Control: tags 1140945 + patch Control: tags 1140945 + pending Dear maintainer,
I've prepared an NMU for dnsrecon (versioned as 1.3.1-3.1) and uploaded it to DELAYED/2. Please feel free to tell me if I should cancel it. cu Adrian
diffstat for dnsrecon-1.3.1 dnsrecon-1.3.1 changelog | 7 patches/0001-Potential-fix-for-code-scanning-alert-no.-21-Regular.patch | 28 + patches/0002-fix-432.patch | 142 ++++++++++ patches/series | 2 4 files changed, 179 insertions(+) diff -Nru dnsrecon-1.3.1/debian/changelog dnsrecon-1.3.1/debian/changelog --- dnsrecon-1.3.1/debian/changelog 2025-10-12 22:32:30.000000000 +0300 +++ dnsrecon-1.3.1/debian/changelog 2026-07-05 17:05:50.000000000 +0300 @@ -1,3 +1,10 @@ +dnsrecon (1.3.1-3.1) unstable; urgency=medium + + * Non-maintainer upload. + * Backport upstream fix for Python 3.14. (Closes: #1140945) + + -- Adrian Bunk <[email protected]> Sun, 05 Jul 2026 17:05:50 +0300 + dnsrecon (1.3.1-3) unstable; urgency=medium * Team upload. diff -Nru dnsrecon-1.3.1/debian/patches/0001-Potential-fix-for-code-scanning-alert-no.-21-Regular.patch dnsrecon-1.3.1/debian/patches/0001-Potential-fix-for-code-scanning-alert-no.-21-Regular.patch --- dnsrecon-1.3.1/debian/patches/0001-Potential-fix-for-code-scanning-alert-no.-21-Regular.patch 1970-01-01 02:00:00.000000000 +0200 +++ dnsrecon-1.3.1/debian/patches/0001-Potential-fix-for-code-scanning-alert-no.-21-Regular.patch 2026-07-05 17:04:23.000000000 +0300 @@ -0,0 +1,28 @@ +From b894f097796eaedd9729df012e590c16bcf1b9d5 Mon Sep 17 00:00:00 2001 +From: "J.Townsend" <[email protected]> +Date: Sun, 27 Jul 2025 04:14:29 +0100 +Subject: Potential fix for code scanning alert no. 21: Regular expression + injection + +Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> +--- + dnsrecon/lib/bingenum.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/dnsrecon/lib/bingenum.py b/dnsrecon/lib/bingenum.py +index 0688b66..b6e225e 100644 +--- a/dnsrecon/lib/bingenum.py ++++ b/dnsrecon/lib/bingenum.py +@@ -62,7 +62,8 @@ def scrape_bing(dom): + + sock = urllib.request.urlopen(req, timeout=10) + data = sock.read().decode('utf-8') +- results.extend(re.findall(r'([a-zA-Z0-9\-.]+' + dom + ')/?', data)) ++ safe_dom = re.escape(dom) ++ results.extend(re.findall(r'([a-zA-Z0-9\-.]+' + safe_dom + ')/?', data)) + sock.close() + time.sleep(5) + +-- +2.47.3 + diff -Nru dnsrecon-1.3.1/debian/patches/0002-fix-432.patch dnsrecon-1.3.1/debian/patches/0002-fix-432.patch --- dnsrecon-1.3.1/debian/patches/0002-fix-432.patch 1970-01-01 02:00:00.000000000 +0200 +++ dnsrecon-1.3.1/debian/patches/0002-fix-432.patch 2026-07-05 17:04:23.000000000 +0300 @@ -0,0 +1,142 @@ +From 378f15cd0d80436f411c32e199c5d4ad281e5b46 Mon Sep 17 00:00:00 2001 +From: L1ghtn1ng <[email protected]> +Date: Sun, 7 Dec 2025 05:03:09 +0000 +Subject: fix #432 + +--- + dnsrecon/lib/bingenum.py | 34 +++++++++------------------ + dnsrecon/lib/yandexenum.py | 47 +++++++++++++++++++------------------- + 2 files changed, 35 insertions(+), 46 deletions(-) + +diff --git a/dnsrecon/lib/bingenum.py b/dnsrecon/lib/bingenum.py +index b6e225e..95cf426 100644 +--- a/dnsrecon/lib/bingenum.py ++++ b/dnsrecon/lib/bingenum.py +@@ -15,15 +15,10 @@ + + import re + import time +-import urllib.request + +-__name__ = 'bingenum' +- +-url_opener = urllib.request.FancyURLopener ++import httpx + +- +-class AppURLopener(url_opener): +- version = 'Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)' ++__name__ = 