summaryrefslogtreecommitdiff
path: root/net
diff options
context:
space:
mode:
authorsalo <salo@pkgsrc.org>2006-06-15 15:24:23 +0000
committersalo <salo@pkgsrc.org>2006-06-15 15:24:23 +0000
commit7bb4f4adacf3434b224e56696c2f78314da9db23 (patch)
treec039e3007372e252e9b2dd8dc1ce0fb1312e93d2 /net
parentde289a969960ac0f341543f83f77f98b49feb276 (diff)
downloadpkgsrc-7bb4f4adacf3434b224e56696c2f78314da9db23.tar.gz
Update to version 4.10
Changes: 4.10: ===== - Updated nmap-mac-prefixes to reflect the latest OUI DB from the IEEE (http://standards.ieee.org/regauth/oui/oui.txt) as of May 31, 2006. Also added a couple unregistered OUI's (for QEMU and Bochs) suggested by Robert Millan (rmh(a)aybabtu.com). - Fixed a bug which could cause false öpen" ports when doing a UDP scan of localhost. This usually only happened when you scan tens of thousands of ports (e.g. -p- option). - Fixed a bug in service detection which could lead to a crash when "--version-intensity 0" was used with a UDP scan. Thanks to Makoto Shiotsuki (shio(a)st.rim.or.jp) for reporting the problem and Doug Hoyte for producing a patch. - Made some AIX and HP-UX portability fixes to Libdnet and NmapFE. These were sent in by Peter O'Gorman (nmap-dev(a)mlists.thewrittenword.com). - When you do a UDP«CP scan, the TCP ports are now shown first (in numerical order), followed by the UDP ports (also in order). This contrasts with the old format which showed all ports together in numerical order, regardless of protocol. This was at first a "bug", but then I started thinking this behavior may be better. If you have a preference for one format or the other, please post your reasons to nmap-dev. - Changed mass_dns system to print a warning if it can't find any available DNS servers, but not quit like it used to. Thanks to Doug Hoyte for the patch. 4.04BETA1: ========== - Integrated all of your submissions (about a thousand) from the first quarter of this year! Please keep 'em coming! The DB has increased from 3,153 signatures representing 381 protocols in 4.03 to 3,441 signatures representing 401 protocols. No other tool comes close! Many of the already existing match lines were improved too. Thanks to Version Detection Czar Doug Hoyte for doing this. - Nmap now allows multiple ingored port states. If a 65K-port scan had, 64K filtered ports, 1K closed ports, and a few dozen open ports, Nmap used to list the dozen open ones among a thousand lines of closed ports. Now Nmap will give reports like "Not shown: 64330 filtered ports, 1000 closed ports" or "All 2051 scanned ports on 192.168.0.69 are closed (1051) or filtered (1000)", and omit all of those ports from the table. Open ports are never ignored. XML output can now have multiple <extraports> directive (one for each ignored state). The number of ports in a single state before it is consolidated defaults to 26 or more, though that number increases as you add -v or -d options. With -d3 or higher, no ports will be consolidated. The XML output should probably be augmented to give the extraports directive 'ip', 'tcp', and 'udp' attributes which specify the corresponding port numbers in the given state in the same listing format as the nmaprun.scaninfo.services attribute, but that part hasn't yet been implemented. If you absoultely need the exact port numbers for each state in the XML, use -d3 for now. - Nmap now ignores certain ICMP error message rate limiting (rather than slowing down to accomidate it) in cases such as SYN scan where an ICMP message and no response mean the same thing (port filtered). This is currently only done at timing level Aggressive (-T4) or higher, though we may make it the default if we don't hear problems with it. In addition, the --defeat-rst-ratelimit option has been added, which causes Nmap not to slow down to accomidate RST rate limits when encountered. For a SYN scan, this may cause closed ports to be labeled 'filtered' becuase Nmap refused to slow down enough to correspond to the rate limiting. Learn more about this new option at http://www.insecure.org/nmap/man/ . Thanks to Martin Macok (martin.macok(a)underground.cz) for writing the patch that these changes were based on. - Moved my Nmap development environment to Visual C++ 2005 Express edition. In typical "MS Upgrade Treadmill" fashion, Visual Studio 2003 users will no longer be able to compile Nmap using the new solution files. The compilation, installation, and execution instructions at http://www.insecure.org/nmap/install/inst-windows.html have been upgraded. - Automated my Windows build system so that I just have to type a single make command in the mswin32 directory. Thanks to Scott Worley (smw(a)pobox.com>, Shane & Jenny Walters (yfisaqt(a)waltersinamerica.com), and Alex Prinsier (aphexer(a)mailhaven.com) for reading my appeal in the 4.03 CHANGELOG and assisting. - Changed the PortList class to use much more efficient data structures and algorithms which take advantage of Nmap-specific behavior patterns. Thanks to Marek Majkowski (majek(a)forest.one.pl) for the patch. - Fixed a bug which prevented certain TCPÙDP scan commands, such as "nmap -sSU -p1-65535 localhost" from scanning both TCP and UDP. Instead they gave the error message "WARNING: UDP scan was requested, but no udp ports were specified. Skipping this scan type". Thanks to Doug Hoyte for the patch. - Nmap has traditionally required you to specify -T* timing options before any more granular options like --max-rtt-timeout, otherwise the general timing option would overwrite the value from your more specific request. This has now been fixed so that the more specific options always have precendence. Thanks to Doug Hoyte for this patch. - Fixed a couple possible memory leaks reported by Ted Kremenek (kremenek(a)cs.stanford.edu) from the Stanford University sofware static analysis lab ("Checker" project). - Nmap now prints a warning when you specify a target name which resolves to multiple IP addresses. Nmap proceeds to scan only the first of those addresses (as it always has done). Thanks to Doug Hoyte for the patch. The warning looks like this: Warning: Hostname google.com resolves to 3 IPs. Using 66.102.7.99. - Disallow --host-timeout values of less than 1500ms, print a warning for values less than 15s. - Changed all instances of inet_aton() into calls to inet_pton() instead. This allowed us to remove inet_aton.c from nbase. Thanks to KX (kxmail(a)gmail.com) for the patch. - When debugging (-d) is specified, Nmap now prints a report on the timing variables in use. Thanks to Doug Hoyte for the patch. The report loos like this: ---------- Timing report ---------- hostgroups: min 1, max 100000 rtt-timeouts: init 250, min 50, max 300 scan-delay: TCP 5, UDP 1000 parallelism: min 0, max 0 max-retries: 2, host-timeout 900000 ----------------------------------- - Modified the WinPcap installer file to explicitly uninstall an existing WinPcap (if you select that you wish to replace it) rather than just overwriting the old version. Thanks to Doug Hoyte for making this change. - Added some P2P application ports to the nmap-services file. Thanks to Martin Macok for the patch. - The write buffer length increased in 4.03 was increased even further when the debugging or verbosity levels are more than 2 (e.g. -d3). Thanks to Brandon Enright (bmenrigh(a)ucsd.edu) for the patch. The goal is to prevent you from ever seeing the fatal error: "log_vwrite: write buffer not large enough -- need to increase" - Added a note to the Nmap configure dragon that people sick of him can submit their own ASCII art to nmap-dev@insecure.org . If you are wondering WTF I am talking about, it is probably because only most elite Nmap users -- the ones who compile from source on UNIX -- get to see the 'l33t ASCII Art.
