[yocto] [meta-security][PATCH] isic: Add new package

Armin Kuster akuster808 at gmail.com
Fri Sep 19 22:24:37 PDT 2014 

This adds the ISIC is a suite of utilities to exercise the stability of an IP and its component stacks (TCP/UDP/ICMP etc.) It generates piles of pseudo random packets with configurable tendancies, then sent to the target to penetrate its firewall rules or find bug

backported two patches from Redhat.

Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
 recipes-security/isic/files/configure_fix.patch    | 170 +++++++++++++++++++++
 recipes-security/isic/files/isic-0.07-make.patch   |  23 +++
 .../isic/files/isic-0.07-netinet.patch             |  68 +++++++++
 recipes-security/isic/isic_0.07.bb                 |  30 ++++
 4 files changed, 291 insertions(+)
 create mode 100644 recipes-security/isic/files/configure_fix.patch
 create mode 100644 recipes-security/isic/files/isic-0.07-make.patch
 create mode 100644 recipes-security/isic/files/isic-0.07-netinet.patch
 create mode 100644 recipes-security/isic/isic_0.07.bb

diff --git a/recipes-security/isic/files/configure_fix.patch b/recipes-security/isic/files/configure_fix.patch
new file mode 100644
index 0000000..fc2a774
--- /dev/null
+++ b/recipes-security/isic/files/configure_fix.patch
@@ -0,0 +1,170 @@
+isic: add with-libnet remove libnet test
+
+Inappropriate - builds fine on non-oe systems. We need to exlude
+cross compile libnet test. Pass in the location for libnet.a. Path
+did not support mulitlib either.
+
+Signed-off-by: Armin Kuster <akuster808 at gmail.com>
+
+Index: isic-0.07/configure
+===================================================================
+--- isic-0.07.orig/configure
++++ isic-0.07/configure
+@@ -45,6 +45,8 @@ includedir='${prefix}/include'
+ oldincludedir='/usr/include'
+ infodir='${prefix}/info'
+ mandir='${prefix}/man'
++with_libnet_libraries
++libnet_libraries
+ 
+ # Initialize some other variables.
+ subdirs=
+@@ -180,6 +182,7 @@ Features and packages:
+   --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)
+   --x-includes=DIR        X include files are in DIR
+   --x-libraries=DIR       X library files are in DIR
++  --with-libnet-dir=DIR   libnet library is in this DIR
+ EOF
+     if test -n "$ac_help"; then
+       echo "--enable and --with options recognized:$ac_help"
+@@ -828,117 +832,36 @@ test -z "$INSTALL_SCRIPT" && INSTALL_SCR
+ test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
+ 
+ 
+-PREFIX=/usr/local
+-
+-ac_safe=`echo "$PREFIX/lib/libnet.a" | sed 'y%./+-%__p_%'`
+-echo $ac_n "checking for $PREFIX/lib/libnet.a""... $ac_c" 1>&6
+-echo "configure:836: checking for $PREFIX/lib/libnet.a" >&5
+-if eval "test \"`echo '$''{'ac_cv_file_$ac_safe'+set}'`\" = set"; then
+-  echo $ac_n "(cached) $ac_c" 1>&6
+-else
+-  if test "$cross_compiling" = yes; then
+-    { echo "configure: error: Cannot check for file existence when cross compiling" 1>&2; exit 1; }
+-else
+-  if test -r $PREFIX/lib/libnet.a; then
+-    eval "ac_cv_file_$ac_safe=yes"
+-  else
+-    eval "ac_cv_file_$ac_safe=no"
+-  fi
+-fi
+-fi
+-if eval "test \"`echo '$ac_cv_file_'$ac_safe`\" = yes"; then
+-  echo "$ac_t""yes" 1>&6
+-  FOO=$LIBS; CFLAGS="$CFLAGS -I$PREFIX/include" LIBS="-L$PREFIX/lib $LIBS"
+-else
+-  echo "$ac_t""no" 1>&6
+-
+-fi
+-
+-echo $ac_n "checking for -lnet""... $ac_c" 1>&6
+-echo "configure:884: checking for -lnet" >&5
+-if eval "test \"`echo '$''{'ac_cv_lib_net'+set}'`\" = set"; then
+-  echo $ac_n "(cached) $ac_c" 1>&6
+-else
+-  ac_save_LIBS="$LIBS"
+-LIBS="-lnet  $LIBS"
+-cat > conftest.$ac_ext <<EOF
+-#line 891 "configure"
+-#include "confdefs.h"
+-
+-int main() {
+-main()
+-; return 0; }
+-EOF
+-if { (eval echo configure:898: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+-  rm -rf conftest*
+-  ac_cv_lib_net=yes
+-else
+-  echo "configure: failed program was:" >&5
