!66 fix license

From: @xinghe_1 
Reviewed-by: @jiangheng12 
Signed-off-by: @jiangheng12

CVE-2017-18594.patch

@@ -1,38 +0,0 @@
-From 350bbe0597d37ad67abe5fef8fba984707b4e9ad Mon Sep 17 00:00:00 2001
-From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
-Date: Thu, 29 Nov 2018 17:42:09 +0000
-Subject: [PATCH] Avoid a crash (double-free) when SSH connection fails
-
----
- nse_libssh2.cc | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/nse_libssh2.cc b/nse_libssh2.cc
-index 6a18c0c85b..983f83dbdb 100644
---- a/nse_libssh2.cc
-+++ b/nse_libssh2.cc
-@@ -13,7 +13,6 @@
- #include "libssh2.h"
- }
- 
--#include "nse_debug.h"
- #include "nse_nsock.h"
- #include "nse_utility.h"
- 
-@@ -295,6 +294,7 @@ static int do_session_handshake (lua_State *L, int status, lua_KContext ctx) {
- 
-     if (rc) {
-         libssh2_session_free(sshu->session);
-+        sshu->session = NULL;
-         return luaL_error(L, "Unable to complete libssh2 handshake.");
-     }
- 
-@@ -478,7 +478,7 @@ static int userauth_list (lua_State *L, int status, lua_KContext ctx) {
- }
- 
- /*
--* Returns list of supported authenication methods
-+* Returns list of supported authentication methods
- */
- static int l_userauth_list (lua_State *L) {
-     return userauth_list(L, 0, 0);

CVE-2018-15173.patch

@@ -1,43 +0,0 @@
-From 6d8bb6df229f7acf768bcebfe14cdc8c3dbbe92b Mon Sep 17 00:00:00 2001
-From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
-Date: Wed, 8 Aug 2018 16:36:21 +0000
-Subject: [PATCH] Set limits on PCRE matches to avoid issues like #1147
-
----
- service_scan.cc | 15 +++++++++++++++
- 1 file changed, 15 insertions(+)
-
-diff --git a/service_scan.cc b/service_scan.cc
-index 1fc8056884..79e92b8f21 100644
---- a/service_scan.cc
-+++ b/service_scan.cc
-@@ -489,6 +489,15 @@ void ServiceProbeMatch::InitMatch(const char *matchtext, int lineno) {
-   if (pcre_errptr != NULL)
-     fatal("%s: failed to pcre_study regexp on line %d of nmap-service-probes: %s\n", __func__, lineno, pcre_errptr);
- 
-+  // Set some limits to avoid evil match cases.
-+  // These are flexible; if they cause problems, increase them.
-+#ifdef PCRE_ERROR_MATCHLIMIT
-+  regex_extra->match_limit = 100000; // 100K
-+#endif
-+#ifdef PCRE_ERROR_RECURSIONLIMIT
-+  regex_extra->match_limit_recursion = 10000; // 10K
-+#endif
-+
-   free(modestr);
-   free(flags);
- 
-@@ -568,6 +577,12 @@ const struct MatchDetails *ServiceProbeMatch::testMatch(const u8 *buf, int bufle
-       if (o.debugging || o.verbose > 1)
-         error("Warning: Hit PCRE_ERROR_MATCHLIMIT when probing for service %s with the regex '%s'", servicename, matchstr);
-     } else
-+#endif // PCRE_ERROR_MATCHLIMIT
-+#ifdef PCRE_ERROR_RECURSIONLIMIT
-+    if (rc == PCRE_ERROR_RECURSIONLIMIT) {
-+      if (o.debugging || o.verbose > 1)
-+        error("Warning: Hit PCRE_ERROR_RECURSIONLIMIT when probing for service %s with the regex '%s'", servicename, matchstr);
-+    } else
- #endif // PCRE_ERROR_MATCHLIMIT
-       if (rc != PCRE_ERROR_NOMATCH) {
-         fatal("Unexpected PCRE error (%d) when probing for service %s with the regex '%s'", rc, servicename, matchstr);
-

