rpms/nmap
7
0
Fork 0
Code Issues Pull Requests Releases Activity

New version 7.92

Browse Source 
Nmap much slower after libpcap fix
Rebase nmap for TLS v1.3 support

Resolves: #2166178
Resolves: #2169766
This commit is contained in:
Martin Osvald 2023-03-22 11:09:51 +01:00
parent 4a2e4a9633
commit c9b338d8b7
5 changed files with 14 additions and 394 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,2 +1,3 @@
SOURCES/nmap-7.70.tar.bz2
/nmap-7.70.tar.bz2
/nmap-7.92.tar.bz2

13
nmap-ipv6_literal_proxy.patch
View File

@ -1,13 +0,0 @@
diff --git a/ncat/ncat_connect.c b/ncat/ncat_connect.c
index 0968601..447aeb1 100644
--- a/ncat/ncat_connect.c
+++ b/ncat/ncat_connect.c
@@ -353,7 +353,7 @@ static const char *sock_to_url(char *host_str, unsigned short port)
Snprintf(buf, sizeof(buf), "%s:%hu", host_str, port);
break;
case 2:
- Snprintf(buf, sizeof(buf), "[%s]:%hu]", host_str, port);
+ Snprintf(buf, sizeof(buf), "[%s]:%hu", host_str, port);
}
return buf;

