--- a/components/nmap/patches/nmap-6.25-cve-2013-4885.patch Fri Apr 15 10:18:28 2016 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,161 +0,0 @@
-# http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=14;bug=719289
-# Index: scripts/http-domino-enum-passwords.nse
-# ===================================================================
---- nmap-6.25/scripts/http-domino-enum-passwords.nse (revision 31575)
-+++ nmap-6.25/scripts/http-domino-enum-passwords.nse (revision 31576)
-@@ -315,9 +315,10 @@
- http_response = http.get( vhost or host, port, u_details.idfile, { auth = { username = user, password = pass }, no_cache = true })
-
- if ( http_response.status == 200 ) then
-- local status, err = saveIDFile( ("%s/%s.id"):format(download_path, u_details.fullname), http_response.body )
-+ local filename = download_path .. "/" .. stdnse.filename_escape(u_details.fullname .. ".id")
-+ local status, err = saveIDFile( filename, http_response.body )
- if ( status ) then
-- table.insert( id_files, ("%s ID File has been downloaded (%s/%s.id)"):format(u_details.fullname, download_path, u_details.fullname) )
-+ table.insert( id_files, ("%s ID File has been downloaded (%s)"):format(u_details.fullname, filename) )
- else
- table.insert( id_files, ("%s ID File was not saved (error: %s)"):format(u_details.fullname, err ) )
- end
-# Index: scripts/stuxnet-detect.nse
-# ===================================================================
---- nmap-6.25/scripts/stuxnet-detect.nse (revision 31575)
-+++ nmap-6.25/scripts/stuxnet-detect.nse (revision 31576)
-@@ -81,7 +81,7 @@
-
- fmt = save:gsub("%%h", host.ip)
- fmt = fmt:gsub("%%v", version)
-- file = io.open(fmt, "w")
-+ file = io.open(stdnse.filename_escape(fmt), "w")
- if file then
- stdnse.print_debug(1, "Wrote %d bytes to file %s.", #result.arguments, fmt)
- file:write(result.arguments)
-# Index: scripts/http-config-backup.nse
-# ===================================================================
---- nmap-6.25/scripts/http-config-backup.nse (revision 31575)
-+++ nmap-6.25/scripts/http-config-backup.nse (revision 31576)
-@@ -209,7 +209,7 @@
- if (response.status == 200) then
- -- check it if is valid before inserting
- if cfg.check(response.body) then
-- local filename = ((host.targetname or host.ip) .. url_path):gsub("/", "-");
-+ local filename = stdnse.escape_filename((host.targetname or host.ip) .. url_path)
-
- -- save the content
- if save then
-# Index: scripts/hostmap-bfk.nse
-# ===================================================================
---- nmap-6.25/scripts/hostmap-bfk.nse (revision 31575)
-+++ nmap-6.25/scripts/hostmap-bfk.nse (revision 31576)
-@@ -68,7 +68,7 @@
-
- local HOSTMAP_SERVER = "www.bfk.de"
-
--local filename_escape, write_file
-+local write_file
-
- hostrule = function(host)
- return not ipOps.isPrivate(host.ip)
-@@ -106,7 +106,7 @@
-
- local filename_prefix = stdnse.get_script_args("hostmap-bfk.prefix")
- if filename_prefix then
-- local filename = filename_prefix .. filename_escape(host.targetname or host.ip)
-+ local filename = filename_prefix .. stdnse.filename_escape(host.targetname or host.ip)
- local status, err = write_file(filename, hostnames_str .. "\n")
- if status then
- output_tab.filename = filename
-@@ -118,13 +118,6 @@
- return output_tab
- end
-
---- Escape some potentially unsafe characters in a string meant to be a filename.
