summaryrefslogtreecommitdiff
path: root/net
AgeCommit message (Collapse)AuthorFilesLines
2005-10-07specify location of samba libs explicitelydrochner1-1/+3
2005-10-07update to 2.12.4drochner2-6/+6
changes: -bugfixes
2005-10-07Fixed a pkglint warning.rillig1-2/+1
2005-10-07Fixed pkglint warnings.rillig2-5/+4
2005-10-07Fixed a pkglint warning.rillig1-2/+2
2005-10-07Fixed pkglint warnings.rillig1-2/+4
2005-10-06Remove "LICENSE=no-commercial-use". Socks4 has a standard MIT/BSD stylebad1-2/+1
license with no restrictions on commercial use.
2005-10-06Update to 2.6.4 (changelog see mldonkey).wiz2-2/+27
Add options for choosing between lablgtk and lablgtk2 toolkit. XXX: lablgtk2 GUI is very unstable (at least for me), don't use it yet.
2005-10-06Update to 2.6.4:wiz5-42/+31
2005/09/04: spiralvoice (version 2.6.4 = tag release-2-6-4) 4392: Print "Core started" on stdout even if logging is enabled Fixes problems when MLDonkey is spawned by a GUI 2005/09/03: spiralvoice 4247: memstats: BT/FT/GNUT/G2: initial memstats, ALL: show nr of old_files, BT: nr of torrent files 4390: Mail: Print incoming path if !!url_in_mail is used 4389: BT: Fix core exit if dirs of a shared multifile torrent are not writable 4368: new option: create_file_sparse true|false, this works only for files on NTFS drives in MinGW compiled MLDonkey (thanks to zet) 2005/09/01: spiralvoice 4385: EDK: Preserve untested servers (by pango) 4351: optimize ip blocking lists (by pango) 4376: EDK: Re-enable result_done (already downloaded) in search results (by zet) 4126: Improved log_file handling * there is now a default log_file: mlnet.log, old downloads.ini is *not* updated * its default log_file_size is 2MB, this is checked only on core start, if log_file is bigger it will be resetted * logging will always be appended to log_file * new command "clear_log" to reset log_file while the core is working * new command "open_log" to reopen log after close_log * removed command "log_file", same can be achieved through "set log_file <file>" 4384: HTML: Add "Import Serverlist" in servers, clean third button row (by schlumpf) 4365: Disable console "X" close button on MinGW, second version (by CML) 4382: Solve libgd configure in mandrake 10.0 4381: better differentiation of eDonkey and BT Stats Table (by schlumpf) 4380: some info for SCM Version (CVS co Date/ SVN revision) (by schlumpf) 4379: Fix compile error when libgd is not present 4378: Longhelp: Better description for add_user 4377: Better description for shared_directories in downloads.ini 4356: EDK: Improved server.met handling / fix contact.dat loading * Changed user agent from "MLdonkey" to "MLDonkey", solves problem when downloading files from www.gruk.org and www.srv1000.com * MLDonkey new recognizes links like ed2k://|serverlist|http://server/file.ext|/ * "servers" command now takes URLs * if period in web_infos is zero the file is only loaded during core start (as requested by the owner of www.gruk.org) * in all places where a filename or URL for a server.met can be used this file can also be compressed with gz/bz2/zip * automatically replace old default server.met in web_infos ("server.met", 24, "http://ocbmaurice.dyndns.org/pl/slist.pl/server.met?download/server-best.met"); with fake servers free list from gruk.org: ("server.met", 0, "http://www.gruk.org/server.met.gz"); * fixed bug which prevented loading Overnet contact.dat file in web_infos 2005/08/29: spiralvoice 4368: Use sparse files on MinGW/NTFS (by zet) 4370: BT/Win32: fix multifile hashing (by Amorphous) 2005/08/28: spiralvoice 4366: HTML: more maintainable html_mods styles (by pango) 4367: Improve logging 4361: New command: uptime Lots of improvements for MinGW, this platform now supports files > 2GB, threads and libgd generated statistics. Here you will find compilation instructions: http://mldonkey.berlios.de/modules.php?name=Wiki&pagename=Windows 4342: Large_file support for mld_hash and MinGW MLDonkey core (by zet) 4358: Add thread support for MinGW (by zet) 4362: configure.in support for libgd on MinGW/FreeBSD 4349: increase filedescriptor limit for mingw (by zet) 4365: Disable console "X" close button on MinGW (by zet) 2005/08/26: spiralvoice 4360: Configure: Test for nl_langinfo(CODESET) 4359: Upload: Give upload slot truely randomly (by pango) 4347: Improve exit codes, codes were inspired by sysexits.h 4345: Code clean: Optimize redundant time_to_string functions 4357: Rename ed2k_hash to mld_hash 4344: Improve ./configure checks (bzlib.h, iconv on Windows) --------------------------------------------------------------------- 2005/08/21: spiralvoice (version 2.6.3 = tag release-2-6-3) 4254: Patch reverted, did not work "html_mods: Table data is incorrectly centered" 4336: Improve some log file messages 4321: BT: fixed "make_torrent produce corrupted files on Windows" (by beedauchon) 4335: Buildinfo: Fix bug if Bzip2 version string is empty (by beedauchon) 4329: HTTPClient: Implement retries for failed requests 4319: Fix compile if libbz2 is not available, new configure option: --disable-bzip2 4334: BT/FileTP: Some progress on cancel bug (by kempston) 4333: send ip blocked addr state to gui, compute_torrent from gui (by z) 4332: Let configure fail if GNU make is not installed 2005/08/18: spiralvoice 4323: HTML: Search results: new colums for Bitrate, Codec and length 4324: Log: Improve output for verbosity "hid" 4322: EDK: compatibleclient 40 -> Shareaza 4320: Fix compile on FreeBSD < 5.3 2005/08/15: spiralvoice 4317: Updated ./configure for compiling lablgtk2 with --enable-batch 4316: Updated ./distrib/Install.txt for Ocaml 3.08.4 and new GUI options 4292: html_mods: Match styles default frameHeight with the common default 4314: Allow compiling with Ocaml 3.08.4 Compiling with 3.08.3 still works 4312: BT: Allow seeding (by beedauchon) 4311: BT: create_torrent: default_tracker and default_comment (by beedauchon) 4309: GUI: send ed2k/bt network u/d totals (by z) 4308: Gnutella/G2: Fix commit if no TigerTree is available 4305: buildinfo: Print some system internals 4304: EDK: Fix disconnect state with verbosity = "hid" 4297: Create ini file backups on shutdown Note: file_sources.ini is never saved, it makes no sense to keep this file. New options: * backup_options_format, default "tar.gz", "zip" can also be used * backup_options_delay, default 0 How often (in hours) should a backup of the ini files be written into old_config. A value of zero means that a backup is written only when the core shuts down. * backup_options_generations, default 10 Define the total number of options archives in old_config. Command save got two new parameters: * "save all" saves options, sources and creates a ini file backup * "save backup" speaks for itself;-) --------------------------------------------------------------------- 2005/08/11: spiralvoice (version 2.6.2 = tag release-2-6-2) 4296: BT: Fix options parsing --------------------------------------------------------------------- 2005/08/09: spiralvoice (version 2.6.1 = tag release-2-6-1) 4291: EDK: Better logging for unknown compatibleclient values 4290: BT: Some small fixes for messages interested and cancel by beedauchon 4289: LOG: Improve verbosity "hid" 4287: Better clear Fifo buffers, by bogeyman 4268: Web/Gui: free core's buffer allocated by vd # and gui by bogeyman 2005/08/08: spiralvoice 4285: IPBlock: Server support * display in vm/vma if a server has a blocked IP * prevent connections to a IP blocked server, in EDK case this resulted in a LowID connection 4284: Remove whitespaces / Some logging changes 2005/08/07: spiralvoice 4279: MinGW: HDD statistics support 4281: Remove white spaces / Some logging stuff 4251: HTML: few fixes / new option html_frame_border true|false 4278: Windows: Fix bug creating work dirs in empty dir 2005/08/06: spiralvoice 4276: IPBlock: Never block local IPs even if they are in blocklist 4274: Use relative path if downloads.ini is present 2005/08/05: spiralvoice 4272: HTML: Cursor focus in input field 4271: GTK2: Fix compile bug in src/gtk2/chat/chat_art.ml 4155: Let MLDonkey create its data in $HOME/.mldonkey Usage instructions: * if the core is started in a directory where downloads.ini exists this directory will be used, this is the same behaviour as before * on Windows the current directory will always be used, this is consistent with eMule * on other systems $HOME/.mldonkey will be created and used, this is consistent with eDonkey, aMule and Unix standards * if variable MLDONKEY_DIR is used that directory has priority, to simulate the behaviour without this patch use: export MLDONKEY_DIR="." && ./mlnet 2005/08/04: spiralvoice 4270: Overnet: Convert local IPs sent by OV clients to real IPs 4269: IPBlock: Several fixes, better zip file support 4264: Fasttrack: Force commit of all complete files 4258: BT: Statistics, recognize more clients, min_interval, torrents/old and more... This patch was done by Beedauchon, it incorporates weeks of work from him. * move .torrent to torrents/old if the file is not shared anymore * new command rm_old_torrents: delete all files in torrents/old * eDonkey like statistics for BT clients (csbt command) * compute_torrent and make_torrent can put a comment into the .torrent file * MLdonkey computes a BT-compatible client_uid starting with "-ML" * parse more fields from .torrent files and display them in HTML interface * Tracker: replace "/tracker" by "/announce" * Tracker: add "/scrape" * Multitracker support for downloading 2005/08/02: spiralvoice 4263: Fasttrack: Force bootstrapping nodes 2005/08/01: spiralvoice 4261: HTML: Add DL button - opens dialog for entering links (by omgwtf2) 4260: IPblock: Enable IP blocking for Overnet and HTTP server (=BT Tracker) (by