Age | Commit message (Collapse) | Author | Files | Lines |
|
security update for bind9
Revisions pulled up:
- pkgsrc/net/bind9/Makefile 1.79,1.81-1.82
- pkgsrc/net/bind9/PLIST 1.19
- pkgsrc/net/bind9/distinfo 1.27
- pkgsrc/net/bind9/patches/patch-aa removed
- pkgsrc/net/bind9/patches/patch-ac 1.6
- pkgsrc/net/bind9/patches/patch-ad 1.6
- pkgsrc/net/bind9/patches/patch-ae removed
- pkgsrc/net/bind9/patches/patch-af 1.6
- pkgsrc/net/bind9/patches/patch-ah removed
- pkgsrc/net/bind9/patches/patch-ai 1.7
- pkgsrc/net/bind9/patches/patch-aj 1.4
- pkgsrc/net/bind9/patches/patch-al 1.2
- pkgsrc/net/bind9/patches/patch-am 1.1
- pkgsrc/net/bind9/patches/patch-ao 1.1
- pkgsrc/net/bind9/patches/patch-ap 1.1
- pkgsrc/net/bind9/patches/patch-aq 1.1
Module Name: pkgsrc
Committed By: taca
Date: Thu Aug 17 14:14:18 UTC 2006
Modified Files:
pkgsrc/net/bind9: Makefile PLIST distinfo
pkgsrc/net/bind9/patches: patch-ac patch-ad patch-af patch-ai patch-aj
patch-al
Added Files:
pkgsrc/net/bind9/patches: patch-am
Removed Files:
pkgsrc/net/bind9/patches: patch-aa patch-ae patch-ah
Log Message:
Update bind to 9.3.2.
Changes are huge, so please see http://www.isc.org/sw/bind/bind9.3.php.
---
Module Name: pkgsrc
Committed By: seb
Date: Mon Aug 28 16:00:45 UTC 2006
Modified Files:
pkgsrc/net/bind9: Makefile distinfo
Added Files:
pkgsrc/net/bind9/patches: patch-an patch-ao
Log Message:
Bump PKGREVISION to 1.
Fix build on NetBSD/sparc64 3.x: sync CPP symbols usage between
struct addrinfo definition and its usage in getaddrinfo().
While here define struct addrinfo's pad members the same way as in
NetBSD's /usr/include/netbsd.h and sync code in
lib/bind/irs/getaddrinfo.c:getaddrinfo().
This had been reported to bind9-bugs at isc dot org.
---
Module Name: pkgsrc
Committed By: rillig
Date: Sun Sep 3 22:58:26 UTC 2006
Modified Files:
pkgsrc/net/bind9: Makefile
Log Message:
Added the relevant variables to BUILD_DEFS.
---
Module Name: pkgsrc
Committed By: adrianp
Date: Tue Sep 5 20:45:32 UTC 2006
Modified Files:
pkgsrc/net/bind9: Makefile distinfo
Added Files:
pkgsrc/net/bind9/patches: patch-ap patch-aq
Log Message:
Fixes for CVE-2006-4095 and CVE-2006-4096 from bind-9.3.2-P1
* Assertion failure in ISC BIND SIG query processing (CVE-2006-4095)
- Recursive servers
Queries for SIG records will trigger an assertion failure if more
than one RRset is returned. However exposure can be minimized by
restricting which sources can ask for recursion.
- Authoritative servers
If a nameserver is serving a RFC 2535 DNSSEC zone and is queried
for the SIG records where there are multiple RRsets, then the
named program will trigger an assertion failure when it tries
to construct the response.
* INSIST failure in ISC BIND recursive query handling code (CVE-2006-4096)
It is possible to trigger an INSIST failure by sending enough
recursive queries such that the response to the query arrives after
all the clients waiting for the response have left the recursion
queue. However exposure can be minimized by restricting which sources
can ask for recursion.
|
|
security update for tor
Revisions pulled up:
- pkgsrc/net/tor/Makefile 1.32-1.33
- pkgsrc/net/tor/distinfo 1.19-1.20
- pkgsrc/net/tor/patches/patch-ae 1.1
Module Name: pkgsrc
Committed By: jschauma
Date: Sun Jul 9 15:03:55 UTC 2006
Modified Files:
pkgsrc/net/tor: Makefile distinfo
Added Files:
pkgsrc/net/tor/patches: patch-ae
Log Message:
update tor to version 0.1.1.22:
Changes in version 0.1.1.22 - 2006-07-05
o Major bugfixes:
- Fix a big bug that was causing servers to not find themselves
reachable if they changed IP addresses. Since only 0.1.1.22+
servers can do reachability testing correctly, now we automatically
make sure to test via one of these.