backport-nping-fix-out-of-bounds-access.patch

@@ -0,0 +1,29 @@
+From 54a0c1440188a76f370b14d40777716a8761d0a8 Mon Sep 17 00:00:00 2001
+From: "jay.fink" <jay.fink@0c474577-fa26-0410-a966-bdb198e94e9e>
+Date: Wed, 13 Oct 2010 00:39:53 +0000
+Subject: [PATCH] approved by dugsong@ Fix an off by one. Issue number 9 in
+ google code.
+
+Conflict: NA
+Reference: https://github.com/ofalk/libdnet/commit/54a0c1440188a76f370b14d40777716a8761d0a8
+
+---
+ libdnet-stripped/src/intf.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libdnet-stripped/src/intf.c b/libdnet-stripped/src/intf.c
+index 6180d85..4b282ff 100644
+--- a/libdnet-stripped/src/intf.c
++++ b/libdnet-stripped/src/intf.c
+@@ -774,7 +774,7 @@ _intf_get_aliases(intf_t *intf, struct intf_entry *entry)
+ 		u_int idx, bits, scope, flags;
+ 		
+ 		if ((f = fopen(PROC_INET6_FILE, "r")) != NULL) {
+-			while (ap < lap &&
++			while ((ap + 1)  < lap &&
+ 			       fgets(buf, sizeof(buf), f) != NULL) {
+ 				/* scan up to INTF_NAME_LEN-1 bytes to reserve space for null terminator */
+ 				sscanf(buf, "%04s%04s%04s%04s%04s%04s%04s%04s %x %02x %02x %02x %15s\n",
+-- 
+2.33.0
+

nmap.spec

@@ -1,24 +1,23 @@
 %global _hardened_build 1
 
-Name:                nmap
+Name:           nmap
-Epoch:               2
+Epoch:          2
-Version:             7.70
+Version:        7.80
-Release:             11
+Release:        5
-License:             Nmap
+License:        GPL-2.0-or-later
-Summary:             A tool for network discovery and security auditing.
+Summary:        A tool for network discovery and security auditing.
-Requires:            %{name}-ncat = %{epoch}:%{version}-%{release}
+Requires:       %{name}-ncat = %{epoch}:%{version}-%{release}
-URL:                 https://nmap.org/
+URL:            https://nmap.org/
-Source0:             https://nmap.org/dist/%{name}-%{version}%{?prerelease}.tar.bz2
+Source0:        https://nmap.org/dist/%{name}-%{version}%{?prerelease}.tar.bz2
+BuildRequires:  automake autoconf gcc-c++ gettext-devel libpcap-devel libssh2-devel
+BuildRequires:  libtool lua-devel openssl-devel pcre-devel
 
-Patch6000:           CVE-2017-18594.patch
+Obsoletes:      nmap-frontend nmap-ndiff nmap-ncat nc < 1.109.20120711-2
-Patch6001:	     CVE-2018-15173.patch
+Obsoletes:      nc6 < 1.00-22
+Provides:       nmap-frontend nmap-ndiff nmap-ncat nc nc6
 
-BuildRequires:       gcc-c++ openssl-devel gtk2-devel lua-devel libpcap-devel pcre-devel desktop-file-utils
+Patch0:         backport-nping-fix-out-of-bounds-access.patch
-BuildRequires:       dos2unix libtool automake autoconf gettext-devel libssh2-devel
+Patch1:         remove-password-printing.patch
-
-Obsoletes:           nmap-frontend nmap-ndiff nmap-ncat nc < 1.109.20120711-2
-Obsoletes:           nc6 < 1.00-22
-Provides:            nmap-frontend nmap-ndiff nmap-ncat nc nc6
 
