summaryrefslogtreecommitdiff
path: root/net
diff options
context:
space:
mode:
authorsalo <salo@pkgsrc.org>2003-03-22 04:07:10 +0000
committersalo <salo@pkgsrc.org>2003-03-22 04:07:10 +0000
commit9633913231ea0d9162ede38329e67d104f4d5bd6 (patch)
treeecf7788ca8e9e3a1bbb6e7e72c6236e7088a8c22 /net
parent2c825c02309628a07564143181cbafb9765157ea (diff)
downloadpkgsrc-9633913231ea0d9162ede38329e67d104f4d5bd6.tar.gz
Updated to version 3.20.
Based on patch sent by Juan RP via PR pkg/20839. Changes: Nmap 3.20: ========== o The random IP input option (-iR) now takes an argument specifying how many IPs you want to scan (e.g. -iR 1000). Specify 0 for the old neverending scan behavior. o Fixed a tricky memory leak discovered by Mugz (mugz@x-mafia.com). o Fixed output truncation problem noted by Lionel CONS (lionel.cons@cern.ch) o Fixed a bug that would cause certain incoming ICMP error messages to be improperly ignored. Nmap 3.15BETA3: =============== o Made numerous improvements to the timing behavior of "-T Aggressive" (same as -T4) scans. It is now recommended for regular use by impatient people with a fast connection. "-T Insane" mode has also been updated, but we only recommend that for, well, insane people. o Made substantial changes to the SYN/connect()/Window scanning algorithms for improved speeds, especially against heavily filtered hosts. If you notice any timing problems (misidentified ports, etc.), please send me the details (including full Nmap output and a description of what is wrong). Reports of any timing problems with -T4 would be helpful as well. o Changed Nmap such that ALL syn scan packets are sent from the port you specify with -g. Retransmissions used to utilize successively higher ports. This change has a downside in that some operating systems (such as Linux) often won't reply to the retransmissions because they reuse the same connection specifier quad (srcip:srcport:dstip:dstport). Overall I think this is a win. o Added timestamps to "Starting nmap" line and each host port scan in verbose (-v) mode. These are in ISO 8601 standard format because unlike President Bush, we actually care about International consensus :). o Nmap now comes by default in .tar.bz2 format, which compresses about 20% further. You can still find .tgz in the dist directory at http://download.insecure.org/nmap/dist/?M=D . o Various other minor bugfixes, new services, fingerprints, etc. Nmap 3.15BETA2: =============== o I added support for a brand new "port" that many of you may have never scanned before! UDP & TCP "port 0" (and IP protocol 0) are now permitted if you specify 0 explicitly. An argument like "-p -40" would still scan ports 1-40. Unlike ports, protocol 0 IS now scanned by default. This now works for ping probes too (e.g., -PS, -PA). o Applied patch by Martin Kluge (martin@elxsi.info) which adds --ttl option, which sets the outgoing IPv4 TTL field in packets sent via all raw scan types (including ping scans and OS detection). The patch "should work" on Windows, but hasn't been tested. A TTL of 0 is supported, and even tends to work on a LAN: 14:17:19.474293 192.168.0.42.60214 > 192.168.0.40.135: S 3265375623:3265375623(0) win 1024 [ttl 0] (id 35919, len 40) 14:17:19.474456 192.168.0.40.135 > 192.168.0.42.60214: S 2805154856:2805154856(0) ack 3265375624 win 64240 <mss 1460> (DF) (ttl 128, id 49889, len 44) o Applied patch by Gabriel L. Somlo ( somlo@acns.colostate.edu ) which extends the multi-ping-port functionality to nonroot and IPv6 connect() users. o I added a new --datadir command line option which allows you to specify the highest priority directory for Nmap data files nmap-services, nmap-os-fingerprints, and nmap-rpc. Any files which aren't in the given dir, will be searched for in the $NMAPDIR environmental variable, ~/nmap/, a compiled in data directory (e.g. /usr/share/nmap), and