| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Fixes configuring of multicast support and ipv6 support on NetBSD.
Add patches to deal with:
setsockopt(..., IP_MULTICAST_TTL,..) takes a u_char arg (not int).
On NetBSD and Solaris (probably other BSD's) ipv6 multicast group
join is done with IPV6_JOIN_GROUP not linux's IPV6_ADD_MEMERSHIP.
|
|
|
|
changes:
-bugfixes
|
|
|
|
|
|
|
|
|
|
license with no restrictions on commercial use.
|
|
Add options for choosing between lablgtk and lablgtk2 toolkit.
XXX: lablgtk2 GUI is very unstable (at least for me), don't use it yet.
|
|
2005/09/04: spiralvoice (version 2.6.4 = tag release-2-6-4)
4392: Print "Core started" on stdout even if logging is enabled
Fixes problems when MLDonkey is spawned by a GUI
2005/09/03: spiralvoice
4247: memstats: BT/FT/GNUT/G2: initial memstats, ALL: show nr of old_files,
BT: nr of torrent files
4390: Mail: Print incoming path if !!url_in_mail is used
4389: BT: Fix core exit if dirs of a shared multifile torrent are not writable
4368: new option: create_file_sparse true|false, this works only for
files on NTFS drives in MinGW compiled MLDonkey (thanks to zet)
2005/09/01: spiralvoice
4385: EDK: Preserve untested servers (by pango)
4351: optimize ip blocking lists (by pango)
4376: EDK: Re-enable result_done (already downloaded) in search results (by zet)
4126: Improved log_file handling
* there is now a default log_file: mlnet.log, old downloads.ini is *not* updated
* its default log_file_size is 2MB, this is checked only on core start,
if log_file is bigger it will be resetted
* logging will always be appended to log_file
* new command "clear_log" to reset log_file while the core is working
* new command "open_log" to reopen log after close_log
* removed command "log_file", same can be achieved through "set log_file <file>"
4384: HTML: Add "Import Serverlist" in servers, clean third button row (by schlumpf)
4365: Disable console "X" close button on MinGW, second version (by CML)
4382: Solve libgd configure in mandrake 10.0
4381: better differentiation of eDonkey and BT Stats Table (by schlumpf)
4380: some info for SCM Version (CVS co Date/ SVN revision) (by schlumpf)
4379: Fix compile error when libgd is not present
4378: Longhelp: Better description for add_user
4377: Better description for shared_directories in downloads.ini
4356: EDK: Improved server.met handling / fix contact.dat loading
* Changed user agent from "MLdonkey" to "MLDonkey", solves problem
when downloading files from www.gruk.org and www.srv1000.com
* MLDonkey new recognizes links like ed2k://|serverlist|http://server/file.ext|/
* "servers" command now takes URLs
* if period in web_infos is zero the file is only loaded during core start
(as requested by the owner of www.gruk.org)
* in all places where a filename or URL for a server.met can be used this
file can also be compressed with gz/bz2/zip
* automatically replace old default server.met in web_infos
("server.met", 24,
"http://ocbmaurice.dyndns.org/pl/slist.pl/server.met?download/server-best.met");
with fake servers free list from gruk.org:
("server.met", 0, "http://www.gruk.org/server.met.gz");
* fixed bug which prevented loading Overnet contact.dat file in web_infos
2005/08/29: spiralvoice
4368: Use sparse files on MinGW/NTFS (by zet)
4370: BT/Win32: fix multifile hashing (by Amorphous)
2005/08/28: spiralvoice
4366: HTML: more maintainable html_mods styles (by pango)
4367: Improve logging
4361: New command: uptime
Lots of improvements for MinGW, this platform now supports
files > 2GB, threads and libgd generated statistics.
