Hello community, here is the log from the commit of package nmap.2077 for openSUSE:12.3:Update checked in at 2013-10-21 17:56:31 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3:Update/nmap.2077 (Old) and /work/SRC/openSUSE:12.3:Update/.nmap.2077.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nmap.2077" Changes: -------- New Changes file: --- /dev/null 2013-10-11 12:16:15.204037506 +0200 +++ /work/SRC/openSUSE:12.3:Update/.nmap.2077.new/nmap.changes 2013-10-21 17:56:32.000000000 +0200 @@ -0,0 +1,525 @@ +------------------------------------------------------------------- +Mon Oct 14 11:39:00 UTC 2013 - vdziewie...@suse.com + +- fix bnc#844953 CVE-2013-4885 (nmap-CVE-2013-4885.patch) +- There was a vulnerability in one of our 437 NSE scripts. If + you ran the (fortunately non-default) http-domino-enum-passwords script + with the (fortunately also non-default) domino-enum-passwords.idpath + parameter against a malicious server, it could cause an arbitrarily named + file to to be written to the client system. + +------------------------------------------------------------------- +Sat Dec 8 13:42:44 UTC 2012 - andreas.stie...@gmx.de + +- run available unit tests +- add nmap-ncat-fail-test-addrset.patch to make ncat tests effective +- add nmap-ncat-skip-network-tests.patch to skip tests requiring + name resolution + +------------------------------------------------------------------- +Sun Dec 2 14:09:50 UTC 2012 - andreas.stie...@gmx.de + +- update to 6.25 + + add 373 IPv4 OS fingerprints and improve existing fingerprints + + add more than 400 service/version detection fingerprints + + integrate latest IPv6 OS submissions and corrections + + Enabled support for IPv6 traceroute using UDP, SCTP, and IPProto + (Next Header) probes. + + Scripts can now return a structured name-value table so that results + are query-able from XML output. Scripts can return a string as + before, or a table, or a table and a string. In this last case, the + table will go to XML output and the string will go to screen output. + + Ncat: Added support for Unix domain sockets. The new -U and + --unixsock options activate this mode. + + removal of Windows dependencies reduces size of source tarball + + Replaced old RPC grinder with NSE-based implementation + + Updated Nmap Scripting Engine to use Lua 5.2 + + Added 85 NSE scripts + + Added 12 new protocol libraries: + * ajp (Apache JServ Protocol) + * base32 (Base32 encoding/decoding - RFC 4648) + * bjnp (Canon BJNP printer/scanner discovery protocol) + * cassandra (Cassandra database protocol) + * eigrp (Cisco Enhanced Interior Gateway Routing Protocol) + * gps (Global Positioning System - does GPRMC NMEA decoding) + * ipp (CUPS Internet Printing Protocol) + * isns (Internet Storage Name Service) + * jdwp (Java Debug Wire Protocol) + * mobileme (a service for managing Apple/Mac devices) + * ospf (Open Shortest Path First routing protocol) + * rdp (Remote Desktop Protocol) + + added more Common Platform Enumeration (CPE) identifiers + + Scans that use OS sockets (including TCP connect scan, version + detection, and script scan) now use the SO_BINDTODEVICE sockopt on + Linux, so that the -e (select network device) option is + honored. + + [Zenmap] Host filters can now do negative matching, for example you + can use "os:!linux" to match hosts NOT detected as Linux. + + further minor improvements and bug fixes as listed in + http://nmap.org/changelog.html +- for openSUSE releases where lua 5.2 is available, build with that + library, otherwise use the library that comes with the sources +- add tests for the correct system or included libraries +- refresh nmap-4.75-nostrip.patch +- refresh su-to-zenmap.patch + +------------------------------------------------------------------- +Mon Jul 16 21:46:27 UTC 2012 - andreas.stie...@gmx.de + +- update manpages glob to fix Factory build + +------------------------------------------------------------------- +Sat Jun 23 08:56:35 UTC 2012 - andreas.stie...