options. Some others (c99, CC) can. To avoid linker errors about
"illegal option -- 1", these options are converted to -xO0 and -xO1,
which work.
Committed during the freeze to avoid breakage of packages. The code that
passed the -O0 and -O1 options through is relatively new, so there may
not have shown packages that break because of this.
Changes in version 0.1.1.26 - 2006-12-14
o Security bugfixes:
- Stop sending the HttpProxyAuthenticator string to directory
servers when directory connections are tunnelled through Tor.
- Clients no longer store bandwidth history in the state file.
- Do not log introduction points for hidden services if SafeLogging
is set.
o Minor bugfixes:
- Fix an assert failure when a directory authority sets
AuthDirRejectUnlisted and then receives a descriptor from an
unlisted router (reported by seeess).
ok <frueauf>, the MAINTAINER.
changes:
2.2.9:
======
- nessus-mkcert-client:
- Make sure that the user calling nessus-mkcert-client is root
- nessus-libraries:
- Fixed a bug in the PCAP handler which in turn should fix synscan.nes
- nessus:
- Fixed a possible memory corruption issue when creating a list of plugins
to launch
- Fixed a corruption of the .nessusrc files when receiving some plugin
prefs ending by a space
- nessus-fetch:
- Make sure that every request (including the proxy CONNECT request)
is done with the user-specified user-agent.
- nessus-plugins:
- Fixed a banner encoding problem in nessus_tcp_scanner and find_service
- Fixed a possible deadlock in synscan
- nessusd:
- Avoid a deadlock when waiting for a sub process to die
2.2.8:
======
- nessusd:
- Make sure that plugins of type ACT_INIT and ACT_SETTINGS are
always enabled during a scan
- Display more error verbose error messages when it's impossible to
load a .nes plugin
- Fixed a harmless memory reallocation problem which would truncate
a very long preference name
- nessus-libraries:
- Fixed a possible memory corruption when forwarding data from a process
to another
- libnasl:
- 'a = b + c ++' would not work as expected
- fixed a memory allocation problem when split() is passed an argument
of the wrong type
Changes:
4.20
o Integrated the latest OS fingerprint submissions. The 2nd
generation DB size has grown to 231 fingerprints. Please keep them
coming! New fingerprints include Mac OS X Server 10.5 pre-release,
NetBSD 4.99.4, Windows NT, and much more.
o Fixed a segmentation fault in the new OS detection system
which was reported by Craig Humphrey and Sebastian Garcia.
o Fixed a TCP sequence prediction difficulty indicator bug. The index
is supposed to go from 0 ("trivial joke") to about 260 (OpenBSD).
But some systems generated ISNs so insecurely that Nmap went
berserk and reported a negative difficulty index. This generally
only affects some printers, crappy cable modems, and Microsoft
Windows (old versions). Thanks to Sebastian Garcia for helping me
track down the problem.
4.20RC2
o Integrated all of your OS detection submissions since RC1. The DB
has increased 13% to 214 fingerprints. Please keep them coming!
New fingerprints include versions of z/OS, OpenBSD, Linux, AIX,
FreeBSD, Cisco CatOS, IPSO firewall, and a slew of printers and
misc. devices. We also got our first Windows 95 fingerprint,
submitted anonymously of course :).
o Fixed (I hope) the "getinterfaces: intf_loop() failed" error which
was seen on Windows Vista. The problem was apparently in
intf-win32.c of libdnet (need to define MIB_IF_TYPE_MAX to
MAX_IF_TYPE rather than 32). Thanks to Dan Griffin
(dan(a)jwsecure.com) for tracking this down!
o Applied a couple minor bug fixes for IP options
support and packet tracing. Thanks to Michal Luczaj
(regenrecht(a)o2.pl) for reporting them.
o Incorporated SLNP (Simple Library Network Protocol) version
detection support. Thanks to Tibor Csogor (tibi(a)tiborius.net) for
the patch.