Here you will find compilation instructions:
http://mldonkey.berlios.de/modules.php?name=Wiki&pagename=Windows
4342: Large_file support for mld_hash and MinGW MLDonkey core (by zet)
4358: Add thread support for MinGW (by zet)
4362: configure.in support for libgd on MinGW/FreeBSD
4349: increase filedescriptor limit for mingw (by zet)
4365: Disable console "X" close button on MinGW (by zet)
2005/08/26: spiralvoice
4360: Configure: Test for nl_langinfo(CODESET)
4359: Upload: Give upload slot truely randomly (by pango)
4347: Improve exit codes, codes were inspired by sysexits.h
4345: Code clean: Optimize redundant time_to_string functions
4357: Rename ed2k_hash to mld_hash
4344: Improve ./configure checks (bzlib.h, iconv on Windows)
---------------------------------------------------------------------
2005/08/21: spiralvoice (version 2.6.3 = tag release-2-6-3)
4254: Patch reverted, did not work
"html_mods: Table data is incorrectly centered"
4336: Improve some log file messages
4321: BT: fixed "make_torrent produce corrupted files on Windows" (by beedauchon)
4335: Buildinfo: Fix bug if Bzip2 version string is empty (by beedauchon)
4329: HTTPClient: Implement retries for failed requests
4319: Fix compile if libbz2 is not available,
new configure option: --disable-bzip2
4334: BT/FileTP: Some progress on cancel bug (by kempston)
4333: send ip blocked addr state to gui, compute_torrent from gui (by z)
4332: Let configure fail if GNU make is not installed
2005/08/18: spiralvoice
4323: HTML: Search results: new colums for Bitrate, Codec and length
4324: Log: Improve output for verbosity "hid"
4322: EDK: compatibleclient 40 -> Shareaza
4320: Fix compile on FreeBSD < 5.3
2005/08/15: spiralvoice
4317: Updated ./configure for compiling lablgtk2 with --enable-batch
4316: Updated ./distrib/Install.txt for Ocaml 3.08.4 and new GUI options
4292: html_mods: Match styles default frameHeight with the common default
4314: Allow compiling with Ocaml 3.08.4
Compiling with 3.08.3 still works
4312: BT: Allow seeding (by beedauchon)
4311: BT: create_torrent: default_tracker and default_comment (by beedauchon)
4309: GUI: send ed2k/bt network u/d totals (by z)
4308: Gnutella/G2: Fix commit if no TigerTree is available
4305: buildinfo: Print some system internals
4304: EDK: Fix disconnect state with verbosity = "hid"
4297: Create ini file backups on shutdown
Note: file_sources.ini is never saved, it makes no sense to keep this file.
New options:
* backup_options_format, default "tar.gz", "zip" can also be used
* backup_options_delay, default 0
How often (in hours) should a backup of the ini files be written into old_config.
A value of zero means that a backup is written only when the core shuts down.
* backup_options_generations, default 10
Define the total number of options archives in old_config.
Command save got two new parameters:
* "save all" saves options, sources and creates a ini file backup
* "save backup" speaks for itself;-)
---------------------------------------------------------------------
2005/08/11: spiralvoice (version 2.6.2 = tag release-2-6-2)
4296: BT: Fix options parsing
---------------------------------------------------------------------
2005/08/09: spiralvoice (version 2.6.1 = tag release-2-6-1)
4291: EDK: Better logging for unknown compatibleclient values
4290: BT: Some small fixes for messages interested and cancel
by beedauchon
4289: LOG: Improve verbosity "hid"
4287: Better clear Fifo buffers, by bogeyman
4268: Web/Gui: free core's buffer allocated by vd # and gui
by bogeyman
2005/08/08: spiralvoice
4285: IPBlock: Server support
* display in vm/vma if a server has a blocked IP
* prevent connections to a IP blocked server,
in EDK case this resulted in a LowID connection
4284: Remove whitespaces / Some logging changes
2005/08/07: spiralvoice
4279: MinGW: HDD statistics support
4281: Remove white spaces / Some logging stuff
4251: HTML: few fixes / new option html_frame_border true|false
4278: Windows: Fix bug creating work dirs in empty dir
2005/08/06: spiralvoice
4276: IPBlock: Never block local IPs even if they are in blocklist
4274: Use relative path if downloads.ini is present
2005/08/05: spiralvoice
4272: HTML: Cursor focus in input field
4271: GTK2: Fix compile bug in src/gtk2/chat/chat_art.ml
4155: Let MLDonkey create its data in $HOME/.mldonkey
Usage instructions:
* if the core is started in a directory where downloads.ini exists
this directory will be used, this is the same behaviour as before
* on Windows the current directory will always be used,
this is consistent with eMule
* on other systems $HOME/.mldonkey will be created and used,
this is consistent with eDonkey, aMule and Unix standards
* if variable MLDONKEY_DIR is used that directory has priority,
to simulate the behaviour without this patch use:
export MLDONKEY_DIR="." && ./mlnet
2005/08/04: spiralvoice
4270: Overnet: Convert local IPs sent by OV clients to real IPs
4269: IPBlock: Several fixes, better zip file support
4264: Fasttrack: Force commit of all complete files
4258: BT: Statistics, recognize more clients, min_interval, torrents/old and more...
This patch was done by Beedauchon, it incorporates weeks of work from him.