@gmx.de + +- update to upstream 6.0.1 + * fix a zenmap a crash that happened when activating the host filter. + * fix finding network interfaces if one of them is in monitor mode + * fixx greppable output of hosts that time-out + +------------------------------------------------------------------- +Mon May 21 20:27:08 UTC 2012 - andreas.stie...@gmx.de + +- update to upstream 6.00 + * enhanced Nmap Scripting Engine + * Better Web Scanning + * Full IPv6 Support + * New NPing Tool + * Better Zenmap GUI & results viewer + * Faster scans + * for a full list of changes see http://nmap.org/6/#changes and + http://nmap.org/changelog.html +- refresh nmap-4.00-libpcap-filter.diff + +------------------------------------------------------------------- +Tue Mar 27 21:36:17 UTC 2012 - andreas.stie...@gmx.de + +- as nmap is built with the inluded and stripped nmap-libdnet-1.12, + remove system libdnet as build requirement + +------------------------------------------------------------------- +Mon Mar 26 21:22:40 UTC 2012 - andreas.stie...@gmx.de + +- Update to nmap-5.61TEST5 +- refresh nmap-4.00-libpcap-filter.diff for moved source lines +- refresh nmap-4.00-noreturn.diff for moved source lines +- refresh nmap-4.75-nostrip.patch for moved source lines +- update nmap-5.00-desktop_files.patch + to nmap-5.61-desktop_files.patch for change source +- update su-to-zenmap.patch for moved source lines + +------------------------------------------------------------------- +Mon Mar 26 19:16:15 UTC 2012 - dims...@opensuse.org + +- Conditionally change lua-devel BuildRequires to lua51-devel on + openSUSE > 12.1. The code is not yet ready for lua 5.2. + +------------------------------------------------------------------- +Sat Oct 22 17:43:10 UTC 2011 - eug...@nobilis.org.ru + +- Fixed a run Zenmap as sudo in KDE and GNOME + +------------------------------------------------------------------- +Mon Oct 17 02:38:28 UTC 2011 - crrodrig...@opensuse.org + +- Update to nmap 5.61-xxx branch, changelog too long, see NEWS + for details. +- Add a new subpackage "nping" +- drop no-md2.patch already in upstream. + +------------------------------------------------------------------- +Wed Dec 1 15:47:07 UTC 2010 - vci...@novell.com + +- add nmap-5.21-gnomesu.patch (fixed bnc#613847) + +------------------------------------------------------------------- +Sat Oct 30 04:44:07 UTC 2010 - malcolmle...@opensuse.org + +- spec file clean up to build on SLE and openSUSE < 11.3 + +------------------------------------------------------------------- +Fri Aug 27 13:53:19 CEST 2010 - ani...@suse.cz + +- update to 5.21 + * Dramatically improved the version detection database, integrating + 2,596 submissions that users contributed since February 3, 2009! + * bugfixes + +------------------------------------------------------------------- +Mon Apr 19 09:01:38 CEST 2010 - meiss...@suse.de + +- disable md2 in the scripting language (no longer supplied + by default openssl) + +------------------------------------------------------------------- +Fri Oct 9 14:09:25 CEST 2009 - ani...@suse.cz + +- fixed bnc#528581 + +------------------------------------------------------------------- +Wed Aug 12 17:38:39 CEST 2009 - co...@novell.com + +- Pascal updated to 5.00 with way too many changes to list them, + see /usr/share/doc/packages/nmap/CHANGELOG +- introduce ncat and ndiff packages providing tools for nmap scans + +------------------------------------------------------------------- +Sun Aug 9 12:43:26 CEST 2009 - co...@novell.com + +- use new python macros + +------------------------------------------------------------------- +Tue Jun 23 14:46:57 CEST 2009 - meiss...@suse.de + +- remove strip so we have debuginfos + +------------------------------------------------------------------- +Thu Sep 11 16:25:06 CEST 2008 - hvo...