finally the current directory. o Fixed Windows (VC++ 6) compilation, thanks to patches from Kevin Davis (computerguy@cfl.rr.com) and Andy Lutomirski (luto@stanford.edu) o Included new Latvian man page translation by "miscelerious options" (misc@inbox.lv) o Fixed Solaris compilation when Sun make is used rather than GNU make. Thanks to Tom Duffy (tduffy@sun.com) for assistance. o Applied patch from Stephen Bishop (sbishop@idsec.co.uk) which prevends certain false-positive responses when Nmap raw TCP ping scans are being run in parallel. o To emphasize the highly professional nature of Nmap, I changed all instances of "fucked up" in error message text into "b0rked". o Fixed a problem with nmap-frontend RPMs that would cause a bogus /bin/xnmap link to be created (it should only create /usr/bin/xnmap). Thanks to Juho Schultz (juho.schultz@astro.helsinki.fi) for reporting the problem. o I made the maximum number of allowed routes and interfaces allowed on the scanning machine dynamic rather than hardcoded #defines of 1024 and 128. You never know -- some wacko probably has that many :). Nmap 3.15BETA1: =============== o Integrated the largest OS fingerprint DB updates ever! Thanks to everyone who contributed signatures! New or substantially modified fingerprints included the latest Windows 2K/XP changes, Cisco IOS 12.2-based routers and PIX 6.3 firewalls, FreeBSD 5.0, AIX 5.1, OpenBSD 3.2, Tru64 5.1A, IBM OS/400 V5R1M0, dozens of wireless APs, VOIP devices, firewalls, printers, print servers, cable modems, webcams, etc. We've even got some mod-chipped Xbox fingerprints now! o Applied NetBSD portability patch by Darren Reed (darrenr@reed.wattle.id.au) o Updated Makefile to better-detect if it can't make nmapfe and provide a clearer error message. Also fixed a couple compiler warnings on some *BSD platforms. o Applied patch from "Max" (nmap@webwizarddesign.com) which adds the port owner to the "addport" XML output lines which are printed (only in verbose mode, I think) as each open port is discovered. o I killed the annoying whitespace that is normally appended after the service name. Now it is only there when an owner was found via -sI (in which case there is a fourth column and so "service" must be exactly 24 characters). Nmap 3.10ALPHA9: ================ o Reworked the "ping scan" algorithm (used for any scan except -P0 or -sL) to be more robust in the face of low-bandwidth and congested connections. This also improves reliability in the multi-port and multi-type ping cases described below. o "Ping types" are no longer exclusive -- you can now do combinations such as "-PS22,53,80 -PT113 -PN -PE" in order to increase your odds of passing through strict filters. The "PB" flag is now deprecated since you can achieve the same result via "PE" and "PT" options. o Applied patch (with modest changes) by Gabriel L. Somlo (somlo@acns.colostate.edu), which allows multiple TCP probe ports in raw (root) mode. See the previous item for an example. o Fixed a libpcap compilation issue noted by Josef 'Jupp' Schugt (deusxmachina@webmail.co.za) which relates to the definition (or lack thereof) of ARPHRD_HDLC (used for Cisco HDLC frames). o Tweaked the version number (-V) output slightly. Nmap 3.10ALPHA7: ================ o Upgraded libpcap from version 0.6.2 to 0.7.1. Updated the libpcap-possiblymodified/NMAP_MODIFICATIONS file to give a much more extensive list (including diffs) of the changes included in the Nmap bundled version of Libpcap. o Applied patch to fix a libpcap alignment bug found by Tom Duffy (tduffy@sun.com). o Fixed Windows compilation. o Applied patch by Chad Loder (cloder@loder.us) of Rapid7 which fixes OpenBSD compilation. I believe Chad is now the official OpenBSD Nmap "port" maintainer. His patch also adjusted random-scan (-iR) to include the recently allocated 82.0.0.0/8 space. o