version 2.87
Allow arbitrary prefix lengths in --rev-server and
--domain=....,local
Replace --address=/#/..... functionality which got
missed in the 2.86 domain search rewrite.
Add --nftset option, like --ipset but for the newer nftables.
Thanks to Chen Zhenge for the patch.
Add --filter-A and --filter-AAAA options, to remove IPv4 or IPv6
addresses from DNS answers.
Fix crash doing netbooting when --port is set to zero
to disable the DNS server. Thanks to Drexl Johannes
for the bug report.
Generalise --dhcp-relay. Sending via broadcast/multicast is
now supported for both IPv4 and IPv6 and the configuration
syntax made easier (but backwards compatible).
Add snooping of IPv6 prefix-delegations to the DHCP-relay system.
Finesse parsing of --dhcp-remoteid and --dhcp-subscrid. To be treated
as hex, the pattern must consist of only hex digits AND contain
at least one ':'. Thanks to Bengt-Erik Sandstrom who tripped
over a pattern consisting of a decimal number which was interpreted
surprisingly.
Include client address in TFTP file-not-found error reports.
Thanks to Stefan Rink for the initial patch, which has been
re-worked by me (srk). All bugs mine.
Note in manpage the change in behaviour of -address. This behaviour
actually changed in v2.86, but was undocumented there. From 2.86 on,
(eg) --address=/example.com/1.2.3.4 ONLY applies to A queries. All other
types of query will be sent upstream. Pre 2.86, that would catch the
whole example.com domain and queries for other types would get
a local NODATA answer. The pre-2.86 behaviour is still available,
by configuring --address=/example.com/1.2.3.4 --local=/example.com/
Fix problem with binding DHCP sockets to an individual interface.
Despite the fact that the system call tales the interface _name_ as
a parameter, it actually, binds the socket to interface _index_.
Deleting the interface and creating a new one with the same name
leaves the socket bound to the old index. (Creating new sockets
always allocates a fresh index, they are not reused). We now
take this behaviour into account and keep up with changing indexes.
Add --conf-script configuration option.
Enhance --domain to accept, for instance,
--domain=net2.thekelleys.org.uk,eth2 so that hosts get a domain
which relects the interface they are attached to in a way which
doesn't require hard-coding addresses. Thanks to Sten Spans for
the idea.
Fix write-after-free error in DHCPv6 server code.
CVE-2022-0934 refers.
Add the ability to specify destination port in
DHCP-relay mode. This change also removes a previous bug
where --dhcp-alternate-port would affect the port used
to relay _to_ as well as the port being listened on.
The new feature allows configuration to provide bug-for-bug
compatibility, if required. Thanks to Damian Kaczkowski
for the feature suggestion.
Bound the value of UDP packet size in the EDNS0 header of
forwarded queries to the configured or default value of
edns-packet-max. There's no point letting a client set a larger
value if we're unable to return the answer. Thanks to Bertie
Taylor for pointing out the problem and supplying the patch.
Fix problem with the configuration
--server=/some.domain/# --address=/#/<ip> --server=<server_ip>
This would return <ip> for queries in some.domain, rather than
forwarding the query via the default server.
Tweak DHCPv6 relay code so that packets relayed towards a server
have source address on the server-facing network, not the
client facing network. Thanks to Luis Thomas for spotting this
and initial patch.
