- Update from version 7.94 to 7.95 - Update of rootfile - Changelog 7.95 o [Windows] Upgraded Npcap (our Windows raw packet capturing and transmission driver) from version 1.75 to the latest version 1.79. It includes many performance improvements, bug fixes and feature enhancements described at https://npcap.com/changelog. o Integrated over 4000 IPv4 OS fingerprints submitted since June 2020. Added 336 fingerprints, bringing the new total to 6036. Additions include iOS 15 & 16, macOS Ventura & Monterey, Linux 6.1, OpenBSD 7.1, and lwIP 2.2 o Integrated over 2500 service/version detection fingerprints submitted since June 2020. The signature count went up 1.4% to 12089, including 9 new softmatches. We now detect 1246 protocols, including new additions of grpc, mysqlx, essnet, remotemouse, and tuya. o [NSE] Four new scripts from the DINA community (https://github.com/DINA-community) for querying industrial control systems: + hartip-info reads device information from devices using the Highway Addressable Remote Transducer protocol + iec61850-mms queries devices using Manufacturing Message Specification requests. [Dennis Rösch, Max Helbig] + multicast-profinet-discovery Sends a multicast PROFINET DCP Identify All message and prints the responses. [Stefan Eiwanger, DINA-community] + profinet-cm-lookup queries the DCERPC endpoint mapper exposed via the PNIO-CM service. o Upgraded included libraries: Lua 5.4.6, libpcre2 10.43, zlib 1.3.1, libssh2 1.11.0, liblinear 2.47 o [GH#2639] Upgraded OpenSSL binaries (for the Windows builds and for RPMs) to version 3.0.13. CVEs resolved in this update include only 2 moderate-severity issues which we do not believe affect Nmap: CVE-2023-5363 and CVE-2023-2650 o [Zenmap][Ndiff][GH#2649] Zenmap and Ndiff now use setuptools, not distutils for packaging. o [Ncat][GH#2685] Fixed Ncat UDP server mode to not quit after EOF on stdin. Reported as Debian bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039613 o [GH#2672] Fixed an issue where TCP Connect scan (-sT) on Windows would fail to open any sockets, leading to scans that never finish. [Daniel Miller] o [NSE] ssh-auth-methods will now print the pre-authentication banner text when available. Requires libssh2 1.11.0 or later. [Daniel Miller] o [Zenmap][GH#2739] Fix a crash in Zenmap when changing a host comment. o [NSE][GH#2766] Fix TLS 1.2 signature algorithms for EdDSA. [Daniel Roethlisberger] o [Zenmap][GH#2706] RPM spec files now correctly require the python3 package, not python>=3 o Improvements to OS detection fingerprint matching, including a syntax change for nmap-os-db that allows ranges within the TCP Options string. This leads to more concise and maintainable fingerprints. [Daniel Miller] o Improved the OS detection engine by using a new source port for each retry. Scans from systems such as Windows that do not send RST for unsolicited SYN|ACK responses were previously unable to get a response in subsequent tries. [Daniel Miller] o Several profile-guided optimizations of the port scan engine. [Daniel Miller] o [GH#2731] Fix an out-of-bounds read which led to out-of-memory errors when duplicate addresses were used with --exclude o [GH#2609] Fixed a memory leak in Nsock: compiled pcap filters were not freed. o [GH#2658] Fixed a crash when using service name wildcards with -p, as in -p "http*" o [NSE] Fixed DNS TXT record parsing which caused asn-query to fail in Nmap 7.80 and later. [David Fifield, Mike Pattrick] o [NSE][GH#2727][GH#2728] Fixed packet size testing in KNX scripts [f0rw4rd]
Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/rootfiles/packages/nmap | 8 +++++--- lfs/nmap | 22 +++++++++++----------- 2 files changed, 16 insertions(+), 14 deletions(-)
