117,7 @@ class Table(object):
896 copied to the output."""
897 self.widths = []
898 self.rows = []
899- self.prefix = u""
900+ self.prefix = ""
901 self.padding = []
902 j = 0
903 while j < len(template) and template[j] != "*":
904@@ -1145,7 +1142,7 @@ class Table(object):
905
906 for i in range(len(row)):
907 if row[i] is None:
908- s = u""
909+ s = ""
910 else:
911 s = str(row[i])
912 if i == len(self.widths):
913@@ -1167,7 +1164,7 @@ class Table(object):
914 for row in self.rows:
915 parts = [self.prefix]
916 i = 0
917- if isinstance(row, basestring):
918+ if isinstance(row, str):
919 # A raw string.
920 lines.append(row)
921 else:
922@@ -1176,13 +1173,13 @@ class Table(object):
923 if i < len(self.padding):
924 parts.append(self.padding[i])
925 i += 1
926- lines.append(u"".join(parts).rstrip())
927- return u"\n".join(lines)
928+ lines.append("".join(parts).rstrip())
929+ return "\n".join(lines)
930
931
932 def warn(str):
933 """Print a warning to stderr."""
934- print >> sys.stderr, str
935+ print(str, file=sys.stderr)
936
937
938 class NmapContentHandler(xml.sax.handler.ContentHandler):
939@@ -1200,22 +1197,22 @@ class NmapContentHandler(xml.sax.handler.ContentHandler):
940 self.current_port = None
941
942 self._start_elem_handlers = {
943- u"nmaprun": self._start_nmaprun,
944- u"host": self._start_host,
945- u"status": self._start_status,
946- u"address": self._start_address,
947- u"hostname": self._start_hostname,
948- u"extraports": self._start_extraports,
949- u"port": self._start_port,
950- u"state": self._start_state,
951- u"service": self._start_service,
952- u"script": self._start_script,
953- u"osmatch": self._start_osmatch,
954- u"finished": self._start_finished,
955+ "nmaprun": self._start_nmaprun,
956+ "host": self._start_host,
957+ "status": self._start_status,
958+ "address": self._start_address,
959+ "hostname": self._start_hostname,
960+ "extraports": self._start_extraports,
961+ "port": self._start_port,
962+ "state": self._start_state,
963+ "service": self._start_service,
964+ "script": self._start_script,
965+ "osmatch": self._start_osmatch,
966+ "finished": self._start_finished,
967 }
968 self._end_elem_handlers = {
969- u'host': self._end_host,
970- u'port': self._end_port,
971+ 'host': self._end_host,
972+ 'port': self._end_port,
973 }
974
975 def parent_element(self):
976@@ -1245,68 +1242,68 @@ class NmapContentHandler(xml.sax.handler.ContentHandler):
977 def _start_nmaprun(self, name, attrs):
978 assert self.parent_element() is None
979 if "start" in attrs:
980- start_timestamp = int(attrs.get(u"start"))
981+ start_timestamp = int(attrs.get("start"))
982 self.scan.start_date = datetime.datetime.fromtimestamp(
983 start_timestamp)
984- self.scan.scanner = attrs.get(u"scanner")
985- self.scan.args = attrs.get(u"args")
986- self.scan.version = attrs.get(u"version")
987+ self.scan.scanner = attrs.get("scanner")
988+ self.scan.args = attrs.get("args")
989+ self.scan.version = attrs.get("version")
990
991 def _start_host(self, name, attrs):
992- assert self.parent_element() == u"nmaprun"
993+ assert self.parent_element() == "nmaprun"
994 self.current_host = Host()
995 self.scan.hosts.append(self.current_host)
996
997 def _start_status(self, name, attrs):
998- assert self.parent_element() == u"host"
999+ assert self.parent_element() == "host"
1000 assert self.current_host is not None
1001- state = attrs.get(u"state")
1002+ state = attrs.get("state")
1003 if state is None:
1004 warn(u'%s element of host %s is missing the "state" attribute; '
1005- 'assuming \unknown\.' % (
1006+ r'assuming \unknown\.' % (
1007 name, self.current_host.format_name()))
1008 return
1009 self.current_host.state = state
1010
1011 def _start_address(self, name, attrs):
1012- assert self.parent_element() == u"host"
1013+ assert self.parent_element() == "host"
1014 assert self.current_host is not None
1015- addr = attrs.get(u"addr")
1016+ addr = attrs.get("addr")
1017 if addr is None:
1018- warn(u'%s element of host %s is missing the "addr" '
1019+ warn('%s element of host %s is missing the "addr" '
1020 'attribute; skipping.' % (
1021 name, self.current_host.format_name()))
1022 return
1023- addrtype = attrs.get(u"addrtype", u"ipv4")
1024+ addrtype = attrs.get("addrtype", "ipv4")
1025 self.current_host.add_address(Address.new(addrtype, addr))
1026
1027 def _start_hostname(self, name, attrs):
1028- assert self.parent_element() == u"hostnames"
1029+ assert self.parent_element() == "hostnames"
1030 assert self.current_host is not None
1031- hostname = attrs.get(u"name")
1032+ hostname = attrs.get("name")
1033 if hostname is None:
1034- warn(u'%s element of host %s is missing the "name" '
1035+ warn('%s element of host %s is missing the "name" '
1036 'attribute; skipping.' % (
1037 name, self.current_host.format_name()))
1038 return
1039 self.current_host.add_hostname(hostname)
1040
1041 def _start_extraports(self, name, attrs):
1042- assert self.parent_element() == u"ports"
1043+ assert self.parent_element() == "ports"
1044 assert self.current_host is not None
1045- state = attrs.get(u"state")
1046+ state = attrs.get("state")
1047 if state is None:
1048- warn(u'%s element of host %s is missing the "state" '
1049+ warn('%s element of host %s is missing the "state" '
1050 'attribute; assuming "unknown".' % (
1051 name, self.current_host.format_name()))
1052 state = None
1053 if state in self.current_host.extraports:
1054- warn(u'Duplicate extraports state "%s" in host %s.' % (
1055+ warn('Duplicate extraports state "%s" in host %s.' % (
1056 state, self.current_host.format_name()))
1057
1058- count = attrs.get(u"count")
1059+ count = attrs.get("count")
1060 if count is None:
1061- warn(u'%s element of host %s is missing the "count" '
1062+ warn('%s element of host %s is missing the "count" '
1063 'attribute; assuming 0.' % (
1064 name, self.current_host.format_name()))
1065 count = 0
1066@@ -1314,99 +1311,99 @@ class NmapContentHandler(xml.sax.handler.ContentHandler):
1067 try:
1068 count = int(count)
1069 except ValueError:
1070- warn(u"Can't convert extraports count \"%s\" "
1071+ warn("Can't convert extraports count \"%s\" "
1072 "to an integer in host %s; assuming 0." % (
1073- attrs[u"count"], self.current_host.format_name()))
1074+ attrs["count"], self.current_host.format_name()))
1075 count = 0
1076 self.current_host.extraports[state] = count
1077
1078 def _start_port(self, name, attrs):
1079- assert self.parent_element() == u"ports"
1080+ assert self.parent_element() == "ports"
1081 assert self.current_host is not None
1082- portid_str = attrs.get(u"portid")
1083+ portid_str = attrs.get("portid")
1084 if portid_str is None:
1085- warn(u'%s element of host %s missing the "portid" '
1086+ warn('%s element of host %s missing the "portid" '
1087 'attribute; skipping.' % (
1088 name, self.current_host.format_name()))
1089 return
1090 try:
1091 portid = int(portid_str)
1092 except ValueError:
1093- warn(u"Can't convert portid \"%s\" to an integer "
1094+ warn("Can't convert portid \"%s\" to an integer "
1095 "in host %s; skipping port." % (
1096 portid_str, self.current_host.format_name()))
1097 return
1098- protocol = attrs.get(u"protocol")
1099+ protocol = attrs.get("protocol")
1100 if protocol is None:
1101- warn(u'%s element of host %s missing the "protocol" '
1102+ warn('%s element of host %s missing the "protocol" '
1103 'attribute; skipping.' % (
1104 name, self.current_host.format_name()))
1105 return
1106 self.current_port = Port((portid, protocol))
1107
1108 def _start_state(self, name, attrs):
1109- assert self.parent_element() == u"port"
1110+ assert self.parent_element() == "port"
1111 assert self.current_host is not None
1112 if self.current_port is None:
1113 return
1114 if "state" not in attrs:
1115- warn(u'%s element of port %s is missing the "state" '
1116+ warn('%s element of port %s is missing the "state" '
1117 'attribute; assuming "unknown".' % (
1118 name, self.current_port.spec_string()))
1119 return
1120- self.current_port.state = attrs[u"state"]
1121+ self.current_port.state = attrs["state"]
1122 self.current_host.add_port(self.current_port)
1123
1124 def _start_service(self, name, attrs):
1125- assert self.parent_element() == u"port"
1126+ assert self.parent_element() == "port"
1127 assert self.current_host is not None
1128 if self.current_port is None:
1129 return
1130- self.current_port.service.name = attrs.get(u"name")
1131- self.current_port.service.product = attrs.get(u"product")
1132- self.current_port.service.version = attrs.get(u"version")
1133- self.current_port.service.extrainfo = attrs.get(u"extrainfo")
1134- self.current_port.service.tunnel = attrs.get(u"tunnel")
1135+ self.current_port.service.name = attrs.get("name")
1136+ self.current_port.service.product = attrs.get("product")
1137+ self.current_port.service.version = attrs.get("version")
1138+ self.current_port.service.extrainfo = attrs.get("extrainfo")
1139+ self.current_port.service.tunnel = attrs.get("tunnel")
1140
1141 def _start_script(self, name, attrs):
1142 result = ScriptResult()
1143- result.id = attrs.get(u"id")
1144+ result.id = attrs.get("id")
1145 if result.id is None:
1146- warn(u'%s element missing the "id" attribute; skipping.' % name)
1147+ warn('%s element missing the "id" attribute; skipping.' % name)
1148 return
1149
1150- result.output = attrs.get(u"output")
1151+ result.output = attrs.get("output")
1152 if result.output is None:
1153- warn(u'%s element missing the "output" attribute; skipping.'
1154+ warn('%s element missing the "output" attribute; skipping.'
1155 % name)
1156 return
1157- if self.parent_element() == u"prescript":
1158+ if self.parent_element() == "prescript":
1159 self.scan.pre_script_results.append(result)
1160- elif self.parent_element() == u"postscript":
1161+ elif self.parent_element() == "postscript":
1162 self.scan.post_script_results.append(result)
1163- elif self.parent_element() == u"hostscript":
1164+ elif self.parent_element() == "hostscript":
1165 self.current_host.script_results.append(result)
1166- elif self.parent_element() == u"port":
1167+ elif self.parent_element() == "port":
1168 self.current_port.script_results.append(result)
1169 else:
1170- warn(u"%s element not inside prescript, postscript, hostscript, "
1171+ warn("%s element not inside prescript, postscript, hostscript, "
1172 "or port element; ignoring." % name)
1173 return
1174
1175 def _start_osmatch(self, name, attrs):
1176- assert self.parent_element() == u"os"
1177+ assert self.parent_element() == "os"
1178 assert self.current_host is not None
1179 if "name" not in attrs:
1180- warn(u'%s element of host %s is missing the "name" '
1181+ warn('%s element of host %s is missing the "name" '
1182 'attribute; skipping.' % (
1183 name, self.current_host.format_name()))
1184 return
1185- self.current_host.os.append(attrs[u"name"])
1186+ self.current_host.os.append(attrs["name"])
1187
1188 def _start_finished(self, name, attrs):
1189- assert self.parent_element() == u"runstats"
1190+ assert self.parent_element() == "runstats"
1191 if "time" in attrs:
1192- end_timestamp = int(attrs.get(u"time"))
1193+ end_timestamp = int(attrs.get("time"))
1194 self.scan.end_date = datetime.datetime.fromtimestamp(end_timestamp)
1195
1196 def _end_host(self, name):
1197@@ -1425,23 +1422,23 @@ class XMLWriter (xml.sax.saxutils.XMLGenerator):
1198
1199 def frag(self, frag):
1200 for node in frag.childNodes:
1201- node.writexml(self.f, newl=u"\n")
1202+ node.writexml(self.f, newl="\n")
1203
1204 def frag_a(self, frag):
1205- self.startElement(u"a", {})
1206+ self.startElement("a", {})
1207 for node in frag.childNodes:
1208- node.writexml(self.f, newl=u"\n")
1209- self.endElement(u"a")
1210+ node.writexml(self.f, newl="\n")
1211+ self.endElement("a")
1212
1213 def frag_b(self, frag):
1214- self.startElement(u"b", {})
1215+ self.startElement("b", {})
1216 for node in frag.childNodes:
1217- node.writexml(self.f, newl=u"\n")
1218- self.endElement(u"b")
1219+ node.writexml(self.f, newl="\n")
1220+ self.endElement("b")
1221
1222
1223 def usage():
1224- print u"""\
1225+ print("""\
1226 Usage: %s [option] FILE1 FILE2
1227 Compare two Nmap XML files and display a list of their differences.
1228 Differences include host state changes, port state changes, and changes to
1229@@ -1451,7 +1448,7 @@ service and OS detection.
1230 -v, --verbose also show hosts and ports that haven't changed.
1231 --text display output in text format (default)
1232 --xml display output in XML format\
1233-""" % sys.argv[0]
1234+""" % sys.argv[0])
1235
1236 EXIT_EQUAL = 0
1237 EXIT_DIFFERENT = 1
1238@@ -1459,8 +1456,8 @@ EXIT_ERROR = 2
1239
1240
1241 def usage_error(msg):
1242- print >> sys.stderr, u"%s: %s" % (sys.argv[0], msg)
1243- print >> sys.stderr, u"Try '%s -h' for help." % sys.argv[0]
1244+ print("%s: %s" % (sys.argv[0], msg), file=sys.stderr)
1245+ print("Try '%s -h' for help." % sys.argv[0], file=sys.stderr)
1246 sys.exit(EXIT_ERROR)
1247
1248
1249@@ -1471,7 +1468,7 @@ def main():
1250 try:
1251 opts, input_filenames = getopt.gnu_getopt(
1252 sys.argv[1:], "hv", ["help", "text", "verbose", "xml"])
1253- except getopt.GetoptError, e:
1254+ except getopt.GetoptError as e:
1255 usage_error(e.msg)
1256 for o, a in opts:
1257 if o == "-h" or o == "--help":
1258@@ -1481,15 +1478,15 @@ def main():
1259 verbose = True
1260 elif o == "--text":
1261 if output_format is not None and output_format != "text":
1262- usage_error(u"contradictory output format options.")
1263+ usage_error("contradictory output format options.")
1264 output_format = "text"
1265 elif o == "--xml":
1266 if output_format is not None and output_format != "xml":
1267- usage_error(u"contradictory output format options.")
1268+ usage_error("contradictory output format options.")
1269 output_format = "xml"
1270
1271 if len(input_filenames) != 2:
1272- usage_error(u"need exactly two input filenames.")
1273+ usage_error("need exactly two input filenames.")
1274
1275 if output_format is None:
1276 output_format = "text"
1277@@ -1502,8 +1499,8 @@ def main():
1278 scan_a.load_from_file(filename_a)
1279 scan_b = Scan()
1280 scan_b.load_from_file(filename_b)
1281- except IOError, e:
1282- print >> sys.stderr, u"Can't open file: %s" % str(e)
1283+ except IOError as e:
1284+ print("Can't open file: %s" % str(e), file=sys.stderr)
1285 sys.exit(EXIT_ERROR)
1286
1287 if output_format == "text":
1288diff --git a/ndiff/ndifftest.py b/ndiff/ndifftest.py
1289index 2fa4ae0..27fc525 100755
1290--- a/ndiff/ndifftest.py
1291+++ b/ndiff/ndifftest.py
1292@@ -1,4 +1,4 @@
1293-#!/usr/bin/env python
1294+#!/usr/bin/env python3
1295
1296 # Unit tests for Ndiff.
