From ec3b1d264be216c6a706db6a11a98b57d26db59e Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Thu, 15 May 2025 15:42:03 +0000
Subject: [PATCH] Reintegrate 7.97 changes

---
 CHANGELOG                    | 10 ++++++
 docs/nmap.1                  |  2 +-
 docs/nmap.usage.txt          |  2 +-
 macosx/Makefile              | 59 ++++++++++++------------------------
 macosx/Scripts/postinstall   | 12 ++++++++
 macosx/make-app.sh           |  5 +--
 mswin32/Build.bat            |  4 +++
 ncat/docs/ncat.1             |  2 +-
 ncat/docs/ncat.usage.txt     |  2 +-
 ncat/ncat.h                  |  2 +-
 nmap.h                       |  6 ++--
 nmap_dns.cc                  | 11 +++----
 nping/nping.h                |  2 +-
 zenmap/zenmapCore/Paths.py   |  7 ++++-
 zenmap/zenmapCore/Version.py |  2 +-
 15 files changed, 69 insertions(+), 59 deletions(-)
 create mode 100755 macosx/Scripts/postinstall

diff --git a/CHANGELOG b/CHANGELOG
index 35b30d491..acce1e5a3 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,7 +1,17 @@
 #Nmap Changelog ($Id$); -*-text-*-
 
+Nmap 7.97 [2025-05-12]
+
+o [Zenmap][GH#3087] Fix a crash when starting a scan on Windows in locales that
+  use non-latin character sets. Also changed Nmap to print the time zone as an
+  offset from UTC instead of as a localized string. [Daniel Miller]
+
 o Fixed an issue with the parallel forward DNS resolver: it had not been
   consulting /etc/hosts, nor did it correctly handle the 'localhost' name.
+  [Daniel Miller]
+
+o [GH#3088] Mitigate a false-positive detection by replacing a malicious URL in
+  the example output of http-malware-host [nnposter]
 
 Nmap 7.96 [2025-05-01]
 
diff --git a/docs/nmap.1 b/docs/nmap.1
index e752045d0..5d22b2c26 100644
--- a/docs/nmap.1
+++ b/docs/nmap.1
@@ -119,7 +119,7 @@ This options summary is printed when Nmap is run with no arguments, and the late
 .RS 4
 .\}
 .nf
-Nmap 7\&.96SVN ( https://nmap\&.org )
+Nmap 7\&.97 ( https://nmap\&.org )
 Usage: nmap [Scan Type(s)] [Options] {target specification}
 TARGET SPECIFICATION:
   Can pass hostnames, IP addresses, networks, etc\&.
diff --git a/docs/nmap.usage.txt b/docs/nmap.usage.txt
index 0e1bfc5be..45ede102b 100644
--- a/docs/nmap.usage.txt
+++ b/docs/nmap.usage.txt
@@ -1,4 +1,4 @@
-Nmap 7.96SVN ( https://nmap.org )
+Nmap 7.97 ( https://nmap.org )
 Usage: nmap [Scan Type(s)] [Options] {target specification}
 TARGET SPECIFICATION:
   Can pass hostnames, IP addresses, networks, etc.
diff --git a/macosx/Makefile b/macosx/Makefile
index 6a529171b..d1304654a 100644
--- a/macosx/Makefile
+++ b/macosx/Makefile
@@ -12,21 +12,6 @@ PKG_NAME = $(NAME_VERSION).mpkg
 
 IMAGE_STAGING_DIR = $(NAME_VERSION)
 
-NMAP_BUILD_DIR = nmap-build
-NMAP_STAGING_DIR = nmap.app
-
-ZENMAP_BUILD_DIR = zenmap-build
-ZENMAP_STAGING_DIR = $(ZENMAP_BUILD_DIR)/zenmap/dist/Zenmap.app
-
-NCAT_BUILD_DIR = ncat-build
-NCAT_STAGING_DIR = ncat.app
-
-NDIFF_BUILD_DIR = ndiff-build
-NDIFF_STAGING_DIR = ndiff.app
-
-NPING_BUILD_DIR = nping-build
-NPING_STAGING_DIR = nping.app
-
 JHBUILD_PREFIX=$(HOME)/gtk/inst
 JHBUILD_SOURCE=$(HOME)/gtk/source
 
