diff --git a/.gitignore b/.gitignore index 453be76..952049b 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/nmap-7.70.tar.bz2 +SOURCES/nmap-7.92.tar.bz2 diff --git a/.nmap.metadata b/.nmap.metadata index b6224c6..c2d9540 100644 --- a/.nmap.metadata +++ b/.nmap.metadata @@ -1 +1 @@ -71057361a0953bba5967dc0385de77f3eed792de SOURCES/nmap-7.70.tar.bz2 +62342a9a6641833c5c16b7a24ced4bace68c60fb SOURCES/nmap-7.92.tar.bz2 diff --git a/SOURCES/nmap-ipv6_literal_proxy.patch b/SOURCES/nmap-ipv6_literal_proxy.patch deleted file mode 100644 index 8d730fc..0000000 --- a/SOURCES/nmap-ipv6_literal_proxy.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/ncat/ncat_connect.c b/ncat/ncat_connect.c -index 0968601..447aeb1 100644 ---- a/ncat/ncat_connect.c -+++ b/ncat/ncat_connect.c -@@ -353,7 +353,7 @@ static const char *sock_to_url(char *host_str, unsigned short port) - Snprintf(buf, sizeof(buf), "%s:%hu", host_str, port); - break; - case 2: -- Snprintf(buf, sizeof(buf), "[%s]:%hu]", host_str, port); -+ Snprintf(buf, sizeof(buf), "[%s]:%hu", host_str, port); - } - - return buf; diff --git a/SOURCES/nmap-safe_fd_functions.patch b/SOURCES/nmap-safe_fd_functions.patch deleted file mode 100644 index 4798f1f..0000000 --- a/SOURCES/nmap-safe_fd_functions.patch +++ /dev/null @@ -1,369 +0,0 @@ -diff --git a/ncat/ncat_core.c b/ncat/ncat_core.c -index 649e478..21eca9e 100644 ---- a/ncat/ncat_core.c -+++ b/ncat/ncat_core.c -@@ -458,7 +458,7 @@ int ncat_broadcast(fd_set *fds, const fd_list_t *fdlist, const char *msg, size_t - - ret = 0; - for (i = 0; i <= fdlist->fdmax; i++) { -- if (!FD_ISSET(i, fds)) -+ if (!checked_fd_isset(i, fds)) - continue; - - fdn = get_fdinfo(fdlist, i); -diff --git a/ncat/ncat_listen.c b/ncat/ncat_listen.c -index 5c4bb33..bb779cf 100644 ---- a/ncat/ncat_listen.c -+++ b/ncat/ncat_listen.c -@@ -312,10 +312,10 @@ static int ncat_listen_stream(int proto) - unblock_socket(listen_socket[num_sockets]); - - /* setup select sets and max fd */ -- FD_SET(listen_socket[num_sockets], &master_readfds); -+ checked_fd_set(listen_socket[num_sockets], &master_readfds); - add_fd(&client_fdlist, listen_socket[num_sockets]); - -- FD_SET(listen_socket[num_sockets], &listen_fds); -+ checked_fd_set(listen_socket[num_sockets], &listen_fds); - - num_sockets++; - } -@@ -368,7 +368,7 @@ static int ncat_listen_stream(int proto) - */ - for (i = 0; i <= client_fdlist.fdmax && fds_ready > 0; i++) { - /* Loop through descriptors until there's something to read */ -- if (!FD_ISSET(i, &readfds) && !FD_ISSET(i, &writefds)) -+ if (!checked_fd_isset(i, &readfds) && !checked_fd_isset(i, &writefds)) - continue; - - if (o.debug > 1) -@@ -376,30 +376,30 @@ static int ncat_listen_stream(int proto) - - #ifdef HAVE_OPENSSL - /* Is this an ssl socket pending a handshake? If so handle it. */ -- if (o.ssl && FD_ISSET(i, &sslpending_fds)) { -+ if (o.ssl && checked_fd_isset(i, &sslpending_fds)) { - struct fdinfo *fdi = NULL; -- FD_CLR(i, &master_readfds); -- FD_CLR(i, &master_writefds); -+ checked_fd_clr(i, &master_readfds); -+ checked_fd_clr(i, &master_writefds); - fdi = get_fdinfo(&client_fdlist, i); - ncat_assert(fdi != NULL); - switch (ssl_handshake(fdi)) { - case NCAT_SSL_HANDSHAKE_COMPLETED: - /* Clear from sslpending_fds once ssl is established */ -- FD_CLR(i, &sslpending_fds); -+ checked_fd_clr(i, &sslpending_fds); - post_handle_connection(*fdi); - break; - case NCAT_SSL_HANDSHAKE_PENDING_WRITE: -- FD_SET(i, &master_writefds); -+ checked_fd_set(i, &master_writefds); - break; - case NCAT_SSL_HANDSHAKE_PENDING_READ: -- FD_SET(i, &master_readfds); -+ checked_fd_set(i, &master_readfds); - break; - case NCAT_SSL_HANDSHAKE_FAILED: - default: - SSL_free(fdi->ssl); - Close(fdi->fd); -- FD_CLR(i, &sslpending_fds); -- FD_CLR(i, &master_readfds); -+ checked_fd_clr(i, &sslpending_fds); -+ checked_fd_clr(i, &master_readfds); - rm_fd(&client_fdlist, i); - /* Are we in single listening mode(without -k)? If so - then we should quit also. */ -@@ -410,7 +410,7 @@ static int ncat_listen_stream(int proto) - } - } else - #endif -- if (FD_ISSET(i, &listen_fds)) { -+ if (checked_fd_isset(i, &listen_fds)) { - /* we have a new connection request */ - handle_connection(i); - } else if (i == STDIN_FILENO) { -@@ -490,7 +490,7 @@ static void handle_connection(int socket_accept) - int i; - for (i = 0; i < num_listenaddrs; i++) { - Close(listen_socket[i]); -- FD_CLR(listen_socket[i], &master_readfds); -+ checked_fd_clr(listen_socket[i], &master_readfds); - rm_fd(&client_fdlist, listen_socket[i]); - } - } -@@ -528,9 +528,9 @@ static void handle_connection(int socket_accept) - #ifdef HAVE_OPENSSL - if (o.ssl) { - /* Add the socket to the necessary descriptor lists. */ -- FD_SET(s.fd, &sslpending_fds); -- FD_SET(s.fd, &master_readfds); -- FD_SET(s.fd, &master_writefds); -+ checked_fd_set(s.fd, &sslpending_fds); -+ checked_fd_set(s.fd, &master_readfds); -+ checked_fd_set(s.fd, &master_writefds); - /* Add it to our list of fds too for maintaining maxfd. */ - if (add_fdinfo(&client_fdlist, &s) < 0) - bye("add_fdinfo() failed."); -@@ -563,10 +563,10 @@ static void post_handle_connection(struct fdinfo sinfo) - } else { - /* Now that a client is connected, pay attention to stdin. */ - if (!stdin_eof) -- FD_SET(STDIN_FILENO, &master_readfds); -+ checked_fd_set(STDIN_FILENO, &master_readfds); - if (!o.sendonly) { - /* add to our lists */ -- FD_SET(sinfo.fd, &master_readfds); -+ checked_fd_set(sinfo.fd, &master_readfds); - /* add it to our list of fds for maintaining maxfd */ - #ifdef HAVE_OPENSSL - /* Don't add it twice (see handle_connection above) */ -@@ -578,7 +578,7 @@ static void post_handle_connection(struct fdinfo sinfo) - } - #endif - } -- FD_SET(sinfo.fd, &master_broadcastfds); -+ checked_fd_set(sinfo.fd, &master_broadcastfds); - if (add_fdinfo(&broadcast_fdlist, &sinfo) < 0) - bye("add_fdinfo() failed."); - -@@ -603,7 +603,7 @@ int read_stdin(void) - logdebug("EOF on stdin\n"); - - /* Don't close the file because that allows a socket to be fd 0. */ -- FD_CLR(STDIN_FILENO, &master_readfds); -+ checked_fd_clr(STDIN_FILENO, &master_readfds); - /* Buf mark that we've seen EOF so