369
nmap-safe_fd_functions.patch
View File

@ -1,369 +0,0 @@
diff --git a/ncat/ncat_core.c b/ncat/ncat_core.c
index 649e478..21eca9e 100644
--- a/ncat/ncat_core.c
+++ b/ncat/ncat_core.c
@@ -458,7 +458,7 @@ int ncat_broadcast(fd_set *fds, const fd_list_t *fdlist, const char *msg, size_t
ret = 0;
for (i = 0; i <= fdlist->fdmax; i++) {
- if (!FD_ISSET(i, fds))
+ if (!checked_fd_isset(i, fds))
continue;
fdn = get_fdinfo(fdlist, i);
diff --git a/ncat/ncat_listen.c b/ncat/ncat_listen.c
index 5c4bb33..bb779cf 100644
--- a/ncat/ncat_listen.c
+++ b/ncat/ncat_listen.c
@@ -312,10 +312,10 @@ static int ncat_listen_stream(int proto)
unblock_socket(listen_socket[num_sockets]);
/* setup select sets and max fd */
- FD_SET(listen_socket[num_sockets], &master_readfds);
+ checked_fd_set(listen_socket[num_sockets], &master_readfds);
add_fd(&client_fdlist, listen_socket[num_sockets]);
- FD_SET(listen_socket[num_sockets], &listen_fds);
+ checked_fd_set(listen_socket[num_sockets], &listen_fds);
num_sockets++;
}
@@ -368,7 +368,7 @@ static int ncat_listen_stream(int proto)
*/
for (i = 0; i <= client_fdlist.fdmax && fds_ready > 0; i++) {
/* Loop through descriptors until there's something to read */
- if (!FD_ISSET(i, &readfds) && !FD_ISSET(i, &writefds))
+ if (!checked_fd_isset(i, &readfds) && !checked_fd_isset(i, &writefds))
continue;
if (o.debug > 1)
@@ -376,30 +376,30 @@ static int ncat_listen_stream(int proto)
#ifdef HAVE_OPENSSL
/* Is this an ssl socket pending a handshake? If so handle it. */
- if (o.ssl && FD_ISSET(i, &sslpending_fds)) {
+ if (o.ssl && checked_fd_isset(i, &sslpending_fds)) {
struct fdinfo *fdi = NULL;
- FD_CLR(i, &master_readfds);
- FD_CLR(i, &master_writefds);
+ checked_fd_clr(i, &master_readfds);
+ checked_fd_clr(i, &master_writefds);
fdi = get_fdinfo(&client_fdlist, i);
ncat_assert(fdi != NULL);
switch (ssl_handshake(fdi)) {
case NCAT_SSL_HANDSHAKE_COMPLETED:
/* Clear from sslpending_fds once ssl is established */
- FD_CLR(i, &sslpending_fds);
+ checked_fd_clr(i, &sslpending_fds);
post_handle_connection(*fdi);
break;
case NCAT_SSL_HANDSHAKE_PENDING_WRITE:
- FD_SET(i, &master_writefds);
+ checked_fd_set(i, &master_writefds);
break;
case NCAT_SSL_HANDSHAKE_PENDING_READ:
- FD_SET(i, &master_readfds);
+ checked_fd_set(i, &master_readfds);
break;
case NCAT_SSL_HANDSHAKE_FAILED:
default:
SSL_free(fdi->ssl);
Close(fdi->fd);
- FD_CLR(i, &sslpending_fds);
- FD_CLR(i, &master_readfds);
+ checked_fd_clr(i, &sslpending_fds);
+ checked_fd_clr(i, &master_readfds);
rm_fd(&client_fdlist, i);
/* Are we in single listening mode(without -k)? If so
then we should quit also. */
@@ -410,7 +410,7 @@ static int ncat_listen_stream(int proto)
}
} else
#endif
- if (FD_ISSET(i, &listen_fds)) {
+ if (checked_fd_isset(i, &listen_fds)) {
/* we have a new connection request */
handle_connection(i);
} else if (i == STDIN_FILENO) {
@@ -490,7 +490,7 @@ static void handle_connection(int socket_accept)
int i;
for (i = 0; i < num_listenaddrs; i++) {
Close(listen_socket[i]);
- FD_CLR(listen_socket[i], &master_readfds);
+ checked_fd_clr(listen_socket[i], &master_readfds);
rm_fd(&client_fdlist, listen_socket[i]);
}
}
@@ -528,9 +528,9 @@ static void handle_connection(int socket_accept)
#ifdef HAVE_OPENSSL
if (o.ssl) {
/* Add the socket to the necessary descriptor lists. */
- FD_SET(s.fd, &sslpending_fds);
- FD_SET(s.fd, &master_readfds);
- FD_SET(s.fd, &master_writefds);
+ checked_fd_set(s.fd, &sslpending_fds);
+ checked_fd_set(s.fd, &master_readfds);
+ checked_fd_set(s.fd, &master_writefds);
/* Add it to our list of fds too for maintaining maxfd. */
if (add_fdinfo(&client_fdlist, &s) < 0)
bye("add_fdinfo() failed.");
@@ -563,10 +563,10 @@ static void post_handle_connection(struct fdinfo sinfo)
} else {
/* Now that a client is connected, pay attention to stdin. */
if (!stdin_eof)
- FD_SET(STDIN_FILENO, &master_readfds);
+ checked_fd_set(STDIN_FILENO, &master_readfds);
