Changes:
- flush cache when changing ftp:charset.
- show all queued commands on `queue' command.
- support open ranges for `mirror --size-range'.
- new setting dns:max-retries.
- change dns:fatal-timeout setting to accept time interval suffixes.
- prefer getaddrinfo over gethostbyname2.
- treat GNUTLS_E_UNEXPECTED_PACKET_LENGTH as EOF indicator - this fixes
secure ftp with ProFTPD server.
- fixed netrc usage when no user name is given.
Changes:
* Kopete
o Fix disconnects/crashes after connecting to a Yahoo webcam
o Don't send picture information packets to Yahoo buddies when
connecting into invisible state, as one might use these packets to
reveal your real connection state
o Don't crash when deleting several contacts that are in several
groups
o Fix escaping of HTML in Yahoo messages
* KPPP
o fix initialization problem with some modems (Qualcomm 3G CDMA)
o support higher connection speeds (921600 bps)
Changes:
4.00:
=====
- Added the '?' command to the runtime interaction system. It prints
a list of accepted commands. Thanks to Andrew Lutomirski
(luto(a)myrealbox.com) for the patch.
3.9999:
=======
- Generated a new libpcre/configure to cope with changes in LibPCRE
6.4
- Updated nmap-mac-prefixes to reflect the latest OUI DB from the IEEE
(http://standards.ieee.org/regauth/oui/oui.txt)
- Updated nmap-protocols with the latest IEEE internet protocols
assignments (http://www.iana.org/assignments/protocol-numbers).
- Updated the Nmap version number and related fields that MS Visual
Studio places in the binary. This was done by editing
mswin32/nmap.rc.
3.999:
======
- Added runtime interaction support to Windows, thanks to patches from
Andrew Lutomirski (luto(a)myrealbox.com) and Gisle Vanem
(giva(a)bgnett.no).
- Changed a couple lines of tcpip.cc (put certain IP header fields in
host byte order rather than NBO) to (hopefully) support Mac OS X on
Intel. Thanks to Kurt Grutzmacher (grutz(a)jingojango.net) for the
patch.
- Upgraded the included LibPCRE from version 6.3 to 6.4. There was a
report of version detection crashes on the new Intel-based MACs with
6.3.
- Fixed an issue in which the installer would malfunction in rare
issues when installing to a directory with spaces in it. Thanks to
Thierry Zoller (Thierry(a)Zoller.lu) for the report.
3.99:
=====
- Integrated all remaining 2005 service submissions. The DB now has
surpassed 3,000 signatures for the first time. There now are 3,153
signatures for 381 service protocols. Those protocols span the
gamut from abc, acap, afp, and afs to zebedee, zebra, and
zenimaging. It even covers obscure protocols such as http, ftp,
smtp, and ssh :). Thanks to Version Detection Czar Doug Hoyte for
his excellent work on this.
- Created a Windows executable installer using the open source NSIS
(Nullsoft Scriptable Install System). It handles Pcap installation,
registry performance changes, and adding Nmap to your cmd.exe
executable path. The installer source files are in mswin32/nsis/ .
Thanks to Google SoC student Bo Jiang (jiangbo(a)brandeis.edu) for
creating the initial version.
- Fixed a backward compatibility bug in which Nmap didn't recognize
the --min_rtt_timeout option (it only recognized the newly
hyphenated --min-rtt-timeout). Thanks to Joshua D. Abraham
(jabra(a)ccs.neu.edu) for the bug report.
- Fixed compilation to again work with gcc-derivatives such as
MingW. Thanks to Gisle Vanem (giva(a)bgnett.no) for sending the
patches
3.98BETA1:
==========
- Added run time interaction as documented at
http://www.insecure.org/nmap/man/man-runtime-interaction.html .
While Nmap is running, you can now press 'v' to increase verbosity,
'd' to increase the debugging level, 'p' to enable packet tracing,
or the capital versions (V,D,P) to do the opposite. Any other key
(such as enter) will print out a status message giving the estimated
time until scan completion. This only works on UNIX for now. Do we
have any volunteers to add Windows support? You would need to
change a handful of UNIX-specific termio calls with the Windows
equivalents. This feature was created by Paul Tarjan
(ptarjan(a)stanford.edu) as part of the Google Summer of Code.
