diff --git a/.gitignore b/.gitignore index 70f00df..67147cf 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ /nmap-*.tar.bz2 /nmap-7.91.tar.bz2.asc /nmap_gpgkeys.txt +/nmap-7.80.tar.bz2.asc diff --git a/ncat-fix-unix-domain-socket-crash.patch b/ncat-fix-unix-domain-socket-crash.patch deleted file mode 100644 index be9efbb..0000000 --- a/ncat-fix-unix-domain-socket-crash.patch +++ /dev/null @@ -1,29 +0,0 @@ -From f6b40614e4a8131394792d590965f8af3c635323 Mon Sep 17 00:00:00 2001 -From: nnposter -Date: Fri, 16 Oct 2020 02:54:52 +0000 -Subject: [PATCH] Fix a Unix domain socket crash. Fixes #2154 - -Upstream: https://github.com/nmap/nmap/commit/f6b40614e4a8131394792d590965f8af3c635323 - -diff --git a/ncat/ncat_main.c b/ncat/ncat_main.c -index d59b951..92eccad 100644 ---- a/ncat/ncat_main.c -+++ b/ncat/ncat_main.c -@@ -848,7 +848,7 @@ int main(int argc, char *argv[]) - targetaddrs->addr.un.sun_family = AF_UNIX; - strncpy(targetaddrs->addr.un.sun_path, argv[optind], sizeof(targetaddrs->addr.un.sun_path)); - targetaddrs->addrlen = SUN_LEN(&targetaddrs->addr.un); -- o.target = argv[optind]; -+ o.sslservername = o.target = argv[optind]; - optind++; - } else - #endif -@@ -867,7 +867,7 @@ int main(int argc, char *argv[]) - targetaddrs->addr.vm.svm_cid = long_cid; - - targetaddrs->addrlen = sizeof(targetaddrs->addr.vm); -- o.target = argv[optind]; -+ o.sslservername = o.target = argv[optind]; - optind++; - } - } else diff --git a/nmap-unsolicited_arp_assert.patch b/nmap-unsolicited_arp_assert.patch new file mode 100644 index 0000000..893074c --- /dev/null +++ b/nmap-unsolicited_arp_assert.patch @@ -0,0 +1,32 @@ +From 33f421fd6e68fcb8ed50071661d9704717c81b2b Mon Sep 17 00:00:00 2001 +From: dmiller +Date: Tue, 3 Dec 2019 17:04:13 +0000 +Subject: [PATCH] Avoid assertion failure when unsolicited ARP response + received + +We probably want a more explicit handling of the case where we get an +ARP response to a request that we did not send (system's own, or another +Nmap scan running at the same time). In any case, this ought to solve +the crashes reported as #1797 and #1764. +--- + scan_engine.cc | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/scan_engine.cc b/scan_engine.cc +index bd73cc8ead..7a4766da26 100644 +--- a/scan_engine.cc ++++ b/scan_engine.cc +@@ -1275,7 +1275,12 @@ int UltraScanInfo::removeCompletedHosts() { + } + if (timedout) + gstats->num_hosts_timedout++; +- hss->target->stopTimeOutClock(&now); ++ /* We may have received an ARP response before we sent a probe, which ++ * would mean the timeout clock is not running. Avoid an assertion ++ * failure here by checking first. */ ++ if (hss->target->timeOutClockRunning()) { ++ hss->target->stopTimeOutClock(&now); ++ } + } + } + return hostsRemoved; diff --git a/nmap.spec b/nmap.spec index 2223393..1ebc2b3 100644 --- a/nmap.spec +++ b/nmap.spec @@ -4,10 +4,10 @@ %global _hardened_build 1 Name: nmap -Epoch: 2 -Version: 7.91 +Epoch: 3 +Version: 7.80 #global prerelease TEST5 -Release: 3%{?dist} +Release: 6%{?dist} Summary: Network exploration