* move .torrent to torrents/old if the file is not shared anymore
* new command rm_old_torrents: delete all files in torrents/old
* eDonkey like statistics for BT clients (csbt command)
* compute_torrent and make_torrent can put a comment into the .torrent file
* MLdonkey computes a BT-compatible client_uid starting with "-ML"
* parse more fields from .torrent files and display them in HTML interface
* Tracker: replace "/tracker" by "/announce"
* Tracker: add "/scrape"
* Multitracker support for downloading
2005/08/02: spiralvoice
4263: Fasttrack: Force bootstrapping nodes
2005/08/01: spiralvoice
4261: HTML: Add DL button - opens dialog for entering links (by omgwtf2)
4260: IPblock: Enable IP blocking for Overnet and HTTP server
(=BT Tracker) (by beedauchon)
4257: Kick uploaders which send no data for more than 1 minute
4256: Print message if glibc version mismatch
updates for buildinfo (version of libbz2, libz, libpng)
2005/07/29: spiralvoice
4255: HTML: updates for cs command
4254: html_mods: Table data is incorrectly centered
4253: HTML: New style Construction (by omgwtf2)
4251: few html fixes (reverted) (by beedauchon)
2005/07/28: spiralvoice
4250: Remove whitespaces from commonUploads.ml
4249: HTML: Links to fake check services in search results
(by bogeyman)
2005/07/27: spiralvoice
4194: FileTP : Add support for "referer",
error messages cleanup (by beedauchon)
4245: BT: Remove whitespace (by beedauchon)
4244: Change web_infos period to hours (this is a bugfix,
no need to change ini files)
new option: enable_mlnet_redirector
2005/07/26: spiralvoice
4243: FileTP: Clean lots of whitespaces
4031: HTML: relative refs in HTML output (by beedauchon)
4191: Access to disk data (free space, max file name length)
This is first step implmenting this, checkout the
disk command for debugging.
4242: IPBlock: Support guarding_full.zip
4241: Fix html_mods_vd_gfx_remove
4240: EDK: New option keep_downloaded_in_old_files
2005/07/23: spiralvoice
4184: support guarding.p2p in zip/gz/bz2 format
bz2 segfaults on OpenBSD, therefore disabled
see notes in the patch on how to compile with MinGW
2005/07/22: spiralvoice
4205: Improve logging with timestamps 2 (incomplete)
4204: Improve logging with timestamps (incomplete)
2005/07/21: spiralvoice
4195: GUI: Change configure options
Now "./configure" compiles no GUI, "--disable-gui" is default.
To use a GUI use "--enable-gui", this enables GTK2 GUI.
Other options are:
--enable-gui=newgui2 (use GTK2 GUI)
--enable-gui=newgui1 (use GTK1 newgui)
--enable-gui=oldgui (use GTK1 oldgui)
Options like "--disable-newgui" or "--enable-gtk2" were removed.
2005/07/20: spiralvoice
4193: CommonGraphics : some whitespace cleanups
4190: Gdstats: Fix tag.png/jpg link output
4188: Overnet: Dont put our own ID in the buckets (by Bogeyman)
|
|
thus were before 2005Q3.
|
|
|
|
|
|
|
|
With thanks to Thomas Klausner for clueing me in - all mistakes are mine.
|
|
|
|
Bump PKGREVISION.
|
|
* Bug-fixes
|
|
|
|
|
|
and IPv6 addresses in parallel to fill a specified packets-per-second rate.
scamper can do ICMP based Path MTU discovery. scamper starts with the
outgoing interface's MTU and discovers the location of PMTU bottlenecks.
Recent revision of scamper do a PMTU search when an ICMP fragmentation
required message is not returned to establish the PMTU to the next point
in the network, followed by a TTL limited search to infer the hop
where failure appears to occur.
Reviewed by Johnny Lam.
|
|
|
|
|
|
NO_BUILD, USE_LIBTOOL.
|
|
|
|
o Bugfixes on 0.1.0.x:
- Reject ports 465 and 587 (spam targets) in default exit policy.
- Don't crash when we don't have any spare file descriptors and we
try to spawn a dns or cpu worker.
- Get rid of IgnoreVersion undocumented config option, and make us
only warn, never exit, when we're running an obsolete version.
- Don't try to print a null string when your server finds itself to
be unreachable and the Address config option is empty.
- Make the numbers in read-history and write-history into uint64s,
so they don't overflow and publish negatives in the descriptor.
- Fix a minor memory leak in smartlist_string_remove().
- We were only allowing ourselves to upload a server descriptor at
most every 20 minutes, even if it changed earlier than that.
- Clean up log entries that pointed to old URLs.
|
|
|
|
(/var/run is not writable by user "tor", and tor drops privs early).
|
|
|
|
Update maintainer, i'm taking this one
|
|
|
|
* The last-byte download bug, where a download would not complete if only the last byte needed to be downloaded, has been fixed.
* Preliminary browse-host support, allowing other servents to browse the files that are shared. This is disabled by default.
* GTKG will detect online status again after temporary network failure.
* The .desktop file and application icons are now properly installed.
* Downloads are now sorting in a more logical way.
* Bug fixes in UTF-8 support.
* Doxygen documentation updates.
* Japanese and Spanish translation updates.
|
|
* Servers can be assigned different weights to account for
differing capacity. New -W command-line option. New penctl
commands:
server S weight W (assign weight to server)
weight (use weight for server selection)
no weight (do not use weight for server selection)
Cleaned up the logic in add_client so the weighted server
selection can be used without client tracking.
* Some performance enhancing changes:
New variable connections_used remembers the number of used
slots in conns[]. It is incremented by store_conn and
decremented by close_conn. This allows the main loop to
only accept new connections if there are empty slots in
conns[], which is much better than accepting the connection
only to immediately close it because we can't handle it.