- Reverse DNS resolution is now done in parallel rather than one at a
time. All scans of large networks (particularly list, ping and
just-a-few-ports scans) should benefit substantially from this
change. If you encounter any problems, please let us know. The new
--system_dns option was added so you can use the (slow) system
resolver if you prefer that for some reason. You can specify a
comma separated list of DNS server IP addresses for Nmap to use with
the new --dns_servers option. Otherwise, Nmap looks in
/etc/resolve.conf (UNIX) or the system registry (Windows) to obtain
the nameservers already configured for your system. This excellent
patch was written by Doug Hoyte (doug(a)hcsw.org).
- Added the --badsum option, which causes Nmap to use invalid TCP or
UDP checksums for packets sent to target hosts. Since virtually all
host IP stacks properly drop these packets, any responses received
are likely coming from a firewall or IDS that didn't bother to
verify the checksum. For more details on this technique, see
http://www.phrack.org/phrack/60/p60-0x0c.txt . The author of that
paper, Ed3f (ed3f(a)antifork.org), is also the author of this patch
(which I changed it a bit).
- The 26 Nmap commands that previously included an underscore
(--max_rtt_timeout, --send_eth, --host_timeout, etc.) have been
renamed to use a hyphen in the preferred format
(i.e. --max-rtt-timeout). Underscores are still supported for
backward compatibility.
- More excellent NmapFE patches from Priit Laes (amd(a)store20.com)
were applied to remove all deprecated GTK API calls. This also
eliminates the annoying Gtk-Critical and Gtk-WARNING runtime messages.
- Changed the way the __attribute__ compiler extension is detected so
that it works with the latest Fedora Core 4 updates (and perhaps other
systems). Thanks to Duilio Protti (dprotti(a)fceia.unr.edu.ar) for
writing the patch. The compilation error message this fixes was
usually something like: "nmap.o(.rodata+0x17c): undefined reference
to `__gthrw_pthread_cancel(unsigned long)"
- Added some exception handling code to mswin32/winfix.cc to prevent
Nmap from crashing mysteriously when you have WinPcap 3.0 or earlier
(instead of the required 3.1). It now prints an error message instead
asking you to upgrade, then reduces functionality to connect()-only
mode. I couldn't get it working with the C++ standard try/catch()
blocks, but as soon as I used the nonstandard MS conventions
(__try/__except(), everything worked fine. Shrug.
- Stripped the firewall API out of the libdnet included with Nmap
because Nmap doesn't use it anyway. This saves space and reduces the
likelihood of compilation errors and warnings.
- Modified the previously useless --noninteractive option so that it
deactivates runtime interaction.
3.96BETA1:
==========
- Added --max_retries option for capping the maximum number of
retransmissions the port scan engine will do. The value may be as low
as 0 (no retransmits). A low value can increase speed, though at the
risk of losing accuracy. The -T4 option now allows up to 6 retries,
and -T5 allows 2. Thanks to Martin Macok
(martin.macok(a)underground.cz) for writing the initial patch, which I
changed quite a bit. I also updated the docs to reflect this neat
new option.
- Many of the Nmap low-level timing options take a value in
milliseconds. You can now append an 's', 'm', or 'h' to the value
to give it in seconds, minutes, or hours instead. So you can specify
a 45 minute host timeout with --host_timeout 45m rather than specifying
--host_timeout 2700000 and hoping you did the math right and have the
correct number of zeros. This also now works for the
--min_rtt_timeout, --max_rtt_timeout, --initial_rtt_timeout,
--scan_delay, and --max_scan_delay options.
- Improved the NmapFE port to GTK2 so it better-conforms to the new
API and you don't get as many annoying messages in your terminal
window. GTK2 is prettier and more functional too. Thanks to Priit
Laes (amd(a)store20.com) for writing these
excellent patches.
- Fixed a problem which led to the error message "Failed to determine
dst MAC address for target" when you try to run Nmap using a
dialup/PPP adapter on Windows rather than a real ethernet card. Due
to Microsoft breaking raw sockets, Nmap no longer supports dialup
adapters, but it should now give you a clearer error message than
the "dst MAC address" nonsense.
- Debian GNU/kFreeBSD is now supported thanks to a patch to libdnet's
configure.in by Petr Salinger (Petr.Salinger(a)t-systems.cz).
- Tried to update to the latest autoconf only to find that there
hasn't been a new version in more than two years :(. I was able to
find new config.sub and config.guess files at
http://cvs.savannah.gnu.org/viewcvs/config/config/ , so I updated to
those.
- Fixed a problem with the -e option when run on Windows (or UNIX with
--send_eth) when run on an ethernet network against an external
(routed) host. You would get the message "NmapArpCache() can only
take IPv4 addresses. Sorry". Thanks to KX (kxmail(a)gmail.com) for
helping to track down the problem.