2.6.6
- MEDIUM: peers: limit the number of updates sent at once
- MINOR: Revert part of clarifying samples support per os commit
- BUILD: makefile: enable crypt(3) for NetBSD
- BUG/MINOR: quic: Retransmitted frames marked as acknowledged
- BUG/MINOR: quic: Possible crash with "tls-ticket-keys" on QUIC bind lines
- BUG/MINOR: h1: Support headers case adjustment for TCP proxies
- BUG/MINOR: quic: Possible crash when verifying certificates
- BUILD: quic: add some ifdef around the SSL_ERROR_* for libressl
- BUILD: ssl: fix ssl_sock_switchtx_cbk when no client_hello_cb
- BUILD: quic: temporarly ignore chacha20_poly1305 for libressl
- BUILD: quic: enable early data only with >= openssl 1.1.1
- BUILD: ssl: fix the ifdef mess in ssl_sock_initial_ctx
- BUILD: quic: fix the #ifdef in ssl_quic_initial_ctx()
- MINOR: quic: add QUIC support when no client_hello_cb
- MINOR: quic: Add traces about sent or resent TX frames
- MINOR: quic: No TRACE_LEAVE() in retrieve_qc_conn_from_cid()
- BUG/MINOR: quic: Wrong connection ID to thread ID association
- BUG/MINOR: task: always reset a new tasklet's call date
- BUG/MINOR: task: make task_instant_wakeup() work on a task not a tasklet
- MINOR: task: permanently enable latency measurement on tasklets
- CLEANUP: task: rename ->call_date to ->wake_date
- BUG/MINOR: task: Fix detection of tasks profiling in tasklet_wakeup_after()
- BUG/MINOR: sched: properly account for the CPU time of dying tasks
- MINOR: sched: store the current profile entry in the thread context
- BUG/MINOR: stream/sched: take into account CPU profiling for the last call
- BUG/MINOR: signals/poller: set the poller timeout to 0 when there are signals
- BUG/MINOR: quic: Speed up the handshake completion only one time
- BUG/MINOR: quic: Trace fix about packet number space information.
- BUG/MINOR: h3: Crash when h3 trace verbosity is "minimal"
- MINOR: h3: Add the quic_conn object to h3 traces
- MINOR: h3: Missing connection argument for a TRACE_LEAVE() argument
- MINOR: h3: Send the h3 settings with others streams (requests)
- BUG/MINOR: signals/poller: ensure wakeup from signals
- CI: cirrus-ci: bump FreeBSD image to 13-1
- DEV: flags: fix usage message to reflect available options
- DEV: flags: add missing CO_FL_FDLESS connection flag
- BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK
- MINOR: listener: small API change
- MINOR: proxy/listener: support for additional PAUSED state
- BUG/MINOR: stats: fixing stat shows disabled frontend status as 'OPEN'
- CLEANUP: pollers: remove dead code in the polling loop
- BUG/MINOR: mux-h1: Increment open_streams counter when H1 stream is created
- REGTESTS: healthcheckmail: Relax matching on the healthcheck log message
- CLEANUP: listener: function comment typo in stop_listener()
- BUG/MINOR: listener: null pointer dereference suspected by coverity
- REGTESTS: log: test the log-forward feature
- BUG/MEDIUM: sink: bad init sequence on tcp sink from a ring.
- REGTESTS: ssl/log: test the log-forward with SSL
- DOC: fix TOC in starter guide for subsection 3.3.8. Statistics
- MEDIUM: quic: separate path for rx and tx with set_encryption_secrets
- BUG/MEDIUM: mux-quic: fix crash on early app-ops release
- CLEANUP: mux-quic: remove stconn usage in h3/hq
- BUG/MINOR: mux-quic: do not remotely close stream too early
- BUG/MEDIUM: server: segv when adding server with hostname from CLI
- CLEANUP: quic,ssl: fix tiny typos in C comments
- BUG/MEDIUM: captures: free() an error capture out of the proxy lock
- BUILD: fd: fix a build warning on the DWCAS
- SCRIPTS: announce-release: update some URLs to https
- BUG/MEDIUM: mux-quic: fix nb_hreq decrement
- BUG/MINOR: mux-quic: do not keep detached qcs with empty Tx buffers
- REORG: mux-quic: extract traces in a dedicated source file
- REORG: mux-quic: export HTTP related function in a dedicated file
- MINOR: mux-quic: refactor snd_buf
- BUG/MEDIUM: mux-quic: properly trim HTX buffer on snd_buf reset
- REGTESTS: ssl: adopt tests to OpenSSL-3.0.N
- REGTESTS: ssl: adopt tests to OpenSSL-3.0.N
- REGTESTS: ssl: fix grep invocation to use extended regex in ssl_generate_certificate.vtc
- BUG/MINOR: log: improper behavior when escaping log data
OKed by wiz@
Pkgsrc changes:
* Just checksum updates.