Fixed (I hope) a few compilation problems on non-IPv6-enabled machines which were noted by Josef 'Jupp' Schugt (jupp@gmx.de) o Included some man page translations which were inadvertently missed in previous tarballs. o Applied patch from Matthieu Verbert (mve@zurich.ibm.com) which places the Nmap man pages under ${prefix}/share/man rather than ${prefix}/man when installed via RPM. Maybe the tarball install should do this too? Opinions? o Applied patch from R Anderson (listbox@pole-position.org) which improves the way ICMP port unreachables from intermediate hosts are handled during UDP scans. o Added note to man page related to Nmap US export control. I believe Nmap falls under ECCN 5D992, which has no special restrictions beyond the standard export denial to a handful of rogue nations such as Iraq and North Korea. o Added a warning that some hosts may be skipped and/or repeated when someone tries to --resume a --randomize_hosts scan. This was suggested by Crayden Mantelium (crayden@sensewave.com) o Fixed a minor memory leak noted by Michael Davis (mike@datanerds.net). Nmap 3.10ALPHA4: ================ o Applied patch by Max Schubert (nmap@webwizarddesign.com) which adds an add-port XML tag whenever a new port is found open when Nmap is running in verbose mode. The new tag looks like: <addport state="open" portid="22" protocol="tcp"/> I also updated docs/nmap.dtd to recognize this new tag. o Added German translation of Nmap manpage by Marc Ruef (marc.ruef@computec.ch). It is also available at http://www.insecure.org/nmap/data/nmap_manpage-de.html o Includes a brand new French translation of the manpage by Sebastien Blanchet. You could probably guess that it is available at http://www.insecure.org/nmap/data/nmap_manpage-fr.html o Applied some patches from Chad Loder (cloder@loder.us) which update the random IP allocation pool and improve OpenBSD support. Some were from the OBSD Nmap patchlist. o Fixed a compile problem on machines without PF_INET6. Thanks to Josef 'Jupp' Schugt (deusxmachina@webmail.co.za) for noting this. Nmap 3.10ALPHA3: ================ o Added --min_parallelism option, which makes scans more aggressive and MUCH faster in certain situations -- especially against firewalled hosts. It is basically the opposite of --max_parallelism (-M). Note that reliability can be lost if you push it too far. o Added --packet_trace option, which tells Nmap to display all of the packets it sends and receives in a format similar to tcpdump. I mostly added this for debugging purposes, but ppl wishing to learn how Nmap works or for experts wanting to ensure Nmap is doing exactly what they epect. If you want this feature supported under Windows, please send me a patch :). o Fixed a segmentation fault in Idlescan (-sI). o Made Idlescan timing more conservative when -P0 is specified to improve accuracy. o Fixed an infinite-loop condition that could occur during certain dropped-packet scenarios in an Idle scan. o Nmap now reports execution times to millisecond precision (rather than rouding to the nearest second). o Fixed an infinite loop caused by invalid port arguments. Problem noted by fejed (fejed@uddf.net). Nmap 3.10ALPHA2: ================ o Fixed compilation and IPv6 support on FreeBSD (tested on 4.6-STABLE). Thanks to Niels Heinen (niels.heinen@ubizen.com) for suggestions. o Made some portability changes based on suggestions by Josef 'Jupp' Schugt (jupp@gmx.de) o Fixed compilation and IPv6 support on Solaris 9 (haven't tested earlier versions). Nmap 3.10ALPHA1: ================ o IPv6 is now supported for TCP scan (-sT), connect()-style ping scan (-sP), and list scan (-sL)! Just specify the -6 option and the IPv6 numbers or DNS names. Netmask notation is not currently supported -- I'm not sure how useful it is for IPv6, where even petty end users may be allocated trillions of