[PATCH 1/2] nmap: Update to version 7.98

[Adolf Belka <adolf.belka@ipfire.org>]

- Update from version 7.95 to 7.98
- Update of rootfile
- Changelog
    7.98
	o Updated liblua to 5.4.8
	o Fixed an issue in FTP bounce scan where a single null byte is written past
	  the end of the receive buffer. The issue is triggered by a malicious server
	  but does not cause a crash with default builds. [Tyler Zars]
	o [GH#3130] Fix a crash (stack exhaustion due to excessive recursion) in the
	  parallel DNS resolver. Additionally, improved performance by processing
	  responses that come after the request has timed out. [Daniel Miller]
	o [GH#2757] Fix a crash in traceroute when using randomly-generated decoys:
	  "Assertion `source->ss_family == AF_INET' failed" [Daniel Miller]
	o [GH#2899] When IP protocol scanning on IPv6 (-sO -6), skip protocol numbers
	  that are registered as Extension Header values. When the --data option was
	  used, these would fail the assertion "len == (u32) ntohs(ip6->ip6_plen)"
	  [Daniel Miller]
	o [NSE][GH#3133] Fix the error "nse_nsock.cc:637: void
	  receive_callback(nsock_pool, nsock_event, void*): Assertion `lua_status(L)
	  == 1' failed."
	  when reading from an SSL connection. [Daniel Miller]
	o [GH#3086] Prevent TCP Connect scan (-sT) from leaking one socket per
	  hostgroup, which led to progressively slower scans and assertion failures in
	  other scan phases. [Daniel Miller]
	o [NSE] Added NSE bindings for more libssh2 functions: channel_request,
	  channel_request_pty_ex, channel_shell, and userauth_keyboard_interactive.
	  ssh-brute will now use keyboard-interactive auth if password auth is not
	  offered. [Daniel Miller, CrowdStrike]
	o Fix a bug that was causing Nmap to send empty DNS packets for each target
	  that was not found up instead of just skipping them for reverse DNS.
	o [macOS][GH#3127] Fix "dnet: Failed to open device en0" errors on macOS since
	  Nmap 7.96. [Daniel Miller]
	o [NSE] Fix/update/enhance tls.lua for newer TLSv1.3 ciphers, including
	  post-quantum ciphersuites.
	o [GH#3114][Windows] Use only the DNS servers for up and configured interfaces
	  for forward and reverse DNS lookups. When -e or -S are used, use only DNS
	  servers that can be connected via that interface or source address.
	  [Daniel Miller]
	o [Ndiff][GH#3115] Have configure script check for PyPA 'build' module.
	  [Daniel Miller]
	o [Zenmap] Updated Spanish and Chinese language strings for Zenmap to cover
	  latest strings.
	o [Zenmap][GH#2718] Zenmap language translation (i18n) files were not being
	  installed. [Daniel Miller]
	o [Zenmap][GH#3066] Fix Zenmap error "ValueError: I/O operation on closed file"
	  when Nmap crashes or fails. [Daniel Miller]
	o [Zenmap][GH#3084][GH#3127] Fix UnicodeDecodeError issues in ScriptMetadata
	  and UmitConfigParser. [Daniel Miller]
	o [NSE][GH#3123] WS-Discovery parsing would error out if the MessageID UUID
	  was not prefixed with "urn:". [nnposter]
    7.97
	o [Zenmap][GH#3087] Fix a crash when starting a scan on Windows in locales that
	  use non-latin character sets. Also changed Nmap to print the time zone as an
	  offset from UTC instead of as a localized string. [Daniel Miller]
	o Fixed an issue with the parallel forward DNS resolver: it had not been
	  consulting /etc/hosts, nor did it correctly handle the 'localhost' name.
	  [Daniel Miller]
	o [GH#3088] Mitigate a false-positive detection by replacing a malicious URL in
	  the example output of http-malware-host [nnposter]
    7.96
	o Upgraded included libraries: OpenSSL 3.0.16, Lua 5.4.7, libssh2 1.11.1,
	  libpcap 1.10.5, libpcre2 10.45, libdnet 1.18.0
	o [Windows] Upgraded the included version of Npcap from version 1.79 to the
	  latest version 1.82, bringing faster packet injection, VLAN header capture,
	  and support for SR-IOV adapters, along with many other bug fixes and feature
	  enhancements described at https://npcap.com/changelog
	o [GH#1451] Nmap now performs forward DNS lookups in parallel, using the same
	  engine that has been reliably performing reverse-DNS lookups for nearly a
	  decade. Scanning large lists of hostnames is now enormously faster and avoids
	  the unresponsive wait for blocking system calls, so progress stats can be
	  shown. In testing, resolving 1 million website names to both IPv4 and IPv6
	  took just over an hour. The previous system took 49 hours for the same data
	  set! [Daniel Miller]
	o [Nping][GH#2862] Promoted Nping version number from a 0.7.95 alpha release to
	  the same release version as Nmap.
	o [Zenmap][GH#2358] Added dark mode, accessed via Profile->Toggle Dark Mode or
	  window::dark_mode in zenmap.conf. [Daniel Miller]
	o [NSE] Added 3 new scripts, for a total of 612 NSE scripts:
	  + [GH#2973] mikrotik-routeros-version queries MikroTik's WinBox router admin
	    service to get the RouterOS version. New service probes were also added for