- Made some changes to allow source port zero scans (-g0). Nmap used
to refuse to do this, but now it just gives a warning that it may not
work on all systems. It seems to work fine on my Linux box. Thanks
to Bill Dale (bill_dale(a)bellsouth.net) for suggesting this feature.
- Made a change to libdnet so that Windows interfaces are listed as
down if they are disconnected, unplugged, or otherwise unavailable.
- Ceased including foreign translations in the Nmap tarball as they
take up too much space. HTML versions can be found at
http://www.insecure.org/nmap/docs.html , while XML and NROFF versions
are available from http://www.insecure.org/nmap/data/man-xlate/ .
- Changed INSTALL and README-WIN32 files to mostly just reference the
new Nmap Install Guide at http://www.insecure.org/nmap/install/ .
- Included docs/nmap-man.xml in the tarball distribution, which is the
DocBook XML source for the Nmap man page. Patches to Nmap that are
user-visible should include patches to the man page XML source rather
than to the generated Nroff.
- Fixed Nmap so it doesn't crash when you ask it to resume a previous
scan, but pass in a bogus file rather than actual Nmap output. Thanks
to Piotr Sobolewski (piotr_sobolewski(a)o2.pl) for the fix.
version 0.4.3. Changes since 0.7.6/0.3.6:
- New throttle implementation
- Improved config file parser
- Settings for using a http proxy and changing the process's umask.
- Many more bug fixes and improvements
New features:
- Browse Host (HTML and Gnutella), TLS and IPv6 support.
- Chinese and Greek translations of the user interface.
- D-BUS plugging.
- Added hot keys: F2, F8 and F9 (see menu View->...).
- Searches are now created with a configurable expiration date.
Improvements:
- Optimization of the UTF-8 processing.
- Better filename conversion to locale, with automagic charset detection.
- General performance improvements in QRP and search filters.
- Full "nl" translation.
- Sorting persistence.
Under the hood:
- Buffering of downloaded data to avoid excessive disk fragmentation
- Support for the epoll()/kqueue() system calls.
- More optimistic PARQ ETA, and PARQ back-off when QUEUE are unanswered.
- NFS-compatible session locking if anyone cares.
- Nifty property browser.
in the Prelude hybrid IDS system. This snort version will report alerts
to the coonfigured Prelude manager. The overhead of this reporting option
is comparable to barnyard.
This is one of several new Prelude packages.
Packages Collection.
DNSdoctor is intended to help solving misconfigurations or
inconsistencies in DNS zones by looking for potential errors, give
you a description of the problem and refer you to RFC or other
documents.
Changes:
- updated SCTP implementation.
- added new retransmission policy for sending fast retransmissions to
the same destination and timeout retransmissions to an alternate
destination
- added experimental feature: changePrimaryThresh_ sets a threshold for
when the primary destination is changed automatically
- added the ability to specify one of three dormant state actions
- added the ability to track the number of times fast retransmit,
multiple fast retransmit, and timeouts are invoked
- new TCL bindable variables: initial RTO, min RTO, max RTO, fast rtx
trigger, and sack delay
- bug fixes.
2005.11.28 - 0.11 - Sebastien Aperghis-Tramoni (SAPER)
- [CODE] Added the pcapinfo command.
- [DIST] Cygwin installation was simplified and should now Just Work.
- [TESTS] Improved the whole test suite to make it use the best device
it can find (was needed for Cygwin & Win32).
- [DOC] Corrected a few typos thanks to Test::Spelling.
- [DOC] Small documentation nits.
2005.11.xx - 0.10 - Sebastien Aperghis-Tramoni (SAPER)
- [BUGFIX] lookupnet() wasn't exported by :functions.
- [BUGFIX] Fixed findalldevs() emulation.
- [BUGFIX] Replaced several newSViv() with newSVuv() to respect the actual
unsigned nature of several fields.
- [TESTS] Fixed 03-openlive.t for Darwin/Mac OS X.
- [TESTS] RT#15342: lookupnet() fails if the device returned by lookupdev()
has no IP configured. Thanks to
- [TESTS] RT#15343: warnings when running t/14-datalink.t
- [TESTS] Fixed another corner case in t/02-lookup.t thanks to Rafael Garcia-Suarez.
- [TESTS] t/Utils.pm now sets the environment to C. Thanks to Karl Y. Pradene.
2005.10.26 - 0.09 - Sebastien Aperghis-Tramoni (SAPER)
- [BUGFIX] Restored compatibility with older versions of libpcap, namely the
traditional ones founds on BSD systems.
