rpms/nmap
6
0
Fork 0
Code Issues Pull Requests Releases Activity

New version 7.70 (#1558770)

Browse Source
This commit is contained in:
Pavel Zhukov 2018-03-21 09:46:46 +01:00
parent cace7b65b6
commit 51b89a61e5
6 changed files with 7 additions and 349 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1 +1,2 @@
/nmap-7.60.tar.bz2 /nmap-7.60.tar.bz2
/nmap-7.70.tar.bz2

48
nmap-7.60-bundled_libssh2_libz.patch
View File

@ -1,48 +0,0 @@
commit fd0db097498d5ff29f647508a80915d4d0e8d84a
Author: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Thu Aug 3 15:16:49 2017 +0000
Report appropriate zlib/libssh2 versions. Closes #957
diff --git a/nmap.cc b/nmap.cc
index 512cb4a6e..5345d7311 100644
--- a/nmap.cc
+++ b/nmap.cc
@@ -182,11 +182,11 @@
#endif
#if HAVE_LIBSSH2
-#include "libssh2/libssh2v.h"
+#include <libssh2.h>
#endif
#if HAVE_LIBZ
-#include "libz/libzv.h"
+#include <zlib.h>
#endif
/* To get the version number only. */
@@ -2720,9 +2720,9 @@ static void display_nmap_version() {
#if HAVE_LIBSSH2
#ifdef LIBSSH2_INCLUDED
- with.push_back(std::string("nmap-libssh2-") + get_word_or_quote(LIBSSH2_VERSION_TEXT, 1));
+ with.push_back(std::string("nmap-libssh2-") + get_word_or_quote(LIBSSH2_VERSION, 0));
#else
- with.push_back(std::string("libssh2-") + get_word_or_quote(LIBSSH2_VERSION_TEXT, 1));
+ with.push_back(std::string("libssh2-") + get_word_or_quote(LIBSSH2_VERSION, 0));
#endif
#else
without.push_back("libssh2");
@@ -2730,9 +2730,9 @@ static void display_nmap_version() {
#if HAVE_LIBZ
#ifdef ZLIB_INCLUDED
- with.push_back(std::string("nmap-libz-") + get_word_or_quote(LIBZ_VERSION_TEXT, 1));
+ with.push_back(std::string("nmap-libz-") + get_word_or_quote(ZLIB_VERSION, 0));
#else
- with.push_back(std::string("libz-") + get_word_or_quote(LIBZ_VERSION_TEXT, 1));
+ with.push_back(std::string("libz-") + get_word_or_quote(ZLIB_VERSION, 0));
#endif
#else
without.push_back("libz");