if (!o.sendonly) {
/* add to our lists */
- FD_SET(sinfo.fd, &master_readfds);
+ checked_fd_set(sinfo.fd, &master_readfds);
/* add it to our list of fds for maintaining maxfd */
#ifdef HAVE_OPENSSL
/* Don't add it twice (see handle_connection above) */
@@ -578,7 +578,7 @@ static void post_handle_connection(struct fdinfo sinfo)
}
#endif
}
- FD_SET(sinfo.fd, &master_broadcastfds);
+ checked_fd_set(sinfo.fd, &master_broadcastfds);
if (add_fdinfo(&broadcast_fdlist, &sinfo) < 0)
bye("add_fdinfo() failed.");
@@ -603,7 +603,7 @@ int read_stdin(void)
logdebug("EOF on stdin\n");
/* Don't close the file because that allows a socket to be fd 0. */
- FD_CLR(STDIN_FILENO, &master_readfds);
+ checked_fd_clr(STDIN_FILENO, &master_readfds);
/* Buf mark that we've seen EOF so it doesn't get re-added to the
select list. */
stdin_eof = 1;
@@ -656,14 +656,14 @@ int read_socket(int recv_fd)
}
#endif
close(recv_fd);
- FD_CLR(recv_fd, &master_readfds);
+ checked_fd_clr(recv_fd, &master_readfds);
rm_fd(&client_fdlist, recv_fd);
- FD_CLR(recv_fd, &master_broadcastfds);
+ checked_fd_clr(recv_fd, &master_broadcastfds);
rm_fd(&broadcast_fdlist, recv_fd);
conn_inc--;
if (get_conn_count() == 0)
- FD_CLR(STDIN_FILENO, &master_readfds);
+ checked_fd_clr(STDIN_FILENO, &master_readfds);
return n;
}
@@ -753,7 +753,7 @@ static int ncat_listen_dgram(int proto)
logdebug("do_listen(\"%s\"): %s\n", inet_ntop_ez(&listenaddrs[i].storage, sizeof(listenaddrs[i].storage)), socket_strerror(socket_errno()));
continue;
}
- FD_SET(sockfd[num_sockets].fd, &listen_fds);
+ checked_fd_set(sockfd[num_sockets].fd, &listen_fds);
add_fd(&listen_fdlist, sockfd[num_sockets].fd);
sockfd[num_sockets].addr = listenaddrs[i];
num_sockets++;
@@ -773,14 +773,14 @@ static int ncat_listen_dgram(int proto)
if (fdn != -1) {
/*remove socket descriptor which is burnt */
- FD_CLR(sockfd[fdn].fd, &listen_fds);
+ checked_fd_clr(sockfd[fdn].fd, &listen_fds);
rm_fd(&listen_fdlist, sockfd[fdn].fd);
/* Rebuild the udp socket which got burnt */
sockfd[fdn].fd = do_listen(SOCK_DGRAM, proto, &sockfd[fdn].addr);
if (sockfd[fdn].fd == -1)
bye("do_listen: %s", socket_strerror(socket_errno()));
- FD_SET(sockfd[fdn].fd, &listen_fds);
+ checked_fd_set(sockfd[fdn].fd, &listen_fds);
add_fd(&listen_fdlist, sockfd[fdn].fd);
}
@@ -818,7 +818,7 @@ static int ncat_listen_dgram(int proto)
*/
for (i = 0; i <= listen_fdlist.fdmax && fds_ready > 0; i++) {
/* Loop through descriptors until there is something ready */
- if (!FD_ISSET(i, &fds))
+ if (!checked_fd_isset(i, &fds))
continue;
/* Check each listening socket */
@@ -905,8 +905,8 @@ static int ncat_listen_dgram(int proto)
continue;
}
- FD_SET(socket_n, &read_fds);
- FD_SET(STDIN_FILENO, &read_fds);
+ checked_fd_set(socket_n, &read_fds);
+ checked_fd_set(STDIN_FILENO, &read_fds);
fdmax = socket_n;
/* stdin -> socket and socket -> stdout */
@@ -926,7 +926,7 @@ static int ncat_listen_dgram(int proto)
if (fds_ready == 0)
bye("Idle timeout expired (%d ms).", o.idletimeout);
- if (FD_ISSET(STDIN_FILENO, &fds)) {
+ if (checked_fd_isset(STDIN_FILENO, &fds)) {
nbytes = Read(STDIN_FILENO, buf, sizeof(buf));
if (nbytes <= 0) {
if (nbytes < 0 && o.verbose) {
@@ -934,7 +934,7 @@ static int ncat_listen_dgram(int proto)
} else if (nbytes == 0 && o.debug) {
logdebug("EOF on stdin\n");
}
- FD_CLR(STDIN_FILENO, &read_fds);
+ checked_fd_clr(STDIN_FILENO, &read_fds);
if (nbytes < 0)
return 1;
continue;
@@ -958,7 +958,7 @@ static int ncat_listen_dgram(int proto)
tempbuf = NULL;
}
}
- if (FD_ISSET(socket_n, &fds)) {
+ if (checked_fd_isset(socket_n, &fds)) {
nbytes = recv(socket_n, buf, sizeof(buf), 0);
if (nbytes < 0) {
loguser("%s.\n", socket_strerror(socket_errno()));
@@ -1034,7 +1034,7 @@ static void read_and_broadcast(int recv_fd)
/* Don't close the file because that allows a socket to be
fd 0. */
- FD_CLR(recv_fd, &master_readfds);
+ checked_fd_clr(recv_fd, &master_readfds);
