From ce5688dbbf57be213a7c32363cb8020f470ed9f2 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Oct 30 2018 04:47:23 +0000
Subject: import nmap-6.40-16.el7


---

diff --git a/SOURCES/nmap-6.40-ncat_default_proxy_port.patch b/SOURCES/nmap-6.40-ncat_default_proxy_port.patch
new file mode 100644
index 0000000..8f3498f
--- /dev/null
+++ b/SOURCES/nmap-6.40-ncat_default_proxy_port.patch
@@ -0,0 +1,71 @@
+diff --git a/ncat/ncat_main.c b/ncat/ncat_main.c
+index fb8745a..82c8acd 100644
+--- a/ncat/ncat_main.c
++++ b/ncat/ncat_main.c
+@@ -261,7 +261,7 @@ int main(int argc, char *argv[])
+     struct host_list_node *allow_host_list = NULL;
+     struct host_list_node *deny_host_list = NULL;
+ 
+-	unsigned short proxyport = DEFAULT_PROXY_PORT;
++    unsigned short proxyport;
+     int srcport = -1;
+     char *source = NULL;
+ 
+@@ -705,30 +705,33 @@ int main(int argc, char *argv[])
+     }
+ 
+     if (o.proxyaddr) {
+-        if (!o.proxytype)
+-            o.proxytype = Strdup("http");
+-
+-        if (!strcmp(o.proxytype, "http") ||
+-            !strcmp(o.proxytype, "socks4") || !strcmp(o.proxytype, "4") ||
+-            !strcmp(o.proxytype, "socks5") || !strcmp(o.proxytype, "5")) {
+-            /* Parse HTTP/SOCKS proxy address and store it in targetss.
+-             * If the proxy server is given as an IPv6 address (not hostname),
+-             * the port number MUST be specified as well or parsing will break
+-             * (due to the colons in the IPv6 address and host:port separator).
+-             */
+-
+-            targetaddrs->addrlen = parseproxy(o.proxyaddr,
+-                &targetaddrs->addr.storage, &targetaddrs->addrlen, &proxyport);
+-            if (o.af == AF_INET) {
+-                targetaddrs->addr.in.sin_port = htons(proxyport);
+-            } else { // might modify to else if and test AF_{INET6|UNIX|UNSPEC}
+-                targetaddrs->addr.in6.sin6_port = htons(proxyport);
+-            }
+-        } else {
+-            bye("Invalid proxy type \"%s\".", o.proxytype);
+-        }
+-
+-        if (o.listen)
++      if (!o.proxytype){
++        o.proxytype = Strdup("http");
++      }
++
++      if (!strcmp(o.proxytype, "http")) {
++        proxyport = DEFAULT_PROXY_PORT;
++      } else if (!strcmp(o.proxytype, "socks4") || !strcmp(o.proxytype, "4")){
++        proxyport = DEFAULT_SOCKS4_PORT;
++      } else if (!strcmp(o.proxytype, "socks5") || !strcmp(o.proxytype, "5")) {
++        proxyport = DEFAULT_SOCKS5_PORT;
++      } else {
++        bye("Invalid proxy type \"%s\".", o.proxytype);
++      }
++
++      /* Parse HTTP/SOCKS proxy address and store it in targetss.
++       * If the proxy server is given as an IPv6 address (not hostname),
++       * the port number MUST be specified as well or parsing will break
++       * (due to the colons in the IPv6 address and host:port separator).
++       */
++      targetaddrs->addrlen = parseproxy(o.proxyaddr,
++                                        &targetaddrs->addr.storage, &targetaddrs->addrlen, &proxyport);
++      if (o.af == AF_INET) {
++        targetaddrs->addr.in.sin_port = htons(proxyport);
++      } else { // might modify to else if and test AF_{INET6|UNIX|UNSPEC}
++        targetaddrs->addr.in6.sin6_port = htons(proxyport);
++      }
++      if (o.listen)
+             bye("Invalid option combination: --proxy and -l.");
+     } else {
+         if (o.proxytype) {
diff --git a/SOURCES/nmap-7.60-udp_remoteaddr.patch b/SOURCES/nmap-7.60-udp_remoteaddr.patch
new file mode 100644
index 0000000..4cfde28
--- /dev/null
+++ b/SOURCES/nmap-7.60-udp_remoteaddr.patch
@@ -0,0 +1,29 @@
+commit e8b73078fd56a4d16ffa9cbb51f43ac75c5f7f1f
+Author: nnposter <nnposter@e0a8ed71-7df4-0310-8962-fdc924857419>
+Date:   Mon Sep 11 02:33:07 2017 +0000
+
+    Provides more meaningful information about the connecting client when in UDP listening mode. Closes #980
+
+diff --git a/ncat/ncat_listen.c b/ncat/ncat_listen.c
+index b047a5866..20b14b7db 100644
+--- a/ncat/ncat_listen.c
++++ b/ncat/ncat_listen.c
+@@ -898,8 +898,8 @@ static int ncat_listen_dgram(int proto)
+             ncat_log_recv(buf, nbytes);
+         }
+ 
+-        if (o.debug > 1)
+-            logdebug("Valid Connection from %d\n", socket_n);
++        if (o.verbose)
++            loguser("Connection from %s.\n", inet_socktop(&remotess));
+ 
+         conn_inc++;
+ 
+@@ -917,6 +917,7 @@ static int ncat_listen_dgram(int proto)
+             struct fdinfo info = { 0 };
+ 
+             info.fd = socket_n;
++            info.remoteaddr = remotess;
+             if (o.keepopen)
+                 netrun(&info, o.cmdexec);
+             else
diff --git a/SOURCES/nmap-use_after_free.patch b/SOURCES/nmap-use_after_free.patch
new file mode 100644
index 0000000..bf5d716
--- /dev/null
+++ b/SOURCES/nmap-use_after_free.patch
@@ -0,0 +1,20 @@
+diff --git a/portlist.cc b/portlist.cc
+index 48b4794..76908b5 100644
+--- a/portlist.cc
++++ b/portlist.cc
+@@ -722,7 +722,6 @@ int PortList::forgetPort(u16 portno, u8 protocol) {
+   state_counts_proto[protocol][answer->state]--;
+   state_counts_proto[protocol][default_port_state[protocol].state]++;
+ 
+-  delete answer;
+ 
+   port_list[protocol][portno] = NULL;
+ 
+@@ -733,6 +732,7 @@ int PortList::forgetPort(u16 portno, u8 protocol) {
+     log_flush(LOG_STDOUT);
+   }
+ 
++  delete answer;
+   return 0;
+ }
+ 
diff --git a/SPECS/nmap.spec b/SPECS/nmap.spec
index 6824572..be8978e 100644
--- a/SPECS/nmap.spec
+++ b/SPECS/nmap.spec
@@ -8,7 +8,7 @@ Version: 6.40
 ## https://bugzilla.redhat.com/1460249
 %global ncat_version 7.50
 #global prerelease %{nil}
-Release: 13%{?dist}
+Release: 16%{?dist}
 # nmap is GPLv2
 # zenmap is GPLv2 and LGPLv2+ (zenmap/higwidgets) and GPLv2+ (zenmap/radialnet)
 # libdnet-stripped is BSD (advertising clause rescinded by the Univ. of California in 1999) with some parts as Public Domain (crc32)
@@ -58,9 +58,13 @@ Patch10: nmap-6.40-trancated_dns.patch
 %if  "%{ncat_version}" != "%{version}"
 Patch11: nmap-6.40-ncat_%{ncat_version}.patch
 Patch12: nmap-6.40-ncat_memleak.patch
+Patch15: nmap-6.40-ncat_default_proxy_port.patch
 %endif
 Patch13: nmap-6.40-add_eproto_handler.patch
 Patch14: nmap-6.40-ncat_early_error_reporting.patch
+Patch16: nmap-use_after_free.patch
+Patch17: nmap-7.60-udp_remoteaddr.patch
+
 