1297
1298@@ -22,7 +22,7 @@ for x in dir(ndiff):
1299 sys.dont_write_bytecode = dont_write_bytecode
1300 del dont_write_bytecode
1301
1302-import StringIO
1303+import io
1304
1305
1306 class scan_test(unittest.TestCase):
1307@@ -52,7 +52,7 @@ class scan_test(unittest.TestCase):
1308 scan.load_from_file("test-scans/single.xml")
1309 host = scan.hosts[0]
1310 self.assertEqual(len(host.ports), 5)
1311- self.assertEqual(host.extraports.items(), [("filtered", 95)])
1312+ self.assertEqual(list(host.extraports.items()), [("filtered", 95)])
1313
1314 def test_extraports_multi(self):
1315 """Test that the correct number of known ports is returned when there
1316@@ -68,9 +68,9 @@ class scan_test(unittest.TestCase):
1317 """Test that nmaprun information is recorded."""
1318 scan = Scan()
1319 scan.load_from_file("test-scans/empty.xml")
1320- self.assertEqual(scan.scanner, u"nmap")
1321- self.assertEqual(scan.version, u"4.90RC2")
1322- self.assertEqual(scan.args, u"nmap -oX empty.xml -p 1-100")
1323+ self.assertEqual(scan.scanner, "nmap")
1324+ self.assertEqual(scan.version, "4.90RC2")
1325+ self.assertEqual(scan.args, "nmap -oX empty.xml -p 1-100")
1326
1327 def test_addresses(self):
1328 """Test that addresses are recorded."""
1329@@ -84,7 +84,7 @@ class scan_test(unittest.TestCase):
1330 scan = Scan()
1331 scan.load_from_file("test-scans/simple.xml")
1332 host = scan.hosts[0]
1333- self.assertEqual(host.hostnames, [u"scanme.nmap.org"])
1334+ self.assertEqual(host.hostnames, ["scanme.nmap.org"])
1335
1336 def test_os(self):
1337 """Test that OS information is recorded."""
1338@@ -99,7 +99,7 @@ class scan_test(unittest.TestCase):
1339 scan.load_from_file("test-scans/complex.xml")
1340 host = scan.hosts[0]
1341 self.assertTrue(len(host.script_results) > 0)
1342- self.assertTrue(len(host.ports[(22, u"tcp")].script_results) > 0)
1343+ self.assertTrue(len(host.ports[(22, "tcp")].script_results) > 0)
1344
1345 # This test is commented out because Nmap XML doesn't store any information
1346 # about down hosts, not even the fact that they are down. Recovering the list
1347@@ -128,16 +128,16 @@ class host_test(unittest.TestCase):
1348
1349 def test_format_name(self):
1350 h = Host()
1351- self.assertTrue(isinstance(h.format_name(), basestring))
1352- h.add_address(IPv4Address(u"127.0.0.1"))
1353- self.assertTrue(u"127.0.0.1" in h.format_name())
1354+ self.assertTrue(isinstance(h.format_name(), str))
1355+ h.add_address(IPv4Address("127.0.0.1"))
1356+ self.assertTrue("127.0.0.1" in h.format_name())
1357 h.add_address(IPv6Address("::1"))
1358- self.assertTrue(u"127.0.0.1" in h.format_name())
1359- self.assertTrue(u"::1" in h.format_name())
1360- h.add_hostname(u"localhost")
1361- self.assertTrue(u"127.0.0.1" in h.format_name())
1362- self.assertTrue(u"::1" in h.format_name())
1363- self.assertTrue(u"localhost" in h.format_name())
1364+ self.assertTrue("127.0.0.1" in h.format_name())
1365+ self.assertTrue("::1" in h.format_name())
1366+ h.add_hostname("localhost")
1367+ self.assertTrue("127.0.0.1" in h.format_name())
1368+ self.assertTrue("::1" in h.format_name())
1369+ self.assertTrue("localhost" in h.format_name())
1370
1371 def test_empty_get_port(self):
1372 h = Host()
1373@@ -197,8 +197,8 @@ class host_test(unittest.TestCase):
1374 h = s.hosts[0]
1375 self.assertEqual(len(h.ports), 5)
1376 self.assertEqual(len(h.extraports), 1)
1377- self.assertEqual(h.extraports.keys()[0], u"filtered")
1378- self.assertEqual(h.extraports.values()[0], 95)
1379+ self.assertEqual(list(h.extraports.keys())[0], "filtered")
1380+ self.assertEqual(list(h.extraports.values())[0], 95)
1381 self.assertEqual(h.state, "up")
1382
1383
1384@@ -241,13 +241,13 @@ class port_test(unittest.TestCase):
1385 """Test the Port class."""
1386 def test_spec_string(self):
1387 p = Port((10, "tcp"))
1388- self.assertEqual(p.spec_string(), u"10/tcp")
1389+ self.assertEqual(p.spec_string(), "10/tcp")
1390 p = Port((100, "ip"))
1391- self.assertEqual(p.spec_string(), u"100/ip")
1392+ self.assertEqual(p.spec_string(), "100/ip")
1393
1394 def test_state_string(self):
1395 p = Port((10, "tcp"))
1396- self.assertEqual(p.state_string(), u"unknown")
1397+ self.assertEqual(p.state_string(), "unknown")
1398
1399
1400 class service_test(unittest.TestCase):
1401@@ -255,47 +255,47 @@ class service_test(unittest.TestCase):
1402 def test_compare(self):
1403 """Test that services with the same contents compare equal."""
1404 a = Service()
1405- a.name = u"ftp"
1406- a.product = u"FooBar FTP"
1407- a.version = u"1.1.1"
1408- a.tunnel = u"ssl"
1409+ a.name = "ftp"
1410+ a.product = "FooBar FTP"
1411+ a.version = "1.1.1"
1412+ a.tunnel = "ssl"
1413 self.assertEqual(a, a)
1414 b = Service()
1415- b.name = u"ftp"
1416- b.product = u"FooBar FTP"
1417- b.version = u"1.1.1"
1418- b.tunnel = u"ssl"
1419+ b.name = "ftp"
1420+ b.product = "FooBar FTP"
1421+ b.version = "1.1.1"
1422+ b.tunnel = "ssl"
1423 self.assertEqual(a, b)
1424- b.name = u"http"
1425+ b.name = "http"
1426 self.assertNotEqual(a, b)
1427 c = Service()
1428 self.assertNotEqual(a, c)
1429
1430 def test_tunnel(self):
1431 serv = Service()
1432- serv.name = u"http"
1433- serv.tunnel = u"ssl"
1434- self.assertEqual(serv.name_string(), u"ssl/http")
1435+ serv.name = "http"
1436+ serv.tunnel = "ssl"
1437+ self.assertEqual(serv.name_string(), "ssl/http")
1438
1439 def test_version_string(self):
1440 serv = Service()
1441- serv.product = u"FooBar"
1442+ serv.product = "FooBar"
1443 self.assertTrue(len(serv.version_string()) > 0)
1444 serv = Service()
1445- serv.version = u"1.2.3"
1446+ serv.version = "1.2.3"
1447 self.assertTrue(len(serv.version_string()) > 0)
1448 serv = Service()
1449- serv.extrainfo = u"misconfigured"
1450+ serv.extrainfo = "misconfigured"
1451 self.assertTrue(len(serv.version_string()) > 0)
1452 serv = Service()
1453- serv.product = u"FooBar"
1454- serv.version = u"1.2.3"
1455+ serv.product = "FooBar"
1456+ serv.version = "1.2.3"
1457 # Must match Nmap output.
1458 self.assertEqual(serv.version_string(),
1459- u"%s %s" % (serv.product, serv.version))
1460- serv.extrainfo = u"misconfigured"
1461+ "%s %s" % (serv.product, serv.version))
1462+ serv.extrainfo = "misconfigured"
1463 self.assertEqual(serv.version_string(),
1464- u"%s %s (%s)" % (serv.product, serv.version, serv.extrainfo))
1465+ "%s %s (%s)" % (serv.product, serv.version, serv.extrainfo))
1466
1467
1468 class ScanDiffSub(ScanDiff):
1469@@ -703,7 +703,7 @@ class scan_diff_xml_test(unittest.TestCase):
1470 a.load_from_file("test-scans/empty.xml")
1471 b = Scan()
1472 b.load_from_file("test-scans/simple.xml")
1473- f = StringIO.StringIO()
1474+ f = io.StringIO()
1475 self.scan_diff = ScanDiffXML(a, b, f)
1476 self.scan_diff.output()
1477 self.xml = f.getvalue()
1478@@ -712,8 +712,8 @@ class scan_diff_xml_test(unittest.TestCase):
1479 def test_well_formed(self):
1480 try:
1481 document = xml.dom.minidom.parseString(self.xml)
1482- except Exception, e:
1483- self.fail(u"Parsing XML diff output caused the exception: %s"
1484+ except Exception as e:
1485+ self.fail("Parsing XML diff output caused the exception: %s"
1486 % str(e))
1487
1488
1489@@ -739,8 +739,8 @@ def host_apply_diff(host, diff):
1490 host.os = diff.host_b.os[:]
1491
1492 if diff.extraports_changed:
1493- for state in host.extraports.keys():
1494- for port in host.ports.values():
1495+ for state in list(host.extraports.keys()):
1496+ for port in list(host.ports.values()):
1497 if port.state == state:
1498 del host.ports[port.spec]
1499 host.extraports = diff.host_b.extraports.copy()
1500diff --git a/ndiff/scripts/ndiff b/ndiff/scripts/ndiff
1501index 8517c07..4671e73 100755
1502--- a/ndiff/scripts/ndiff
1503+++ b/ndiff/scripts/ndiff
1504@@ -1,4 +1,4 @@
1505-#!/usr/bin/env python
1506+#!/usr/bin/env python3
1507
1508 # Ndiff
1509 #
1510@@ -67,15 +67,15 @@ if INSTALL_LIB is not None and is_secure_dir(INSTALL_LIB):
1511
1512 try:
1513 import ndiff
1514-except ImportError, e:
1515- print >> sys.stderr, """\
1516+except ImportError as e:
1517+ print("""\
1518 Could not import the ndiff module: %s.
1519-I checked in these directories:""" % repr(e.message)
1520+I checked in these directories:""" % repr(e), file=sys.stderr)
1521 for dir in sys.path:
1522- print >> sys.stderr, " %s" % dir
1523- print >> sys.stderr, """\
1524+ print(" %s" % dir, file=sys.stderr)
1525+ print("""\
1526 If you installed Ndiff in another directory, you may have to add the
1527-modules directory to the PYTHONPATH environment variable."""
1528+modules directory to the PYTHONPATH environment variable.""", file=sys.stderr)
1529 sys.exit(1)
1530
1531 import ndiff
1532diff --git a/ndiff/setup.py b/ndiff/setup.py
1533old mode 100644
1534new mode 100755
1535index b5e254c..c49bcf3
1536--- a/ndiff/setup.py
1537+++ b/ndiff/setup.py
1538@@ -94,7 +94,7 @@ class checked_install(distutils.command.install.install):
1539 self.saved_prefix = sys.prefix
1540 try:
1541 distutils.command.install.install.finalize_options(self)
1542- except distutils.errors.DistutilsPlatformError, e:
1543+ except distutils.errors.DistutilsPlatformError as e:
1544 raise distutils.errors.DistutilsPlatformError(str(e) + """
1545 Installing your distribution's python-dev package may solve this problem.""")
1546
1547@@ -155,13 +155,13 @@ Installing your distribution's python-dev package may solve this problem.""")
1548 #!/usr/bin/env python
1549 import errno, os, os.path, sys
1550
1551-print 'Uninstall %(name)s'
1552+print('Uninstall %(name)s')
1553
1554 answer = raw_input('Are you sure that you want to uninstall '
1555 '%(name)s (yes/no) ')
1556
1557 if answer != 'yes' and answer != 'y':
1558- print 'Not uninstalling.'
1559+ print('Not uninstalling.')
1560 sys.exit(0)
1561
1562 """ % {'name': APP_NAME}
1563@@ -177,8 +177,8 @@ if answer != 'yes' and answer != 'y':
1564 # This should never happen (everything gets installed
1565 # inside the root), but if it does, be safe and don't
1566 # delete anything.
1567- uninstaller += ("print '%s was not installed inside "
1568- "the root %s; skipping.'\n" % (output, self.root))
1569+ uninstaller += ("print('%s was not installed inside "
1570+ "the root %s; skipping.')\n" % (output, self.root))
1571 continue
1572 output = path_strip_prefix(output, self.root)
1573 assert os.path.isabs(output)
1574@@ -202,24 +202,24 @@ for path in INSTALLED_FILES:
1575 dirs.append(path)
1576 # Delete the files.
1577 for file in files:
1578- print "Removing '%s'." % file
1579+ print("Removing '%s'." % file)
1580 try:
1581 os.remove(file)
1582- except OSError, e:
1583- print >> sys.stderr, ' Error: %s.' % str(e)
1584+ except OSError as e:
1585+ print(' Error: %s.' % str(e), file=sys.stderr)
1586 # Delete the directories. First reverse-sort the normalized paths by
1587 # length so that child directories are deleted before their parents.
1588 dirs = [os.path.normpath(dir) for dir in dirs]
1589 dirs.sort(key = len, reverse = True)
1590 for dir in dirs:
1591 try:
1592- print "Removing the directory '%s'." % dir
1593+ print("Removing the directory '%s'." % dir)
1594 os.rmdir(dir)
1595- except OSError, e:
1596+ except OSError as e:
1597 if e.errno == errno.ENOTEMPTY:
1598- print "Directory '%s' not empty; not removing." % dir
1599+ print("Directory '%s' not empty; not removing." % dir)
1600 else:
1601- print >> sys.stderr, str(e)
1602+ print(str(e), file=sys.stderr)
1603 """
1604
1605 uninstaller_file = open(uninstaller_filename, 'w')
1606@@ -227,7 +227,7 @@ for dir in dirs:
1607 uninstaller_file.close()
1608
1609 # Set exec bit for uninstaller
1610- mode = ((os.stat(uninstaller_filename)[ST_MODE]) | 0555) & 07777
1611+ mode = ((os.stat(uninstaller_filename)[ST_MODE]) | 0o555) & 0o7777
1612 os.chmod(uninstaller_filename, mode)
1613
1614 def write_installed_files(self):
1615@@ -242,7 +242,7 @@ for dir in dirs:
1616 try:
1617 for output in self.get_installed_files():
1618 assert "\n" not in output
1619- print >> f, output
1620+ print(output, file=f)
1621 finally:
1622 f.close()
1623
1624@@ -266,7 +266,7 @@ class my_uninstall(distutils.cmd.Command):
1625 # Read the list of installed files.
1626 try:
1627 f = open(INSTALLED_FILES_NAME, "r")
1628- except IOError, e:
1629+ except IOError as e:
1630 if e.errno == errno.ENOENT:
1631 log.error("Couldn't open the installation record '%s'. "
1632 "Have you installed yet?" % INSTALLED_FILES_NAME)
1633@@ -289,7 +289,7 @@ class my_uninstall(distutils.cmd.Command):
1634 try:
1635 if not self.dry_run:
1636 os.remove(file)
1637- except OSError, e:
1638+ except OSError as e:
1639 log.error(str(e))
1640 # Delete the directories. First reverse-sort the normalized paths by
1641 # length so that child directories are deleted before their parents.