Upstream changes:
--- 9.16.33 released ---
5962. [security] Fix memory leak in EdDSA verify processing.
(CVE-2022-38178) [GL #3487]
5961. [security] Fix memory leak in ECDSA verify processing.
(CVE-2022-38177) [GL #3487]
5960. [security] Fix serve-stale crash that could happen when
stale-answer-client-timeout was set to 0 and there was
a stale CNAME in the cache for an incoming query.
(CVE-2022-3080) [GL #3517]
5957. [security] Prevent excessive resource use while processing large
delegations. (CVE-2022-2795) [GL #3394]
5956. [func] Make RRL code treat all QNAMEs that are subject to
wildcard processing within a given zone as the same
name. [GL #3459]
5955. [port] The libxml2 library has deprecated the usage of
xmlInitThreads() and xmlCleanupThreads() functions. Use
xmlInitParser() and xmlCleanupParser() instead.
[GL #3518]
5954. [func] Fallback to IDNA2003 processing in dig when IDNA2008
conversion fails. [GL #3485]
5953. [bug] Fix a crash on shutdown in delete_trace_entry(). Add
mctx attach/detach pair to make sure that the memory
context used by a memory pool is not destroyed before
the memory pool itself. [GL #3515]
5952. [bug] Use quotes around address strings in YAML output.
[GL #3511]
5951. [bug] In some cases, the dnstap query_message field was
erroneously set when logging response messages.
[GL #3501]
5948. [bug] Fix nsec3.c:dns_nsec3_activex() function, add a missing
dns_db_detachnode() call. [GL #3500]
5945. [bug] If parsing /etc/bind.key failed, delv could assert
when trying to parse the built in trust anchors as
the parser hadn't been reset. [GL !6468]
5942. [bug] Fix tkey.c:buildquery() function's error handling by
adding the missing cleanup code. [GL #3492]
5941. [func] Zones with dnssec-policy now require dynamic DNS or
inline-siging to be configured explicitly. [GL #3381]
5936. [bug] Don't enable serve-stale for lookups that error because
it is a duplicate query or a query that would be
dropped. [GL #2982]
upstream changes:
-----------------
o v1.21.0
Bugfixes:
#8219: REST API: db/completion no output when one folder is paused
#8479: Panic in failure reporting
Enhancements:
#1329: Add support for syncing ownership of files
#7981: Show likely status of disconnected devices
#8296: Auto-accepted receive-encrypted folders should have more sensible defaults
#8323: Show internally used paths in the GUI for debugging
#8448: Remove "restart on wakeup" functionality
Pkgsrc changes:
* Only checksum changes.
Upstream changes:
1.8.3 2022-08-15
* bugfix #183: Assertion failure with OPT record without rdata.
This caused packet creation with only a DO bit (for DNSSEC OK)
to crash. Thanks Anand Buddhdev and others for reporting this
so quickly.
* Fix for syntax error in pyldns
1.8.2 2022-08-12
* bugfix #147: Allow for tabs in whitespace before quoted rdata
fields. Thanks Felipe Gasper
* bugfix #149: Add some missing [out] annotations to doxygen
parameters. Thanks aldot.
* Fix build error on Solaris 10 with inet_ntop redeclaration error.
* Fix -U flag with ldns-signzone. Thanks Ulrich and Jonathan
* Enable compile of SVCB and HTTPS support by default.
* bugfix #179: Free line memory even if zone file parsing fails
Thanks Claudius Zingerli
* bugfix #166: Grow buffer when writing chars and fixed size
strings when converting to presentation format, preventing
potential assersion errors.
* bugfix #46: Print network errors when secure tracing.
Thanks reedjc
* EDNS0 Option handling and conversion into presentation format.
