| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
- add code to do disk i/o statistics for NetBSD and enable it.
|
|
Changes:
4.10:
=====
- Updated nmap-mac-prefixes to reflect the latest OUI DB from the IEEE
(http://standards.ieee.org/regauth/oui/oui.txt) as of May 31, 2006.
Also added a couple unregistered OUI's (for QEMU and Bochs)
suggested by Robert Millan (rmh(a)aybabtu.com).
- Fixed a bug which could cause false öpen" ports when doing a UDP
scan of localhost. This usually only happened when you scan tens of
thousands of ports (e.g. -p- option).
- Fixed a bug in service detection which could lead to a crash when
"--version-intensity 0" was used with a UDP scan. Thanks to Makoto
Shiotsuki (shio(a)st.rim.or.jp) for reporting the problem and Doug
Hoyte for producing a patch.
- Made some AIX and HP-UX portability fixes to Libdnet and NmapFE.
These were sent in by Peter O'Gorman
(nmap-dev(a)mlists.thewrittenword.com).
- When you do a UDP«CP scan, the TCP ports are now shown first (in
numerical order), followed by the UDP ports (also in order). This
contrasts with the old format which showed all ports together in
numerical order, regardless of protocol. This was at first a "bug",
but then I started thinking this behavior may be better. If you
have a preference for one format or the other, please post your
reasons to nmap-dev.
- Changed mass_dns system to print a warning if it can't find any
available DNS servers, but not quit like it used to. Thanks to Doug
Hoyte for the patch.
4.04BETA1:
==========
- Integrated all of your submissions (about a thousand) from the first
quarter of this year! Please keep 'em coming! The DB has increased
from 3,153 signatures representing 381 protocols in 4.03 to 3,441
signatures representing 401 protocols. No other tool comes close!
Many of the already existing match lines were improved too. Thanks
to Version Detection Czar Doug Hoyte for doing this.
- Nmap now allows multiple ingored port states. If a 65K-port scan
had, 64K filtered ports, 1K closed ports, and a few dozen open
ports, Nmap used to list the dozen open ones among a thousand lines
of closed ports. Now Nmap will give reports like "Not shown: 64330
filtered ports, 1000 closed ports" or "All 2051 scanned ports on
192.168.0.69 are closed (1051) or filtered (1000)", and omit all of
those ports from the table. Open ports are never ignored. XML
output can now have multiple <extraports> directive (one for each
ignored state). The number of ports in a single state before it is
consolidated defaults to 26 or more, though that number increases as
you add -v or -d options. With -d3 or higher, no ports will be
consolidated. The XML output should probably be augmented to give
the extraports directive 'ip', 'tcp', and 'udp' attributes which
specify the corresponding port numbers in the given state in the
same listing format as the nmaprun.scaninfo.services attribute, but
that part hasn't yet been implemented. If you absoultely need the
exact port numbers for each state in the XML, use -d3 for now.
- Nmap now ignores certain ICMP error message rate limiting (rather
than slowing down to accomidate it) in cases such as SYN scan where
an ICMP message and no response mean the same thing (port filtered).
This is currently only done at timing level Aggressive (-T4) or
higher, though we may make it the default if we don't hear problems
with it. In addition, the --defeat-rst-ratelimit option has been
added, which causes Nmap not to slow down to accomidate RST rate
limits when encountered. For a SYN scan, this may cause closed
ports to be labeled 'filtered' becuase Nmap refused to slow down
enough to correspond to the rate limiting. Learn more about this
new option at http://www.insecure.org/nmap/man/ . Thanks to Martin
Macok (martin.macok(a)underground.cz) for writing the patch that
these changes were based on.
- Moved my Nmap development environment to Visual C++ 2005 Express
edition. In typical "MS Upgrade Treadmill" fashion, Visual Studio
2003 users will no longer be able to compile Nmap using the new
solution files. The compilation, installation, and execution
instructions at
http://www.insecure.org/nmap/install/inst-windows.html have been
upgraded.
- Automated my Windows build system so that I just have to type a
single make command in the mswin32 directory. Thanks to Scott
Worley (smw(a)pobox.com>, Shane & Jenny Walters
(yfisaqt(a)waltersinamerica.com), and Alex Prinsier
(aphexer(a)mailhaven.com) for reading my appeal in the 4.03
CHANGELOG and assisting.