1642@@ -300,7 +300,7 @@ class my_uninstall(distutils.cmd.Command):
1643 log.info("Removing the directory '%s'." % dir)
1644 if not self.dry_run:
1645 os.rmdir(dir)
1646- except OSError, e:
1647+ except OSError as e:
1648 if e.errno == errno.ENOTEMPTY:
1649 log.info("Directory '%s' not empty; not removing." % dir)
1650 else:
1651diff --git a/ndiff/test-scans/anonymize.py b/ndiff/test-scans/anonymize.py
1652index 9ba612a..fd251fe 100755
1653--- a/ndiff/test-scans/anonymize.py
1654+++ b/ndiff/test-scans/anonymize.py
1655@@ -1,4 +1,4 @@
1656-#!/usr/bin/env python
1657+#!/usr/bin/env python3
1658
1659 # Anonymize an Nmap XML file, replacing host name and IP addresses with random
1660 # anonymous ones. Anonymized names will be consistent between runs of the
1661@@ -20,20 +20,20 @@ r = random.Random()
1662
1663
1664 def hash(s):
1665- digest = hashlib.sha512(s).hexdigest()
1666+ digest = hashlib.sha512(s.encode()).hexdigest()
1667 return int(digest, 16)
1668
1669
1670 def anonymize_mac_address(addr):
1671 r.seed(hash(addr))
1672 nums = (0, 0, 0) + tuple(r.randrange(256) for i in range(3))
1673- return u":".join(u"%02X" % x for x in nums)
1674+ return ":".join("%02X" % x for x in nums)
1675
1676
1677 def anonymize_ipv4_address(addr):
1678 r.seed(hash(addr))
1679 nums = (10,) + tuple(r.randrange(256) for i in range(3))
1680- return u".".join(unicode(x) for x in nums)
1681+ return ".".join(str(x) for x in nums)
1682
1683
1684 def anonymize_ipv6_address(addr):
1685@@ -41,7 +41,7 @@ def anonymize_ipv6_address(addr):
1686 # RFC 4193.
1687 nums = (0xFD00 + r.randrange(256),)
1688 nums = nums + tuple(r.randrange(65536) for i in range(7))
1689- return u":".join("%04X" % x for x in nums)
1690+ return ":".join("%04X" % x for x in nums)
1691
1692 # Maps to memoize address and host name conversions.
1693 hostname_map = {}
1694@@ -54,11 +54,11 @@ def anonymize_hostname(name):
1695 LETTERS = "acbdefghijklmnopqrstuvwxyz"
1696 r.seed(hash(name))
1697 length = r.randrange(5, 10)
1698- prefix = u"".join(r.sample(LETTERS, length))
1699+ prefix = "".join(r.sample(LETTERS, length))
1700 num = r.randrange(1000)
1701- hostname_map[name] = u"%s-%d.example.com" % (prefix, num)
1702+ hostname_map[name] = "%s-%d.example.com" % (prefix, num)
1703 if VERBOSE:
1704- print >> sys.stderr, "Replace %s with %s" % (name, hostname_map[name])
1705+ print("Replace %s with %s" % (name, hostname_map[name]), file=sys.stderr)
1706 return hostname_map[name]
1707
1708 mac_re = re.compile(r'\b([0-9a-fA-F]{2}:){5}[0-9a-fA-F]{2}\b')
1709@@ -78,7 +78,7 @@ def anonymize_address(addr):
1710 else:
1711 assert False
1712 if VERBOSE:
1713- print >> sys.stderr, "Replace %s with %s" % (addr, address_map[addr])
1714+ print("Replace %s with %s" % (addr, address_map[addr]), file=sys.stderr)
1715 return address_map[addr]
1716
1717
1718--
17192.24.1
1720
diff --git a/meta-oe/recipes-security/nmap/files/0001-configure.ac-make-ndiff-depend-on-python3.patch b/meta-oe/recipes-security/nmap/files/0001-configure.ac-make-ndiff-depend-on-python3.patch
deleted file mode 100644
index c43ff9f4d8..0000000000
--- a/meta-oe/recipes-security/nmap/files/0001-configure.ac-make-ndiff-depend-on-python3.patch
+++ /dev/null
@@ -1,48 +0,0 @@
1From 562893e665a6c9e1b60c8b3242bab6fe78318b3b Mon Sep 17 00:00:00 2001
2From: Mingli Yu <mingli.yu@windriver.com>
3Date: Fri, 14 Feb 2020 08:19:54 +0000
4Subject: [PATCH] configure.ac: make ndiff depend on python3
5
6Python 2 ceased being maintained on the 1st January 2020.
7We've already removed all users of it from oe-core, so
8let ndiff depend on python3.
9
10Upstream-Status: Pending
11
12Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
13---
14 .../nmap/7.80-r0/nmap-7.80/configure.ac | 11 ++++++++---
15 1 file changed, 8 insertions(+), 3 deletions(-)
16
17diff --git a/configure.ac b/configure.ac
18index 9d2fff8..5ffdd55 100644
19--- a/configure.ac
20+++ b/configure.ac
21@@ -237,16 +237,21 @@ if test $HAVE_PYTHON && test "x${PYTHON_VERSION%%.*}" = "x2"; then
22 HAVE_PYTHON2=true
23 fi
24
25+HAVE_PYTHON3=false
26+if test $HAVE_PYTHON && test "x${PYTHON_VERSION%%.*}" = "x3"; then
27+ HAVE_PYTHON3=true
28+fi
29+
30 NDIFFDIR=ndiff
31
32 # Do they want Ndiff?
33 AC_ARG_WITH(ndiff, AC_HELP_STRING([--without-ndiff], [Skip installation of the Ndiff utility]), [], [with_ndiff=check])
34-if $HAVE_PYTHON2 ; then : ;
35+if $HAVE_PYTHON3 ; then : ;
36 else
37 if test "$with_ndiff" = "check" ; then
38- AC_MSG_WARN([Not building Ndiff because Python 2.x with x>=4 was not found])
39+ AC_MSG_WARN([Not building Ndiff because Python3 was not found])
40 elif test "$with_ndiff" = "yes"; then
41- AC_MSG_FAILURE([--with-ndiff requires Python 2.x with x>=4])
42+ AC_MSG_FAILURE([--with-ndiff requires Python3])
43 fi
44 with_ndiff=no
45 fi
46--
472.24.1
48
diff --git a/meta-oe/recipes-security/nmap/files/0001-fix-racing-between-build-ncat-and-build-lua.patch b/meta-oe/recipes-security/nmap/files/0001-fix-racing-between-build-ncat-and-build-lua.patch
new file mode 100644
index 0000000000..aad8b1ee92
--- /dev/null
+++ b/meta-oe/recipes-security/nmap/files/0001-fix-racing-between-build-ncat-and-build-lua.patch
@@ -0,0 +1,55 @@
1From 0cde425abfcacdde725dccff29d01c9fce7c3888 Mon Sep 17 00:00:00 2001
2From: Hongxu Jia <hongxu.jia@windriver.com>
3Date: Sun, 9 Feb 2025 00:45:36 +0000
4Subject: [PATCH] fix racing between build-ncat and build-lua
5
6There are two build-lua rules, one in Makefile.in, another in
7ncat/Makefile.in which is required by build-ncat
8
9Build them may cause potential racing
10
11$ bitbake lib32-nmap
12$ grep -e "Compiling liblua" -e 'nmap-7.95/liblua' -e ": error" -n patch-to/temp/log.do_compile
13Compiling liblua
14make[1]: Entering directory 'path-to/build/tmp/work/corei7-32-wrsmllib32-linux/lib32-nmap/7.95/nmap-7.95/liblua'
15Compiling liblua
16make[2]: Entering directory 'path-to/build/tmp/work/corei7-32-wrsmllib32-linux/lib32-nmap/7.95/nmap-7.95/liblua'
17make[2]: Leaving directory 'path-to/tmp/work/corei7-32-wrsmllib32-linux/lib32-nmap/7.95/nmap-7.95/liblua'
18path-to/tmp/work/corei7-32-wrsmllib32-linux/lib32-nmap/7.95/recipe-sysroot-native/usr/bin/i686-wrsmllib32-linux/../../libexec/i686-wrsmllib32-linux/gcc/i686-wrsmllib32-linux/14.2.0/ld: ./../liblua/liblua.a: error adding symbols: no more archived files
19collect2: error: ld returned 1 exit status
20make[1]: Leaving directory 'path-to/tmp/work/corei7-32-wrsmllib32-linux/lib32-nmap/7.95/nmap-7.95/liblua'
21
22Explicitly make build-ncat depends on build-lua to avoid racing,
23after applying the patch
24...
25Compiling liblua
26make[1]: Entering directory 'path-to/tmp/work/corei7-32-wrsmllib32-linux/lib32-nmap/7.95/nmap-7.95/liblua'
27make[1]: Leaving directory 'path-to/tmp/work/corei7-32-wrsmllib32-linux/lib32-nmap/7.95/nmap-7.95/liblua'
28Compiling liblua
29make[2]: Entering directory 'path-to/tmp/work/corei7-32-wrsmllib32-linux/lib32-nmap/7.95/nmap-7.95/liblua'
30make[2]: Leaving directory 'path-to/tmp/work/corei7-32-wrsmllib32-linux/lib32-nmap/7.95/nmap-7.95/liblua'
31...
32
33Upstream-Status: Submitted [https://github.com/nmap/nmap/pull/3025]
34
35Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
36---
37 Makefile.in | 2 +-
38 1 file changed, 1 insertion(+), 1 deletion(-)
39
40diff --git a/Makefile.in b/Makefile.in
41index e2f79c9..0e634a3 100644
42--- a/Makefile.in
43+++ b/Makefile.in
44@@ -159,7 +159,7 @@ build-netutil: libnetutil/Makefile
45 @echo Compiling libnetutil;
46 cd libnetutil && $(MAKE)
47
48-build-ncat: $(NCATDIR)/Makefile build-nbase build-nsock $(NCATDIR)/ncat.h @PCAP_BUILD@
49+build-ncat: $(NCATDIR)/Makefile build-nbase build-nsock build-lua $(NCATDIR)/ncat.h @PCAP_BUILD@
50 cd $(NCATDIR) && $(MAKE)
51
52 build-lua: $(LIBLUADIR)/Makefile
53--
542.47.1
55
diff --git a/meta-oe/recipes-security/nmap/files/0003-Fix-off-by-one-overflow-in-the-IP-protocol-table.patch b/meta-oe/recipes-security/nmap/files/0003-Fix-off-by-one-overflow-in-the-IP-protocol-table.patch
new file mode 100644
index 0000000000..bcb04250bb
--- /dev/null
+++ b/meta-oe/recipes-security/nmap/files/0003-Fix-off-by-one-overflow-in-the-IP-protocol-table.patch
@@ -0,0 +1,165 @@
1From 364d089250d1acf459e9e8580161e7bb06268106 Mon Sep 17 00:00:00 2001
2From: Wang Mingyu <wangmy@fujitsu.com>
3Date: Tue, 15 Oct 2024 02:47:38 +0000
4Subject: [PATCH] Fix off-by-one overflow in the IP protocol table.
5
6Fixes #2896, closes #2897, closes #2900
7
8Upstream-Status: Backport [https://github.com/nmap/nmap/commit/efa0dc36f2ecade6ba8d2ed25dd4d5fbffdea308]
9
10Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
11---
12 CHANGELOG | 3 +++
13 portlist.cc | 8 ++++----
14 protocols.cc | 6 +++---
15 protocols.h | 2 ++
16 scan_lists.cc | 10 +++++-----
17 5 files changed, 17 insertions(+), 12 deletions(-)
18
19diff --git a/CHANGELOG b/CHANGELOG
20index f01262c..5b204bd 100644
21--- a/CHANGELOG
22+++ b/CHANGELOG
23@@ -1,5 +1,8 @@
24 #Nmap Changelog ($Id: CHANGELOG 38849 2024-04-18 17:16:42Z dmiller $); -*-text-*-
25
26+o [GH#2900, GH#2896, GH#2897] Nmap is now able to scan IP protocol 255.
