From 1fd6a5653cafb745824061e04571fe9aa8a9b0a0 Mon Sep 17 00:00:00 2001
From: Dan Theisen <djt@hxx.in>
Date: Fri, 13 Sep 2019 22:56:43 +0000
Subject: [PATCH] user/nmap: bump to 7.80
---
user/nmap/APKBUILD | 18 +++++--
user/nmap/nmap-7.80-fix_addrset.patch | 74 +++++++++++++++++++++++++++
2 files changed, 87 insertions(+), 5 deletions(-)
create mode 100644 user/nmap/nmap-7.80-fix_addrset.patch
diff --git a/user/nmap/APKBUILD b/user/nmap/APKBUILD
index d8bdea9a93..3b256aaa33 100644
--- a/user/nmap/APKBUILD
+++ b/user/nmap/APKBUILD
@@ -1,14 +1,13 @@
# Maintainer: Dan Theisen <djt@hxx.in>
pkgname=nmap
-pkgver=7.70
-pkgrel=1
+pkgver=7.80
+pkgrel=0
pkgdesc="A network exploration tool and security/port scanner"
url="https://nmap.org/"
arch="all"
license="GPL-2.0-only"
depends=""
makedepends="linux-headers openssl-dev libpcap-dev pcre-dev zlib-dev libssh2-dev lua5.3-dev"
-options="!checkroot"
subpackages="
$pkgname-doc
$pkgname-scripts::noarch
@@ -17,7 +16,12 @@ subpackages="
$pkgname-ncat
$pkgname-ncat-doc:ncat_doc
netcat::noarch"
-source="https://nmap.org/dist/$pkgname-$pkgver.tar.bz2"
+source="https://nmap.org/dist/$pkgname-$pkgver.tar.bz2
+ nmap-7.80-fix_addrset.patch"
+
+# secfixes:
+# 7.80-r0:
+# - CVE-2018-15173
prepare() {
default_prepare
@@ -26,6 +30,9 @@ prepare() {
build() {
# zenmap and ndiff require python 2
+ export CFLAGS=-g3
+ export CPPFLAGS=-g3
+ export CXXFLAGS=-g3
./configure \
--build=$CBUILD \
--host=$CHOST \
@@ -99,4 +106,5 @@ netcat() {
ln -s ncat "$subpkgdir"/usr/bin/nc
}
-sha512sums="084c148b022ff6550e269d976d0077f7932a10e2ef218236fe13aa3a70b4eb6506df03329868fc68cb3ce78e4360b200f5a7a491d3145028fed679ef1c9ecae5 nmap-7.70.tar.bz2"
+sha512sums="d4384d3ebf4f3abf3588eed5433f733874ecdceb9342a718dc36db19634b0cc819d73399974eb0a9a9c9dd9e5c88473e07644ec91db28b0c072552b54430be6b nmap-7.80.tar.bz2
+e079c07716bc847b44cb5ba0c1f71fe7d95e786c7a18dad7927ca29e6f2e20fce3674d939335db038e509755945d1db05a1746b508ada3df011fafb890ab9033 nmap-7.80-fix_addrset.patch"
diff --git a/user/nmap/nmap-7.80-fix_addrset.patch b/user/nmap/nmap-7.80-fix_addrset.patch
new file mode 100644
index 0000000000..3fa009c84c
--- /dev/null
+++ b/user/nmap/nmap-7.80-fix_addrset.patch
@@ -0,0 +1,74 @@
+diff --git a/nbase/nbase_addrset.c b/nbase/nbase_addrset.c
+index 6f91bc1b2a..849044e4e3 100644
+--- a/nbase/nbase_addrset.c
++++ b/nbase/nbase_addrset.c
+@@ -477,30 +477,32 @@ static int sockaddr_to_addr(const struct sockaddr *sa, u32 *addr)
+
+ static int sockaddr_to_mask (const struct sockaddr *sa, int bits, u32 *mask)
+ {
+- s8 i;
+- int unmasked_bits = 0;
++ int i, k;
+ if (bits >= 0) {
+ if (sa->sa_family == AF_INET) {
+- unmasked_bits = 32 - bits;
++ bits += 96;
+ }
+ #ifdef HAVE_IPV6
+ else if (sa->sa_family == AF_INET6) {
+- unmasked_bits = 128 - bits;
++ ; /* do nothing */
+ }
+ #endif
+ else {
+ return 0;
+ }
+ }
++ else
++ bits = 128;
++ k = bits / 32;
+ for (i=0; i < 4; i++) {
+- if (unmasked_bits <= 32 * (3 - i)) {
++ if (i < k) {
+ mask[i] = 0xffffffff;
+ }
+- else if (unmasked_bits >= 32 * (4 - i)) {
++ else if (i > k) {
+ mask[i] = 0;
+ }
+ else {
+- mask[i] = ~((1 << (unmasked_bits - (32 * (4 - i)))) - 1);
++ mask[i] = 0xfffffffe << (31 - bits % 32);
+ }
+ }
+ return 1;
+diff --git a/ncat/test/test-addrset.sh b/ncat/test/test-addrset.sh
+index 7f54023c52..285c7b675a 100755
+--- a/ncat/test/test-addrset.sh
++++ b/ncat/test/test-addrset.sh
+@@ -208,6 +208,25 @@ test_addrset "1:2::0003/120" "1:2::3 1:2::0 1:2::ff" <<EOF
+ 1:3::3
+ EOF
+
++# IPv6 CIDR netmask.
++test_addrset "1:2::3:4:5/95" "1:2::3:4:5 1:2::2:0:0 1:2::3:ffff:ffff" <<EOF
++1:2::3:4:5
++1:2::1:ffff:ffff
++1:2::2:0:0
++1:2::3:ffff:ffff
++1:2::4:0:0
++1:3::3
++EOF
++
++# IPv6 CIDR netmask.
++test_addrset "11::2/15" "11::2:3:4:5 10::1 11:ffff:ffff:ffff:ffff:ffff:ffff:ffff" <<EOF
++11::2:3:4:5
++9:ffff:ffff:ffff:ffff:ffff:ffff:ffff
++10::1
++11:ffff:ffff:ffff:ffff:ffff:ffff:ffff
++12::0
++EOF
++
+ # /128 netmask.
+ test_addrset "1:2::0003/128" "1:2::3" <<EOF
+ 1:2::3
--
GitLab