Update to version 3.95

Changes:

- Put Nmap on a diet, with changes to the core port scanning routine
  (ultra_scan) to substantially reduce memory consumption, particularly
  when tens of thousands of ports are scanned.

- Wrote a new man page from scratch.  It is much more comprehensive
  (more than twice as long) and (IMHO) better organized than the
  previous one.  Read it online at http://www.insecure.org/nmap/man/
  or docs/nmap.1 from the Nmap distribution.  Let me know if you have
  any ideas for improving it.

- Wrote a new "help screen", which you get when running Nmap without
  arguments.  It is also reproduced in the man page and at
  http://www.insecure.org/nmap/data/nmap.usage.txt .  I gave up trying
  to fit it within a 25-line, 80-column terminal window.  It is now 78
  lines and summarizes all but the most obscure Nmap options.

- Removed foreign translations of the old man page from the
  distribution.  Included the following contributed translations
  (nroff format) of the new man page:
    Brazilian Portuguese by Lucien Raven (lucienraven(a)yahoo.com.br)
    Portuguese (Portugal) by José Domingos (jd_pt(a)yahoo.com) and
    Andreia Gaita (shana.ufie(a)gmail.com).

- Fixed a crash in IPID Idle scan.  Thanks to Ron
  (iago(a)valhallalegends.com>, Bakeman (bakeman(a)physics.unr.edu),
  and others for reporting the problem.

- Applied some small fixes so that Nmap compiles with Visual C++
  2005 Express, which is free from Microsoft at
  http://msdn.microsoft.com/vstudio/express/visualc/ .  Thanks to KX
  (kxmail(a)gmail.com) and Sina Bahram (sbahram(a)nc.rr.com)

- Version detection softmatches (when Nmap determines the service
  protocol such as smtp but isn't able to determine the app name such as
  Postfix) can now parse out the normal match line fields such as
  hostname, device type, and extra info.  For example, we may not know
  what vendor created an sshd, but we can still parse out the protocol
  number.  This was a patch from  Doug Hoyte (doug(a)hcsw.org).

- Fixed a problem which caused UDP version scanning to fail to print
  the matched service.  Thanks to Martin Macok
  (martin.macok(a)underground.cz) for reporting the problem and Doug
  Hoyte (doug(a)hcsw.org) for fixing it.

- Made the version detection "ports" directive (in
  nmap-service-probes) more comprehensive.  This should speed up scans a
  bit.  The patch was done by Doug Hoyte (doug(a)hcsw.org).

- Integrated all of the September version detection fingerprint
  submissions.  This was done by Version Detection Czar Doug Hoyte
  (doug(a)hcsw.org) and resulted in 86 new match lines.  Please keep
  those submissions coming!

- Fixed a bunch of typos and misspellings throughout the Nmap source
  code (mostly in comments).  This was a 625-line patch by Saint Xavier
  (skyxav(a)skynet.be).

- Added the --webxml option, which does the same thing as
  --stylesheet http://www.insecure.org/nmap/data/nmap.xsl , without
  requiring you to remember the exact URL or type that whole thing.

- Fixed a possible aliasing problem in tcpip.cc by applying a patch sent in by
  Gwenole Beauchesne (gbeauchesne(a)mandriva.com).  This problem
  shouldn't have had any effect on users since we already include the
  -fno-strict-aliasing option whenever gcc 4 is detected, but it
  brings us closer to being able to remove that option.

- Fixed a problem with the -S and -e options (spoof/set
  source address, and set interface by name, respectively).  The problem
  report and a partial patch were sent by Richard Birkett
  (richard(a)musicbox.net).

- Fixed a problem with the -S and option on Windows reporting "Failed
  to resolve/decode supposed IPv4 source address".  The -D (decoy)
  option was probably broken on that platform too.  Thanks to KX
  (kxmail(a)gmail.com) for reporting the problem and tracking down a
  potential solution.

- Added --thc option (undocumented)

- Modified libdnet-stripped/src/eth-bsd.c to allow for up to 128 bpf
  devices rather than 32.  This prevents errors like "Failed to open
  ethernet interface (fxp0)" when there are more than 32 interface
  aliases.  Thanks to Krok (krok(a)void.ru) for reporting the problem
  and even sending a patch.

- Fixed a minor syntax error in tcpip.h that was causing problems with
  GCC 4.1.  Thanks to Dirk Mueller (dmuell(a)gmx.net) for reporting
  the problem and sending a fix.

- Define INET_ADDRSTRLEN in tcpip.h if the system doesn't define it
  for us.  This apparently aids compilation on Solaris 2.6 and 7.
  Thanks to Albert Chin (nmap-hackers(a)mlists.thewrittenword.com) for
  sending the patch..

- Fixed an inefficiency in RPC scan that could slow things down and
  also sometimes resulted in the spurious warning message: Ünable to
  find listening socket in get_rpc_results"

- Fixed a compilation problem on Mac OS X and perhaps other platforms
  with a one-line fix to scan_engine.cc.  Thanks to Felix Gröbert
  (felix(a)groebert.org) for notifying me of the problem.

- Nmap now accepts target list files in Windows end-of-line format (\r\n)
  as well as standard UNIX format (\n) on all platforms.  Passing a
  Windows style file to Nmap on UNIX didn't work before unless you ran
  dos2unix first.

