Based on patch sent by Juan RP via PR pkg/20839.
Changes:
Nmap 3.20:
==========
o The random IP input option (-iR) now takes an argument specifying
how many IPs you want to scan (e.g. -iR 1000). Specify 0 for the old
neverending scan behavior.
o Fixed a tricky memory leak discovered by Mugz (mugz@x-mafia.com).
o Fixed output truncation problem noted by Lionel CONS (lionel.cons@cern.ch)
o Fixed a bug that would cause certain incoming ICMP error messages to
be improperly ignored.
Nmap 3.15BETA3:
===============
o Made numerous improvements to the timing behavior of "-T Aggressive"
(same as -T4) scans. It is now recommended for regular use by
impatient people with a fast connection. "-T Insane" mode has also
been updated, but we only recommend that for, well, insane people.
o Made substantial changes to the SYN/connect()/Window scanning
algorithms for improved speeds, especially against heavily filtered
hosts. If you notice any timing problems (misidentified ports,
etc.), please send me the details (including full Nmap output and a
description of what is wrong). Reports of any timing problems with
-T4 would be helpful as well.
o Changed Nmap such that ALL syn scan packets are sent from the port
you specify with -g. Retransmissions used to utilize successively
higher ports. This change has a downside in that some operating
systems (such as Linux) often won't reply to the retransmissions
because they reuse the same connection specifier quad
(srcip:srcport:dstip:dstport). Overall I think this is a win.
o Added timestamps to "Starting nmap" line and each host port scan in
verbose (-v) mode. These are in ISO 8601 standard format because
unlike President Bush, we actually care about International
consensus :).
o Nmap now comes by default in .tar.bz2 format, which compresses about
20% further. You can still find .tgz in the dist directory at
http://download.insecure.org/nmap/dist/?M=D .
o Various other minor bugfixes, new services, fingerprints, etc.
Nmap 3.15BETA2:
===============
o I added support for a brand new "port" that many of you may have
never scanned before! UDP & TCP "port 0" (and IP protocol 0) are now
permitted if you specify 0 explicitly. An argument like "-p -40"
would still scan ports 1-40. Unlike ports, protocol 0 IS now scanned
by default. This now works for ping probes too (e.g., -PS, -PA).
o Applied patch by Martin Kluge (martin@elxsi.info) which adds --ttl
option, which sets the outgoing IPv4 TTL field in packets sent via
all raw scan types (including ping scans and OS detection). The
patch "should work" on Windows, but hasn't been tested. A TTL of 0
is supported, and even tends to work on a LAN:
14:17:19.474293 192.168.0.42.60214 > 192.168.0.40.135: S 3265375623:3265375623(0) win 1024 [ttl 0] (id 35919, len 40)
14:17:19.474456 192.168.0.40.135 > 192.168.0.42.60214: S 2805154856:2805154856(0) ack 3265375624 win 64240 <mss 1460> (DF) (ttl 128, id 49889, len 44)
o Applied patch by Gabriel L. Somlo ( somlo@acns.colostate.edu ) which
extends the multi-ping-port functionality to nonroot and IPv6
connect() users.
o I added a new --datadir command line option which allows you to
specify the highest priority directory for Nmap data files
nmap-services, nmap-os-fingerprints, and nmap-rpc. Any files which
aren't in the given dir, will be searched for in the $NMAPDIR
environmental variable, ~/nmap/, a compiled in data directory
(e.g. /usr/share/nmap), and finally the current directory.
o Fixed Windows (VC++ 6) compilation, thanks to patches from Kevin
Davis (computerguy@cfl.rr.com) and Andy Lutomirski
(luto@stanford.edu)
o Included new Latvian man page translation by
"miscelerious options" (misc@inbox.lv)
o Fixed Solaris compilation when Sun make is used rather than GNU
make. Thanks to Tom Duffy (tduffy@sun.com) for assistance.
o Applied patch from Stephen Bishop (sbishop@idsec.co.uk) which
prevends certain false-positive responses when Nmap raw TCP ping scans
are being run in parallel.
o To emphasize the highly professional nature of Nmap, I changed all
instances of "fucked up" in error message text into "b0rked".
o Fixed a problem with nmap-frontend RPMs that would cause a bogus
/bin/xnmap link to be created (it should only create
/usr/bin/xnmap). Thanks to Juho Schultz
(juho.schultz@astro.helsinki.fi) for reporting the problem.
o I made the maximum number of allowed routes and interfaces allowed
on the scanning machine dynamic rather than hardcoded #defines of 1024
and 128. You never know -- some wacko probably has that many :).