+-  cat conftest.$ac_ext >&5
+-  rm -rf conftest*
+-  ac_cv_lib_net=no
++LIBNET_GLOB='libnet.a'
++libnet_libraries=""
++ac_libnet_libraries=NO
++
++# Check whether --with-libnet-libraries was given.
++if test "${with_libnet_libraries+set}" = set; then :
++  withval=$with_libnet_libraries;   ac_libnet_libraries="$withval"
++fi
++
++if test ! "$ac_libnet_libraries" = "NO"; then
++  libnet_libdir=$ac_libnet_libraries
++else
++  libnet_libdirs="/usr/lib"
++  libnet_libdir=NONE
++  for dir in $libnet_libdirs; do
++    try="ls -1 $dir/${LIBNET_GLOB}"
++    if test -n "`$try 2> /dev/null`"; then libnet_libdir=$dir; break; else echo "tried $dir" >&5; fi
++  done
+ fi
+-rm -f conftest*
+-LIBS="$ac_save_LIBS"
+ 
+-fi
+-echo "$ac_t""$ac_cv_lib_net" 1>&6
+-if test "$ac_cv_lib_net" = yes; then
+-  DEFINES=  
+-else
+-  { echo "configure: error: Cannot find libnet...  please get it from
+-	http://www.packetfactory.net/libnet" 1>&2; exit 1; }
+-fi
++ac_libnet_libdir="$libnet_libdir"
+ 
+-echo $ac_n "checking for libnet_init in -lnet""... $ac_c" 1>&6
+-echo "configure:921: checking for libnet_init in -lnet" >&5
+-ac_lib_var=`echo net'_'libnet_init | sed 'y%./+-%__p_%'`
+-if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+-  echo $ac_n "(cached) $ac_c" 1>&6
+-else
+-  ac_save_LIBS="$LIBS"
+-LIBS="-lnet  $LIBS"
+-cat > conftest.$ac_ext <<EOF
+-#line 929 "configure"
+-#include "confdefs.h"
+-/* Override any gcc2 internal prototype to avoid an error.  */
+-/* We use char because int might match the return type of a gcc2
+-    builtin and then its argument prototype would still apply.  */
+-char libnet_init();
+-
+-int main() {
+-libnet_init()
+-; return 0; }
+-EOF
+-if { (eval echo configure:940: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+-  rm -rf conftest*
+-  eval "ac_cv_lib_$ac_lib_var=yes"
+-else
+-  echo "configure: failed program was:" >&5
+-  cat conftest.$ac_ext >&5
+-  rm -rf conftest*
+-  eval "ac_cv_lib_$ac_lib_var=no"
++if test "$libnet_libraries"; then
++  libnet_libraries="$ac_libnet_libdir"
+ fi
+-rm -f conftest*
+-LIBS="$ac_save_LIBS"
+-
+-fi
+-if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+-  echo "$ac_t""yes" 1>&6
+-    ac_tr_lib=HAVE_LIB`echo net | sed -e 's/[^a-zA-Z0-9_]/_/g' \
+-    -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'`
+-  cat >> confdefs.h <<EOF
+-#define $ac_tr_lib 1
+-EOF
+ 
+-  LIBS="-lnet $LIBS"
+-
+-else
+-  echo "$ac_t""no" 1>&6
++if test "$libnet_libraries" != "$x_libraries" && test -n "$libnet_libraries"; then
++  LIBS="$LIBS -lnet"
+ fi
+ 
+-
+-
+ echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6
+ echo "configure:970: checking how to run the C preprocessor" >&5
+ # On Suns, sometimes $CPP names a directory.
diff --git a/recipes-security/isic/files/isic-0.07-make.patch b/recipes-security/isic/files/isic-0.07-make.patch
new file mode 100644
index 0000000..9cffa8a
--- /dev/null
+++ b/recipes-security/isic/files/isic-0.07-make.patch
@@ -0,0 +1,23 @@
+isic: Fixup makefile to support destination
+
+Backport:
+http://pkgs.fedoraproject.org/cgit/isic.git/tree/isic-0.07-make.patch
+
+Signed-off-by: Armin Kuster <akuser808 at gmail.com>
+
+Index: isic-0.07/Makefile.in
+===================================================================
+--- isic-0.07.orig/Makefile.in
++++ isic-0.07/Makefile.in
+@@ -63,7 +63,7 @@ package: distclean
+ 	  tar -czvf isic-$(VERSION).tgz ./isic-$(VERSION)/* )
+ 
+ install: $(BINS) $(MAN)
+-	$(INSTALL) -m 0755 -d $(PREFIX)/bin
+-	$(INSTALL) -m 0755 -c $(BINS) $(PREFIX)/bin
+-	$(INSTALL) -m 0755 -d $(PREFIX)/man/man1
+-	${INSTALL} -m 0755 -c $(MAN) $(PREFIX)/man/man1
++	$(INSTALL) -m 0755 -d $(DESTDIR)$(PREFIX)/bin
++	$(INSTALL) -m 0755 -c $(BINS) $(DESTDIR)$(PREFIX)/bin
++	$(INSTALL) -m 0755 -d $(DESTDIR)$(PREFIX)/share/man/man1