addresses (/80). If you need one of the scan types that hasn't been ported yet, give Sebastien Peterson's patch a try at http://nmap6.sourceforge.net/ . If there is demand, I may integrate more of that into Nmap. o Major code restructing, which included conversion to C++ -- so you'll need g++ or another C++ compiler. I accidently let a C++ requirement slip in a while back and found that almost everyone has such a compiler. Windows (VC++) users: see the README-WIN32 for new compilation instructions. o Applied patch from Axel Nennker (Axel.Nennker@t-systems.com) which adds a --without-nmapfe option to the configure script. This si useful if your system doesn't have the proper libraries (eg GTK) or if you think GUIs are for sissies :). o Removed arbitrary max_parallelism (-M) limitations, as suggested by William McVey ( wam@cisco.com ). o Added DEC OSF to the platforms that require the BSDFIX() macro due to taking ip length and offset fields in host rather than network byte order. Suggested by Dean Bennett (deanb@gbtn.net) o Fixed an debug statement C ambiguity discovered by Kronos (kronos@kronoz.cjb.net)
Diffstat (limited to 'net')
-rw-r--r--net/nmap/Makefile14
-rw-r--r--net/nmap/distinfo12
-rw-r--r--net/nmap/patches/patch-aa40
-rw-r--r--net/nmap/patches/patch-ad33
-rw-r--r--net/nmap/patches/patch-af31
5 files changed, 52 insertions, 78 deletions
diff --git a/net/nmap/Makefile b/net/nmap/Makefile
index eca4012f9b8..82699cdae7f 100644
--- a/net/nmap/Makefile
+++ b/net/nmap/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.18 2002/10/10 13:28:29 wiz Exp $
+# $NetBSD: Makefile,v 1.19 2003/03/22 04:07:10 salo Exp $
#
-DISTNAME= nmap-3.00
+DISTNAME= nmap-3.20
CATEGORIES= net security
MASTER_SITES= http://www.insecure.org/nmap/dist/
EXTRACT_SUFX= .tgz
@@ -10,11 +10,11 @@ MAINTAINER= hubertf@netbsd.org
HOMEPAGE= http://www.insecure.org/nmap/index.html
COMMENT= Network/port scanner with OS detection
-HAS_CONFIGURE= YES
-CONFIGURE_ENV+= INSTALL=${INSTALL}
-CONFIGURE_ENV+= GTK_CONFIG=no
-CONFIGURE_ARGS+=--with-libpcap=${BUILDLINK_PREFIX.libpcap}
-CONFIGURE_ARGS+=--prefix=${PREFIX}
+USE_BUILDLINK2= YES
+GNU_CONFIGURE= YES
+
+CONFIGURE_ARGS+= --with-libpcap=${BUILDLINK_PREFIX.libpcap}
+CONFIGURE_ARGS+= --without-nmapfe
.include "../../mk/bsd.prefs.mk"
diff --git a/net/nmap/distinfo b/net/nmap/distinfo
index defa9d618f5..9d34e5a1fc1 100644
--- a/net/nmap/distinfo
+++ b/net/nmap/distinfo
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.6 2002/08/03 12:23:58 hubertf Exp $
+$NetBSD: distinfo,v 1.7 2003/03/22 04:07:10 salo Exp $
-SHA1 (nmap-3.00.tgz) = 7c51c4013bf70c223b81af5a5a171fc9af011df2
-Size (nmap-3.00.tgz) = 922293 bytes
-SHA1 (patch-aa) = baa9ef7b31f8e1c74c9acdf17a71517bfc262de1
+SHA1 (nmap-3.20.tgz) = 364146163dc512c0ea751134d2cdd78af4dcbf20
+Size (nmap-3.20.tgz) = 1082736 bytes
+SHA1 (patch-aa) = 44dc9c98c8b032c7dc538ee89fcd42636f607f34
SHA1 (patch-ab) = 590271ab5edd85ec8304ae5ee2248c8249b42195
-SHA1 (patch-ad) = 28a0bc76dbb8fd271c52f26f2b1d95152da129d7
-SHA1 (patch-af) = e4a0ed033d2931b4e3bd7d9897d3ee079585ef54
+SHA1 (patch-ad) = 78b40e4840efc2c7d8b9ab94e0eedc4b47239304
+SHA1 (patch-af) = 21b03fc6658267c6c40d65f634f4fe20d06a2d77
diff --git a/net/nmap/patches/patch-aa b/net/nmap/patches/patch-aa
index 1409d0b4a20..facea7c0763 100644
--- a/net/nmap/patches/patch-aa
+++ b/net/nmap/patches/patch-aa
@@ -1,43 +1,33 @@
-$NetBSD: patch-aa,v 1.8 2002/08/03 12:23:59 hubertf Exp $
+$NetBSD: patch-aa,v 1.9 2003/03/22 04:07:11 salo Exp $
---- Makefile.in.orig Sun Jul 28 05:48:15 2002
-+++ Makefile.in
-@@ -14,8 +14,8 @@
- NBASEDIR=@NBASEDIR@
+--- Makefile.in.orig 2003-03-19 01:53:36.000000000 +0100
++++ Makefile.in 2003-03-22 04:24:12.000000000 +0100
+@@ -15,8 +15,7 @@
CC = @CC@
+ CXX = @CXX@
CCOPT =
-LIBPCAPDIR = @libpcapdir@
-INCLS = -I$(LIBPCAPDIR)
-+#LIBPCAPDIR = @libpcapdir@
+INCLS = -I.