diff --git a/config/rootfiles/packages/nmap b/config/rootfiles/packages/nmap index b7627c97f..5f660dd9f 100644 --- a/config/rootfiles/packages/nmap +++ b/config/rootfiles/packages/nmap @@ -1,7 +1,6 @@ usr/bin/nmap usr/bin/nping #usr/share/man/de/man1/nmap.1 -#usr/share/man/es #usr/share/man/es/man1 #usr/share/man/es/man1/nmap.1 #usr/share/man/fr/man1/nmap.1 @@ -15,7 +14,6 @@ usr/bin/nping #usr/share/man/ja/man1/nmap.1 #usr/share/man/man1/nmap.1 #usr/share/man/man1/nping.1 -#usr/share/man/pl #usr/share/man/pl/man1 #usr/share/man/pl/man1/nmap.1 #usr/share/man/pt_BR/man1/nmap.1 @@ -130,6 +128,7 @@ usr/share/nmap/nselib/http.lua usr/share/nmap/nselib/httpspider.lua usr/share/nmap/nselib/iax2.lua usr/share/nmap/nselib/idna.lua +usr/share/nmap/nselib/iec61850mms.lua usr/share/nmap/nselib/ike.lua usr/share/nmap/nselib/imap.lua usr/share/nmap/nselib/informix.lua @@ -175,7 +174,6 @@ usr/share/nmap/nselib/openssl.luadoc usr/share/nmap/nselib/ospf.lua usr/share/nmap/nselib/outlib.lua usr/share/nmap/nselib/packet.lua -usr/share/nmap/nselib/pcre.luadoc usr/share/nmap/nselib/pgsql.lua usr/share/nmap/nselib/pop3.lua usr/share/nmap/nselib/pppoe.lua @@ -378,6 +376,7 @@ usr/share/nmap/scripts/hadoop-jobtracker-info.nse usr/share/nmap/scripts/hadoop-namenode-info.nse usr/share/nmap/scripts/hadoop-secondary-namenode-info.nse usr/share/nmap/scripts/hadoop-tasktracker-info.nse +usr/share/nmap/scripts/hartip-info.nse usr/share/nmap/scripts/hbase-master-info.nse usr/share/nmap/scripts/hbase-region-info.nse usr/share/nmap/scripts/hddtemp-info.nse @@ -524,6 +523,7 @@ usr/share/nmap/scripts/iax2-brute.nse usr/share/nmap/scripts/iax2-version.nse usr/share/nmap/scripts/icap-info.nse usr/share/nmap/scripts/iec-identify.nse +usr/share/nmap/scripts/iec61850-mms.nse usr/share/nmap/scripts/ike-version.nse usr/share/nmap/scripts/imap-brute.nse usr/share/nmap/scripts/imap-capabilities.nse @@ -600,6 +600,7 @@ usr/share/nmap/scripts/ms-sql-tables.nse usr/share/nmap/scripts/ms-sql-xp-cmdshell.nse usr/share/nmap/scripts/msrpc-enum.nse usr/share/nmap/scripts/mtrace.nse +usr/share/nmap/scripts/multicast-profinet-discovery.nse usr/share/nmap/scripts/murmur-version.nse usr/share/nmap/scripts/mysql-audit.nse usr/share/nmap/scripts/mysql-brute.nse @@ -662,6 +663,7 @@ usr/share/nmap/scripts/pop3-capabilities.nse usr/share/nmap/scripts/pop3-ntlm-info.nse usr/share/nmap/scripts/port-states.nse usr/share/nmap/scripts/pptp-version.nse +usr/share/nmap/scripts/profinet-cm-lookup.nse usr/share/nmap/scripts/puppet-naivesigning.nse usr/share/nmap/scripts/qconn-exec.nse usr/share/nmap/scripts/qscan.nse diff --git a/lfs/nmap b/lfs/nmap index 36a348be4..cee8fa2a9 100644 --- a/lfs/nmap +++ b/lfs/nmap @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config
SUMMARY = Network exploration tool and security scanner
-VER = 7.94 +VER = 7.95
THISAPP = nmap-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = nmap -PAK_VER = 18 +PAK_VER = 19
DEPS =
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 5819b458b50e33f6a507ad3c32a731c13e730c40d31a61731c3cfcd41fad8e3fdfcbb721ef46b05a80e406d0a646d0966d4b645551711144822551ef374a443a +$(DL_FILE)_BLAKE2 = 4ab4912468f6c1cf7517090bc94b1bb34e665fe1b3db973e1c7bb2d05cb885545cdf3ca5c7fb548ff0012b800f5dd60ed2f2010fc9fb62ba7d6a28537287193c
install : $(TARGET)
@@ -82,13 +82,13 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) $(UPDATE_AUTOMAKE) - cd $(DIR_APP) && PYTHON=python3 \ - ./configure \ - --prefix=/usr \ - --without-nmapfe \ - --without-zenmap \ - --without-ncat \ - --without-ndiff + cd $(DIR_APP) && PYTHON=python3 \ + ./configure \ + --prefix=/usr \ + --without-nmapfe \ + --without-zenmap \ + --without-ncat \ + --without-ndiff cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) cd $(DIR_APP) && make install @rm -rf $(DIR_APP)