either because they themselves are not ready or because a
dependency isn't. This is annotated by
PYTHON_VERSIONS_INCOMPATIBLE= 33 # not yet ported as of x.y.z
or
PYTHON_VERSIONS_INCOMPATIBLE= 33 # py-foo, py-bar
respectively, please use the same style for other packages,
and check during updates.
Use versioned_dependencies.mk where applicable.
Use REPLACE_PYTHON instead of handcoded alternatives, where applicable.
Reorder Makefile sections into standard order, where applicable.
Remove PYTHON_VERSIONS_INCLUDE_3X lines since that will be default
with the next commit.
Whitespace cleanups and other nits corrected, where necessary.
changes:
-scripting improvements
-added lua scripting support to ncat
-hundreds of new OS and service detection signatures
-version scanning through a chain of proxies
-improved target specification
-performance enhancements and bug fixes
pkgsrc note: added "lua" option
approved by The Maintainer
to address issues with NetBSD-6(and earlier)'s fontconfig not being
new enough for pango.
While doing that, also bump freetype2 dependency to current pkgsrc
version.
Suggested by tron in PR 47882
o [NSE] Added CPE to smb-os-discovery output.
o [Ncat] Fixed the printing of warning messages for large arguments to
the -i and -w options.
o [Ncat] Shut down the write part of connected sockets in listen mode
when stdin hits EOF, just as was already done in connect mode.
o [Zenmap] Removed a crashing error that could happen when canceling a
"Print to File" on Windows:
Traceback (most recent call last):
File "zenmapGUI\MainWindow.pyo", line 831, in _print_cb
File "zenmapGUI\Print.pyo", line 156, in run_print_operation
GError: Error from StartDoc
o [NSE] Added new fingerprints for http-enum: Sitecore, Moodle, typo3,
SquirrelMail, RoundCube.
o Added some new checks for failed library calls.
"The Nmap Project is pleased to announce the immediate, free availability
of the Nmap Security Scanner version 6.00 from http://nmap.org/.
It is the product of almost three years of work, 3,924 code commits,
and more than a dozen point releases since the big Nmap 5 release in July
2009. Nmap 6 includes a more powerful Nmap Scripting Engine, 289 new scripts,
better web scanning, full IPv6 support, the Nping packet prober, faster scans, and much more! We recommend that all current users upgrade."
Here is a condensed Changelog:
Nmap 6.01 [2012-06-13]
o [Zenmap] Fixed a hang that would occur on Mac OS X 10.7.
o [Zenmap] Fixed a crash that happened when activating the host filter.
o Fixed a bug that caused Nmap to fail to find any network interface when
at least one of them is in the monitor mode.
http://seclists.org/nmap-dev/2012/q2/449http://seclists.org/nmap-dev/2012/q2/478
o Fixed the greppable output of hosts that time-out.
Nmap 6.00 [2012-05-21]
o Most important release since Nmap 5.00 in July 2009! For a list of
the most significant improvements and new features, see the
announcement at: http://nmap.org/6
o Some XML output improvements...
o Lots of NSE scripts added and updated...
o Fixed the routing table loop on OS X so that on-link routes appear.
o Upgraded included libpcap to version 1.2.1.
o Fixed a compilation problem on Solaris 9 caused by a missing
definition of IPV6_V6ONLY.
o Setting --min-parallelism by itself no longer forces the maximum
parallelism to the same value.
o [Zenmap] Fixed a crash that would happen in the profile editor when
the script.db file doesn't exist.
o [Zenmap] It is now possible to compare scans having the same name or
command line parameters.
o Fixed an error that could occur with ICMPv6 probes and -d4 debugging:
"Unexpected probespec2ascii type encountered"
o Applied a workaround to make pcap captures work better on Solaris 10.
o Fixed a bug that could cause Nsock timers to fire too early.
o Changed the way timeout calculations are made in the IPv6 OS engine.
Nmap 5.61TEST5 [2012-03-09]
o Integrated all of your IPv4 OS fingerprint submissions since June
2011 (about 1,900 of them). Added about 256 new fingerprints (and
deleted some bogus ones), bringing the new total to 3,572.
Additions include Apple iOS 5.01, OpenBSD 4.9 and 5.0, FreeBSD 7.0
through 9.0-PRERELEASE, and a ton of new WAPs, routers, and other
devices. Many existing fingerprints were improved. For more details,
see http://seclists.org/nmap-dev/2012/q1/431
o Integrated all of your service/version detection fingerprints
submitted since November 2010--more than 2,500 of them! Our
signature count increased more than 10% to 7,423 covering 862
protocols. Some amusing and bizarre new services are described at
http://seclists.org/nmap-dev/2012/q1/359
o Integrated your latest IPv6 OS submissions and corrections. We're
still low on IPv6 fingerprints, so please scan any IPv6 systems you
own or administer and submit them to http://nmap.org/submit/. Both
new fingerprints (if Nmap doesn't find a good match) and corrections
(if Nmap guesses wrong) are useful.
o IPv6 OS detection now includes a novelty detection system which
avoids printing a match when an observed fingerprint is too
different from fingerprints seen before. As the OS database is still
small, this helps to avoid making (essentially) wild guesses when
seeing a new operating system.
o Refactored the nsock library to add the nsock-engines system.
o [NSE] Added 43(!) NSE scripts, bringing the total up to 340.
o CPE (Common Platform Enumeration) OS classification is now supported
for IPv6 OS detection.