- Fix to allow clients and mirrors to learn directory info from
descriptor downloads that get cut off partway through.
- Directory authorities had a bug in deciding if a newly published
descriptor was novel enough to make everybody want a copy -- a few
servers seem to be publishing new descriptors many times a minute.
o Minor bugfixes:
- Fix a rare bug that was causing some servers to complain about
"closing wedged cpuworkers" and skip some circuit create requests.
- Make the Exit flag in directory status documents actually work.
While here, patch sample config file to log to syslog per default to make
sure that tor starts as a daemon with the default config.
---
Module Name: pkgsrc
Committed By: tv
Date: Fri Aug 4 15:08:55 UTC 2006
Modified Files:
pkgsrc/net/tor: Makefile distinfo
Log Message:
Changes in version 0.1.1.23 - 2006-07-30
o Major bugfixes:
- Fast Tor servers, especially exit nodes, were triggering asserts
due to a bug in handling the list of pending DNS resolves. Some
bugs still remain here; we're hunting them.
- Entry guards could crash clients by sending unexpected input.
- More fixes on reachability testing: if you find yourself reachable,
then don't ever make any client requests (so you stop predicting
circuits), then hup or have your clock jump, then later your IP
changes, you won't think circuits are working, so you won't try to
test reachability, so you won't publish.
o Minor bugfixes:
- Avoid a crash if the controller does a resetconf firewallports
and then a setconf fascistfirewall=1.
- Avoid an integer underflow when the dir authority decides whether
a router is stable: we might wrongly label it stable, and compute
a slightly wrong median stability, when a descriptor is published
later than now.
- Fix a place where we might trigger an assert if we can't build our
own server descriptor yet.
[ fixes security issue http://secunia.com/advisories/21708/ ]
|
|
security update for wireshark
Revisions pulled up:
- pkgsrc/net/wireshark/DESCR 1.3
- pkgsrc/net/wireshark/Makefile 1.3
- pkgsrc/net/wireshark/PLIST 1.3
- pkgsrc/net/wireshark/distinfo 1.3
- pkgsrc/net/wireshark/files/capture_airpcap_16.xpm 1.1
- pkgsrc/net/wireshark/files/capture_capture_16.xpm 1.1
- pkgsrc/net/wireshark/files/capture_details_16.xpm 1.1
- pkgsrc/net/wireshark/files/capture_ethernet_16.xpm 1.1
- pkgsrc/net/wireshark/files/capture_prepare_16.xpm 1.1
- pkgsrc/net/wireshark/patches/patch-aa 1.3
- pkgsrc/net/wireshark/patches/patch-ab removed
Module Name: pkgsrc
Committed By: ghen
Date: Mon Jul 31 10:43:32 UTC 2006
Modified Files:
pkgsrc/net/wireshark: DESCR
Log Message:
Note that Wireshark used to be called Ethereal.
---
Module Name: pkgsrc
Committed By: tron
Date: Thu Aug 24 10:48:59 UTC 2006
Modified Files:
pkgsrc/net/wireshark: Makefile PLIST distinfo
pkgsrc/net/wireshark/patches: patch-aa
Added Files:
pkgsrc/net/wireshark/files: capture_airpcap_16.xpm
capture_capture_16.xpm capture_details_16.xpm
capture_ethernet_16.xpm capture_prepare_16.xpm
Removed Files:
pkgsrc/net/wireshark/patches: patch-ab
Log Message:
Update "wireshark" package to version 0.99.3. Changes since 0.99.3:
The following vulnerabilities have been fixed:
o The SCSI dissector could crash. Versions affected: 0.99.2.
o If Wireshark was compiled with ESP decryption support, the
IPsec ESP preference parser was susceptible to off-by-one
errors. Versions affected: 0.99.2.
o If the SSCOP dissector has a port range configured and the
SSCOP payload protocol is Q.2931, a malformed packet could
make the Q.2931 dissector use up available memory. No port
range is configured by default. Versions affected: 0.7.9 -
0.99.2.
The following bugs have been fixed:
o The VOIP call analysis feature could cause an assertion.
o The RTP analysis feature could freeze for an extended period.
o Selecting "Apply as Filter" wouldn't work for some tree items.