@@ -69,23 +54,25 @@ tool-checks: have-jhbuild have-gtk-mac-bundler
 have-%:
 	which $*
 
-#$(IMAGE_STAGING_DIR)/$(PKG_NAME): check-nmap check-ncat check-ndiff check-zenmap check-nping LICENSE.formatted
-$(IMAGE_STAGING_DIR)/$(PKG_NAME): check-nmap check-ncat check-ndiff check-zenmap check-nping LICENSE.formatted
+# Create packages (.pkg) for all the components to install in the installer (.mpkg)
+PKGBUILD=pkgbuild --version $(NMAP_VERSION) --scripts Scripts --install-location /Applications --min-os-version $(OSX_MIN_VERSION)
+%.pkg: check-%
+	$(PKGBUILD) --root $*-root --identifier org.insecure.nmap.$* $@
+nmap.pkg: check-nmap
+	$(PKGBUILD) --root nmap-root --identifier org.insecure.nmap $@
+zenmap.pkg: check-zenmap
+	$(PKGBUILD) --root zenmap-root --identifier org.insecure.nmap.zenmap $@
+
+#$(IMAGE_STAGING_DIR)/$(PKG_NAME): nmap.pkg ncat.pkg ndiff.pkg zenmap.pkg nping.pkg LICENSE.formatted
+$(IMAGE_STAGING_DIR)/$(PKG_NAME): nmap.pkg ncat.pkg zenmap.pkg nping.pkg LICENSE.formatted
 	rm -rf $(IMAGE_STAGING_DIR)
 	mkdir -p $(IMAGE_STAGING_DIR)
 	cp -rf $(EXTRA_DIST) $(IMAGE_STAGING_DIR)/
-	# Create packages (.pkg) for all the components to install in the installer (.mpkg)
-	pkgbuild --root $(NMAP_STAGING_DIR) --identifier org.insecure.nmap --version $(NMAP_VERSION) --install-location /Applications nmap.pkg
-	pkgbuild --root $(NCAT_STAGING_DIR) --identifier org.insecure.nmap.ncat --version $(NMAP_VERSION) --install-location /Applications ncat.pkg
-	pkgbuild --root $(NDIFF_STAGING_DIR) --identifier org.insecure.nmap.ndiff --version $(NMAP_VERSION) --install-location /Applications ndiff.pkg
-	pkgbuild --root $(NPING_STAGING_DIR) --identifier org.insecure.nmap.nping --version $(NMAP_VERSION) --install-location /Applications nping.pkg
-	pkgbuild --root $(ZENMAP_STAGING_DIR) --identifier org.insecure.nmap.zenmap --version $(NMAP_VERSION) --install-location /Applications zenmap.pkg
 
 	# Produce a .xml with packages information
 	productbuild --synthesize \
 		--package 'nmap.pkg' \
 		--package 'ncat.pkg' \
-		--package 'ndiff.pkg' \
 		--package 'nping.pkg' \
 		--package 'zenmap.pkg' \
 		distribution.xml
@@ -103,12 +90,12 @@ $(IMAGE_STAGING_DIR)/$(PKG_NAME): check-nmap check-ncat check-ndiff check-zenmap
 	mv $(NAME_VERSION).mpkg $(NAME_VERSION)/$(NAME_VERSION).mpkg
 