Nmap 3.15BETA1:
===============
o Integrated the largest OS fingerprint DB updates ever! Thanks to
everyone who contributed signatures! New or substantially modified
fingerprints included the latest Windows 2K/XP changes, Cisco IOS
12.2-based routers and PIX 6.3 firewalls, FreeBSD 5.0, AIX 5.1,
OpenBSD 3.2, Tru64 5.1A, IBM OS/400 V5R1M0, dozens of wireless APs,
VOIP devices, firewalls, printers, print servers, cable modems,
webcams, etc. We've even got some mod-chipped Xbox fingerprints
now!
o Applied NetBSD portability patch by Darren Reed
(darrenr@reed.wattle.id.au)
o Updated Makefile to better-detect if it can't make nmapfe and
provide a clearer error message. Also fixed a couple compiler
warnings on some *BSD platforms.
o Applied patch from "Max" (nmap@webwizarddesign.com) which adds the
port owner to the "addport" XML output lines which are printed (only
in verbose mode, I think) as each open port is discovered.
o I killed the annoying whitespace that is normally appended after the
service name. Now it is only there when an owner was found via -sI
(in which case there is a fourth column and so "service" must be
exactly 24 characters).
Nmap 3.10ALPHA9:
================
o Reworked the "ping scan" algorithm (used for any scan except -P0 or
-sL) to be more robust in the face of low-bandwidth and congested
connections. This also improves reliability in the multi-port and
multi-type ping cases described below.
o "Ping types" are no longer exclusive -- you can now do combinations
such as "-PS22,53,80 -PT113 -PN -PE" in order to increase your odds of
passing through strict filters. The "PB" flag is now deprecated
since you can achieve the same result via "PE" and "PT" options.
o Applied patch (with modest changes) by Gabriel L. Somlo
(somlo@acns.colostate.edu), which allows multiple TCP probe ports in
raw (root) mode. See the previous item for an example.
o Fixed a libpcap compilation issue noted by Josef 'Jupp' Schugt
(deusxmachina@webmail.co.za) which relates to the definition (or
lack thereof) of ARPHRD_HDLC (used for Cisco HDLC frames).
o Tweaked the version number (-V) output slightly.
Nmap 3.10ALPHA7:
================
o Upgraded libpcap from version 0.6.2 to 0.7.1. Updated the
libpcap-possiblymodified/NMAP_MODIFICATIONS file to give a much
more extensive list (including diffs) of the changes included
in the Nmap bundled version of Libpcap.
o Applied patch to fix a libpcap alignment bug found by Tom Duffy
(tduffy@sun.com).
o Fixed Windows compilation.
o Applied patch by Chad Loder (cloder@loder.us) of Rapid7 which
fixes OpenBSD compilation. I believe Chad is now the official
OpenBSD Nmap "port" maintainer. His patch also adjusted
random-scan (-iR) to include the recently allocated 82.0.0.0/8
space.
o Fixed (I hope) a few compilation problems on
non-IPv6-enabled machines which were noted by Josef 'Jupp'
Schugt (jupp@gmx.de)
o Included some man page translations which were inadvertently
missed in previous tarballs.
o Applied patch from Matthieu Verbert (mve@zurich.ibm.com) which
places the Nmap man pages under ${prefix}/share/man rather than
${prefix}/man when installed via RPM. Maybe the tarball
install should do this too? Opinions?
o Applied patch from R Anderson (listbox@pole-position.org) which
improves the way ICMP port unreachables from intermediate hosts
are handled during UDP scans.
o Added note to man page related to Nmap US export control. I
believe Nmap falls under ECCN 5D992, which has no special
restrictions beyond the standard export denial to a handful of
rogue nations such as Iraq and North Korea.
o Added a warning that some hosts may be skipped and/or repeated
when someone tries to --resume a --randomize_hosts scan. This
was suggested by Crayden Mantelium (crayden@sensewave.com)
o Fixed a minor memory leak noted by Michael Davis
(mike@datanerds.net).
