Re: UPDATE: net/nmap

Wed, 08 Feb 2006 08:21:17 -0800 

On Thu 2006.02.02 at 17:55 -0500, Okan Demirmen wrote:
> On Fri 2006.02.03 at 09:44 +1100, Jonathan Gray wrote:
> > This updates nmap from 3.95 to 4.00
> > 
> > Only tested on i386 so far.
> 
> yes, i am aware that it works on i386/amd64, however there are endian
> issues making some "features" not work correctly on big-endian systems,
> hence i was/am holding back...

so i know that port updates are be carefully considered now-a-days with
3.9 coming. so i have a question about what to do with the nmap port.
right now, 3.95 is in, but nmap 4.00 has been out for a few weeks.
however, amoung the usual bugs, the most annoying bug is the endian
issue with one of the new features. probes upstream have not given me
indication of when a bug fix release (4.01, i imagine) will be released,
and even if in time to make the ports tree-lock (if we are not basically
there). so 3 options, a) 3.9 ships with 3.95, b) 3.9 ships with 4.00
with broken system_dns features for big-endian, or c) 3.9 ships with
4.00 with non-official patch (almost non-official).

both jonathan gray's and chris kuethe's patch will obviously work for
option b). if option c), then the below patch.

warning: i don't have any big-endian machines that power on anymore, so
this needs to be tested.

also, this patch taken from nmap-dev@ list (with a few typo fixes as
well) which supposedly is to be included in the next nmap release, which
is when???

Index: Makefile
===================================================================
RCS file: /cvs/ports/net/nmap/Makefile,v
retrieving revision 1.60
diff -u -r1.60 Makefile
--- Makefile    16 Jan 2006 17:08:57 -0000      1.60
+++ Makefile    8 Feb 2006 16:14:36 -0000
@@ -2,8 +2,7 @@
 
 COMMENT=       "scan ports and fingerprint stack of network hosts"
 