27+ [nnposter]
28+
29 Nmap 7.95 [2024-04-19]
30
31 o [Windows] Upgraded Npcap (our Windows raw packet capturing and
32diff --git a/portlist.cc b/portlist.cc
33index 8258853..cd08437 100644
34--- a/portlist.cc
35+++ b/portlist.cc
36@@ -480,7 +480,7 @@ void PortList::setPortState(u16 portno, u8 protocol, int state, int *oldstate) {
37 state != PORT_CLOSEDFILTERED)
38 fatal("%s: attempt to add port number %d with illegal state %d\n", __func__, portno, state);
39
40- assert(protocol!=IPPROTO_IP || portno<256);
41+ assert(protocol!=IPPROTO_IP || portno<=MAX_IPPROTONUM);
42
43 bool created = false;
44 current = createPort(portno, protocol, &created);
45@@ -566,7 +566,7 @@ Port *PortList::nextPort(const Port *cur, Port *next,
46 if (cur) {
47 proto = INPROTO2PORTLISTPROTO(cur->proto);
48 assert(port_map[proto]!=NULL); // Hmm, it's not possible to handle port that doesn't have anything in map
49- assert(cur->proto!=IPPROTO_IP || cur->portno<256);
50+ assert(cur->proto!=IPPROTO_IP || cur->portno<=MAX_IPPROTONUM);
51 mapped_pno = port_map[proto][cur->portno];
52 mapped_pno++; // we're interested in next port after current
53 } else { // running for the first time
54@@ -615,7 +615,7 @@ void PortList::mapPort(u16 *portno, u8 *protocol) const {
55 mapped_protocol = INPROTO2PORTLISTPROTO(*protocol);
56
57 if (*protocol == IPPROTO_IP)
58- assert(*portno < 256);
59+ assert(*portno <= MAX_IPPROTONUM);
60 if(port_map[mapped_protocol]==NULL || port_list[mapped_protocol]==NULL) {
61 fatal("%s(%i,%i): you're trying to access uninitialized protocol", __func__, *portno, *protocol);
62 }
63@@ -713,7 +713,7 @@ int PortList::port_list_count[PORTLIST_PROTO_MAX];
64 * should be sorted. */
65 void PortList::initializePortMap(int protocol, u16 *ports, int portcount) {
66 int i;
67- int ports_max = (protocol == IPPROTO_IP) ? 256 : 65536;
68+ int ports_max = (protocol == IPPROTO_IP) ? MAX_IPPROTONUM + 1 : 65536;
69 int proto = INPROTO2PORTLISTPROTO(protocol);
70
71 if (port_map[proto] != NULL || port_map_rev[proto] != NULL)
72diff --git a/protocols.cc b/protocols.cc
73index 76e42c7..85e55e4 100644
74--- a/protocols.cc
75+++ b/protocols.cc
76@@ -79,7 +79,7 @@ struct strcmp_comparator {
77
78 // IP Protocol number is 8 bits wide
79 // protocol_table[IPPROTO_TCP] == {"tcp", 6}
80-static struct nprotoent *protocol_table[UCHAR_MAX];
81+static struct nprotoent *protocol_table[MAX_IPPROTONUM + 1];
82 // proto_map["tcp"] = {"tcp", 6}
83 typedef std::map<const char *, struct nprotoent, strcmp_comparator> ProtoMap;
84 static ProtoMap proto_map;
85@@ -119,7 +119,7 @@ static int nmap_protocols_init() {
86 if (*p == '#' || *p == '\0')
87 continue;
88 res = sscanf(line, "%127s %hu", protocolname, &protno);
89- if (res !=2 || protno > UCHAR_MAX) {
90+ if (res !=2 || protno > MAX_IPPROTONUM) {
91 error("Parse error in protocols file %s line %d", filename, lineno);
92 continue;
93 }
94@@ -191,7 +191,7 @@ const struct nprotoent *nmap_getprotbynum(int num) {
95 if (nmap_protocols_init() == -1)
96 return NULL;
97
98- assert(num >= 0 && num < UCHAR_MAX);
99+ assert(num >= 0 && num <= MAX_IPPROTONUM);
100 return protocol_table[num];
101 }
102
103diff --git a/protocols.h b/protocols.h
104index 8934284..2de0aa4 100644
105--- a/protocols.h
106+++ b/protocols.h
107@@ -79,6 +79,8 @@ int addprotocolsfromservmask(char *mask, u8 *porttbl);
108 const struct nprotoent *nmap_getprotbynum(int num);
109 const struct nprotoent *nmap_getprotbyname(const char *name);
110
111+#define MAX_IPPROTONUM 255
112+
113 #define MAX_IPPROTOSTRLEN 4
114 #define IPPROTO2STR(p) \
115 ((p)==IPPROTO_TCP ? "tcp" : \
116diff --git a/scan_lists.cc b/scan_lists.cc
117index f02e279..ebe1357 100644
118--- a/scan_lists.cc
119+++ b/scan_lists.cc
120@@ -165,7 +165,7 @@ void getpts(const char *origexpr, struct scan_lists *ports) {
121 ports->udp_count++;
122 if (porttbl[i] & SCAN_SCTP_PORT)
123 ports->sctp_count++;
124- if (porttbl[i] & SCAN_PROTOCOLS && i < 256)
125+ if (porttbl[i] & SCAN_PROTOCOLS && i <= MAX_IPPROTONUM)
126 ports->prot_count++;
127 }
128
129@@ -192,7 +192,7 @@ void getpts(const char *origexpr, struct scan_lists *ports) {
130 ports->udp_ports[udpi++] = i;
131 if (porttbl[i] & SCAN_SCTP_PORT)
132 ports->sctp_ports[sctpi++] = i;
133- if (porttbl[i] & SCAN_PROTOCOLS && i < 256)
134+ if (porttbl[i] & SCAN_PROTOCOLS && i <= MAX_IPPROTONUM)
135 ports->prots[proti++] = i;
136 }
137
138@@ -388,7 +388,7 @@ static void getpts_aux(const char *origexpr, int nested, u8 *porttbl, int range_
139 } else if (isdigit((int) (unsigned char) *current_range)) {
140 rangestart = strtol(current_range, &endptr, 10);
141 if (range_type & SCAN_PROTOCOLS) {
142- if (rangestart < 0 || rangestart > 255)
143+ if (rangestart < 0 || rangestart > MAX_IPPROTONUM)
144 fatal("Protocols specified must be between 0 and 255 inclusive");
145 } else {
146 if (rangestart < 0 || rangestart > 65535)
147@@ -429,13 +429,13 @@ static void getpts_aux(const char *origexpr, int nested, u8 *porttbl, int range_
148 if (!*current_range || *current_range == ',' || *current_range == ']') {
149 /* Ended with a -, meaning up until the last possible port */
150 if (range_type & SCAN_PROTOCOLS)
151- rangeend = 255;
152+ rangeend = MAX_IPPROTONUM;
153 else
154 rangeend = 65535;
155 } else if (isdigit((int) (unsigned char) *current_range)) {
156 rangeend = strtol(current_range, &endptr, 10);
157 if (range_type & SCAN_PROTOCOLS) {
158- if (rangeend < 0 || rangeend > 255)
159+ if (rangeend < 0 || rangeend > MAX_IPPROTONUM)
160 fatal("Protocols specified must be between 0 and 255 inclusive");
161 } else {
162 if (rangeend < 0 || rangeend > 65535)
163--
1642.34.1
165
diff --git a/meta-oe/recipes-security/nmap/files/nmap-redefine-the-python-library-dir.patch b/meta-oe/recipes-security/nmap/files/nmap-redefine-the-python-library-dir.patch
index 356b5071bf..5669ccdf6a 100644
--- a/meta-oe/recipes-security/nmap/files/nmap-redefine-the-python-library-dir.patch
+++ b/meta-oe/recipes-security/nmap/files/nmap-redefine-the-python-library-dir.patch
@@ -10,20 +10,9 @@ Signed-off-by: Roy Li <rongqing.li@windriver.com>
10 Makefile.in | 4 ++-- 10 Makefile.in | 4 ++--
11 1 file changed, 2 insertions(+), 2 deletions(-) 11 1 file changed, 2 insertions(+), 2 deletions(-)
12 12
13diff --git a/Makefile.in b/Makefile.in
14index 1bb062c..cced2fb 100644
15--- a/Makefile.in 13--- a/Makefile.in
16+++ b/Makefile.in 14+++ b/Makefile.in
17@@ -311,7 +311,7 @@ build-zenmap: $(ZENMAPDIR)/setup.py $(ZENMAPDIR)/zenmapCore/Version.py 15@@ -383,7 +383,7 @@ build-nping: $(NPINGDIR)/Makefile build-
18
19 install-zenmap: $(ZENMAPDIR)/setup.py
20 $(INSTALL) -d $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1
21- cd $(ZENMAPDIR) && $(PYTHON) setup.py --quiet install --prefix "$(prefix)" --force $(if $(DESTDIR),--root "$(DESTDIR)")
22+ cd $(ZENMAPDIR) && $(PYTHON) setup.py --quiet install --prefix "$(prefix)" --install-lib="${PYTHON_SITEPACKAGES_DIR}" --force $(if $(DESTDIR),--root "$(DESTDIR)")
23 $(INSTALL) -c -m 644 docs/zenmap.1 $(DESTDIR)$(mandir)/man1/
24 # Create a symlink from nmapfe to zenmap if nmapfe doesn't exist or is
25 # already a link.
26@@ -328,7 +328,7 @@ build-nping: $(NPINGDIR)/Makefile nbase_build nsock_build netutil_build $(NPINGD
27 @cd $(NPINGDIR) && $(MAKE) 16 @cd $(NPINGDIR) && $(MAKE)
28 17
29 install-ndiff: 18 install-ndiff:
@@ -32,6 +21,3 @@ index 1bb062c..cced2fb 100644
32 21
33 NSE_FILES = scripts/script.db scripts/*.nse 22 NSE_FILES = scripts/script.db scripts/*.nse
34 NSE_LIB_LUA_FILES = nselib/*.lua nselib/*.luadoc 23 NSE_LIB_LUA_FILES = nselib/*.lua nselib/*.luadoc
35--
361.9.1
37
diff --git a/meta-oe/recipes-security/nmap/files/nmap-replace-shtool-mkdir-with-coreutils-mkdir-command.patch b/meta-oe/recipes-security/nmap/files/nmap-replace-shtool-mkdir-with-coreutils-mkdir-command.patch
index cfe043af4b..a07061d4df 100644
--- a/meta-oe/recipes-security/nmap/files/nmap-replace-shtool-mkdir-with-coreutils-mkdir-command.patch
+++ b/meta-oe/recipes-security/nmap/files/nmap-replace-shtool-mkdir-with-coreutils-mkdir-command.patch
@@ -12,11 +12,9 @@ Signed-off-by: Roy Li <rongqing.li@windriver.com>
12 nmap-update/Makefile.in | 2 +- 12 nmap-update/Makefile.in | 2 +-
13 2 files changed, 3 insertions(+), 3 deletions(-) 13 2 files changed, 3 insertions(+), 3 deletions(-)
14 14
15diff --git a/ncat/Makefile.in b/ncat/Makefile.in
16index cfd306d..2166e08 100644
17--- a/ncat/Makefile.in 15--- a/ncat/Makefile.in
18+++ b/ncat/Makefile.in 16+++ b/ncat/Makefile.in
19@@ -163,11 +163,11 @@ $(NSOCKDIR)/libnsock.a: $(NSOCKDIR)/Makefile 17@@ -162,11 +162,11 @@ $(NSOCKDIR)/libnsock.a: $(NSOCKDIR)/Make
20 18
21 install: $(TARGET) 19 install: $(TARGET)
22 @echo Installing Ncat; 20 @echo Installing Ncat;
@@ -30,19 +28,3 @@ index cfd306d..2166e08 100644
30 $(INSTALL) -c -m 644 $(DATAFILES) $(DESTDIR)$(pkgdatadir)/; \ 28 $(INSTALL) -c -m 644 $(DATAFILES) $(DESTDIR)$(pkgdatadir)/; \
31 fi 29 fi
32 $(INSTALL) -c -m 644 docs/$(TARGET).1 $(DESTDIR)$(mandir)/man1/$(TARGET).1 30 $(INSTALL) -c -m 644 docs/$(TARGET).1 $(DESTDIR)$(mandir)/man1/$(TARGET).1
33diff --git a/nmap-update/Makefile.in b/nmap-update/Makefile.in
34index 89ff928..93f48d8 100644
35--- a/nmap-update/Makefile.in
36+++ b/nmap-update/Makefile.in
37@@ -37,7 +37,7 @@ $(NBASELIB):
38 cd $(NBASEDIR) && $(MAKE)
39
40 install: nmap-update
41- $(SHTOOL) mkdir -f -p -m 755 $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1
42+ mkdir -p -m 755 $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1
43 $(INSTALL) -c -m 755 nmap-update $(DESTDIR)$(bindir)
44 $(STRIP) -x $(DESTDIR)$(bindir)/nmap-update
45 $(INSTALL) -c -m 644 ../docs/nmap-update.1 $(DESTDIR)$(mandir)/man1/
46--
471.9.1
48
diff --git a/meta-oe/recipes-security/nmap/nmap-7.92/0001-redefine-the-python-library-install-dir.patch b/meta-oe/recipes-security/nmap/nmap-7.92/0001-redefine-the-python-library-install-dir.patch
new file mode 100644
index 0000000000..6298f7ea26
--- /dev/null
+++ b/meta-oe/recipes-security/nmap/nmap-7.92/0001-redefine-the-python-library-install-dir.patch
@@ -0,0 +1,31 @@
1From 67b4614ea529460dca9326bfe5d355bad6f9bdee Mon Sep 17 00:00:00 2001
2From: Roy Li <rongqing.li@windriver.com>
3Date: Sun, 27 Apr 2025 16:33:08 +0800
4Subject: [PATCH] redefine the python library install dir
5
6If install-lib is not defined, it is always /usr/lib/, but it
7maybe /usr/lib64 for multilib
8
9Upstream-Status: Pending
10
11Signed-off-by: Roy Li <rongqing.li@windriver.com>
12---
13 Makefile.in | 2 +-
14 1 file changed, 1 insertion(+), 1 deletion(-)
15
16diff --git a/Makefile.in b/Makefile.in
17index ccfceda..6b25d27 100644
18--- a/Makefile.in
19+++ b/Makefile.in
20@@ -387,7 +387,7 @@ build-nping: $(NPINGDIR)/Makefile build-nbase build-nsock build-netutil $(NPINGD
21 @cd $(NPINGDIR) && $(MAKE)
22
23 install-ndiff:
24- cd $(NDIFFDIR) && $(PYTHON) setup.py install --prefix "$(prefix)" $(if $(DESTDIR),--root "$(DESTDIR)")
25+ cd $(NDIFFDIR) && $(PYTHON) setup.py install --prefix "$(prefix)" --install-lib="${PYTHON_SITEPACKAGES_DIR}" $(if $(DESTDIR),--root "$(DESTDIR)")
26
27 NSE_FILES = scripts/script.db scripts/*.nse
28 NSE_LIB_LUA_FILES = nselib/*.lua nselib/*.luadoc
29--
302.34.1
31
diff --git a/meta-oe/recipes-security/nmap/nmap-7.92/0002-replace-.-shtool-mkdir-with-coreutils-mkdir-command.patch b/meta-oe/recipes-security/nmap/nmap-7.92/0002-replace-.-shtool-mkdir-with-coreutils-mkdir-command.patch
new file mode 100644
index 0000000000..f81e230b28
--- /dev/null
+++ b/meta-oe/recipes-security/nmap/nmap-7.92/0002-replace-.-shtool-mkdir-with-coreutils-mkdir-command.patch
@@ -0,0 +1,38 @@
1From 783333de42b06020f5c0852c415cd34972a773fb Mon Sep 17 00:00:00 2001
2From: Roy Li <rongqing.li@windriver.com>
3Date: Sun, 27 Apr 2025 16:35:11 +0800
4Subject: [PATCH] replace "./shtool mkdir" with coreutils mkdir command
5
6"./shtool mkdir" is used when mkdir has not -p parameter, but mkdir in
7today most release has supportted the -p parameter, not need to use
8shtool, and it can not fix the race if two process are running mkdir to
9create same dir
10
11Upstream-Status: Pending
12
13Signed-off-by: Roy Li <rongqing.li@windriver.com>
14---
15 ncat/Makefile.in | 4 ++--
16 1 file changed, 2 insertions(+), 2 deletions(-)
17
18diff --git a/ncat/Makefile.in b/ncat/Makefile.in
19index 4632a78..11a5e7c 100644
20--- a/ncat/Makefile.in
21+++ b/ncat/Makefile.in
22@@ -166,11 +166,11 @@ $(NSOCKDIR)/libnsock.a: $(NSOCKDIR)/Makefile
23
24 install: $(TARGET)
25 @echo Installing Ncat;
26- $(SHTOOL) mkdir -f -p -m 755 $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1
27+ mkdir -p -m 755 $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1
28 $(INSTALL) -c -m 755 ncat $(DESTDIR)$(bindir)/ncat
29 $(STRIP) -x $(DESTDIR)$(bindir)/ncat
30 if [ -n "$(DATAFILES)" ]; then \
31- $(SHTOOL) mkdir -f -p -m 755 $(DESTDIR)$(pkgdatadir); \