- Changed the PortList class to use much more efficient data
structures and algorithms which take advantage of Nmap-specific
behavior patterns. Thanks to Marek Majkowski
(majek(a)forest.one.pl) for the patch.
- Fixed a bug which prevented certain TCPÙDP scan commands, such as
"nmap -sSU -p1-65535 localhost" from scanning both TCP and UDP.
Instead they gave the error message "WARNING: UDP scan was requested,
but no udp ports were specified. Skipping this scan type". Thanks to
Doug Hoyte for the patch.
- Nmap has traditionally required you to specify -T* timing options
before any more granular options like --max-rtt-timeout, otherwise the
general timing option would overwrite the value from your more
specific request. This has now been fixed so that the more specific
options always have precendence. Thanks to Doug Hoyte for this patch.
- Fixed a couple possible memory leaks reported by Ted Kremenek
(kremenek(a)cs.stanford.edu) from the Stanford University sofware
static analysis lab ("Checker" project).
- Nmap now prints a warning when you specify a target name which
resolves to multiple IP addresses. Nmap proceeds to scan only the
first of those addresses (as it always has done). Thanks to Doug
Hoyte for the patch. The warning looks like this:
Warning: Hostname google.com resolves to 3 IPs. Using 66.102.7.99.
- Disallow --host-timeout values of less than 1500ms, print a warning
for values less than 15s.
- Changed all instances of inet_aton() into calls to inet_pton()
instead. This allowed us to remove inet_aton.c from nbase. Thanks to
KX (kxmail(a)gmail.com) for the patch.
- When debugging (-d) is specified, Nmap now prints a report on the
timing variables in use. Thanks to Doug Hoyte for the patch. The
report loos like this:
---------- Timing report ----------
hostgroups: min 1, max 100000
rtt-timeouts: init 250, min 50, max 300
scan-delay: TCP 5, UDP 1000
parallelism: min 0, max 0
max-retries: 2, host-timeout 900000
-----------------------------------
- Modified the WinPcap installer file to explicitly uninstall an
existing WinPcap (if you select that you wish to replace it) rather
than just overwriting the old version. Thanks to Doug Hoyte for
making this change.
- Added some P2P application ports to the nmap-services file. Thanks
to Martin Macok for the patch.
- The write buffer length increased in 4.03 was increased even further
when the debugging or verbosity levels are more than 2 (e.g. -d3).
Thanks to Brandon Enright (bmenrigh(a)ucsd.edu) for the patch. The
goal is to prevent you from ever seeing the fatal error:
"log_vwrite: write buffer not large enough -- need to increase"
- Added a note to the Nmap configure dragon that people sick of him
can submit their own ASCII art to nmap-dev@insecure.org . If you
are wondering WTF I am talking about, it is probably because only
most elite Nmap users -- the ones who compile from source on UNIX --
get to see the 'l33t ASCII Art.
|
|
|
|
SSL libraries to build couriertls, which encapsulates the logic for
handling SSL connections for Courier services. Drop the dependency
on openssl from both courier-imap and courier-mta, which only need
the "openssl" tool instead. Bump the PKGREVISIONs for all three
packages due to the changed dependencies. Problem noted by Ondrej
Tuma in private email.
|
|
compatibility. Bump PKGREVISION.
|
|
|
|
1.2.6:
Sam Lantinga - Sun Apr 30 01:48:40 PDT 2006
* Added gcc-fat.sh for generating Universal binaries on Mac OS X
* Updated libtool support to version 1.5.22
Sam Lantinga - Wed Nov 19 00:23:44 PST 2003
* Updated libtool support for new mingw32 DLL build process
Shard - Thu, 05 Jun 2003 09:30:20 -0500
* Fixed compiling on BeOS, which may not have SO_BROADCAST
Kyle Davenport - Sat, 19 Apr 2003 17:13:31 -0500
* Added .la files to the development RPM, fixing RPM build on RedHat 8
Bump BUILDLINK_ABI_DEPENDS for SDL shlib changes.
|
|
|
|
o Crash and assert fixes from 0.1.1.20:
- Fix a rare crash on Tor servers that have enabled hibernation.
- Fix a seg fault on startup for Tor networks that use only one
directory authority.