/* But mark that we've seen EOF so it doesn't get re-added to
the select list. */
stdin_eof = 1;
@@ -1061,14 +1061,14 @@ static void read_and_broadcast(int recv_fd)
}
#endif
close(recv_fd);
- FD_CLR(recv_fd, &master_readfds);
+ checked_fd_clr(recv_fd, &master_readfds);
rm_fd(&client_fdlist, recv_fd);
- FD_CLR(recv_fd, &master_broadcastfds);
+ checked_fd_clr(recv_fd, &master_broadcastfds);
rm_fd(&broadcast_fdlist, recv_fd);
conn_inc--;
if (conn_inc == 0)
- FD_CLR(STDIN_FILENO, &master_readfds);
+ checked_fd_clr(STDIN_FILENO, &master_readfds);
if (o.chat)
chat_announce_disconnect(recv_fd);
@@ -1099,7 +1099,7 @@ static void read_and_broadcast(int recv_fd)
/* Send to everyone except the one who sent this message. */
broadcastfds = master_broadcastfds;
- FD_CLR(recv_fd, &broadcastfds);
+ checked_fd_clr(recv_fd, &broadcastfds);
ncat_broadcast(&broadcastfds, &broadcast_fdlist, outbuf, n);
free(chatbuf);
@@ -1114,7 +1114,7 @@ static void shutdown_sockets(int how)
int i;
for (i = 0; i <= broadcast_fdlist.fdmax; i++) {
- if (!FD_ISSET(i, &master_broadcastfds))
+ if (!checked_fd_isset(i, &master_broadcastfds))
continue;
fdn = get_fdinfo(&broadcast_fdlist, i);
@@ -1139,7 +1139,7 @@ static int chat_announce_connect(int fd, const union sockaddr_u *su)
union sockaddr_u su;
socklen_t len = sizeof(su.storage);
- if (i == fd || !FD_ISSET(i, &master_broadcastfds))
+ if (i == fd || !checked_fd_isset(i, &master_broadcastfds))
continue;
if (getpeername(i, &su.sockaddr, &len) == -1)
diff --git a/ncat/ncat_posix.c b/ncat/ncat_posix.c
index 3b01936..59e801e 100644
--- a/ncat/ncat_posix.c
+++ b/ncat/ncat_posix.c
@@ -273,8 +273,8 @@ void netexec(struct fdinfo *info, char *cmdexec)
int r, n_r;
FD_ZERO(&fds);
- FD_SET(info->fd, &fds);
- FD_SET(child_stdout[0], &fds);
+ checked_fd_set(info->fd, &fds);
+ checked_fd_set(child_stdout[0], &fds);
r = fselect(maxfd + 1, &fds, NULL, NULL, NULL);
if (r == -1) {
@@ -283,7 +283,7 @@ void netexec(struct fdinfo *info, char *cmdexec)
else
break;
}
- if (FD_ISSET(info->fd, &fds)) {
+ if (checked_fd_isset(info->fd, &fds)) {
int pending;
do {
@@ -293,7 +293,7 @@ void netexec(struct fdinfo *info, char *cmdexec)
write_loop(child_stdin[1], buf, n_r);
} while (pending);
}
- if (FD_ISSET(child_stdout[0], &fds)) {
+ if (checked_fd_isset(child_stdout[0], &fds)) {
char *crlf = NULL, *wbuf;
n_r = read(child_stdout[0], buf, sizeof(buf));
if (n_r <= 0)
diff --git a/ncat/ncat_proxy.c b/ncat/ncat_proxy.c
index d7227fc..e060e3e 100644
--- a/ncat/ncat_proxy.c
+++ b/ncat/ncat_proxy.c
@@ -234,7 +234,7 @@ int ncat_http_server(void)
unblock_socket(listen_socket[num_sockets]);
/* setup select sets and max fd */
- FD_SET(listen_socket[num_sockets], &listen_fds);
+ checked_fd_set(listen_socket[num_sockets], &listen_fds);
add_fd(&listen_fdlist, listen_socket[num_sockets]);
num_sockets++;
@@ -267,7 +267,7 @@ int ncat_http_server(void)
for (i = 0; i <= listen_fdlist.fdmax && fds_ready > 0; i++) {
/* Loop through descriptors until there is something ready */
- if (!FD_ISSET(i, &read_fds))
+ if (!checked_fd_isset(i, &read_fds))
continue;
/* Check each listening socket */
@@ -525,8 +525,8 @@ static int handle_connect(struct socket_buffer *client_sock,
maxfd = client_sock->fdn.fd < s ? s : client_sock->fdn.fd;
FD_ZERO(&m);
- FD_SET(client_sock->fdn.fd, &m);
- FD_SET(s, &m);
+ checked_fd_set(client_sock->fdn.fd, &m);
+ checked_fd_set(s, &m);
errno = 0;
@@ -540,7 +540,7 @@ static int handle_connect(struct socket_buffer *client_sock,
zmem(buf, sizeof(buf));
- if (FD_ISSET(client_sock->fdn.fd, &r)) {
+ if (checked_fd_isset(client_sock->fdn.fd, &r)) {
do {
do {
len = fdinfo_recv(&client_sock->fdn, buf, sizeof(buf));
@@ -556,7 +556,7 @@ static int handle_connect(struct socket_buffer *client_sock,
} while (fdinfo_pending(&client_sock->fdn));
}
- if (FD_ISSET(s, &r)) {
+ if (checked_fd_isset(s, &r)) {
do {
len = recv(s, buf, sizeof(buf), 0);
} while (len == -1 && socket_errno() == EINTR);