it doesn't get re-added to the - select list. */ - stdin_eof = 1; -@@ -656,14 +656,14 @@ int read_socket(int recv_fd) - } - #endif - close(recv_fd); -- FD_CLR(recv_fd, &master_readfds); -+ checked_fd_clr(recv_fd, &master_readfds); - rm_fd(&client_fdlist, recv_fd); -- FD_CLR(recv_fd, &master_broadcastfds); -+ checked_fd_clr(recv_fd, &master_broadcastfds); - rm_fd(&broadcast_fdlist, recv_fd); - - conn_inc--; - if (get_conn_count() == 0) -- FD_CLR(STDIN_FILENO, &master_readfds); -+ checked_fd_clr(STDIN_FILENO, &master_readfds); - - return n; - } -@@ -753,7 +753,7 @@ static int ncat_listen_dgram(int proto) - logdebug("do_listen(\"%s\"): %s\n", inet_ntop_ez(&listenaddrs[i].storage, sizeof(listenaddrs[i].storage)), socket_strerror(socket_errno())); - continue; - } -- FD_SET(sockfd[num_sockets].fd, &listen_fds); -+ checked_fd_set(sockfd[num_sockets].fd, &listen_fds); - add_fd(&listen_fdlist, sockfd[num_sockets].fd); - sockfd[num_sockets].addr = listenaddrs[i]; - num_sockets++; -@@ -773,14 +773,14 @@ static int ncat_listen_dgram(int proto) - - if (fdn != -1) { - /*remove socket descriptor which is burnt */ -- FD_CLR(sockfd[fdn].fd, &listen_fds); -+ checked_fd_clr(sockfd[fdn].fd, &listen_fds); - rm_fd(&listen_fdlist, sockfd[fdn].fd); - - /* Rebuild the udp socket which got burnt */ - sockfd[fdn].fd = do_listen(SOCK_DGRAM, proto, &sockfd[fdn].addr); - if (sockfd[fdn].fd == -1) - bye("do_listen: %s", socket_strerror(socket_errno())); -- FD_SET(sockfd[fdn].fd, &listen_fds); -+ checked_fd_set(sockfd[fdn].fd, &listen_fds); - add_fd(&listen_fdlist, sockfd[fdn].fd); - - } -@@ -818,7 +818,7 @@ static int ncat_listen_dgram(int proto) - */ - for (i = 0; i <= listen_fdlist.fdmax && fds_ready > 0; i++) { - /* Loop through descriptors until there is something ready */ -- if (!FD_ISSET(i, &fds)) -+ if (!checked_fd_isset(i, &fds)) - continue; - - /* Check each listening socket */ -@@ -905,8 +905,8 @@ static int ncat_listen_dgram(int proto) - continue; - } - -- FD_SET(socket_n, &read_fds); -- FD_SET(STDIN_FILENO, &read_fds); -+ checked_fd_set(socket_n, &read_fds); -+ checked_fd_set(STDIN_FILENO, &read_fds); - fdmax = socket_n; - - /* stdin -> socket and socket -> stdout */ -@@ -926,7 +926,7 @@ static int ncat_listen_dgram(int proto) - if (fds_ready == 0) - bye("Idle timeout expired (%d ms).", o.idletimeout); - -- if (FD_ISSET(STDIN_FILENO, &fds)) { -+ if (checked_fd_isset(STDIN_FILENO, &fds)) { - nbytes = Read(STDIN_FILENO, buf, sizeof(buf)); - if (nbytes <= 0) { - if (nbytes < 0 && o.verbose) { -@@ -934,7 +934,7 @@ static int ncat_listen_dgram(int proto) - } else if (nbytes == 0 && o.debug) { - logdebug("EOF on stdin\n"); - } -- FD_CLR(STDIN_FILENO, &read_fds); -+ checked_fd_clr(STDIN_FILENO, &read_fds); - if (nbytes < 0) - return 1; - continue; -@@ -958,7 +958,7 @@ static int ncat_listen_dgram(int proto) - tempbuf = NULL; - } - } -- if (FD_ISSET(socket_n, &fds)) { -+ if (checked_fd_isset(socket_n, &fds)) { - nbytes = recv(socket_n, buf, sizeof(buf), 0); - if (nbytes < 0) { - loguser("%s.