FreeBSD Bugzilla – Attachment 238855 Details for
Bug 268423
security/0d1n: Update to 3.8
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch: update security/0d1n to 3.8
0001-updating-0d1n-to-3.8.patch (text/plain), 10.57 KB, created by
Rihaz Jerrin
on 2022-12-17 02:41:41 UTC
(
hide
)
Description:
Patch: update security/0d1n to 3.8
Filename:
MIME Type:
Creator:
Rihaz Jerrin
Created:
2022-12-17 02:41:41 UTC
Size:
10.57 KB
patch
obsolete
>diff --git a/security/0d1n/Makefile b/security/0d1n/Makefile >index b58cd43907ee..38311ba7bc3e 100644 >--- a/security/0d1n/Makefile >+++ b/security/0d1n/Makefile >@@ -1,5 +1,5 @@ > PORTNAME= 0d1n >-PORTVERSION= 2.3 >+PORTVERSION= 3.8 > CATEGORIES= security > > MAINTAINER= zackj901@yandex.com >@@ -12,6 +12,7 @@ LIB_DEPENDS= libcurl.so:ftp/curl > > USE_GITHUB= yes > GH_ACCOUNT= CoolerVoid >+GH_TAGNAME= OdinV38 > > PLIST_FILES= bin/0d1n > PORTDOCS= README.txt >@@ -19,11 +20,16 @@ PORTDOCS= README.txt > OPTIONS_DEFINE= DOCS > > post-patch: >- @${REINPLACE_CMD} -e '/^#include <alloca\.h>/d' \ >- ${WRKSRC}/get_csrf_token.h ${WRKSRC}/spider.h >+ @${REINPLACE_CMD} -e '/^#include <alloca\.h>/d' \ >+ ${WRKSRC}/src/headers/spider.h ${WRKSRC}/src/headers/results.h > > do-install: > ${INSTALL_PROGRAM} ${WRKSRC}/${PORTNAME} ${STAGEDIR}${PREFIX}/bin >+ ${MKDIR} ${STAGEDIR}${DATADIR}/view >+ ${MKDIR} ${STAGEDIR}${DATADIR}/view/response_sources >+ ${MKDIR} ${STAGEDIR}${DATADIR}/payloads >+ (cd ${WRKSRC} && ${COPYTREE_SHARE} templates ${STAGEDIR}${DATADIR}) >+ (cd ${WRKSRC} && ${COPYTREE_SHARE} payloads ${STAGEDIR}${DATADIR}) > > do-install-DOCS-on: > @${MKDIR} ${STAGEDIR}${DOCSDIR} >diff --git a/security/0d1n/distinfo b/security/0d1n/distinfo >index 48fa71e7735e..9f15eaa88177 100644 >--- a/security/0d1n/distinfo >+++ b/security/0d1n/distinfo >@@ -1,3 +1,3 @@ >-TIMESTAMP = 1488890485 >-SHA256 (CoolerVoid-0d1n-2.3_GH0.tar.gz) = 7fe26f0268fe63ec0352502ae590a7a5e258248f253649661dc782ca7edd52ae >-SIZE (CoolerVoid-0d1n-2.3_GH0.tar.gz) = 3866302 >+TIMESTAMP = 1671242917 >+SHA256 (CoolerVoid-0d1n-3.8-OdinV38_GH0.tar.gz) = d392250b27c6870cbd219de52c89e3f2e3ed50ec2d309a1b8721774f63591665 >+SIZE (CoolerVoid-0d1n-3.8-OdinV38_GH0.tar.gz) = 4350113 >diff --git a/security/0d1n/files/patch-Makefile b/security/0d1n/files/patch-Makefile >index 60a82fbd4ce7..087b1fa5ee5b 100644 >--- a/security/0d1n/files/patch-Makefile >+++ b/security/0d1n/files/patch-Makefile >@@ -1,25 +1,52 @@ >---- Makefile.orig 2017-01-14 22:53:30 UTC >+--- Makefile.orig 2022-07-10 02:56:04 UTC > +++ Makefile >-@@ -1,17 +1,9 @@ >+@@ -1,42 +1,14 @@ > -CC=gcc >--CFLAGS=-W -Wall -Wextra -O2 -fstack-protector-all >--DFLAGS=-D_FORTIFY_SOURCE=2 >+-CFLAGS=-W -Wall -Wextra -Wformat-security -Wno-maybe-uninitialized -O2 >+-HARDENING=-fstack-protector-all -pie -fPIE >++CC?