@suse.de + +- Update to 4.75 + * [Zenmap] Added a new Scan Topology system. + * [Zenmap] Another exciting new Zenmap feature is Scan + Aggregation. + * [Zenmap] Added a context-sensitive help system to the Profile + Editor. + * Expanded nmap-services to include information on how frequently + each port number is found open. + * Nmap now scans the most common 1,000 ports by default in either + protocol (UDP scan is still optional). + * Nmap fast scan (-F) now scans the top 100 ports by default in + either protocol. + * The --top-ports option lets you specify the number of ports you + wish to scan in each protocol, and will pick the most popular + ports for you based on the new frequency data. + * integrated all of the OS detection fingerprint and correction + submissions +- rename nmap-gtk subpackage to zenmap + +------------------------------------------------------------------- ++++ 328 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.3:Update/.nmap.2077.new/nmap.changes New: ---- nmap-4.00-noreturn.diff nmap-4.75-nostrip.patch nmap-5.61-desktop_files.patch nmap-6.00-libpcap-filter.diff nmap-6.25.tar.bz2 nmap-CVE-2013-4885.patch nmap-ncat-fail-test-addrset.patch nmap-ncat-skip-network-tests.patch nmap.changes nmap.spec su-to-zenmap.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nmap.spec ++++++ # # spec file for package nmap # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %{!?python_sitelib: %global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")} %{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")} %define with_system_lua 0%{?suse_version} >= 1220 Name: nmap BuildRequires: dos2unix BuildRequires: fdupes BuildRequires: gcc-c++ BuildRequires: gtk2-devel BuildRequires: libpcap-devel BuildRequires: openssl-devel BuildRequires: pcre-devel BuildRequires: python-devel BuildRequires: update-desktop-files %if %with_system_lua BuildRequires: pkgconfig(lua) >= 5.2 %endif Url: http://nmap.org/ Version: 6.25 Release: 0 Summary: Portscanner License: GPL-2.0+ Group: Productivity/Networking/Diagnostic BuildRoot: %{_tmppath}/%{name}-%{version}-build Source: http://nmap.org/dist/nmap-%{version}.tar.bz2 Patch: nmap-6.00-libpcap-filter.diff Patch1: nmap-4.00-noreturn.diff Patch2: nmap-5.61-desktop_files.patch Patch3: nmap-4.75-nostrip.patch Patch5: su-to-zenmap.patch Patch6: nmap-ncat-fail-test-addrset.patch Patch7: nmap-ncat-skip-network-tests.patch #PATCH-FIX-UPSTREAM-BNC#844953-CVE-2013-4885 Patch8: nmap-CVE-2013-4885.patch %description Nmap is designed to allow system administrators and curious individuals to scan large networks to determine which hosts are up and what services they are offering. XNmap is a graphical front-end that shows nmap's output clearly. Find documentation in %{_docdir}/%{name} Authors: -------- Fyodor <fyo...@dhp.com> %package -n zenmap Summary: A Graphical Front-End for Nmap Group: Productivity/Networking/Diagnostic Requires: %name = %version Obsoletes: %name-gtk Provides: %name-gtk = %{version}-%{release} %py_requires %description -n zenmap zenmap is a graphical front-end for the nmap network scanner Authors: -------- Fyodor <fyo...@dhp.com> %package -n ncat Summary: Network Tool to concatenate and redirect Sockets Group: Productivity/Networking/Diagnostic %description -n ncat Ncat is a feature-packed networking utility which will read and write data across a network from the command line. Ncat was written for the Nmap Project and is the culmination of the currently splintered family of Netcat incarnations. It uses both TCP and UDP for communication and is designed to be a reliable back-end tool to instantly provide network connectivity to other applications and users. Ncat will not only work with IPv4 and IPv6 but provides the user with a virtually limitless number of potential uses. Among Ncat´s vast number of features there is the ability to chain Ncats together, redirect both TCP and UDP ports to other sites, SSL support, and proxy connections via SOCKS4 or HTTP (CONNECT method) proxies (with optional proxy authentication as well). Some general principles apply to most applications and thus give you the capability of instantly adding networking support to software that would normally never support it. Authors: -------- Fyodor <fyo...@dhp.com> %package -n ndiff Summary: Compare Results of Nmap Scans Group: Productivity/Networking/Diagnostic %py_requires %description -n ndiff Ndiff is a tool to aid in the comparison of Nmap scans. It takes two Nmap XML output files and prints the differences between them: hosts coming up and down, ports becoming open or closed, etc. Authors: -------- Fyodor <fyo...