net-analyzer/nmap: fix segv with large --top-ports argument

Signed-off-by: Hank Leininger <hlein@korelogic.com>
Closes: https://bugs.gentoo.org/918874
Closes: https://github.com/gentoo/gentoo/pull/34055
Signed-off-by: Sam James <sam@gentoo.org>

2 files changed, 215 insertions, 0 deletions

diff --git a/net-analyzer/nmap/files/nmap-7.94-topport.patch b/net-analyzer/nmap/files/nmap-7.94-topport.patch
new file mode 100644
index 000000000000..7b62c18b8cc7
--- /dev/null
+++ b/net-analyzer/nmap/files/nmap-7.94-topport.patch
@@ -0,0 +1,26 @@
+From edad9c059ca45bccab8c0f41fe6fc6546c60153a Mon Sep 17 00:00:00 2001
+From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
+Date: Thu, 20 Jul 2023 16:21:23 +0000
+Subject: [PATCH] Add missing braces. Fixes #2679
+
+---
+ services.cc | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/services.cc b/services.cc
+index a0899c7509..2a709dca97 100644
+--- a/services.cc
++++ b/services.cc
+@@ -496,9 +496,10 @@ void gettoppts(double level, const char *portlist, struct scan_lists * ports, co
+         if (sctpmax && strcmp(current->s_proto, "sctp") == 0
+             && (!ptsdata_initialized ||
+               is_port_member(ptsdata.sctp_ports, ptsdata.sctp_count, current))
+-           )
++           ) {
+           ports->sctp_ports[ports->sctp_count++] = current->s_port;
+-        sctpmax--;
++          sctpmax--;
++        }
+         break;
+       default:
+         break;
diff --git a/net-analyzer/nmap/nmap-7.94-r1.ebuild b/net-analyzer/nmap/nmap-7.94-r1.ebuild
new file mode 100644
index 000000000000..9050bebb7efe
--- /dev/null
+++ b/net-analyzer/nmap/nmap-7.94-r1.ebuild
@@ -0,0 +1,189 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+LUA_COMPAT=( lua5-4 )
+LUA_REQ_USE="deprecated"
+PYTHON_COMPAT=( python3_{10..11} )
+PLOCALES="de es fr hi hr hu id it ja pl pt_BR pt_PR ro ru sk zh"
+PLOCALE_BACKUP="en"
+inherit autotools lua-single plocale python-single-r1 toolchain-funcs
+
+DESCRIPTION="Network exploration tool and security / port scanner"
+HOMEPAGE="https://nmap.org/"
+if [[ ${PV} == *9999* ]] ; then
+	inherit git-r3
+
+	EGIT_REPO_URI="https://github.com/nmap/nmap"
+
+else
+	VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/nmap.asc
+	inherit verify-sig
+
+	SRC_URI="https://nmap.org/dist/${P}.tar.bz2"
+	SRC_URI+=" verify-sig? ( https://nmap.org/dist/sigs/${P}.tar.bz2.asc )"
+
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos"
+fi
+
+SRC_URI+=" https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${PN}-7.94-patches.tar.xz"
+
+# https://github.com/nmap/nmap/issues/2199
+LICENSE="NPSL-0.95"
+SLOT="0"
+IUSE="ipv6 libssh2 ncat ndiff nping nls +nse ssl symlink zenmap"
+REQUIRED_USE="
+	${PYTHON_REQUIRED_USE}
+	nse? ( ${LUA_REQUIRED_USE} )
+	symlink? ( ncat )
+"
+
+RDEPEND="
+	dev-libs/liblinear:=
+	dev-libs/libpcre
+	net-libs/libpcap
+	ndiff? ( ${PYTHON_DEPS} )
+	libssh2? (
+		net-libs/libssh2[zlib]
+		sys-libs/zlib
+	)
+	nls? ( virtual/libintl )
+	nse? (
+		${LUA_DEPS}
+		sys-libs/zlib
+	)