New variable connections_last remembers the last used slot
in conns[]. This allows us to scan for empty slots much faster
in store_conn when there are many simultaneous connections.
* Documented the procedure to change FD_SETSIZE on Linux
in INSTALL.
* Documented the include command in the penctl manpage.
* Fixed SSL so it works in nonblocking mode, except that
it doesn't work anyway.
Moved listenfd and ctrlfd out of main.
* Highly experimental SSL code in pen.c. Updated manpage
with the new options. Added https example to HOWTO.
|
|
would have hit an internal assertion later. The patch is a merge from
the unstable tree as suggested by the author.
Bump revision to 1.
|
|
|
|
|
|
only if needed
|
|
|
|
Bump to nb2
|
|
Bump to nb1
|
|
From the ChangeLog:
> 2005-09-16 - Snort 2.4.1 Released
> [*] New additions
> * Added a -K command line option to manually select the logging mode using
> a single switch. The -b and -N switches will be deprecated in version
> 2.7. Pcap logging is now the default for Snort at startup, use "-K ascii"
> to revert to old behavior.
>
> [*] Improvements
> * Win32 version now supports winpcap 3.1 and MySQL client 4.13.
> * Added event on zero-length RPC fragments.
> * Fixed TCP SACK processing for text based outputs that could result in a
> DoS.
> * General improvements to frag3 including Teardrop detection fix.
> * Fixed a bug in the PPPoE decoder.
> * Added patch for time stats from Bill Parker. Enable with configure
> --enable-timestats.
> * Fixed IDS mode bailing at startup if logdir is specified in snort.conf
> and /var/log/snort doesn't exist.
> * Added decoder for IPEnc for OpenBSD. Thanks Jason Ish for the patch
> (long time ago) and Chris Kuethe for reraising the issue.
> * Allow snort to use usernames (-u) and groupnames (-g) that include
> numbers. Thanks to Shaick for the patch.
> * Fixed broken -T option.
> * Change ip_proto to ip for portscan configuration. Thanks David Bianco
> for pointing this out.
> * Fix for prelude initialization. Thanks Yoann Vandoorselaere for the
> update.
> * For content matches, when subsequent rule options fail, start searching
> again in correct location.
> * Updated Win32 to handle pflog patch.
> * Added support for new OpenBSD pflog format. Older pflog format,
> OpenBSD 3.3 and earlier is still supported. Thanks Breno Leitao
> and Christian Reis for the patch.
> * Added statistics counter for ETH_LOOPBACK packets. Thanks rmkml
> for the patch.
|
|
SIGUSR1 reset of the openvpn process. This is useful for simplifying
dhclient-exit-hooks hook scripts that need to tell the openvpn process
to reset and re-run its "up" script.
Bump the PKGREVISION of net/openvpn to 1.
|
|
|
|
(This needs to be fixed more generally across pkgsrc post-freeze.)
Reviewed by wiz.
|
|
|
|
the former is still provided through nameser_compat.h while the
latter is not available on older NetBSDs
should fix build error seen in the 2.0.2 bulk build
|
|
no longer correct since update to libevent 1.x; it now uses libtool and
generates a shlib.
Remove the offending bl3 line, and bump all dependents' PKGREVISIONs, since
the binary pkg changes for any OS that doesn't have a sufficient builtin
libevent version (or the package has requested a non-builtin version).
|
|
Changes:
3.93:
=====
o Modified Libpcap's configure.ac to compile with the
--fno-strict-aliasing option if gcc 4.X is used. This prevents when
said compiler is used. This was done for Nmap in 3.90, but is
apparently needed for pcap too. Thanks to Craig Humphrey
(Craig.Humphrey(a)chapmantripp.com) for the discovery.
o Patched libdnet to include sys/uio.h in src/tun-linux.c. This is
apparently necessary on some Glibc 2.1 systems. Thanks to Rob Foehl
(rwf(a)loonybin.net) for the patch.
o Fixed a crash which could occur when a ridiculously short
--host_timeout was specified on Windows (or on UNIX if --send_eth was
specified). Nmap now also prints a warning if you specify a
host_timeout of less than 1 second. Thanks to Ole Morten Grodaas
(grodaas(a)gmail.com) for discovering the problem.
3.91:
=====
o Fixed a crash on Windows when you -P0 scan an unused IP on a local
network (or a range that contains unused IPs). This could also
happen on UNIX if you specified the new --send_eth option. Thanks
to Jim Carras (JFCECL(a)engr.psu.edu) for reporting the problem.
o Fixed compilation on OpenBSD by applying a patch from Okan Demirmen
(okan(a)demirmen.com), who maintains Nmap in the OpenBSD Ports
collection.
o Updated nmap-mac-prefixes to include OUIs assigned by the IEEE since
April.
o Updated the included libpcre (used for version detection) from
version 4.3 to 6.3. A libpcre securty issue was fixed in 6.3, but
that issue never affected Nmap.
o Updated the included libpcap from 0.8.3 to 0.9.3. I also changed
the directory name in the Nmap tarball from libpcap-possiblymodified
to just libpcap. As usual, the modifications are described in the
NMAP_MODIFICATIONS in that directory.