* bugfix #145: ldns-verify-zone should not call occluded records
glue. Thanks Habbie
1.8.1 2021-12-03
* bugfix #146: ldns-1.7.1 had soname 3.0, so ldns-1.8.x soname
needs to larger. Thanks Leah Neukirchen & Felipe Gasper
* Undo PR#123 fix ldns.pc installation when building out-of-source
Thanks Axel Xu
Changes:
## 1.23.1 - 2022-09-18
### Additions
- [flickr] add support for `secure.flickr.com` URLs
- [hotleak] add hotleak extractors
- [instagram] add `highlight_title` and `date` metadata for highlight
downloads
- [paheal] add support for videos
- [twitter] add general support for unified cards
- [twitter] implement `cards-blacklist` option
- [tumblr] fetch high-quality inline images
- [tumblr] implement `ratelimit` option
- [zerochan] add `metadata` option
- [postprocessor:zip] implement `files` option
### Fixes
- [bunkr] fix extraction
- [bunkr] use `media-files` servers for `m4v` and `mov` downloads
- [exhentai] improve 509.gif detection
- [exhentai] guess extension for original files
- [poipiku] use `img-org.poipiku.com` as image domain
- [reddit] prevent exception with empty submission URLs
- [redgifs] fix download URLs
- [smugmug] update default API credentials
- [twitter] provide proper `date` for syndication results
- [twitter] fix new-style `/card_img/` URLs
- remove all whitespace before comments after input file URLs
## 1.23.0 - 2022-08-28
### Changes
- [twitter] update `user` and `author` metdata fields
- for URLs with a single username or ID like `https://twitter.com/USER` or a
search with a single `from:` statement, `user` will now always refer to the
user referenced in the URL.
- for all other URLs like `https://twitter.com/i/bookmarks`, `user` and
`author` refer to the same user
- `author` will always refer to the original Tweet author
- [twitter] update `quote_id` and `quote_by` metadata fields
- `quote_id` is now non-zero for quoted Tweets and contains the Tweet ID of
the quotng Tweet (was the other way round before)
- `quote_by` is only defined for quoted Tweets like before, but now contains
the screen name of the user quoting this Tweet
- [skeb] improve archive IDs for thumbnails and article images
### Additions
- [artstation] add `num` and `count` metadata fields
- [catbox] add `album` extractor
- [blogger] emit metadata for posts without files
- [foolfuuka] update supported domains
- [gelbooru] add support for `api_key` and `user_id`
- [gelbooru] implement pagination for `pool` results
- [instagram] add support for a user's saved collections
- [instagram] provide `date` for directory format strings
- [kemonoparty] add `favorites` option
- [oauth] add `host` config option
- [rule34] implement pagination for `pool` results
- [skeb] add option to download `article` images
- [tumblr] download higher-quality images
- [tumblr] add `count` metadata field
- [wallhaven] implement `metadata` option
- [zerochan] add `tag` and `image` extractors
- [zerochan] implement login with username & password
- [postprocessor:metadata] implement `mode: modify` and `mode: delete`
- [formatter] add `g` conversion for slugifying a string
- [formatter] apply `:J` only to lists
- implement `path-metadata` option
- allow comments after input file URLs
- add global `warnings` option to control `urllib3` warning behavior
### Fixes
- [bunkr] fix extraction
- [deviantart] use public access token for journals
- [e621] fix extraction of `popular` posts
- [fanbox] download cover images in original size
- [mastodon] allow downloading without access token
- [hitomi] update cache expiry time
- [hitomi] fix error when number of tag results is a multiple of 25
- [mangahere] fix `page-reverse` option
- [poipiku] fix posts with more than one image
- [poipiku] update filter for static images
- [slideshare] fix metadata extraction
- [twitter] unescape `+` in search queries
- [twitter] fall back to unfiltered search
- [twitter] ignore invalid user entries
- [vk] prevent exceptions for broken/invalid photos
- [vsco] fix `collection` extraction
- [weibo] prevent exception for missing `playback_list`
- [weibo] prevent errors when paginating over album entries
Upstream changes:
Version 4.2.21
* Fix: regressing on announcing routes from the API #1108
Version 4.2.20
* Fix: correctly filter routes announced by the API to the right peer #1005
* Feature: healthcheck neighbor filtering and path-information backport
of #1098 and #1099
* Fix: backport #1101 fix parsing of FlowSpec TCPFlags with NS
* Fix: backport #1102 fix parsing of Fragment with IPv6 destinations/sources
* Fix: bug in CLI when failing to read data
Version 4.2.19
* Feature: force PGP signing of tags
* Feature: backport ICMP types
* Fix: backport healthcheck setup_ips requiring a label
backport by: Steven Honson
Version 4.2.18
* Feature: add ICMP experimental codes
reported: enag11
* Feature: PGP signing releases
- remove vendor directory and switch to separately downloaded modules
(NOTE: this part should probably be reverted after the next release!)