@dhp.com> %package -n nping Summary: Compare Results of Nmap Scans Group: Productivity/Networking/Diagnostic %description -n nping Network packet generation tool / ping utility Authors: -------- Fyodor <fyo...@dhp.com> %prep %setup -q %patch -p0 %patch1 -p0 %patch2 -p0 %patch3 -p0 %patch5 -p0 %patch6 -p1 %patch7 -p1 %patch8 -p0 #fix locale dir mv zenmap/share/zenmap/locale zenmap/share sed -i -e "s|^locale_dir =.*$|locale_dir = os.path.join('share','locale')|" \ -e 's|join(self.install_data, data_dir)|join(self.install_data, "share")|' zenmap/setup.py sed -i 's|^LOCALE_DIR = .*|LOCALE_DIR = join(prefix, "share", "locale")|' zenmap/zenmapCore/Paths.py #fix jp/ja pt_PT/pt zh/zh_CN locale sed -i '/ALL_LINGUAS =/s/jp/ja/' Makefile.in sed -i '/ALL_LINGUAS =/s/pt_PT/pt/' Makefile.in sed -i '/ALL_LINGUAS =/s/zh/zh_CN/' Makefile.in mv docs/man-xlate/nmap-jp.1 docs/man-xlate/nmap-ja.1 mv docs/man-xlate/nmap-pt_PT.1 docs/man-xlate/nmap-pt.1 mv docs/man-xlate/nmap-zh.1 docs/man-xlate/nmap-zh_CN.1 %build export CFLAGS="%optflags -DOPENSSL_LOAD_CONF" export CXXFLAGS="%optflags -DOPENSSL_LOAD_CONF" %configure --with-libpcap=%{_usr} \ --with-libdnet=included \ %if %with_system_lua --with-liblua=%{_usr} \ %else --with-liblua=included \ %endif --with-libpcre=%{_usr} %__make %{?jobs:-j%jobs} %install %__make DESTDIR="%{buildroot}" deskdir="%{_datadir}/gnome/apps/Utilities/" install %__rm "%{buildroot}%{_bindir}/uninstall_zenmap" %__install -d "%{buildroot}/usr/share/pixmaps/" %__ln_s ../zenmap/pixmaps/zenmap.png "%{buildroot}/usr/share/pixmaps/zenmap.png" %suse_update_desktop_file zenmap System Network %suse_update_desktop_file zenmap-root System Network %find_lang zenmap touch -r %{buildroot}/%{python_sitelib}/zenmapCore/Paths.py %{buildroot}/%{python_sitelib}/zenmapCore/Paths.pyc dos2unix %{buildroot}%{_datadir}/%{name}/nselib/data/oracle-sids %fdupes -s %{buildroot} %check pushd ncat %__make check popd pushd libdnet-stripped %__make check popd # retrieve list of compiled in modules compiled_with=$("${RPM_BUILD_ROOT}%{_bindir}/nmap" -V | %__grep "Compiled with:" ) # for the following tests, the leading space is relevant # check features built with system libraries [[ $compiled_with == *\ libpcre-* ]] [[ $compiled_with == *\ libpcap-* ]] [[ $compiled_with == *\ openssl-* ]] # check features built with included sources [[ $compiled_with == *\ nmap-libdnet-* ]] # check for lua %if %with_system_lua [[ $compiled_with == *\ liblua-5.2* ]] %else # lua in nmap tarball identifies itself as "liblua-5.2.1" [[ $compiled_with == *\ liblua-5.2.1* ]] %endif # %clean %__rm -rf "%{buildroot}" %files %defattr(-,root,root) %doc COPYING* CHANGELOG HACKING %doc docs/README %doc docs/nmap.usage.txt %dir %{_mandir}/?? %dir %{_mandir}/??/man1 %dir %{_mandir}/??_?? %dir %{_mandir}/??_??/man1 %{_mandir}/man1/nmap.1.gz %{_mandir}/*/man1/* %{_bindir}/nmap %{_datadir}/nmap %files -n zenmap -f zenmap.lang %defattr(-,root,root) %{_bindir}/xnmap %{_bindir}/zenmap %{_bindir}/nmapfe %{python_sitelib}/zenmap-%{version}-py%{py_ver}.egg-info %{python_sitelib}/zenmapCore %{python_sitelib}/zenmapGUI %{python_sitelib}/radialnet %{_datadir}/applications/zenmap-root.desktop %{_datadir}/applications/zenmap.desktop %{_datadir}/pixmaps/zenmap.png %{_datadir}/zenmap %{_mandir}/man1/zenmap.1.gz %files -n ncat %defattr(-,root,root) %{_bindir}/ncat %{_mandir}/man1/ncat.1.gz %dir %{_datadir}/ncat %config(noreplace) %{_datadir}/ncat/ca-bundle.crt %files -n ndiff %defattr(-,root,root) %{_bindir}/ndiff %{_mandir}/man1/ndiff.1.gz %files -n nping %defattr(-,root,root) %{_bindir}/nping %{_mandir}/man1/nping.1.gz %changelog ++++++ nmap-4.00-noreturn.diff ++++++ Index: libpcap/gencode.c =================================================================== --- libpcap/gencode.c.orig 2010-04-21 05:39:45.000000000 +0100 +++ libpcap/gencode.c 2012-03-26 22:12:26.000000000 +0100 @@ -129,7 +129,7 @@ static int pcap_fddipad; #endif /* VARARGS */ -void +void __attribute__((__noreturn__)) bpf_error(const char *fmt, ...) { va_list ap; ++++++ nmap-4.75-nostrip.patch ++++++ Index: Makefile.in =================================================================== --- Makefile.in.orig 2012-09-13 01:17:42.000000000 +0100 +++ Makefile.in 2012-12-02 11:47:22.000000000 +0000 @@ -253,9 +253,6 @@ my_distclean: install-nmap: $(TARGET) $(INSTALL) -d $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1 $(DESTDIR)$(nmapdatadir) $(INSTALL) -c -m 755 nmap $(DESTDIR)$(bindir)/nmap -# Use strip -x to avoid stripping dynamically loaded NSE functions. See -# http://seclists.org/nmap-dev/2007/q4/0272.html. - $(STRIP) -x $(DESTDIR)$(bindir)/nmap $(INSTALL) -c -m 644 docs/$(TARGET).1 $(DESTDIR)$(mandir)/man1/ if [ "$(USE_NLS)" = "yes" ]; then \ for ll in $(filter $(ALL_LINGUAS),$(LINGUAS)); do \ ++++++ nmap-5.61-desktop_files.patch ++++++ Index: zenmap/install_scripts/unix/zenmap-root.desktop =================================================================== --- zenmap/install_scripts/unix/zenmap-root.desktop.orig 2011-12-12 09:05:48.000000000 +0000 +++ zenmap/install_scripts/unix/zenmap-root.desktop 2012-03-26 22:19:14.000000000 +0100 @@ -1,11 +1,11 @@ [Desktop Entry] Encoding=UTF-8 Name=Zenmap (as root) -GenericName=GUI Port Scanner +GenericName=Port Scanner +Comment=A Graphical Interface for the Nmap Security Scanner TryExec=su-to-zenmap.sh Exec=su-to-zenmap.sh %F Terminal=false Icon=zenmap Type=Application -Categories=Application;Network;Security; -Comment=A cross-platform GUI for the Nmap Security Scanner. +Categories=Application;Network;System;Security;GTK Index: zenmap/install_scripts/unix/zenmap.desktop =================================================================== --- zenmap/install_scripts/unix/zenmap.desktop.orig 2011-12-12 09:05:48.000000000 +0000 +++ zenmap/install_scripts/unix/zenmap.desktop 2012-03-26 22:20:02.000000000 +0100 @@ -1,11 +1,11 @@ [Desktop Entry] Encoding=UTF-8 Name=Zenmap -GenericName=GUI Port Scanner +GenericName=Port Scanner +Comment=A Graphical Interface for the Nmap Security Scanner TryExec=zenmap Exec=zenmap %F Terminal=false Icon=zenmap Type=Application -Categories=Application;Network;Security; -Comment=A cross-platform GUI for the Nmap Security Scanner. +Categories=Application;Network;System;Security;GTK ++++++ nmap-6.00-libpcap-filter.diff ++++++ Index: libpcap/pcap-bpf.c =================================================================== --- libpcap/pcap-bpf.c.orig 2012-04-10 04:37:22.000000000 +0100 +++ libpcap/pcap-bpf.c 2012-05-21 21:25:27.000000000 +0100 @@ -483,7 +483,7 @@ bpf_open(pcap_t *p) fd = open(device, O_RDWR); if (fd == -1 && errno == EACCES) fd = open(device, O_RDONLY); - } while (fd < 0 && errno == EBUSY); + } while (fd < 0 && errno == EBUSY && n < 1000); /* * XXX better message for all minors used Index: libpcap/pcap-linux.c =================================================================== --- libpcap/pcap-linux.c.orig 2012-04-10 04:37:22.000000000 +0100 +++ libpcap/pcap-linux.c 2012-05-21 21:25:27.000000000 +0100 @@ -2424,8 +2424,30 @@ pcap_setfilter_linux_common(pcap_t *hand if (can_filter_in_kernel) { if ((err = set_kernel_filter(handle, &fcode)) == 0) { + char buf[1024]; + int oldflags; + int ret; + unsigned int received = 0, rec_len = 0; + socklen_t optlen = sizeof(rec_len); /* Installation succeded - using kernel filter. */ handle->md.use_bpf = 1; + + oldflags = fcntl(handle->fd, F_GETFL, 0); + oldflags |= O_NONBLOCK; + fcntl(handle->fd, F_SETFL, oldflags); + getsockopt(handle->fd, SOL_SOCKET, SO_RCVBUF, + (char *)&rec_len, &optlen); + + /* now read all packets received until now */ + while((ret = read(handle->fd, buf, 1024)) > 0 + && received < rec_len) { + received += ret; + } + + if(oldflags > 0) { + oldflags &= ~O_NONBLOCK; + fcntl(handle->fd, F_SETFL, oldflags); + } } else if (err == -1) /* Non-fatal error */ { ++++++ nmap-CVE-2013-4885.patch ++++++ Index: scripts/http-domino-enum-passwords.nse =================================================================== --- scripts/http-domino-enum-passwords.nse.orig +++ scripts/http-domino-enum-passwords.nse @@ -313,9 +313,10 @@ action = function(host, port) http_response = http.get( vhost or