4.20RC1
o Fixed (I hope) a bug related to Pcap capture on Mac OS X. Thanks to
Christophe Thil for reporting the problem and to Kurt Grutzmacher
and Diman Todorov for helping to track it down.
o Integrated all of your OS detection submissions since ALPHA11. The
DB has increased 27% to 189 signatures. Notable additions include
the Apple Airport Express, Windows Vista RC1, OpenBSD 4.0, a Sony
TiVo device, and tons of broadband routers, printers, switches, and
Linux kernels. Keep those submissions coming!
o Upgraded the included LibPCRE from version 6.4 to 6.7. Thanks to
Jochen Voss (voss(a)seehuhn.de) for the suggestion (he found some bugs
in 6.4)
4.20ALPHA11
o Integrated all of your OS detection submissions, bringing the
database up to 149 fingerprints. This is an increase of 28% from
ALPHA10. Notable additions include FreeBSD 6.1, a bunch of HP
LaserJet printers, and HP-UX 11.11. We also got a bunch of more
obscure submissions like Minix 3.1.2a and "Ember InSight Adapter for
programming EM2XX-family embedded devices". Who doesn't have a few
of those laying around? I'm hoping that all the obscure submissions
mean that more of the mainstream systems are being detected out of
the box! Please keep those submissions (obscure or otherwise)
coming!
4.20ALPHA10
o Integrated tons of new OS fingerprints. The DB now contains 116
fingerprints, which is up 63% since the previous version. Please keep
the submissions coming!
4.20ALPHA9
o Integrated the newly submitted OS fingerprints. The DB now contains
71 fingerprints, up 27% from 56 in ALPHA8. Please keep them coming!
We still only have 4.2% as many fingerprints as the gen1 database.
o Added the --open option, which causes Nmap to show only open ports.
Ports in the states "open|closed" and "unfiltered" might be open, so
those are shown unless the host has an overwhelming number of them.
o Nmap gen2 OS detection used to always do 2 retries if it fails to
find a match. Now it normally does just 1 retry, but does 4 retries
if conditions are good enough to warrant fingerprint submission.
This should speed things up on average. A new --max-os-tries option
lets you specify a higher lower maximum number of tries.
o Added --unprivileged option, which is the opposite of --privileged.
It tells Nmap to treat the user as lacking network raw socket and
sniffing privileges. This is useful for testing, debugging, or when
the raw network functionality of your operating system is somehow
broken.
o Fixed a confusing error message which occured when you specified a
ping scan or list scan, but also specified -p (which is only used for
port scans). Thanks to Thomas Buchanan for the patch.
o Applied some small cleanup patches from Kris Katterjohn
4.20ALPHA8
o Integrated the newly submitted OS fingerprints. The DB now contains
56, up 33% from 42 in ALPHA7. Please keep them coming! We still only
have 3.33% as many signatures as the gen1 database.
o Nmap 2nd generation OS detection now has a more sophisticated
mechanism for guessing a target OS when there is no exact match in the
database (see http://insecure.org/nmap/osdetect/osdetect-guess.html )
o Rewrote mswin32/nmap.rc to remove cruft and hopefully reduce some
MFC-related compilation problems we've seen. Thanks to KX
(kxmail(a)gmail.com) for doing this.
o NmapFE now uses a spin button for verbosity and debugging options so
that you can specify whatever verbosity (-v) or debugging (-d) level
you desire. The --randomize-hosts option was also added to NmapFE.
Thanks to Kris Katterjohn for the patches.
o A dozen or so small patches to Nmap and NmapFE by Kris Katterjohn.
o Removed libpcap/Win32 and libpcap/msdos as Nmap doesn't use them.
This reduces the Nmap tar.bz2 by about 50K. Thanks to Kris Katterjohn
for the suggestion.
4.20ALPHA7
o Did a bunch of Nmap 2nd generation fingerprint integration work.
Thanks to everyone who sent some in, though we still need a lot more.
Also thanks to Zhao for a bunch of help with the integration tools.
4.20ALPHA6 had 12 fingerprints, this new version has 42. The old DB
(still included) has 1,684.
o Updated nmap-mac-prefixes to reflect the latest OUI DB from the IEEE
(http://standards.ieee.org/regauth/oui/oui.txt) as of September 6, 2006.
Also added the unregistered PearPC virtual NIC prefix, as suggested
by Robert Millan (rmh(a)aybabtu.com).
o Applied some small internal cleanup patches by Kris Katterjohn.
4.20ALPHA6
o Fixed a bug in 2nd generation OS detection which would (usually) prevent
fingerprints from being printed when systems don't respond to the 1st
ICMP echo probe (the one with bogus code value of 9). Thanks to
Brandon Enright for reporting and helping me debug the problem.
o Fixed some problematic Nmap version detection signatures which could
cause warning messages. Thanks to Brandon Enright for the initial patch.