'bingenum' + + + def scrape_bing(dom): +@@ -48,24 +43,17 @@ def scrape_bing(dom): + '140', + '150', + ] +- urllib._urlopener = AppURLopener() + +- for n in searches: +- url = 'https://www.bing.com/search?q=domain%3A' + dom + '&qs=n&first=' + n +- req = urllib.request.Request( +- url, +- data=None, +- headers={ +- 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.47 Safari/537.36' +- }, +- ) ++ headers = {'User-Agent': 'Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)'} + +- sock = urllib.request.urlopen(req, timeout=10) +- data = sock.read().decode('utf-8') +- safe_dom = re.escape(dom) +- results.extend(re.findall(r'([a-zA-Z0-9\-.]+' + safe_dom + ')/?', data)) +- sock.close() +- time.sleep(5) ++ with httpx.Client(headers=headers) as client: ++ for n in searches: ++ url = 'https://www.bing.com/search?q=domain%3A' + dom + '&qs=n&first=' + n ++ response = client.get(url, timeout=10.0) ++ data = response.text ++ safe_dom = re.escape(dom) ++ results.extend(re.findall(r'([a-zA-Z0-9\-.]+' + safe_dom + ')/?', data)) ++ time.sleep(5) + + return unique(results) + +diff --git a/dnsrecon/lib/yandexenum.py b/dnsrecon/lib/yandexenum.py +index d463544..4607b3b 100644 +--- a/dnsrecon/lib/yandexenum.py ++++ b/dnsrecon/lib/yandexenum.py +@@ -17,18 +17,11 @@ + + import re + import time +-import urllib +-import urllib.request + ++import httpx + from loguru import logger + + __name__ = 'yandexenum' +-url_opener = urllib.request.FancyURLopener +- +- +-class AppURLopener(url_opener): +- version = """Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 +- (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246""" + + + def scrape_yandex(dom): +@@ -37,25 +30,33 @@ def scrape_yandex(dom): + """ + results = [] + searches = ['1', '2', '3', '4', '5', '10', '20', '30'] +- urllib._urlopener = AppURLopener() + +- for _ in searches: +- url = 'https://yandex.com/search/?text=site%3A' + dom +- try: +- sock = urllib.request.urlopen(url, timeout=10) +- data = sock.read().decode('utf-8') +- sock.close() +- except Exception as e: +- logger.error(e) +- return [] ++ headers = { ++ 'User-Agent': ( ++ 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) ' ++ 'AppleWebKit/537.36 (KHTML, like Gecko) ' ++ 'Chrome/42.0.2311.135 Safari/537.36 Edge/12.246' ++ ) ++ } ++ ++ with httpx.Client(headers=headers) as client: ++ for _ in searches: ++ url = 'https://yandex.com/search/?text=site%3A' + dom ++ try: ++ response = client.get(url, timeout=10.0) ++ data = response.text ++ except Exception as e: ++ logger.error(e) ++ return [] + +- if re.search('enter_captcha_value', data): +- logger.error("Yandex has detected the search as 'bot activity, stopping search...") +- return unique(results) ++ if re.search('enter_captcha_value', data): ++ logger.error("Yandex has detected the search as 'bot activity, stopping search...") ++ return unique(results) + +- results.extend(re.findall(r'([a-zA-Z0-9\-\.]+' + dom + ')/?', data)) ++ safe_dom = re.escape(dom) ++ results.extend(re.findall(r'([a-zA-Z0-9\-\.]+' + safe_dom + ')/?', data)) + +- time.sleep(10) ++ time.sleep(10) + + return unique(results) + +-- +2.47.3 + diff -Nru dnsrecon-1.3.1/debian/patches/series dnsrecon-1.3.1/debian/patches/series --- dnsrecon-1.3.1/debian/patches/series 1970-01-01 02:00:00.000000000 +0200 +++ dnsrecon-1.3.1/debian/patches/series 2026-07-05 17:05:02.000000000 +0300 @@ -0,0 +1,2 @@ +0001-Potential-fix-for-code-scanning-alert-no.-21-Regular.patch +0002-fix-432.patch