Nmap 3.10ALPHA4:
================
o Applied patch by Max Schubert (nmap@webwizarddesign.com) which adds
an add-port XML tag whenever a new port is found open when Nmap is
running in verbose mode. The new tag looks like:
<addport state="open" portid="22" protocol="tcp"/>
I also updated docs/nmap.dtd to recognize this new tag.
o Added German translation of Nmap manpage by Marc Ruef
(marc.ruef@computec.ch). It is also available at
http://www.insecure.org/nmap/data/nmap_manpage-de.html
o Includes a brand new French translation of the manpage by Sebastien
Blanchet. You could probably guess that it is available at
http://www.insecure.org/nmap/data/nmap_manpage-fr.html
o Applied some patches from Chad Loder (cloder@loder.us) which update
the random IP allocation pool and improve OpenBSD support. Some
were from the OBSD Nmap patchlist.
o Fixed a compile problem on machines without PF_INET6. Thanks to
Josef 'Jupp' Schugt (deusxmachina@webmail.co.za) for noting this.
Nmap 3.10ALPHA3:
================
o Added --min_parallelism option, which makes scans more aggressive
and MUCH faster in certain situations -- especially against
firewalled hosts. It is basically the opposite of --max_parallelism
(-M). Note that reliability can be lost if you push it too far.
o Added --packet_trace option, which tells Nmap to display all of the
packets it sends and receives in a format similar to tcpdump. I
mostly added this for debugging purposes, but ppl wishing to learn
how Nmap works or for experts wanting to ensure Nmap is doing
exactly what they epect. If you want this feature supported under
Windows, please send me a patch :).
o Fixed a segmentation fault in Idlescan (-sI).
o Made Idlescan timing more conservative when -P0 is specified to
improve accuracy.
o Fixed an infinite-loop condition that could occur during certain
dropped-packet scenarios in an Idle scan.
o Nmap now reports execution times to millisecond precision (rather
than rouding to the nearest second).
o Fixed an infinite loop caused by invalid port arguments. Problem
noted by fejed (fejed@uddf.net).
Nmap 3.10ALPHA2:
================
o Fixed compilation and IPv6 support on FreeBSD (tested on
4.6-STABLE). Thanks to Niels Heinen (niels.heinen@ubizen.com) for
suggestions.
o Made some portability changes based on suggestions by Josef 'Jupp'
Schugt (jupp@gmx.de)
o Fixed compilation and IPv6 support on Solaris 9 (haven't tested
earlier versions).
Nmap 3.10ALPHA1:
================
o IPv6 is now supported for TCP scan (-sT), connect()-style ping
scan (-sP), and list scan (-sL)! Just specify the -6 option and the
IPv6 numbers or DNS names. Netmask notation is not currently
supported -- I'm not sure how useful it is for IPv6, where even petty
end users may be allocated trillions of addresses (/80). If you
need one of the scan types that hasn't been ported yet, give
Sebastien Peterson's patch a try at http://nmap6.sourceforge.net/ .
If there is demand, I may integrate more of that into Nmap.
o Major code restructing, which included conversion to C++ -- so
you'll need g++ or another C++ compiler. I accidently let a C++
requirement slip in a while back and found that almost everyone has
such a compiler. Windows (VC++) users: see the README-WIN32 for new
compilation instructions.
o Applied patch from Axel Nennker (Axel.Nennker@t-systems.com) which
adds a --without-nmapfe option to the configure script. This si
useful if your system doesn't have the proper libraries (eg GTK) or
if you think GUIs are for sissies :).
o Removed arbitrary max_parallelism (-M) limitations, as suggested by
William McVey ( wam@cisco.com ).
o Added DEC OSF to the platforms that require the BSDFIX() macro due
to taking ip length and offset fields in host rather than network byte
order. Suggested by Dean Bennett (deanb@gbtn.net)
o Fixed an debug statement C ambiguity discovered by Kronos
(kronos@kronoz.cjb.net)
Changes:
Version 3.1.1
14 March 2003
-Add additional info to message log (msg #, msg count, size) "new msg"
status line. Thanks to Payal Rathod for the feature request.