DEFS = @DEFS@ -DNMAP_VERSION=\"$(NMAP_VERSION)\" -DNMAP_NAME=\"$(NMAP_NAME)\" -DNMAP_URL=\"$(NMAP_URL)\" -DNMAP_PLATFORM=\"$(NMAP_PLATFORM)\" -DNMAPDATADIR=\"$(nmapdatadir)\"
- CFLAGS = -g @CFLAGS@ $(CCOPT) $(DEFS) $(INCLS)
- # CFLAGS = -g -Wall $(DEFS) $(INCLS)
-@@ -37,15 +37,15 @@
-
- DEPS = nmap.h nmap_error.h targets.h idle_scan.h osscan.h output.h scan_engine.h timing.h tcpip.h utils.h global_structures.h charpool.h services.h protocols.h nmap_rpc.h portlist.h
-
--all: $(TARGET) nmapfe/nmapfe
-+all: $(TARGET) #HF#nmapfe/nmapfe
-
- $(TARGET): $(DEPS) @PCAP_DEPENDS@ $(NBASEDIR)/libnbase.a $(OBJS)
- @echo Compiling nmap
+ # For mtrace debugging -- see MTRACE define in main.cc for instructions
+ # Should only be enabled during debugging and not in any real release.
+@@ -54,9 +53,6 @@
rm -f $@
- $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS)
+ $(CXX) $(LDFLAGS) -o $@ $(OBJS) $(LIBS)
-$(LIBPCAPDIR)/libpcap.a: $(LIBPCAPDIR)/Makefile
- @echo Compiling libpcap; cd $(LIBPCAPDIR); $(MAKE)
-+#$(LIBPCAPDIR)/libpcap.a: $(LIBPCAPDIR)/Makefile
-+# @echo Compiling libpcap; cd $(LIBPCAPDIR); $(MAKE)
-
+-
$(NBASEDIR)/libnbase.a: $(NBASEDIR)/Makefile
@echo Compiling libnbase;
-@@ -174,7 +174,7 @@
+ cd $(NBASEDIR); $(MAKE)
+@@ -200,7 +196,7 @@
$(MAKEDEPEND) $(INCLS) -s "# DO NOT DELETE" -- $(DEFS) -- $(SRCS)
- install: $(TARGET)
+ install-nmap: $(TARGET)
- $(SHTOOL) mkdir -f -p -m 755 $(bindir) $(mandir)/man1 $(nmapdatadir) $(deskdir)
+ $(SHTOOL) mkdir -f -p -m 755 $(bindir) $(mandir)/man1 $(nmapdatadir)
$(INSTALL) -c -m 755 nmap $(bindir)/nmap
- @echo "If the next command fails -- you cannot use the X front end"
- -test -f nmapfe/nmapfe && $(INSTALL) -c -m 755 nmapfe/nmapfe $(bindir)/nmapfe && $(SHTOOL) mkln -f -s $(bindir)/nmapfe $(bindir)/xnmap && $(INSTALL) -c -m 644 nmapfe.desktop $(deskdir)/nmapfe.desktop && $(INSTALL) -c -m 644 docs/nmapfe.1 $(mandir)/man1/nmapfe.1 && $(INSTALL) -c -m 644 docs/xnmap.1 $(mandir)/man1/xnmap.1
+ $(INSTALL) -c -m 644 docs/$(TARGET).1 $(mandir)/man1/$(TARGET).1
+ $(INSTALL) -c -m 644 nmap-os-fingerprints $(nmapdatadir)/nmap-os-fingerprints
diff --git a/net/nmap/patches/patch-ad b/net/nmap/patches/patch-ad
index 7816d876666..11b14337107 100644
--- a/net/nmap/patches/patch-ad
+++ b/net/nmap/patches/patch-ad
@@ -1,22 +1,13 @@
-$NetBSD: patch-ad,v 1.4 2002/08/03 12:24:00 hubertf Exp $
+$NetBSD: patch-ad,v 1.5 2003/03/22 04:07:11 salo Exp $
---- nmap-services.orig Sat Jul 20 11:19:26 2002
-+++ nmap-services
-@@ -1748,7 +1748,7 @@
- dls-monitor 2048/udp #
- nfs 2049/tcp # networked file system
- nfs 2049/udp # networked file system
--distrib-net-losers 2064/tcp # A group of lamers working on a silly closed-source client for solving the RSA cryptographic challenge. This is the keyblock proxy port.
