From patchwork Mon Aug 12 15:38:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 7985 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4WjJZZ0vZ2z3x41 for ; Mon, 12 Aug 2024 15:38:30 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E5" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4WjJZX24dnz60R; Mon, 12 Aug 2024 15:38:28 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4WjJZX1WwLz341Q; Mon, 12 Aug 2024 15:38:28 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4WjJZH6tvkz32sf for ; Mon, 12 Aug 2024 15:38:15 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4WjJZH5M6zz5M3; Mon, 12 Aug 2024 15:38:15 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1723477095; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nKKoIqYXh1i72qmGJdyMEksslX3cjMjtzx3OKrCuAnU=; b=viLBjxaTH0H3eNyYaJpvtDgxL9x06QzihHDsoPEe4DUDz3wNf1G3lqkyUBNwE5kkMNy6RF FTtyeDysbXjed4AA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1723477095; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nKKoIqYXh1i72qmGJdyMEksslX3cjMjtzx3OKrCuAnU=; b=v/9rjBxMsNeVHX4v1Q1Atsdvz+u+AAy+2vCoSjns+a87eYbj0ivohUbtLMnu3Tv2WzJpDk vzs0bhWkMLUBAfq2FOEi5E7fARC3bycaJYnHGA9uAtnoBwznqYZZqNEzuQYZ8gp2GPerbw uM8hXdILnOJW7hKerr6S6N0LBYucIZ5FelW3cBYFRdgl1vGX49gF/aAjHaM9u3hE+foIRC TLfAd//fUfVcRCOmfSH4/ErR9VaBJqWqcZ+amSQCbzazLYJ3+OfPX4M4BaM44mqftu2V0e BYxr36/5ji5xiduppFXVQRjkdLqvCwbZx0D+N1S/m95TEB87W5yP2baIeO4XPQ== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] nmap: Update to version 7.95 Date: Mon, 12 Aug 2024 17:38:06 +0200 Message-ID: <20240812153808.3944396-12-adolf.belka@ipfire.org> In-Reply-To: <20240812153808.3944396-1-adolf.belka@ipfire.org> References: <20240812153808.3944396-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Message-ID-Hash: B5MH3DFYVKREEXJ62TWYPN7ZYQ7WZH3L X-Message-ID-Hash: B5MH3DFYVKREEXJ62TWYPN7ZYQ7WZH3L X-MailFrom: adolf.belka@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: - Update from version 7.94 to 7.95 - Update of rootfile - Changelog 7.95 o [Windows] Upgraded Npcap (our Windows raw packet capturing and transmission driver) from version 1.75 to the latest version 1.79. It includes many performance improvements, bug fixes and feature enhancements described at https://npcap.com/changelog. o Integrated over 4000 IPv4 OS fingerprints submitted since June 2020. Added 336 fingerprints, bringing the new total to 6036. Additions include iOS 15 & 16, macOS Ventura & Monterey, Linux 6.1, OpenBSD 7.1, and lwIP 2.2 o Integrated over 2500 service/version detection fingerprints submitted since June 2020. The signature count went up 1.4% to 12089, including 9 new softmatches. We now detect 1246 protocols, including new additions of grpc, mysqlx, essnet, remotemouse, and tuya. o [NSE] Four new scripts from the DINA community (https://github.com/DINA-community) for querying industrial control systems: + hartip-info reads device information from devices using the Highway Addressable Remote Transducer protocol + iec61850-mms queries devices using Manufacturing Message Specification requests. [Dennis Rösch, Max Helbig] + multicast-profinet-discovery Sends a multicast PROFINET DCP Identify All message and prints the responses. [Stefan Eiwanger, DINA-community] + profinet-cm-lookup queries the DCERPC endpoint mapper exposed via the PNIO-CM service. o Upgraded included libraries: Lua 5.4.6, libpcre2 10.43, zlib 1.3.1, libssh2 1.11.0, liblinear 2.47 o [GH#2639] Upgraded OpenSSL binaries (for the Windows builds and for RPMs) to version 3.0.13. CVEs resolved in this update include only 2 moderate-severity issues which we do not believe affect Nmap: CVE-2023-5363 and CVE-2023-2650 o [Zenmap][Ndiff][GH#2649] Zenmap and Ndiff now use setuptools, not distutils for packaging. o [Ncat][GH#2685] Fixed Ncat UDP server mode to not quit after EOF on stdin. Reported as Debian bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039613 o [GH#2672] Fixed an issue where TCP Connect scan (-sT) on Windows would fail to open any sockets, leading to scans that never finish. [Daniel Miller] o [NSE] ssh-auth-methods will now print the pre-authentication banner text when available. Requires libssh2 1.11.0 or later. [Daniel Miller] o [Zenmap][GH#2739] Fix a crash in Zenmap when changing a host comment. o [NSE][GH#2766] Fix TLS 1.2 signature algorithms for EdDSA. [Daniel Roethlisberger] o [Zenmap][GH#2706] RPM spec files now correctly require the python3 package, not python>=3 o Improvements to OS detection fingerprint matching, including a syntax change for nmap-os-db that allows ranges within the TCP Options string. This leads to more concise and maintainable fingerprints. [Daniel Miller] o Improved the OS detection engine by using a new source port for