- patch go.mod and go.sum for quic-go update (the result of running
go get github.com/lucas-clemente/quic-go@v0.28.1, implies updating other
dependencies
- one source code patch for quic-go to fix API breakage
Changes:
1.2
---
* Use the new geomyidae escaping style in for directory entries:
See also the phlog "Geomyidae v0.51 brcon2022 release by 20h":
gopher://bitreich.org/0/usr/20h/phlog/2022-08-06T20-18-42-220705.md
* Unset a newly introduced option in libgit2 that do not allow different users
from reading the git repository. This is not a security issue for stagit.
See also the related page:
https://github.blog/2022-04-12-git-security-vulnerability-announced/
* Add a workaround comment in the Makefile for distros or packagers using an
older libgit2 version (Void Linux, Debian, etc).
1.1
---
* Improve read and write error handling in streams.
* libgit2 config opts: set the search to an empty path. This will not search
outside the paths anymore and also not cause an unveil violation on OpenBSD
(reported by Anton Lindqvist, thanks!).
* Add dark mode (just kidding, gopher supports all modes).
1.0
---
* Print the number of remaining commits.
* Add EXAMPLES section to the man pages.
Changelog
Add option --use-extractors
Merge youtube-dl: Upto commit/ed5c44e
Add yt-dlp version to infojson
Fix --break-per-url --max-downloads
Fix bug in --alias
[cookies] Support firefox container in --cookies-from-browser by bashonly, coletdjnz, pukkandan
[downloader/external] Smarter detection of executable
[extractor/generic] Don't return JW player without formats
[FormatSort] Fix aext for --prefer-free-formats
[jsinterp] Various improvements by pukkandan, dirkf, elyse0
[cache] Mechanism to invalidate old cache
[utils] Add deprecation_warning
[utils] Add orderedSet_from_options
[utils] Popen: Restore LD_LIBRARY_PATH when using PyInstaller by Lesmiscore
[build] make tar should not follow DESTDIR by satan1st
[build] Update pyinstaller by shirt-dev
[test] Fix test_youtube_signature
[cleanup] Misc fixes and cleanup by DavidH-2022, MrRawes, pukkandan
[extractor/epoch] Add extractor by tejasa97
[extractor/eurosport] Add extractor by HobbyistDev
[extractor/IslamChannel] Add extractors by Lesmiscore
[extractor/newspicks] Add extractor by Lesmiscore
[extractor/triller] Add extractor by bashonly
[extractor/VQQ] Add extractors by elyse0
[extractor/youtube] Improvements to nsig extraction
[extractor/youtube] Fix bug in format sorting
[extractor/youtube] Update iOS Innertube clients by SamantazFox
[extractor/youtube] Use device-specific user agent by coletdjnz
[extractor/youtube] Add --compat-option no-youtube-prefer-utc-upload-date by coletdjnz
[extractor/arte] Bug fix by cgrigis
[extractor/bilibili] Extract flac with premium account by jackyyf
[extractor/BiliBiliSearch] Don't sort by date
[extractor/BiliBiliSearch] Fix infinite loop
[extractor/bitchute] Mark errors as expected
[extractor/crunchyroll:beta] Use anonymous access by tejing1
[extractor/huya] Fix stream extraction by ohaiibuzzle
[extractor/medaltv] Fix extraction by xenova
[extractor/mediaset] Fix embed extraction
[extractor/mixcloud] All formats are audio-only
[extractor/rtbf] Fix jwt extraction by elyse0
[extractor/screencastomatic] Support --video-password by shreyasminocha
[extractor/stripchat] Don't modify input URL by dfaker
[extractor/uktv] Improve _VALID_URL by dirkf
[extractor/vimeo:user] Fix _VALID_URL
7.1.11
select: yield available payload fully by requested num_bytes
7.1.10
fget_object(): remove resume support.