Version 3.1.0
21 February 2003
-Rename the recipient_header directive to "envelope_recipient". There was
simply too much confusion about it. Sorry, but you'll have to update
your getmailrc file and rename this directive if you're using it. This
version was going to be 3.0.5, but this change necessitates bumping the
version up to 3.1.0.
-Include separate callable program for mbox delivery. The program,
getmail_mbox, is based on the mbox delivery code in getmail version
2.3. It assumes mboxrd format and flock locking; if other programs
on your system expect a different subtype of mbox format or use a different
locking method, you can corrupt your mbox file. Use at your own risk.
You can use this in a command delivery target from getmail
as "|/path/to/getmail_mbox /path/to/mboxfile" .
-In a similar vein, include separate callable program for maildir delivery.
The program, getmail_maildir, uses the same maildir delivery code as
getmail. You can use this in a command delivery target from getmail
as "|/path/to/getmail_maildir /path/to/maildir/" . This is mostly useful
if you want to deliver to a maildir after doing something else to the message,
and can be used in place of safecat.
-Add message filtering. You can now pass messages through arbitrary
filters before delivery; specify one or more message_filter directives,
each of which is a command and arguments. The filter(s) should read the
message from stdin, write to stdout, and exit 0 for success, 99 to drop
the message in the bitbucket, and anything else to indicate an error.
No docs for this yet.
-getmail could drop the final newline when delivering to Maildirs in
some circumstances. Thanks to Jason Mastaler for the report and testing.
Version 3.0.4
20 February 2003
-Catch a user incorrectly specifying two values for recipient_header.
Thanks to Francisco Stefano Wechsler for the report.
-Update ConfParser to version 3.3, designed to make it easier to catch
user configuration errors.
-Update configuration-handling code to use new features of ConfParser 3.3
above, report configuration errors more clearly. Thanks to Francisco
Stefano Wechsler for the report which got me looking at this.
-Add explicit check for recipient_header specifying a known-incorrect
value. Thanks to Edward Davis for the report that got me looking at this.
-Move some sanity checks around to report errors earlier.
Version 3.0.3
14 February 2003
-Missing import in getmail_utilities.py affected those who let getmail
prompt them for a password. Thanks to Francisco Stefano Wechsler for the
report.
Version 3.0.2
14 February 2003
-My editor let CR LF line endings into getmail_utilities.py ; this caused
problems for at least one person. Thanks to Francisco Stefano Wechsler
for the report. Now fixed.
Version 3.0.1
13 February 2003
-Have getmail report an error if local directives are specified but getmail
is not operating in multidrop mode (through either of the "use_*env" or
"recipient_header" directives). Thanks to Gerwin Krist for reporting that
this was not obvious.
Version 3.0.0
10 February 2003
-Updated to version 1.23 of Timothy O'Malley's timeoutsocket.py
from http://www.timo-tasi.org/python/timeoutsocket.py
-not all configuration errors were being caught in ConfParser. Updated
ConfParser as a result; thanks to Christian Pelster for reporting and testing
this.
-Move lots of code around. Much has been moved into separate files.
Much other code has been cleaned up.
-Add support for Demon's SPDS "*ENV" command for domain mailboxes.
Thanks to Paul Clifford for the request and the pointer to Demon's
explanation of this protocol extension, submission of a patch to
getmail 2.3.x for this feature, and for a testing 3.0 in its pre-release
state. Paul also submitted several patches during pre-release testing
which I accepted.
-Change main delivery loop; individual message delivery failures are
not considered fatal errors any more. The messages will be left on the
server and retried.