32+ mkdir -p -m 755 $(DESTDIR)$(pkgdatadir); \
33 $(INSTALL) -c -m 644 $(DATAFILES) $(DESTDIR)$(pkgdatadir)/; \
34 fi
35 $(INSTALL) -c -m 644 docs/$(TARGET).1 $(DESTDIR)$(mandir)/man1/$(TARGET).1
36--
372.34.1
38
diff --git a/meta-oe/recipes-security/nmap/nmap-7.92/0003-Include-time.h-header-to-pass-clang-compilation.patch b/meta-oe/recipes-security/nmap/nmap-7.92/0003-Include-time.h-header-to-pass-clang-compilation.patch
new file mode 100644
index 0000000000..b940124f98
--- /dev/null
+++ b/meta-oe/recipes-security/nmap/nmap-7.92/0003-Include-time.h-header-to-pass-clang-compilation.patch
@@ -0,0 +1,76 @@
1From e9d876bedc8a7bc96856ecf38bbeeafee2d5b206 Mon Sep 17 00:00:00 2001
2From: Peiran Hong <peiran.hong@windriver.com>
3Date: Fri, 20 Sep 2019 15:02:45 -0400
4Subject: [PATCH] Include time.h header to pass clang compilation
5
6Upstream-Status: Pending
7
8Signed-off-by: Peiran Hong <peiran.hong@windriver.com>
9---
10 nmap_error.cc | 11 +----------
11 nping/EchoServer.cc | 1 +
12 osscan2.cc | 1 +
13 service_scan.cc | 1 +
14 4 files changed, 4 insertions(+), 10 deletions(-)
15
16diff --git a/nmap_error.cc b/nmap_error.cc
17index 5ec938f..83ba6cc 100644
18--- a/nmap_error.cc
19+++ b/nmap_error.cc
20@@ -67,16 +67,7 @@
21 #include "xml.h"
22
23 #include <errno.h>
24-#if TIME_WITH_SYS_TIME
25-# include <sys/time.h>
26-# include <time.h>
27-#else
28-# if HAVE_SYS_TIME_H
29-# include <sys/time.h>
30-# else
31-# include <time.h>
32-# endif
33-#endif
34+#include <time.h>
35
36 extern NmapOps o;
37
38diff --git a/nping/EchoServer.cc b/nping/EchoServer.cc
39index dea2851..c80efb4 100644
40--- a/nping/EchoServer.cc
41+++ b/nping/EchoServer.cc
42@@ -69,6 +69,7 @@
43 #include "NpingOps.h"
44 #include "ProbeMode.h"
45 #include <signal.h>
46+#include <time.h>
47
48 extern NpingOps o;
49 extern EchoServer es;
50diff --git a/osscan2.cc b/osscan2.cc
51index efe6da0..392c65f 100644
52--- a/osscan2.cc
53+++ b/osscan2.cc
54@@ -80,6 +80,7 @@
55
56 #include <list>
57 #include <math.h>
58+#include <time.h>
59
60 extern NmapOps o;
61 #ifdef WIN32
62diff --git a/service_scan.cc b/service_scan.cc
63index 66e0d92..161f2a1 100644
64--- a/service_scan.cc
65+++ b/service_scan.cc
66@@ -77,6 +77,7 @@
67 #include "nmap_tty.h"
68
69 #include <errno.h>
70+#include <time.h>
71
72 #if HAVE_OPENSSL
73 /* OpenSSL 1.0.0 needs _WINSOCKAPI_ to be defined, otherwise it loads
74--
752.34.1
76
diff --git a/meta-oe/recipes-security/nmap/nmap-7.92/0004-Fix-building-with-libc.patch b/meta-oe/recipes-security/nmap/nmap-7.92/0004-Fix-building-with-libc.patch
new file mode 100644
index 0000000000..295abe6d50
--- /dev/null
+++ b/meta-oe/recipes-security/nmap/nmap-7.92/0004-Fix-building-with-libc.patch
@@ -0,0 +1,79 @@
1From 4c54b00e6f3749924532c2636eae01daff9e4bcd Mon Sep 17 00:00:00 2001
2From: Khem Raj <raj.khem@gmail.com>
3Date: Sun, 20 Jan 2019 23:11:56 -0800
4Subject: [PATCH] Fix building with libc++
5
6Upstream-Status: Pending
7
8Signed-off-by: Khem Raj <raj.khem@gmail.com>
9---
10 nping/EchoServer.cc | 16 ++++++++--------
11 1 file changed, 8 insertions(+), 8 deletions(-)
12
13diff --git a/nping/EchoServer.cc b/nping/EchoServer.cc
14index c80efb4..914bd54 100644
15--- a/nping/EchoServer.cc
16+++ b/nping/EchoServer.cc
17@@ -214,14 +214,14 @@ int EchoServer::nep_listen_socket(){
18 server_addr6.sin6_len = sizeof(struct sockaddr_in6);
19 #endif
20 /* Bind to local address and the specified port */
21- if( bind(master_sd, (struct sockaddr *)&server_addr6, sizeof(server_addr6)) != 0 ){
22+ if( ::bind(master_sd, (struct sockaddr *)&server_addr6, sizeof(server_addr6)) != 0 ){
23 nping_warning(QT_3, "Failed to bind to source address %s. Trying to bind to port %d...", IPtoa(server_addr6.sin6_addr), port);
24 /* If the bind failed for the supplied address, just try again with in6addr_any */
25 if( o.spoofSource() ){
26 server_addr6.sin6_addr = in6addr_any;
27- if( bind(master_sd, (struct sockaddr *)&server_addr6, sizeof(server_addr6)) != 0 ){
28+ if( ::bind(master_sd, (struct sockaddr *)&server_addr6, sizeof(server_addr6)) != 0 ){
29 nping_fatal(QT_3, "Could not bind to port %d (%s).", port, strerror(errno));
30- }else{
31+ }else{
32 nping_print(VB_1, "Server bound to port %d", port);
33 }
34 }
35@@ -252,12 +252,12 @@ int EchoServer::nep_listen_socket(){
36 #endif
37
38 /* Bind to local address and the specified port */
39- if( bind(master_sd, (struct sockaddr *)&server_addr4, sizeof(server_addr4)) != 0 ){
40+ if( ::bind(master_sd, (struct sockaddr *)&server_addr4, sizeof(server_addr4)) != 0 ){
41 nping_warning(QT_3, "Failed to bind to source address %s. Trying to bind to port %d...", IPtoa(server_addr4.sin_addr), port);
42 /* If the bind failed for the supplied address, just try again with in6addr_any */
43 if( o.spoofSource() ){
44 server_addr4.sin_addr.s_addr=INADDR_ANY;
45- if( bind(master_sd, (struct sockaddr *)&server_addr4, sizeof(server_addr4)) != 0 ){
46+ if( ::bind(master_sd, (struct sockaddr *)&server_addr4, sizeof(server_addr4)) != 0 ){
47 nping_fatal(QT_3, "Could not bind to port %d (%s).", port, strerror(errno));
48 }else{
49 nping_print(VB_1, "Server bound to port %d", port);
50@@ -493,7 +493,7 @@ clientid_t EchoServer::nep_match_headers(IPv4Header *ip4, IPv6Header *ip6, TCPHe
51 nping_print(DBG_3, ";");
52 /* The payload magic may affect the score only between
53 * zero and 4 bytes. This is done to prevent long
54- * common strings like "GET / HTTP/1.1\r\n"
55+ * common strings like "GET / HTTP/1.1\r\n"
56 * increasing the score a lot and cause problems for
57 * the matching logic. */
58 current_score+= MIN(4, fspec->len)*FACTOR_PAYLOAD_MAGIC;
59@@ -503,7 +503,7 @@ clientid_t EchoServer::nep_match_headers(IPv4Header *ip4, IPv6Header *ip6, TCPHe
60 default:
61 nping_warning(QT_2, "Bogus field specifier found in client #%d context. Please report a bug", ctx->getIdentifier());
62 break;
63- }
64+ }
65 } /* End of field specifiers loop */
66
67 nping_print(DBG_3, "%s() current_score=%.02f candidate_score=%.02f", __func__, current_score, candidate_score);
68@@ -582,7 +582,7 @@ clientid_t EchoServer::nep_match_packet(const u8 *pkt, size_t pktlen){
69 }else{
70 if( (tcplen=tcp.validate())==OP_FAILURE){
71 return CLIENT_NOT_FOUND;
72- }else{
73+ }else{
74 if( (int)pktlen > (iplen+tcplen) ){
75 if( payload.storeRecvData(pkt+iplen+tcplen, pktlen-iplen-tcplen)!=OP_FAILURE)
76 payload_included=true;
77--
782.34.1
79
diff --git a/meta-oe/recipes-security/nmap/nmap-7.92/0005-fix-racing-between-build-ncat-and-build-lua.patch b/meta-oe/recipes-security/nmap/nmap-7.92/0005-fix-racing-between-build-ncat-and-build-lua.patch
new file mode 100644
index 0000000000..f660719640
--- /dev/null
+++ b/meta-oe/recipes-security/nmap/nmap-7.92/0005-fix-racing-between-build-ncat-and-build-lua.patch
@@ -0,0 +1,55 @@
1From c1b436da46a7e3089b657f3f92308defc0ebb735 Mon Sep 17 00:00:00 2001
2From: Hongxu Jia <hongxu.jia@windriver.com>
3Date: Sun, 9 Feb 2025 00:45:36 +0000
4Subject: [PATCH] fix racing between build-ncat and build-lua
5
6There are two build-lua rules, one in Makefile.in, another in
7ncat/Makefile.in which is required by build-ncat
8
9Build them may cause potential racing
10
11$ bitbake lib32-nmap
12$ grep -e "Compiling liblua" -e 'nmap-7.95/liblua' -e ": error" -n patch-to/temp/log.do_compile
13Compiling liblua
14make[1]: Entering directory 'path-to/build/tmp/work/corei7-32-wrsmllib32-linux/lib32-nmap/7.95/nmap-7.95/liblua'
15Compiling liblua
16make[2]: Entering directory 'path-to/build/tmp/work/corei7-32-wrsmllib32-linux/lib32-nmap/7.95/nmap-7.95/liblua'
17make[2]: Leaving directory 'path-to/tmp/work/corei7-32-wrsmllib32-linux/lib32-nmap/7.95/nmap-7.95/liblua'
18path-to/tmp/work/corei7-32-wrsmllib32-linux/lib32-nmap/7.95/recipe-sysroot-native/usr/bin/i686-wrsmllib32-linux/../../libexec/i686-wrsmllib32-linux/gcc/i686-wrsmllib32-linux/14.2.0/ld: ./../liblua/liblua.a: error adding symbols: no more archived files
19collect2: error: ld returned 1 exit status
20make[1]: Leaving directory 'path-to/tmp/work/corei7-32-wrsmllib32-linux/lib32-nmap/7.95/nmap-7.95/liblua'
21
22Explicitly make build-ncat depends on build-lua to avoid racing,
23after applying the patch
24...
25Compiling liblua
26make[1]: Entering directory 'path-to/tmp/work/corei7-32-wrsmllib32-linux/lib32-nmap/7.95/nmap-7.95/liblua'
27make[1]: Leaving directory 'path-to/tmp/work/corei7-32-wrsmllib32-linux/lib32-nmap/7.95/nmap-7.95/liblua'
28Compiling liblua
29make[2]: Entering directory 'path-to/tmp/work/corei7-32-wrsmllib32-linux/lib32-nmap/7.95/nmap-7.95/liblua'
30make[2]: Leaving directory 'path-to/tmp/work/corei7-32-wrsmllib32-linux/lib32-nmap/7.95/nmap-7.95/liblua'
31...
32
33Upstream-Status: Submitted [https://github.com/nmap/nmap/pull/3025]
34
35Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
36---
37 Makefile.in | 2 +-
38 1 file changed, 1 insertion(+), 1 deletion(-)
39
40diff --git a/Makefile.in b/Makefile.in
41index 6b25d27..b0a2719 100644
42--- a/Makefile.in
43+++ b/Makefile.in
44@@ -159,7 +159,7 @@ build-netutil: libnetutil/Makefile
45 @echo Compiling libnetutil;
46 cd libnetutil && $(MAKE)
47
48-build-ncat: $(NCATDIR)/Makefile build-nbase build-nsock $(NCATDIR)/ncat.h @PCAP_BUILD@
49+build-ncat: $(NCATDIR)/Makefile build-nbase build-nsock build-lua $(NCATDIR)/ncat.h @PCAP_BUILD@
50 cd $(NCATDIR) && $(MAKE)
51
52 build-lua: $(LIBLUADIR)/Makefile
53--
542.34.1
55
diff --git a/meta-oe/recipes-security/nmap/nmap-7.92/0006-Fix-build-with-libpcap-1.10.5.patch b/meta-oe/recipes-security/nmap/nmap-7.92/0006-Fix-build-with-libpcap-1.10.5.patch
new file mode 100644
index 0000000000..4ee4a7295e
--- /dev/null
+++ b/meta-oe/recipes-security/nmap/nmap-7.92/0006-Fix-build-with-libpcap-1.10.5.patch
@@ -0,0 +1,47 @@
1From ba7b4a8cc570f0ce154f186fbe840f0ac23b2b96 Mon Sep 17 00:00:00 2001
2From: Yi Zhao <yi.zhao@windriver.com>
3Date: Mon, 28 Apr 2025 10:04:46 +0800
4Subject: [PATCH] Fix build with libpcap 1.10.5
5
6Fixes:
7In file included from /build/tmp/work/core2-64-poky-linux/nmap/7.92/recipe-sysroot/usr/include/pcap/pcap.h:130,
8 from /build/tmp/work/core2-64-poky-linux/nmap/7.92/recipe-sysroot/usr/include/pcap.h:43,
9 from tcpip.h:72,
10 from nse_nsock.cc:4:
11nse_nsock.cc:36:3: error: expected identifier before 'int'
12 36 | PCAP_SOCKET = lua_upvalueindex(3), /* pcap socket metatable */
13 | ^~~~~~~~~~~
14nse_nsock.cc:36:3: error: expected '}' before 'int'
15nse_nsock.cc:33:6: note: to match this '{'
16 33 | enum {
17 | ^
18nse_nsock.cc:36:15: error: expected unqualified-id before '=' token
19 36 | PCAP_SOCKET = lua_upvalueindex(3), /* pcap socket metatable */
20 | ^
21nse_nsock.cc:40:1: error: expected declaration before '}' token
22 40 | };
23 | ^
24
25Upstream-Status: Pending
26
27Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
28---
29 nse_nsock.cc | 2 ++
30 1 file changed, 2 insertions(+)
31
32diff --git a/nse_nsock.cc b/nse_nsock.cc
33index 75ddeb6..a3c5186 100644
34--- a/nse_nsock.cc
35+++ b/nse_nsock.cc
36@@ -29,6 +29,8 @@
37
38 #define DEFAULT_TIMEOUT 30000
39
40+#undef PCAP_SOCKET
41+
42 /* Upvalues for library variables */
43 enum {
44 NSOCK_POOL = lua_upvalueindex(1),
45--
462.34.1
47
diff --git a/meta-oe/recipes-security/nmap/nmap_7.92.bb b/meta-oe/recipes-security/nmap/nmap_7.92.bb
new file mode 100644
index 0000000000..98969fe001
--- /dev/null
+++ b/meta-oe/recipes-security/nmap/nmap_7.92.bb
@@ -0,0 +1,66 @@
1SUMMARY = "network auditing tool"
2DESCRIPTION = "Nmap (Network Mapper) is a free and open source (license) utility for network discovery and security auditing.\nGui support via appending to IMAGE_FEATURES x11-base in local.conf"
3SECTION = "security"
4LICENSE = "GPL-2.0-only"
5
6LIC_FILES_CHKSUM = "file://LICENSE;md5=b8823a06822788010eae05b4f5e921b3"
7
8SRC_URI = "http://nmap.org/dist/${BP}.tar.bz2 \
9 file://0001-redefine-the-python-library-install-dir.patch \
10 file://0002-replace-.-shtool-mkdir-with-coreutils-mkdir-command.patch \
11 file://0003-Include-time.h-header-to-pass-clang-compilation.patch \
12 file://0004-Fix-building-with-libc.patch \
13 file://0005-fix-racing-between-build-ncat-and-build-lua.patch \
14 file://0006-Fix-build-with-libpcap-1.10.5.patch \
15 "
16SRC_URI[sha256sum] = "a5479f2f8a6b0b2516767d2f7189c386c1dc858d997167d7ec5cfc798c7571a1"
17
18UPSTREAM_CHECK_REGEX = "nmap-(?P<pver>\d+(\.\d+)+)\.tar"
19
20inherit autotools-brokensep pkgconfig python3native
21
22PACKAGECONFIG ?= "pcre ncat nping pcap"
23
24PACKAGECONFIG[pcap] = "--with-pcap=linux, --without-pcap, libpcap, libpcap"
25PACKAGECONFIG[pcre] = "--with-libpcre=${STAGING_LIBDIR}/.., --with-libpcre=included, libpcre"
26PACKAGECONFIG[ssl] = "--with-openssl=${STAGING_LIBDIR}/.., --without-openssl, openssl, openssl"
27PACKAGECONFIG[ssh2] = "--with-openssh2=${STAGING_LIBDIR}/.., --without-openssh2, libssh2, libssh2"
