KDE is never going to build on NetBSD<1.0 so don't bother testing a
version, just assume we have setproctitle in libc.
Should fix a gcc3 build problem mentioned by Juan RP.
Based on PR pkg/22680 by Jon Olsson.
Changes:
- add new build-time options: PURE_FTPD_USE_TLS, PURE_FTPD_USE_VIRTUAL_CHROOT
- make the MySQL support actually work
- install more documentation
1.0.16a:
========
- Fix typo (sizeof_resolved instead of sizeof resolved) in src/bsd-realpath.c
Not a vulnerability because it happens in the good way, but it sometimes
used to break uploadscript.
1.0.16:
=======
- An obsolete comment in pure-ftpd.conf was fixed : RPMs don't parse
/etc/sysconf/pure-ftpd any more.
- Recognize the '##' prefix as a shadowed password - make authentication work
on Solaris with shadow/NIS.
- Add back some random sleep() between authentication failures in addition to
the exponential sleep. Zzzzz... sleeping is good in summer...
- Upgrade to automake 1.7.5.
- The list of options in the pure-ftpd(8) man page was reordered -
Thanks to our beloved Claudiu Costin.
- SSL/TLS support was added (bits in src/{ftpd.c,ftp_parser.c,tls.c,tls.h,
configure.ac}, new doc: README.TLS, new globals: tls_ctx, tls_cnx). New
related commands were introduced : AUTH, PBSZ and PROT.
- Uploaded files are now removed when realpath() fails and bsd_realpath() was
modified to fall back to getcwd()/chdir() if we can't get a descriptor on
the current directory because it is not readable. It fixes pure-uploadscript
on some platforms like MacOS X.
- HAVE_BROKEN_REALPATH is gone. USE_BUILTIN_REALPATH is born.
- A typo in the Python configuration file wrapper was fixed : -t was used in
place of -y.
- MacOS X Panther has a lousy getnameinfo() implementation that doesn't fill
the buffer when no DNS entry is found for a host and a numerical result
wasn't explicitely asked. As a result, Pure-FTPd didn't even start on Panther
(saying "bad IP address") . We now check for EAI_NONAME if available and we
retry with NI_NUMERICHOST if this is what getnameinfo() returns. Thanks to
Yann Bizeul for his valuable help on this issue.
- Implement a working strdup() replacement in puredb for systems lacking it.
- Some MAXPATHLEN / MAXPATHLEN + 1 cleanups. Basically when paths are
generated by our own functions, we use MAXPATHLEN for the complete
zero-terminated string. When a buffer is passed to a libc function, we reserve
a MAXPATHLEN + 1 buffer and give a MAXPATHLEN size, just to avoid bad
surprises if an off-by-one ever occurs in a getcwd() like function.
- Don't use make_scrambled_password() in the MySQL backend because the API
changed since MySQL 4.1.
- Removed fixed-size constant arrays in src/crypto.c because of MacOS X linker
bugs (grrr...) .
"ChangeLog" since 1.1.28 w/dates and blank lines elided:
* release 1.1.30
* voice/vgetty/answer.c, voice/include/default.c: integrate Paul
Fox' pre_message and beep_sound patches
* voice/libvoice/detect.c: recognize MultiTech MT3334ZDXV
* faxhng.c: add some result codes for the i4l DIVA driver
* voice/libvoice/IS_101.c: fix DTMF events for the unshielded case
* voice/vgetty/answer.c: accept arbitrary ring types, not only 0..6
* ring.c: map DRON/DROF return codes to binary word, use result
as distinctive RING number
* frontends/www/README: add user authentication example
* voice/libvoice/V253modem.c: repair messed-up 16 bit PCM patch
* release 1.1.29
* voice/libvoice/detect.c: insert delay before sending ATE0 to
modem (timing issue - modem might not have sent the full \r\n
sequence from the last "OK" yet when the new AT comes in)
* doc/*.[158]in: bring man pages up to date
* tools/ltest.c, tools/mid.c: adapt to new lprintf() prototype
* mgetty.h, logfile.c: adapt to use <stdarg.h> and "..."
function declaration (unless USE_VARARGS is set, which is
needed for NeXT platforms). Karsten Keil <kkeil@suse.de>.