 check-%: stage-%
-	(find $*.app -perm -a+x -type f | xargs otool -L | awk '/:$$/{e=$$0}index($$0,"$(JHBUILD_PREFIX)"){x=1;print e; print}END{exit x}') && echo "Libs are clean"
-	(find $*.app -perm -a+x -type f -exec otool -l {} \; | awk '/:$$/{e=$$0}$$1=="minos"&&$$2!="$(OSX_MIN_VERSION)"{x=1;print e; print}END{exit x}' ) && echo "Bins are clean"
+	(find $*-root -perm -a+x -type f | xargs otool -L | awk '/:$$/{e=$$0}index($$0,"$(JHBUILD_PREFIX)"){x=1;print e; print}END{exit x}') && echo "Libs are clean"
+	(find $*-root -perm -a+x -type f -exec otool -l {} \; | awk '/:$$/{e=$$0}$$1=="minos"&&$$2!="$(OSX_MIN_VERSION)"{x=1;print e; print}END{exit x}' ) && echo "Bins are clean"
 
 check-zenmap: stage-zenmap
-	(find $(ZENMAP_BUILD_DIR) -perm -a+x -type f | xargs otool -L | awk '/:$$/{e=$$0}index($$0,"$(JHBUILD_PREFIX)"){x=1;print e; print}END{exit x}') && echo "Libs are clean"
-	(find $(ZENMAP_BUILD_DIR) -perm -a+x -type f -exec otool -l {} \; | awk '/:$$/{e=$$0}$$1=="minos"&&$$2!="$(OSX_MIN_VERSION)"{x=1;print e; print}END{exit x}' ) && echo "Bins are clean"
+	(find zenmap-build -perm -a+x -type f | xargs otool -L | awk '/:$$/{e=$$0}index($$0,"$(JHBUILD_PREFIX)"){x=1;print e; print}END{exit x}') && echo "Libs are clean"
+	(find zenmap-build -perm -a+x -type f -exec otool -l {} \; | awk '/:$$/{e=$$0}$$1=="minos"&&$$2!="$(OSX_MIN_VERSION)"{x=1;print e; print}END{exit x}' ) && echo "Bins are clean"
 
 export-%:
 	rm -rf $*
@@ -134,8 +121,8 @@ build-%: $(NMAP_TARBALL) openssl.modules
 stage-%: build-%
 	sh make-app.sh $* "$(JHBUILD_PREFIX)"
 
-stage-zenmap: export-$(ZENMAP_BUILD_DIR)
-	cd $(ZENMAP_BUILD_DIR)/zenmap && jhbuild run install_scripts/macosx/make-bundle.sh
+stage-zenmap: export-zenmap-build
+	jhbuild run zenmap-build/zenmap/install_scripts/macosx/make-bundle.sh
 
 build-ndiff:
 	echo Nothing to do
@@ -146,16 +133,8 @@ LICENSE.formatted:
 
 clean: clean-nmap clean-ncat clean-nping
 	rm -rf $(IMAGE_STAGING_DIR)
-	rm -rf $(NMAP_BUILD_DIR)
-	rm -rf $(NMAP_STAGING_DIR)
-	rm -rf $(ZENMAP_BUILD_DIR)
-	#rm -rf $(ZENMAP_STAGING_DIR)
-	rm -rf $(NCAT_BUILD_DIR)
-	rm -rf $(NCAT_STAGING_DIR)
-	rm -rf $(NDIFF_BUILD_DIR)
-	rm -rf $(NDIFF_STAGING_DIR)
-	rm -rf $(NPING_BUILD_DIR)
-	rm -rf $(NPING_STAGING_DIR)
+	rm -rf *-build/
+	rm -rf *-root/
 	rm -f LICENSE.formatted
 	rm -f $(IMAGE_NAME)
 	rm -rf distribution.xml finalDist.xml nmap.pkg ncat.pkg ndiff.pkg nping.pkg zenmap.pkg
diff --git a/macosx/Scripts/postinstall b/macosx/Scripts/postinstall
new file mode 100755
index 000000000..d3bdc8f39
--- /dev/null
+++ b/macosx/Scripts/postinstall
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+#script_path=$0
+#package_path=$1
+target_path=$2
+#target_vol=$3
+
+pkg_name=${INSTALL_PKG_SESSION_ID##*.}
+
+echo "$2/$pkg_name.app/Contents/Resources/bin" > /etc/paths.d/$INSTALL_PKG_SESSION_ID
+
+exit 0
diff --git a/macosx/make-app.sh b/macosx/make-app.sh
index d2888776a..98713fe6c 100644
--- a/macosx/make-app.sh
+++ b/macosx/make-app.sh
@@ -14,7 +14,7 @@ if [ "x$2" == "x" ]; then
 fi
 JHBUILD_PREFIX=$2
 