beedauchon) 4257: Kick uploaders which send no data for more than 1 minute 4256: Print message if glibc version mismatch updates for buildinfo (version of libbz2, libz, libpng) 2005/07/29: spiralvoice 4255: HTML: updates for cs command 4254: html_mods: Table data is incorrectly centered 4253: HTML: New style Construction (by omgwtf2) 4251: few html fixes (reverted) (by beedauchon) 2005/07/28: spiralvoice 4250: Remove whitespaces from commonUploads.ml 4249: HTML: Links to fake check services in search results (by bogeyman) 2005/07/27: spiralvoice 4194: FileTP : Add support for "referer", error messages cleanup (by beedauchon) 4245: BT: Remove whitespace (by beedauchon) 4244: Change web_infos period to hours (this is a bugfix, no need to change ini files) new option: enable_mlnet_redirector 2005/07/26: spiralvoice 4243: FileTP: Clean lots of whitespaces 4031: HTML: relative refs in HTML output (by beedauchon) 4191: Access to disk data (free space, max file name length) This is first step implmenting this, checkout the disk command for debugging. 4242: IPBlock: Support guarding_full.zip 4241: Fix html_mods_vd_gfx_remove 4240: EDK: New option keep_downloaded_in_old_files 2005/07/23: spiralvoice 4184: support guarding.p2p in zip/gz/bz2 format bz2 segfaults on OpenBSD, therefore disabled see notes in the patch on how to compile with MinGW 2005/07/22: spiralvoice 4205: Improve logging with timestamps 2 (incomplete) 4204: Improve logging with timestamps (incomplete) 2005/07/21: spiralvoice 4195: GUI: Change configure options Now "./configure" compiles no GUI, "--disable-gui" is default. To use a GUI use "--enable-gui", this enables GTK2 GUI. Other options are: --enable-gui=newgui2 (use GTK2 GUI) --enable-gui=newgui1 (use GTK1 newgui) --enable-gui=oldgui (use GTK1 oldgui) Options like "--disable-newgui" or "--enable-gtk2" were removed. 2005/07/20: spiralvoice 4193: CommonGraphics : some whitespace cleanups 4190: Gdstats: Fix tag.png/jpg link output 4188: Overnet: Dont put our own ID in the buckets (by Bogeyman)
2005-10-05Remove some more *LEGACY* settings that are over a month old andwiz2-5/+2
thus were before 2005Q3.
2005-10-05Remove legacy DJB_ERRNO_HACK (replaced with djbware-errno-hack option).schmonz1-2/+2
2005-10-05Now that a branch has been cut, remove PKG_OPTIONS_LEGACY_{OPTS,VARS}.schmonz1-3/+1
2005-10-03Get rid of some more stuff that was to be removed after 2005Q3.wiz1-3/+1
2005-10-03Move jwhois to the package options framework.agc2-10/+17
With thanks to Thomas Klausner for clueing me in - all mistakes are mine.
2005-10-03Include unistd.h to get close() and getpagesize() on DragonFly.joerg2-1/+14
2005-10-01Ensure that there are no empty runtime library search path to the -R flag.kristerw3-2/+17
Bump PKGREVISION.
2005-09-30Changes 4.0.4:adam3-10/+8
* Bug-fixes
2005-09-30Update MASTER_SITES. Noted by Zafer Aydogan in PR pkg/31424.minskim1-2/+2
2005-09-29Descend into 'scamper'.rpaulo1-1/+2
2005-09-29scamper is a program that conducts traceroute to large numbers of IPv4rpaulo4-0/+36
and IPv6 addresses in parallel to fill a specified packets-per-second rate. scamper can do ICMP based Path MTU discovery. scamper starts with the outgoing interface's MTU and discovers the location of PMTU bottlenecks. Recent revision of scamper do a PMTU search when an ICMP fragmentation required message is not returned to establish the PMTU to the next point in the network, followed by a TTL limited search to infer the hop where failure appears to occur. Reviewed by Johnny Lam.
2005-09-29Fix for qt-3.3.5adam1-2/+16
2005-09-28Fixed RCS Id in line 1.rillig1-1/+1
2005-09-28Replaced "# defined" with "yes" in Makefile variables like GNU_CONFIGURE,rillig12-28/+28
NO_BUILD, USE_LIBTOOL.
2005-09-28Removed trailing white-space.rillig4-8/+8
2005-09-27Changes in version 0.1.0.15 - 2005-09-23tv2-7/+6
o Bugfixes on 0.1.0.x: - Reject ports 465 and 587 (spam targets) in default exit policy. - Don't crash when we don't have any spare file descriptors and we try to spawn a dns or cpu worker. - Get rid of IgnoreVersion undocumented config option, and make us only warn, never exit, when we're running an obsolete version. - Don't try to print a null string when your server finds itself to be unreachable and the Address config option is empty. - Make the numbers in read-history and write-history into uint64s, so they don't overflow and publish negatives in the descriptor. - Fix a minor memory leak in smartlist_string_remove(). - We were only allowing ourselves to upload a server descriptor at most every 20 minutes, even if it changed earlier than that. - Clean up log entries that pointed to old URLs.
2005-09-27Update to 0.3.13. Changes undocumented.wiz3-8/+8
2005-09-27Use @PKG_HOME@ to store the pidfile, so that tor can actually create ittv2-4/+4
(/var/run is not writable by user "tor", and tor drops privs early).