3.90:
=====
o Added the ability for Nmap to send and properly route raw ethernet
packets cointaining IP datagrams rather than always sending the
packets via raw sockets. This is particularly useful for Windows,
since Microsoft has disabled raw socket support in XP for no good
reason. Nmap tries to choose the best method at runtime based on
platform, though you can override it with the new --send_eth and
--send_ip options.
o Added ARP scanning (-PR). Nmap can now send raw ethernet ARP requests to
determine whether hosts on a LAN are up, rather than relying on
higher-level IP packets (which can only be sent after a successful
ARP request and reply anyway). This is much faster and more
reliable (not subject to IP-level firewalling) than IP-based probes.
The downside is that it only works when the target machine is on the
same LAN as the scanning machine. It is now used automatically for
any hosts that are detected to be on a local ethernet network,
unless --send_ip was specified. Example usage: nmap -sP -PR
192.168.0.0/16 .
o Added the --spoof_mac option, which asks Nmap to use the given MAC
address for all of the raw ethernet frames it sends. The MAC given
can take several formats. If it is simply the string "0", Nmap
chooses a completely random MAC for the session. If the given
string is an even number of hex digits (with the pairs optionally
separated by a colon), Nmap will use those as the MAC. If less than
12 hex digits are provided, Nmap fills in the remainder of the 6
bytes with random values. If the argument isn't a 0 or hex string,
Nmap looks through the nmap-mac-prefixes to find a vendor name
containing the given string (it is case insensitive). If a match is
found, Nmap uses the vendor's OUI (3-byte prefix) and fills out the
remaining 3 bytes randomly. Valid --spoof_mac argument examples are
"Apple", "0", "01:02:03:04:05:06", "deadbeefcafe", "0020F2", and
"Cisco".
o Applied an enormous nmap-service-probes (version detection) update
from SoC student Doug Hoyte (doug(a)hcsw.org). Version 3.81 had
1064 match lines covering 195 service protocols. Now we have 2865
match lines covering 359 protocols! So the database size has nearly
tripled! This should make your -sV scans quicker and more
accurate. Thanks also go to the (literally) thousands of you who
submitted service fingerprints. Keep them coming!
o Applied a massive OS fingerprint update from Zhao Lei
(zhaolei(a)gmail.com). About 350 fingerprints were added, and many
more were updated. Notable additions include Mac OS X 10.4 (Tiger),
OpenBSD 3.7, FreeBSD 5.4, Windows Server 2003 SP1, Sony AIBO (along
with a new "robotic pet" device type category), the latest Linux 2.6
kernels Cisco routers with IOS 12.4, a ton of VoIP devices, Tru64
UNIX 5.1B, new Fortinet firewalls, AIX 5.3, NetBSD 2.0, Nokia IPSO
3.8.X, and Solaris 10. Of course there are also tons of new
broadband routers, printers, WAPs and pretty much any other device
you can coax an ethernet cable (or wireless card) into!
o Added 'leet ASCII art to the confugrator! ARTIST NOTE: If you think
the ASCII art sucks, feel free to send me alternatives. Note that
only people compiling the UNIX source code get this. (ASCII artist
unknown).
o Added OS, device type, and hostname detection using the service
detection framework. Many services print a hostname, which may be
different than DNS. The services often give more away as well. If
Nmap detects IIS, it reports an OS family of "Windows". If it sees
HP JetDirect telnetd, it reports a device type of "printer". Rather
than try to combine TCP/IP stack fingerprinting and service OS
fingerprinting, they are both printed. After all, they could
legitimately be different. An IP that gives a stack fingerprint
match of "Linksys WRT54G broadband router" and a service fingerprint
of Windows based on Kazaa running is likely a common NAT setup rather
than an Nmap mistake.
o Nmap on Windows now compiles/links with the new WinPcap 3.1
header/lib files. So please upgrade to 3.1 from
http://www.winpcap.org before installing this version of Nmap.