* Makefile: relax permissions on sendfax and faxrunq.config
install - must be readable/executeable by user "fax" now
* doc/faxrunqd.8in: document "-u", minor updates
* fax/faxrunqd.in, fax/faxspool.in, fax/faxrunq.in: revert
Aug 6, 200 change - put faxqueue_done back into $FAX_SPOOL_OUT/
(faxrunq/faxrunqd have no access rights to $VARRUNDIR/ anymore,
and $FAX_SPOOL_OUT is no longer world writeable anyway)
* fax/faxq.in: change from .last_run to faxqueue_done
* fax/faxrunqd.in: add "-u <user>" switch (set uid to <user>)
* fax/faxq-helper.c: finalize new fax queue handling using helper
process (suid fax) and a fax queue that is no longer
world-readable (open issue since 1994 :) )
* faxrecp.c: implement experimental teergrubing mode (signal
"page bad, please retransmit" at the end of each page - or just
hang up hard on caller). Activared with "modem-quirks 0x100"
or "0x200", respectively.
* voice/libvoice/V253Modem.c: add 16 bit linear PCM support
(patch coming from Peter Bruley)
* voice/pvftools/pvftormd.c, rmdtopvf.c: add 16 bit linear PCM
* rework faxq-helper concept (suid root -> suid fax)
* fax/faxq.in: adap "-r" to use faxq-helper
* fax/faxspool.in: adapt to use faxq-helper
* fax/faxrm.in: adapt to use faxq-helper
* Makefile: create FAX_SPOOL_OUT with mode 755 and owner FAX_OUT_USER
* Makefile: add FAX_OUT_USER definition, pass lots of variables
to fax/Makefile (for faxq-helper)
* README.1st: add instructions about FAX_OUT_USER setup
* doc/mgetty.texi-in add instructions about FAX_OUT_USER setup
* fax/faxrunqd.in: fix symlink / file overwrite race in JOB files.
Pointed out by Jablonovsky Alexander <sasha@cit-saratov.ru>
* doc/faxrunq.8in: point out insecurity in symlink handling
* mgetty.h: Intel 64bit platforms (__x86_64__) needs PTR_IS_LONG
* voice/libvoice/IS_101.c: implement DLE shielding for long DTMF tones
for V.253 (initially by Lee Howard <faxguy@howardsilvan.com>)
* mgetty.c: throw out DIST_RING #define - not used anymore
* ring.c: make sure action strings (CONNECT) are only recognized
at the beginning if a line, not in the middle (Paul Fox,
pgf@foxharp.boston.ma.us, CALLER NAME = CONNECTICUT).
* cnd.c: replace non-printable characters and quotes in caller ID
or caller name strings with ' ' - safeguard for passing them to
shell later on.
* doc/mgetty.texi-in: add stuff about recent multitech modems,
superfine+v.34 fax, and rework chapter about common problems
* faxlib.c: fix ugliness with USR modems reporting remote fax
ID as " 12345" -> skip leading '"' and all whitespace
* cnd.c: possible buffer overrun via CallName
(found by "A. Guru" <a.guru@sympatico.ca>)
* fax/faxrunqd: fix priority vs. write combining bug
* login.c: check for close-on-exec bit on FD 0 (FreeBSD 4.1 bug)
* login.c: export Caller Name as environment variable $CALLER_NAME
* login.c: make message about bad permissions even more clear
version 1.59: Wed Aug 13 08:13:00 CEST 2003
- Patch by [Shafiek Rasdien] which adds Mail::Internet::smtpsend
option MailFrom.
- [Ziya Suzen] extended Mail::Mailer::test to provide more
test information.
- Added SWE (Sender Waranted E-mail) as abbreviation in field
names which is always in caps, on request by [Ronnie Paskin]
- Added SOAP and LDAP as abbreviation in field names which is
always in caps.
0.31 Wed Oct 16 01:22:34 CEST 2002
- no internal code changes.
- much better documentation, now considered "useful".
- removed the procedural interface.
- fought the wish to perl-5.8'ify and thus simply the code :().
- stress-tested version 0.3 against 70000 data postings since sunday.
0.3 Sun Oct 13 15:12:11 CEST 2002
- updated to uulib 0.5.18. As expected, some but not all of my bugfixes
have went into uulib, sdo the number of differences decreased a bit
again.
- I found out that the library is being sold commercially by Frank
Pilhofer, disregarding the GPL and ignoring the rights of the people
who sent in patches :(
- vastly more useful documentation in the .pm file.
- much smaller distribution filesize ;)
Also closes PR pkg/22845 by Adrian Portelli.