 %define pixmap_srcdir zenmap/share/pixmaps
 
@@ -33,39 +32,35 @@ auditing. It was designed to rapidly scan large networks, but works fine against
 
 rm -rf libpcap libpcre macosx mswin32 libssh2 libz
 
-for f in acinclude.m4 configure.ac nping/configure.ac
-do
-  sed -i -e 's/\(AC_DEFINE([^,)]*\))/\1, 1, [Description])/' -e 's/\(AC_DEFINE([^,]*,[^,)]*\))/\1, [Description])/' $f
-done
-autoreconf -I . -fiv --no-recursive
-cd nping; autoreconf -I .. -fiv --no-recursive; cd ..
-
 %build
 export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
 export CXXFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
-%configure  --with-libpcap=yes --with-liblua=included --without-zenmap  --without-ndiff --enable-dbus --with-libssh2=yes
+%configure  --with-libpcap=yes --with-liblua=included --without-zenmap --without-ndiff  --enable-dbus --with-libssh2=yes
 %make_build
 
 sed -i 's/-md/-mf/' nping/docs/nping.1
 
+%check
+make check
+
 %install
 make DESTDIR=%{buildroot} STRIP=true install
 
+rm -f %{buildroot}%{_datadir}/ncat/ca-bundle.crt
+rmdir %{buildroot}%{_datadir}/ncat
+
 ln -s ncat.1.gz %{buildroot}%{_mandir}/man1/nc.1.gz
 ln -s ncat %{buildroot}%{_bindir}/nc
 
 %find_lang nmap --with-man
 
-%check
-make check
-
 %files -f nmap.lang
 %defattr(-,root,root)
-%exclude %{_datadir}/ncat
 %doc ncat/docs/AUTHORS ncat/docs/README
-%license COPYING docs/3rd-party-licenses.txt docs/Nmap-Third-Party-Open-Source.pdf docs/Nmap-Third-Party-Open-Source.fodt docs/licenses
+%license COPYING*
 %{_bindir}/n*
 %{_datadir}/nmap
+%exclude %{_datadir}/ncat
 
 %files help
 %defattr(-,root,root)
@@ -73,6 +68,36 @@ make check
 %{_mandir}/man1/*.1.gz
 
 %changelog
+* Fri Jun 14 2024 xinghe <xinghe2@h-partners.com> - 2:7.80-5
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:fix license
+
+* Tue Jan 16 2024 xingwei <xingwei14@h-partners.com> - 2:7.80-4
+- Type:bugfix
+- CVE:
+- SUG:NA
+- DESC:remove password printing
+
+* Fri Sep 15 2023 xingwei <xingwei14@h-partners.com> - 2:7.80-3
+- Type:bugfix
+- CVE:
+- SUG:NA
+- DESC:enable dt check
+
+* Wed Aug 23 2023 xingwei <xingwei14@h-partners.com> - 2:7.80-2
+- Type:bugfix
+- CVE:
+- SUG:NA
+- DESC:nping:fix out of bounds
+
+* Fri Apr 17 2020 openEuler Buildteam <buildteam@openeuler.org> - 2:7.80-1
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:update to 7.80
+
 * Sat Feb 22 2020 openEuler Buildteam <buildteam@openeuler.org> - 2:7.70-11
 - Type:enhancement
 - ID:NA