28PACKAGECONFIG[libz] = "--with-libz=${STAGING_LIBDIR}/.., --without-libz, zlib, zlib"
29
30# disable/enable packages
31PACKAGECONFIG[nping] = ",--without-nping,"
32PACKAGECONFIG[ncat] = ",--without-ncat,"
33PACKAGECONFIG[ndiff] = "--with-ndiff=yes,--without-ndiff,python3 python3-setuptools-native"
34PACKAGECONFIG[update] = ",--without-nmap-update,"
35
36EXTRA_OECONF = "--with-libdnet=included --with-liblinear=included --without-subversion --with-liblua=included"
37
38# zenmap needs python-pygtk which has been removed
39# it also only works with python2
40# disable for now until py3 is supported
41EXTRA_OECONF += "--without-zenmap"
42
43export PYTHON_SITEPACKAGES_DIR
44
45do_configure() {
46 autoconf
47 install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.guess ${S}
48 install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.sub ${S}
49 oe_runconf
50}
51
52do_install:append() {
53 for f in ndiff uninstall_ndiff; do
54 if [ -f ${D}${bindir}/$f ]; then
55 sed -i 's@^#!.*$@#!/usr/bin/env python3@g' ${D}${bindir}/$f
56 fi
57 done
58}
59
60FILES:${PN} += "${PYTHON_SITEPACKAGES_DIR} ${datadir}/ncat"
61
62RDEPENDS:${PN} += " \
63 python3-difflib \
64 python3-asyncio \
65 python3-xml \
66"
diff --git a/meta-oe/recipes-security/nmap/nmap_7.80.bb b/meta-oe/recipes-security/nmap/nmap_7.95.bb
index f9fe82a91d..a892c1e910 100644
--- a/meta-oe/recipes-security/nmap/nmap_7.80.bb
+++ b/meta-oe/recipes-security/nmap/nmap_7.95.bb
@@ -1,28 +1,28 @@
1SUMMARY = "network auditing tool" 1SUMMARY = "network auditing tool"
2DESCRIPTION = "Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing.\nGui support via appending to IMAGE_FEATURES x11-base in local.conf" 2DESCRIPTION = "Nmap (Network Mapper) is a free and open source (license) utility for network discovery and security auditing.\nGui support via appending to IMAGE_FEATURES x11-base in local.conf"
3SECTION = "security" 3SECTION = "security"
4LICENSE = "GPL-2.0-only" 4LICENSE = "NPSL"
5 5
6LIC_FILES_CHKSUM = "file://COPYING;beginline=7;endline=12;md5=66938a7e5b4c118eda78271de14874c2" 6LIC_FILES_CHKSUM = "file://LICENSE;md5=895af8527fe4bcb72f271fd1841fd2f6"
7 7
8SRC_URI = "http://nmap.org/dist/${BP}.tar.bz2 \ 8SRC_URI = "http://nmap.org/dist/${BP}.tar.bz2 \
9 file://nmap-redefine-the-python-library-dir.patch \ 9 file://nmap-redefine-the-python-library-dir.patch \
10 file://nmap-replace-shtool-mkdir-with-coreutils-mkdir-command.patch \ 10 file://nmap-replace-shtool-mkdir-with-coreutils-mkdir-command.patch \
11 file://0001-Include-time.h-header-to-pass-clang-compilation.patch \ 11 file://0001-Include-time.h-header-to-pass-clang-compilation.patch \
12 file://0002-Fix-building-with-libc.patch \ 12 file://0002-Fix-building-with-libc.patch \
13 file://0001-Make-ndiff-support-python3.patch \ 13 file://0003-Fix-off-by-one-overflow-in-the-IP-protocol-table.patch \
14 file://0001-configure.ac-make-ndiff-depend-on-python3.patch \ 14 file://0001-fix-racing-between-build-ncat-and-build-lua.patch \
15 " 15 "
16SRC_URI[sha256sum] = "e14ab530e47b5afd88f1c8a2bac7f89cd8fe6b478e22d255c5b9bddb7a1c5778"
16 17
17SRC_URI[md5sum] = "d37b75b06d1d40f27b76d60db420a1f5" 18UPSTREAM_CHECK_REGEX = "nmap-(?P<pver>\d+(\.\d+)+)\.tar"
18SRC_URI[sha256sum] = "fcfa5a0e42099e12e4bf7a68ebe6fde05553383a682e816a7ec9256ab4773faa"
19 19
20inherit autotools-brokensep pkgconfig python3native 20inherit autotools-brokensep pkgconfig python3native
21 21
22PACKAGECONFIG ?= "ncat nping pcap" 22PACKAGECONFIG ?= "pcre ncat nping pcap"
23 23
24PACKAGECONFIG[pcap] = "--with-pcap=linux, --without-pcap, libpcap, libpcap" 24PACKAGECONFIG[pcap] = "--with-pcap=linux, --without-pcap, libpcap, libpcap"
25PACKAGECONFIG[pcre] = "--with-libpcre=${STAGING_LIBDIR}/.., --with-libpcre=included, libpcre" 25PACKAGECONFIG[pcre] = "--with-libpcre=${STAGING_LIBDIR}/.., --with-libpcre=included, libpcre2"
26PACKAGECONFIG[ssl] = "--with-openssl=${STAGING_LIBDIR}/.., --without-openssl, openssl, openssl" 26PACKAGECONFIG[ssl] = "--with-openssl=${STAGING_LIBDIR}/.., --without-openssl, openssl, openssl"
27PACKAGECONFIG[ssh2] = "--with-openssh2=${STAGING_LIBDIR}/.., --without-openssh2, libssh2, libssh2" 27PACKAGECONFIG[ssh2] = "--with-openssh2=${STAGING_LIBDIR}/.., --without-openssh2, libssh2, libssh2"
28PACKAGECONFIG[libz] = "--with-libz=${STAGING_LIBDIR}/.., --without-libz, zlib, zlib" 28PACKAGECONFIG[libz] = "--with-libz=${STAGING_LIBDIR}/.., --without-libz, zlib, zlib"
@@ -30,7 +30,7 @@ PACKAGECONFIG[libz] = "--with-libz=${STAGING_LIBDIR}/.., --without-libz, zlib, z
30#disable/enable packages 30#disable/enable packages
31PACKAGECONFIG[nping] = ",--without-nping," 31PACKAGECONFIG[nping] = ",--without-nping,"
32PACKAGECONFIG[ncat] = ",--without-ncat," 32PACKAGECONFIG[ncat] = ",--without-ncat,"
33PACKAGECONFIG[ndiff] = "--with-ndiff=yes,--without-ndiff,python3" 33PACKAGECONFIG[ndiff] = "--with-ndiff=yes,--without-ndiff,python3 python3-setuptools-native"
34PACKAGECONFIG[update] = ",--without-nmap-update," 34PACKAGECONFIG[update] = ",--without-nmap-update,"
35 35
36EXTRA_OECONF = "--with-libdnet=included --with-liblinear=included --without-subversion --with-liblua=included" 36EXTRA_OECONF = "--with-libdnet=included --with-liblinear=included --without-subversion --with-liblua=included"
diff --git a/meta-oe/recipes-security/softhsm/files/0002-Prevent-accessing-of-global-c-objects-once-they-are-.patch b/meta-oe/recipes-security/softhsm/files/0002-Prevent-accessing-of-global-c-objects-once-they-are-.patch
new file mode 100644
index 0000000000..6e61aeac3c
--- /dev/null
+++ b/meta-oe/recipes-security/softhsm/files/0002-Prevent-accessing-of-global-c-objects-once-they-are-.patch
@@ -0,0 +1,672 @@
1From 41968e7b742ad59046523a7eeb63514237fb63af Mon Sep 17 00:00:00 2001
2From: Neil Horman <nhorman@openssl.org>
3Date: Fri, 27 Oct 2023 14:57:37 -0400
4Subject: [PATCH] Prevent accessing of global c++ objects once they are deleted
5
6Fixes (Maybe) #729.
7Reset objects_deleted after reset is called.
8
9Upstream-Status: Submitted [https://github.com/opendnssec/SoftHSMv2/pull/742]
10---
11 src/lib/SoftHSM.cpp | 5 ++
12 src/lib/main.cpp | 138 ++++++++++++++++++++++++++++++++++++++++++++
13 2 files changed, 143 insertions(+)
14
15diff --git a/src/lib/SoftHSM.cpp b/src/lib/SoftHSM.cpp
16index 02c0f95..95bf208 100644
17--- a/src/lib/SoftHSM.cpp
18+++ b/src/lib/SoftHSM.cpp
19@@ -89,6 +89,8 @@
20
21 // Initialise the one-and-only instance
22
23+int objects_deleted = 0;
24+
25 #ifdef HAVE_CXX11
26
27 std::unique_ptr<MutexFactory> MutexFactory::instance(nullptr);
28@@ -406,6 +408,8 @@ void SoftHSM::reset()
29 {
30 if (instance.get())
31 instance.reset();
32+
33+ objects_deleted = 0;
34 }
35
36 // Constructor
37@@ -445,6 +449,7 @@ SoftHSM::~SoftHSM()
38
39 isInitialised = false;
40
41+ objects_deleted = 1;
42 resetMutexFactoryCallbacks();
43 }
44
45diff --git a/src/lib/main.cpp b/src/lib/main.cpp
46index 2dfd0eb..e89f18c 100644
47--- a/src/lib/main.cpp
48+++ b/src/lib/main.cpp
49@@ -49,6 +49,8 @@
50 #define PKCS_API
51 #endif
52
53+extern int objects_deleted;
54+
55 // PKCS #11 function list
56 static CK_FUNCTION_LIST functionList =
57 {
58@@ -130,6 +132,8 @@ PKCS_API CK_RV C_Initialize(CK_VOID_PTR pInitArgs)
59 {
60 try
61 {
62+ if (objects_deleted == 1)
63+ return CKR_FUNCTION_FAILED;
64 return SoftHSM::i()->C_Initialize(pInitArgs);
65 }
66 catch (...)
67@@ -145,6 +149,8 @@ PKCS_API CK_RV C_Finalize(CK_VOID_PTR pReserved)
68 {
69 try
70 {
71+ if (objects_deleted == 1)
72+ return CKR_FUNCTION_FAILED;
73 return SoftHSM::i()->C_Finalize(pReserved);
74 }
75 catch (...)
76@@ -160,6 +166,8 @@ PKCS_API CK_RV C_GetInfo(CK_INFO_PTR pInfo)
77 {
78 try
79 {
80+ if (objects_deleted == 1)
81+ return CKR_FUNCTION_FAILED;
82 return SoftHSM::i()->C_GetInfo(pInfo);
83 }
84 catch (...)
85@@ -175,6 +183,8 @@ PKCS_API CK_RV C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList)
86 {
87 try
88 {
89+ if (objects_deleted == 1)
90+ return CKR_FUNCTION_FAILED;
91 if (ppFunctionList == NULL_PTR) return CKR_ARGUMENTS_BAD;
92
93 *ppFunctionList = &functionList;
94@@ -194,6 +204,8 @@ PKCS_API CK_RV C_GetSlotList(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, CK
95 {
96 try
97 {
98+ if (objects_deleted == 1)
99+ return CKR_FUNCTION_FAILED;
100 return SoftHSM::i()->C_GetSlotList(tokenPresent, pSlotList, pulCount);
101 }
102 catch (...)
103@@ -209,6 +221,8 @@ PKCS_API CK_RV C_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
104 {
105 try
106 {
107+ if (objects_deleted == 1)
108+ return CKR_FUNCTION_FAILED;
109 return SoftHSM::i()->C_GetSlotInfo(slotID, pInfo);
110 }
111 catch (...)
112@@ -224,6 +238,8 @@ PKCS_API CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
113 {
114 try
115 {
116+ if (objects_deleted == 1)
117+ return CKR_FUNCTION_FAILED;
118 return SoftHSM::i()->C_GetTokenInfo(slotID, pInfo);
119 }
120 catch (...)
121@@ -239,6 +255,8 @@ PKCS_API CK_RV C_GetMechanismList(CK_SLOT_ID slotID, CK_MECHANISM_TYPE_PTR pMech
122 {
123 try
124 {
125+ if (objects_deleted == 1)
126+ return CKR_FUNCTION_FAILED;
127 return SoftHSM::i()->C_GetMechanismList(slotID, pMechanismList, pulCount);
128 }
129 catch (...)
130@@ -254,6 +272,8 @@ PKCS_API CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, CK_
131 {
132 try
133 {
134+ if (objects_deleted == 1)
135+ return CKR_FUNCTION_FAILED;
136 return SoftHSM::i()->C_GetMechanismInfo(slotID, type, pInfo);
137 }
138 catch (...)
139@@ -269,6 +289,8 @@ PKCS_API CK_RV C_InitToken(CK_SLOT_ID slotID, CK_UTF8CHAR_PTR pPin, CK_ULONG ulP
140 {
141 try
142 {
143+ if (objects_deleted == 1)
144+ return CKR_FUNCTION_FAILED;
145 return SoftHSM::i()->C_InitToken(slotID, pPin, ulPinLen, pLabel);
146 }
147 catch (...)
148@@ -284,6 +306,8 @@ PKCS_API CK_RV C_InitPIN(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pPin, CK_UL
149 {
150 try
151 {
152+ if (objects_deleted == 1)
153+ return CKR_FUNCTION_FAILED;
154 return SoftHSM::i()->C_InitPIN(hSession, pPin, ulPinLen);
155 }
156 catch (...)
157@@ -299,6 +323,8 @@ PKCS_API CK_RV C_SetPIN(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pOldPin, CK_
158 {
159 try
160 {
161+ if (objects_deleted == 1)
162+ return CKR_FUNCTION_FAILED;
163 return SoftHSM::i()->C_SetPIN(hSession, pOldPin, ulOldLen, pNewPin, ulNewLen);
164 }
165 catch (...)
166@@ -314,6 +340,8 @@ PKCS_API CK_RV C_OpenSession(CK_SLOT_ID slotID, CK_FLAGS flags, CK_VOID_PTR pApp
167 {
168 try
169 {
170+ if (objects_deleted == 1)
171+ return CKR_FUNCTION_FAILED;
172 return SoftHSM::i()->C_OpenSession(slotID, flags, pApplication, notify, phSession);
173 }
174 catch (...)
175@@ -329,6 +357,8 @@ PKCS_API CK_RV C_CloseSession(CK_SESSION_HANDLE hSession)
176 {
177 try
178 {
179+ if (objects_deleted == 1)
180+ return CKR_FUNCTION_FAILED;
181 return SoftHSM::i()->C_CloseSession(hSession);
182 }
183 catch (...)
184@@ -344,6 +374,8 @@ PKCS_API CK_RV C_CloseAllSessions(CK_SLOT_ID slotID)
185 {
186 try
187 {
188+ if (objects_deleted == 1)
189+ return CKR_FUNCTION_FAILED;
190 return SoftHSM::i()->C_CloseAllSessions(slotID);
191 }
192 catch (...)
193@@ -359,6 +391,8 @@ PKCS_API CK_RV C_GetSessionInfo(CK_SESSION_HANDLE hSession, CK_SESSION_INFO_PTR
194 {
195 try
196 {
197+ if (objects_deleted == 1)
198+ return CKR_FUNCTION_FAILED;
199 return SoftHSM::i()->C_GetSessionInfo(hSession, pInfo);
200 }
201 catch (...)
202@@ -374,6 +408,8 @@ PKCS_API CK_RV C_GetOperationState(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pOper
203 {
204 try
205 {
206+ if (objects_deleted == 1)
207+ return CKR_FUNCTION_FAILED;
208 return SoftHSM::i()->C_GetOperationState(hSession, pOperationState, pulOperationStateLen);
209 }
210 catch (...)
211@@ -389,6 +425,8 @@ PKCS_API CK_RV C_SetOperationState(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pOper
212 {
213 try
214 {
215+ if (objects_deleted == 1)
216+ return CKR_FUNCTION_FAILED;
217 return SoftHSM::i()->C_SetOperationState(hSession, pOperationState, ulOperationStateLen, hEncryptionKey, hAuthenticationKey);
218 }
219 catch (...)
220@@ -404,6 +442,8 @@ PKCS_API CK_RV C_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, CK_UTF
221 {
222 try
223 {
224+ if (objects_deleted == 1)
225+ return CKR_FUNCTION_FAILED;
226 return SoftHSM::i()->C_Login(hSession, userType, pPin, ulPinLen);
227 }
228 catch (...)
229@@ -419,6 +459,8 @@ PKCS_API CK_RV C_Logout(CK_SESSION_HANDLE hSession)
230 {
231 try
232 {
233+ if (objects_deleted == 1)
234+ return CKR_FUNCTION_FAILED;
235 return SoftHSM::i()->C_Logout(hSession);
236 }
237 catch (...)
238@@ -434,6 +476,8 @@ PKCS_API CK_RV C_CreateObject(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemp
239 {
240 try
241 {
242+ if (objects_deleted == 1)
243+ return CKR_FUNCTION_FAILED;
244 return SoftHSM::i()->C_CreateObject(hSession, pTemplate, ulCount, phObject);
245 }
246 catch (...)