4.20ALPHA5
o Worked with Zhao to improve the new OS detection system with
better algorithms, probe changes, and bug fixes. We're
now ready to start growing the new database! If Nmap gives you
fingerprints, please submit them at the given URL. The DB is still
extremely small. The new system is extensively documented at
http://insecure.org/nmap/osdetect/ .
o Nmap now supports IP options with the new --ip-options flag. You
can specify any options in hex, or use "R" (record route), "T"
(record timestamp), "U") (record route & timestamp), "S [route]"
(strict source route), or "L [route]" (loose source route). Specify
--packet-trace to display IP options of responses. For further
information and examples, see http://insecure.org/nmap/man/ and
http://seclists.org/nmap-dev/2006/q3/0052.html . Thanks to Marek
Majkowski for writing and sending the patch.
o Integrated all 2nd quarter service detection fingerprint
submissions. Please keep them coming! We now have 3,671 signatures
representing 415 protocols. Thanks to version detection czar Doug
Hoyte for doing this.
o Nmap now uses the (relatively) new libpcap pcap_get_selectable_fd
API on systems which support it. This means that we no longer need
to hack the included Pcap to better support Linux. So Nmap will now
link with an existing system libpcap by default on that platform if
one is detected. Thanks to Doug Hoyte for the patch.
o Updated the included libpcap from 0.9.3 to 0.9.4. The changes I
made are in libpcap/NMAP_MODIFICATIONS . By default, Nmap will now
use the included libpcap unless version 0.9.4 or greater is already
installed on the system.
o Applied some nsock bugfixes from Diman Todorov. These don't affect
the current version of Nmap, but are important for his Nmap
Scripting Engine, which I hope to integrate into mainline Nmap in
September.
o Fixed a bug which would occasionally cause Nmap to crash with the
message "log_vwrite: write buffer not large enough". I thought I
conquered it in a previous release -- thanks to Doug Hoyte for finding a
corner case which proved me wrong.
o Fixed a bug in the rDNS system which prevented us from querying
certain authoritative DNS servers which have recursion explicitly
disabled. Thanks to Doug Hoyte for the patch.
o --packet-trace now reports TCP options (thanks to Zhao Lei for the
patch). Thanks to the --ip-options addition also found in this
release, IP options are printed too.
o Cleaned up Nmap DNS reporting to be a little more useful and
concise. Thanks to Doug Hoyte for the patch.
o Applied a bunch of small internal cleanup patches by Kris Katterjohn
(kjak(a)ispwest.com).
o Fixed the 'distclean' make target to be more comprehensive. Thanks
to Thomas Buchanan (Thomas.Buchanan(a)thecompassgrp.net) for the
patch.
Nmap 4.20ALPHA4
o Nmap now provides progress statistics in the XML output in verbose
mode. Here are some examples of the format (etc is "estimated time
until completion) and times are in UNIX time_t (seconds since 1970)
format. Angle braces have been replaced by square braces:
[taskbegin task="SYN Stealth Scan" time="1151384685" /]
[taskprogress task="SYN Stealth Scan" time="1151384715"
percent="13.85" remaining="187" etc="1151384902" /]
[taskend task="SYN Stealth Scan" time="1151384776" /]
[taskbegin task="Service scan" time="1151384776" /]
[taskend task="Service scan" time="1151384788" /]
Thanks to Adam Vartanian (flooey(a)gmail.com) for the patch.
o Updated the Windows installer to give an option checkbox for
performing the Nmap performance registry changes. The default is to
do so. Thanks to Adam Vartanian (flooey(a)gmail.com) for the patch.
o Applied several code cleanup patches from Marek Majkowski.
o Added --release-memory option, which causes Nmap to release all
accessible memory buffers before quitting (rather than let the OS do
it). This is only useful for debugging memory leaks.
o Fixed a bug related to bogus completion time estimates when you
request an estimate (through runtime interaction) right when Nmap is
starting.a subsystem (such as a port scan or version detection).
Thanks to Diman Todorov for reporting the problem and Doug Hoyte for
writing a fix.
o Nmap no longer gets random numbers from OpenSSL when it is available
because that turned out to be slower than Nmap's other methods
(e.g. /dev/urandom on Linux, /dev/arandom on OpenBSD, etc.). Thanks
to Marek Majkowski for reporting the problem.
o Updated the Windows binary distributions (self-installer and .zip)
to include the new 2nd generation OS detection DB (nmap-os-db).
