From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4cNlWm73hjz30Ch for ; Fri, 12 Sep 2025 19:55:00 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [IPv6:2001:678:b28::25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R13" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4cNlWj4Kqmz30GB for ; Fri, 12 Sep 2025 19:54:57 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4cNlWb5PR3z6p; Fri, 12 Sep 2025 19:54:51 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1757706891; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=z3uonqB2UpcV37mDKgY0emSHDOrg4fNRSPstHe9fNgM=; b=rKD5FXreUqJ1fg50L7HocNlyHEEsp47YunqeEq81bQzipFtHww3H2uR0S2oz49AQfB2eR7 V9lJ11Agr2rqHVBA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1757706891; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=z3uonqB2UpcV37mDKgY0emSHDOrg4fNRSPstHe9fNgM=; b=QzkGPo6AMpYrPwH64FSP9M2Dt1jzqzf3MsZDfA5Fc9whqibx+oBYNF7V0Ed+8ZO4wesf+c KuLM5hz8JjCXjlTuHZNsOfekWCtL2iFTMl/V+cRC4pZnWrop5ZBJceqvPr+6P1cpnjJ0dC FkhYEsjkj43oYRsjAnxa2N7GrXQsxF5ZzJibjzgkTDPTEfzkGvMFMvWbu1br44IyPU7sAF X3oXji7CvRgAV4W6si4RadALN2v2JZ/o3GmEUe7vdjHLh2Uh3v+IeVnwoGuRjqbp03TJgO UEBLO0omUvBW/nSLmQIl1uNaKIH9b6AnOhQces4ryUlPT4BzXOlzfe8N60AFGg== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH 1/2] nmap: Update to version 7.98 Date: Fri, 12 Sep 2025 21:54:46 +0200 Message-ID: <20250912195447.3488809-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit - Update from version 7.95 to 7.98 - Update of rootfile - Changelog 7.98 o Updated liblua to 5.4.8 o Fixed an issue in FTP bounce scan where a single null byte is written past the end of the receive buffer. The issue is triggered by a malicious server but does not cause a crash with default builds. [Tyler Zars] o [GH#3130] Fix a crash (stack exhaustion due to excessive recursion) in the parallel DNS resolver. Additionally, improved performance by processing responses that come after the request has timed out. [Daniel Miller] o [GH#2757] Fix a crash in traceroute when using randomly-generated decoys: "Assertion `source->ss_family == AF_INET' failed" [Daniel Miller] o [GH#2899] When IP protocol scanning on IPv6 (-sO -6), skip protocol numbers that are registered as Extension Header values. When the --data option was used, these would fail the assertion "len == (u32) ntohs(ip6->ip6_plen)" [Daniel Miller] o [NSE][GH#3133] Fix the error "nse_nsock.cc:637: void receive_callback(nsock_pool, nsock_event, void*): Assertion `lua_status(L) == 1' failed." when reading from an SSL connection. [Daniel Miller] o [GH#3086] Prevent TCP Connect scan (-sT) from leaking one socket per hostgroup, which led to progressively slower scans and assertion failures in other scan phases. [Daniel Miller] o [NSE] Added NSE bindings for more libssh2 functions: channel_request, channel_request_pty_ex, channel_shell, and userauth_keyboard_interactive. ssh-brute will now use keyboard-interactive auth if password auth is not offered. [Daniel Miller, CrowdStrike] o Fix a bug that was causing Nmap to send empty DNS packets for each target that was not found up instead of just skipping them for reverse DNS. o [macOS][GH#3127] Fix "dnet: Failed to open device en0" errors on macOS since Nmap 7.96. [Daniel Miller] o [NSE] Fix/update/enhance tls.lua for newer TLSv1.3 ciphers, including post-quantum ciphersuites. o [GH#3114][Windows] Use only the DNS servers for up and configured interfaces for forward and reverse DNS lookups. When -e or -S are used, use only DNS servers that can be connected via that interface or source address. [Daniel Miller] o [Ndiff][GH#3115] Have configure script check for PyPA 'build' module. [Daniel Miller] o [Zenmap] Updated Spanish and Chinese language strings for Zenmap to cover latest strings. o [Zenmap][GH#2718] Zenmap language translation (i18n) files were not being installed. [Daniel Miller] o [Zenmap][GH#3066] Fix Zenmap error "ValueError: I/O operation on closed file" when Nmap crashes or fails. [Daniel Miller] o [Zenmap][GH#3084][GH#3127] Fix UnicodeDecodeError issues in ScriptMetadata and UmitConfigParser. [Daniel Miller] o [NSE][GH#3123] WS-Discovery parsing would error out if the MessageID UUID was not prefixed with "urn:". [nnposter] 7.97 o [Zenmap][GH#3087] Fix a crash when starting a scan on Windows in locales