remove-password-printing.patch

@@ -0,0 +1,200 @@
+From fe806cf15853ecdf6fed2af57f21cf55e3b388b8 Mon Sep 17 00:00:00 2001
+From: gaoxingwang <gaoxingwang1@huawei.com>
+Date: Tue, 31 Jan 2023 16:47:32 +0800
+Subject: [PATCH] remove password printing
+
+---
+ scripts/broadcast-ospf2-discover.nse |  2 +-
+ scripts/cassandra-brute.nse          | 14 +++++++-------
+ scripts/cics-user-brute.nse          |  2 +-
+ scripts/ldap-brute.nse               | 12 ++++++------
+ scripts/nje-pass-brute.nse           |  2 +-
+ scripts/oracle-brute.nse             |  2 +-
+ scripts/tso-brute.nse                |  4 ++--
+ 7 files changed, 19 insertions(+), 19 deletions(-)
+
+diff --git a/scripts/broadcast-ospf2-discover.nse b/scripts/broadcast-ospf2-discover.nse
+index ad3fca0..b33c366 100644
+--- a/scripts/broadcast-ospf2-discover.nse
++++ b/scripts/broadcast-ospf2-discover.nse
+@@ -124,7 +124,7 @@ local ospfDumpHello = function(hello)
+   stdnse.print_debug(2, "| Checksum:          %s", hello.header.chksum)
+   stdnse.print_debug(2, "| Auth Type:         %s", hello.header.auth_type)
+   if hello.header.auth_type == 0x01 then
+-    stdnse.print_debug(2, "| Auth Password:     %s", hello.header.auth_data.password)
++    -- stdnse.print_debug(2, "| Auth Password:     %s", hello.header.auth_data.password)
+   elseif hello.header.auth_type == 0x02 then
+     stdnse.print_debug(2, "| Auth Crypt Key ID: %s", hello.header.auth_data.keyid)
+     stdnse.print_debug(2, "| Auth Data Length:  %s", hello.header.auth_data.length)
+diff --git a/scripts/cassandra-brute.nse b/scripts/cassandra-brute.nse
+index 8363c65..c2dd124 100644
+--- a/scripts/cassandra-brute.nse
++++ b/scripts/cassandra-brute.nse
+@@ -54,21 +54,21 @@ Driver = {
+     local status, err = self.socket:send(string.pack(">I4", #loginstr))
+     local combo = username..":"..password
+     if ( not(status) ) then
+-      local err = brute.Error:new( "couldn't send length:"..combo )
++      local err = brute.Error:new( "couldn't send length:" )
+       err:setAbort( true )
+       return false, err
+     end
+ 
+     status, err = self.socket:send(loginstr)
+     if ( not(status) ) then
+-      local err = brute.Error:new( "couldn't send login packet: "..combo )
++      local err = brute.Error:new( "couldn't send login packet: " )
+       err:setAbort( true )
+       return false, err
+     end
+ 
+     local status, response = self.socket:receive_bytes(22)
+     if ( not(status) ) then
+-      local err = brute.Error:new( "couldn't receive login reply size: "..combo )
++      local err = brute.Error:new( "couldn't receive login reply size: " )
+       err:setAbort( true )
+       return false, err
+     end
+@@ -78,16 +78,16 @@ Driver = {
+     magic = string.sub(response,18,22)
+ 
+     if (magic == cassandra.LOGINSUCC) then
+-      stdnse.debug3("Account SUCCESS: "..combo)
++      stdnse.debug3("Account SUCCESS: ")
+       return true, creds.Account:new(username, password, creds.State.VALID)
+     elseif (magic == cassandra.LOGINFAIL) then
+-      stdnse.debug3("Account FAIL: "..combo)
++      stdnse.debug3("Account FAIL: ")
+       return false, brute.Error:new( "Incorrect password" )
+     elseif (magic == cassandra.LOGINACC) then
+-      stdnse.debug3("Account VALID, but wrong password: "..combo)
++      stdnse.debug3("Account VALID, but wrong password: ")
+       return false, brute.Error:new( "Good user, bad password" )
+     else
+-      stdnse.debug3("Unrecognized packet for "..combo)
++      stdnse.debug3("Unrecognized packet for ")
+       stdnse.debug3("packet hex: %s", stdnse.tohex(response) )
+       stdnse.debug3("size packet hex: %s", stdnse.tohex(size) )
+       stdnse.debug3("magic packet hex: %s", stdnse.tohex(magic) )
+diff --git a/scripts/cics-user-brute.nse b/scripts/cics-user-brute.nse
+index 768813e..559d752 100644
+--- a/scripts/cics-user-brute.nse