While older versions may still work, they aren't supported with Nmap.
o The official Nmap RPM files are now compiled statically for better
compatability with other systems. X86_64 (AMD Athlon64/Opteron)
binaries are now available in addition to the standard i386. NmapFE
RPMs are no longer distributed by Insecure.Org.
o Nmap distribution signing has changed. Release files are now signed
with a new Nmap Project GPG key (KeyID 6B9355D0). Fyodor has also
generated a new key for himself (KeyID 33599B5F). The Nmap key has
been signed by Fyodor's new key, which has been signed by Fyodor's
old key so that you know they are legit. The new keys are available
at http://www.insecure.org/nmap/data/nmap_gpgkeys.txt , as
docs/nmap_gpgkeys.txt in the Nmap source tarball, and on the public
keyserver network. Here are the fingerprints:
pub 1024D/33599B5F 2005-04-24
Key fingerprint = BB61 D057 C0D7 DCEF E730 996C 1AF6 EC50 3359 9B5F
uid Fyodor <fyodor@insecure.org>
sub 2048g/D3C2241C 2005-04-24
pub 1024D/6B9355D0 2005-04-24
Key fingerprint = 436D 66AB 9A79 8425 FDA0 E3F8 01AF 9F03 6B93 55D0
uid Nmap Project Signing Key (http://www.insecure.org/)
sub 2048g/A50A6A94 2005-04-24
o Fixed a crash problem related to non-portable varargs (vsnprintf)
usage. Reports of this crash came from Alan William Somers
(somers(a)its.caltech.edu) and Christophe (chris.branch(a)gmx.de).
This patch was prevalent on Linux boxes running an Opteron/Athlon64
CPU in 64-bit mode.
o Fixed crash when Nmap is compiled using gcc 4.X by adding the
--fno-strict-aliasing option when that compiler is detected. Thanks
to Greg Darke (starstuff(a)optusnet.com.au) for discovering that
this option fixes (hides) the problem and to Duilio J. Protti
(dprotti(a)flowgate.net) for writing the configure patch to detect
gcc 4 and add the option. A better fix is to identify and rewrite
lines that violate C99 alias rules, and we are looking into that.
o Added "rarity" feature to Nmap version detection. This causes
obscure probes to be skipped when they are unlikely to help. Each
probe now has a "rarity" value. Probes that detect dozens of
services such as GenericLines and GetRequest have rarity values of
1, while the WWWOFFLEctrlstat and mydoom probes have a rarity of 9.
When interrogating a port, Nmap always tries probes registered to
that port number. So even WWWOFFLEctrlstat will be tried against
port 8081 and mydoom will be tried against open ports between 3127
and 3198. If none of the registered ports find a match, Nmap tries
probes that have a rarity less than or equal to its current
intensity level. The intensity level defaults to 7 (so that most of
the probes are done). You can set the intensity level with the new
--version_intensity option. Alternatively, you can just use
--version_light or --version_all which set the intensity to 2 (only
try the most important probes and ones registered to the port
number) and 9 (try all probes), respectively. --version_light is
much faster than default version detection, but also a bit less
likely to find a match. This feature was designed and implemented
by Doug Hoyte (doug(a)hcsw.org).
o Added a "fallback" feature to the nmap-service-probes database.
This allows a probe to "inherit" match lines from other probes. It
is currently only used for the HTTPOptions, RTSPRequest, and
SSLSessionReq probes to inherit all of the match lines from
GetRequest. Some servers don't respond to the Nmap GetRequest (for
example because it doesn't include a Host: line) but they do respond
to some of those other 3 probes in ways that GetRequest match lines
are general enough to match. The fallback construct allows us to
benefit from these matches without repeating hundreds of signatures
in the file. This is another feature designed and implemented
by Doug Hoyte (doug(a)hcsw.org).
o Fixed crash with certain --excludefile or
--exclude arguments. Thanks to Kurt Grutzmacher
(grutz(a)jingojango.net) and pijn trein (ptrein(a)gmail.com) for
reporting the problem, and to Duilio J. Protti
(dprotti(a)flowgate.net) for debugging the issue and sending the
patch.
o Updated random scan (ip_is_reserved()) to reflect the latest IANA
assignments. This patch was sent in by Felix Groebert
(felix(a)groebert.org).
o Included new Russian man page translation by
locco_bozi(a)Safe-mail.net
o Applied pach from Steve Martin (smartin(a)stillsecure.com) which
standardizes many OS names and corrects typos in nmap-os-fingerprints.
o Fixed a crash found during certain UDP version scans. The crash was
discovered and reported by Ron (iago(a)valhallalegends.com) and fixed
by Doug Hoyte (doug(a)hcsw.com).
o Added --iflist argument which prints a list of system interfaces and
routes detected by Nmap.
o Fixed a protocol scan (-sO) problem which led to the error message:
"Error compiling our pcap filter: syntax error". Thanks to Michel
Arboi (michel(a)arboi.fr.eu.org) for reporting the problem.
o Fixed an Nmap version detection crash on Windows which led to the
error message "Unexpected error in NSE_TYPE_READ callback. Error
code: 10053 (Unknown error)". Thanks to Srivatsan
(srivatsanp(a)adventnet.com) for reporting the problem.
o Fixed some misspellings in docs/nmap.xml reported by Tom Sellers
(TSellers(a)trustmark.com).
o Applied some changes from Gisle Vanem (giva(a)bgnett.no) to make
Nmap compile with Cygwin.
o XML "osmatch" element now has a "line" attribute giving the
reference fingerprint line number in nmap-os-fingerprints.