2005-09-27Reset maintainer: river-styx dot org does not resolve.wiz4-8/+8
2005-09-27Update net/unison to 2.13.16 (Fix PR 31345)tonio6-75/+51
Update maintainer, i'm taking this one
2005-09-27update net/unison-devel to 2.17.1tonio5-39/+32
2005-09-27Changes 0.95.4:adam3-7/+11
* The last-byte download bug, where a download would not complete if only the last byte needed to be downloaded, has been fixed. * Preliminary browse-host support, allowing other servents to browse the files that are shared. This is disabled by default. * GTKG will detect online status again after temporary network failure. * The .desktop file and application icons are now properly installed. * Downloads are now sorting in a more logical way. * Bug fixes in UTF-8 support. * Doxygen documentation updates. * Japanese and Spanish translation updates.
2005-09-26Update to 0.15.0xtraeme2-6/+8
* Servers can be assigned different weights to account for differing capacity. New -W command-line option. New penctl commands: server S weight W (assign weight to server) weight (use weight for server selection) no weight (do not use weight for server selection) Cleaned up the logic in add_client so the weighted server selection can be used without client tracking. * Some performance enhancing changes: New variable connections_used remembers the number of used slots in conns[]. It is incremented by store_conn and decremented by close_conn. This allows the main loop to only accept new connections if there are empty slots in conns[], which is much better than accepting the connection only to immediately close it because we can't handle it. New variable connections_last remembers the last used slot in conns[]. This allows us to scan for empty slots much faster in store_conn when there are many simultaneous connections. * Documented the procedure to change FD_SETSIZE on Linux in INSTALL. * Documented the include command in the penctl manpage. * Fixed SSL so it works in nonblocking mode, except that it doesn't work anyway. Moved listenfd and ctrlfd out of main. * Highly experimental SSL code in pen.c. Updated manpage with the new options. Added https example to HOWTO.
2005-09-26Fix a bug in the tab-completion. When the prefix is not unique, rtorrentjoerg3-2/+18
would have hit an internal assertion later. The patch is a merge from the unstable tree as suggested by the author. Bump revision to 1.
2005-09-23Reset maintainer, posix dot org dot uk has no DNS entry.wiz1-2/+2
2005-09-23Reset maintainer, email to xs at nitric dot net bounced.wiz2-4/+4
2005-09-23Fix last commit - really pull in the kerberos buildlink filehubertf1-2/+2
only if needed
2005-09-23Fix kerberos supporthubertf1-2/+6
2005-09-22PLIST fixes pointed out by bulk buildsadrianp3-4/+6
Bump to nb2
2005-09-20Add logging fix from FreeRADIUS CVS pointed out by aland (at) ox.orgadrianp3-2/+39
Bump to nb1
2005-09-20Update snort to 2.4.1adrianp3-125/+6
From the ChangeLog: > 2005-09-16 - Snort 2.4.1 Released > [*] New additions > * Added a -K command line option to manually select the logging mode using > a single switch. The -b and -N switches will be deprecated in version > 2.7. Pcap logging is now the default for Snort at startup, use "-K ascii" > to revert to old behavior. > > [*] Improvements > * Win32 version now supports winpcap 3.1 and MySQL client 4.13. > * Added event on zero-length RPC fragments. > * Fixed TCP SACK processing for text based outputs that could result in a > DoS. > * General improvements to frag3 including Teardrop detection fix. > * Fixed a bug in the PPPoE decoder. > * Added patch for time stats from Bill Parker. Enable with configure > --enable-timestats. > * Fixed IDS mode bailing at startup if logdir is specified in snort.conf > and /var/log/snort doesn't exist. > * Added decoder for IPEnc for OpenBSD. Thanks Jason Ish for the patch > (long time ago) and Chris Kuethe for reraising the issue. > * Allow snort to use usernames (-u) and groupnames (-g) that include > numbers. Thanks to Shaick for the patch. > * Fixed broken -T option. > * Change ip_proto to ip for portscan configuration. Thanks David Bianco > for pointing this out. > * Fix for prelude initialization. Thanks Yoann Vandoorselaere for the > update. > * For content matches, when subsequent rule options fail, start searching > again in correct location. > * Updated Win32 to handle pflog patch. > * Added support for new OpenBSD pflog format. Older pflog format, > OpenBSD 3.3 and earlier is still supported. Thanks Breno Leitao > and Christian Reis for the patch. > * Added statistics counter for ETH_LOOPBACK packets. Thanks rmkml > for the patch.
2005-09-18Add a "reset" action to the openvpn rc.d script which triggers ajlam2-3/+32
SIGUSR1 reset of the openvpn process. This is useful for simplifying dhclient-exit-hooks hook scripts that need to tell the openvpn process to reset and re-run its "up" script. Bump the PKGREVISION of net/openvpn to 1.
2005-09-17Make this package build with rrdtool-1.2.x.minskim3-1/+42
2005-09-17Fix build on OS X with BIND9 system resolver by defining BIND_8_COMPAT.schmonz1-0/+9
(This needs to be fixed more generally across pkgsrc post-freeze.) Reviewed by wiz.
2005-09-17Use VARBASE instead of /var.minskim1-2/+2
2005-09-16use the BIND4 (?) nameserver interface rather than the new one;drochner2-11/+36
the former is still provided through nameser_compat.h while the latter is not available on older NetBSDs should fix build error seen in the 2.0.2 bulk build
2005-09-16"Oops." BUILDLINK_DEPMETHOD.libevent was defaulting to "build", which istv2-3/+4
no longer correct since update to libevent 1.x; it now uses libtool and generates a shlib. Remove the offending bl3 line, and bump all dependents' PKGREVISIONs, since the binary pkg changes for any OS that doesn't have a sufficient builtin libevent version (or the package has requested a non-builtin version).
