On Thu 2006.02.02 at 17:55 -0500, Okan Demirmen wrote: > On Fri 2006.02.03 at 09:44 +1100, Jonathan Gray wrote: > > This updates nmap from 3.95 to 4.00 > > > > Only tested on i386 so far. > > yes, i am aware that it works on i386/amd64, however there are endian > issues making some "features" not work correctly on big-endian systems, > hence i was/am holding back...
so i know that port updates are be carefully considered now-a-days with 3.9 coming. so i have a question about what to do with the nmap port. right now, 3.95 is in, but nmap 4.00 has been out for a few weeks. however, amoung the usual bugs, the most annoying bug is the endian issue with one of the new features. probes upstream have not given me indication of when a bug fix release (4.01, i imagine) will be released, and even if in time to make the ports tree-lock (if we are not basically there). so 3 options, a) 3.9 ships with 3.95, b) 3.9 ships with 4.00 with broken system_dns features for big-endian, or c) 3.9 ships with 4.00 with non-official patch (almost non-official). both jonathan gray's and chris kuethe's patch will obviously work for option b). if option c), then the below patch. warning: i don't have any big-endian machines that power on anymore, so this needs to be tested. also, this patch taken from nmap-dev@ list (with a few typo fixes as well) which supposedly is to be included in the next nmap release, which is when??? Index: Makefile =================================================================== RCS file: /cvs/ports/net/nmap/Makefile,v retrieving revision 1.60 diff -u -r1.60 Makefile --- Makefile 16 Jan 2006 17:08:57 -0000 1.60 +++ Makefile 8 Feb 2006 16:14:36 -0000 @@ -2,8 +2,7 @@ COMMENT= "scan ports and fingerprint stack of network hosts" -DISTNAME= nmap-3.95 -PKGNAME= ${DISTNAME}p0 +DISTNAME= nmap-4.00 CATEGORIES= net security MASTER_SITES= ${HOMEPAGE}dist/ EXTRACT_SUFX= .tgz Index: distinfo =================================================================== RCS file: /cvs/ports/net/nmap/distinfo,v retrieving revision 1.10 diff -u -r1.10 distinfo --- distinfo 17 Dec 2005 15:47:12 -0000 1.10 +++ distinfo 8 Feb 2006 16:14:36 -0000 @@ -1,4 +1,4 @@ -MD5 (nmap-3.95.tgz) = 8aab9467378cb71ed767a863ecde58c4 -RMD160 (nmap-3.95.tgz) = 2ca183fdb4f9eeae34ae174e3de3fc2ae130a9a9 -SHA1 (nmap-3.95.tgz) = edc4995bff75fb9b0c208f2f73bda188429a9825 -SIZE (nmap-3.95.tgz) = 2428629 +MD5 (nmap-4.00.tgz) = 67c324b541eacc0935659e4e23905f0f +RMD160 (nmap-4.00.tgz) = 4ed8f3de09702ba5e7c24e196ad48a92145e29dd +SHA1 (nmap-4.00.tgz) = 3da2b0b33580bb66934afd7602587aa78d2f45f9 +SIZE (nmap-4.00.tgz) = 2388225 Index: patches/patch-nmap_dns_cc =================================================================== RCS file: patches/patch-nmap_dns_cc diff -N patches/patch-nmap_dns_cc --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-nmap_dns_cc 8 Feb 2006 16:14:36 -0000 @@ -0,0 +1,89 @@ +$OpenBSD$ +--- nmap_dns.cc.orig Thu Jan 19 13:55:06 2006 ++++ nmap_dns.cc Wed Feb 8 10:44:17 2006 +@@ -102,7 +102,7 @@ + // on large number of IP addresses. Nmap supports 2 different + // methods of accomplishing this: + // +-// System Resolver (specified using --system_dns): ++// System Resolver (specified using --system-dns): + // Performs sequential getnameinfo() calls on all the IPs. + // As reliable