New and Updated Features
The following features are new (or have been significantly
updated) since the last release:
o The packet list context menu now includes a conversation
filter.
o Wireshark can now generate ACL rules for several popular
firewall products.
New Protocol Support
Daytime, JPEG (RTP payload), Pegasus Lightweight Stream Control,
Pro-MPEG FEC, UMTS RRC, Veritas Low Latency Transport
Updated Protocol Support
All ASN.1 dissectors, 3G A11, 802.11, AIM SST, AJP13, ANSI 637,
AVS WLAN, BACapp, BFD, CDP, Cisco WIDS, DCERPC (DCERPC, CONV, DFS,
EPM, FLDB, NETLOGON, NT, PN-IO, RS_PGO), DCOM, DHCP, DIAMETER,
DTLS, EAPOL, ESP, H.225, H.245, H.450, HTTP, IPv6, ISAKMP,
Juniper, Kerberos, L2TP, LDAP, MSRP, NTLMSSP, PN-CBA, PN-RT,
Prism, RSVP, RTCP, RUDP, SCSI, SCTP, SDP, SIP, SIPFRAG, Skinny,
SMB, SSL, TCP, text/media, Time, XML
New and Updated Capture File Support
Catapult DCT2000, nettl
|
|
security update for miredo
Revisions pulled up:
- pkgsrc/net/miredo/Makefile 1.9, 1.10
- pkgsrc/net/miredo/PLIST 1.4
- pkgsrc/net/miredo/distinfo 1.6, 1.7
- pkgsrc/net/miredo/patches/patch-aa 1.4, 1.5
- pkgsrc/net/miredo/patches/patch-ab 1.5
- pkgsrc/net/miredo/patches/patch-ac 1.4
- pkgsrc/net/miredo/patches/patch-ad removed
- pkgsrc/net/miredo/patches/patch-ae removed
Module Name: pkgsrc
Committed By: rpaulo
Date: Tue Aug 15 20:54:45 UTC 2006
Modified Files:
pkgsrc/net/miredo: Makefile PLIST distinfo
pkgsrc/net/miredo/patches: patch-aa patch-ab patch-ac
Removed Files:
pkgsrc/net/miredo/patches: patch-ad patch-ae
Log Message:
Update to version 0.9.9:
============================================================================
RELEASE CANDIDATE 0.9.9 : Minor portability fixes
# NetBSD 4 build fixes.
============================================================================
RELEASE CANDIDATE 0.9.8 : Major feature enhancements, major security fixes
# Support interacting with Teredo clients behind symmetric NATs.
# Fix multiple problems with HMAC/ping authentication of non-Teredo nodes.
# Increase timestamp wrap time from 18 hours to 70 years to avoid replay
attacks against authentication tokens.
# Allow Router Advertisement through the ISATAP tunnel (untested).
isatapd remain very experimental, particular client-side.
Someone ought to make a clean kernel implementation instead.
# Use HMAC instead of random nonces in Teredo clients.
=============================================================================
BETA RELEASE 0.9.7 : Major security fixes
# Fix infinite UDP packet forwarding loop in Teredo server (MTFL-SA 0603).
=============================================================================
BETA RELEASE 0.9.6 : Major compatibility fixes
# Lots of portability fixes, mostly for FreeBSD and the likes.
# Removed some dead code.
# Provide teredo-mire by default.
# Print more helpful error message for some common BSD tunneling issues.
=============================================================================
BETA RELEASE 0.9.5 : Major features enhancement, major bug fixes
# Removed too brittle cone NAT support. As a side effect, miredo is much
faster to startup in client mode in most cases.
# Fix server-side handling of Windows Vista client solicitations.
# Removed the IgnoreConeBit configure option. The cone bit is now always
ignored (this was the default ever since the introduction of that
option).
=============================================================================
BETA RELEASE 0.9.4 : Major features enhancement
# More refined system clock usage brings about 30% performance boost.
=============================================================================
BETA RELEASE 0.9.3 : Major features enhancement, major bug fixes
# Use dedicated thread for packets transmission and reception. Miredo
should now leverage dual-process, dual-core and SMT systems.
# Receive to-be-decapsulated and to-be-encapsulated packets in blocking
mode; this improves performance by about 10% on Linux.
# Use the POSIX monotonic clock for maintenance procedure and exclusive
mode watch if POSIX monotonic clock and clock selection are available.