2005-09-15Update to version 3.93salo5-36/+69
Changes: 3.93: ===== o Modified Libpcap's configure.ac to compile with the --fno-strict-aliasing option if gcc 4.X is used. This prevents when said compiler is used. This was done for Nmap in 3.90, but is apparently needed for pcap too. Thanks to Craig Humphrey (Craig.Humphrey(a)chapmantripp.com) for the discovery. o Patched libdnet to include sys/uio.h in src/tun-linux.c. This is apparently necessary on some Glibc 2.1 systems. Thanks to Rob Foehl (rwf(a)loonybin.net) for the patch. o Fixed a crash which could occur when a ridiculously short --host_timeout was specified on Windows (or on UNIX if --send_eth was specified). Nmap now also prints a warning if you specify a host_timeout of less than 1 second. Thanks to Ole Morten Grodaas (grodaas(a)gmail.com) for discovering the problem. 3.91: ===== o Fixed a crash on Windows when you -P0 scan an unused IP on a local network (or a range that contains unused IPs). This could also happen on UNIX if you specified the new --send_eth option. Thanks to Jim Carras (JFCECL(a)engr.psu.edu) for reporting the problem. o Fixed compilation on OpenBSD by applying a patch from Okan Demirmen (okan(a)demirmen.com), who maintains Nmap in the OpenBSD Ports collection. o Updated nmap-mac-prefixes to include OUIs assigned by the IEEE since April. o Updated the included libpcre (used for version detection) from version 4.3 to 6.3. A libpcre securty issue was fixed in 6.3, but that issue never affected Nmap. o Updated the included libpcap from 0.8.3 to 0.9.3. I also changed the directory name in the Nmap tarball from libpcap-possiblymodified to just libpcap. As usual, the modifications are described in the NMAP_MODIFICATIONS in that directory. 3.90: ===== o Added the ability for Nmap to send and properly route raw ethernet packets cointaining IP datagrams rather than always sending the packets via raw sockets. This is particularly useful for Windows, since Microsoft has disabled raw socket support in XP for no good reason. Nmap tries to choose the best method at runtime based on platform, though you can override it with the new --send_eth and --send_ip options. o Added ARP scanning (-PR). Nmap can now send raw ethernet ARP requests to determine whether hosts on a LAN are up, rather than relying on higher-level IP packets (which can only be sent after a successful ARP request and reply anyway). This is much faster and more reliable (not subject to IP-level firewalling) than IP-based probes. The downside is that it only works when the target machine is on the same LAN as the scanning machine. It is now used automatically for any hosts that are detected to be on a local ethernet network, unless --send_ip was specified. Example usage: nmap -sP -PR 192.168.0.0/16 . o Added the --spoof_mac option, which asks Nmap to use the given MAC address for all of the raw ethernet frames it sends. The MAC given can take several formats. If it is simply the string "0", Nmap chooses a completely random MAC for the session. If the given string is an even number of hex digits (with the pairs optionally separated by a colon), Nmap will use those as the MAC. If less than 12 hex digits are provided, Nmap fills in the remainder of the 6 bytes with random values. If the argument isn't a 0 or hex string, Nmap looks through the nmap-mac-prefixes to find a vendor name containing the given string (it is case insensitive). If a match is found, Nmap uses the vendor's OUI (3-byte prefix) and fills out the remaining 3 bytes randomly. Valid --spoof_mac argument examples are "Apple", "0", "01:02:03:04:05:06", "deadbeefcafe", "0020F2", and "Cisco". o Applied an enormous nmap-service-probes (version detection) update from SoC student Doug Hoyte (doug(a)hcsw.org). Version 3.81 had 1064 match lines covering 195 service protocols. Now we have 2865 match lines covering 359 protocols! So the database size has nearly tripled! This should make your -sV scans quicker and more accurate. Thanks also go to the (literally) thousands of you who submitted service fingerprints. Keep them coming! o Applied a massive OS fingerprint update from Zhao Lei (zhaolei(a)gmail.com). About 350 fingerprints were added, and many more were updated. Notable additions include Mac OS X 10.4 (Tiger), OpenBSD 3.7, FreeBSD 5.4, Windows Server 2003 SP1, Sony AIBO (along with a new "robotic pet" device type category), the latest Linux 2.6 kernels Cisco routers with IOS 12.4, a ton of VoIP devices, Tru64 UNIX 5.1B, new Fortinet firewalls, AIX 5.3, NetBSD 2.0, Nokia IPSO 3.8.X, and Solaris 10. Of course there are also tons of new broadband routers, printers, WAPs and pretty much any other device you can coax an ethernet cable (or wireless card) into! o Added 'leet ASCII art to the confugrator! ARTIST NOTE: If you think the ASCII art sucks, feel free to send me alternatives. Note that only people compiling the UNIX source code get this. (ASCII artist unknown). o Added OS, device type, and hostname detection using the service detection framework. Many services print a hostname, which may be different than DNS. The services often give more away as well. If Nmap detects IIS, it reports an OS family of "Windows". If it sees HP JetDirect telnetd, it reports a device type of "printer". Rather than try to combine TCP/IP stack fingerprinting and service OS fingerprinting, they