o Added a distcc probes and a bunch of smtp matches from Dirk Mueller
(mueller(a)kde.org) to nmap-service-probes. Also added AFS version
probe and matches from Lionel Cons (lionel.cons(a)cern.ch). And
even more probes and matches from Martin Macok
(martin.macok(a)underground.cz)
o Fixed a problem where Nmap compilation would use header files from
the libpcap included with Nmap even when it was linking to a system
libpcap. Thanks to Solar Designer (solar(a)openwall.com) and Okan
Demirmen (okan(a)demirmen.com) for reporting the problem.
o Added configure option --with-libpcap=included to tell Nmap to use
the version of libpcap it ships with rather than any that may already be
installed on the system. You can still use --with-libpcap=[dir] to
specify that a system libpcap be installed rather than the shipped
one. By default, Nmap looks at both and decides which one is likely
to work best. If you are having problems on Solaris, try
--with-libpcap=included .
o Changed the --no-stylesheet option to --no_stylesheet to be
consistant with all of the other Nmap options. Though I'm starting to
like hyphens a bit better than underscores and may change all of the
options to use hyphens instad at some point.
o Added "Exclude" directive to nmap-service-probes grammar which
causes version detection to skip listed ports. This is helpful for
ports such as 9100. Some printers simply print any data sent to
that port, leading to pages of HTTP requests, SMB queries, X Windows
probes, etc. If you really want to scan all ports, specify
--allports. This patch came from Doug Hoyte (doug(a)hcsw.org).
o Added a stripped-down and heavily modified version of Dug Song's
libdnet networking library (v. 1.10). This helps with the new raw
ethernet features. My (extensive) changes are described in
libdnet-stripped/NMAP_MODIFICATIONS
o Removed WinIP library (and all Windows raw sockets code) since MS
has gone and broken raw sockets. Maybe packet receipt via raw
sockets will come back at some point. As part of this removal, the
Windows-specific --win_help, --win_list_interfaces, --win_norawsock,
--win_forcerawsock, --win_nopcap, --win_nt4route, --win_noiphlpapi,
and --win_trace options have been removed.
o Chagned the interesting ports array from a 65K-member array of
pointers into an STL list. This noticeable reduces memory usage in
some cases, and should also give a slight runtime performance
boost. This patch was written by Paul Tarjan (ptarjan(a)gmail.com).
o Removed the BSDFIX/BSDUFIX macros. The underlying bug in
FreeBSD/NetBSD is still there though. When an IP packet is sent
through a raw socket, these platforms require the total length and
fragmentation offset fields of an IP packet to be in host byte order
rather than network byte order, even though all the other fields
must be in NBO. I believe that OpenBSD fixed this a while back.
Other platforms, such as Linux, Solaris, Mac OS X, and Windows take
all of the fields in network byte order. While I removed the macro,
I still do the munging where required so that Nmap still works on
FreeBSD.
o Integrated many nmap-service-probes changes from Bo Jiang
(jiangbo(a)brandeis.edu)
o Added a bunch of RPC numbers from nmap-rpc maintainer Eilon Gishri
(eilon(a)aristo.tau.ac.il)
o Added some new RPC services to nmap-rpc thanks to a patch from
vlad902 (vlad902(a)gmail.com).
o Fixed a bug where Nmap would quit on Windows whenever it encountered
a raw scan of localhost (including the local ethernet interface
address), even when that was just one address out of a whole network
being scanned. Now Nmap just warns that it is skipping raw scans when
it encounters the local IP, but continues on to scan the rest of the
network. Raw scans do not currently work against local IP addresses
because Winpcap doesn't support reading/writing localhost interfaces
due to limitations of Windows.
o The OS fingerprint is now provided in XML output if debugging is
enabled (-d) or verbosity is at least 2 (-v -v). This patch was
sent by Okan Demirmen (okan(a)demirmen.com)
o Fixed the way tcp connect scan (-sT) respons to ICMP network
unreachable responses (patch by Richard Moore
(rich(a)westpoint.ltd.uk).
o Update random host scan (-iR) to support the latest IANA-allocated
ranges, thanks to patch by Chad Loder (cloder(a)loder.us).
o Updated GNU shtool (a helper program used during 'make install' to
version 2.0.2, which fixes a predictable temporary filename
weakness discovered by Eric Raymond.
o Removed addport element from XML DTD, since it is no longer used
(sugested by Lionel Cons (lionel.cons(a)cern.ch)
o Added new --privileged command-line option and NMAP_PRIVILEGED
environmental variable. Either of these tell Nmap to assume that
the user has full privileges to execute raw packet scans, OS
detection and the like. This can be useful when Linux kernel
capabilities or other systems are used that allow non-root users to
perform raw packet or ethernet frame manipulation. Without this
flag or variable set, Nmap bails on UNIX if geteuid() is
nonzero.
o Changed the RPM spec file so that if you define "static" to 1 (by
passing --define "static 1" to rpmbuild), static binaries are built.
o Fixed Nmap compilation on Solaris x86 thanks to a patch from Simon
Burr (simes(a)bpfh.net).
o ultra_scan() now sets pseudo-random ACK values (rather than 0) for
any TCP scans in which the initial probe packet has the ACK flag set.