# Minor optimizations to the most stressed code paths.
# Suppress spurious 4-seconds delay when waiting for symmetric probes.
# Minimalistic support for ISATAP client in ISATAPd.
# Ignore invalid Router Advertisements properly.
# Drop incoming multicast traffic as a precautionary measure.
# Truncate PID file properly when updating it.
# Fix deadlocks and spurious exits upon some signals (such as SIGCONT).
# Fix deadlock when Teredo server DNS hostname resolution fails.
# Handle would-be spurious wakeups properly.
# Fix IPv4 global unicast access-list.
# Fix SO_REUSEADDR socket option usage.
# Use C99 restrict keyword at sensible places for compiler optimization.
# Portability fixes for DragonFly BSD.
# Work-around for some uClibc POSIX defines insanity.
# Got rid of all C++ code.
# Renamed libteredo-mire to teredo-mire for consistency.
# Leverage newer autoconf macros.
# Fix encoding of non-ASCII characters in manual pages.
# Work-around for platforms that can't rename tunnel network interface.
# Build libmiredo dynamically to reduce global code size.
# Fix inclusion of non-PIC code into shared libraries.
(Unstable version 0.9.3 includes all fixes from stable version 0.8.5)
=============================================================================
BETA RELEASE 0.9.1 : Major features enhancement
# Created and referenced a developper mailing list: <miredo-devel at
remlab.net>. Send a mail with subject subscribe to
<miredo-devel-request
at remlab.net> to subscribe.
# Added isatap, an ISATAP router based on libtun6 and miredo.
After careful IETF IPR claim check, it seems ISATAP can be freely
implemented anyway.
# Working support for Mac OS X:
- work-around overly long closefrom() replacement,
- work-around tuntap for OS X spurious initialization error.
- add required defines for pthread to work properly.
# Added libteredo-miredo, an undocumented Teredo test card.
# Improve miredo-checkconf semantics.
# Multi-threaded libteredo, and finer grained locking.
# Fix initialization in libteredo sometimes causing a crash at startup.
# Fix race condition in libteredo-list unit test.
# Fix _impossible_ overflow of FD_SET().
(Unstable version 0.9.1 includes all fixes from stable version 0.8.4)
---
Module Name: pkgsrc
Committed By: salo
Date: Fri Aug 18 13:45:57 UTC 2006
Modified Files:
pkgsrc/net/miredo: Makefile distinfo
pkgsrc/net/miredo/patches: patch-aa
Log Message:
Fix example configuration files installation so they aren't installed twice
(extra ones in PKG_SYSCONFDIR).
ok <rpaulo>
|
|
bugfixes for wireshark
Revisions pulled up:
- pkgsrc/net/wireshark/Makefile 1.2
- pkgsrc/net/wireshark/distinfo 1.2
- pkgsrc/net/wireshark/patches/patch-aa 1.2
Module Name: pkgsrc
Committed By: drochner
Date: Sun Jul 23 17:31:08 UTC 2006
Modified Files:
pkgsrc/net/wireshark: Makefile distinfo
pkgsrc/net/wireshark/patches: patch-aa
Log Message:
-remove old patch for the offset calculation of the inner packet,
the original code is fixed now
-re-add alignment fixes for variable radiotap elements
bump PKGREVISION
|
|
security update for vncviewer
Revisions pulled up:
- pkgsrc/net/Makefile 1.630
- pkgsrc/net/vnc/Makefile 1.39
- pkgsrc/net/vnc/PLIST 1.2
- pkgsrc/net/vncviewer/Makefile 1.16
- pkgsrc/net/vncviewer/PLIST 1.2
- pkgsrc/net/vncviewer/distinfo 1.9
- pkgsrc/net/vncviewer/patches/patch-aa 1.4
- pkgsrc/net/vncviewer/patches/patch-ab removed
- pkgsrc/net/vncviewer4/DESCR removed
- pkgsrc/net/vncviewer4/PLIST removed
- pkgsrc/net/vncviewer4/Makefile removed
- pkgsrc/net/vncviewer4/distinfo removed
- pkgsrc/net/vncviewer4/patches/patch-aa removed
Module Name: pkgsrc
Committed By: abs
Date: Sat Jul 22 19:21:11 UTC 2006
Modified Files:
pkgsrc/net: Makefile
pkgsrc/net/vnc: Makefile PLIST
pkgsrc/net/vncviewer: Makefile PLIST distinfo
pkgsrc/net/vncviewer/patches: patch-aa
Removed Files:
pkgsrc/net/vncviewer/patches: patch-ab
pkgsrc/net/vncviewer4: DESCR Makefile PLIST distinfo
pkgsrc/net/vncviewer4/patches: patch-aa
Log Message:
- Update net/vncviewer4 to 4.1.2 (release notes just state "FIXED: Security
vulnerability.", and move to net/vncviewer, replacing vncviewer-3.x
- Remove vncpasswd from net/vnc and add to net/vncviewer
- Bump PKGREVISION for net/vnc
|
|
replace ethereal with wireshark
Revisions pulled up:
- pkgsrc/net/Makefile 1.628, 1.629
- pkgsrc/net/wireshark/DESCR 1.1, 1.2
- pkgsrc/net/wireshark/Makefile 1.1
- pkgsrc/net/wireshark/PLIST 1.1, 1.2
- pkgsrc/net/wireshark/distinfo 1.1
- pkgsrc/net/wireshark/patches/patch-aa 1.1
- pkgsrc/net/wireshark/patches/patch-ab 1.1
- pkgsrc/net/ethereal/DESCR removed
- pkgsrc/net/ethereal/Makefile removed
- pkgsrc/net/ethereal/PLIST removed
- pkgsrc/net/ethereal/distinfo removed
- pkgsrc/net/ethereal/patches/patch-aa removed
- pkgsrc/net/ethereal/patches/patch-ab removed
Module Name: pkgsrc
Committed By: tron
Date: Fri Jul 21 14:27:53 UTC 2006
Modified Files:
pkgsrc/net: Makefile
pkgsrc/net/ethereal: Makefile
Added Files:
pkgsrc/net/wireshark: DESCR Makefile PLIST distinfo
pkgsrc/net/wireshark/patches: patch-aa patch-ab
Log Message:
Add new "wireshark" package.
Wireshark is a network protocol analyzer and the successor of "ethereal".
Changes since "ethereal" version 0.99.0:
- The GSM BSSMAP dissector could crash. Versions affected:
0.10.11.
- The ANSI MAP dissector was vulnerable to a format string
overflow. Versions affected: 0.10.0.
- The Checkpoint FW-1 dissector was vulnerable to a format
string overflow. Versions affected: 0.10.10.
- The MQ dissector was vulnerable to a format string overflow.
Versions affected: 0.10.4.
- The XML dissector was vulnerable to a format string overflow.
Versions affected: 0.10.13.
- The MOUNT dissector could attempt to allocate large amounts of
memory. Versions affected: 0.9.4.
- The NCP NMAS and NDPS dissectors were susceptible to
off-by-one errors. Versions affected: 0.9.7.
- The NTP dissector was vulnerable to a format string overflow.
Versions affected: 0.10.13.
- The SSH dissector was vulnerable to an infinite loop. Versions
affected: 0.9.10.
- The NFS dissector may have been susceptible to a buffer
overflow. Versions affected: 0.8.16.
- The "Follow TCP Stream" dialog now wraps long lines.
- Problems with ring buffers under 0.99.0 have been fixed.
- It was possible for Wireshark to crash when closing the
capture information dialog. This has been fixed.
- It was possible for Wireshark to crash when using the "Find"
feature. This has been fixed.
- Wireshark could crash if an interface was removed while
viewing the interface list. This has been fixed.
- Multicast stream analysis (Statistics->Multicast Streams) has
been added. It lets you determine burst size, output buffer
size, and losses for multicast data.
- TCP reassembly has been updated and improved.
- Expert analysis has been updated and improved.
- SCSI service response time statistics have been added.
- You can now find next/previous marked frames.
- The LDAP and SNMP dissectors have been completely rewriten.
- The SMB dissector now tracks filenames and share names.
---
Module Name: pkgsrc
Committed By: tron
Date: Fri Jul 21 14:39:33 UTC 2006
Modified Files:
pkgsrc/net/wireshark: DESCR
Log Message:
It's called "wireshark" now, not "ethereal".
---
Module Name: pkgsrc
Committed By: salo
Date: Fri Jul 21 14:53:00 UTC 2006
Modified Files:
pkgsrc/net/wireshark: PLIST
Log Message:
sort.
---
Module Name: pkgsrc
Committed By: tron
Date: Sat Jul 22 08:12:56 UTC 2006
Modified Files:
pkgsrc/net: Makefile
Removed Files:
pkgsrc/net/ethereal: DESCR Makefile PLIST distinfo
pkgsrc/net/ethereal/patches: patch-aa patch-ab
Log Message:
Remove "ethereal" package which has been superseded by "wireshark".