-bundle=$package.app
+bundle=$package-root/$package.app
 bundle_contents="$bundle"/Contents
 bundle_res="$bundle_contents"/Resources
 bundle_lib="$bundle_res"/lib
@@ -31,8 +31,9 @@ ESCAPED_PREFIX=$(echo "$JHBUILD_PREFIX" | sed 's/\([\/\\.]\)/\\\1/g')
 function run_install_name_tool() {
   bin=$1
   otool -L "$bin" | awk "/$ESCAPED_PREFIX/{print \$1}" | while read dep; do
-    install_name_tool -change $dep $(echo $dep | sed "s/$ESCAPED_PREFIX\/lib/@executable_path\/..\/lib/") "$bin"
+    install_name_tool -change $dep $(echo $dep | sed "s/$ESCAPED_PREFIX\/lib/@rpath/") "$bin"
   done
+  install_name_tool -add_rpath "@executable_path/../lib" "$bin" || true
 }
 
 function do_jhbuild_app() {
diff --git a/mswin32/Build.bat b/mswin32/Build.bat
index 773f0550a..0b472a966 100644
--- a/mswin32/Build.bat
+++ b/mswin32/Build.bat
@@ -8,10 +8,14 @@ for /f "usebackq delims=#" %%a in (`"%ProgramFiles(x86)%\Microsoft Visual Studio
 @echo on
 if "%TARGET%" == "Vars" ( goto :vars )
 
+if "%TARGET%" == "Clean" (
+  rd /S /Q build-pcre2
+) else (
 mkdir build-pcre2
 cd build-pcre2
 cmake.exe -A Win32 -G "Visual Studio 16 2019" ..\..\libpcre\ || goto :QUIT
 cd ..
+)
 msbuild -nologo nmap.sln -m -t:%TARGET% -p:Configuration="%VCCONFIG%" -p:Platform="Win32" -fl
 goto :QUIT
 
diff --git a/ncat/docs/ncat.1 b/ncat/docs/ncat.1
index 81020c2c9..cefad64bd 100644
--- a/ncat/docs/ncat.1
+++ b/ncat/docs/ncat.1
@@ -43,7 +43,7 @@ Among Ncat\*(Aqs vast number of features there is the ability to chain Ncats tog
 .RS 4
 .\}
 .nf
-Ncat 7\&.96SVN ( https://nmap\&.org/ncat )
+Ncat 7\&.97 ( https://nmap\&.org/ncat )
 Usage: ncat [options] [hostname] [port]
 
 Options taking a time assume seconds\&. Append \*(Aqms\*(Aq for milliseconds,
diff --git a/ncat/docs/ncat.usage.txt b/ncat/docs/ncat.usage.txt
index 0cf195e00..8d463eddc 100644
--- a/ncat/docs/ncat.usage.txt
+++ b/ncat/docs/ncat.usage.txt
@@ -1,4 +1,4 @@
-Ncat 7.96SVN ( https://nmap.org/ncat )
+Ncat 7.97 ( https://nmap.org/ncat )
 Usage: ncat [options] [hostname] [port]
 
 Options taking a time assume seconds. Append 'ms' for milliseconds,
diff --git a/ncat/ncat.h b/ncat/ncat.h
index 01f0b51ba..4ec7811fb 100644
--- a/ncat/ncat.h
+++ b/ncat/ncat.h
@@ -79,7 +79,7 @@
 /* Ncat information for output, etc. */
 #define NCAT_NAME "Ncat"
 #define NCAT_URL "https://nmap.org/ncat"
-#define NCAT_VERSION "7.96SVN"
+#define NCAT_VERSION "7.97"
 