-+distrib-net-kbproxy 2064/tcp # keyblock proxy port for distributed.net-clients
- knetd 2053/tcp #
- dlsrpn 2065/tcp # Data Link Switch Read Port Number
- dlsrpn 2065/udp # Data Link Switch Read Port Number
-@@ -1809,7 +1809,7 @@
- cfs 3049/tcp # cryptographic file system (nfs) (proposed)
- cfs 3049/udp # cryptographic file system (nfs)
- PowerChute 3052/tcp
--distrib-net-proxy 3064/tcp # Stupid closed source distributed.net project proxy port
-+distrib-net-proxy 3064/tcp # distributed.net project proxy port
- sj3 3086/tcp # SJ3 (kanji input)
- squid-http 3128/tcp #
- squid-ipc 3130/udp #
+--- nbase/configure.orig 2003-03-22 04:36:20.000000000 +0100
++++ nbase/configure 2003-03-22 04:39:41.000000000 +0100
+@@ -10,6 +10,8 @@
+ ## M4sh Initialization. ##
+ ## --------------------- ##
+
++LIBS=
++
+ # Be Bourne compatible
+ if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+ emulate sh
diff --git a/net/nmap/patches/patch-af b/net/nmap/patches/patch-af
index 0518007426a..2b0dea46735 100644
--- a/net/nmap/patches/patch-af
+++ b/net/nmap/patches/patch-af
@@ -1,20 +1,13 @@
-$NetBSD: patch-af,v 1.2 2002/08/03 12:24:01 hubertf Exp $
+$NetBSD: patch-af,v 1.3 2003/03/22 04:07:11 salo Exp $
---- config.sub.orig Mon Jul 1 07:56:09 2002
-+++ config.sub
-@@ -236,6 +236,7 @@
- | i370 | i860 | i960 | ia64 \
- | m32r | m68000 | m68k | m88k | mcore \
- | mips | mips16 | mips64 | mips64el | mips64orion | mips64orionel \
-+ | mipseb | mipsel \
- | mips64vr4100 | mips64vr4100el | mips64vr4300 \
- | mips64vr4300el | mips64vr5000 | mips64vr5000el \
- | mipsbe | mipseb | mipsel | mipsle | mipstx39 | mipstx39el \
-@@ -296,6 +297,7 @@
- | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
- | m88110-* | m88k-* | mcore-* \
- | mips-* | mips16-* | mips64-* | mips64el-* | mips64orion-* \
-+ | mipseb | mipsel \
- | mips64orionel-* | mips64vr4100-* | mips64vr4100el-* \
- | mips64vr4300-* | mips64vr4300el-* | mipsbe-* | mipseb-* \
- | mipsle-* | mipsel-* | mipstx39-* | mipstx39el-* \
+--- nmapfe/configure.orig 2002-08-28 02:11:16.000000000 +0200
++++ nmapfe/configure 2003-03-22 04:52:48.000000000 +0100
+@@ -10,6 +10,8 @@
+ ## M4sh Initialization. ##
+ ## --------------------- ##
+
++LIBS=
++
+ # Be Bourne compatible
+ if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+ emulate sh