Approved by frueauf@.
|
|
security fix for samba
Revisions pulled up:
- pkgsrc/net/samba/Makefile 1.162
- pkgsrc/net/samba/distinfo 1.49, 1.50
- pkgsrc/net/samba/patches/patch-cd 1.1, 1.2
Module Name: pkgsrc
Committed By: ghen
Date: Tue Jul 11 07:34:35 UTC 2006
Modified Files:
pkgsrc/net/samba: Makefile distinfo
Added Files:
pkgsrc/net/samba/patches: patch-cd
Log Message:
Apply the patch from http://www.samba.org/samba/security/CAN-2006-3403.html
to fix a memory exhaustion DoS against smbd. Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: ghen
Date: Tue Jul 11 07:42:31 UTC 2006
Modified Files:
pkgsrc/net/samba: distinfo
pkgsrc/net/samba/patches: patch-cd
Log Message:
Fix path in patch-cd.
|
|
build fix for ucarp
Revisions pulled up:
- pkgsrc/net/ucarp/Makefile 1.9
Module Name: pkgsrc
Committed By: joerg
Date: Thu Jul 6 13:18:11 UTC 2006
Modified Files:
pkgsrc/net/ucarp: Makefile
Log Message:
Needs msgfmt.
|
|
portability fix for net-snmp
Revisions pulled up:
- pkgsrc/net/net-snmp/Makefile 1.50
Module Name: pkgsrc
Committed By: joerg
Date: Thu Jul 6 18:13:08 UTC 2006
Modified Files:
pkgsrc/net/net-snmp: Makefile
Log Message:
Export OPSYS explicitly. This worked before, but according to PR 33931
it got broken.
|
|
security update for kiax
Revisions pulled up:
- pkgsrc/net/kiax/Makefile 1.10
- pkgsrc/net/kiax/distinfo 1.5
- pkgsrc/net/kiax/patches/patch-ae 1.4
- pkgsrc/net/kiax/patches/patch-ai 1.4
Module Name: pkgsrc
Committed By: reinoud
Date: Fri Jul 7 16:50:36 UTC 2006
Modified Files:
pkgsrc/net/kiax: Makefile distinfo
pkgsrc/net/kiax/patches: patch-ae patch-ai
Log Message:
Update net/kiax to version 0.8.51 fixing the security issue in 0.8.5
From the change log:
# Patched security flaw in iaxclient
# Patched md5 to work on amd64 (Jasmin Buchert)
# Added Malay translation (Mohd Effendi Jaafar)
|
|
variable used by getopt(3).
|
|
|
|
older NetBSD versions and the file doesn't exist under newer versions.
|
|
|
|
It gets confused by the definition of the ar_tha() macro.
|
|
Bump revision.
|
|
|
|
|
|
like Solaris. Comment out some unused functions messing with the dirent
interface to fix the build on DragonFly. Bump revision.
|
|
|
|
|
|
courier-mta and courier-imap. Bump the PKGREVISION on all three
packages.
|
|
|
|
- bite the bullet and use GNU make, it's increasingly annoying to try
avoiding it
Changes:
- Added a dozens of more detailed SSH version detection signatures,
thanks to a SSH huge survey and integration effort by Doug Hoyte.
The results of his large-scale SSH scan are posted at
http://seclists.org/nmap-dev/2006/Apr-Jun/0393.html .
- Fixed the Nmap Makefile (actually Makefile.in) to correctly handle
include file dependencies. So if a .h file is changed, all of the
.cc files which depend on it will be recompiled. Thanks to Diman
Todorov (diman(a)xover.mud.at) for the patch.
- Fixed a compilation problem on solaris and possibly other platforms.
The error message looked like "No rule to make target `inet_aton.o',
needed by `libnbase.a'". Thanks to Matt Selsky
(selsky(a)columbia.edu) for the patch.
Fixes PR pkg/33806 from Gilles Dauphin.
- Applied a patch which helps with HP-UX compilation by linking in the
nm library (-lnm). Thanks to Zakharov Mikhail (zmey20000(a)yahoo.com)
for the patch.
- Added version detection probes for detecting the Nessus daemon.
Thanks to Adam Vartanian (flooey(a)gmail.com) for sending the patch.
|
|
|
|
bump PKGREVISION
|
|
|
|
|
|
|
|
|
|
|
|
using BUILDLINK_PREFIX.*, honor PKGMANDIR, and add missing file entries
to the PLIST. Bump the PKGREVISION to 8. This should fix the error
noted in the bulk build results:
http://mail-index.netbsd.org/pkgsrc-bulk/2006/06/20/0000.html
|
|
|
|
|
|
|
|
|
|
|
|
dutifully installs whatever it thinks might be missing or just
substandard on the current system.