Thanks to Sina Bahram for reporting the problem.
o Fixed the --max-retries option, which wasn't being honored. Thanks
to Jon Passki (jon.passki(a)hursk.com) for the patch.
Nmap 4.20ALPHA3
o Added back Win32 support thanks to a patch by kx
o Fixed the English translation of TCP sequence difficulty reported by
Brandon Enright, and also removed fingerprint printing for 1st
generation fingerprints (I don't really want to deal with those
anymore). Thanks to Zhao Lei for writing this patch.
o Fix a problem which caused OS detection to be done in some cases
even if the user didn't request it. Thanks to Diman Todorov for the
fix.
Nmap 4.20ALPHA2
o Included nmap-os-db (the new OS detection DB) within the release.
Oops! Thanks to Brandon Enright (bmenrigh(a)ucsd.edu) for catching
this problem with 4.20ALPHA1.
o Added a fix for the crash in the new OS detection which would come
with the message "Probe doesn't exist! Probe type: 1. Probe subid: 1"
Nmap 4.20ALPHA1
o Integrated initial 2nd generation OS detection patch! The system is
documented at http://insecure.org/nmap/osdetect/ . Thanks to Zhao Lei
for helping with the coding and design.
o portlist.cc was refactored to remove some code duplication. Thanks
to Diman Todorov for the patch.
Monsterz is a little puzzle game, similar to the famous Bejeweled
or Zookeeper.
The goal of the game is to create rows of similar monsters, either
horizontally or vertically. The only allowed move is the swap of
two adjacent monsters, on the condition that it creates a row of
three or more. When alignments are cleared, pieces fall from the
top of the screen to fill the board again. Chain reactions earn
you even more points.
This game is mostly about luck, but it remains highly addictive.
You have been warned.
support more devices
severay bug fixes
[] Apache-based HTTP authentication added.
[1107564] Disable BULKWALK on a per device or per device type basis:
bulkwalk_no, arpnip_no, macsuck_no, discover_no use same syntax,
see README
[1111654] Allow wrap in config file with \ char
[969117] Automatically reloads config file in web front end when it changes.
[1392968] The map key is now automatically derived from configuration (i.e.,
entries in node_map)
[1107578] Port Control via VLANs
[744598] Inventory by subnet - IP Inventory feature improved to dump whole
subnets
[1107579] The map can be clustered by device Location fields. Thanks to Bjorn
Isaksson for the patch.
[1393653] Modules for optional features (e.g., NBT) are now loaded when
needed, not at startup.
[1116552] The devices in the "Choose Device" box on the Admin Panel
are now listed in numerical order by IP address, to make
it easier to find the one you're looking for.
[1116547] Contact field is now searched in the device search. New backend
database field time_recent in node database, for nodes that move
around a lot, it's the last time this node moved *back* to this
device (time_first is the first time ever). Add macsuck_only,
arpnip_only, discover_only limits Get SSIDs and channel from
wireless base station ports, and display SSID in device
port, add SSID inventory and SSID search
[1462199] Add SNMP timeout parameter to create_device()
[1492791] Added options snmp_force_v*
[] pg_all, pg_run, pg_init, pg_back unified into single sql/pg script
This script parses netdisco.conf for database settings.
[] Add graph_png option to use png output from graphviz
* THIS IS NOT COMPATIBLE with the old 0.2xxx series of the Graph
module. Your scripts are likely to break. I did try to fashion a
nice compatibility mode but there was no way to do that cleanly
and to cover all the old oddities. You can try the compatibility
mode but I suggest changing your code instead because the compat
mode is not going to be carried over to the next releases of the
module.
* The main reason for introducing the incompatibilities was that
the new Graph supports graphs of 'higher dimensions', and the
assumptions made by the old module (most importantly that edges
could only span two vertices) in effect made it impossible to
extend the interfaces.
* The next version of Graph (most likely 0.90) is going to aim
for speed. The backward compatibility for the 0.2xxx series
will be dropped (because that, too, slows down this release).
xproto; should have been .renderproto so that the variable always gets
defined somehow. (Under older bmake, there was a syntax error when
IS_BUILTIN.renderproto was later checked, because for x11-links, it was
never defined in the first place.)
Remove check for X11BASE==LOCALBASE. There's even a comment there saying
we don't want to check that, so don't do it.