	    this service. [deauther890, Daniel Miller]
	  + mikrotik-routeros-username-brute brute-forces WinBox usernames for the
	    router using CVE-2024-54772. [deauther890]
	  + targets-ipv6-eui64 generates target IPv6 addresses from a user-provided
	    file of MAC addresses, using the EUI-64 method. [Daniel Miller]
	o [GH#2982] Fixed an issue preventing the Nmap OEM 7.95 uninstaller from
	  correctly uninstalling Nmap OEM.
	o [GH#2139][Nsock][Windows] Fixed the IOCP Nsock engine, which had been demoted
	  since Nmap 7.91 due to unresolved issues around SSL sockets and IPv6.
	  [Daniel Miller]
	o [GH#2113] Fixed the issue where TCP Connect scans (-sT) on Windows would show
	  'filtered' instead of 'closed', due to differences in understanding timeouts.
	o [GH#2900][GH#2896][GH#2897] Nmap is now able to scan IP protocol 255.
	  [nnposter]
	o Nmap will now allow targets to be specified both on the command line and in
	  an input file with -iL. Previously, if targets were provided in both places,
	  only the targets in the input file would be scanned, and no notice was given
	  that the command-line targets were ignored. [Daniel Miller]
	o [Zenmap][GH#2854] Fixed a Zenmap crash in DiffViewer when Ndiff exits with
	  error.
	o [Zenmap] Fixed several UnicodeDecodeError or UnicodeEncodeError crashes
	  throughout Zenmap.
	o [Zenmap][GH#1696] Fixed an issue preventing Zenmap from launching if nmap was
	  not in the PATH. The issue primarily affected macOS users. [Daniel Miller]
	o [GH#2838][GH#2836] Fixed a couple of issues with parsing the argument to the
	  -iR option.
	o [NSE][GH#2852] Added TLS support to redis.lua and improved -sV detection of
	  redis.
	o [GH#2954] Fix 2 potential crashes in parsing IPv6 extension headers
	  discovered using AFL++ fuzzer. [Domen Puncer Kugler, Daniel Miller]
	o [Nping] Bind raw socket to device when possible. This was already done for
	  IPv6, but was needed for IPv4 L3 tunnels. [ValdikSS]
	o [Ncat] Ncat in connect mode no longer defaults to half-closed TCP
	  connections. This makes it more compatible with other netcats. The -k option
	  will enable the old behavior. See https://seclists.org/nmap-dev/2013/q1/188
	  [Daniel Miller]
	o [Nsock][GH#2788] Fix an issue affecting Ncat where unread bytes in the SSL
	  layer's buffer could not be read until more data arrived on the socket, which
	  could lead to deadlock. [Daniel Miller]
	o [Ncat][GH#2422] New Ncat option -q to delay quit after EOF on stdin, the
	  same as traditional netcat's -q option. [Daniel Miller]
	o [Ncat][GH#2843] Ncat in listen mode with -e or -c correctly handles error and
	  EOF conditions that had not been being delivered to the child process.
	o [Ncat][Windows] All Nsock engines now work correctly. The default is still
	  'select', but others can be set with --nsock-engine=iocp or
	  --nsock-engine=poll [Daniel Miller]
	o [NSE][GH#1014][GH#2616] SSH NSE scripts now catch connection errors thrown by
	  the libssh2 Lua binding, providing useful output instead of a backtrace.
	  [Joshua Rogers, Daniel Miller]
	o [NSE] Several fixes and extensions to the libssh2 NSE bindings: fixed
	  libssh2.channel_read_stderr, which was reading stdout instead; add binding
	  for libssh2_userauth_publickey_frommemory; allow open_channel to avoid
	  allocating a pty;
	o [Nsock] Improvements for platforms without selectable pcap handles (e.g.
	  Windows). Interleaved pcap and socket events were favoring pcap reads,
	  possibly resulting in timeouts of the socket events. [Daniel Miller]
	o [Nsock] Improved memory performance of poll engine on Windows. [Daniel Miller]
	o [Nsock][GH#187][GH#2912] Improvements to Nsock event list management, fixing
	  errors like "could not find 1 of the purportedly pending events on that IOD."
	  [Daniel Miller]
	o When Nmap is used with --disable-arp-ping, a local IP that cannot be
	  ARP-resolved will use the "no-route" reason instead of the "unknown-response"
	  reason, since no response was received.
	o [NSE][GH#2571][GH#2572][GH#2622][GH#2784] Various bug fixes in the mssql NSE
	  library. [johnjaylward, nnposter]
	o [NSE][GH#2925][GH#2917][GH#2924] Testing for acceptance of SSH keys for
	  a given username caused heap corruption. [Julijan Nedic, nnposter]
	o [NSE][GH#2919][GH#2917] Scripts were not able to load SSH public keys.
	  from a file. [nnposter]
	o [NSE][GH#2928][GH#2640] Encryption/decryption performed by the OpenSSL NSE
	  module did not work correctly when the IV started with a null byte.
	  [nnposter]
	o [NSE][GH#2901][GH#2744][GH#2745] Arbitrary separator in stdnse.tohex() is now
	  supported. Script smb-protocols now reports SMB dialects correctly.
	  [nnposter]
	o [NSE] ether_type inconsistency in packet.Frame has been resolved. Both
	  Frame:new() and Frame:build_ether_frame() now use an integer. [nnposter]