This would be the ACK, Xmas, Maimon, and Window scans.
o Updated the Nmap version number, description, and similar fields
that MS Visual Studio places in the binary. This was done by editing
mswin32/nmap.rc as suggested by Chris Paget (chrisp@ngssoftware.com)
o Fixed Nmap compilation on DragonFly BSD (and perhaps some other
systems) by applying a short patch by Joerg Sonnenberger which omits
the declaration of errno if it is a #define.
o Fixed an integer overflow that prevented Nmap from scanning
2,147,483,648 hosts in one expression (e.g. 0.0.0.0/1). Problem
noted by Justin Cranford (jcranford(a)n-able.com). While /1 scans
are now possible, don't expect them to finish during your bathroom
break. No matter how constipated you are.
o Increased the buffer size allocated for fingerprints to prevent Nmap
from running out and quitting (error message: "Assertion
`servicefpalloc - servicefplen > 8' failed". Thanks to Mike Hatz
(mhatz(a)blackcat.com) for the report. [ Actually this was done in a
previous version, but I forgot which one ]
o Changed from CVS to Subversion source control system (which
rocks!). Neither repository is public (I'm paranoid because both CVS
and SVN have had remotely exploitable security holes), so the main
change users will see is that "Id" tags in file headers use the SVN
format for version numbering and such.
|
|
http://secunia.com/advisories/16786/
Whitespace police on MESSAGE
Bump to nb1
|
|
> Security Fixes
> * SQL injection attack in the module "rlm_sqlcounter".
> * Buffer overflows in the module "rlm_sqlcounter".
> * Expansion of variable %t may write 26 bytes beyond the buffer
> bound. Primoz Bratanic is credited with the discovery of these
> three bugs.
>
> Bug fixes
> * Don't de-reference a NULL pointer if the auth-type is unknown
> in the function rad_check_password().
> * Escape more characters in the LDAP queries.
> Bug found by Suse engineers.
> * In rlm_sql_unixodbc, don't call rad_malloc from sql_error(),
> it leaks memory.
> * Fix an off-by-one error in the module rlm_sql_unixodbc.
> Bug found by Suse engineers.
> * In rlm_sql, resize the buffer for the value of SQL-User-Name.
> * Initialize memory for a new SQL socket in the module rlm_sql.
> * Don't add too many attributes after running an external program.
> Bug found by Suse engineers.
> * Fix an off-by-one error in the function getthing().
> * snprintf() and vsnprintf() replacements were not compiled if
> the autoconf tests didn't find the functions.
> * Don't use vsprintf() anymore, but the replacement for vsnprintf()
> in libradius instead.
> * The function decode_attribute() may write beyond buffer bounds.
> Bug found by Suse engineers.
> * Fix a memset() in the function request_enqueue() which was
> begining at the wrong address. Bug found by Matthias Ruttman.
> * Fix an off-by-one error in the function xlat_copy().
> Bug found by Primoz Bratanic.
> * Fix other off-by-one errors in module "rlm_unix", too.
> Bug found by Allan Bazinet.
> * Fix a 2-byte over-run read in function rad_decode().
> * Update thread pool queue properly.
> * Autonconf tests try first any user-specified directory,
> otherwise they may pick up the wrong version.
> * Delete the autoconf tests for the libldap dependancies.
> * Install all the regular files under the "doc" directory.
> * Distinguish between exit code <0 (failure) and >0 (reject)
> in Exec-Program-Wait. Patch from Thor Spruyt.
> * Make Expiration work.
> * Clean up the code for opening a proxy socket.
> * When finding a realm to proxy to, if all are dead, wake them
> if wake_all_if_all_dead is true.
> * In radwho, print the NAS-Port as unsigned int.
> * Use extended regex instead of basic regex in rlm_attr_filter.
> * Catch the case where someone deletes a directory that rlm_detail
> is using.
> * Use the variable $(LDFLAGS) when linking a module.
> * Ignore the Stripped-User-Name when a realm has the "nostrip"
> directive.
> * Add support for NT-Password in rlm_pap.
> * In rlm_sqlcounter, use the time left to the next reset if it's
> inferior to the time left in the counter.
> * Calculate Message-Authenticator correctly for Accounting-Request
> and Accounting-Response. Bug found by Paolo Rotela.
> * Build on MAC OS X. Still need --disable-shared, though.
> * Fix bug #255 (crash with expired CRL's, etc.)
> * Fix quote removal of the values from a SQL database.
> * Reap the zombie process after a command run from "Exec-Program".
> * Allow to cancel proxy of accounting with "Proxy-To-Realm := LOCAL".
> * Don't copy VSA's to an Access-Reject packet.
|