-Remove mbox delivery code. Use an external MDA for this; for safety
and reliability, all mbox-delivery programs on a system have to be compiled
to use the same method of mbox locking in any case. I don't use mbox
files at all.
-Simplify handling of oldmail data files.
-Domain mailboxes are now only supported with explicit configuration of
a header field which records the envelope recipient address or with *ENV.
This removes a lot of code and makes the logic simpler.
-Remove duplicate filtering option. Use an external MDA for this.
-Change maildir delivery algorithm; getmail will now try up to three times
to generate a valid, unique name in maildir/tmp/, sleeping two seconds
between tries as recommended by djb. This code is also now moved into
an independant function in getmail_utilities.py for easier use by others.
The file naming convention has changed to djb's "modern delivery
identifiers".
Changes:
o Fix posible obscure buffer overflow bug in DNS resolver code
o Added additional extended character fixes
o Let code accept partial content response codes along with 200's
o Added code to catch blank hostnames (yes, they have been found!)
Will convert them into 'Unknown'
Also build shared libs on Linux, from Jeremy C. Reed in PR 20735.
Changes since 3.2.1:
On the following i386-based systems GCC 3.2.1 broke the C ABI wrt.
functions returning structures: Cygwin, FreeBSD (GCC 3.2.1 as shipped with
FreeBSD 5.0 does not have this problem), Interix, a.out-based Linux and
NetBSD, OpenBSD, and Darwin. GCC 3.2.2 reverts this ABI change, and thus
restores ABI-compatibility with previous releases (except GCC 3.2.1) on
these platforms.
Lots of other bug fixes, see http://gcc.gnu.org/gcc-3.2/changes.html.
Patch sent by Quentin Garnier via PR pkg/20679.
Changes:
- s/USE_X11BASE/USE_X11/
0.8.11:
=======
- The folder option to remove parentheses and brackets at the beginning
of subject has been added.
- The option to use command output for signature has been added.
- The summary search now also looks for collapsed nodes.
- The size of the source window is now remembered.
- Euro locales (ISO-8859-15) have been supported.
- Many locales and encodings which were not supported before have been
added.
- Galician translation has been added.
- Support for Latin locales (ISO-8859) has been fixed.
- UTF-8 locale support has been fixed.
- The folding problem of headers has been fixed.
- The more workaround for abort problem in Japanese locale has been made.
- Other bugfixes have been made.
0.8.10:
=======
- The validity check of EUC-JP code became more strict.
- The handling of strings which failed to be converted has been modified.
- Minor bugfixes and a speed improvement have been made.
0.8.9:
======
- Transition from libjconv to direct use of iconv() API has been made.
- Quoted-Printable encoding for outgoing messages has been enabled.
- Content-Transfer-Encoding for outgoing messages became user definable.
- The abbreviation method of newsgroup name has been improved.
- Russian locales support has been improved.
- Fixes for message canonicalization have been made.
- Bugs of header MIME encoding have been fixed.
Fix PLIST while here.
Changes:
- Updated translations (am, ca, lt).
- Save serverlist before connecting (Joe Drew).
- OpenBSD compile fixes.
- (Encoding) Fallback outgoing text to "?" for unconvertable chars.
[674798].
- Hide tab scrolling buttons when they're not needed.
- Fixed --disable-xlib compiles.
- Fixed use of %h in dialog-tab buttons [688937].
- Fixed printing/logging timestamps that contain invalid utf8
[688548].
- Added "Resizable userlist" option (default ON).
- Strip colors on topic change.
- Fixed (snotice) and (notice) tabs being swapped [687437].
- Made more strings translatable.
- Allow loading empty text events [691191].
- Fixed xtext race condition [678874].
- Added ability to show/hide the channel-mode buttons (default OFF).
- Use the network name in server-tab rather than full hostname.
- Added keybindings for moving tab-families, default is ctrl-shift
PageUp and PageDown (Vincent Ho).
- Added 'Beep on highlighted messages' option (Jirka Kosina).
- Use DND to detach tabs.
- Interpret %C, %B etc in quit reasons.
