From 1fd6a5653cafb745824061e04571fe9aa8a9b0a0 Mon Sep 17 00:00:00 2001 From: Dan Theisen Date: Fri, 13 Sep 2019 22:56:43 +0000 Subject: user/nmap: bump to 7.80 --- user/nmap/APKBUILD | 18 ++++++--- user/nmap/nmap-7.80-fix_addrset.patch | 74 +++++++++++++++++++++++++++++++++++ 2 files changed, 87 insertions(+), 5 deletions(-) create mode 100644 user/nmap/nmap-7.80-fix_addrset.patch (limited to 'user/nmap') diff --git a/user/nmap/APKBUILD b/user/nmap/APKBUILD index d8bdea9a9..3b256aaa3 100644 --- a/user/nmap/APKBUILD +++ b/user/nmap/APKBUILD @@ -1,14 +1,13 @@ # Maintainer: Dan Theisen pkgname=nmap -pkgver=7.70 -pkgrel=1 +pkgver=7.80 +pkgrel=0 pkgdesc="A network exploration tool and security/port scanner" url="https://nmap.org/" arch="all" license="GPL-2.0-only" depends="" makedepends="linux-headers openssl-dev libpcap-dev pcre-dev zlib-dev libssh2-dev lua5.3-dev" -options="!checkroot" subpackages=" $pkgname-doc $pkgname-scripts::noarch @@ -17,7 +16,12 @@ subpackages=" $pkgname-ncat $pkgname-ncat-doc:ncat_doc netcat::noarch" -source="https://nmap.org/dist/$pkgname-$pkgver.tar.bz2" +source="https://nmap.org/dist/$pkgname-$pkgver.tar.bz2 + nmap-7.80-fix_addrset.patch" + +# secfixes: +# 7.80-r0: +# - CVE-2018-15173 prepare() { default_prepare @@ -26,6 +30,9 @@ prepare() { build() { # zenmap and ndiff require python 2 + export CFLAGS=-g3 + export CPPFLAGS=-g3 + export CXXFLAGS=-g3 ./configure \ --build=$CBUILD \ --host=$CHOST \ @@ -99,4 +106,5 @@ netcat() { ln -s ncat "$subpkgdir"/usr/bin/nc } -sha512sums="084c148b022ff6550e269d976d0077f7932a10e2ef218236fe13aa3a70b4eb6506df03329868fc68cb3ce78e4360b200f5a7a491d3145028fed679ef1c9ecae5 nmap-7.70.tar.bz2" +sha512sums="d4384d3ebf4f3abf3588eed5433f733874ecdceb9342a718dc36db19634b0cc819d73399974eb0a9a9c9dd9e5c88473e07644ec91db28b0c072552b54430be6b nmap-7.80.tar.bz2 +e079c07716bc847b44cb5ba0c1f71fe7d95e786c7a18dad7927ca29e6f2e20fce3674d939335db038e509755945d1db05a1746b508ada3df011fafb890ab9033 nmap-7.80-fix_addrset.patch" diff --git a/user/nmap/nmap-7.80-fix_addrset.patch b/user/nmap/nmap-7.80-fix_addrset.patch new file mode 100644 index 000000000..3fa009c84 --- /dev/null +++ b/user/nmap/nmap-7.80-fix_addrset.patch @@ -0,0 +1,74 @@ +diff --git a/nbase/nbase_addrset.c b/nbase/nbase_addrset.c +index 6f91bc1b2a..849044e4e3 100644 +--- a/nbase/nbase_addrset.c ++++ b/nbase/nbase_addrset.c +@@ -477,30 +477,32 @@ static int sockaddr_to_addr(const struct sockaddr *sa, u32 *addr) + + static int sockaddr_to_mask (const struct sockaddr *sa, int bits, u32 *mask) + { +- s8 i; +- int unmasked_bits = 0; ++ int i, k; + if (bits >= 0) { + if (sa->sa_family == AF_INET) { +- unmasked_bits = 32 - bits; ++ bits += 96; + } + #ifdef HAVE_IPV6 + else if (sa->sa_family == AF_INET6) { +- unmasked_bits = 128 - bits; ++ ; /* do nothing */ + } + #endif + else { + return 0; + } + } ++ else ++ bits = 128; ++ k = bits / 32; + for (i=0; i < 4; i++) { +- if (unmasked_bits <= 32 * (3 - i)) { ++ if (i < k) { + mask[i] = 0xffffffff; + } +- else if (unmasked_bits >= 32 * (4 - i)) { ++ else if (i > k) { + mask[i] = 0; + } + else { +- mask[i] = ~((1 << (unmasked_bits - (32 * (4 - i)))) - 1); ++ mask[i] = 0xfffffffe << (31 - bits % 32); + } + } + return 1; +diff --git a/ncat/test/test-addrset.sh b/ncat/test/test-addrset.sh +index 7f54023c52..285c7b675a 100755 +--- a/ncat/test/test-addrset.sh ++++ b/ncat/test/test-addrset.sh +@@ -208,6 +208,25 @@ test_addrset "1:2::0003/120" "1:2::3 1:2::0 1:2::ff" <