diff options
-rw-r--r-- | CHANGELOG.md | 22 | ||||
-rw-r--r-- | MANIFEST.in | 2 | ||||
-rw-r--r-- | debian/changelog | 8 | ||||
-rw-r--r-- | debian/copyright | 2 | ||||
-rw-r--r-- | debian/patches/0001-Remove-check-for-unneeded-development-headers.patch | 6 | ||||
-rw-r--r-- | debian/patches/0002-Do-not-pollute-usr-bin-with-random-scripts.patch | 4 | ||||
-rw-r--r-- | debian/patches/0003-Do-not-install-documentation-to-usr-lib-python3.patch | 18 | ||||
-rw-r--r-- | examples/clean_and_log.py | 30 | ||||
-rw-r--r-- | extra/docker/beta/Dockerfile | 2 | ||||
-rw-r--r-- | extra/docker/dev/Dockerfile | 2 | ||||
-rw-r--r-- | extra/docker/stable/Dockerfile | 2 | ||||
-rw-r--r-- | pwnlib/elf/elf.py | 5 | ||||
-rw-r--r-- | pwnlib/shellcraft/templates/aarch64/linux/loader.asm | 8 | ||||
-rw-r--r-- | pwnlib/timeout.py | 4 | ||||
-rw-r--r-- | pwnlib/tubes/tube.py | 7 | ||||
-rw-r--r-- | pwnlib/util/misc.py | 2 | ||||
-rw-r--r-- | pwnlib/version.py | 2 | ||||
-rwxr-xr-x | setup.py | 6 |
18 files changed, 80 insertions, 52 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 17c1a20..4f835c2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,7 +11,8 @@ The table below shows which release corresponds to each branch, and what date th | ---------------- | -------- | ---------------------- | | [4.13.0](#4130-dev) | `dev` | | [4.12.0](#4120-beta) | `beta` | -| [4.11.0](#4110-stable) | `stable` | Sep 15, 2023 +| [4.11.1](#4111-stable) | `stable` | Nov 14, 2023 +| [4.11.0](#4110) | | Sep 15, 2023 | [4.10.0](#4100) | | May 21, 2023 | [4.9.0](#490) | | Dec 29, 2022 | [4.8.0](#480) | | Apr 21, 2022 @@ -68,8 +69,9 @@ The table below shows which release corresponds to each branch, and what date th | [2.2.0](#220) | | Jan 5, 2015 ## 4.13.0 (`dev`) +- [#2281][2281] FIX: Getting right amount of data for search fix - +[2281]: https://github.com/Gallopsled/pwntools/pull/2281 ## 4.12.0 (`beta`) - [#2202][2202] Fix `remote` and `listen` in sagemath @@ -88,7 +90,21 @@ The table below shows which release corresponds to each branch, and what date th [2257]: https://github.com/Gallopsled/pwntools/pull/2257 [2225]: https://github.com/Gallopsled/pwntools/pull/2225 -## 4.11.0 (`stable`) +## 4.11.1 (`stable`) + +- [#2271][2271] FIX: Generated shebang with path to python invalid if path contains spaces +- [#2272][2272] Fix `tube.clean_and_log` not logging buffered data +- [#2281][2281] FIX: Getting right amount of data for search fix +- [#2287][2287] Fix `_countdown_handler` not invoking `timeout_change` +- [#2294][2294] Fix atexit SEGV in aarch64 loader + +[2271]: https://github.com/Gallopsled/pwntools/pull/2271 +[2272]: https://github.com/Gallopsled/pwntools/pull/2272 +[2281]: https://github.com/Gallopsled/pwntools/pull/2281 +[2287]: https://github.com/Gallopsled/pwntools/pull/2287 +[2294]: https://github.com/Gallopsled/pwntools/pull/2294 + +## 4.11.0 - [#2185][2185] make fmtstr module able to create payload without $ notation - [#2103][2103] Add search for libc binary by leaked function addresses `libcdb.search_by_symbol_offsets()` diff --git a/MANIFEST.in b/MANIFEST.in index 8f001ea..5327e18 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -6,4 +6,4 @@ include *.md *.txt *.sh *.yml MANIFEST.in recursive-include docs *.rst *.png Makefile *.py *.txt recursive-include pwnlib *.py *.asm *.rst *.md *.txt *.sh __doc__ *.mako recursive-include pwn *.py *.asm *.rst *.md *.txt *.sh -recursive-exclude *.pyc +global-exclude *.pyc diff --git a/debian/changelog b/debian/changelog index 4a12a12..c965656 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +pwntools (4.11.1-1) unstable; urgency=medium + + * New upstream version 4.11.1 + * Refresh patches + * Update d/copyright + + -- Timo Röhling <roehling@debian.org> Wed, 15 Nov 2023 17:55:27 +0100 + pwntools (4.11.0-1) unstable; urgency=medium * New upstream version 4.11.0 diff --git a/debian/copyright b/debian/copyright index a5f74b1..5530068 100644 --- a/debian/copyright +++ b/debian/copyright @@ -2,7 +2,7 @@ Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: pwntools Files: * -Copyright: 2015-2021, Gallopsled and contributors +Copyright: 2015-2023, Gallopsled and contributors 2013, Pratik Kumar Sahu, Nagendra Chowdary, Anish Mathuria 2013, Tactical Network Solutions, LLC 2013, Zachary Cutlip <uid000@gmail.com> diff --git a/debian/patches/0001-Remove-check-for-unneeded-development-headers.patch b/debian/patches/0001-Remove-check-for-unneeded-development-headers.patch index fa308f7..d2d3348 100644 --- a/debian/patches/0001-Remove-check-for-unneeded-development-headers.patch +++ b/debian/patches/0001-Remove-check-for-unneeded-development-headers.patch @@ -7,10 +7,10 @@ Subject: Remove check for unneeded development headers 1 file changed, 6 deletions(-) diff --git a/setup.py b/setup.py -index e6bb612..15695f9 100755 +index 65cb5c3..77afde4 100755 --- a/setup.py +++ b/setup.py -@@ -54,12 +54,6 @@ if sys.version_info < (3, 4): +@@ -53,12 +53,6 @@ if sys.version_info < (3, 4): sys.argv.remove('--user') @@ -22,4 +22,4 @@ index e6bb612..15695f9 100755 - sys.exit(-1) setup( - version = '4.11.0', + version = '4.11.1', diff --git a/debian/patches/0002-Do-not-pollute-usr-bin-with-random-scripts.patch b/debian/patches/0002-Do-not-pollute-usr-bin-with-random-scripts.patch index 154a657..d41efbf 100644 --- a/debian/patches/0002-Do-not-pollute-usr-bin-with-random-scripts.patch +++ b/debian/patches/0002-Do-not-pollute-usr-bin-with-random-scripts.patch @@ -7,10 +7,10 @@ Subject: Do not pollute /usr/bin with random scripts 1 file changed, 18 deletions(-) diff --git a/setup.py b/setup.py -index 15695f9..bfe7e19 100755 +index 77afde4..9c53854 100755 --- a/setup.py +++ b/setup.py -@@ -25,24 +25,6 @@ for scheme in INSTALL_SCHEMES.values(): +@@ -23,24 +23,6 @@ for scheme in INSTALL_SCHEMES.values(): console_scripts = ['pwn=pwnlib.commandline.main:main'] diff --git a/debian/patches/0003-Do-not-install-documentation-to-usr-lib-python3.patch b/debian/patches/0003-Do-not-install-documentation-to-usr-lib-python3.patch index f8f9353..c59474a 100644 --- a/debian/patches/0003-Do-not-install-documentation-to-usr-lib-python3.patch +++ b/debian/patches/0003-Do-not-install-documentation-to-usr-lib-python3.patch @@ -3,25 +3,17 @@ Date: Mon, 11 Apr 2022 12:49:14 +0200 Subject: Do not install documentation to /usr/lib/python3 --- - setup.py | 4 +--- - 1 file changed, 1 insertion(+), 3 deletions(-) + setup.py | 3 --- + 1 file changed, 3 deletions(-) diff --git a/setup.py b/setup.py -index bfe7e19..5421041 100755 +index 9c53854..1e3c9a7 100755 --- a/setup.py +++ b/setup.py -@@ -11,6 +11,7 @@ from distutils.command.install import INSTALL_SCHEMES - from distutils.sysconfig import get_python_inc - from distutils.util import convert_path - -+from setuptools import find_packages - from setuptools import setup - - # Get all template files -@@ -39,9 +40,6 @@ if sys.version_info < (3, 