++	${INSTALL} -m 0755 -c $(MAN) $(DESTDIR)$(PREFIX)/share/man/man1
diff --git a/recipes-security/isic/files/isic-0.07-netinet.patch b/recipes-security/isic/files/isic-0.07-netinet.patch
new file mode 100644
index 0000000..c4ea74e
--- /dev/null
+++ b/recipes-security/isic/files/isic-0.07-netinet.patch
@@ -0,0 +1,68 @@
+isic: add missing header file
+
+Backport:
+http://pkgs.fedoraproject.org/cgit/isic.git/tree/isic-0.07-netinet.patch
+
+Signed-off-by: Armin Kuster <akuster808 at gmail.com>
+
+Index: isic-0.07/multisic.c
+===================================================================
+--- isic-0.07.orig/multisic.c
++++ isic-0.07/multisic.c
+@@ -1,5 +1,8 @@
+ #include "isic.h"
+ 
++#include <netinet/udp.h>
++/*#include <netinet/tcp.h>*/
++
+ /* This is tuned for ethernet sized frames (1500 bytes)
+  * For user over a modem or frame (or other) you will have to change the
+  * 'rand() & 0x4ff' line below.  The 0x4ff needs to be less than the size of
+Index: isic-0.07/tcpsic.c
+===================================================================
+--- isic-0.07.orig/tcpsic.c
++++ isic-0.07/tcpsic.c
+@@ -1,5 +1,7 @@
+ #include "isic.h"
+ 
++#include <netinet/tcp.h>
++
+ /* This is tuned for ethernet sized frames (1500 bytes)
+  * For user over a modem or frame (or other) you will have to change the
+  * 'rand() & 0x4ff' line below.  The 0x4ff needs to be less than the size of
+Index: isic-0.07/tcpsic6.c
+===================================================================
+--- isic-0.07.orig/tcpsic6.c
++++ isic-0.07/tcpsic6.c
+@@ -1,5 +1,7 @@
+ #include "isic.h"
+ 
++#include <netinet/tcp.h>
++
+ /* This is tuned for ethernet sized frames (1500 bytes)
+  * For user over a modem or frame (or other) you will have to change the
+  * 'rand() & 0x4ff' line below.  The 0x4ff needs to be less than the size of
+Index: isic-0.07/udpsic.c
+===================================================================
+--- isic-0.07.orig/udpsic.c
++++ isic-0.07/udpsic.c
+@@ -1,5 +1,7 @@
+ #include "isic.h"
+ 
++#include <netinet/udp.h>
++
+ /* This is tuned for ethernet sized frames (1500 bytes)
+  * For user over a modem or frame (or other) you will have to change the
+  * 'rand() & 0x4ff' line below.  The 0x4ff needs to be less than the size of
+Index: isic-0.07/udpsic6.c
+===================================================================
+--- isic-0.07.orig/udpsic6.c
++++ isic-0.07/udpsic6.c
+@@ -1,5 +1,7 @@
+ #include "isic.h"
+ 
++#include <netinet/udp.h>
++
+ /* This is tuned for ethernet sized frames (1500 bytes)
+  * For user over a modem or frame (or other) you will have to change the
+  * 'rand() & 0x4ff' line below.  The 0x4ff needs to be less than the size of
diff --git a/recipes-security/isic/isic_0.07.bb b/recipes-security/isic/isic_0.07.bb
new file mode 100644
index 0000000..fb6e904
--- /dev/null
+++ b/recipes-security/isic/isic_0.07.bb
@@ -0,0 +1,30 @@
+SUMMARY = "ISIC -- IP Stack Integrity Checker"
+DESCRIPTION = "ISIC is a suite of utilities to exercise the stability of an IP Stack and its component stacks (TCP, UDP, ICMP et. al.)"
+HOMEPAGE = "http://isic.sourceforge.net/"
+SECTION = "security"
+LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=d41d8cd98f00b204e9800998ecf8427e"
+
+DEPENDS = "libnet"
+PARALLEL_MAKE = ""
+
+SRC_URI = "http://prdownloads.sourceforge.net/isic/${BPN}-${PV}.tgz \
+    file://configure_fix.patch \
+    file://isic-0.07-netinet.patch \
+    file://isic-0.07-make.patch \
+    "
+
+SRC_URI[md5sum] = "29f70c9bde9aa9128b8f7e66a315f9a4"
+SRC_URI[sha256sum] = "e033c53e03e26a4c72b723e2a5a1c433ee70eb4d23a1ba0d7d7e14ee1a80429d"
+
+S="${WORKDIR}/${BPN}-${PV}"
+
+inherit autotools-brokensep
+
+EXTRA_OECONF += "--with-libnet-dir=${STAGING_DIR_HOST}${libdir} "
+
+do_configure () {
+    oe_runconf
+}
+
+RDEPNEDS += "libnet"
-- 
1.9.1

More information about the yocto mailing list