258
nmap-7.60-memleak.patch
View File

@ -1,258 +0,0 @@
commit 7e876de88995807350e401e277384a10fe5b9d74
Author: nnposter <nnposter@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Fri Aug 18 02:24:37 2017 +0000
Makes sure that nsock_pool is properly disposed of if the proxy connection fails. Closes #973
diff --git a/ncat/ncat_connect.c b/ncat/ncat_connect.c
index d8c73ab1b..5695800a3 100644
--- a/ncat/ncat_connect.c
+++ b/ncat/ncat_connect.c
@@ -1049,7 +1049,10 @@ int ncat_connect(void)
}
if (connect_socket == -1)
+ {
+ nsock_pool_delete(mypool);
return 1;
+ }
/* Clear out whatever is left in the socket buffer which may be
already sent by proxy server along with http response headers. */
//line = socket_buffer_remainder(&stateful_buf, &n);
commit 19d62a81013cbab56957b982f7a581dd7622a9d1
Author: Pavel Zhukov <pzhukov@redhat.com>
Date: Fri Aug 18 10:30:20 2017 +0200
Makes sure that proxy_auth is properly disposed of if the proxy connection fails.
In case of error in proxy connection initialization proxy_auth pointer
goes out of scope and memory leak reported by static analizer tool.
While this is not critical because of application exit the fix is trivial.
diff --git a/ncat/ncat_connect.c b/ncat/ncat_connect.c
index 5695800a3..bad673770 100644
--- a/ncat/ncat_connect.c
+++ b/ncat/ncat_connect.c
@@ -664,7 +664,7 @@ static int do_proxy_socks5(void)
int sd,len,lenfqdn;
struct socks5_request socks5msg2;
struct socks5_auth socks5auth;
- char *proxy_auth;
+ char *proxy_auth = NULL;
char *username;
char *password;
@@ -695,21 +695,18 @@ static int do_proxy_socks5(void)
if (send(sd, (char *) &socks5msg, len, 0) < 0) {
loguser("Error: proxy request: %s.\n", socket_strerror(socket_errno()));
- close(sd);
- return -1;
+ goto error;
}
/* first response just two bytes, version and auth method */
if (socket_buffer_readcount(&stateful_buf, socksbuf, 2) < 0) {
loguser("Error: malformed first response from proxy.\n");
- close(sd);
- return -1;
+ goto error;
}
if (socksbuf[0] != 5){
loguser("Error: got wrong server version in response.\n");
- close(sd);
- return -1;
+ goto error;
}
switch(socksbuf[1]) {
@@ -720,8 +717,7 @@ static int do_proxy_socks5(void)
case SOCKS5_AUTH_GSSAPI:
loguser("GSSAPI authentication method not supported.\n");
- close(sd);
- return -1;
+ goto error;
case SOCKS5_AUTH_USERPASS:
if (o.verbose)
@@ -729,14 +725,12 @@ static int do_proxy_socks5(void)
if(!o.proxy_auth){
loguser("Error: proxy requested to do authentication, but no credentials were provided.\n");
- close(sd);
- return -1;
+ goto error;
}
if (strlen(o.proxy_auth) > SOCKS_BUFF_SIZE-2){
loguser("Error: username and password are too long to fit into buffer.\n");
- close(sd);
- return -1;
+ goto error;
}
/* Split up the proxy auth argument. */
@@ -744,10 +738,8 @@ static int do_proxy_socks5(void)
username = strtok(proxy_auth, ":");
password = strtok(NULL, ":");
if (password == NULL || username == NULL) {
- free(proxy_auth);
loguser("Error: empty username or password.\n");
- close(sd);
- return -1;
+ goto error;
}
/*
@@ -776,28 +768,24 @@ static int do_proxy_socks5(void)
if (send(sd, (char *) &socks5auth, len, 0) < 0) {
loguser("Error: sending proxy authentication.\n");
- close(sd);
- return -1;
+ goto error;
}
if (socket_buffer_readcount(&stateful_buf, socksbuf, 2) < 0) {
loguser("Error: malformed proxy authentication response.\n");
- close(sd);
- return -1;
+ goto error;
}
if (socksbuf[0] != 1 || socksbuf[1] != 0) {
loguser("Error: authentication failed.\n");
- close(sd);
- return -1;
+ goto error;
}
break;
default:
loguser("Error - can't choose any authentication method.\n");
- close(sd);
- return -1;
+ goto error;
}
zmem(&socks5msg2,sizeof(socks5msg2));
@@ -826,8 +814,7 @@ static int do_proxy_socks5(void)
lenfqdn=strlen(o.target);
if (lenfqdn > SOCKS_BUFF_SIZE-5){
loguser("Error: host name too long.\n");
- close(sd);
- return -1;
+ goto error;
}
socks5msg2.dst[0]=lenfqdn;
memcpy(socks5msg2.dst+1,o.target,lenfqdn);
@@ -839,21 +826,18 @@ static int do_proxy_socks5(void)
if (len > sizeof(socks5msg2)){
loguser("Error: address information too large.\n");
- close(sd);
- return -1;
+ goto error;
}
if (send(sd, (char *) &socks5msg2, len, 0) < 0) {
loguser("Error: sending proxy request: %s.\n", socket_strerror(socket_errno()));
- close(sd);
- return -1;
+ goto error;
}
/* TODO just two bytes for now, need to read more for bind */
if (socket_buffer_readcount(&stateful_buf, socksbuf, 2) < 0) {
loguser("Error: malformed second response from proxy.\n");
- close(sd);
- return -1;
+ goto error;
}
switch(socksbuf[1]) {
@@ -863,43 +847,40 @@ static int do_proxy_socks5(void)
break;
case 1:
loguser("Error: general SOCKS server failure.\n");
- close(sd);
- return -1;
+ goto error;
case 2:
loguser("Error: connection not allowed by ruleset.\n");
- close(sd);
- return -1;
+ goto error;
case 3:
loguser("Error: Network unreachable.\n");
- close(sd);
- return -1;
+ goto error;
case 4:
loguser("Error: Host unreachable.\n");
- close(sd);
- return -1;
+ goto error;
case 5:
loguser("Error: Connection refused.\n");
- close(sd);
- return -1;
+ goto error;
case 6:
loguser("Error: TTL expired.\n");
- close(sd);
- return -1;
+ goto error;
case 7:
loguser("Error: Command not supported.\n");
- close(sd);
- return -1;
+ goto error;
case 8:
loguser("Error: Address type not supported.\n");
- close(sd);
- return -1;
+ goto error;
default:
loguser("Error: unassigned value in the reply.\n");
- close(sd);
- return -1;
+ goto error;
}
return(sd);
+error:
+ if (proxy_auth != NULL)
+ free(proxy_auth);
+ close(sd);
+ return -1;
+
}
static nsock_iod new_iod(nsock_pool mypool) {
commit e61c827fb0e7c0df8539b10ac31e67c82cf1425f
Author: Pavel Zhukov <pzhukov@redhat.com>
Date: Fri Aug 18 13:15:45 2017 +0200
Always free proxy_auth
diff --git a/ncat/ncat_connect.c b/ncat/ncat_connect.c
index bad673770..d77b6d1bc 100644
--- a/ncat/ncat_connect.c
+++ b/ncat/ncat_connect.c
@@ -874,10 +874,10 @@ static int do_proxy_socks5(void)
goto error;
}
+ free(proxy_auth);
return(sd);
error:
- if (proxy_auth != NULL)
- free(proxy_auth);
+ free(proxy_auth);
close(sd);
return -1;