- [FEATURE] Added Microsoft Visual C++ 7 compatibility, thanks to Max Maischen
and Jean-Louis Morel.
- [CODE] Added new detection routines for looking which functions are actually
available on the host system.
- [CODE] Upgraded to Devel::PPPort 3.06_03
- [TESTS] Renamed t/CheckAuth.pm to t/Utils.pm, added function is_available().
- [TESTS] Changed the way the test utility module is loaded.
- [TESTS] Updated several test files so they skip the tests that depend on
a function that may be unavailable.
- [TESTS] Fixes several corner cases thanks to the benevolent testing of
Philippe Bruhat, David Morel and Scott Lanning.
2005.10.05 - 0.08 - Sebastien Aperghis-Tramoni (SAPER)
- [BUGFIX] RT#6320: loop() conflicts with alarm(). Thanks to RafaZ: Garcia-Suarez
for the patch. Also applied to dispatch() and next().
- [BUGFIX] setnonblock() and getnonblock() now checks that $err is a reference.
- [BUGFIX] Merged Jean-Louis Morel patch: modification of the detection code in
Makefile.PL for Win32; fixes for compiling with Microsoft compiler;
simplification of lookupdev().
- [BUGFIX] Restored compatibility with Perl 5.6, 5.5 and 5.4
- [BUGFIX] Fixed memory leak in lookupdev().
- [BUGFIX] Some XS wrappers (compile(), dispatch(), stats()) now resets the error
string before calling the underlying functions.
- [FEATURE] Now tries to use XSLoader if available, then falls back to DynaLoader.
- [FEATURE] Improved findalldevs(). See documentation.
- [FEATURE] Added wrapper for freecode(), dump_flush(), dump_file().
- [DIST] Improved detection code in Makefile.PL.
- [TESTS] Updated t/05-dump.t, t/12-next.t in order to increase code coverage (94%).
What remains uncovered is cargo-cult defensive, hence untestable, code.
- [TESTS] Updated t/01-api.t, t/05-dump.t, t/08-filter.t, t/10-fileno.t,
t/13-dispatch.t, t/16-setnonblock.t
- [TESTS] Updated all test scripts in order to suppress warnings.
- [TESTS] Moved the the check whether pcap can be used in t/CheckAuth.pm and
added Win32 specific code, supplied by Jean-Louis Morel.
- [TESTS] Added t/rt-6320.t for checking the bugfix of RT#6320.
- [TESTS] Added t/distchk.t
2005.09.23 - 0.07 - Sebastien Aperghis-Tramoni (SAPER)
- [BUGFIX] RT#7455: Memory corruption when using Net::Pcap::Compile()
- [BUGFIX] Merged Win32 fix to pcap_lookupdev() from JLM/0.04.02
- [FEATURE] Added wrappers for lib_version(), open_dead(), set_datalink(),
datalink_name_to_val(), datalink_val_to_name(), datalink_val_to_description()
- [FEATURE] Added support for all DLT_*, MODE_*, PCAP_* and useful BPF_*
numeric macros using ExtUtils::Constant.
- [FEATURE] Added const qualifiers when appropriate.
- [FEATURE] Added ppport.h
- [DIST] Added libpcap detection using have_library() from XML::LibXML::Common
- [TESTS] Fixed scripts t/10-fileno.t,
- [TESTS] Added t/17-lib_version.t, t/18-open_dead.t, 19-breakloop.t
- [TESTS] Updated t/14-datalink.t
- [DOC] Updated documentation.
2005.09.15 - 0.06 - Sebastien Aperghis-Tramoni (SAPER)
- [FEATURE] RT#7594: added pcap_setnonblock() and pcap_getnonblock(). Thanks
to Ernesto Domat for the patch.
- [FEATURE] Changed the warning returned by stats() in order to be uniform
with other similar warnings
- [TESTS] Completely rewrote the tests suite using Test::More and better
(and portable) methods to skip tests when appropriate.
- [TESTS] Added t/podcover.t, t/pod.t, t/portfs.t
- [TESTS] Added t/15-is_swapped.t, t/16-setnonblock.t
- [DIST] Updated Makefile.PL
- [DOC] RT#7671: documentation typo
- [DOC] Updated the documentation.
In the process of the development of Asterisk a new protocol has gathered
the attention among the VoIP users - the Inter-Asterisk eXchange, or IAX
(TM), Protocol, used as a the native communication protocol between
Asterisk PBX Servers. What is particularly good in it is that it requires
only one UDP port per endpoint to create a successful communication channel
for VoIP calls. This makes it much friendlier for users behind NAT, which
is not the case with SIP and H.323 - they required specific router
configurations for their channel establishment, thus hindering faster
spread of VoIP on the home and corporate desktop.
