aboutsummaryrefslogtreecommitdiffstats
path: root/main
diff options
context:
space:
mode:
Diffstat (limited to 'main')
-rw-r--r--main/nmap/APKBUILD16
-rw-r--r--main/nmap/CVE-2017-18594.patch30
-rw-r--r--main/nmap/CVE-2018-15173.patch34
3 files changed, 77 insertions, 3 deletions
diff --git a/main/nmap/APKBUILD b/main/nmap/APKBUILD
index 82876074d8..41ab3ae86f 100644
--- a/main/nmap/APKBUILD
+++ b/main/nmap/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Leonardo Arena <rnalrd@alpinelinux.org>
pkgname=nmap
pkgver=7.70
-pkgrel=1
+pkgrel=2
pkgdesc="A network exploration tool and security/port scanner"
url="http://nmap.org"
arch="all"
@@ -16,9 +16,17 @@ subpackages="
$pkgname-nping
$pkgname-ncat"
source="http://nmap.org/dist/$pkgname-$pkgver.tar.bz2
- fortify-source.patch"
+ fortify-source.patch
+ CVE-2017-18594.patch
+ CVE-2018-15173.patch
+ "
builddir="$srcdir"/$pkgname-$pkgver
+# secfixes:
+# 7.70-r2:
+# - CVE-2017-18594
+# - CVE-2018-15173
+
prepare() {
default_prepare
update_config_sub
@@ -83,4 +91,6 @@ nping() {
}
sha512sums="084c148b022ff6550e269d976d0077f7932a10e2ef218236fe13aa3a70b4eb6506df03329868fc68cb3ce78e4360b200f5a7a491d3145028fed679ef1c9ecae5 nmap-7.70.tar.bz2
-2d1f6e290723ac643f456a0e1ac95c4c966106cf2ab743839d25c835bf0141dc2d6bfee19285c3518d4c5f553b0505dabe5a496b769ba47b7adb03e791f05b8d fortify-source.patch"
+2d1f6e290723ac643f456a0e1ac95c4c966106cf2ab743839d25c835bf0141dc2d6bfee19285c3518d4c5f553b0505dabe5a496b769ba47b7adb03e791f05b8d fortify-source.patch
+a3edb3dc75d4dfa20ebed17b97044f1024b1a9d58145bfc31f3e8bd9d299f047aae47c146866fdfa62fab18383f60dd1ae41091adda0ff7db4a017756886d97d CVE-2017-18594.patch
+819b194f533300e05e87efe05bcf8d6964d3fff29c1e9aa8fd2202eddf419733e8cda9984f505ef675a94edc2172d0485f5f5c933e6a1f7759277cc01b52406a CVE-2018-15173.patch"
diff --git a/main/nmap/CVE-2017-18594.patch b/main/nmap/CVE-2017-18594.patch
new file mode 100644
index 0000000000..d6cbce77e7
--- /dev/null
+++ b/main/nmap/CVE-2017-18594.patch
@@ -0,0 +1,30 @@
+diff --git a/nse_libssh2.cc b/nse_libssh2.cc
+index bf721b6..22f5bbf 100644
+--- a/nse_libssh2.cc
++++ b/nse_libssh2.cc
+@@ -13,7 +13,6 @@ extern "C" {
+ #include "libssh2.h"
+ }
+
+-#include "nse_debug.h"
+ #include "nse_nsock.h"
+ #include "nse_utility.h"
+
+@@ -296,6 +295,7 @@ static int do_session_handshake (lua_State *L, int status, lua_KContext ctx) {
+
+ if (rc) {
+ libssh2_session_free(sshu->session);
++ sshu->session = NULL;
+ return luaL_error(L, "Unable to complete libssh2 handshake.");
+ }
+
+@@ -479,7 +479,7 @@ static int userauth_list (lua_State *L, int status, lua_KContext ctx) {
+ }
+
+ /*
+-* Returns list of supported authenication methods
++* Returns list of supported authentication methods
+ */
+ static int l_userauth_list (lua_State *L) {
+ return userauth_list(L, 0, 0);
+
diff --git a/main/nmap/CVE-2018-15173.patch b/main/nmap/CVE-2018-15173.patch
new file mode 100644
index 0000000000..b9620c4ca4
--- /dev/null
+++ b/main/nmap/CVE-2018-15173.patch
@@ -0,0 +1,34 @@
+diff --git a/service_scan.cc b/service_scan.cc
+index 9780ae3..ec8d48d 100644
+--- a/service_scan.cc
++++ b/service_scan.cc
+@@ -489,6 +489,15 @@ void ServiceProbeMatch::InitMatch(const char *matchtext, int lineno) {
+ if (pcre_errptr != NULL)
+ fatal("%s: failed to pcre_study regexp on line %d of nmap-service-probes: %s\n", __func__, lineno, pcre_errptr);
+
++ // Set some limits to avoid evil match cases.
++ // These are flexible; if they cause problems, increase them.
++#ifdef PCRE_ERROR_MATCHLIMIT
++ regex_extra->match_limit = 100000; // 100K
++#endif
++#ifdef PCRE_ERROR_RECURSIONLIMIT
++ regex_extra->match_limit_recursion = 10000; // 10K
++#endif
++
+ free(modestr);
+ free(flags);
+
+@@ -568,6 +577,12 @@ const struct MatchDetails *ServiceProbeMatch::testMatch(const u8 *buf, int bufle
+ if (o.debugging || o.verbose > 1)
+ error("Warning: Hit PCRE_ERROR_MATCHLIMIT when probing for service %s with the regex '%s'", servicename, matchstr);
+ } else
++#endif // PCRE_ERROR_MATCHLIMIT
++#ifdef PCRE_ERROR_RECURSIONLIMIT
++ if (rc == PCRE_ERROR_RECURSIONLIMIT) {
++ if (o.debugging || o.verbose > 1)
++ error("Warning: Hit PCRE_ERROR_RECURSIONLIMIT when probing for service %s with the regex '%s'", servicename, matchstr);
++ } else
+ #endif // PCRE_ERROR_MATCHLIMIT
+ if (rc != PCRE_ERROR_NOMATCH) {
+ fatal("Unexpected PCRE error (%d) when probing for service %s with the regex '%s'", rc, servicename, matchstr);
+