host, port, u_details.idfile, { auth = { username = user, password = pass }, no_cache = true }) if ( http_response.status == 200 ) then - local status, err = saveIDFile( ("%s/%s.id"):format(download_path, u_details.fullname), http_response.body ) + local filename = download_path .. "/" .. stdnse.filename_escape(u_details.fullname .. ".id") + local status, err = saveIDFile( filename, http_response.body ) if ( status ) then - table.insert( id_files, ("%s ID File has been downloaded (%s/%s.id)"):format(u_details.fullname, download_path, u_details.fullname) ) + table.insert( id_files, ("%s ID File has been downloaded (%s)"):format(u_details.fullname, filename) ) else table.insert( id_files, ("%s ID File was not saved (error: %s)"):format(u_details.fullname, err ) ) end Index: scripts/stuxnet-detect.nse =================================================================== --- scripts/stuxnet-detect.nse.orig +++ scripts/stuxnet-detect.nse @@ -81,7 +81,7 @@ local function check_infected(host, path fmt = save:gsub("%%h", host.ip) fmt = fmt:gsub("%%v", version) - file = io.open(fmt, "w") + file = io.open(stdnse.filename_escape(fmt), "w") if file then stdnse.print_debug(1, "Wrote %d bytes to file %s.", #result.arguments, fmt) file:write(result.arguments) Index: scripts/http-config-backup.nse =================================================================== --- scripts/http-config-backup.nse.orig +++ scripts/http-config-backup.nse @@ -209,7 +209,7 @@ action = function (host, port) if (response.status == 200) then -- check it if is valid before inserting if cfg.check(response.body) then - local filename = ((host.targetname or host.ip) .. url_path):gsub("/", "-"); + local filename = stdnse.escape_filename((host.targetname or host.ip) .. url_path) -- save the content if save then Index: scripts/hostmap-bfk.nse =================================================================== --- scripts/hostmap-bfk.nse.orig +++ scripts/hostmap-bfk.nse @@ -50,7 +50,7 @@ categories = {"external", "discovery", " local HOSTMAP_SERVER = "www.bfk.de" -local filename_escape, write_file +local write_file hostrule = function(host) return not ipOps.isPrivate(host.ip) @@ -92,7 +92,7 @@ action = function(host) local filename_prefix = stdnse.get_script_args("hostmap-bfk.prefix") if filename_prefix then - local filename = filename_prefix .. filename_escape(host.targetname or host.ip) + local filename = filename_prefix .. stdnse.filename_escape(host.targetname or host.ip) local status, err = write_file(filename, hostnames_str .. "\n") if status then output_str = string.format("Saved to %s\n", filename) @@ -107,13 +107,6 @@ action = function(host) return output_str end --- Escape some potentially unsafe characters in a string meant to be a filename. -function filename_escape(s) - return string.gsub(s, "[\0/=]", function(c) - return string.format("=%02X", string.byte(c)) - end) -end - function write_file(filename, contents) local f, err = io.open(filename, "w") if not f then Index: scripts/domino-enum-users.nse =================================================================== --- scripts/domino-enum-users.nse.orig +++ scripts/domino-enum-users.nse @@ -103,7 +103,7 @@ action = function(host, port) helper:disconnect() if ( status and data and path ) then - local filename = ("%s/%s.id"):format(path, username ) + local filename = path .. "/" .. stdnse.filename_escape(u_details.fullname .. ".id") local status, err = saveIDFile( filename, data ) if ( status ) then Index: scripts/ms-sql-dump-hashes.nse =================================================================== --- scripts/ms-sql-dump-hashes.nse.orig +++ scripts/ms-sql-dump-hashes.nse @@ -119,7 +119,7 @@ action = function( host, port ) local filename if ( dir ) then local instance = instance:GetName():match("%\\+(.