as your system resolver, almost guaranteed + // to be portable, but intolerably slow for scans of hundreds +@@ -385,7 +385,7 @@ u32 parse_inaddr_arpa(unsigned char *buf + u32 ip=0; + int i, j; + +- for (i=3; i>=0; i--) { ++ for (i=0; i<=3; i++) { + if (maxlen <= 0) return 0; + + if (buf[0] < 1 || buf[0] > 3) return 0; +@@ -402,7 +402,7 @@ u32 parse_inaddr_arpa(unsigned char *buf + if (maxlen < 14) return 0; // length of the following string + if (strcasecmp((char *) buf, "\x07in-addr\004arpa\0")) return 0; + +- return ip; ++ return ntohl(ip); + } + + +@@ -620,7 +620,7 @@ void put_dns_packet_on_wire(request *req + u32 ip; + struct timeval now, timeout; + +- ip = (u32) req->targ->v4host().s_addr; ++ ip = (u32) ntohl(req->targ->v4host().s_addr); + + packet[0] = (req->id >> 8) & 0xFF; + packet[1] = req->id & 0xFF; +@@ -629,10 +629,10 @@ void put_dns_packet_on_wire(request *req + memcpy(packet+plen, "\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00", 10); + plen += 10; + +- plen += add_integer_to_dns_packet(packet+plen, (ip>>24) & 0xFF); +- plen += add_integer_to_dns_packet(packet+plen, (ip>>16) & 0xFF); +- plen += add_integer_to_dns_packet(packet+plen, (ip>>8) & 0xFF); + plen += add_integer_to_dns_packet(packet+plen, ip & 0xFF); ++ plen += add_integer_to_dns_packet(packet+plen, (ip>>8) & 0xFF); ++ plen += add_integer_to_dns_packet(packet+plen, (ip>>16) & 0xFF); ++ plen += add_integer_to_dns_packet(packet+plen, (ip>>24) & 0xFF); + + memcpy(packet+plen, "\x07in-addr\004arpa\x00\x00\x0c\x00\x01", 18); + plen += 18; +@@ -874,7 +874,7 @@ void parse_resolvdotconf() { + + fp = fopen("/etc/resolv.conf", "r"); + if (fp == NULL) { +- fatal("Unable to open /etc/resolv.conf. Try using --system_dns or specify valid servers with --dns_servers"); ++ fatal("Unable to open /etc/resolv.conf. Try using --system-dns or specify valid servers with --dns-servers"); + } + + while (fgets(buf, sizeof(buf), fp)) { +@@ -903,7 +903,7 @@ void parse_resolvdotconf() { + if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, + "SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters", + 0, KEY_READ, &hKey) != ERROR_SUCCESS) +- fatal("Error opening registry to read DNS servers. Try using --system_dns or specify valid servers with --dns_servers"); ++ fatal("Error opening registry to read DNS servers. Try using --system-dns or specify valid servers with --dns-servers"); + + sz = sizeof(buf); + if (RegQueryValueEx(hKey, "NameServer", NULL, NULL, (LPBYTE) buf, (LPDWORD) &sz) == ERROR_SUCCESS) +@@ -1055,7 +1055,7 @@ void nmap_mass_rdns_core(Target **target + else parse_resolvdotconf(); + + if (servs.size() == 0) +- fatal("Unable to determine any DNS servers. Try using --system_dns or specify valid servers with --dns_servers"); ++ fatal("Unable to determine any DNS servers. Try using --system-dns or specify valid servers with --dns-servers"); + } + + +@@ -1156,7 +1156,7 @@ void nmap_mass_rdns_core(Target **target + nsp_delete(dnspool); + + if (cname_reqs.size() && o.debugging) +- log_write(LOG_STDOUT, "Performing system_dns for %d domain names that use CNAMEs\n", (int) cname_reqs.size()); ++ log_write(LOG_STDOUT, "Performing system-dns for %d domain names that use CNAMEs\n", (int) cname_reqs.size()); + + SPM = new ScanProgressMeter("System CNAME DNS resolution"); +