nmap-7.70-3.5.1

- add nmap-7.70-CVE-2018-15173_pcre_limits.patch to reduce LibPCRE
  resource limits so that version detection can't use as much of
  the stack. Previously Nmap could crash when run on low-memory
  systems against target services which are intentionally or
  accidentally difficult to match [bsc#1104139] [CVE-2018-15173].

- add "Requires: python-xml" for zenmap [bsc#1133512]

- Update to 7.70:
  * 14 new NSE scripts
  * iec-identify probes for the IEC 60870-5-104 SCADA protocol
  * ssh-brute performs brute-forcing of SSH password credentials
  * See https://nmap.org/changelog.html#7.70 for the complete changelog.

- Nmap 7.60:
  * NSE scripts now have complete SSH support via libssh2
  * Added 14 NSE scripts from 6 authors, bringing the total up to 579!
  * See https://nmap.org/changelog.html#7.60 for the complete changelog.

- Nmap 7.50:
  * Integrated all of your service/version detection fingerprints
    submitted from September to March (855 of them). The signature
    count went up 2.9% to 11,418. We now detect 1193 protocols from
    apachemq, bro, and clickhouse to jmon, slmp, and zookeeper.
    Highlights: http://seclists.org/nmap-dev/2017/q2/140
  * Many added NSE scripts, OS fingerprints, service probes
  * See https://nmap.org/changelog.html#7.50 for the complete changelog.

- Nmap 7.40:
  * Many added NSE scripts, OS fingerprints, service probes
  * New option --defeat-icmp-ratelimit dramatically reduces UDP
    scan times in exchange for labeling unresponsive
    (and possibly open) ports as "closed|filtered".
  * New NSE library, geoip.lua, provides a common framework for
    storing and retrieving IP geolocation results.
  * See https://nmap.org/changelog.html#7.40 for the complete
    changelog.
- Refresh nmap-5.61-desktop_files.patch as
  nmap-7.40-desktop_files.patch

- Nmap 7.31:
  * Fix the way Nmap handles scanning names that resolve to the
    same IP
  * Zenmap: Better visual indication that display of hostname is
    tied to address in the Topology page

- Nmap 7.30:
  * Many added NSE scripts, OS fingerprints, service probes
  * Improved output filtering
  * Using Lua 5.3
  * Many bug fixes, improvements and performance enhancements

- Nmap 7.12:
  * Zenmap: Avoid file corruption in zenmap.conf
  * NSE: VNC updates
  * NSE: Add STARTTLS support for VNC, NNTP, and LMTP
  * Add new service probes and match lines for OpenVPN

- Nmap 7.11:
  * Add support for diffie-hellman-group-exchange-* SSH key
    exchange methods to ssh2.lua, allowing ssh-hostkey to run on
    servers that only support custom Diffie-Hellman groups.
  * Add support in sslcert.lua for Microsoft SQL Server's TDS
    protocol, so you can now grab certs with ssl-cert or check
    ciphers with ssl-enum-ciphers.
  * Fix crashes in Zenmap

- Nmap 7.10:
  * Add 12 NSE scripts
  * Integrate OS, service/version detection fingerprint submissions
  * Updated to various NSE scripts
  * Zenmap: Remember window geometry (position and size) from the
    previous time Zenmap was run.
  * Give option parsing errors after the long usage statement
  * Changed Nmap's idea of reserved and private IP addresses to include
    169.254/16 (RFC3927) and remove 6/8, 7/8, and 55/8 networks
    (for -iR randomly generated targets)
    Usage of own exclusion lists with --exclude or --exclude-file is
    recommended to avoid scanning newly-valid addresses belonging to
    the US DoD.
  * Allow the -4 option for Nmap to indicate IPv4 address family.
  * Add verbosity level of 0 (-v0): not text output

- Nmap 7.01:
  * various bug fixes in NSE

- Nmap 7.00:
  * see /usr/share/doc/packages/nmap/CHANGELOG
- removed patches:
  * nmap-4.00-noreturn.diff
  * nmap-6.00-libpcap-filter.diff
  not needed since we do not build against the bundled libpcap
- updated patch:
  * nmap-ncat-skip-network-tests.patch

- Unbreak everything not Factory

- Fix the build for Factory. Insist on lua 5.2.x

- BuildRequire lua52-devel on openSUSE > 13.2 (current Tumbleweed):
  nmap has not been ported to LUA 5.3 yet.
- Minor fix in check session: internal lua identifies itself as
  5.2.3 by now.