are both printed. After all, they could legitimately be different. An IP that gives a stack fingerprint match of "Linksys WRT54G broadband router" and a service fingerprint of Windows based on Kazaa running is likely a common NAT setup rather than an Nmap mistake. o Nmap on Windows now compiles/links with the new WinPcap 3.1 header/lib files. So please upgrade to 3.1 from http://www.winpcap.org before installing this version of Nmap. While older versions may still work, they aren't supported with Nmap. o The official Nmap RPM files are now compiled statically for better compatability with other systems. X86_64 (AMD Athlon64/Opteron) binaries are now available in addition to the standard i386. NmapFE RPMs are no longer distributed by Insecure.Org. o Nmap distribution signing has changed. Release files are now signed with a new Nmap Project GPG key (KeyID 6B9355D0). Fyodor has also generated a new key for himself (KeyID 33599B5F). The Nmap key has been signed by Fyodor's new key, which has been signed by Fyodor's old key so that you know they are legit. The new keys are available at http://www.insecure.org/nmap/data/nmap_gpgkeys.txt , as docs/nmap_gpgkeys.txt in the Nmap source tarball, and on the public keyserver network. Here are the fingerprints: pub 1024D/33599B5F 2005-04-24 Key fingerprint = BB61 D057 C0D7 DCEF E730 996C 1AF6 EC50 3359 9B5F uid Fyodor <fyodor@insecure.org> sub 2048g/D3C2241C 2005-04-24 pub 1024D/6B9355D0 2005-04-24 Key fingerprint = 436D 66AB 9A79 8425 FDA0 E3F8 01AF 9F03 6B93 55D0 uid Nmap Project Signing Key (http://www.insecure.org/) sub 2048g/A50A6A94 2005-04-24 o Fixed a crash problem related to non-portable varargs (vsnprintf) usage. Reports of this crash came from Alan William Somers (somers(a)its.caltech.edu) and Christophe (chris.branch(a)gmx.de). This patch was prevalent on Linux boxes running an Opteron/Athlon64 CPU in 64-bit mode. o Fixed crash when Nmap is compiled using gcc 4.X by adding the --fno-strict-aliasing option when that compiler is detected. Thanks to Greg Darke (starstuff(a)optusnet.com.au) for discovering that this option fixes (hides) the problem and to Duilio J. Protti (dprotti(a)flowgate.net) for writing the configure patch to detect gcc 4 and add the option. A better fix is to identify and rewrite lines that violate C99 alias rules, and we are looking into that. o Added "rarity" feature to Nmap version detection. This causes obscure probes to be skipped when they are unlikely to help. Each probe now has a "rarity" value. Probes that detect dozens of services such as GenericLines and GetRequest have rarity values of 1, while the WWWOFFLEctrlstat and mydoom probes have a rarity of 9. When interrogating a port, Nmap always tries probes registered to that port number. So even WWWOFFLEctrlstat will be tried against port 8081 and mydoom will be tried against open ports between 3127 and 3198. If none of the registered ports find a match, Nmap tries probes that have a rarity less than or equal to its current intensity level. The intensity level defaults to 7 (so that most of the probes are done). You can set the intensity level with the new --version_intensity option. Alternatively, you can just use --version_light or --version_all which set the intensity to 2 (only try the most important probes and ones registered to the port number) and 9 (try all probes), respectively. --version_light is much faster than default version detection, but also a bit less likely to find a match. This feature was designed and implemented by Doug Hoyte (doug(a)hcsw.org). o Added a "fallback" feature to the nmap-service-probes database. This allows a probe to "inherit" match lines from other probes. It is currently only used for the HTTPOptions, RTSPRequest, and SSLSessionReq probes to inherit all of the match lines from GetRequest. Some servers don't respond to the Nmap GetRequest (for example because it doesn't include a Host: line) but they do respond to some of those other 3 probes in ways that GetRequest match lines are general enough to match. The fallback construct allows us to benefit from these matches without repeating hundreds of signatures in the file. This is another feature designed and implemented by Doug Hoyte (doug(a)hcsw.org). o Fixed crash with certain --excludefile or --exclude arguments. Thanks to Kurt Grutzmacher (grutz(a)jingojango.net) and pijn trein (ptrein(a)gmail.com) for reporting the problem, and to Duilio J. Protti (dprotti(a)flowgate.net) for debugging the issue and sending the patch. o Updated random scan (ip_is_reserved()) to reflect the latest IANA assignments. This patch was sent in by Felix Groebert (felix(a)groebert.org). o Included new Russian man page translation by locco_bozi(a)Safe-mail.net o Applied pach from Steve Martin (smartin(a)stillsecure.com) which standardizes many OS names and corrects typos in nmap-os-fingerprints. o Fixed a crash found during certain UDP version scans. The crash was discovered and reported by Ron (iago(a)valhallalegends.com) and fixed by Doug Hoyte (doug(a)hcsw.com). o Added --iflist argument which prints a list of system interfaces and routes detected by Nmap. o Fixed a protocol scan (-sO) problem which led to the error message: "Error compiling our pcap filter: syntax error". Thanks to Michel Arboi (michel(a)arboi.fr.eu.org) for reporting the