4): +@@ -38,9 +38,6 @@ if sys.version_info < (3, 4): setup( - version = '4.11.0', + version = '4.11.1', - data_files = [('pwntools-doc', - glob.glob('*.md') + glob.glob('*.txt')), - ], diff --git a/examples/clean_and_log.py b/examples/clean_and_log.py index a307d76..5e5a249 100644 --- a/examples/clean_and_log.py +++ b/examples/clean_and_log.py @@ -11,18 +11,24 @@ Solution: """ from pwn import * +from multiprocessing import Process -os.system('''(( -echo prefix sometext ; -echo prefix someothertext ; -echo here comes the flag ; -echo LostInTheInterTubes -) | nc -l 1337) & -''') +def submit_data(): + with context.quiet: + with listen(1337) as io: + io.wait_for_connection() + io.sendline(b'prefix sometext') + io.sendline(b'prefix someothertext') + io.sendline(b'here comes the flag') + io.sendline(b'LostInTheInterTubes') -r = remote('localhost', 1337) -atexit.register(r.clean_and_log) +if __name__ == '__main__': + p = Process(target=submit_data) + p.start() -while True: - line = r.recvline() - print(re.findall(r'^prefix (\S+)$', line)[0]) + r = remote('localhost', 1337) + atexit.register(r.clean_and_log) + + while True: + line = r.recvline() + print(re.findall(br'^prefix (\S+)$', line)[0]) diff --git a/extra/docker/beta/Dockerfile b/extra/docker/beta/Dockerfile index cbfd056..5a83dd6 100644 --- a/extra/docker/beta/Dockerfile +++ b/extra/docker/beta/Dockerfile @@ -2,6 +2,6 @@ FROM pwntools/pwntools:stable USER root RUN python2.7 -m pip install --upgrade git+https://github.com/Gallopsled/pwntools@beta \ - && python3 -m pip install --upgrade git+https://github.com/Gallopsled/pwntools@beta + && python3 -m pip install --force-reinstall --upgrade git+https://github.com/Gallopsled/pwntools@beta RUN PWNLIB_NOTERM=1 pwn update USER pwntools diff --git a/extra/docker/dev/Dockerfile b/extra/docker/dev/Dockerfile index d5f7af8..77d04d3 100644 --- a/extra/docker/dev/Dockerfile +++ b/extra/docker/dev/Dockerfile @@ -2,6 +2,6 @@ FROM pwntools/pwntools:stable USER root RUN python2.7 -m pip install --upgrade git+https://github.com/Gallopsled/pwntools@dev \ - && python3 -m pip install --upgrade git+https://github.com/Gallopsled/pwntools@dev + && python3 -m pip install --force-reinstall --upgrade git+https://github.com/Gallopsled/pwntools@dev RUN PWNLIB_NOTERM=1 pwn update USER pwntools diff --git a/extra/docker/stable/Dockerfile b/extra/docker/stable/Dockerfile index 980ef3f..1535d4a 100644 --- a/extra/docker/stable/Dockerfile +++ b/extra/docker/stable/Dockerfile @@ -2,6 +2,6 @@ FROM pwntools/pwntools:base USER root RUN python2.7 -m pip install --upgrade git+https://github.com/Gallopsled/pwntools@stable \ - && python3 -m pip install --upgrade git+https://github.com/Gallopsled/pwntools@stable + && python3 -m pip install --force-reinstall --upgrade git+https://github.com/Gallopsled/pwntools@stable RUN PWNLIB_NOTERM=1 pwn update USER pwntools diff --git a/pwnlib/elf/elf.py b/pwnlib/elf/elf.py index 8bbf0b8..0fae91d 100644 --- a/pwnlib/elf/elf.py +++ b/pwnlib/elf/elf.py @@ -1195,9 +1195,10 @@ class ELF(ELFFile): for seg in segments: addr = seg.header.p_vaddr memsz = seg.header.p_memsz - zeroed = memsz - seg.header.p_filesz + filesz = seg.header.p_filesz + zeroed = memsz - filesz offset = seg.header.p_offset - data = self.mmap[offset:offset+memsz] + data = self.mmap[offset:offset+filesz] data += b'\x00' * zeroed offset = 0 while True: diff --git a/pwnlib/shellcraft/templates/aarch64/linux/loader.asm