29
nmap-7.60-udp_remoteaddr.patch
View File

@ -1,29 +0,0 @@
commit e8b73078fd56a4d16ffa9cbb51f43ac75c5f7f1f
Author: nnposter <nnposter@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Mon Sep 11 02:33:07 2017 +0000
Provides more meaningful information about the connecting client when in UDP listening mode. Closes #980
diff --git a/ncat/ncat_listen.c b/ncat/ncat_listen.c
index b047a5866..20b14b7db 100644
--- a/ncat/ncat_listen.c
+++ b/ncat/ncat_listen.c
@@ -898,8 +898,8 @@ static int ncat_listen_dgram(int proto)
ncat_log_recv(buf, nbytes);
}
- if (o.debug > 1)
- logdebug("Valid Connection from %d\n", socket_n);
+ if (o.verbose)
+ loguser("Connection from %s.\n", inet_socktop(&remotess));
conn_inc++;
@@ -917,6 +917,7 @@ static int ncat_listen_dgram(int proto)
struct fdinfo info = { 0 };
info.fd = socket_n;
+ info.remoteaddr = remotess;
if (o.keepopen)
netrun(&info, o.cmdexec);
else

18
nmap.spec
View File

@ -6,9 +6,9 @@
Summary: Network exploration tool and security scanner Summary: Network exploration tool and security scanner
Name: nmap Name: nmap
Epoch: 2 Epoch: 2
Version: 7.60 Version: 7.70
#global prerelease TEST5 #global prerelease TEST5
Release: 14%{?dist} Release: 1%{?dist}
# Uses combination of licenses based on GPL license, but with extra modification # Uses combination of licenses based on GPL license, but with extra modification
# so it got its own license tag rhbz#1055861 # so it got its own license tag rhbz#1055861
License: Nmap License: Nmap
@ -28,14 +28,6 @@ Patch2: nmap-4.52-noms.patch
# upstream provided patch for rhbz#845005, not yet in upstream repository # upstream provided patch for rhbz#845005, not yet in upstream repository
Patch5: ncat_reg_stdin.diff Patch5: ncat_reg_stdin.diff
Patch6: nmap-6.25-displayerror.patch Patch6: nmap-6.25-displayerror.patch
## https://github.com/nmap/nmap/commit/fd0db097498d5ff29f647508a80915d4d0e8d84a
Patch7: nmap-7.60-bundled_libssh2_libz.patch
# https://github.com/nmap/nmap/pull/973
# https://github.com/nmap/nmap/pull/975
Patch8: nmap-7.60-memleak.patch
## e8b73078f Provides more meaningful information about the connecting client
## when in UDP listening mode. Closes #980 - nnposter, 4 months ago
Patch9: nmap-7.60-udp_remoteaddr.patch
@ -104,9 +96,6 @@ BuildArch: noarch
%patch2 -p1 -b .noms %patch2 -p1 -b .noms
%patch5 -p1 -b .ncat_reg_stdin %patch5 -p1 -b .ncat_reg_stdin
%patch6 -p1 -b .displayerror %patch6 -p1 -b .displayerror
%patch7 -p1 -b .libssh2
%patch8 -p1 -b .memleak
%patch9 -p1 -b .udp_address
#be sure we're not using tarballed copies of some libraries #be sure we're not using tarballed copies of some libraries
#rm -rf liblua libpcap libpcre macosx mswin32 ###TODO### #rm -rf liblua libpcap libpcre macosx mswin32 ###TODO###
@ -232,6 +221,9 @@ popd
%{_datadir}/metainfo/zenmap.appdata.xml %{_datadir}/metainfo/zenmap.appdata.xml
%changelog %changelog
* Wed Mar 21 2018 Pavel Zhukov <pzhukov@redhat.com> - 2:7.70-1
- New version 7.70 (#1558770)
* Tue Feb 27 2018 Pavel Zhukov <pzhukov@redhat.com> - 2:7.60-14 * Tue Feb 27 2018 Pavel Zhukov <pzhukov@redhat.com> - 2:7.60-14
- Add appdata file (#1476506) - Add appdata file (#1476506)

2
sources
View File

@ -1 +1 @@
SHA512 (nmap-7.60.tar.bz2) = 74ba8f6de026ade9ee6bb2252bee18a57210f8207977df7f1c04556629dcdc1e6127f33febc8a52ef88a1dac876116d590564dee4f1c23798c3ac37529991aa4 SHA512 (nmap-7.70.tar.bz2) = 084c148b022ff6550e269d976d0077f7932a10e2ef218236fe13aa3a70b4eb6506df03329868fc68cb3ce78e4360b200f5a7a491d3145028fed679ef1c9ecae5