+)$") or instance:GetName() - filename = ("%s/%s_%s_ms-sql_hashes.txt"):format(dir, host.ip, instance) + filename = dir .. "/" .. stdnse.filename_escape(("%s_%s_ms-sql_hashes.txt"):format(host.ip, instance)) saveToFile(filename, instanceOutput[1]) end end Index: scripts/snmp-ios-config.nse =================================================================== --- scripts/snmp-ios-config.nse.orig +++ scripts/snmp-ios-config.nse @@ -184,7 +184,7 @@ action = function(host, port) result = ( infile and infile:getContent() ) if ( tftproot ) then - local fname = tftproot .. host.ip .. "-config" + local fname = tftproot .. stdnse.filename_escape(host.ip .. "-config") local file, err = io.open(fname, "w") if ( file ) then file:write(result) Index: CHANGELOG =================================================================== --- CHANGELOG.orig +++ CHANGELOG @@ -1,5 +1,19 @@ # Nmap Changelog ($Id: CHANGELOG 30318 2012-11-29 19:13:48Z fyodor $); -*-text-*- +CVE patch: +o [NSE] Oops, there was a vulnerability in one of our 437 NSE scripts. + If you ran the (fortunately non-default) http-domino-enum-passwords + script with the (fortunately also non-default) + domino-enum-passwords.idpath parameter against a malicious server, + it could cause an arbitrarily named file to to be written to the + client system. Thanks to Trustwave researcher Piotr Duszynski for + discovering and reporting the problem. We've fixed that script, and + also updated several other scripts to use a new + stdnse.filename_escape function for extra safety. This breaks our + record of never having a vulnerability in the 16 years that Nmap has + existed, but that's still a fairly good run. [David, Fyodor] + + Nmap 6.25 [2012-11-29] o [NSE] Added CPE to smb-os-discovery output. Index: nselib/stdnse.lua =================================================================== --- nselib/stdnse.lua.orig +++ nselib/stdnse.lua @@ -1154,4 +1154,36 @@ function output_table () return setmetatable({}, mt) end +-- This pattern must match the percent sign '%' since it is used in +-- escaping. +local FILESYSTEM_UNSAFE = "[^a-zA-Z0-9._-]" +--- +-- Escape a string to remove bytes and strings that may have meaning to +-- a filesystem, such as slashes. All bytes are escaped, except for: +-- * alphabetic <code>a</code>-<code>z</code> and <code>A</code>-<code>Z</code>, digits 0-9, <code>.</code> <code>_</code> <code>-</code> +-- In addition, the strings <code>"."</code> and <code>".."</code> have +-- their characters escaped. +-- +-- Bytes are escaped by a percent sign followed by the two-digit +-- hexadecimal representation of the byte value. +-- * <code>filename_escape("filename.ext") --> "filename.ext"</code> +-- * <code>filename_escape("input/output") --> "input%2foutput"</code> +-- * <code>filename_escape(".") --> "%2e"</code> +-- * <code>filename_escape("..") --> "%2e%2e"</code> +-- This escaping is somewhat like that of JavaScript +-- <code>encodeURIComponent</code>, except that fewer bytes are +-- whitelisted, and it works on bytes, not Unicode characters or UTF-16 +-- code points. +function filename_escape(s) + if s == "." then + return "%2e" + elseif s == ".." then + return "%2e%2e" + else + return (string.gsub(s, FILESYSTEM_UNSAFE, function (c) + return string.format("%%%02x", string.byte(c)) + end)) + end +end + return _ENV; ++++++ nmap-ncat-fail-test-addrset.patch ++++++ From: Andreas Stieger <andreas.stie...@gmx.de> Date: 2012-12-06 18:46:29 +0000 Subject: [PATCH] ncat - make check succeeds despite test failures References: http://seclists.org/nmap-dev/2012/q4/373 Upstream: merged For ncat, "make check" succeeds despite test failures. Patch corrects ncat/test/test-addrset.sh by exiting the script with a non-zero return value. $ svn log -r30341:30350 https://svn.nmap.org/nmap/ncat/test/test-addrset.sh ------------------------------------------------------------------------ r30341 | david | 2012-12-05 06:48:15 +0000 (Wed, 05 Dec 2012) | 4 lines Make test-addrset.sh exit with nonzero status if any tests fail. Patch by Andreas Stieger. http://seclists.org/nmap-dev/2012/q4/385 ------------------------------------------------------------------------ r30350 | dmiller | 2012-12-06 18:46:29 +0000 (Thu, 06 Dec 2012) | 1 line Change test-addrset.sh to be POSIX sh compliant ------------------------------------------------------------------------ --- ncat/test/test-addrset.sh | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) Index: nmap-6.25/ncat/test/test-addrset.sh =================================================================== --- nmap-6.25.orig/ncat/test/test-addrset.sh 2009-06-14 18:12:56.000000000 +0100 +++ nmap-6.25/ncat/test/test-addrset.sh 2012-12-08 13:29:30.000000000 +0000 @@ -1,46 +1,56 @@ -#!