Changes:
3.45:
=====
- Added new HTTPOptions and RTSPRequest probes suggested by MadHat
(madhat(a)unspecific.com)
- Integrated more service signatures from MadHat
(madhat(a)unspecific.com), Brian Hatch (bri(a)ifokr.org), Niels
Heinen (zillion(a)safemode.org), Solar Designer
(solar(a)openwall.com), Seth Master
(smaster(a)stanford.edu), and Curt Wilson
(netw3_security(a)hushmail.com),
- Applied a patch from Solar Eclipse (solareclipse(a)phreedom.org)
which increases the allowed size of the 'extrainfo' version field from
80 characters to 128. The main benefit is to allow longer apache module
version strings.
- Fixed Windows compilation.
- Applied some updates to README-WIN32 sent in by Kirby Kuehl
(kkuehl(a)cisco.com). He improved the list of suggested registry
changes and also fixed a typo or two. He also attached a .reg file
automate the Nmap connect() scan performance enhancing registry
changes. I am now including that with the Nmap Windows binary .zip
distribution (and in mswin32/ of the source distro).
- Applied a one-line patch from Dmitry V. Levin (ldv@altlinux.org)
which fixes a test Nmap does during compilation to see if an existing
libpcap installation is recent enough.
3.40PVT17:
==========
- Wrote and posted a new paper on version scanning to
http://www.insecure.org/nmap/versionscan.html . Updated
nmap-service-probes and the Nmap man page to simply refer to this
URL.
- Integrated more service signatures from my own scanning as well as
contributions from Brian Hatch (bri(a)ifokr.org), MadHat
(madhat(a)unspecific.com), Max Vision (vision(a)whitehats.com), HD
Moore (hdm(a)digitaloffense.net), Seth Master
(smaster(a)stanford.edu), and Niels Heinen (zillion(a)safemode.org).
MadHat also contributed a new probe for Windows Media Service. Many
people set a LOT of signatures, which has allowed
nmap-service-probes to grow from 295 to 356 signatures representing
85 service protocols!
- Applied a patch (with slight changes) from Brian Hatch
(bri(a)ifokr.org) which enables caching of SSL sessions so that
negotiation doesn't have to be repeated when Nmap reconnects to the same
between probes.
- Applied a patch from Brian Hatch (bri@ifokr.org) which optimizes the
requested SSL ciphers for speed rather than security. The list was
based on empirical evidence from substantial benchmarking he did with
tests that resemble nmap-service-scanning.
- Updated the Nmap man page to discuss the new version scanning
options (-sV, -A).
- I now include nmap-version/aclocal.m4 in the distribution as this is
required to rebuild the configure script ( thanks to Dmitry V. Levin
(ldv(a)altlinux.org) for notifying me of the problem.
- Applied a patch from Dmitry V. Levin (ldv(a)altlinux.org) which
detects whether the PCRE include file is <pcre.h> or <pcre
- Applied a patch from Dmitry V. Levin (ldv(a)altlinux.org) which
fixes typos in some error messages. The patch apparently came from
the highly-secure and stable Owl and Alt Linux distributions. Check
them out at http://www.openwall.com/Owl/ and
http://www.altlinux.com/
- Fixed compilation on Mac OS X - thanks to Brian Hatch
(bri(a)ifokr.org> and Ryan Lowe (rlowe(a)pablowe.net) for giving me
access to Mac OS X boxes.
- Stripped down libpcre build system to remove libtool dependency and
other cruft that Nmap doesn't need. (this was mostly a response to
libtool-related issues on Mac OS X).
- Added a new --version_trace option which causes Nmap to print out extensive
debugging info about what version scanning is doing (this is a subset
of what you would get with --packet_trace). You should usually use
this in combination with at least one -d option.
- Fixed a port number printing bug that would cause Nmap service
fingerprints to give a negative port number when the actual port was
above 32K. Thanks to Seth Master (smaster@stanford.edu) for finding
this.
- Updated all the header text again to clarify our interpretation of
"derived works" after some suggestions from Brian Hatch
(bri(a)ifokr.org)
- Updated the Nsock config.sub/config.guess to the same newer versions
that Nmap uses (for Mac OS X compilation).
3.40PVT16:
==========
- Fixed a compilation problem on systems w/o OpenSSL that was
discovered by Solar Designer. I also fixed some compilation
problems on non-IPv6 systems. It now compiles and runs on my
Solaris and ancient OpenBSD systems.