*** Security Fix ***
Changes 5.3:
*** Important Notes ***
Several very significant changes have been made in Net-SNMP for this
release that warrant special attention.
- shared library version number no longer matches the release number. We
now follow the versioning scheme recommended by libtool. For the 5.3
release this means that the libraries now have a SONAME ending with
".so.10", e.g. libnetsnmp.so.10.
- snmpd has not been truncating log files at startup, as documented in
the man pages, for a while now. This default behaviour has been restored.
Please use the '-A' flag if you want to continue appending to your log
files at startup.
- snmptrapd will no longer accept all traps by default. It must be
configured with authorized SNMPv1/v2c community strings and/or SNMPv3
users. Non-authorized traps/informs will be dropped.
- Due to a copyright statement that didn't allow modifications,
snmpnetstat has been completely rewritten. The new version now
accepts the same command-line options as the other tools, which
has introduced a number of incompatible changes. However, it
does now finally support SNMPv3.
And set it in the make environment.
This fixes installation of man page as seen on DragonFly bulk build.
Revision not bumped since no change for systems where this worked before.
requires more than the default 64. Bump PKGREVISION to 1.
Fixes PR pkg/32602.
I guess the real solution could be to modify mldonkey's source to unlimit
this value itself, but I don't want to deal with (i.e., learn) ocaml code...
This fixes vulnid:1747 (denial-of-service vulnerability).
18-Jan-2006 Don Moore <bboy@bboy.net> [1.1.0]
- Implemented RFC 2136 (DNS UPDATE). See the manual for usage instructions.
- Fixed minor bug in admin.php where if db_get_settings() failed, it might
display an error message without consistent formatting.
- Added two additional fields to the --verbose query log. The opcode of the
query (QUERY or UPDATE), and a quoted field containing a description of the
UPDATE performed, if the opcode was UPDATE.
- Updated contrib/stats.php to handle new log fields.
- Fixed bug in --dump-config -- if present, fields without default values
("no-listen", "soa-where", "rr-where", and "recursive") were not being
dumped.
- Made --dump-config dump ALL possible configuration options, even if no value
was originally specified. As such, MyDNS will no longer warn the user when
a config option doesn't have a value. It will be silently ignored.
- Including <inttypes.h> after a suggestion by Christian Tschenett, to help
things out on 64-bit platforms like OSX. If this creates problems on your
platform, please let me know.
- Modified admin.php to allow a backslash in the 'mbox' field, immediately
preceding a dot. This is used in DNS to indicate the presence of a dot in
the username part of the administrator's email address. There was an
additional bug report from Andreas Grip that MyDNS was replying with the
slashes doubled up in this case, but it appears to be a problem with the
"dig" program, not MyDNS.
- Fixed bug with "rr-where" clause -- conf.c was using "soa-where" instead.
David Darville first reported this bug. Michael Gile submitted it two
minutes later, with a patch.
- Added "create_domain.pl" to the contrib/ directory. Thanks to Gerard de
Brieder for this script. See contrib/README for more information.
- Fixed bug in src/lib/rr.c (mydns_rr_load) that caused a segfault if origin
was NULL (it was designed to allow NULL, but this version is the first to
ever call it in that way).
- Added support for NAPTR (RFC 2915) records. Users with existing MyDNS
databases will need to alter their tables to allow "NAPTR" in the "type"
column if they want to use NAPTR.
- Renamed library functions mydns_parse_rr() and mydns_parse_soa() to
mydns_rr_parse() and mydns_soa_parse(), for consistency.
- Library functions mydns_rr_dup() and mydns_soa_dup() now fail (terminating
the program) if out of memory.
- Moved routines that parse data for individual RR types (RP, SRV, and NAPTR)
into individual functions from mydns_rr_parse for clarity.
- Fixed bug where AXFR might transmit incorrect information if a FQDN is used
in the 'name' field.
- Fixed AXFR bug with ALIAS enabled. Thanks to Sven Wegener for the patch.
- Created file "README.mysql" to address various problems common while
compiling with MySQL support.
- Fixed "use of cast expressions as lvalues is deprecated" warning (caused
compilation abort with --enable-debug).
- Added hostname to beginning of SIGUSR1 status output.
- Renamed "update" column in the soa table to "update_acl"; how could I be so
stupid as to name a column "update"?!
- Fixed a critical denial-of-service vulnerability.