- Fix an assert from a race condition that occurs on Tor servers
while exiting, where various threads are trying to log that they're
exiting, and delete the logs, at the same time.
- Make our unit tests pass again on certain obscure platforms.
[Noncritical changes, of which there are many, are in the ChangeLog.]
|
|
|
|
Pkgsrc changes:
- The module is available in the IP subdirectory on CPAN, so use the shorter
URL for MASTER_SITES.
Relevant changes since version 2.20:
====================================
- Small bug fixes
- Database update:
Apr 6 01:20 ripe.db.inetnum.gz
Apr 6 00:18 delegated-afrinic-20060406
Apr 5 18:16 delegated-apnic-20060406
Apr 6 05:03 delegated-arin-20060406
Apr 6 03:50 delegated-lacnic-20060405
|
|
|
|
|
|
|
|
net/couriertcpd.
This package contains couriertcpd(1), used to daemonize the Courier
services, and couriertls(1) used to provide TLS support for the Courier
services that support them.
|
|
build failure on darwin
|
|
|
|
|
|
pcap problem. The former could result in different code for LP64,
so bump revision.
|
|
|
|
|
|
|
|
|
|
tabs otherwise. Fix errno usage, initialise global FILE * variables
at run time.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
is (still) missing it.
|
|
|
|
These releases have better performance, numerous new features and
incorporate many bug fixes. Notable bug fixes and improvements include:
* Tcp stream properly reassembled after failed sequence check,
which may lead to possible detection evasion.
* Added configurable stream flushpoints.
* Improved rpc processing.
* Improved portscan detection.
* Improved http request processing and handling of possible
evasion cases.
* Improved performance monitoring.
|
|
|
|
|
|
Security:
ripd:
- RIPD unauthenticated route table broadcast:
CVE-2006-2223, OSVDB ID 25224, Secunia SA19910
- RIPD unauthenticated route injection:
CVE-2006-2224, OSVDB ID 25225, Secunia SA19910
[ripd] 0.98 specific command changes, allow no-auth to be set
[ripd] bugs #261, #262: Fix RIPv1 info-leak and unauthenticated route updates
[doc] Add text on 0.98 specific RIP authentication changes
[docs] Update ripd docs on version and authentication, see bugs #261,#262
Thanks to Konstantin V. Gavrilenko for report and testing.
bgpd:
- bgpd Telnet Interface DoS:
OSVDB ID 25245:
http://www.osvdb.org/displayvuln.php?osvdb_id=25245
[quagga-dev 4051]:
http://lists.quagga.net/pipermail/quagga-dev/2006-March/004052.html
[bgpd] Fix infinite loop in community_str2com
[No NEWS entries for 0.98.2 to 0.98.6; many bugfixes]
|
|
PR pkgp/33634.
|
|
|
|
in PR pkg/33634.
|
|
From Changes:
1.27 September 8th 2005
- Fixed Autoloader/open issue (Alexander Vasiljev)
- Fixed compilation error in Perl 5.005 with semicolon
in GeoIP_database_info in IP.xs (Stephen Schulte)
- Added support for open_type (Frank Mather)
1.26 May 19th 2005
- Fixed segfault issue if non-resolvable domain name is
passed to region_by_addr or region_by_name
- Added support for GEOIP_INDEX_CACHE - which just caches
the most frequently accessed index portion of the database, resulting
in faster lookups than GEOIP_STANDARD, but less memory usage than
GEOIP_MEMORY_CACHE
|
|
From ChangeLog:
1.3.17 2006-5-14
* Fixed headers for Windows/Netware compliation (Guenter Knauf)
* Fixed Received Error -21 (Sanity check database_info string failed)
when running geoipupdate with GeoIP Country when UserId and
productIds were not specified. Bug was introduced in 1.3.15.
1.3.16 2006-4-17
* Fixed compliation error in GeoIPUpdate.c
1.3.15 2006-4-14
* Updated README documentation
* Updated geoipupdate so that it writes file as it is uncompressed instead
of storing entire GeoIP.dat file in memory (Frank Mather)
* Updated geoiplookup so that it returns GeoIP Domain Name if available
(Frank Mather)
* Updated geoipupdate so that it reports whether databases are updated
in non-verbose mode (Frank Mather)
|