tool and security scanner URL: http://nmap.org/ # Uses combination of licenses based on GPL license, but with extra modification @@ -18,6 +18,7 @@ Source0: http://nmap.org/dist/%{name}-%{version}%{?prerelease}.tar.bz2 Source1: https://nmap.org/dist/sigs/%{name}-%{version}.tar.bz2.asc Source2: https://svn.nmap.org/nmap/docs/nmap_gpgkeys.txt + #prevent possible race condition for shtool, rhbz#158996 Patch1: nmap-4.03-mktemp.patch @@ -27,12 +28,11 @@ Patch2: nmap-4.52-noms.patch # upstream provided patch for rhbz#845005, not yet in upstream repository Patch3: ncat_reg_stdin.diff Patch4: nmap-6.25-displayerror.patch +# https://github.com/nmap/nmap/commit/33f421fd6e68fcb8ed50071661d9704717c81b2b.patch +Patch5: nmap-unsolicited_arp_assert.patch -# Upstream patch to prevent crash with UNIX domain sockets. -Patch5: ncat-fix-unix-domain-socket-crash.patch -BuildRequires: make -BuildRequires: automake +BuildRequires: automake make BuildRequires: autoconf BuildRequires: gcc-c++ BuildRequires: gettext-devel @@ -85,6 +85,7 @@ uses. %{gpgverify} --keyring=%{SOURCE2} --signature='%{SOURCE1}' --data='%{SOURCE0}' %autosetup -p1 + #be sure we're not using tarballed copies of some libraries #rm -rf liblua libpcap libpcre macosx mswin32 ###TODO### @@ -123,7 +124,7 @@ ln -s ncat %{buildroot}%{_bindir}/nc %find_lang nmap --with-man %files -f nmap.lang -%license LICENSE +%license COPYING* %doc docs/README %doc docs/nmap.usage.txt %{_bindir}/nmap @@ -133,7 +134,7 @@ ln -s ncat %{buildroot}%{_bindir}/nc %{_datadir}/nmap %files ncat -%license LICENSE +%license COPYING %doc ncat/docs/AUTHORS ncat/docs/README ncat/docs/THANKS ncat/docs/examples %{_bindir}/nc %{_bindir}/ncat @@ -141,12 +142,8 @@ ln -s ncat %{buildroot}%{_bindir}/nc %{_mandir}/man1/ncat.1.gz %changelog -* Thu Oct 29 2020 Pavel Zhukov - 2:7.91-3 -- Add source verification - -* Thu Oct 22 2020 Sergio Correia 2:7.91-2 -- Backport fix for UNIX domain socket crash - Upstream: https://github.com/nmap/nmap/commit/f6b40614e4a8131394792d590965f8af3c635323 +* Sun Jan 10 2021 Pavel Zhukov - 3:7.80-7 +- Drop nmap >= 7.90 * Thu Aug 20 2020 Pavel Zhukov - 2:7.80-6 - Drop libssh from eln diff --git a/sources b/sources index 3243527..d0af46c 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (nmap-7.91.tar.bz2) = 9d59f031b5f748311e9f9a0b9d05ad4a7a70fc6ac17598d7c4c81a4825c95d53817d74435d839e67b9379a052f2d37889fd634f9c75301a851f465d60fb9974d -SHA512 (nmap-7.91.tar.bz2.asc) = 376b74fc15896a1008709dac45b5af5d35ca00a1753994aba3ee6cffe2c2f0d67619fab45d57e83b454cfb376defe965f2bf881ef4cb8d5f8f2215979ad8ee96 +SHA512 (nmap-7.80.tar.bz2.asc) = e55e371a0c7faa08535e8a3c182a3723b90d1beec0489e5aa432c604c0fbda5f3ff187e6a6bc7fbc56f4ae00bca2ca392d955f6578ebf7ffb75c8067b411ed02 SHA512 (nmap_gpgkeys.txt) = ab9dddbedb7c74697ae1ec68e456e3d607c057b4ca9a3bf0269a9fde0289e81031ec15718da2686aa7a68b5428e95042072c53f93925439ba6b60abf43e61317 +SHA512 (nmap-7.80.tar.bz2) = d4384d3ebf4f3abf3588eed5433f733874ecdceb9342a718dc36db19634b0cc819d73399974eb0a9a9c9dd9e5c88473e07644ec91db28b0c072552b54430be6b