++++ b/scripts/cics-user-brute.nse
+@@ -176,7 +176,7 @@ Driver = {
+            self.tn3270:find('TSS7000I')  or
+            self.tn3270:find('TSS7110E Password Has Expired. New Password Missing')  or
+            self.tn3270:find('TSS7001I')  then
+-      stdnse.verbose("Valid CICS UserID / Password: " .. user .. "/" .. pass)
++      -- stdnse.verbose("Valid CICS UserID / Password: " .. user .. "/" .. pass)
+       return true, creds.Account:new(user, pass, creds.State.VALID)
+     else
+       -- ok whoa, something happened, print the screen but don't store as valid
+diff --git a/scripts/ldap-brute.nse b/scripts/ldap-brute.nse
+index b239525..085e3a0 100644
+--- a/scripts/ldap-brute.nse
++++ b/scripts/ldap-brute.nse
+@@ -233,7 +233,7 @@ action = function( host, port )
+       -- Login correct, account disabled
+       if not status and response:match("AcceptSecurityContext error, data 533,") then
+         table.insert( valid_accounts, string.format("%s:%s => Valid credentials, account disabled", fq_username, password:len()>0 and password or "<empty>" ) )
+-        stdnse.verbose2("%s:%s => Valid credentials, account disabled", fq_username, password:len()>0 and password or "<empty>" )
++        -- stdnse.verbose2("%s:%s => Valid credentials, account disabled", fq_username, password:len()>0 and password or "<empty>" )
+         credTable:add(fq_username,password, creds.State.DISABLED_VALID)
+         break
+       end
+@@ -241,7 +241,7 @@ action = function( host, port )
+       -- Login correct, user must change password
+       if not status and response:match("AcceptSecurityContext error, data 773,") then
+         table.insert( valid_accounts, string.format("%s:%s => Valid credentials, password must be changed at next logon", fq_username, password:len()>0 and password or "<empty>" ) )
+-        stdnse.verbose2("%s:%s => Valid credentials, password must be changed at next logon", fq_username, password:len()>0 and password or "<empty>")
++        -- stdnse.verbose2("%s:%s => Valid credentials, password must be changed at next logon", fq_username, password:len()>0 and password or "<empty>")
+         credTable:add(fq_username,password, creds.State.CHANGEPW)
+         break
+       end
+@@ -249,7 +249,7 @@ action = function( host, port )
+       -- Login correct, user account expired
+       if not status and response:match("AcceptSecurityContext error, data 701,") then
+         table.insert( valid_accounts, string.format("%s:%s => Valid credentials, account expired", fq_username, password:len()>0 and password or "<empty>" ) )
+-        stdnse.verbose2("%s:%s => Valid credentials, account expired", fq_username, password:len()>0 and password or "<empty>")
++        -- stdnse.verbose2("%s:%s => Valid credentials, account expired", fq_username, password:len()>0 and password or "<empty>")
+         credTable:add(fq_username,password, creds.State.EXPIRED)
+         break
+       end
+@@ -257,7 +257,7 @@ action = function( host, port )
+       -- Login correct, user account logon time restricted
+       if not status and response:match("AcceptSecurityContext error, data 530,") then
+         table.insert( valid_accounts, string.format("%s:%s => Valid credentials, account cannot log in at current time", fq_username, password:len()>0 and password or "<empty>" ) )
+-        stdnse.verbose2("%s:%s => Valid credentials, account cannot log in at current time", fq_username, password:len()>0 and password or "<empty>")
++        -- stdnse.verbose2("%s:%s => Valid credentials, account cannot log in at current time", fq_username, password:len()>0 and password or "<empty>")
+         credTable:add(fq_username,password, creds.State.TIME_RESTRICTED)
+         break
+       end
+@@ -265,7 +265,7 @@ action = function( host, port )
+       -- Login correct, user account can only log in from certain workstations