[...]
Nmap 5.61TEST4 [2012-01-02] -> Nmap 5.61TEST1
[...]
Lots of Bugfixes!
Thanks to jschauma@ for analysing a NetBSD related problem,
and to David Fifield for providing the (upstream) patch.
Remove devel/py-ctypes (only needed by and supporting python24).
Remove PYTHON_VERSIONS_ACCEPTED and PYTHON_VERSIONS_INCOMPATIBLE
lines that just mirror defaults now.
Miscellaneous cleanup while editing all these files.
o [Ndiff] Added support for prerule and postrule scripts.
o [NSE] Fixed a bug which caused some NSE scripts to fail due to the
absence of the NSE SCRIPT_NAME environment variable when loaded.
o [Zenmap] Selecting one of the scan targets in the left pane is
supposed to jump to that host in the Nmap Output in the right pane
(but it wasn't).
o Fixed an obscure bug in Windows interface matching. If the MAC
address of an interface couldn't be retrieved, it might have been
used instead of the correct interface.
o [NSE] Fixed portrules in dns-zone-transfer and ftp-proftpd-backdoor
that used shortport functions incorrectly and always returned
true.
o [Ndiff] Fixed ndiff.dtd to include two elements that can be diffed:
status and address.
o [Ndiff] Fixed the ordering of hostscript-related elements in XML
output.
o [NSE] Fixed a bug in the nrpe-enum script that would make it run for
every port (when it was selected--it isn't by default).
o [NSE] When an NSE script sets a negative socket timeout, it now
causes a controlled Lua stack trace instead of a fatal error.
o [Zenmap] Worked around an error that caused the py2app bootstrap
executable to be non-universal even when the rest of the application
was universal. This prevented the binary .dmg from working on
PowerPC.
o [Ndiff] Fixed an output line that wasn't being redirected to a file
when all other output was.
Some of the highlights are:
o [Zenmap] Added a new script selection interface, allowing you to
choose scripts and arguments from a list.
o [Nping] Added echo mode, learn more about echo mode at
http://nmap.org/book/nping-man-echo-mode.html.
o [NSE] Added an amazing 46 scripts, bringing the total to 177!
You can learn more about any of them at http://nmap.org/nsedoc/
o [NSE] Added 12 new protocol libraries.
o [NSE] Added a new brute library that provides a basic framework and logic
for brute force password auditing scripts.
o [Zenmap] Greatly improved performance for large scans by
benchmarking intensively and then recoding dozens of slow parts.
o Performed a major OS detection integration run. The database has
grown more than 14% to 2,982 fingerprints and many of the existing
fingerprints were improved. David posted highlights of his integration work at
http://seclists.org/nmap-dev/2010/q4/651
o Performed a huge version detection integration run. The number of
signatures has grown by more than 11% to 7,355. David posted highlights at
http://seclists.org/nmap-dev/2010/q4/761
o [NSE] Nmap has two new NSE script scanning phases. See
http://nmap.org/book/nse-usage.html#nse-script-types
o Dramatically improved nmap.xsl (used for converting Nmap XML output
to HTML).
o Integrated cracked passwords from the Gawker.com compromise
(http://seclists.org/nmap-dev/2010/q4/674) into Nmap's top-5000
password database.
o Merged port names in the nmap-services file with allocated names
from the IANA (http://www.iana.org/assignments/port-numbers).
o [Zenmap] Made the topology node radiuses grow logarithmically
instead of linearly, so that hosts with thousands of open ports
don't overwhelm the diagram.
o Improved IPv6 host output in that we now remember and report the
forward DNS name (given by the user) and any non-scanned addresses
(usually because of round robin DNS).
o [Zenmap] Upgraded to the newer gtk.Tooltip API to avoid deprecation
messages about gtk.Tooltip.
o [NSE] Enhance ssl-cert to also report the type and bit size of SSL
certificate public keys.
o [Nping] Nping now limits concurrent open file descriptors properly
based on the resources available on the host.
o Ncat now logs Nsock debug output to stderr instead of stdout for
consistency with its other debug messages.
o Changed the name of libdnet's sctp_chunkhdr to avoid a conflict with
a struct of the same name in <netinet/sctp.h>.
o [NSE] Host tables now have a host.traceroute member available when
--traceroute is used.
o Nmap now prints the MTU for interfaces in --iflist output.
o [Ncat,NSE] Server Name Indication (SNI) is now supported by Ncat and
Nmap NSE, allowing them to connect to servers which run multiple SSL
websites on one IP address.
o [Nsock] Added a new function, nsi_set_hostname, to set the intended
hostname of the target.
o [NSE] Made sslv2.nse give special output when SSLv2 is supported,
but no SSLv2 ciphers are offered.
o Fixed the fragmentation options (-f in Nmap, --mtu in Nmap & Nping),
which were improperly sending whole packets in version 5.35DC1.
o [NSE] When receiving raw packets from Pcap, the packet capture time
is now available to scripts as an additional return value from
pcap_receive().
o Updated IANA IP address space assignment list for random IP (-iR)
generation.
o [Ncat] Ncat now uses case-insensitive string comparison when
checking authentication schemes and parameters.
o [NSE] There is now a limit of 1,000 concurrent running scripts,
instituted to keep memory under control when there are many open
ports.
Plus many bugfixes and improvements.
For full changelog, see http://nmap.org/changelog.html