- Integrated more services thanks to submissions from Niels Heinen
(zillion(a)safemode.org).
- Canonicalized the headers at the top of each Nmap/Nsock header src
file. This included clarifying our interpretation of derived works,
updating the copyright date to 2003, making the header a bit wider,
and a few other light changes. I've been putting this off for a
while, because it required editing about a hundred !#$# files!
3.40PVT15:
==========
- Fixed a major bug in the Nsock time caching system. This could
cause service detection to inexplicably fail against certain ports in
the second or later machines scanned. Thanks to Solar Designer and HD
Moore for helping me track this down.
- Fixed some *BSD compilation bugs found by
Zillion (zillion(a)safemode.org).
- Integrated more services thanks to submissions from Fyodor Yarochkin
(fygrave(a)tigerteam.net), and Niels Heinen
(zillion(a)safemode.org), and some of my own exploring. There are
now 295 signatures.
- Fixed a compilation bug found by Solar Designer on machines that
don't have struct sockaddr_storage. Nsock now just uses "struct
sockaddr *" like connect() does.
- Fixed a bug found by Solar Designer which would cause the Nmap
portscan table to be truncated in -oN output files if the results are
very long.
- Changed a bunch of large stack arrays (e.g. int portlookup[65536])
into dynamically allocated heap pointers. The large stack variables
apparently caused problems on some architectures. This issue was
reported by osamah abuoun (osamah_abuoun(a)hotmail.com).
3.40PVT14:
==========
- Added IPv6 support for service scan.
- Added an 'sslports' directive to nmap-service-probes. This tells
Nmap which service checks to try first for SSL-wrapped ports. The
syntax is the same as the normal 'ports' directive for non-ssl ports.
For example, the HTTP probe has an 'sslports 443' line and
SMTP-detecting probes have and 'sslports 465' line.
- Integrated more services thanks to submissions from MadHat
(madhat(a)unspecific.com), Solar Designer (solar(a)openwall.com), Dug
Song (dugsong(a)monkey.org), pope(a)undersec.com, and Brian Hatch
(bri(a)ifokr.org). There are now 288 signatures, matching these 65
service protocols:
chargen cvspserver daytime domain echo exec finger font-service
ftp ftp-proxy http http-proxy hylafax ident ident imap imaps ipp
ircbot ircd irc-proxy issrealsecure landesk-rc ldap meetingmaker
microsoft-ds msrpc mud mysql ncacn_http ncp netbios-ns netbios-ssn
netsaint netwareip nntp nsclient oracle-tns pcanywheredata pop3
pop3s postgres printer qotd redcarpet rlogind rpc rsync rtsp shell
smtp snpp spamd ssc-agent ssh ssl telnet time upnp uucp vnc
vnc-http webster whois winshell X11
- Added a Lotus Notes probe from Fyodor Yarochkin
(fygrave(a)tigerteam.net).
- Dug Song wins the "award" for most obscure service fingerprint
submission. Nmap now detects Dave Curry's Webster dictionary server
from 1986 :).
- Service fingerprints now include a 'T=SSL' attribute when SSL
tunneling was used.
- More portability enhancements thanks to Solar Designer and his Linux
2.0 libc5 boxes.
- Applied a patch from Gisle Vanem (giva(a)bgnett.no) which improves
Windows emulation of the UNIX mmap() and munmap() memory mapping calls.
3.40PVT13:
==========
- Added SSL-scan-through support. If service detection finds a port to be
SSL, it will transparently connect to the port using OpenSSL and use
version detection to determine what service lies beneath. This
feature is only enabled if OpenSSL is available at build time. A
new --with-openssl=DIR configure option is available if OpenSSL is
not in your default compiler paths. You can use --without-openssl
to disable this functionality. Thanks to Brian Hatch
(bri(a)ifokr.org) for sample code and other assistance. Make sure
you use a version without known exploitable overflows. In
particular, versions up to and including OpenSSL 0.9.6d and
0.9.7-beta2 contained serious vulnerabilities described at
http://www.openssl.org/news/secadv_20020730.txt . Note that these
vulnerabilities are well over a year old at the time of this
writing.
- Integrated many more services thanks to submissions from Brian
Hatch, HellNBack ( hellnbak(a)nmrc.org ), MadHat, Solar Designer,
Simple Nomad, and Shawn Wallis (swallis(a)ku.edu). The number of
signatures has grown from 242 to 271. Thanks!