+       if not status and response:match("AcceptSecurityContext error, data 531,") then
+         table.insert( valid_accounts, string.format("%s:%s => Valid credentials, account cannot log in from current host", fq_username, password:len()>0 and password or "<empty>" ) )
+-        stdnse.verbose2("%s:%s => Valid credentials, account cannot log in from current host", fq_username, password:len()>0 and password or "<empty>")
++        -- stdnse.verbose2("%s:%s => Valid credentials, account cannot log in from current host", fq_username, password:len()>0 and password or "<empty>")
+         credTable:add(fq_username,password, creds.State.HOST_RESTRICTED)
+         break
+       end
+@@ -275,7 +275,7 @@ action = function( host, port )
+         status = is_valid_credential( socket, context )
+         if status then
+           table.insert( valid_accounts, string.format("%s:%s => Valid credentials", fq_username, password:len()>0 and password or "<empty>" ) )
+-          stdnse.verbose2("%s:%s => Valid credentials", fq_username, password:len()>0 and password or "<empty>")
++          -- stdnse.verbose2("%s:%s => Valid credentials", fq_username, password:len()>0 and password or "<empty>")
+           -- Add credentials for other ldap scripts to use
+           if nmap.registry.ldapaccounts == nil then
+             nmap.registry.ldapaccounts = {}
+diff --git a/scripts/nje-pass-brute.nse b/scripts/nje-pass-brute.nse
+index 5cb29f6..1213906 100644
+--- a/scripts/nje-pass-brute.nse
++++ b/scripts/nje-pass-brute.nse
+@@ -113,7 +113,7 @@ Driver = {
+     -- When we send an 'I' record, if the password is invalid it will reply with a 'B' record
+     -- B in EBCDIC is 0xC2
+     if data:sub(19,19) ~= "\xc2" then
+-      stdnse.verbose(2,"Valid NJE Password: %s", password)
++      -- stdnse.verbose(2,"Valid NJE Password: %s", password)
+       return true, creds.Account:new("Password", password, creds.State.VALID)
+     end
+     return false, brute.Error:new( "Invalid Password" )
+diff --git a/scripts/oracle-brute.nse b/scripts/oracle-brute.nse
+index 8a94987..1fb4b0e 100644
+--- a/scripts/oracle-brute.nse
++++ b/scripts/oracle-brute.nse
+@@ -156,7 +156,7 @@ Driver =
+       return true, creds.Account:new(username .. " as sysdba", password, creds.State.VALID)
+     -- check for any other message
+     elseif ( data:match("ORA[-]%d+")) then
+-      stdnse.debug3("username: %s, password: %s, error: %s", username, password, data )
++      -- stdnse.debug3("username: %s, password: %s, error: %s", username, password, data )
+       return false, brute.Error:new(data)
+     -- any other errors are likely communication related, attempt to re-try
+     else
+diff --git a/scripts/tso-brute.nse b/scripts/tso-brute.nse
+index ff52c0c..2690a13 100644
+--- a/scripts/tso-brute.nse
++++ b/scripts/tso-brute.nse
+@@ -99,7 +99,7 @@ Driver = {
+     local skip = self.options['skip']
+     stdnse.debug(2,"Getting to TSO")
+     local run = stringaux.strsplit(";%s*", commands)
+-    stdnse.verbose(2,"Trying User ID/Password: %s/%s", user, pass)
++    -- stdnse.verbose(2,"Trying User ID/Password: %s/%s", user, pass)
+     for i = 1, #run do
+       stdnse.debug(2,"Issuing Command (#%s of %s): %s", i, #run ,run[i])
+       if i == #run and run[i]:upper():find("LOGON APPLID") and skip then
+@@ -159,7 +159,7 @@ Driver = {
+       return false,  brute.Error:new( "User ID not authorized to use TSO" )
+     else
+       -- It's a valid account so lets try a password
+-      stdnse.debug(2,"%s is a valid TSO User ID. Trying Password: %s", string.upper(user), pass)
++      -- stdnse.debug(2,"%s is a valid TSO User ID. Trying Password: %s", string.upper(user), pass)
+       if always_logon then
+         local writeable = self.tn3270:writeable()
+         -- This turns on the 'reconnect' which may boot users off
+-- 
+2.33.0
+