each retry. Scans from systems such as Windows that do not send RST for unsolicited SYN|ACK responses were previously unable to get a response in subsequent tries. [Daniel Miller] o Several profile-guided optimizations of the port scan engine. [Daniel Miller] o [GH#2731] Fix an out-of-bounds read which led to out-of-memory errors when duplicate addresses were used with --exclude o [GH#2609] Fixed a memory leak in Nsock: compiled pcap filters were not freed. o [GH#2658] Fixed a crash when using service name wildcards with -p, as in -p "http*" o [NSE] Fixed DNS TXT record parsing which caused asn-query to fail in Nmap 7.80 and later. [David Fifield, Mike Pattrick] o [NSE][GH#2727][GH#2728] Fixed packet size testing in KNX scripts [f0rw4rd] Signed-off-by: Adolf Belka --- config/rootfiles/packages/nmap | 8 +++++--- lfs/nmap | 22 +++++++++++----------- 2 files changed, 16 insertions(+), 14 deletions(-) diff --git a/config/rootfiles/packages/nmap b/config/rootfiles/packages/nmap index b7627c97f..5f660dd9f 100644 --- a/config/rootfiles/packages/nmap +++ b/config/rootfiles/packages/nmap @@ -1,7 +1,6 @@ usr/bin/nmap usr/bin/nping #usr/share/man/de/man1/nmap.1 -#usr/share/man/es #usr/share/man/es/man1 #usr/share/man/es/man1/nmap.1 #usr/share/man/fr/man1/nmap.1 @@ -15,7 +14,6 @@ usr/bin/nping #usr/share/man/ja/man1/nmap.1 #usr/share/man/man1/nmap.1 #usr/share/man/man1/nping.1 -#usr/share/man/pl #usr/share/man/pl/man1 #usr/share/man/pl/man1/nmap.1 #usr/share/man/pt_BR/man1/nmap.1 @@ -130,6 +128,7 @@ usr/share/nmap/nselib/http.lua usr/share/nmap/nselib/httpspider.lua usr/share/nmap/nselib/iax2.lua usr/share/nmap/nselib/idna.lua +usr/share/nmap/nselib/iec61850mms.lua usr/share/nmap/nselib/ike.lua usr/share/nmap/nselib/imap.lua usr/share/nmap/nselib/informix.lua @@ -175,7 +174,6 @@ usr/share/nmap/nselib/openssl.luadoc usr/share/nmap/nselib/ospf.lua usr/share/nmap/nselib/outlib.lua usr/share/nmap/nselib/packet.lua -usr/share/nmap/nselib/pcre.luadoc usr/share/nmap/nselib/pgsql.lua usr/share/nmap/nselib/pop3.lua usr/share/nmap/nselib/pppoe.lua @@ -378,6 +376,7 @@ usr/share/nmap/scripts/hadoop-jobtracker-info.nse usr/share/nmap/scripts/hadoop-namenode-info.nse usr/share/nmap/scripts/hadoop-secondary-namenode-info.nse usr/share/nmap/scripts/hadoop-tasktracker-info.nse +usr/share/nmap/scripts/hartip-info.nse usr/share/nmap/scripts/hbase-master-info.nse usr/share/nmap/scripts/hbase-region-info.nse usr/share/nmap/scripts/hddtemp-info.nse @@ -524,6 +523,7 @@ usr/share/nmap/scripts/iax2-brute.nse usr/share/nmap/scripts/iax2-version.nse usr/share/nmap/scripts/icap-info.nse usr/share/nmap/scripts/iec-identify.nse +usr/share/nmap/scripts/iec61850-mms.nse usr/share/nmap/scripts/ike-version.nse usr/share/nmap/scripts/imap-brute.nse usr/share/nmap/scripts/imap-capabilities.nse @@ -600,6 +600,7 @@ usr/share/nmap/scripts/ms-sql-tables.nse usr/share/nmap/scripts/ms-sql-xp-cmdshell.nse usr/share/nmap/scripts/msrpc-enum.nse usr/share/nmap/scripts/mtrace.nse +usr/share/nmap/scripts/multicast-profinet-discovery.nse usr/share/nmap/scripts/murmur-version.nse usr/share/nmap/scripts/mysql-audit.nse usr/share/nmap/scripts/mysql-brute.nse @@ -662,6 +663,7 @@ usr/share/nmap/scripts/pop3-capabilities.nse usr/share/nmap/scripts/pop3-ntlm-info.nse usr/share/nmap/scripts/port-states.nse usr/share/nmap/scripts/pptp-version.nse +usr/share/nmap/scripts/profinet-cm-lookup.nse usr/share/nmap/scripts/puppet-naivesigning.nse usr/share/nmap/scripts/qconn-exec.nse usr/share/nmap/scripts/qscan.nse diff --git a/lfs/nmap b/lfs/nmap index 36a348be4..cee8fa2a9 100644 --- a/lfs/nmap +++ b/lfs/nmap @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config SUMMARY = Network exploration tool and security scanner -VER = 7.94 +VER = 7.95 THISAPP = nmap-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = nmap -PAK_VER = 18 +PAK_VER = 19 DEPS = @@ -48,7 +48,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 5819b458b50e33f6a507ad3c32a731c13e730c40d31a61731c3cfcd41fad8e3fdfcbb721ef46b05a80e406d0a646d0966d4b645551711144822551ef374a443a +$(DL_FILE)_BLAKE2 = 4ab4912468f6c1cf7517090bc94b1bb34e665fe1b3db973e1c7bb2d05cb885545cdf3ca5c7fb548ff0012b800f5dd60ed2f2010fc9fb62ba7d6a28537287193c install : $(TARGET) @@ -82,13 +82,13 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) $(UPDATE_AUTOMAKE) - cd $(DIR_APP) && PYTHON=python3 \ - ./configure \ - --prefix=/usr \ - --without-nmapfe \ - --without-zenmap \ - --without-ncat \ - --without-ndiff + cd $(DIR_APP) && PYTHON=python3 \ + ./configure \ + --prefix=/usr \ + --without-nmapfe \ + --without-zenmap \ + --without-ncat \ + --without-ndiff cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) cd $(DIR_APP) && make install @rm -rf $(DIR_APP)