- Integrated Novell Netware NCP and MS Terminal Server probes from
Simple Nomad (thegnome(a)nmrc.org).
- Fixed a segfault found by Solar Designer that could occur when
scanning certain "evil" services.
- Fixed a problem reported by Solar Designer and MadHat (
madhat(a)unspecific.com ) where Nmap would bail when certain Apache
version/info responses were particularly long. It could happen in
other cases as well. Now Nmap just prints a warning.
- Fixed some portability issues reported by Solar Designer
( solar(a)openwall.com )
3.40PVT12:
==========
- I added probes for SSL (session startup request) and microsoft-ds
(SMB Negotiate Protocol request).
- I changed the default read timeout for a service probe from 7.5s to 5s.
- Fixed a one-character bug that broke many scans when -sV was NOT
given. Thanks to Blue Boar (BlueBoar(a)thievco.com) for the report.
3.40PVT11:
==========
- Integrated many more services thanks to submissions from Simple
Nomad, Solar Designer, jerickson(a)inphonic.com, Curt Wilson, and
Marco Ivaldi. Thanks! The match line count has risen from 201 to 242.
- Implemented a service classification scheme to separate the
vendor/product name from the version number and any extra info that
is provided. Instead of v/[big version string]/, the new match
lines include v/[vendor/productname]/[version]/[extrainfo]/ . See
the docs at the top of nmap-service-probes for more info. This
doesn't change the normal output (which lumps them together anyway),
but they are separate in the XML so that higher-level programs can
easily match against just a product name. Here are a few examples
of the improved service element:
<service name="ssh" product="OpenSSH" version="3.1p1"
extrainfo="protocol 1.99" method="probed" conf="10" />
<service name="domain" product="ISC Bind" version="9.2.1"
method="probed" conf="10" />
<state state="open" /><service name="rpcbind" version="2"
extrainfo="rpc #100000" method="probed" conf="10" />
<service name="rndc" method="table" conf="3" />
- I went through nmap-service-probes and added the vendor name to more
entries. I also added the service name where the product name
itself didn't make that completely obvious.
- SCO Corporation of Lindon, Utah (formerly Caldera) has lately taken
to an extortion campaign of demanding license fees from Linux users
for code that they themselves knowingly distributed under the terms
of the GNU GPL. They have also refused to accept the GPL, claiming
that some preposterous theory of theirs makes it invalid. Meanwhile
they have distributed GPL-licensed Nmap in (at least) their
"Supplemental Open Source CD". In response to these blatant
violations, and in accordance with section 4 of the GPL, we hereby
terminate SCO's rights to redistribute any versions of Nmap in any
of their products, including (without limitation) OpenLinux,
Skunkware, OpenServer, and UNIXWare.
3.40PVT10:
==========
- Added "soft matches". These are similar to normal match lines in
that they provide a regex for recognizing a service (but no version).
But instead of stopping at softmatch service recognition, the scan
continues looking for more info. It only launches probes that are
known-capable of matching the softmatched service. If no version
number is found, at least the determined service is printed. A
service print for submission is also provided in that case. So this
provides more informative results and improves efficiency.
- Cleaned up the Windows support a bit and did more testing and
fixing. Windows service detection seems to be working fine for me
now, although my testing is still pretty limited. This release
includes a Windows binary distribution and the README-WIN32 has been
updated to reflect new compilation instructions.
- More service fingerprints! Thanks to Solar Designer, Max Vision,
Frank Denis (Jedi/Sector One) for the submissions. I also added a
bunch from my own testing. The number of match lines went from 179
to 201.
- Updated XML output to handle new version and service detection
information. Here are a few examples of the new output:
<port protocol="tcp" portid="22"><state state="open" /><service
name="ssh" version="OpenSSH 3.1p1 (protocol 1.99)" method="probed"
conf="10" /></port>
<port protocol="tcp" portid="111"><state state="open" /><service
name="rpcbind" version="2 (rpc #100000)" method="probed" conf="10" /></port>
<port protocol="tcp" portid="953"><state state="open" /><service
name="rndc" method="table" conf="3" /></port>
- Fixed issue where Nmap would quit when ECONNREFUSED was returned
when we try to read from an already-connected TCP socket. FreeBSD
does this for some reason instead of giving ECONNRESET. Thanks to
Will Saxon (WillS(a)housing.ufl.edu) for the report.