problem. o Fixed an Nmap version detection crash on Windows which led to the error message "Unexpected error in NSE_TYPE_READ callback. Error code: 10053 (Unknown error)". Thanks to Srivatsan (srivatsanp(a)adventnet.com) for reporting the problem. o Fixed some misspellings in docs/nmap.xml reported by Tom Sellers (TSellers(a)trustmark.com). o Applied some changes from Gisle Vanem (giva(a)bgnett.no) to make Nmap compile with Cygwin. o XML "osmatch" element now has a "line" attribute giving the reference fingerprint line number in nmap-os-fingerprints. o Added a distcc probes and a bunch of smtp matches from Dirk Mueller (mueller(a)kde.org) to nmap-service-probes. Also added AFS version probe and matches from Lionel Cons (lionel.cons(a)cern.ch). And even more probes and matches from Martin Macok (martin.macok(a)underground.cz) o Fixed a problem where Nmap compilation would use header files from the libpcap included with Nmap even when it was linking to a system libpcap. Thanks to Solar Designer (solar(a)openwall.com) and Okan Demirmen (okan(a)demirmen.com) for reporting the problem. o Added configure option --with-libpcap=included to tell Nmap to use the version of libpcap it ships with rather than any that may already be installed on the system. You can still use --with-libpcap=[dir] to specify that a system libpcap be installed rather than the shipped one. By default, Nmap looks at both and decides which one is likely to work best. If you are having problems on Solaris, try --with-libpcap=included . o Changed the --no-stylesheet option to --no_stylesheet to be consistant with all of the other Nmap options. Though I'm starting to like hyphens a bit better than underscores and may change all of the options to use hyphens instad at some point. o Added "Exclude" directive to nmap-service-probes grammar which causes version detection to skip listed ports. This is helpful for ports such as 9100. Some printers simply print any data sent to that port, leading to pages of HTTP requests, SMB queries, X Windows probes, etc. If you really want to scan all ports, specify --allports. This patch came from Doug Hoyte (doug(a)hcsw.org). o Added a stripped-down and heavily modified version of Dug Song's libdnet networking library (v. 1.10). This helps with the new raw ethernet features. My (extensive) changes are described in libdnet-stripped/NMAP_MODIFICATIONS o Removed WinIP library (and all Windows raw sockets code) since MS has gone and broken raw sockets. Maybe packet receipt via raw sockets will come back at some point. As part of this removal, the Windows-specific --win_help, --win_list_interfaces, --win_norawsock, --win_forcerawsock, --win_nopcap, --win_nt4route, --win_noiphlpapi, and --win_trace options have been removed. o Chagned the interesting ports array from a 65K-member array of pointers into an STL list. This noticeable reduces memory usage in some cases, and should also give a slight runtime performance boost. This patch was written by Paul Tarjan (ptarjan(a)gmail.com). o Removed the BSDFIX/BSDUFIX macros. The underlying bug in FreeBSD/NetBSD is still there though. When an IP packet is sent through a raw socket, these platforms require the total length and fragmentation offset fields of an IP packet to be in host byte order rather than network byte order, even though all the other fields must be in NBO. I believe that OpenBSD fixed this a while back. Other platforms, such as Linux, Solaris, Mac OS X, and Windows take all of the fields in network byte order. While I removed the macro, I still do the munging where required so that Nmap still works on FreeBSD. o Integrated many nmap-service-probes changes from Bo Jiang (jiangbo(a)brandeis.edu) o Added a bunch of RPC numbers from nmap-rpc maintainer Eilon Gishri (eilon(a)aristo.tau.ac.il) o Added some new RPC services to nmap-rpc thanks to a patch from vlad902 (vlad902(a)gmail.com). o Fixed a bug where Nmap would quit on Windows whenever it encountered a raw scan of localhost (including the local ethernet interface address), even when that was just one address out of a whole network being scanned. Now Nmap just warns that it is skipping raw scans when it encounters the local IP, but continues on to scan the rest of the network. Raw scans do not currently work against local IP addresses because Winpcap doesn't support reading/writing localhost interfaces due to limitations of Windows. o The OS fingerprint is now provided in XML output if debugging is enabled (-d) or verbosity is at least 2 (-v -v). This patch was sent by Okan Demirmen (okan(a)demirmen.com) o Fixed the way tcp connect scan (-sT) respons to ICMP network unreachable responses (patch by Richard Moore (rich(a)westpoint.ltd.uk). o Update random host scan (-iR) to support the latest IANA-allocated ranges, thanks to patch by Chad Loder (cloder(a)loder.us). o Updated GNU shtool (a helper program used during 'make install' to version 2.0.2, which fixes a predictable temporary filename weakness discovered by Eric Raymond. o Removed addport element from XML DTD, since it is no longer used (sugested by Lionel Cons (lionel.cons(a)cern.ch) o Added new --privileged command-line option and NMAP_PRIVILEGED environmental variable. Either of these tell Nmap to assume that the user has full privileges to execute raw packet scans, OS detection and the like. This