- bite the bullet and use GNU make, it's increasingly annoying to try
avoiding it
Changes:
- Added a dozens of more detailed SSH version detection signatures,
thanks to a SSH huge survey and integration effort by Doug Hoyte.
The results of his large-scale SSH scan are posted at
http://seclists.org/nmap-dev/2006/Apr-Jun/0393.html .
- Fixed the Nmap Makefile (actually Makefile.in) to correctly handle
include file dependencies. So if a .h file is changed, all of the
.cc files which depend on it will be recompiled. Thanks to Diman
Todorov (diman(a)xover.mud.at) for the patch.
- Fixed a compilation problem on solaris and possibly other platforms.
The error message looked like "No rule to make target `inet_aton.o',
needed by `libnbase.a'". Thanks to Matt Selsky
(selsky(a)columbia.edu) for the patch.
Fixes PR pkg/33806 from Gilles Dauphin.
- Applied a patch which helps with HP-UX compilation by linking in the
nm library (-lnm). Thanks to Zakharov Mikhail (zmey20000(a)yahoo.com)
for the patch.
- Added version detection probes for detecting the Nessus daemon.
Thanks to Adam Vartanian (flooey(a)gmail.com) for sending the patch.
dutifully installs whatever it thinks might be missing or just
substandard on the current system.
As the Makefile already adds the contents of share/doc/bind9
dynamically to the PLIST, do the same for include/bind.
Fixes the PLIST on RedHat EL 2 & 3, and does not break it on NetBSD/3
No PKGREVISION bump as no change to anything but generated PLIST
Changes:
4.10:
=====
- Updated nmap-mac-prefixes to reflect the latest OUI DB from the IEEE
(http://standards.ieee.org/regauth/oui/oui.txt) as of May 31, 2006.
Also added a couple unregistered OUI's (for QEMU and Bochs)
suggested by Robert Millan (rmh(a)aybabtu.com).
- Fixed a bug which could cause false öpen" ports when doing a UDP
scan of localhost. This usually only happened when you scan tens of
thousands of ports (e.g. -p- option).
- Fixed a bug in service detection which could lead to a crash when
"--version-intensity 0" was used with a UDP scan. Thanks to Makoto
Shiotsuki (shio(a)st.rim.or.jp) for reporting the problem and Doug
Hoyte for producing a patch.
- Made some AIX and HP-UX portability fixes to Libdnet and NmapFE.
These were sent in by Peter O'Gorman
(nmap-dev(a)mlists.thewrittenword.com).
- When you do a UDP«CP scan, the TCP ports are now shown first (in
numerical order), followed by the UDP ports (also in order). This
contrasts with the old format which showed all ports together in
numerical order, regardless of protocol. This was at first a "bug",
but then I started thinking this behavior may be better. If you
have a preference for one format or the other, please post your
reasons to nmap-dev.
- Changed mass_dns system to print a warning if it can't find any
available DNS servers, but not quit like it used to. Thanks to Doug
Hoyte for the patch.
4.04BETA1:
==========
- Integrated all of your submissions (about a thousand) from the first
quarter of this year! Please keep 'em coming! The DB has increased
from 3,153 signatures representing 381 protocols in 4.03 to 3,441
signatures representing 401 protocols. No other tool comes close!
Many of the already existing match lines were improved too. Thanks
to Version Detection Czar Doug Hoyte for doing this.
- Nmap now allows multiple ingored port states. If a 65K-port scan
had, 64K filtered ports, 1K closed ports, and a few dozen open
ports, Nmap used to list the dozen open ones among a thousand lines
of closed ports. Now Nmap will give reports like "Not shown: 64330
filtered ports, 1000 closed ports" or "All 2051 scanned ports on
192.168.0.69 are closed (1051) or filtered (1000)", and omit all of
those ports from the table. Open ports are never ignored. XML
output can now have multiple <extraports> directive (one for each
ignored state). The number of ports in a single state before it is
consolidated defaults to 26 or more, though that number increases as
you add -v or -d options. With -d3 or higher, no ports will be
consolidated. The XML output should probably be augmented to give
the extraports directive 'ip', 'tcp', and 'udp' attributes which
specify the corresponding port numbers in the given state in the
same listing format as the nmaprun.scaninfo.services attribute, but
that part hasn't yet been implemented. If you absoultely need the
exact port numbers for each state in the XML, use -d3 for now.
- Nmap now ignores certain ICMP error message rate limiting (rather
than slowing down to accomidate it) in cases such as SYN scan where
an ICMP message and no response mean the same thing (port filtered).
This is currently only done at timing level Aggressive (-T4) or
higher, though we may make it the default if we don't hear problems
with it. In addition, the --defeat-rst-ratelimit option has been
added, which causes Nmap not to slow down to accomidate RST rate
limits when encountered. For a SYN scan, this may cause closed
ports to be labeled 'filtered' becuase Nmap refused to slow down
enough to correspond to the rate limiting. Learn more about this
new option at http://www.insecure.org/nmap/man/ . Thanks to Martin
Macok (martin.macok(a)underground.cz) for writing the patch that
these changes were based on.
- Moved my Nmap development environment to Visual C++ 2005 Express
edition. In typical "MS Upgrade Treadmill" fashion, Visual Studio
2003 users will no longer be able to compile Nmap using the new
solution files. The compilation, installation, and execution
instructions at
http://www.insecure.org/nmap/install/inst-windows.html have been
upgraded.