 URL: http://nmap.org/
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -132,6 +136,7 @@ tar -xf %{SOURCE4}
 # Patch for newer/older ncat
 %patch11 -p1 -b .ncatrebase
 %patch12 -p1 -b .memleak
+%patch15 -p1 -b .socksport
 %else
 # Patches which were accepted upstream and not needed in rebased version
 %patch8 -p1 -b .logdebug
@@ -140,6 +145,8 @@ tar -xf %{SOURCE4}
 
 %patch14 -p1 -b .errorreporting
 %patch13 -p1 -b .eproto
+%patch16 -p1 -b .use-after-free
+%patch17 -p1 -b .udp_ra
 
 #be sure we're not using tarballed copies of some libraries,
 #we remove them when creating our own tarball, just check they are not present
@@ -275,6 +282,16 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man1/xnmap.1.gz
 
 %changelog
+* Mon Jun  4 2018 Pavel Zhukov <pzhukov@redhat.com> - 2:6.40-16
+- Resolves: #1573411 - Populate ncat env. variables in UDP mode
+
+* Wed Apr 25 2018 Pavel Zhukov <pzhukov@redhat.com> - 2:6.40-15
+- Resolves: #1525105 - Fix use after free error (Coverity)
+- Patches renumbered
+
+* Tue Apr  3 2018 Pavel Zhukov <pzhukov@redhat.com> - 2:6.40-14
+- Resolves: #1546246 - Don't use http proxy port for socks proxies
+
 * Wed Nov  8 2017 Pavel Zhukov <pzhukov@redhat.com> - 2:6.40-13
 - Resolves: #1436402 - nc from nmap ncat crash if ipv6 disabled