that use non-latin character sets. Also changed Nmap to print the time zone as an offset from UTC instead of as a localized string. [Daniel Miller] o Fixed an issue with the parallel forward DNS resolver: it had not been consulting /etc/hosts, nor did it correctly handle the 'localhost' name. [Daniel Miller] o [GH#3088] Mitigate a false-positive detection by replacing a malicious URL in the example output of http-malware-host [nnposter] 7.96 o Upgraded included libraries: OpenSSL 3.0.16, Lua 5.4.7, libssh2 1.11.1, libpcap 1.10.5, libpcre2 10.45, libdnet 1.18.0 o [Windows] Upgraded the included version of Npcap from version 1.79 to the latest version 1.82, bringing faster packet injection, VLAN header capture, and support for SR-IOV adapters, along with many other bug fixes and feature enhancements described at https://npcap.com/changelog o [GH#1451] Nmap now performs forward DNS lookups in parallel, using the same engine that has been reliably performing reverse-DNS lookups for nearly a decade. Scanning large lists of hostnames is now enormously faster and avoids the unresponsive wait for blocking system calls, so progress stats can be shown. In testing, resolving 1 million website names to both IPv4 and IPv6 took just over an hour. The previous system took 49 hours for the same data set! [Daniel Miller] o [Nping][GH#2862] Promoted Nping version number from a 0.7.95 alpha release to the same release version as Nmap. o [Zenmap][GH#2358] Added dark mode, accessed via Profile->Toggle Dark Mode or window::dark_mode in zenmap.conf. [Daniel Miller] o [NSE] Added 3 new scripts, for a total of 612 NSE scripts: + [GH#2973] mikrotik-routeros-version queries MikroTik's WinBox router admin service to get the RouterOS version. New service probes were also added for this service. [deauther890, Daniel Miller] + mikrotik-routeros-username-brute brute-forces WinBox usernames for the router using CVE-2024-54772. [deauther890] + targets-ipv6-eui64 generates target IPv6 addresses from a user-provided file of MAC addresses, using the EUI-64 method. [Daniel Miller] o [GH#2982] Fixed an issue preventing the Nmap OEM 7.95 uninstaller from correctly uninstalling Nmap OEM. o [GH#2139][Nsock][Windows] Fixed the IOCP Nsock engine, which had been demoted since Nmap 7.91 due to unresolved issues around SSL sockets and IPv6. [Daniel Miller] o [GH#2113] Fixed the issue where TCP Connect scans (-sT) on Windows would show 'filtered' instead of 'closed', due to differences in understanding timeouts. o [GH#2900][GH#2896][GH#2897] Nmap is now able to scan IP protocol 255. [nnposter] o Nmap will now allow targets to be specified both on the command line and in an input file with -iL. Previously, if targets were provided in both places, only the targets in the input file would be scanned, and no notice was given that the command-line targets were ignored. [Daniel Miller] o [Zenmap][GH#2854] Fixed a Zenmap crash in DiffViewer when Ndiff exits with error. o [Zenmap] Fixed several UnicodeDecodeError or UnicodeEncodeError crashes throughout Zenmap. o [Zenmap][GH#1696] Fixed an issue preventing Zenmap from launching if nmap was not in the PATH. The issue primarily affected macOS users. [Daniel Miller] o [GH#2838][GH#2836] Fixed a couple of issues with parsing the argument to the -iR option. o [NSE][GH#2852] Added TLS support to redis.lua and improved -sV detection of redis. o [GH#2954] Fix 2 potential crashes in parsing IPv6 extension headers discovered using AFL++ fuzzer. [Domen Puncer Kugler, Daniel Miller] o [Nping] Bind raw socket to device when possible. This was already done for IPv6, but was needed for IPv4 L3 tunnels. [ValdikSS] o [Ncat] Ncat in connect mode no longer defaults to half-closed TCP connections. This makes it more compatible with other netcats. The -k option will enable the old behavior. See https://seclists.org/nmap-dev/2013/q1/188 [Daniel Miller] o [Nsock][GH#2788] Fix an issue affecting Ncat where unread bytes in the SSL layer's buffer could not be read until more data arrived on the socket, which could lead to deadlock. [Daniel Miller] o [Ncat][GH#2422] New Ncat option -q to delay quit after EOF on stdin, the same as traditional netcat's -q option. [Daniel Miller] o [Ncat][GH#2843] Ncat in listen mode with -e or -c correctly handles error and EOF conditions that had not been being delivered to the child process. o [Ncat][Windows] All Nsock engines now work correctly. The default is still 'select', but others can be set with --nsock-engine=iocp or --nsock-engine=poll [Daniel Miller] o [NSE][GH#1014][GH#2616] SSH NSE scripts now catch connection errors thrown by the libssh2 Lua binding, providing useful output instead of a backtrace. [Joshua Rogers, Daniel Miller] o [NSE] Several fixes and extensions to the libssh2 NSE bindings: fixed libssh2.channel_read_stderr, which was reading stdout instead; add binding for libssh2_userauth_publickey_frommemory; allow open_channel to avoid allocating a pty; o [Nsock] Improvements for platforms without selectable pcap handles (e.g. Windows). Interleaved pcap and socket events were favoring pcap reads, possibly resulting in timeouts of the socket events. [Daniel Miller] o [Nsock] Improved memory performance of poll engine on Windows. [Daniel Miller] o [Nsock][GH#187][GH#2912] Improvements to Nsock event list management, fixing errors like "could not find 1 of the purportedly pending events on that IOD." [Daniel Miller] o When Nmap is used with --disable-arp-ping, a local IP that cannot be ARP-resolved will use the "no-route" reason instead of the "unknown-response" reason, since no response was received. o [NSE][GH#2571][GH#2572][GH#2622][GH#2784] Various bug fixes in the mssql NSE library. [johnjaylward, nnposter] o [NSE][GH#2925][GH#2917][GH#2924] Testing for acceptance of SSH keys for a given username caused heap corruption. [Julijan Nedic, nnposter] o [NSE][GH#2919][GH#2917] Scripts were not able to load SSH public keys. from a file. [nnposter] o [NSE][GH#2928][GH#2640] Encryption/decryption performed by the OpenSSL NSE module did not work correctly when the IV started with a null byte. [nnposter] o [NSE][GH#2901][GH#2744][GH#2745] Arbitrary separator in stdnse.tohex() is now supported. Script smb-protocols now reports SMB dialects correctly. [nnposter] o [NSE] ether_type inconsistency in packet.Frame has been resolved. Both Frame:new() and Frame:build_ether_frame() now use an integer. [nnposter] Signed-off-by: Adolf Belka --- config/rootfiles/packages/nmap | 3 +++ lfs/nmap | 9 +++++---- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/config/rootfiles/packages/nmap b/config/rootfiles/packages/nmap index 4fa71c9cf..39032f1ce 100644 --- a/config/rootfiles/packages/nmap +++ b/config/rootfiles/packages/nmap @@ -581,6 +581,8 @@ usr/share/nmap/scripts/metasploit-info.nse usr/share/nmap/scripts/metasploit-msgrpc-brute.nse usr/share/nmap/scripts/metasploit-xmlrpc-brute.nse usr/share/nmap/scripts/mikrotik-routeros-brute.nse +usr/share/nmap/scripts/mikrotik-routeros-username-brute.nse +usr/share/nmap/scripts/mikrotik-routeros-version.nse usr/share/nmap/scripts/mmouse-brute.nse usr/share/nmap/scripts/mmouse-exec.nse usr/share/nmap/scripts/modbus-discover.nse @@ -791,6 +793,7 @@ usr/share/nmap/scripts/stuxnet-detect.nse usr/share/nmap/scripts/supermicro-ipmi-conf.nse usr/share/nmap/scripts/svn-brute.nse usr/share/nmap/scripts/targets-asn.nse +usr/share/nmap/scripts/targets-ipv6-eui64.nse usr/share/nmap/scripts/targets-ipv6-map4to6.nse usr/share/nmap/scripts/targets-ipv6-multicast-echo.nse usr/share/nmap/scripts/targets-ipv6-multicast-invalid-dst.nse diff --git a/lfs/nmap b/lfs/nmap index cee8fa2a9..8418dcf4d 100644 --- a/lfs/nmap +++ b/lfs/nmap @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2024 IPFire Team # +# Copyright (C) 2007-2025 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,8 @@ include Config SUMMARY = Network exploration tool and security scanner -VER = 7.95 +VER = 7.98 +# Also update ncat when nmap is updated THISAPP = nmap-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -34,7 +35,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = nmap -PAK_VER = 19 +PAK_VER = 20 DEPS = @@ -48,7 +49,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 4ab4912468f6c1cf7517090bc94b1bb34e665fe1b3db973e1c7bb2d05cb885545cdf3ca5c7fb548ff0012b800f5dd60ed2f2010fc9fb62ba7d6a28537287193c +$(DL_FILE)_BLAKE2 = bbc7f4931876b2a59dc8d94b5498e72ee76084db19089820030473628f215a0a89972638f4128e46a46ffa55bd92141bfceab311fa00f4798cf111aca5ec104a install : $(TARGET) -- 2.51.0