=gcc >++CFLAGS+=-W -Wall -Wextra -fstack-protector-all >++DFLAGS=-D_FORTIFY_SOURCE=2 -I /usr/local/include -I src/headers >++LDFLAGS=-Wl,-z,relro,-z,now,-L,/usr/local/lib,-lcurl,-lpthread >+ DIR=src/ >+ DIROUT=bin/ >+ DIR_HEADERS=src/headers/ > -UNAME_S := $(shell uname -s) > -ifeq ($(UNAME_S),Darwin) >-- LDFLAGS=-Wl,-lcurl >+- LDFLAGS=-Wl,-lcurl, -lpthread > -else >-- LDFLAGS=-Wl,-z,relro,-z,now -lcurl >+- LDFLAGS=-Wl,-z,relro,-z,now -lcurl -lpthread > -endif >-- >--#LDFLAGS=-lcurl >-- >-+CC?=cc >-+CFLAGS+=-W -Wall -Wextra -fstack-protector-all >-+DFLAGS=-D_FORTIFY_SOURCE=2 -I /usr/local/include >-+LDFLAGS=-Wl,-z,relro,-z,now,-L,/usr/local/lib,-lcurl > >--0d1n: 0d1n.c >-+all: 0d1n.c >- $(CC) $(CFLAGS) $(DFLAGS) -c *.c >- $(CC) -o 0d1n *.o $(LDFLAGS) > >++all: $(DIR)0d1n.c >++ $(CC) $(CFLAGS) $(DFLAGS) -c $(DIR)*.c >++ $(CC) -o 0d1n *.o $(LDFLAGS) >+ >+-0d1n: $(DIR)0d1n.c >+- $(CC) $(CFLAGS) $(HARDENING) -c $(DIR)*.c -I$(DIR_HEADERS) >+- $(CC) $(HARDENING) -o $(DIROUT)0d1n *.o $(LDFLAGS) >+ >+-clean: >+- rm -f *.o 0d1n >+- >+-PREFIX=/usr/local >+-install: >+- make >+- mkdir -p $(DESTDIR)$(PREFIX)/bin >+- install -m 0755 bin/0d1n $(DESTDIR)$(PREFIX)/bin >+- mkdir /opt/0d1n >+- mkdir /opt/0d1n/view/ >+- mkdir /opt/0d1n/view/response_sources >+- mkdir /opt/0d1n/payloads >+- cp -rf templates /opt/0d1n/ >+- cp -rf tables /opt/0d1n/view/ >+- cp -rf payloads /opt/0d1n/ >+- chmod 0755 -R /opt/0d1n >+- chown ${USER} -R /opt/0d1n >+- chown ${USER} $(DESTDIR)$(PREFIX)/bin/0d1n >+- >+-uninstall: >+- rm $(DESTDIR)$(PREFIX)/bin/0d1n >+- rm -rf /opt/0d1n >+- rm -f *.o 0d1n >diff --git a/security/0d1n/files/patch-src_0d1n.c b/security/0d1n/files/patch-src_0d1n.c >new file mode 100644 >index 000000000000..c89fc1a3f79c >--- /dev/null >+++ b/security/0d1n/files/patch-src_0d1n.c >@@ -0,0 +1,17 @@ >+--- src/0d1n.c.orig 2022-12-09 02:48:56 UTC >++++ src/0d1n.c >+@@ -61,14 +61,7 @@ main (int argc, char ** argv) >+ // this source code have a different scan() function to bypass the compiler bug >+ /* remove comment to test the patch >+ */ >+-#ifdef __GNUC__ >+-# if __GNUC_PREREQ(10,0) >+ >+- scan_gcc_new(); >+-# else >+- scan_gcc_old(); >+-# endif >+-#endif >+ >+ exit(0); >+ } >diff --git a/security/0d1n/files/patch-src_headers_file__ops.h b/security/0d1n/files/patch-src_headers_file__ops.h >new file mode 100644 >index 000000000000..9aba22d8726a >--- /dev/null >+++ b/security/0d1n/files/patch-src_headers_file__ops.h >@@ -0,0 +1,26 @@ >+--- src/headers/file_ops.h.orig 2022-07-10 02:56:04 UTC >++++ src/headers/file_ops.h >+@@ -1,18 +1,17 @@ >+ #ifndef FILE_OPS_H__ >+ #define FILE_OPS_H__ >+ >+-#define PATH_RESULT "/opt/0d1n/view/" >+-#define TABLE "/opt/0d1n/view/tables/output_array.txt" >+-#define TEMPLATE "/opt/0d1n/templates/template.conf" >+-#define TEMPLATE2 "/opt/0d1n/templates/hammer1.conf" >+-#define TEMPLATE3 "/opt/0d1n/templates/hammer2.conf" >++#define PATH_RESULT "/usr/local/share/data/0d1n/view/" >++#define TABLE "/usr/local/share/data/0d1n/output_array.txt" >++#define TEMPLATE "/usr/local/share/data/templates/template.conf" >++#define TEMPLATE2 "/usr/loal/share/data/templates/hammer1.conf" >++#define TEMPLATE3 "/usr/local/share/data/templates/hammer2.conf" >+ >+ #include <stdio.h> >+ #include <string.h> >+ #include <stdlib.h> >+ #include <unistd.h> >+ #include <errno.h> >+-#include <alloca.h> >+ #include "opt_extract.h" >+ >+ void end_datatable(char * path); >diff --git a/security/0d1n/files/patch-src_mem__ops.c b/security/0d1n/files/patch-src_mem__ops.c >new file mode 100644 >index 000000000000..f75592cd4aed >--- /dev/null >+++ b/security/0d1n/files/patch-src_mem__ops.c >@@ -0,0 +1,12 @@ >+--- src/mem_ops.c.orig 2022-12-16 06:38:12 UTC >++++ src/mem_ops.c >+@@ -17,7 +17,8 @@ xmalloc_fatal(size_t size) >+ xmalloc_fatal(size_t size) >+ { >+ >+- DEBUG("\n Memory FAILURE...\n size dbg: %lu\n",size); >++ >++ DEBUG("\n Memory FAILURE...\n size dbg: %zu\n",size); >+ >+ exit(0); >+ } >diff --git a/security/0d1n/files/patch-src_opt__extract.c b/security/0d1n/files/patch-src_opt__extract.c >new file mode 100644 >index 000000000000..720c161d3e31 >--- /dev/null >+++ b/security/0d1n/files/patch-src_opt__extract.c >@@ -0,0 +1,35 @@ >+--- src/opt_extract.c.orig 2022-07-10 02:56:04 UTC >++++ src/opt_extract.c >+@@ -99,27 +99,27 @@ LAST >+ YELLOW >+ "Example 1 to find SQL-injection:\n" >+ LAST >+-"0d1n --host 'http://site.com/view/1^/product/^/' --payloads /opt/0d1n/payloads/sqli_list.txt --find_string_list /opt/0d1n/payloads/sqli_str2find_list.txt --log log1337 --tamper randcase --threads 800 --timeout 3 --save_response\n" >++"0d1n --host 'http://site.com/view/1^/product/^/' --payloads /usr/local/share/0d1n/payloads/sqli_list.txt --find_string_list /usr/local/share/0d1n/payloads/sqli_str2find_list.txt --log log1337 --tamper randcase --threads 800 --timeout 3 --save_response\n" >+ "\n" >+ YELLOW >+ "Example 2 to Bruteforce in simple auth:\n" >+ LAST >+-"0d1n --host 'http://site.com/auth.py' --post 'user=admin&password=^' --payloads /opt/0d1n/payloads/wordlist.txt --log log007 --threads 500 --timeout 3 --save_response\n" >++"0d1n --host 'http://site.com/auth.py' --post 'user=admin&password=^' --payloads /usr/local/share/0d1n/payloads/wordlist.txt --log log007 --threads 500 --timeout 3 --save_response\n" >+ "\n" >+ YELLOW >+ "Example 3 to search XSS and pass anti-csrf token:\n" >+ LAST >+-"0d1n --host https://page/test.php --post 'admin=user_name&pass=^' --payloads /opt/0d1n/payloads/xss.txt --find_string_list opt/0d1n/payloads/xss.txt --token_name name_token_field --log logtest --save_response\n" >++"0d1n --host https://page/test.php --post 'admin=user_name&pass=^' --payloads /usr/local/share/0d1n/payloads/xss.txt --find_string_list opt/0d1n/payloads/xss.txt --token_name name_token_field --log logtest --save_response\n" >+ "\n" >+ YELLOW >+ "Example 4 Brute dir:\n" >+ LAST >+-"0d1n --host https://page/^ --payloads /opt/0d1n/payloads/dir_brute.txt --threads 