As the Makefile already adds the contents of share/doc/bind9
dynamically to the PLIST, do the same for include/bind.
Fixes the PLIST on RedHat EL 2 & 3, and does not break it on NetBSD/3
No PKGREVISION bump as no change to anything but generated PLIST
|
|
in PR pkg/33764.
|
|
|
|
|
|
|
|
- add code to do disk i/o statistics for NetBSD and enable it.
|
|
Changes:
4.10:
=====
- Updated nmap-mac-prefixes to reflect the latest OUI DB from the IEEE
(http://standards.ieee.org/regauth/oui/oui.txt) as of May 31, 2006.
Also added a couple unregistered OUI's (for QEMU and Bochs)
suggested by Robert Millan (rmh(a)aybabtu.com).
- Fixed a bug which could cause false öpen" ports when doing a UDP
scan of localhost. This usually only happened when you scan tens of
thousands of ports (e.g. -p- option).
- Fixed a bug in service detection which could lead to a crash when
"--version-intensity 0" was used with a UDP scan. Thanks to Makoto
Shiotsuki (shio(a)st.rim.or.jp) for reporting the problem and Doug
Hoyte for producing a patch.
- Made some AIX and HP-UX portability fixes to Libdnet and NmapFE.
These were sent in by Peter O'Gorman
(nmap-dev(a)mlists.thewrittenword.com).
- When you do a UDP«CP scan, the TCP ports are now shown first (in
numerical order), followed by the UDP ports (also in order). This
contrasts with the old format which showed all ports together in
numerical order, regardless of protocol. This was at first a "bug",
but then I started thinking this behavior may be better. If you
have a preference for one format or the other, please post your
reasons to nmap-dev.
- Changed mass_dns system to print a warning if it can't find any
available DNS servers, but not quit like it used to. Thanks to Doug
Hoyte for the patch.
4.04BETA1:
==========
- Integrated all of your submissions (about a thousand) from the first
quarter of this year! Please keep 'em coming! The DB has increased
from 3,153 signatures representing 381 protocols in 4.03 to 3,441
signatures representing 401 protocols. No other tool comes close!
Many of the already existing match lines were improved too. Thanks
to Version Detection Czar Doug Hoyte for doing this.
- Nmap now allows multiple ingored port states. If a 65K-port scan
had, 64K filtered ports, 1K closed ports, and a few dozen open
ports, Nmap used to list the dozen open ones among a thousand lines
of closed ports. Now Nmap will give reports like "Not shown: 64330
filtered ports, 1000 closed ports" or "All 2051 scanned ports on
192.168.0.69 are closed (1051) or filtered (1000)", and omit all of
those ports from the table. Open ports are never ignored. XML
output can now have multiple <extraports> directive (one for each
ignored state). The number of ports in a single state before it is
consolidated defaults to 26 or more, though that number increases as
you add -v or -d options. With -d3 or higher, no ports will be
consolidated. The XML output should probably be augmented to give
the extraports directive 'ip', 'tcp', and 'udp' attributes which
specify the corresponding port numbers in the given state in the
same listing format as the nmaprun.scaninfo.services attribute, but
that part hasn't yet been implemented. If you absoultely need the
exact port numbers for each state in the XML, use -d3 for now.
- Nmap now ignores certain ICMP error message rate limiting (rather
than slowing down to accomidate it) in cases such as SYN scan where
an ICMP message and no response mean the same thing (port filtered).
This is currently only done at timing level Aggressive (-T4) or
higher, though we may make it the default if we don't hear problems
with it. In addition, the --defeat-rst-ratelimit option has been
added, which causes Nmap not to slow down to accomidate RST rate
limits when encountered. For a SYN scan, this may cause closed
ports to be labeled 'filtered' becuase Nmap refused to slow down
enough to correspond to the rate limiting. Learn more about this
new option at http://www.insecure.org/nmap/man/ . Thanks to Martin
Macok (martin.macok(a)underground.cz) for writing the patch that
these changes were based on.
- Moved my Nmap development environment to Visual C++ 2005 Express
edition. In typical "MS Upgrade Treadmill" fashion, Visual Studio
2003 users will no longer be able to compile Nmap using the new
solution files. The compilation, installation, and execution
instructions at
http://www.insecure.org/nmap/install/inst-windows.html have been
upgraded.