can be useful when Linux kernel capabilities or other systems are used that allow non-root users to perform raw packet or ethernet frame manipulation. Without this flag or variable set, Nmap bails on UNIX if geteuid() is nonzero. o Changed the RPM spec file so that if you define "static" to 1 (by passing --define "static 1" to rpmbuild), static binaries are built. o Fixed Nmap compilation on Solaris x86 thanks to a patch from Simon Burr (simes(a)bpfh.net). o ultra_scan() now sets pseudo-random ACK values (rather than 0) for any TCP scans in which the initial probe packet has the ACK flag set. This would be the ACK, Xmas, Maimon, and Window scans. o Updated the Nmap version number, description, and similar fields that MS Visual Studio places in the binary. This was done by editing mswin32/nmap.rc as suggested by Chris Paget (chrisp@ngssoftware.com) o Fixed Nmap compilation on DragonFly BSD (and perhaps some other systems) by applying a short patch by Joerg Sonnenberger which omits the declaration of errno if it is a #define. o Fixed an integer overflow that prevented Nmap from scanning 2,147,483,648 hosts in one expression (e.g. 0.0.0.0/1). Problem noted by Justin Cranford (jcranford(a)n-able.com). While /1 scans are now possible, don't expect them to finish during your bathroom break. No matter how constipated you are. o Increased the buffer size allocated for fingerprints to prevent Nmap from running out and quitting (error message: "Assertion `servicefpalloc - servicefplen > 8' failed". Thanks to Mike Hatz (mhatz(a)blackcat.com) for the report. [ Actually this was done in a previous version, but I forgot which one ] o Changed from CVS to Subversion source control system (which rocks!). Neither repository is public (I'm paranoid because both CVS and SVN have had remotely exploitable security holes), so the main change users will see is that "Id" tags in file headers use the SVN format for version numbering and such.
2005-09-14Add patch from snort CVS to address a security issue:adrianp4-5/+124
http://secunia.com/advisories/16786/ Whitespace police on MESSAGE Bump to nb1
2005-09-11Update to 1.0.5adrianp3-8/+15
> Security Fixes > * SQL injection attack in the module "rlm_sqlcounter". > * Buffer overflows in the module "rlm_sqlcounter". > * Expansion of variable %t may write 26 bytes beyond the buffer > bound. Primoz Bratanic is credited with the discovery of these > three bugs. > > Bug fixes > * Don't de-reference a NULL pointer if the auth-type is unknown > in the function rad_check_password(). > * Escape more characters in the LDAP queries. > Bug found by Suse engineers. > * In rlm_sql_unixodbc, don't call rad_malloc from sql_error(), > it leaks memory. > * Fix an off-by-one error in the module rlm_sql_unixodbc. > Bug found by Suse engineers. > * In rlm_sql, resize the buffer for the value of SQL-User-Name. > * Initialize memory for a new SQL socket in the module rlm_sql. > * Don't add too many attributes after running an external program. > Bug found by Suse engineers. > * Fix an off-by-one error in the function getthing(). > * snprintf() and vsnprintf() replacements were not compiled if > the autoconf tests didn't find the functions. > * Don't use vsprintf() anymore, but the replacement for vsnprintf() > in libradius instead. > * The function decode_attribute() may write beyond buffer bounds. > Bug found by Suse engineers. > * Fix a memset() in the function request_enqueue() which was > begining at the wrong address. Bug found by Matthias Ruttman. > * Fix an off-by-one error in the function xlat_copy(). > Bug found by Primoz Bratanic. > * Fix other off-by-one errors in module "rlm_unix", too. > Bug found by Allan Bazinet. > * Fix a 2-byte over-run read in function rad_decode(). > * Update thread pool queue properly. > * Autonconf tests try first any user-specified directory, > otherwise they may pick up the wrong version. > * Delete the autoconf tests for the libldap dependancies. > * Install all the regular files under the "doc" directory. > * Distinguish between exit code <0 (failure) and >0 (reject) > in Exec-Program-Wait. Patch from Thor Spruyt. > * Make Expiration work. > * Clean up the code for opening a proxy socket. > * When finding a realm to proxy to, if all are dead, wake them > if wake_all_if_all_dead is true. > * In radwho, print the NAS-Port as unsigned int. > * Use extended regex instead of basic regex in rlm_attr_filter. > * Catch the case where someone deletes a directory that rlm_detail > is using. > * Use the variable $(LDFLAGS) when linking a module. > * Ignore the Stripped-User-Name when a realm has the "nostrip" > directive. > * Add support for NT-Password in rlm_pap. > * In rlm_sqlcounter, use the time left to the next reset if it's > inferior to the time left in the counter. > * Calculate Message-Authenticator correctly for Accounting-Request > and Accounting-Response. Bug found by Paolo Rotela. > * Build on MAC OS X. Still need --disable-shared, though. > * Fix bug #255 (crash with expired CRL's, etc.) > * Fix quote removal of the values from a SQL database. > * Reap the zombie process after a command run from "Exec-Program". > * Allow to cancel proxy of accounting with "Proxy-To-Realm := LOCAL". > * Don't copy VSA's to an Access-Reject packet.
2005-09-11Fix post-install target broken in global perl plist changes.wiz1-2/+2