Diffstat (limited to 'net')
-rw-r--r--net/nmap/Makefile4
-rw-r--r--net/nmap/distinfo10
-rw-r--r--net/nmap/patches/patch-aa6
-rw-r--r--net/nmapfe/Makefile6
4 files changed, 13 insertions, 13 deletions
diff --git a/net/nmap/Makefile b/net/nmap/Makefile
index 56147d04175..14a66fdea38 100644
--- a/net/nmap/Makefile
+++ b/net/nmap/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.50 2006/04/25 13:43:09 salo Exp $
+# $NetBSD: Makefile,v 1.51 2006/06/15 15:24:23 salo Exp $
#
-DISTNAME= nmap-4.03
+DISTNAME= nmap-4.10
CATEGORIES= net security
MASTER_SITES= http://www.insecure.org/nmap/dist/
EXTRACT_SUFX= .tar.bz2
diff --git a/net/nmap/distinfo b/net/nmap/distinfo
index c7944fc6137..cc5f20de2be 100644
--- a/net/nmap/distinfo
+++ b/net/nmap/distinfo
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.31 2006/04/25 13:43:09 salo Exp $
+$NetBSD: distinfo,v 1.32 2006/06/15 15:24:23 salo Exp $
-SHA1 (nmap-4.03.tar.bz2) = 8c5f1e541647655369497862b360971a8393c59e
-RMD160 (nmap-4.03.tar.bz2) = 9750b91ce1339888e4d18fc08a5927b5c3d38973
-Size (nmap-4.03.tar.bz2) = 2123560 bytes
-SHA1 (patch-aa) = 7e76def6b186d909fb4107170d24d65812e5468f
+SHA1 (nmap-4.10.tar.bz2) = ee63328b3ff02dd75bf3e98a8506ccfdaeeb623b
+RMD160 (nmap-4.10.tar.bz2) = 1d64699b0e42cf38a6b666bf4585223ca87440c6
+Size (nmap-4.10.tar.bz2) = 2130202 bytes
+SHA1 (patch-aa) = 94785ba16d30b607df680d4a272a7bec67b32802
SHA1 (patch-ab) = ea3fc8ec22a6331a1c2dc512f1d166970beca6c3
SHA1 (patch-ad) = d54793006dcd446cc973950c9d8a974cb37655d1
SHA1 (patch-ae) = 9ef870f3961c38c85c558304595df31f2b9d92fd
diff --git a/net/nmap/patches/patch-aa b/net/nmap/patches/patch-aa
index 7cb63914f2c..06349112a1f 100644
--- a/net/nmap/patches/patch-aa
+++ b/net/nmap/patches/patch-aa
@@ -1,10 +1,10 @@
-$NetBSD: patch-aa,v 1.17 2006/04/25 13:43:09 salo Exp $
+$NetBSD: patch-aa,v 1.18 2006/06/15 15:24:24 salo Exp $
--- Makefile.in.orig 2006-04-22 23:52:13.000000000 +0200
+++ Makefile.in 2006-04-25 14:56:00.000000000 +0200
@@ -1,4 +1,4 @@
--export NMAP_VERSION = 4.03
-+NMAP_VERSION = 4.03
+-export NMAP_VERSION = 4.10
++NMAP_VERSION = 4.10
NMAP_NAME= Nmap
NMAP_URL= http://www.insecure.org/nmap/
NMAP_PLATFORM=@host@
diff --git a/net/nmapfe/Makefile b/net/nmapfe/Makefile
index 5c7e28ccfee..cac9516eb50 100644
--- a/net/nmapfe/Makefile
+++ b/net/nmapfe/Makefile
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.40 2006/04/25 13:43:09 salo Exp $
+# $NetBSD: Makefile,v 1.41 2006/06/15 15:24:24 salo Exp $
#
-DISTNAME= nmap-4.03
+DISTNAME= nmap-4.10
PKGNAME= nmapfe-0.9.5
-PKGREVISION= 28
+PKGREVISION= 29
CATEGORIES= net security
MASTER_SITES= http://www.insecure.org/nmap/dist/
EXTRACT_SUFX= .tar.bz2