- Added more items to the right-click tab menu.
- Some misc UI cleanups.
Based on a PR pkg/20825 by Hiramatsu Yoshifumi, modified by me.
- follow PKG_SYSCONFDIR
List of major changes for this release:
* Regular Expressions Phase 1
ICU 2.4 introduces a Regular Expression C++ API that is modeled after
the JDK 1.4 API. ICU 2.4's Regular Expression API supports Unicode
level 1 regular expressions (see Unicode Regular Expression
Guidelines) but not all pattern metacharacters and features are
supported yet. Regular expressions leverage all of the UnicodeSet
support, including all Unicode 3.2 property names and property value
names. Future ICU releases will complete the pattern support, add
support for higher Unicode regex levels, and improve performance. For
more details see the API References and the User Guide.
* Modularized ICU library building
ICU 2.4 provides build-time switches to prune parts of the library
code, for smaller custom distributions. For details see the readme
file.
* Character set alias management support
Additional APIs map alias+standard to a unique charset name (e.g.,
"Shift-JIS"+"IANA"->"ibm-943_P14A-2000") and enumerate all charset
names in the alias table, not just the installed ones. See
convrtrs.txt and ucnv.h.
These APIs allow programmers to avoid data corruption problems when
different platforms use the same names for different character
conversion mappings.
* EBCDIC-z/OS converter option
The EBCDIC converter now handles swapped LF/NL mappings
algorithmically instead of with modified .ucm/.cnv conversion table
files. This makes this behavior available for all supported EBCDIC
conversions without adding to the data package size. See "swaplfnl" in
convrtrs.txt.
* Additional converter
A new converter implementation has been added for the encoding of IMAP
mailbox names. See RFC 2060/5.1.3. Mailbox International Naming
Convention and "IMAP-mailbox-name" in convrtrs.txt.
* Customizable break iteration
ICU 2.4 allows registration of a BreakIterator with a locale ID. This
allows applications to provide more sophisticated word/sentence break
engines and use them seamlessly with the ICU APIs. In future releases,
this registration mechanism will be extended to all relevant ICU
services. If you are interested in ICU customization, please try out
this feature.
* Collation performance
ICU 2.4 collation was improved in several areas, with an emphasis on
performance:
* Latin-1: Improved performance of u_strcoll().
* Russian/Cyrillic: Improved performance by tailoring collation for
cyrillic-script languages, removing UCA contractions that are not
used for modern Russian (this uses the [suppressContractions]
tailoring option).
* Korean: Improved performance by resolving collation elements for
modern Hangul syllables at build time (this uses the [optimize]
tailoring option).
* Japanese: The default strength for Japanese was reduced from
quaternary to tertiary as in all other locales.
* UnicodeSet performance
UnicodeSet performance is significantly improved, especially for
add(codePoint) and contains(codePoint).
* Unicode property aliases ICU 2.4 introduces APIs for mapping between
all appropriate Unicode property aliases and property value aliases
and ICU property enumeration constants. See u_getPropertyName() etc.
in uchar.h.
* Unicode string functions
* There are new C functions for searching for last occurrences of
characters and partial strings. See u_strrstr(), u_strrchr32()
etc.
* New C/C++/Java functions for efficient checking if a string
contains more than a certain number of code points. See
hasMoreChar32Than().
* Copying UnicodeStrings via the standard assignment operator and
copy constructor does not preserve readonly aliasing any more
because this can sometimes have unexpected and dangerous effects.
A new fastCopyFrom() member function provides the old copy
semantics. See Jitterbug 1794 for more details.
* UTF macros simplified
The low-level C macros for handling code points in 8-bit and 16-bit
Unicode strings have been replaced by a simpler, more consistent set
with more concise names. For details see utf_old.h and utf.h.
Similarly, ICU 2.4 defines the UChar32 consistently (now always as
int32_t) and adds a U_SENTINEL non-code point value for new APIs.
* Performance tests
ICU 2.4 has a new performance test framework and additional
performance tests using this framework. This is not currently
documented, but it is available as part of the source distribution at
source/test/perf/.