- fix build on SLE 12 by removing gpg-offline dependency
- run spec-cleaner

- Nmap 6.47:
  * updated IPv4 OS fingerprints
  * Removed the External Entity Declaration from the DOCTYPE in
    Nmap's XML. The doctype is now: <!DOCTYPE nmaprun>
  * Ncat: Fixed SOCKS5 username/password authentication
  * Avoid formatting NULL as "%s" when running nmap --iflist
  * Zenmap, Ndiff: Avoid crashing with old PyXML package
  * Handle ICMP admin-prohibited messages when doing service version
    detection.
  * NSE: Fix a bug causing http.head to not honor redirects.
  * Zenmap: Fix a bug in DiffViewer causing a crash
- fix self-obsoletion of zenmap (nmap-gtk)

- Nmap 6.46
- NSE:
  * Made numerous improvements to ssl-heartbleed to provide
    more reliable detection of the vulnerability
  * Fix some bugs which could cause snmp-ios-config and
    snmp-sysdescr scripts to crash
  * Improved performance of citrixlua library when handling large
    XML responses containing application lists
- Zenmap:
  * Fixed a bug which caused this crash message: "IOError:
    [Errno socket error] [Errno 10060] A connection attempt
    failed [...]" due to DOCTYPE definition to Nmap's XML output

- Nmap 6.45
- NSE:
  * Add ssl-heartbleed script to detect the Heartbleed OpenSSL bug
  * Fixed an error-handling bug in socks-open-proxy that caused it
    to fail when scanning a SOCKS4-only proxy
  * Improved ntp-info script to handle underscores in returned
    data
  * Add quake1-info script for retrieving server and player
    information from Quake 1 game servers
  * Add unicode library for decoding and encoding UTF-8, UTF-16,
    CP437 and other character sets to Unicode code points. Scripts
    that previously just added or skipped nulls in UTF-16 data can
    use this to support non-ASCII characters
  * When doing a ping scan (-sn), the --open option will prevent down
    hosts from being shown when -v is specified. This aligns with
    similar output for othe rscan types
  * Add http-ntlm-info script for getting server information from
    Web servers that require NTLM authentication
  * Added tls library for functions related to SSLv3 and TLS
    messages. Existing ssl-enum-ciphers, ssl-date, and
    tls-nextprotoneg scripts were updated to use this library
  * Add sstp-discover script to discover Microsoft's Secure Socket
    Tunnelling Protocol
  * Added unittest library and NSE script for adding unit tests to
    NSE libraries
  * Added allseeingeye-info script
  * Add freelancer-info script
  * Add http-server-header script
  * Add rfc868-time script
  * Add weblogic-t3-info script
  * Removed a fixed value (28428) which was being set for the Request
    ID in the snmpWalk library function
  * Add http-iis-short-name-brute script
  * Add http-dlink-backdoor
  * Made telnet-brute support multiple parallel guessing threads
  * Made the table returned by ssh1.fetch_host_key contain a "key"
    element, like that of ssh2.fetch_host_key
  * Update dns-cache-snoop script to use a new list of top 50
    domains rather than a 2010 list
  * Added the qconn-exec script
- Ncat:
  * Added support for socks5 and corresponding regression tests.
  * Fixed compilation when --without-liblua is specified
  * Added NCAT_PROTO, NCAT_REMOTE_ADDR, NCAT_REMOTE_PORT,
    NCAT_LOCAL_ADDR and NCAT_LOCAL_PORT environment variables being
    set in all --*-exec child processes.
- Nsock:
  * Handle timers and timeouts via a priority queue
- Various:
  * Added TCP support to dns.lua
  * Added safe fd_set operations. This makes nmap fail gracefully
    instead of crashing when the number of file descriptors grows
    over FD_SETSIZE
  * Updated bundled liblua from 5.2.2 to 5.2.3 (bugfix release)
  * Added version detection signatures and probes for a bunch of
    Android remote mouse/keyboard servers, including AndroMouse,
    AirHID, Wifi-mouse, and RemoteMouse.
  * Fixed a bug with UDP checksum calculation
  * Idle scan now supports IPv6
  * The ICMP ID of ICMP probes is now matched against the sent ICMP
    ID to reduce the chance of false matches
- Zenmap:
  * Fixed a crash that would happen when you entered a search
    term starting with a colon

- update nmap-7.70-CVE-2018-15173_pcre_limits.patch to fix NULL ptr
  deref crash if pcre_study returns NULL [bsc#1135350]

- add nmap-7.70-CVE-2017-18594.patch to avoid a crash (double-free)
  when SSH connection fails [bsc#1148742] [CVE-2017-18594]