+	ssl? ( dev-libs/openssl:= )
+	symlink? (
+		ncat? (
+			!net-analyzer/netcat
+			!net-analyzer/openbsd-netcat
+		)
+	)
+	zenmap? (
+		${PYTHON_DEPS}
+		$(python_gen_cond_dep '
+			dev-python/pygobject:3[${PYTHON_USEDEP}]
+		')
+	)
+"
+DEPEND="${RDEPEND}"
+# Python is always needed at build time for some scripts
+BDEPEND="
+	${PYTHON_DEPS}
+	virtual/pkgconfig
+	nls? ( sys-devel/gettext )
+"
+
+if [[ ${PV} != *9999* ]] ; then
+	BDEPEND+=" verify-sig? ( sec-keys/openpgp-keys-nmap )"
+fi
+
+PATCHES=(
+	"${WORKDIR}"/${PN}-7.94-patches
+	"${FILESDIR}"/${PN}-7.94-autoconf-2.72.patch
+	"${FILESDIR}"/${PN}-7.94-topport.patch
+)
+
+pkg_setup() {
+	python-single-r1_pkg_setup
+
+	use nse && lua-single_pkg_setup
+}
+
+src_unpack() {
+	if [[ ${PV} == *9999 ]] ; then
+		git-r3_src_unpack
+	elif use verify-sig ; then
+		# Needed for downloaded patch (which is unsigned, which is fine)
+		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.bz2{,.asc}
+	fi
+
+	default
+}
+
+src_prepare() {
+	default
+
+	# Drop bundled libraries
+	rm -r liblinear/ libpcap/ libpcre/ libssh2/ libz/ || die
+
+	cat "${FILESDIR}"/nls.m4 >> "${S}"/acinclude.m4 || die
+
+	delete_disabled_locale() {
+		# Force here as PLOCALES contains supported locales for man
+		# pages and zenmap doesn't have all of those
+		rm -rf zenmap/share/zenmap/locale/${1} || die
+		rm -f zenmap/share/zenmap/locale/${1}.po || die
+	}
+	plocale_for_each_disabled_locale delete_disabled_locale
+
+	sed -i \
+		-e '/^ALL_LINGUAS =/{s|$| id|g;s|jp|ja|g}' \
+		Makefile.in || die
+
+	cp libdnet-stripped/include/config.h.in{,.nmap-orig} || die
+
+	eautoreconf
+
+	if [[ ${CHOST} == *-darwin* ]] ; then
+		# We need the original for a Darwin-specific fix, bug #604432
+		mv libdnet-stripped/include/config.h.in{.nmap-orig,} || die
+	fi
+}
+
+src_configure() {
+	export ac_cv_path_PYTHON="${PYTHON}"
+	export am_cv_pathless_PYTHON="${EPYTHON}"
+
+	local myeconfargs=(
+		$(use_enable ipv6)
+		$(use_enable nls)
+		$(use_with libssh2)
+		$(use_with ncat)
+		$(use_with ndiff)
+		$(use_with nping)
+		$(use_with nse liblua)
+		$(use_with ssl openssl)
+		$(use_with zenmap)
+		$(usex libssh2 --with-zlib)
+		$(usex nse --with-zlib)
+		--cache-file="${S}"/config.cache
+		# The bundled libdnet is incompatible with the version available in the
+		# tree, so we cannot use the system library here.
+		--with-libdnet=included
+		--with-pcre="${ESYSROOT}"/usr
+		--without-dpdk
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+	local directory
+	for directory in . libnetutil nsock/src $(usev ncat) $(usev nping) ; do
+		emake -C "${directory}" makefile.dep
+	done
+
+	emake \
+		AR="$(tc-getAR)" \
+		RANLIB="$(tc-getRANLIB)"
+}
+
+src_install() {
+	# See bug #831713 for return of -j1
+	LC_ALL=C emake \
+		-j1 \
+		DESTDIR="${D}" \
+		STRIP=: \
+		nmapdatadir="${EPREFIX}"/usr/share/nmap \
+		install
+
+	dodoc CHANGELOG HACKING docs/README docs/*.txt
+
+	if use ndiff || use zenmap ; then
+		python_optimize
+	fi
+
+	use symlink && dosym /usr/bin/ncat /usr/bin/nc
+}