- Automated my Windows build system so that I just have to type a
single make command in the mswin32 directory. Thanks to Scott
Worley (smw(a)pobox.com>, Shane & Jenny Walters
(yfisaqt(a)waltersinamerica.com), and Alex Prinsier
(aphexer(a)mailhaven.com) for reading my appeal in the 4.03
CHANGELOG and assisting.
- Changed the PortList class to use much more efficient data
structures and algorithms which take advantage of Nmap-specific
behavior patterns. Thanks to Marek Majkowski
(majek(a)forest.one.pl) for the patch.
- Fixed a bug which prevented certain TCPÙDP scan commands, such as
"nmap -sSU -p1-65535 localhost" from scanning both TCP and UDP.
Instead they gave the error message "WARNING: UDP scan was requested,
but no udp ports were specified. Skipping this scan type". Thanks to
Doug Hoyte for the patch.
- Nmap has traditionally required you to specify -T* timing options
before any more granular options like --max-rtt-timeout, otherwise the
general timing option would overwrite the value from your more
specific request. This has now been fixed so that the more specific
options always have precendence. Thanks to Doug Hoyte for this patch.
- Fixed a couple possible memory leaks reported by Ted Kremenek
(kremenek(a)cs.stanford.edu) from the Stanford University sofware
static analysis lab ("Checker" project).
- Nmap now prints a warning when you specify a target name which
resolves to multiple IP addresses. Nmap proceeds to scan only the
first of those addresses (as it always has done). Thanks to Doug
Hoyte for the patch. The warning looks like this:
Warning: Hostname google.com resolves to 3 IPs. Using 66.102.7.99.
- Disallow --host-timeout values of less than 1500ms, print a warning
for values less than 15s.
- Changed all instances of inet_aton() into calls to inet_pton()
instead. This allowed us to remove inet_aton.c from nbase. Thanks to
KX (kxmail(a)gmail.com) for the patch.
- When debugging (-d) is specified, Nmap now prints a report on the
timing variables in use. Thanks to Doug Hoyte for the patch. The
report loos like this:
---------- Timing report ----------
hostgroups: min 1, max 100000
rtt-timeouts: init 250, min 50, max 300
scan-delay: TCP 5, UDP 1000
parallelism: min 0, max 0
max-retries: 2, host-timeout 900000
-----------------------------------
- Modified the WinPcap installer file to explicitly uninstall an
existing WinPcap (if you select that you wish to replace it) rather
than just overwriting the old version. Thanks to Doug Hoyte for
making this change.
- Added some P2P application ports to the nmap-services file. Thanks
to Martin Macok for the patch.
- The write buffer length increased in 4.03 was increased even further
when the debugging or verbosity levels are more than 2 (e.g. -d3).
Thanks to Brandon Enright (bmenrigh(a)ucsd.edu) for the patch. The
goal is to prevent you from ever seeing the fatal error:
"log_vwrite: write buffer not large enough -- need to increase"
- Added a note to the Nmap configure dragon that people sick of him
can submit their own ASCII art to nmap-dev@insecure.org . If you
are wondering WTF I am talking about, it is probably because only
most elite Nmap users -- the ones who compile from source on UNIX --
get to see the 'l33t ASCII Art.
SSL libraries to build couriertls, which encapsulates the logic for
handling SSL connections for Courier services. Drop the dependency
on openssl from both courier-imap and courier-mta, which only need
the "openssl" tool instead. Bump the PKGREVISIONs for all three
packages due to the changed dependencies. Problem noted by Ondrej
Tuma in private email.
1.2.6:
Sam Lantinga - Sun Apr 30 01:48:40 PDT 2006
* Added gcc-fat.sh for generating Universal binaries on Mac OS X
* Updated libtool support to version 1.5.22
Sam Lantinga - Wed Nov 19 00:23:44 PST 2003
* Updated libtool support for new mingw32 DLL build process
Shard - Thu, 05 Jun 2003 09:30:20 -0500
* Fixed compiling on BeOS, which may not have SO_BROADCAST
Kyle Davenport - Sat, 19 Apr 2003 17:13:31 -0500
* Added .la files to the development RPM, fixing RPM build on RedHat 8
Bump BUILDLINK_ABI_DEPENDS for SDL shlib changes.
o Crash and assert fixes from 0.1.1.20:
- Fix a rare crash on Tor servers that have enabled hibernation.
- Fix a seg fault on startup for Tor networks that use only one
directory authority.
- Fix an assert from a race condition that occurs on Tor servers
while exiting, where various threads are trying to log that they're
exiting, and delete the logs, at the same time.
- Make our unit tests pass again on certain obscure platforms.
[Noncritical changes, of which there are many, are in the ChangeLog.]
Pkgsrc changes:
- The module is available in the IP subdirectory on CPAN, so use the shorter
URL for MASTER_SITES.
Relevant changes since version 2.20:
====================================
- Small bug fixes
- Database update:
Apr 6 01:20 ripe.db.inetnum.gz
Apr 6 00:18 delegated-afrinic-20060406
Apr 5 18:16 delegated-apnic-20060406
Apr 6 05:03 delegated-arin-20060406
Apr 6 03:50 delegated-lacnic-20060405
net/couriertcpd.
This package contains couriertcpd(1), used to daemonize the Courier
services, and couriertls(1) used to provide TLS support for the Courier
services that support them.