- Removed the SERVICEMATCH_STATIC match type from
nmap-service-probes. There wasn't much benefit of this over regular
expressions, so it isn't worth maintaining the extra code.
3.40PVT9:
=========
- Added/fixed numerous service fingerprints thanks to submissions from
Max Vision, MadHat, Seth Master. Match lines went
from 164 to 179.
- The Winpcap libraries used in the Windows build process have been
upgraded to version 3.0.
- Most of the Windows port is complete. It compiles and service scan
works (I didn't test very deeply) on my WinXP box with VS.Net 2003.
I try to work out remaining kinks and do some cleanup for the next
version. The Windows code was restructured and improved quite a bit,
but much more work remains to be done in that area. I'll probably
do a Windows binary .zip release of the next version.
- Various minor fixes
3.40PVT8:
=========
- Service scan is now OFF by default. You can activate it with -sV.
Or use the snazzy new -A (for "All recommended features" or
"Aggressive") option which turns on both OS detection and service
detection.
- Fixed compilation on my ancient OpenBSD 2.3 machine (a Pentium 60 :)
- Added/fixed numerous service fingerprints thanks to submissions from
Brian Hatch, HD Moore, Anand R., and some of my own testing. The
number of match lines in this version grows from 137 to 164! Please
keep 'em coming!
- Various important and not-so-important fixes for bugs I encountered
while test scanning.
- The RPC grinder no longer prints a startup message if it has no
RPC-detected ports to scan.
- Some of the service fingerprint length limitations are relaxed a bit
if you enable debugging (-d).
3.40PVT7:
=========
- Added a whole bunch of services submitted by Brian Hatch
(bri(a)ifokr.org). I also added a few Windows-related probes.
Nmap-service-probes has gone from 101 match strings to 137. Please
keep the submissions coming.
- The question mark now only appears for ports in the OPEN state and
when service detection was requested.
- I now print a separator bar between service fingerprints when Nmap
prints more than one for a given host so that users understand to
submit them individually (suggested by Brian Hatch (bri(a)ifokr.org))
- Fixed a bug that would cause Nmap to print "empty" service
fingerprints consisting of just a semi-colon. Thanks to Brian Hatch
(bri(a)ifokr.org) for reporting this.
3.40PVT6:
=========
- Banner-scanned hundreds of thousands of machines for ports
21,23,25,110,3306 to collect default banners. Where the banner made
the service name/version obvious, I integrated them into
nmap-service-probes. This increased the number of 'match' lines from
27 to more than 100.
- Created the service fingerprint submission page at
http://www.insecure.org/cgi-bin/servicefp-submit.cgi
- Changed the service fingerprint format slightly for easier
processing by scripts.
- Applied a large portability patch from Albert Chin-A-Young
(china(a)thewrittenword.com). This cleans up a number of things,
particularly for IRIX, Tru64, and Solaris.
- Applied NmapFE patch from Peter Marschall (peter(a)adpm.de) which
"makes sure changes in the relay host and scanned port entry fields
are displayed immediately, and also keeps the fields editable after
de- and reactivating them."
3.40PVT4:
=========
- Limited the size of service fingerprints to roughly 1024 bytes.
This was suggested by Niels Heinen (niels(a)heinen.ws), because the previous
limit was excessive. The number of fingerprints printed is also now
limited to 10.
- Fixed a segmentation fault that could occur when ping-scanning large
networks.
- Fixed service scan to gracefully handle host_timeout occurrences when
they happen during a service scan.
- Fixed a service_scan bug that would cause an error when hosts send
data and then close() during the NULL probe (when we haven't sent
anything).
- Applied a patch from Solar Designer (solar(a)openwall.com) which
corrects some errors in the Russian man page translation and also a
couple typos in the regular man page. Then I spell-checked the man
page to reduce future instances of foreigners sending in diffs to
correct my English :).
3.40PVT3:
=========
- Nmap now prints a "service fingerprint" for services that it is
unable to match despite returning data. The web submission page it
references is not yet available.
- Service detection now does RPC grinding on ports it detects to be
running RPC.
- Fixed a bug that would cause Nmap to quit with an Nsock error when
--host_timeout was used (or when -T5 was used, which sets it
implicitly).
- Fixed a bug that would cause Nmap to fail to print the OS
fingerprint in certain cases. Thanks to Ste Jones
(root(a)networkpenetration.com) for the problem report.