fix lifecycle config rule validation
error out if lifecycle rule has null filter
EventIterable: Reconnect on closed response
7.1.9
allow hashlib.md5() calls to work with FIPS kernels
Handle 304 status code properly
correct ValueError when part_size > MAX_PART_SIZE
Set minimum requirement to Python v3.7
Changes since 4.16.4
--------------------
* BUG 15128: Possible use after free of connection_struct when iterating
smbd_server_connection->connections.
* BUG 15086: Spotlight RPC service returns wrong response when Spotlight is
disabled on a share.
* BUG 15126: acl_xattr VFS module may unintentionally use filesystem
permissions instead of ACL from xattr.
* BUG 15153: Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1.
* BUG 15161: assert failed: !is_named_stream(smb_fname)") at
../../lib/util/fault.c:197.
* BUG 15148: Missing READ_LEASE break could cause data corruption.
* BUG 15124: rpcclient can crash using setuserinfo(2).
* BUG 15132: Samba fails to build with glibc 2.36 caused by including
<sys/mount.h> in libreplace.
* BUG 15152: SMB1 negotiation can fail to handle connection errors.
* BUG 15078: samba-tool domain join segfault when joining a samba ad domain.
Wireshark 3.6.8 Release Notes
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2022-06[2] F5 Ethernet Trailer dissector infinite loop.
Issue 18307[3].
The following bugs have been fixed:
• TCAP Malformed exception on externally re-assembled packet Issue
10515[4].
• Extended 3GPP-GPRS-Negotiated-QoS-profile strings decoded
incompletely Issue 10688[5].
• HTTP2 dissector decodes first SSL record only Issue 11173[6].
• L2TP improvements - cookie length detection, UDP encapsulation
and more Issue 16565[7].
• USB Truncation of URB_isochronous in frames Issue 18021[8].
• ISUP/BICC parameter summary text duplication Issue 18094[9].
• Running rpm-setup.sh shows missing packages that Centos does not
need Issue 18166[10].
• IPX/IPX RIP: Crash on expand subtree Issue 18234[11].
• Qt: A file or packet comment that is too large will corrupt the
pcapng file Issue 18235[12].
• BGP dissector bug Issue 18248[13].
• Wrong interpretation of the cbsp.rep_period field in
epan/dissectors/packet-gsm_cbsp.c Issue 18254[14].
• Assertion due to incorrect mask for btatt.battery_power_state.*
Issue 18267[15].
• Qt: Expert Info dialog not showing Malformed Frame when Frame
length is less than captured length Issue 18312[16].
• Wireshark and tshark become non-responsive when reading certain
packets Issue 18313[17].
Updated Protocol Support
BGP, BICC, BT ATT, CBSP, Couchbase, F5 Ethernet Trailer, Frame, GTP,
GTP (prime), IPsec, ISUP, L2TP, NAS-5GS, Protobuf, SCCP, TCP, and TLS
New and Updated Capture File Support
pcap, pcapng
### BUG FIXES:
- More path-cleaning improvements in the file-list validation code to avoid
rejecting of valid args.
- A file-list validation fix for a [`--files-from`](rsync.1#opt) file that ends
without a line-terminating character.