/usr/bin/env bash +#!/bin/sh # Automated tests for the addrset functions in ncat_hostmatch.c. This # program runs various addresses against different host specifications # and checks that the output is what is expected. ADDRSET=./addrset +TESTS=0 +TEST_PASS=0 +TEST_FAIL=0 # Takes as arguments a whitespace-separated list of host specifications # and a space-separated list of expected matching addresses. Tests hosts # are passed in stdin. -function test_addrset() { +test_addrset() { specs=$1 expected=$2 result=$($ADDRSET $specs) ret=$? # Change newlines to spaces. result=$(echo $result) + TESTS=$((TESTS + 1)); if [ "$ret" != "0" ]; then echo "FAIL $ADDRSET returned $ret." + TEST_FAIL=$((TEST_FAIL + 1)) elif [ "$result" != "$expected" ]; then echo "FAIL \"$result\" !=" echo " \"$expected\"." + TEST_FAIL=$((TEST_FAIL + 1)) else echo "PASS $specs" + TEST_PASS=$((TEST_PASS + 1)) fi } # Takes as an argument a host specification with invalid syntax. The # test passes if addrset returns with a non-zero exit code. -function expect_fail() { +expect_fail() { specs=$1 $ADDRSET $specs < /dev/null 2> /dev/null ret=$? - if [ "$ret" == "0" ]; then + TESTS=$((TESTS + 1)) + if [ "$ret" = "0" ]; then echo "FAIL $ADDRSET $specs was expected to fail, but didn't." + TEST_FAIL=$((TEST_FAIL + 1)) else echo "PASS $specs" + TEST_PASS=$((TEST_PASS + 1)) fi } # seq replacement for systems without seq. -function seq() { +seq() { low=$1 high=$2 while [ $low -le $high ]; do @@ -296,3 +306,9 @@ expect_fail "FF::FF/129" # 1.2.0.3 # 1.2.3.4 # EOF + +if [ "$TEST_FAIL" -gt 0 ]; then + echo "$TEST_PASS / $TESTS passed, $TEST_FAIL failed" + exit 1 +fi +echo "$TEST_PASS / $TESTS passed" ++++++ nmap-ncat-skip-network-tests.patch ++++++ From: Andreas Stieger <andreas.stie...@gmx.de> Date: 2012-12-08 13:31:24 +0000 Subject: [PATCH] ncat - skip tests requiring name resolution References: http://seclists.org/nmap-dev/2012/q4/373 Upstream: never Some tests in the ncat test script require name resolution which is not available in OBS. Remove tests. --- ncat/test/test-addrset.sh | 20 -------------------- 1 file changed, 20 deletions(-) Index: nmap-6.25/ncat/test/test-addrset.sh =================================================================== --- nmap-6.25.orig/ncat/test/test-addrset.sh 2012-12-08 13:30:07.000000000 +0000 +++ nmap-6.25/ncat/test/test-addrset.sh 2012-12-08 13:30:37.000000000 +0000 @@ -227,26 +227,6 @@ test_addrset "1:2::0003/0" "1:2::3 1:2:: ff::00 EOF -# Name lookup. -test_addrset "google.com" "google.com" <<EOF -1:2::3:4 -1.2.3.4 -google.com -EOF - -# Name lookup combined with CIDR netmask. -test_addrset "google.com/30" "google.com" <<EOF -1:2::3:4 -1.2.3.4 -google.com -EOF - -# Name lookup combined with /0 CIDR netmask. -test_addrset "google.com/0" "1.2.3.4 google.com" <<EOF -1.2.3.4 -google.com -EOF - expect_fail "." expect_fail "-" expect_fail "," ++++++ su-to-zenmap.patch ++++++ Index: zenmap/install_scripts/unix/su-to-zenmap.sh =================================================================== --- zenmap/install_scripts/unix/su-to-zenmap.sh.orig 2012-08-19 21:11:06.000000000 +0100 +++ zenmap/install_scripts/unix/su-to-zenmap.sh 2012-12-02 11:48:38.000000000 +0000 @@ -13,8 +13,8 @@ if test "$euid" = "$privid"; then $COMMAND else if test -z "$SU_TO_ROOT_X"; then - if which gksu >/dev/null 2>&1 ; then - SU_TO_ROOT_X=gksu + if which gnomesu >/dev/null 2>&1 ; then + SU_TO_ROOT_X=gnomesu if test "X$KDE_FULL_SESSION" = "Xtrue" ; then if which kdesu >/dev/null 2>&1 ; then SU_TO_ROOT_X=kdesu @@ -39,7 +39,7 @@ else fi fi case $SU_TO_ROOT_X in - gksu) gksu -u "$PRIV" "$COMMAND";; + gnomesu) gnomesu -u "$PRIV" -c "$COMMAND";; kdesu) kdesu -u "$PRIV" -c "$COMMAND";; kde4su) /usr/lib/kde4/libexec/kdesu -u "$PRIV" -c "$COMMAND";; ktsuss) ktsuss -u "$PRIV" "$COMMAND";; -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org