\n", socket_strerror(socket_errno())); -@@ -1034,7 +1034,7 @@ static void read_and_broadcast(int recv_fd) - - /* Don't close the file because that allows a socket to be - fd 0. */ -- FD_CLR(recv_fd, &master_readfds); -+ checked_fd_clr(recv_fd, &master_readfds); - /* But mark that we've seen EOF so it doesn't get re-added to - the select list. */ - stdin_eof = 1; -@@ -1061,14 +1061,14 @@ static void read_and_broadcast(int recv_fd) - } - #endif - close(recv_fd); -- FD_CLR(recv_fd, &master_readfds); -+ checked_fd_clr(recv_fd, &master_readfds); - rm_fd(&client_fdlist, recv_fd); -- FD_CLR(recv_fd, &master_broadcastfds); -+ checked_fd_clr(recv_fd, &master_broadcastfds); - rm_fd(&broadcast_fdlist, recv_fd); - - conn_inc--; - if (conn_inc == 0) -- FD_CLR(STDIN_FILENO, &master_readfds); -+ checked_fd_clr(STDIN_FILENO, &master_readfds); - - if (o.chat) - chat_announce_disconnect(recv_fd); -@@ -1099,7 +1099,7 @@ static void read_and_broadcast(int recv_fd) - - /* Send to everyone except the one who sent this message. */ - broadcastfds = master_broadcastfds; -- FD_CLR(recv_fd, &broadcastfds); -+ checked_fd_clr(recv_fd, &broadcastfds); - ncat_broadcast(&broadcastfds, &broadcast_fdlist, outbuf, n); - - free(chatbuf); -@@ -1114,7 +1114,7 @@ static void shutdown_sockets(int how) - int i; - - for (i = 0; i <= broadcast_fdlist.fdmax; i++) { -- if (!FD_ISSET(i, &master_broadcastfds)) -+ if (!checked_fd_isset(i, &master_broadcastfds)) - continue; - - fdn = get_fdinfo(&broadcast_fdlist, i); -@@ -1139,7 +1139,7 @@ static int chat_announce_connect(int fd, const union sockaddr_u *su) - union sockaddr_u su; - socklen_t len = sizeof(su.storage); - -- if (i == fd || !FD_ISSET(i, &master_broadcastfds)) -+ if (i == fd || !checked_fd_isset(i, &master_broadcastfds)) - continue; - - if (getpeername(i, &su.sockaddr, &len) == -1) -diff --git a/ncat/ncat_posix.c b/ncat/ncat_posix.c -index 3b01936..59e801e 100644 ---- a/ncat/ncat_posix.c -+++ b/ncat/ncat_posix.c -@@ -273,8 +273,8 @@ void netexec(struct fdinfo *info, char *cmdexec) - int r, n_r; - - FD_ZERO(&fds); -- FD_SET(info->fd, &fds); -- FD_SET(child_stdout[0], &fds); -+ checked_fd_set(info->fd, &fds); -+ checked_fd_set(child_stdout[0], &fds); - - r = fselect(maxfd + 1, &fds, NULL, NULL, NULL); - if (r == -1) { -@@ -283,7 +283,7 @@ void netexec(struct fdinfo *info, char *cmdexec) - else - break; - } -- if (FD_ISSET(info->fd, &fds)) { -+ if (checked_fd_isset(info->fd, &fds)) { - int pending; - - do { -@@ -293,7 +293,7 @@ void netexec(struct fdinfo *info, char *cmdexec) - write_loop(child_stdin[1], buf, n_r); - } while (pending); - } -- if (FD_ISSET(child_stdout[0], &fds)) { -+ if (checked_fd_isset(child_stdout[0], &fds)) { - char *crlf = NULL, *wbuf; - n_r = read(child_stdout[0], buf, sizeof(buf)); - if (n_r <= 0) -diff --git a/ncat/ncat_proxy.c b/ncat/ncat_proxy.c -index d7227fc..e060e3e 100644 ---- a/ncat/ncat_proxy.c -+++ b/ncat/ncat_proxy.c -@@ -234,7 +234,7 @@ int ncat_http_server(void) - unblock_socket(listen_socket[num_sockets]); - - /* setup select sets and max fd */ -- FD_SET(listen_socket[num_sockets], &listen_fds); -+ checked_fd_set(listen_socket[num_sockets], &listen_fds); - add_fd(&listen_fdlist, listen_socket[num_sockets]); - - num_sockets++; -@@ -267,7 +267,7 @@ int ncat_http_server(void) - - for (i = 0; i <= listen_fdlist.fdmax && fds_ready > 0; i++) { - /* Loop through descriptors until there is something ready */ -- if (!FD_ISSET(i, &read_fds)) -+ if (!checked_fd_isset(i, &read_fds)) - continue; - - /* Check each listening socket */ -@@ -525,8 +525,8 @@ static int handle_connect(struct socket_buffer *client_sock, - - maxfd = client_sock->fdn.fd < s ? s : client_sock->fdn.fd; - FD_ZERO(&m); -- FD_SET(client_sock->fdn.fd, &m); -- FD_SET(s, &m); -+ checked_fd_set(client_sock->fdn.fd, &m); -+ checked_fd_set(s, &m); - - errno = 0; - -@@ -540,7 +540,7 @@ static int handle_connect(struct socket_buffer *client_sock, - - zmem(buf, sizeof(buf)); - -- if (FD_ISSET(client_sock->fdn.fd, &r)) { -+ if (checked_fd_isset(client_sock->fdn.fd, &r)) { - do { - do { - len = fdinfo_recv(&client_sock->fdn, buf, sizeof(buf)); -@@ -556,7 +556,7 @@ static int handle_connect(struct socket_buffer *client_sock, - } while (fdinfo_pending(&client_sock->fdn)); - } - -- if (FD_ISSET(s, &r)) { -+ if (checked_fd_isset(s, &r)) { - do { - len = recv(s, buf, sizeof(buf), 0); - } while (len == -1 && socket_errno() == EINTR); diff --git a/SPECS/nmap.spec b/SPECS/nmap.spec index 1c3386a..e3d2b0c 100644 --- a/SPECS/nmap.spec +++ b/SPECS/nmap.spec @@ -11,9 +11,9 @@ Summary: Network exploration tool and security scanner Name: nmap Epoch: 2 -Version: 7.70 +Version: 7.92 #global prerelease TEST5 -Release: 8%{?dist} +Release: 1%{?dist} # Uses combination of licenses based on GPL license, but with extra modification # so it got its own license tag rhbz#1055861 License: Nmap @@ -33,15 +33,11 @@ Patch1: nmap-4.03-mktemp.patch Patch2: nmap-4.52-noms.patch # upstream provided patch for rhbz#845005, not yet in upstream repository -Patch5: ncat_reg_stdin.diff -Patch6: nmap-6.25-displayerror.patch -Patch7: nmap-safe_fd_functions.patch +Patch3: ncat_reg_stdin.diff +Patch4: nmap-6.25-displayerror.patch # https://github.com/nmap/nmap/pull/2247 -Patch8: nmap_resolve_config.patch - -# https://bugzilla.redhat.com/show_bug.cgi?id=2120294 -Patch9: nmap-ipv6_literal_proxy.patch +Patch5: nmap_resolve_config.patch URL: http://nmap.org/ BuildRequires: gcc-c++ @@ -229,7 +225,7 @@ fi %files -f nmap.lang -%doc COPYING* +%doc LICENSE %doc docs/README %doc docs/nmap.usage.txt %{_bindir}/nmap @@ -239,7 +235,7 @@ fi %{_datadir}/nmap %files ncat -%doc COPYING ncat/docs/AUTHORS ncat/docs/README ncat/docs/THANKS ncat/docs/examples +%doc LICENSE ncat/docs/AUTHORS ncat/docs/README ncat/docs/THANKS ncat/docs/examples %if 0%{?fedora} && 0%{?fedora} >= 0 %{_bindir}/nc %{_mandir}/man1/nc.1.gz @@ -275,6 +271,11 @@ fi %endif %changelog +* Tue Mar 21 2023 Martin Osvald - 2:7.92-1 +- New version 7.92 +- Resolves: #2166178 - Nmap much slower after libpcap fix +- Resolves: #2169766 - Rebase nmap for TLS v1.3 support + * Tue Aug 23 2022 Martin Osvald - 2:7.70-8 - Resolves: #2120294 - wrong connect format