- Fixed a problem that prevented the command "nmap -sT -PT <targets>"
  from working from a non-privileged user account.  The -PT option
  doesn't change default behavior in this case, but Nmap should (and now
  does) allow it.

- Better handle ICMP type 3, code 0 (network unreachable) responses to
  port scan packets.  These are rarely seen when scanning hosts that
  are actually online, but are still worth handling.

- Fixed a crash occured when the --exclude option was used with
  netmasks on certain platforms.  Thanks to Adam
  (nmapuser(a)globalmegahost.com) for reporting the problem and to
  Greg Darke (starstuff(a)optusnet.com.au) for sending a patch (I
  modified the patch a bit to make it more efficient).

- Removed Identd scan support from NmapFE since Nmap no longer
  supports it.  Thanks to Jonathan Dieter (jdieter99(a)gmx.net) for the
  patch.

- Fixed a bug that caused Nmap to crash if an nmap-service-probes file
  was used which didn't contain the Exclude directive.

- Fixed a divide-by-zero crash when you specify rather bogus
  command-line arguments (a TCP scan with zero tcp ports).  Thanks to
  Bart Dopheide (dopheide(a)fmf.nl) for identifying the problem and
  sending a patch.

3 files changed, 15 insertions, 15 deletions

diff --git a/net/nmap/Makefile b/net/nmap/Makefile
index 2ae5edc8285..990b2196902 100644
--- a/net/nmap/Makefile
+++ b/net/nmap/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.45 2005/09/15 14:12:18 salo Exp $
+# $NetBSD: Makefile,v 1.46 2005/12/08 21:59:17 salo Exp $
 #
 
-DISTNAME=	nmap-3.93
+DISTNAME=	nmap-3.95
 CATEGORIES=	net security
 MASTER_SITES=	http://www.insecure.org/nmap/dist/
 EXTRACT_SUFX=	.tar.bz2
diff --git a/net/nmap/distinfo b/net/nmap/distinfo
index 5a93cda5ccc..3006d0b592e 100644
--- a/net/nmap/distinfo
+++ b/net/nmap/distinfo
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.26 2005/09/15 14:12:18 salo Exp $
+$NetBSD: distinfo,v 1.27 2005/12/08 21:59:17 salo Exp $
 
-SHA1 (nmap-3.93.tar.bz2) = 0742259bd1ac5ff80a32c04db82d87512ee33b29
-RMD160 (nmap-3.93.tar.bz2) = d4d63bc273734706808420784870b721f7591b12
-Size (nmap-3.93.tar.bz2) = 2029943 bytes
-SHA1 (patch-aa) = a0d1e5ef97ec8f8bfc7b2c609f7d4b8c87e37cab
+SHA1 (nmap-3.95.tar.bz2) = 1d8a10ffb29580e3ea0406d52a3886c8de8bf21b
+RMD160 (nmap-3.95.tar.bz2) = ba572025274318a68cb3215d7e67511a92a5dc20
+Size (nmap-3.95.tar.bz2) = 1923771 bytes
+SHA1 (patch-aa) = 8b393b91ae21d9235d1083cefc026829bcf14d17
 SHA1 (patch-ab) = 7ac228ff6016b1893b0bdd38134fe46f6ee71b67
 SHA1 (patch-ad) = 697142c3eed5c8771c9421e241a06b9c35588b9d
 SHA1 (patch-ae) = 9ef870f3961c38c85c558304595df31f2b9d92fd
diff --git a/net/nmap/patches/patch-aa b/net/nmap/patches/patch-aa
index f3ee4e73424..44769a4dfba 100644
--- a/net/nmap/patches/patch-aa
+++ b/net/nmap/patches/patch-aa
@@ -1,11 +1,11 @@
-$NetBSD: patch-aa,v 1.13 2005/09/15 14:12:18 salo Exp $
+$NetBSD: patch-aa,v 1.14 2005/12/08 21:59:17 salo Exp $
 
---- Makefile.in.orig	2005-09-12 12:36:16.000000000 +0200
-+++ Makefile.in	2005-09-15 14:13:00.000000000 +0200
+--- Makefile.in.orig	2005-12-08 09:14:08.000000000 +0100
++++ Makefile.in	2005-12-08 22:30:47.000000000 +0100
 @@ -1,4 +1,4 @@
--export NMAP_VERSION = 3.93
-+NMAP_VERSION = 3.93
- NMAP_NAME= nmap
+-export NMAP_VERSION = 3.95
++NMAP_VERSION = 3.95
+ NMAP_NAME= Nmap
  NMAP_URL= http://www.insecure.org/nmap/
  NMAP_PLATFORM=@host@
 @@ -11,14 +11,14 @@
@@ -14,8 +14,8 @@ $NetBSD: patch-aa,v 1.13 2005/09/15 14:12:18 salo Exp $
  
 -export NBASEDIR=@NBASEDIR@
 -export NSOCKDIR=@NSOCKDIR@
-+NBASEDIR = @NBASEDIR@
-+NSOCKDIR = @NSOCKDIR@
++NBASEDIR=@NBASEDIR@
++NSOCKDIR=@NSOCKDIR@
  CC = @CC@
  CXX = @CXX@
  CCOPT =