- Added a safety check that prevents the sender from removing destination files
when a local copy using [`--remove-source-files`](rsync.1#opt) has some files
that are shared between the sending & receiving hierarchies, including the
case where the source dir & destination dir are identical.
- Fixed a bug in the internal MD4 checksum code that could cause the digest
to be sporadically incorrect (the openssl version was/is fine).
- A minor tweak to rrsync added "copy-devices" to the list of known args, but
left it disabled by default.
### ENHANCEMENTS:
- Rename `--protect-args` to [`--secluded-args`](rsync.1#opt) to make it
clearer how it differs from the default backslash-escaped arg-protecting
behavior of rsync. The old option names are still accepted. The
environment-variable override did not change its name.
Nmap 7.93 [2022-09-01]
o This release commemorates Nmap's 25th anniversary! It all started with this
September 1, 1997 Phrack article by Fyodor: https://nmap.org/p51-11.html.
o [Windows] Upgraded Npcap (our Windows raw packet capturing and
transmission driver) from version 1.50 to the latest version 1.71. It
includes dozens of performance improvements, bug fixes and feature
enhancements described at https://npcap.com/changelog.
o Ensure Nmap builds with OpenSSL 3.0 using no deprecated API functions.
Binaries for this release include OpenSSL 3.0.5.
o Upgrade included libraries: libssh2 1.10.0, zlib 1.2.12, Lua 5.3.6, libpcap 1.10.1
o Fix a bug that prevented Nmap from discovering interfaces on Linux
when no IPv4 addresses were configured. [Daniel Miller, nnposter]
o [NSE] NSE "exception handling" with nmap.new_try() will no longer
result in a stack traceback in debug output nor a "ERROR: script execution
failed" message in script output, since the intended behavior has always been
to end the script immediately without output. [Daniel Miller]
o Update the Nmap output DTD to match actual output since the
`<hosthint>` element was added in Nmap 7.90.
o [NSE] Fix newtargets support: since Nmap 7.92, scripts could not add
targets in script pre-scanning phase. [Daniel Miller]
o Scripts dhcp-discover and broadcast-dhcp-discover now support
setting a client identifier. [nnposter]
o Script oracle-tns-version was not reporting the version
correctly for Oracle 19c or newer [linholmes]
o Script redis-info was crashing or producing inaccurate
information about client connections and/or cluster nodes. [nnposter]
o Nmap and Nping were unable to obtain system routes on FreeBSD
[benpratt, nnposter]
o Script ipidseq was broken due to calling an unreachable library
function. [nnposter]
o Support for EC crypto was not properly enabled if Nmap
was compiled with OpenSSL in a custom location. [nnposter]
o [NSE] Improvements to event handling and pcap socket garbage collection,
fixing potential hangs and crashes. [Daniel Miller]
o We ceased creating the Nmap win32 binary zipfile. It was useful back when
you could just unzip it and run Nmap from there, but that hasn't worked well
for many years. The win32 self-installer handles Npcap installation and many
other dependencies and complexities. Anyone who needs the binaries for some
reason can still install Nmap on any system and retrieve them from there.
For now we're keeping the Win32 zipfile in the Nmap OEM Edition
(https://nmap.org/oem) for companies building Nmap into their own
products. But even in that case we believe that running the Nmap OEM
self-installer in silent mode is a better approach.
o Fix TDS7 password encoding for mssql.lua, which had been assuming
ASCII input even though other parts of the library had been passing it Unicode.
o Replace deprecated CPEs for IIS with their updated identifier,
cpe:/a:microsoft:internet_information_services [Esa Jokinen]
o [NSE] Fix script-terminating error when unknown BSON data types are
encountered. Added parsers for most standard data types. [Daniel Miller]
o [Ncat] Fix hostname/certificate comparison and matching to handle ASN.1
strings without null terminators, a similar bug to OpenSSL's CVE-2021-3712.
o [Ncat] Added support for SOCKS5 proxies that return bind addresses
as hostnames, instead of IPv4/IPv6 addresses. [pomu0325]