247@@ -449,6 +493,8 @@ PKCS_API CK_RV C_CopyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject
248 {
249 try
250 {
251+ if (objects_deleted == 1)
252+ return CKR_FUNCTION_FAILED;
253 return SoftHSM::i()->C_CopyObject(hSession, hObject, pTemplate, ulCount, phNewObject);
254 }
255 catch (...)
256@@ -464,6 +510,8 @@ PKCS_API CK_RV C_DestroyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObj
257 {
258 try
259 {
260+ if (objects_deleted == 1)
261+ return CKR_FUNCTION_FAILED;
262 return SoftHSM::i()->C_DestroyObject(hSession, hObject);
263 }
264 catch (...)
265@@ -479,6 +527,8 @@ PKCS_API CK_RV C_GetObjectSize(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObj
266 {
267 try
268 {
269+ if (objects_deleted == 1)
270+ return CKR_FUNCTION_FAILED;
271 return SoftHSM::i()->C_GetObjectSize(hSession, hObject, pulSize);
272 }
273 catch (...)
274@@ -494,6 +544,8 @@ PKCS_API CK_RV C_GetAttributeValue(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE
275 {
276 try
277 {
278+ if (objects_deleted == 1)
279+ return CKR_FUNCTION_FAILED;
280 return SoftHSM::i()->C_GetAttributeValue(hSession, hObject, pTemplate, ulCount);
281 }
282 catch (...)
283@@ -509,6 +561,8 @@ PKCS_API CK_RV C_SetAttributeValue(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE
284 {
285 try
286 {
287+ if (objects_deleted == 1)
288+ return CKR_FUNCTION_FAILED;
289 return SoftHSM::i()->C_SetAttributeValue(hSession, hObject, pTemplate, ulCount);
290 }
291 catch (...)
292@@ -524,6 +578,8 @@ PKCS_API CK_RV C_FindObjectsInit(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pT
293 {
294 try
295 {
296+ if (objects_deleted == 1)
297+ return CKR_FUNCTION_FAILED;
298 return SoftHSM::i()->C_FindObjectsInit(hSession, pTemplate, ulCount);
299 }
300 catch (...)
301@@ -539,6 +595,8 @@ PKCS_API CK_RV C_FindObjects(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE_PTR ph
302 {
303 try
304 {
305+ if (objects_deleted == 1)
306+ return CKR_FUNCTION_FAILED;
307 return SoftHSM::i()->C_FindObjects(hSession, phObject, ulMaxObjectCount, pulObjectCount);
308 }
309 catch (...)
310@@ -554,6 +612,8 @@ PKCS_API CK_RV C_FindObjectsFinal(CK_SESSION_HANDLE hSession)
311 {
312 try
313 {
314+ if (objects_deleted == 1)
315+ return CKR_FUNCTION_FAILED;
316 return SoftHSM::i()->C_FindObjectsFinal(hSession);
317 }
318 catch (...)
319@@ -569,6 +629,8 @@ PKCS_API CK_RV C_EncryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMecha
320 {
321 try
322 {
323+ if (objects_deleted == 1)
324+ return CKR_FUNCTION_FAILED;
325 return SoftHSM::i()->C_EncryptInit(hSession, pMechanism, hObject);
326 }
327 catch (...)
328@@ -584,6 +646,8 @@ PKCS_API CK_RV C_Encrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG
329 {
330 try
331 {
332+ if (objects_deleted == 1)
333+ return CKR_FUNCTION_FAILED;
334 return SoftHSM::i()->C_Encrypt(hSession, pData, ulDataLen, pEncryptedData, pulEncryptedDataLen);
335 }
336 catch (...)
337@@ -599,6 +663,8 @@ PKCS_API CK_RV C_EncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK
338 {
339 try
340 {
341+ if (objects_deleted == 1)
342+ return CKR_FUNCTION_FAILED;
343 return SoftHSM::i()->C_EncryptUpdate(hSession, pData, ulDataLen, pEncryptedData, pulEncryptedDataLen);
344 }
345 catch (...)
346@@ -614,6 +680,8 @@ PKCS_API CK_RV C_EncryptFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncrypted
347 {
348 try
349 {
350+ if (objects_deleted == 1)
351+ return CKR_FUNCTION_FAILED;
352 return SoftHSM::i()->C_EncryptFinal(hSession, pEncryptedData, pulEncryptedDataLen);
353 }
354 catch (...)
355@@ -629,6 +697,8 @@ PKCS_API CK_RV C_DecryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMecha
356 {
357 try
358 {
359+ if (objects_deleted == 1)
360+ return CKR_FUNCTION_FAILED;
361 return SoftHSM::i()->C_DecryptInit(hSession, pMechanism, hObject);
362 }
363 catch (...)
364@@ -644,6 +714,8 @@ PKCS_API CK_RV C_Decrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedData,
365 {
366 try
367 {
368+ if (objects_deleted == 1)
369+ return CKR_FUNCTION_FAILED;
370 return SoftHSM::i()->C_Decrypt(hSession, pEncryptedData, ulEncryptedDataLen, pData, pulDataLen);
371 }
372 catch (...)
373@@ -659,6 +731,8 @@ PKCS_API CK_RV C_DecryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncrypte
374 {
375 try
376 {
377+ if (objects_deleted == 1)
378+ return CKR_FUNCTION_FAILED;
379 return SoftHSM::i()->C_DecryptUpdate(hSession, pEncryptedData, ulEncryptedDataLen, pData, pDataLen);
380 }
381 catch (...)
382@@ -674,6 +748,8 @@ PKCS_API CK_RV C_DecryptFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_
383 {
384 try
385 {
386+ if (objects_deleted == 1)
387+ return CKR_FUNCTION_FAILED;
388 return SoftHSM::i()->C_DecryptFinal(hSession, pData, pDataLen);
389 }
390 catch (...)
391@@ -689,6 +765,8 @@ PKCS_API CK_RV C_DigestInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechan
392 {
393 try
394 {
395+ if (objects_deleted == 1)
396+ return CKR_FUNCTION_FAILED;
397 return SoftHSM::i()->C_DigestInit(hSession, pMechanism);
398 }
399 catch (...)
400@@ -704,6 +782,8 @@ PKCS_API CK_RV C_Digest(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG
401 {
402 try
403 {
404+ if (objects_deleted == 1)
405+ return CKR_FUNCTION_FAILED;
406 return SoftHSM::i()->C_Digest(hSession, pData, ulDataLen, pDigest, pulDigestLen);
407 }
408 catch (...)
409@@ -719,6 +799,8 @@ PKCS_API CK_RV C_DigestUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_
410 {
411 try
412 {
413+ if (objects_deleted == 1)
414+ return CKR_FUNCTION_FAILED;
415 return SoftHSM::i()->C_DigestUpdate(hSession, pPart, ulPartLen);
416 }
417 catch (...)
418@@ -734,6 +816,8 @@ PKCS_API CK_RV C_DigestKey(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject)
419 {
420 try
421 {
422+ if (objects_deleted == 1)
423+ return CKR_FUNCTION_FAILED;
424 return SoftHSM::i()->C_DigestKey(hSession, hObject);
425 }
426 catch (...)
427@@ -749,6 +833,8 @@ PKCS_API CK_RV C_DigestFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pDigest, CK
428 {
429 try
430 {
431+ if (objects_deleted == 1)
432+ return CKR_FUNCTION_FAILED;
433 return SoftHSM::i()->C_DigestFinal(hSession, pDigest, pulDigestLen);
434 }
435 catch (...)
436@@ -764,6 +850,8 @@ PKCS_API CK_RV C_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanis
437 {
438 try
439 {
440+ if (objects_deleted == 1)
441+ return CKR_FUNCTION_FAILED;
442 return SoftHSM::i()->C_SignInit(hSession, pMechanism, hKey);
443 }
444 catch (...)
445@@ -779,6 +867,8 @@ PKCS_API CK_RV C_Sign(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ul
446 {
447 try
448 {
449+ if (objects_deleted == 1)
450+ return CKR_FUNCTION_FAILED;
451 return SoftHSM::i()->C_Sign(hSession, pData, ulDataLen, pSignature, pulSignatureLen);
452 }
453 catch (...)
454@@ -794,6 +884,8 @@ PKCS_API CK_RV C_SignUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_UL
455 {
456 try
457 {
458+ if (objects_deleted == 1)
459+ return CKR_FUNCTION_FAILED;
460 return SoftHSM::i()->C_SignUpdate(hSession, pPart, ulPartLen);
461 }
462 catch (...)
463@@ -809,6 +901,8 @@ PKCS_API CK_RV C_SignFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, C
464 {
465 try
466 {
467+ if (objects_deleted == 1)
468+ return CKR_FUNCTION_FAILED;
469 return SoftHSM::i()->C_SignFinal(hSession, pSignature, pulSignatureLen);
470 }
471 catch (...)
472@@ -824,6 +918,8 @@ PKCS_API CK_RV C_SignRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pM
473 {
474 try
475 {
476+ if (objects_deleted == 1)
477+ return CKR_FUNCTION_FAILED;
478 return SoftHSM::i()->C_SignRecoverInit(hSession, pMechanism, hKey);
479 }
480 catch (...)
481@@ -839,6 +935,8 @@ PKCS_API CK_RV C_SignRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_U
482 {
483 try
484 {
485+ if (objects_deleted == 1)
486+ return CKR_FUNCTION_FAILED;
487 return SoftHSM::i()->C_SignRecover(hSession, pData, ulDataLen, pSignature, pulSignatureLen);
488 }
489 catch (...)
490@@ -854,6 +952,8 @@ PKCS_API CK_RV C_VerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechan
491 {
492 try
493 {
494+ if (objects_deleted == 1)
495+ return CKR_FUNCTION_FAILED;
496 return SoftHSM::i()->C_VerifyInit(hSession, pMechanism, hKey);
497 }
498 catch (...)
499@@ -869,6 +969,8 @@ PKCS_API CK_RV C_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG
500 {
501 try
502 {
503+ if (objects_deleted == 1)
504+ return CKR_FUNCTION_FAILED;
505 return SoftHSM::i()->C_Verify(hSession, pData, ulDataLen, pSignature, ulSignatureLen);
506 }
507 catch (...)
508@@ -884,6 +986,8 @@ PKCS_API CK_RV C_VerifyUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_
509 {
510 try
511 {
512+ if (objects_deleted == 1)
513+ return CKR_FUNCTION_FAILED;
514 return SoftHSM::i()->C_VerifyUpdate(hSession, pPart, ulPartLen);
515 }
516 catch (...)
517@@ -899,6 +1003,8 @@ PKCS_API CK_RV C_VerifyFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
518 {
519 try
520 {
521+ if (objects_deleted == 1)
522+ return CKR_FUNCTION_FAILED;
523 return SoftHSM::i()->C_VerifyFinal(hSession, pSignature, ulSignatureLen);
524 }
525 catch (...)
526@@ -914,6 +1020,8 @@ PKCS_API CK_RV C_VerifyRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR
527 {
528 try
529 {
530+ if (objects_deleted == 1)
531+ return CKR_FUNCTION_FAILED;
532 return SoftHSM::i()->C_VerifyRecoverInit(hSession, pMechanism, hKey);
533 }
534 catch (...)
535@@ -929,6 +1037,8 @@ PKCS_API CK_RV C_VerifyRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignatur
536 {
537 try
538 {
539+ if (objects_deleted == 1)
540+ return CKR_FUNCTION_FAILED;
541 return SoftHSM::i()->C_VerifyRecover(hSession, pSignature, ulSignatureLen, pData, pulDataLen);
542 }
543 catch (...)
544@@ -944,6 +1054,8 @@ PKCS_API CK_RV C_DigestEncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPa
545 {
546 try
547 {
548+ if (objects_deleted == 1)
549+ return CKR_FUNCTION_FAILED;
550 return SoftHSM::i()->C_DigestEncryptUpdate(hSession, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen);
551 }
552 catch (...)
553@@ -959,6 +1071,8 @@ PKCS_API CK_RV C_DecryptDigestUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPa
554 {
555 try
556 {
557+ if (objects_deleted == 1)
558+ return CKR_FUNCTION_FAILED;
559 return SoftHSM::i()->C_DecryptDigestUpdate(hSession, pPart, ulPartLen, pDecryptedPart, pulDecryptedPartLen);
560 }
561 catch (...)
562@@ -974,6 +1088,8 @@ PKCS_API CK_RV C_SignEncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart
563 {
564 try
565 {
566+ if (objects_deleted == 1)
567+ return CKR_FUNCTION_FAILED;
568 return SoftHSM::i()->C_SignEncryptUpdate(hSession, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen);
569 }
570 catch (...)
571@@ -989,6 +1105,8 @@ PKCS_API CK_RV C_DecryptVerifyUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEn
572 {
573 try
574 {
575+ if (objects_deleted == 1)
576+ return CKR_FUNCTION_FAILED;
577 return SoftHSM::i()->C_DecryptVerifyUpdate(hSession, pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen);
578 }
579 catch (...)
580@@ -1004,6 +1122,8 @@ PKCS_API CK_RV C_GenerateKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMecha
581 {
582 try
583 {
584+ if (objects_deleted == 1)
585+ return CKR_FUNCTION_FAILED;
586 return SoftHSM::i()->C_GenerateKey(hSession, pMechanism, pTemplate, ulCount, phKey);
587 }
588 catch (...)
589@@ -1029,6 +1149,8 @@ PKCS_API CK_RV C_GenerateKeyPair
590 {
591 try
592 {
593+ if (objects_deleted == 1)
594+ return CKR_FUNCTION_FAILED;
595 return SoftHSM::i()->C_GenerateKeyPair(hSession, pMechanism, pPublicKeyTemplate, ulPublicKeyAttributeCount, pPrivateKeyTemplate, ulPrivateKeyAttributeCount, phPublicKey, phPrivateKey);
596 }
597 catch (...)
598@@ -1052,6 +1174,8 @@ PKCS_API CK_RV C_WrapKey
599 {
600 try
601 {
602+ if (objects_deleted == 1)
603+ return CKR_FUNCTION_FAILED;
604 return SoftHSM::i()->C_WrapKey(hSession, pMechanism, hWrappingKey, hKey, pWrappedKey, pulWrappedKeyLen);
605 }
606 catch (...)
607@@ -1077,6 +1201,8 @@ PKCS_API CK_RV C_UnwrapKey
608 {
609 try
610 {
611+ if (objects_deleted == 1)
612+ return CKR_FUNCTION_FAILED;
613 return SoftHSM::i()->C_UnwrapKey(hSession, pMechanism, hUnwrappingKey, pWrappedKey, ulWrappedKeyLen, pTemplate, ulCount, phKey);
614 }
615 catch (...)
616@@ -1100,6 +1226,8 @@ PKCS_API CK_RV C_DeriveKey
617 {
618 try
619 {
620+ if (objects_deleted == 1)
621+ return CKR_FUNCTION_FAILED;
622 return SoftHSM::i()->C_DeriveKey(hSession, pMechanism, hBaseKey, pTemplate, ulCount, phKey);
623 }
624 catch (...)
625@@ -1115,6 +1243,8 @@ PKCS_API CK_RV C_SeedRandom(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSeed, CK_UL
626 {
627 try
628 {
629+ if (objects_deleted == 1)
630+ return CKR_FUNCTION_FAILED;
631 return SoftHSM::i()->C_SeedRandom(hSession, pSeed, ulSeedLen);
632 }
633 catch (...)
634@@ -1130,6 +1260,8 @@ PKCS_API CK_RV C_GenerateRandom(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pRandomD
635 {
636 try
637 {
638+ if (objects_deleted == 1)
639+ return CKR_FUNCTION_FAILED;
640 return SoftHSM::i()->C_GenerateRandom(hSession, pRandomData, ulRandomLen);
641 }
642 catch (...)
643@@ -1145,6 +1277,8 @@ PKCS_API CK_RV C_GetFunctionStatus(CK_SESSION_HANDLE hSession)
644 {
645 try
646 {
647+ if (objects_deleted == 1)
648+ return CKR_FUNCTION_FAILED;
649 return SoftHSM::i()->C_GetFunctionStatus(hSession);
650 }
651 catch (...)