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/packages/nmap | 3 +++
 lfs/nmap                       | 9 +++++----
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/config/rootfiles/packages/nmap b/config/rootfiles/packages/nmap
index 4fa71c9cf..39032f1ce 100644
--- a/config/rootfiles/packages/nmap
+++ b/config/rootfiles/packages/nmap
@@ -581,6 +581,8 @@ usr/share/nmap/scripts/metasploit-info.nse
 usr/share/nmap/scripts/metasploit-msgrpc-brute.nse
 usr/share/nmap/scripts/metasploit-xmlrpc-brute.nse
 usr/share/nmap/scripts/mikrotik-routeros-brute.nse
+usr/share/nmap/scripts/mikrotik-routeros-username-brute.nse
+usr/share/nmap/scripts/mikrotik-routeros-version.nse
 usr/share/nmap/scripts/mmouse-brute.nse
 usr/share/nmap/scripts/mmouse-exec.nse
 usr/share/nmap/scripts/modbus-discover.nse
@@ -791,6 +793,7 @@ usr/share/nmap/scripts/stuxnet-detect.nse
 usr/share/nmap/scripts/supermicro-ipmi-conf.nse
 usr/share/nmap/scripts/svn-brute.nse
 usr/share/nmap/scripts/targets-asn.nse
+usr/share/nmap/scripts/targets-ipv6-eui64.nse
 usr/share/nmap/scripts/targets-ipv6-map4to6.nse
 usr/share/nmap/scripts/targets-ipv6-multicast-echo.nse
 usr/share/nmap/scripts/targets-ipv6-multicast-invalid-dst.nse
diff --git a/lfs/nmap b/lfs/nmap
index cee8fa2a9..8418dcf4d 100644
--- a/lfs/nmap
+++ b/lfs/nmap
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2025  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -26,7 +26,8 @@ include Config
 
 SUMMARY    = Network exploration tool and security scanner
 
-VER        = 7.95
+VER        = 7.98
+# Also update ncat when nmap is updated
 
 THISAPP    = nmap-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
@@ -34,7 +35,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = nmap
-PAK_VER    = 19
+PAK_VER    = 20
 
 DEPS       =
 
@@ -48,7 +49,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 4ab4912468f6c1cf7517090bc94b1bb34e665fe1b3db973e1c7bb2d05cb885545cdf3ca5c7fb548ff0012b800f5dd60ed2f2010fc9fb62ba7d6a28537287193c
+$(DL_FILE)_BLAKE2 = bbc7f4931876b2a59dc8d94b5498e72ee76084db19089820030473628f215a0a89972638f4128e46a46ffa55bd92141bfceab311fa00f4798cf111aca5ec104a
 
 install : $(TARGET)
 
-- 
2.51.0