b/pwnlib/shellcraft/templates/aarch64/linux/loader.asm index 7136aae..d6f23cd 100644 --- a/pwnlib/shellcraft/templates/aarch64/linux/loader.asm +++ b/pwnlib/shellcraft/templates/aarch64/linux/loader.asm @@ -107,14 +107,14 @@ PT_LOAD = 1 mov x3, sp stp x2, x3, [sp, #-16]! - /* argc, argv[0], argv[1], envp */ + /* argc, argv[0], argv[1], envp; x0 must be zero! */ /* ideally these could all be empty, but unfortunately we have to keep the stack aligned. it's easier to just push an extra argument than care... */ stp x0, x1, [sp, #-16]! /* argv[1] = NULL, envp = NULL */ - mov x0, 1 - mov x1, sp - stp x0, x1, [sp, #-16]! /* argc = 1, argv[0] = "" */ + mov x2, 1 + mov x3, sp + stp x2, x3, [sp, #-16]! /* argc = 1, argv[0] = "" */ br x8 diff --git a/pwnlib/timeout.py b/pwnlib/timeout.py index a1a4859..8e21a2d 100644 --- a/pwnlib/timeout.py +++ b/pwnlib/timeout.py @@ -30,9 +30,11 @@ class _countdown_handler(object): self.obj._stop = min(self.obj._stop, self.old_stop) self.obj._timeout = self.timeout + self.obj.timeout_change() def __exit__(self, *a): self.obj._timeout = self.old_timeout self.obj._stop = self.old_stop + self.obj.timeout_change() class _local_handler(object): def __init__(self, obj, timeout): @@ -157,7 +159,7 @@ class Timeout(object): else: value = float(value) - if value is value < 0: + if value < 0: raise AttributeError("timeout: Timeout cannot be negative") if value > self.maximum: diff --git a/pwnlib/tubes/tube.py b/pwnlib/tubes/tube.py index 39a27d8..0e5e9da 100644 --- a/pwnlib/tubes/tube.py +++ b/pwnlib/tubes/tube.py @@ -1034,8 +1034,13 @@ class tube(Timeout, Logger): b'hooray_data' >>> context.clear() """ + cached_data = self.buffer.get() + if cached_data and not self.isEnabledFor(logging.DEBUG): + with context.local(log_level='debug'): + self.debug('Received %#x bytes:' % len(cached_data)) + self.maybe_hexdump(cached_data, level=logging.DEBUG) with context.local(log_level='debug'): - return self.clean(timeout) + return cached_data + self.clean(timeout) def connect_input(self, other): """connect_input(other) diff --git a/pwnlib/util/misc.py b/pwnlib/util/misc.py index 7fbf479..32aa535 100644 --- a/pwnlib/util/misc.py +++ b/pwnlib/util/misc.py @@ -382,7 +382,7 @@ def run_in_new_terminal(command, terminal=None, args=None, kill_at_exit=True, pr import os os.execve({argv0!r}, {argv!r}, os.environ) ''' - script = script.format(executable=sys.executable, + script = script.format(executable='/bin/env ' * (' ' in sys.executable) + sys.executable, argv=command, argv0=which(command[0])) script = script.lstrip() diff --git a/pwnlib/version.py b/pwnlib/version.py index 6c387e4..efbed2e 100644 --- a/pwnlib/version.py +++ b/pwnlib/version.py @@ -1 +1 @@ -__version__ = '4.11.0' +__version__ = '4.11.1' @@ -3,10 +3,7 @@ from __future__ import print_function import glob import os -import platform -import subprocess import sys -import traceback from distutils.command.install import INSTALL_SCHEMES from distutils.sysconfig import get_python_inc from distutils.util import convert_path @@ -31,6 +28,7 @@ compat = {} if sys.version_info < (3, 4): import toml project = toml.load('pyproject.toml')['project'] + compat['packages'] = find_packages() compat['install_requires'] = project['dependencies'] compat['name'] = project['name'] if '--user' in sys.argv: @@ -39,7 +37,7 @@ if sys.version_info < (3, 4): setup( - version = '4.11.0', + version = '4.11.1', package_data = { 'pwnlib': [ 'data/crcsums.txt', |