-DISTNAME=      nmap-3.95
-PKGNAME=       ${DISTNAME}p0
+DISTNAME=      nmap-4.00
 CATEGORIES=    net security
 MASTER_SITES=  ${HOMEPAGE}dist/
 EXTRACT_SUFX=  .tgz
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/nmap/distinfo,v
retrieving revision 1.10
diff -u -r1.10 distinfo
--- distinfo    17 Dec 2005 15:47:12 -0000      1.10
+++ distinfo    8 Feb 2006 16:14:36 -0000
@@ -1,4 +1,4 @@
-MD5 (nmap-3.95.tgz) = 8aab9467378cb71ed767a863ecde58c4
-RMD160 (nmap-3.95.tgz) = 2ca183fdb4f9eeae34ae174e3de3fc2ae130a9a9
-SHA1 (nmap-3.95.tgz) = edc4995bff75fb9b0c208f2f73bda188429a9825
-SIZE (nmap-3.95.tgz) = 2428629
+MD5 (nmap-4.00.tgz) = 67c324b541eacc0935659e4e23905f0f
+RMD160 (nmap-4.00.tgz) = 4ed8f3de09702ba5e7c24e196ad48a92145e29dd
+SHA1 (nmap-4.00.tgz) = 3da2b0b33580bb66934afd7602587aa78d2f45f9
+SIZE (nmap-4.00.tgz) = 2388225
Index: patches/patch-nmap_dns_cc
===================================================================
RCS file: patches/patch-nmap_dns_cc
diff -N patches/patch-nmap_dns_cc
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-nmap_dns_cc   8 Feb 2006 16:14:36 -0000
@@ -0,0 +1,89 @@
+$OpenBSD$
+--- nmap_dns.cc.orig   Thu Jan 19 13:55:06 2006
++++ nmap_dns.cc        Wed Feb  8 10:44:17 2006
+@@ -102,7 +102,7 @@
+ // on large number of IP addresses. Nmap supports 2 different
+ // methods of accomplishing this:
+ //
+-// System Resolver (specified using --system_dns):
++// System Resolver (specified using --system-dns):
+ // Performs sequential getnameinfo() calls on all the IPs.
+ // As reliable as your system resolver, almost guaranteed
+ // to be portable, but intolerably slow for scans of hundreds
+@@ -385,7 +385,7 @@ u32 parse_inaddr_arpa(unsigned char *buf
+   u32 ip=0;
+   int i, j;
+ 
+-  for (i=3; i>=0; i--) {
++  for (i=0; i<=3; i++) {
+     if (maxlen <= 0) return 0;
+ 
+     if (buf[0] < 1 || buf[0] > 3) return 0;
+@@ -402,7 +402,7 @@ u32 parse_inaddr_arpa(unsigned char *buf
+   if (maxlen < 14) return 0; // length of the following string
+   if (strcasecmp((char *) buf, "\x07in-addr\004arpa\0")) return 0;
+ 
+-  return ip;
++  return ntohl(ip);
+ }
+ 
+ 
+@@ -620,7 +620,7 @@ void put_dns_packet_on_wire(request *req
+   u32 ip;
+   struct timeval now, timeout;
+ 
+-  ip = (u32) req->targ->v4host().s_addr;
++  ip = (u32) ntohl(req->targ->v4host().s_addr);
+ 
+   packet[0] = (req->id >> 8) & 0xFF;
+   packet[1] = req->id & 0xFF;
+@@ -629,10 +629,10 @@ void put_dns_packet_on_wire(request *req
+   memcpy(packet+plen, "\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00", 10);
+   plen += 10;
+ 
+-  plen += add_integer_to_dns_packet(packet+plen, (ip>>24) & 0xFF);
+-  plen += add_integer_to_dns_packet(packet+plen, (ip>>16) & 0xFF);
+-  plen += add_integer_to_dns_packet(packet+plen, (ip>>8) & 0xFF);
+   plen += add_integer_to_dns_packet(packet+plen, ip & 0xFF);
++  plen += add_integer_to_dns_packet(packet+plen, (ip>>8) & 0xFF);
++  plen += add_integer_to_dns_packet(packet+plen, (ip>>16) & 0xFF);
++  plen += add_integer_to_dns_packet(packet+plen, (ip>>24) & 0xFF);
+ 
+   memcpy(packet+plen, "\x07in-addr\004arpa\x00\x00\x0c\x00\x01", 18);
+   plen += 18;
+@@ -874,7 +874,7 @@ void parse_resolvdotconf() {
+ 
+   fp = fopen("/etc/resolv.conf", "r");
+   if (fp == NULL) {
+-    fatal("Unable to open /etc/resolv.conf. Try using --system_dns or specify 
valid servers with --dns_servers");
++    fatal("Unable to open /etc/resolv.conf. Try using --system-dns or specify 
valid servers with --dns-servers");
+   }
+ 
+   while (fgets(buf, sizeof(buf), fp)) {
+@@ -903,7 +903,7 @@ void parse_resolvdotconf() {
+   if (RegOpenKeyEx(HKEY_LOCAL_MACHINE,
+                    "SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters",
+                     0, KEY_READ, &hKey) != ERROR_SUCCESS)
+-    fatal("Error opening registry to read DNS servers. Try using --system_dns 
or specify valid servers with --dns_servers");
++    fatal("Error opening registry to read DNS servers. Try using --system-dns 
or specify valid servers with --dns-servers");
+ 
+   sz = sizeof(buf);
+   if (RegQueryValueEx(hKey, "NameServer", NULL, NULL, (LPBYTE) buf, (LPDWORD) 
&sz) == ERROR_SUCCESS)
+@@ -1055,7 +1055,7 @@ void nmap_mass_rdns_core(Target **target
+     else parse_resolvdotconf();
+ 
+     if (servs.size() == 0)
+-      fatal("Unable to determine any DNS servers. Try using --system_dns or 
specify valid servers with --dns_servers");
++      fatal("Unable to determine any DNS servers. Try using --system-dns or 
specify valid servers with --dns-servers");
+   }
+ 
+ 
+@@ -1156,7 +1156,7 @@ void nmap_mass_rdns_core(Target **target
+   nsp_delete(dnspool);
+ 
+   if (cname_reqs.size() && o.debugging)
+-    log_write(LOG_STDOUT, "Performing system_dns for %d domain names that use 
CNAMEs\n", (int) cname_reqs.size());
++    log_write(LOG_STDOUT, "Performing system-dns for %d domain names that use 
CNAMEs\n", (int) cname_reqs.size());
+ 
+   SPM = new ScanProgressMeter("System CNAME DNS resolution");
+

Reply via email to