3.40PVT2:
=========
- Nmap now has a simple VERSION detection scheme. The 'match' lines in
nmap-service-probes can specify a template version string
(referencing subexpression matches from the regex in a perl-like
manner) so that the version is determined at the same time as the
service. This handles many common services in a highly efficient
manner. A more complex form of version detection (that initiates
further communication w/the target service) may be necessary
eventually to handle services that aren't as forthcoming with
version details.
- The Nmap port state table now wastes less whitespace due to using a new
and stingy NmapOutputTable class. This makes it easier to read, and
also leaves more room for version info and possibly other enhancements.
- Added 's' option to match lines in nmap-service-probes. Just as
with the perl 's' option, this one causes '.' in the regular
expression to match any character INCLUDING newline.
- The WinPcap header timestamp is no longer used on Windows as it
sometimes can be a couple seconds different than gettimeofday() (which
is really _ftime() on Windows) for some reason. Thanks to Scott
Egbert (scott.egbert(a)citigroup.com) for the report.
- Applied a patch by Matt Selsky (selsky(a)columbia.edu) which fixes
configure.in in such a way that the annoying header file "present but
cannot be compiled" warning for Solaris.
- Applied another patch from Matt that (we hope) fixes the "present
but cannot be compiled" warning -- this time for Mac OS X.
- Port table header names are now capitalized ("SERVICE", "PORT", etc)
3.40PVT1:
=========
- Initial implementation of service detection. Nmap will now probe
ports to determine what is listening, rather than guessing based on
the nmap-services table lookup. This can be very useful for
services on unidentified ports and for UDP services where it is not
always clear (without these probes) whether the port is really open
or just firewalled. It is also handy for when services are run on
the well-known-port of another protocol -- this is happening more
and more as users try to circumvent increasingly strict firewall
policies.
- Nmap now uses the excellent libpcre (Perl Compatible Regular
Expressions) library from http://www.pcre.org/ . Many systems
already have this, otherwise Nmap will use the copy it now includes.
If your libpcre is hidden away in some nonstandard place, give
./configure the new --with-libpcre=DIR directive.
- Nmap now uses the C++ Standard Template Library (STL). This makes
programming easier, but if it causes major portability or bloat
problems, I'll reluctantly remove it.
- Applied a patch from Javier Kohen (jkohen(a)coresecurity.com) which
normalizes the names of many Microsoft entries in the
nmap-os-fingerprints file.
- Applied a patch by Florin Andrei (florin(a)sgi.com) to the Nmap RPM
spec file. This uses the 'Epoch' flag to prevent the Redhat Network
tool from marking my RPMs as "obsolete" and "upgrading" to earlier
Redhat-built versions. A compilation flag problem is also fixed.
--- 9.2.2-P2 released ---
1509. [bug] Hint zones should accept delegation-only. Forward
zone should not accept delegation-only.
1508. [bug] Don't apply delegation-only checks to answers from
forwarders.
1507. [bug] Handle BIND 8 style returns to NS queries to parents
when making delegation-only checks.
1506. [bug] Wrong return type for dns_view_isdelegationonly().
Also fix pkg/22714, clamav not building, this was due to it rerunning
configure due to dependancy updates, which built a new libtool, replacing
the one we had given it from pkgsrc.
The fix is to run autoconf and automake on the patches, I would have done
diff's post autoconf/automake, but the diffs are much bigger.
Known issue, if you run fetchclam to update the databases you'll find that
pkg_install won't remove the db files as the MD5 checksum has changed, I
may move the db files into etc/clamav and copy them in, then fetchclam can
update as needed.
However I thought that given the current spate of viruses hitting people
they maybe wanting the latest version.
Changes since 0.72.1 include:
- Everything from MESS CVS.
- Reapplied David Mitchell's fix for the XInput inertial effect when
a mouse or spinner is used. (Jake Stookey)
- Added support for controllor setup via "-ctrlr". Note that "-hotrod"
and "-hotrodse" have been replaced by "-ctrlr HotRod" and "-ctlrlr
HotRodSE".
Changes since 0.72.1 include:
- Everything from MAME 0.74.
- Reapplied David Mitchell's fix for the XInput inertial effect when
a mouse or spinner is used. (Jake Stookey)
- Added support for controllor setup via "-ctrlr". Note that "-hotrod"
and "-hotrodse" have been replaced by "-ctrlr HotRod" and "-ctlrlr
HotRodSE".