800 --timeout 3 --log logtest_brutedir --save_response\n" >++"0d1n --host https://page/^ --payloads /usr/local/share/0d1n/payloads/dir_brute.txt --threads 800 --timeout 3 --log logtest_brutedir --save_response\n" >+ YELLOW >+ "\n" >+ "Example 5 Keep alive test like slowloris:\n" >+ LAST >+-"0d1n --host https://page/ --threads 50 --keep_alive_test --max_requests 1000 --proxy-rand /opt/0d1n/payloads/proxy.txt --useragent-rand /opt/0d1n/payloads/useragents.txt --log logtest_keepalive --save_response\n" >++"0d1n --host https://page/ --threads 50 --keep_alive_test --max_requests 1000 --proxy-rand /usr/local/share/0d1n/payloads/proxy.txt --useragent-rand /usr/local/share/0d1n/payloads/useragents.txt --log logtest_keepalive --save_response\n" >+ "\nNotes:\n" >+ LAST >+ "Look the character '^', is lexical char to change to payload list lines...\n" >diff --git a/security/0d1n/files/patch-src_strsec.c b/security/0d1n/files/patch-src_strsec.c >new file mode 100644 >index 000000000000..28e164a09075 >--- /dev/null >+++ b/security/0d1n/files/patch-src_strsec.c >@@ -0,0 +1,21 @@ >+--- src/strsec.c.orig 2022-12-09 02:57:38 UTC >++++ src/strsec.c >+@@ -17,6 +17,9 @@ >+ */ >+ >+ >++#include <string.h> >++#include <stdlib.h> >++ >+ #if !defined(__FreeBSD__) && !defined(__OpenBSD__) && !defined(__NetBSD__) && \ >+ !defined(__bsdi__) && !defined(__APPLE__) >+ >+@@ -155,7 +158,7 @@ char *xstrndup (const char *s, size_t n) >+ >+ char *xstrndup (const char *s, size_t n) >+ { >+- char* new = xmalloc(n+1); >++ char* new = malloc(n+1); >+ >+ if (new) >+ { >diff --git a/security/0d1n/pkg-plist b/security/0d1n/pkg-plist >new file mode 100644 >index 000000000000..828c97297037 >--- /dev/null >+++ b/security/0d1n/pkg-plist >@@ -0,0 +1,26 @@ >+%%DATADIR%%/templates/hammer1.conf >+%%DATADIR%%/templates/hammer2.conf >+%%DATADIR%%/templates/template.conf >+%%DATADIR%%/payloads/crlfinjection.txt >+%%DATADIR%%/payloads/dir_brute.txt >+%%DATADIR%%/payloads/find_responses.txt >+%%DATADIR%%/payloads/js_inject.txt >+%%DATADIR%%/payloads/ldap_injection.txt >+%%DATADIR%%/payloads/list.txt >+%%DATADIR%%/payloads/openredirect.txt >+%%DATADIR%%/payloads/passive_sqli.txt >+%%DATADIR%%/payloads/password_brute.txt >+%%DATADIR%%/payloads/path_traversal.txt >+%%DATADIR%%/payloads/path_traversal_win32.txt >+%%DATADIR%%/payloads/proxy.txt >+%%DATADIR%%/payloads/proxy_list.txt >+%%DATADIR%%/payloads/sqli.txt >+%%DATADIR%%/payloads/useragents.txt >+%%DATADIR%%/payloads/wordlist.txt >+%%DATADIR%%/payloads/xml_attack.txt >+%%DATADIR%%/payloads/xml_attacks.txt >+%%DATADIR%%/payloads/xpath_injection.txt >+%%DATADIR%%/payloads/xss.txt >+%%DATADIR%%/payloads/xss_robertux.txt >+%%DATADIR%%/payloads/xxe_fuzz.txt >+@dir %%DATADIR%%/view/response_sources >-- >2.38.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=238855">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 268423
:
238854
|
238855
|
238856
|
238857