23
nmap.spec
View File

@ -11,9 +11,9 @@
Summary: Network exploration tool and security scanner
Name: nmap
Epoch: 2
Version: 7.70
Version: 7.92
#global prerelease TEST5
Release: 8%{?dist}
Release: 1%{?dist}
# Uses combination of licenses based on GPL license, but with extra modification
# so it got its own license tag rhbz#1055861
License: Nmap
@ -33,15 +33,11 @@ Patch1: nmap-4.03-mktemp.patch
Patch2: nmap-4.52-noms.patch
# upstream provided patch for rhbz#845005, not yet in upstream repository
Patch5: ncat_reg_stdin.diff
Patch6: nmap-6.25-displayerror.patch
Patch7: nmap-safe_fd_functions.patch
Patch3: ncat_reg_stdin.diff
Patch4: nmap-6.25-displayerror.patch
# https://github.com/nmap/nmap/pull/2247
Patch8: nmap_resolve_config.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2120294
Patch9: nmap-ipv6_literal_proxy.patch
Patch5: nmap_resolve_config.patch
URL: http://nmap.org/
BuildRequires: gcc-c++
@ -229,7 +225,7 @@ fi
%files -f nmap.lang
%doc COPYING*
%doc LICENSE
%doc docs/README
%doc docs/nmap.usage.txt
%{_bindir}/nmap
@ -239,7 +235,7 @@ fi
%{_datadir}/nmap
%files ncat
%doc COPYING ncat/docs/AUTHORS ncat/docs/README ncat/docs/THANKS ncat/docs/examples
%doc LICENSE ncat/docs/AUTHORS ncat/docs/README ncat/docs/THANKS ncat/docs/examples
%if 0%{?fedora} && 0%{?fedora} >= 0
%{_bindir}/nc
%{_mandir}/man1/nc.1.gz
@ -275,6 +271,11 @@ fi
%endif
%changelog
* Tue Mar 21 2023 Martin Osvald <mosvald@redhat.com> - 2:7.92-1
- New version 7.92
- Resolves: #2166178 - Nmap much slower after libpcap fix
- Resolves: #2169766 - Rebase nmap for TLS v1.3 support
* Tue Aug 23 2022 Martin Osvald <mosvald@redhat.com> - 2:7.70-8
- Resolves: #2120294 - wrong connect format

2
sources
View File

@ -1 +1 @@
SHA512 (nmap-7.70.tar.bz2) = 084c148b022ff6550e269d976d0077f7932a10e2ef218236fe13aa3a70b4eb6506df03329868fc68cb3ce78e4360b200f5a7a491d3145028fed679ef1c9ecae5
SHA512 (nmap-7.92.tar.bz2) = 7828367f9dc76ff4d1e8c821260e565fb0c3cb6aba0473d24759133a3006cdf2cb087574f0dd7d2ba47a63754ba4f72e0b78cdae1333a58f05c41d428b56ad59