--function filename_escape(s)
-- return string.gsub(s, "[\0/=]", function(c)
-- return string.format("=%02X", string.byte(c))
-- end)
--end
--
- function write_file(filename, contents)
- local f, err = io.open(filename, "w")
- if not f then
-# Index: scripts/domino-enum-users.nse
-# ===================================================================
---- nmap-6.25/scripts/domino-enum-users.nse (revision 31575)
-+++ nmap-6.25/scripts/domino-enum-users.nse (revision 31576)
-@@ -103,7 +103,7 @@
- helper:disconnect()
-
- if ( status and data and path ) then
-- local filename = ("%s/%s.id"):format(path, username )
-+ local filename = path .. "/" .. stdnse.filename_escape(u_details.fullname .. ".id")
- local status, err = saveIDFile( filename, data )
-
- if ( status ) then
-# Index: scripts/ms-sql-dump-hashes.nse
-# ===================================================================
---- nmap-6.25/scripts/ms-sql-dump-hashes.nse (revision 31575)
-+++ nmap-6.25/scripts/ms-sql-dump-hashes.nse (revision 31576)
-@@ -119,7 +119,7 @@
- local filename
- if ( dir ) then
- local instance = instance:GetName():match("%\\+(.+)$") or instance:GetName()
-- filename = ("%s/%s_%s_ms-sql_hashes.txt"):format(dir, host.ip, instance)
-+ filename = dir .. "/" .. stdnse.filename_escape(("%s_%s_ms-sql_hashes.txt"):format(host.ip, instance))
- saveToFile(filename, instanceOutput[1])
- end
- end
-# Index: scripts/snmp-ios-config.nse
-# ===================================================================
---- nmap-6.25/scripts/snmp-ios-config.nse (revision 31575)
-+++ nmap-6.25/scripts/snmp-ios-config.nse (revision 31576)
-@@ -184,7 +184,7 @@
- result = ( infile and infile:getContent() )
-
- if ( tftproot ) then
-- local fname = tftproot .. host.ip .. "-config"
-+ local fname = tftproot .. stdnse.filename_escape(host.ip .. "-config")
- local file, err = io.open(fname, "w")
- if ( file ) then
- file:write(result)
-# Index: nselib/stdnse.lua
-# ===================================================================
---- nmap-6.25/nselib/stdnse.lua (revision 31575)
-+++ nmap-6.25/nselib/stdnse.lua (revision 31576)
-@@ -1195,4 +1195,36 @@
- return aux(obj, "")
- end
-
-+-- This pattern must match the percent sign '%' since it is used in
-+-- escaping.
-+local FILESYSTEM_UNSAFE = "[^a-zA-Z0-9._-]"
-+---
-+-- Escape a string to remove bytes and strings that may have meaning to
-+-- a filesystem, such as slashes. All bytes are escaped, except for:
-+-- * alphabetic <code>a</code>-<code>z</code> and <code>A</code>-<code>Z</code>, digits 0-9, <code>.</code> <code>_</code> <code>-</code>
-+-- In addition, the strings <code>"."</code> and <code>".."</code> have
-+-- their characters escaped.
-+--
-+-- Bytes are escaped by a percent sign followed by the two-digit
-+-- hexadecimal representation of the byte value.
-+-- * <code>filename_escape("filename.ext") --> "filename.ext"</code>
-+-- * <code>filename_escape("input/output") --> "input%2foutput"</code>
-+-- * <code>filename_escape(".") --> "%2e"</code>
-+-- * <code>filename_escape("..") --> "%2e%2e"</code>
-+-- This escaping is somewhat like that of JavaScript
-+-- <code>encodeURIComponent</code>, except that fewer bytes are
-+-- whitelisted, and it works on bytes, not Unicode characters or UTF-16
-+-- code points.
-+function filename_escape(s)
-+ if s == "." then
-+ return "%2e"
-+ elseif s == ".." then
-+ return "%2e%2e"
-+ else
-+ return (string.gsub(s, FILESYSTEM_UNSAFE, function (c)
-+ return string.format("%%%02x", string.byte(c))
-+ end))
-+ end
-+end
-+
- return _ENV;
-