- Automated my Windows build system so that I just have to type a
single make command in the mswin32 directory. Thanks to Scott
Worley (smw(a)pobox.com>, Shane & Jenny Walters
(yfisaqt(a)waltersinamerica.com), and Alex Prinsier
(aphexer(a)mailhaven.com) for reading my appeal in the 4.03
CHANGELOG and assisting.
- Changed the PortList class to use much more efficient data
structures and algorithms which take advantage of Nmap-specific
behavior patterns. Thanks to Marek Majkowski
(majek(a)forest.one.pl) for the patch.
- Fixed a bug which prevented certain TCPÙDP scan commands, such as
"nmap -sSU -p1-65535 localhost" from scanning both TCP and UDP.
Instead they gave the error message "WARNING: UDP scan was requested,
but no udp ports were specified. Skipping this scan type". Thanks to
Doug Hoyte for the patch.
- Nmap has traditionally required you to specify -T* timing options
before any more granular options like --max-rtt-timeout, otherwise the
general timing option would overwrite the value from your more
specific request. This has now been fixed so that the more specific
options always have precendence. Thanks to Doug Hoyte for this patch.
- Fixed a couple possible memory leaks reported by Ted Kremenek
(kremenek(a)cs.stanford.edu) from the Stanford University sofware
static analysis lab ("Checker" project).
- Nmap now prints a warning when you specify a target name which
resolves to multiple IP addresses. Nmap proceeds to scan only the
first of those addresses (as it always has done). Thanks to Doug
Hoyte for the patch. The warning looks like this:
Warning: Hostname google.com resolves to 3 IPs. Using 66.102.7.99.
- Disallow --host-timeout values of less than 1500ms, print a warning
for values less than 15s.
- Changed all instances of inet_aton() into calls to inet_pton()
instead. This allowed us to remove inet_aton.c from nbase. Thanks to
KX (kxmail(a)gmail.com) for the patch.
- When debugging (-d) is specified, Nmap now prints a report on the
timing variables in use. Thanks to Doug Hoyte for the patch. The
report loos like this:
---------- Timing report ----------
hostgroups: min 1, max 100000
rtt-timeouts: init 250, min 50, max 300
scan-delay: TCP 5, UDP 1000
parallelism: min 0, max 0
max-retries: 2, host-timeout 900000
-----------------------------------
- Modified the WinPcap installer file to explicitly uninstall an
existing WinPcap (if you select that you wish to replace it) rather
than just overwriting the old version. Thanks to Doug Hoyte for
making this change.
- Added some P2P application ports to the nmap-services file. Thanks
to Martin Macok for the patch.
- The write buffer length increased in 4.03 was increased even further
when the debugging or verbosity levels are more than 2 (e.g. -d3).
Thanks to Brandon Enright (bmenrigh(a)ucsd.edu) for the patch. The
goal is to prevent you from ever seeing the fatal error:
"log_vwrite: write buffer not large enough -- need to increase"
- Added a note to the Nmap configure dragon that people sick of him
can submit their own ASCII art to nmap-dev@insecure.org . If you
are wondering WTF I am talking about, it is probably because only
most elite Nmap users -- the ones who compile from source on UNIX --
get to see the 'l33t ASCII Art.
|
|
|
|
SSL libraries to build couriertls, which encapsulates the logic for
handling SSL connections for Courier services. Drop the dependency
on openssl from both courier-imap and courier-mta, which only need
the "openssl" tool instead. Bump the PKGREVISIONs for all three
packages due to the changed dependencies. Problem noted by Ondrej
Tuma in private email.
|
|
compatibility. Bump PKGREVISION.
|
|
|
|
1.2.6:
Sam Lantinga - Sun Apr 30 01:48:40 PDT 2006
* Added gcc-fat.sh for generating Universal binaries on Mac OS X
* Updated libtool support to version 1.5.22
Sam Lantinga - Wed Nov 19 00:23:44 PST 2003
* Updated libtool support for new mingw32 DLL build process
Shard - Thu, 05 Jun 2003 09:30:20 -0500
* Fixed compiling on BeOS, which may not have SO_BROADCAST
Kyle Davenport - Sat, 19 Apr 2003 17:13:31 -0500
* Added .la files to the development RPM, fixing RPM build on RedHat 8
Bump BUILDLINK_ABI_DEPENDS for SDL shlib changes.
|