 #ifndef __GNUC__
 #ifndef __attribute__
diff --git a/nmap.h b/nmap.h
index 8515c48f5..cbb951b25 100644
--- a/nmap.h
+++ b/nmap.h
@@ -123,10 +123,10 @@
 /* Edit this definition only within the quotes, because it is read from this
    file by the makefiles. */
 #define NMAP_MAJOR 7
-#define NMAP_MINOR 96
-#define NMAP_BUILD 1
+#define NMAP_MINOR 97
+#define NMAP_BUILD 0
 /* SVN, BETA, etc. */
-#define NMAP_SPECIAL "SVN"
+#define NMAP_SPECIAL ""
 
 #define NMAP_VERSION STR(NMAP_MAJOR) "." STR(NMAP_MINOR) NMAP_SPECIAL
 #define NMAP_NUM_VERSION STR(NMAP_MAJOR) "." STR(NMAP_MINOR) "." STR(NMAP_BUILD) ".0"
diff --git a/nmap_dns.cc b/nmap_dns.cc
index 0cfd2a9cc..f46551a4d 100644
--- a/nmap_dns.cc
+++ b/nmap_dns.cc
@@ -112,6 +112,11 @@
 // * Figure out best way to estimate completion time
 //   and display it in a ScanProgressMeter
 
+#include <limits.h>
+#include <list>
+#include <fstream>
+#include <istream>
+
 #ifdef WIN32
 #include "nmap_winconfig.h"
 /* Need DnetName2PcapName */
@@ -128,11 +133,6 @@
 #include "timing.h"
 #include "Target.h"
 
-#include <limits.h>
-#include <list>
-#include <fstream>
-#include <istream>
-
 extern NmapOps o;
 
 
@@ -1141,7 +1141,6 @@ static void parse_etchosts(const char *fname) {
       else if (o.debugging)
         log_write(LOG_STDOUT, "Unable to parse /etc/hosts address: %s\n", addr.c_str());
   }
-  ifs.close();
 }
 
 static void etchosts_init(void) {
diff --git a/nping/nping.h b/nping/nping.h
index cc4be4089..242b1a79b 100644
--- a/nping/nping.h
+++ b/nping/nping.h
@@ -265,7 +265,7 @@
 /* General tunable defines  **************************************************/
 #define NPING_NAME "Nping"
 #define NPING_URL "https://nmap.org/nping"
-#define NPING_VERSION "0.7.96SVN"
+#define NPING_VERSION "0.7.97"
 
 
 #define DEFAULT_VERBOSITY VB_0
diff --git a/zenmap/zenmapCore/Paths.py b/zenmap/zenmapCore/Paths.py
index 9f9273924..9d18823cd 100644
--- a/zenmap/zenmapCore/Paths.py
+++ b/zenmap/zenmapCore/Paths.py
@@ -63,6 +63,7 @@ import os
 import os.path
 import sys
 import shutil
+from glob import glob
 
 from zenmapCore.BasePaths import base_paths
 from zenmapCore.Name import APP_NAME
@@ -81,7 +82,11 @@ def get_extra_executable_search_paths():
     """Return a list of additional executable search paths as a convenience for
     platforms where the default PATH is inadequate."""
     if sys.platform == 'darwin':
-        return ["/usr/local/bin"]
+        extra = ["/usr/local/bin"]
+        for pf in glob("/etc/paths.d/org.insecure.nmap*"):
+            with open(pf, "r") as f:
+                extra.append(f.read().strip())
+        return extra
     elif sys.platform == 'win32':
         return [dirname(sys.executable)]
     return []
diff --git a/zenmap/zenmapCore/Version.py b/zenmap/zenmapCore/Version.py
index 160d5b511..914410c18 100644
--- a/zenmap/zenmapCore/Version.py
+++ b/zenmap/zenmapCore/Version.py
@@ -1 +1 @@
-VERSION = "7.96+SVN"
+VERSION = "7.97"