652@@ -1160,6 +1294,8 @@ PKCS_API CK_RV C_CancelFunction(CK_SESSION_HANDLE hSession)
653 {
654 try
655 {
656+ if (objects_deleted == 1)
657+ return CKR_FUNCTION_FAILED;
658 return SoftHSM::i()->C_CancelFunction(hSession);
659 }
660 catch (...)
661@@ -1175,6 +1311,8 @@ PKCS_API CK_RV C_WaitForSlotEvent(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot, CK_VOID_
662 {
663 try
664 {
665+ if (objects_deleted == 1)
666+ return CKR_FUNCTION_FAILED;
667 return SoftHSM::i()->C_WaitForSlotEvent(flags, pSlot, pReserved);
668 }
669 catch (...)
670--
6712.42.0
672
diff --git a/meta-oe/recipes-security/softhsm/softhsm_2.6.1.bb b/meta-oe/recipes-security/softhsm/softhsm_2.6.1.bb
index 930bca96ff..66f0488792 100644
--- a/meta-oe/recipes-security/softhsm/softhsm_2.6.1.bb
+++ b/meta-oe/recipes-security/softhsm/softhsm_2.6.1.bb
@@ -7,6 +7,7 @@ DEPENDS = "sqlite3"
7 7
8SRC_URI = "https://dist.opendnssec.org/source/softhsm-2.6.1.tar.gz \ 8SRC_URI = "https://dist.opendnssec.org/source/softhsm-2.6.1.tar.gz \
9 file://0001-avoid-unnecessary-check-for-sqlite3-binary.patch \ 9 file://0001-avoid-unnecessary-check-for-sqlite3-binary.patch \
10 file://0002-Prevent-accessing-of-global-c-objects-once-they-are-.patch \
10" 11"
11SRC_URI[sha256sum] = "61249473054bcd1811519ef9a989a880a7bdcc36d317c9c25457fc614df475f2" 12SRC_URI[sha256sum] = "61249473054bcd1811519ef9a989a880a7bdcc36d317c9c25457fc614df475f2"
12 13
diff --git a/meta-oe/recipes-security/spectre-meltdown-checker/spectre-meltdown-checker_0.46.bb b/meta-oe/recipes-security/spectre-meltdown-checker/spectre-meltdown-checker_0.46.bb
new file mode 100644
index 0000000000..48f9a738bb
--- /dev/null
+++ b/meta-oe/recipes-security/spectre-meltdown-checker/spectre-meltdown-checker_0.46.bb
@@ -0,0 +1,34 @@
1SUMMARY = "Hardware vulnerability and mitigation checker"
2DESCRIPTION = "\
3 Reptar, Downfall, Zenbleed, ZombieLoad, RIDL, Fallout, Foreshadow, Spectre, \
4 Meltdown vulnerability/mitigation checker for Linux & BSD \
5"
6HOMEPAGE = "https://github.com/speed47/spectre-meltdown-checker"
7BUGTRACKER = "https://github.com/speed47/spectre-meltdown-checker/issues"
8LICENSE = "GPL-3.0-only"
9LIC_FILES_CHKSUM = "file://spectre-meltdown-checker.sh;beginline=2;endline=2;md5=3ae5399e70af7be9b93f72568069e2f4"
10
11SRC_URI = "git://github.com/speed47/spectre-meltdown-checker;protocol=https;branch=master"
12SRCREV = "b8f8c81d519435c0871b13f02b5c4a72c5bffd5e"
13
14
15# binutils: readelf,objdump might be used for deeper analysis
16# coreutils: dd with iflag=skip_bytes oflag=seek_bytes in some cases
17# kernel-dev: /boot/config is used
18# perl: sometimes used when other tools (dd, rdmsr/wdmsr) are missing
19RRECOMMENDS:${PN} = "\
20 binutils \
21 coreutils \
22 kernel-dev \
23 perl \
24"
25
26INHIBIT_DEFAULT_DEPS = "1"
27
28PACKAGE_ARCH = "${MACHINE_ARCH}"
29
30do_compile[noexec] = "1"
31
32do_install() {
33 install -m 755 -D ${S}/${BPN}.sh ${D}${bindir}/${BPN}
34}
diff --git a/meta-oe/recipes-security/tomoyo-tools/tomoyo-tools_2.6.1.bb b/meta-oe/recipes-security/tomoyo-tools/tomoyo-tools_2.6.1.bb
index 86acdc7aa1..f172168335 100644
--- a/meta-oe/recipes-security/tomoyo-tools/tomoyo-tools_2.6.1.bb
+++ b/meta-oe/recipes-security/tomoyo-tools/tomoyo-tools_2.6.1.bb
@@ -8,7 +8,7 @@ SECTION = "System Environment/Kernel"
8SRC_URI = "http://jaist.dl.sourceforge.jp/tomoyo/70710/${BP}-20210910.tar.gz" 8SRC_URI = "http://jaist.dl.sourceforge.jp/tomoyo/70710/${BP}-20210910.tar.gz"
9SRC_URI[sha256sum] = "47a12cdb1fe7bbd0b2e3486150fe1e754fa9c869aeefd42fd311c4022b78010a" 9SRC_URI[sha256sum] = "47a12cdb1fe7bbd0b2e3486150fe1e754fa9c869aeefd42fd311c4022b78010a"
10 10
11S = "${WORKDIR}/${BPN}" 11S = "${UNPACKDIR}/${BPN}"
12 12
13LICENSE = "GPL-2.0-only" 13LICENSE = "GPL-2.0-only"
14LIC_FILES_CHKSUM = "file://COPYING.tomoyo;md5=751419260aa954499f7abaabaa882bbe" 14LIC_FILES_CHKSUM = "file://COPYING.tomoyo;md5=751419260aa954499f7abaabaa882bbe"
diff --git a/meta-oe/recipes-security/usbguard/usbguard/0001-Adapt-for-protobuf-30.0-API-changes.patch b/meta-oe/recipes-security/usbguard/usbguard/0001-Adapt-for-protobuf-30.0-API-changes.patch
new file mode 100644
index 0000000000..b7c5b10acd
--- /dev/null
+++ b/meta-oe/recipes-security/usbguard/usbguard/0001-Adapt-for-protobuf-30.0-API-changes.patch
@@ -0,0 +1,89 @@
1From 06ec6473c2ed1920a1d98d40fe992dea9f60b103 Mon Sep 17 00:00:00 2001
2From: Christian Heusel <christian@heusel.eu>
3Date: Tue, 11 Mar 2025 21:43:51 +0100
4Subject: [PATCH] Adapt for protobuf 30.0 API changes
5
6Fixes https://github.com/USBGuard/usbguard/issues/649
7
8Upstream-Status: Submitted [https://github.com/USBGuard/usbguard/pull/650]
9
10Link: https://protobuf.dev/support/migration/
11Signed-off-by: Christian Heusel <christian@heusel.eu>
12Signed-off-by: Khem Raj <raj.khem@gmail.com>
13---
14 src/Library/IPCClientPrivate.cpp | 2 +-
15 src/Library/IPCClientPrivate.hpp | 2 +-
16 src/Library/IPCServerPrivate.cpp | 6 +++---
17 src/Library/IPCServerPrivate.hpp | 2 +-
18 4 files changed, 6 insertions(+), 6 deletions(-)
19
20diff --git a/src/Library/IPCClientPrivate.cpp b/src/Library/IPCClientPrivate.cpp
21index 6aa5201..452ecd4 100644
22--- a/src/Library/IPCClientPrivate.cpp
23+++ b/src/Library/IPCClientPrivate.cpp
24@@ -225,7 +225,7 @@ namespace usbguard
25 std::string payload;
26 message.SerializeToString(&payload);
27 struct qb_ipc_request_header hdr;
28- hdr.id = QB_IPC_MSG_USER_START + IPC::messageTypeNameToNumber(message.GetTypeName());
29+ hdr.id = QB_IPC_MSG_USER_START + IPC::messageTypeNameToNumber(std::string(message.GetTypeName()));
30 hdr.size = sizeof hdr + payload.size();
31 struct iovec iov[2];
32 iov[0].iov_base = &hdr;
33diff --git a/src/Library/IPCClientPrivate.hpp b/src/Library/IPCClientPrivate.hpp
34index d92a1d4..a33022e 100644
35--- a/src/Library/IPCClientPrivate.hpp
36+++ b/src/Library/IPCClientPrivate.hpp
37@@ -84,7 +84,7 @@ namespace usbguard
38 template<class T>
39 void registerHandler(MessageHandler::HandlerType method)
40 {
41- const uint32_t type_number = IPC::messageTypeNameToNumber(T::default_instance().GetTypeName());
42+ const uint32_t type_number = IPC::messageTypeNameToNumber(std::string(T::default_instance().GetTypeName()));
43 _handlers.emplace(type_number, MessageHandler::create<T>(*this, method));
44 }
45
46diff --git a/src/Library/IPCServerPrivate.cpp b/src/Library/IPCServerPrivate.cpp
47index 548a726..b976f02 100644
48--- a/src/Library/IPCServerPrivate.cpp
49+++ b/src/Library/IPCServerPrivate.cpp
50@@ -311,7 +311,7 @@ namespace usbguard
51 message->SerializeToString(&payload);
52 struct qb_ipc_response_header hdr;
53 struct iovec iov[2];
54- hdr.id = QB_IPC_MSG_USER_START + IPC::messageTypeNameToNumber(message->GetTypeName());
55+ hdr.id = QB_IPC_MSG_USER_START + IPC::messageTypeNameToNumber(std::string(message->GetTypeName()));
56 hdr.size = sizeof hdr + payload.size();
57 hdr.error = 0;
58 iov[0].iov_base = &hdr;
59@@ -555,7 +555,7 @@ namespace usbguard
60 std::string payload;
61 message->SerializeToString(&payload);
62 struct qb_ipc_response_header hdr = { };
63- hdr.id = QB_IPC_MSG_USER_START + IPC::messageTypeNameToNumber(message->GetTypeName());
64+ hdr.id = QB_IPC_MSG_USER_START + IPC::messageTypeNameToNumber(std::string(message->GetTypeName()));
65 hdr.size = sizeof hdr + payload.size();
66 hdr.error = 0;
67 struct iovec iov[2];
68@@ -563,7 +563,7 @@ namespace usbguard
69 iov[0].iov_len = sizeof hdr;
70 iov[1].iov_base = (void*)payload.data();
71 iov[1].iov_len = payload.size();
72- qbIPCBroadcastData(iov, 2, messageTypeNameToAccessControlSection(message->GetTypeName()));
73+ qbIPCBroadcastData(iov, 2, messageTypeNameToAccessControlSection(std::string(message->GetTypeName())));
74 iov[0].iov_base = nullptr;
75 iov[1].iov_base = nullptr;
76 }
77diff --git a/src/Library/IPCServerPrivate.hpp b/src/Library/IPCServerPrivate.hpp
78index 25f9ac3..3b3dcc5 100644
79--- a/src/Library/IPCServerPrivate.hpp
80+++ b/src/Library/IPCServerPrivate.hpp
81@@ -134,7 +134,7 @@ namespace usbguard
82 void registerHandler(MessageHandler::HandlerType method, IPCServer::AccessControl::Section section,
83 IPCServer::AccessControl::Privilege privilege)
84 {
85- const uint32_t type_number = IPC::messageTypeNameToNumber(T::default_instance().GetTypeName());
86+ const uint32_t type_number = IPC::messageTypeNameToNumber(std::string(T::default_instance().GetTypeName()));
87 _handlers.emplace(type_number, MessageHandler::create<T>(*this, method, section, privilege));
88 }
89
diff --git a/meta-oe/recipes-security/usbguard/usbguard/0001-include-missing-cstdint.patch b/meta-oe/recipes-security/usbguard/usbguard/0001-include-missing-cstdint.patch
deleted file mode 100644
index 5cbe64091c..0000000000
--- a/meta-oe/recipes-security/usbguard/usbguard/0001-include-missing-cstdint.patch
+++ /dev/null
@@ -1,45 +0,0 @@
1From 1da0cfbb9ae978822d961d8b22d8d5125c11247a Mon Sep 17 00:00:00 2001
2From: Khem Raj <raj.khem@gmail.com>
3Date: Thu, 26 Jan 2023 23:46:56 -0800
4Subject: [PATCH] include missing <cstdint>
5
6gcc 13 moved some includes around and as a result <cstdint> is no
7longer transitively included [1]. Explicitly include it for
8uint8_t.
9
10[1] https://gcc.gnu.org/gcc-13/porting_to.html#header-dep-changes
11
12Upstream-Status: Submitted [https://github.com/USBGuard/usbguard/pull/583]
13Signed-off-by: Khem Raj <raj.khem@gmail.com>
14---
15 src/Library/Base64.cpp | 1 -
16 src/Library/Base64.hpp | 1 +
17 2 files changed, 1 insertion(+), 1 deletion(-)
18
19diff --git a/src/Library/Base64.cpp b/src/Library/Base64.cpp
20index ddb28dc..0246a13 100644
21--- a/src/Library/Base64.cpp
22+++ b/src/Library/Base64.cpp
23@@ -22,7 +22,6 @@
24
25 #include "Base64.hpp"
26 #include <stdexcept>
27-#include <cstdint>
28
29 namespace usbguard
30 {
31diff --git a/src/Library/Base64.hpp b/src/Library/Base64.hpp
32index 0947f21..e0c745c 100644
33--- a/src/Library/Base64.hpp
34+++ b/src/Library/Base64.hpp
35@@ -23,6 +23,7 @@
36 #endif
37
38 #include <string>
39+#include <cstdint>
40 #include <cstddef>
41
42 namespace usbguard
43--
442.39.1
45
diff --git a/meta-oe/recipes-security/usbguard/usbguard_1.1.2.bb b/meta-oe/recipes-security/usbguard/usbguard_1.1.3.bb
index c062f27059..558f4347b6 100644
--- a/meta-oe/recipes-security/usbguard/usbguard_1.1.2.bb
+++ b/meta-oe/recipes-security/usbguard/usbguard_1.1.3.bb
@@ -12,10 +12,11 @@ LICENSE = "GPL-2.0-only"
12LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263" 12LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263"
13 13
14SRC_URI = "https://github.com/USBGuard/usbguard/releases/download/${BPN}-${PV}/${BPN}-${PV}.tar.gz \ 14SRC_URI = "https://github.com/USBGuard/usbguard/releases/download/${BPN}-${PV}/${BPN}-${PV}.tar.gz \
15 file://0001-include-missing-cstdint.patch \ 15 file://0001-Add-and-use-pkgconfig-instead-of-libgcrypt-config.patch \
16 file://0001-Add-and-use-pkgconfig-instead-of-libgcrypt-config.patch" 16 file://0001-Adapt-for-protobuf-30.0-API-changes.patch \
17 "
17 18
18SRC_URI[sha256sum] = "dcf5c90f3f93030e04df1baeb8d388b678c40dd48b135ea12a7be7dee8944934" 19SRC_URI[sha256sum] = "707dad2938923202697f636c2b4e0be80f192242039a2af3fc7ac35d03f78551"
19 20
20inherit autotools-brokensep bash-completion pkgconfig systemd github-releases 21inherit autotools-brokensep bash-completion pkgconfig systemd github-releases
21 22
@@ -28,6 +29,8 @@ EXTRA_OECONF += "\
28 --with-bundled-pegtl \ 29 --with-bundled-pegtl \
29" 30"
30 31
32LDFLAGS:append:riscv32 = " -latomic"
33
31PACKAGECONFIG ?= "\ 34PACKAGECONFIG ?= "\
32 openssl \ 35 openssl \
33 ${@bb.utils.filter('DISTRO_FEATURES', 'polkit', d)} \ 36 ${@bb.utils.filter('DISTRO_FEATURES', 'polkit', d)} \
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-08 18:15:24 +0000