changelog

来自「Ubuntu packages of security software。 相」· 代码 · 共 1,379 行 · 第 1/5 页

  new Nmap Install Guide at http://www.insecure.org/nmap/install/ .

o Included docs/nmap-man.xml in the tarball distribution, which is the
  DocBook XML source for the Nmap man page.  Patches to Nmap that are
  user-visible should include patches to the man page XML source rather
  than to the generated Nroff.

o Fixed Nmap so it doesn't crash when you ask it to resume a previous
  scan, but pass in a bogus file rather than actual Nmap output.  Thanks
  to Piotr Sobolewski (piotr_sobolewski(a)o2.pl) for the fix.

Nmap 3.95

o Fixed a crash in IPID Idle scan.  Thanks to Ron
  (iago(a)valhallalegends.com>, Bakeman (bakeman(a)physics.unr.edu),
  and others for reporting the problem.

o Fixed an inefficiency in RPC scan that could slow things down and
  also sometimes resulted in the spurious warning message: "Unable to
  find listening socket in get_rpc_results"

o Fixed a 3.94ALPHA3 bug that caused UDP scan results to be listed as
  TCP ports instead.  Thanks to Justin M Cacak (jcacak(a)nebraska.edu)
  for reporting the problem.

Nmap 3.94ALPHA3

o Updated NmapFE to build with GTK2 rather than obsolete GTK1.  Thanks
  to Mike Basinger (dbasinge(a)speakeasy.net) and Meethune Bhowmick
  (meethune(a)oss-institute.org) for developing the
  patch.  I made some changes as well to prevent compilation warnings.
  The new NmapFE now seems to work, though I do get "Gtk-CRITICAL"
  assertion error messages.  If someone has time to look into this, that
  would be appreciated.

o Fixed a compilation problem on Mac OS X and perhaps other platforms
  with a one-line fix to scan_engine.cc.  Thanks to Felix Gröbert
  (felix(a)groebert.org) for notifying me of the problem.

o Fixed a problem that prevented the command "nmap -sT -PT <targets>"
  from working from a non-privileged user account.  The -PT option
  doesn't change default behavior in this case, but Nmap should (and now
  does) allow it.

o Applied another VS 2005 compatibility patch from KX (kxmail(a)gmail.com).

o Define INET_ADDRSTRLEN in tcpip.h if the system doesn't define it
  for us.  This apparently aids compilation on Solaris 2.6 and 7.
  Thanks to Albert Chin (nmap-hackers(a)mlists.thewrittenword.com) for
  sending the patch..

Nmap 3.94ALPHA2

o Put Nmap on a diet, with changes to the core port scanning routine
  (ultra_scan) to substantially reduce memory consumption, particularly
  when tens of thousands of ports are scanned.

o Fixed a problem with the -S and option on Windows reporting "Failed
  to resolve/decode supposed IPv4 source address".  The -D (decoy)
  option was probably broken on that platform too.  Thanks to KX
  (kxmail(a)gmail.com) for reporting the problem and tracking down a
  potential solution.

o Better handle ICMP type 3, code 0 (network unreachable) responses to
  port scan packets.  These are rarely seen when scanning hosts that
  are actually online, but are still worth handling.

o Applied some small fixes so that Nmap compiles with Visual C++
  2005 Express, which is free from Microsoft at
  http://msdn.microsoft.com/vstudio/express/visualc/ .  Thanks to KX
  (kxmail(a)gmail.com) and Sina Bahram (sbahram(a)nc.rr.com)

o Removed foreign translations of the old man page from the
  distribution.  Included the following contributed translations
  (nroff format) of the new man page:
    Brazilian Portuguese by Lucien Raven (lucienraven(a)yahoo.com.br)
    Portuguese (Portugal) by José Domingos (jd_pt(a)yahoo.com) and 
                             Andreia Gaita (shana.ufie(a)gmail.com).

o Added --thc option (undocumented)

o Modified libdnet-stripped/src/eth-bsd.c to allow for up to 128 bpf
  devices rather than 32.  This prevents errors like "Failed to open
  ethernet interface (fxp0)" when there are more than 32 interface
  aliases.  Thanks to Krok (krok(a)void.ru) for reporting the problem
  and even sending a patch.

Nmap 3.94ALPHA1

o Wrote a new man page from scratch.  It is much more comprehensive
  (more than twice as long) and (IMHO) better organized than the
  previous one.  Read it online at http://www.insecure.org/nmap/man/
  or docs/nmap.1 from the Nmap distribution.  Let me know if you have
  any ideas for improving it.

o Wrote a new "help screen", which you get when running Nmap without
  arguments.  It is also reproduced in the man page and at
  http://www.insecure.org/nmap/data/nmap.usage.txt .  I gave up trying
  to fit it within a 25-line, 80-column terminal window.  It is now 78
  lines and summarizes all but the most obscure Nmap options.

o Version detection softmatches (when Nmap determines the service
  protocol such as smtp but isn't able to determine the app name such as
  Postfix) can now parse out the normal match line fields such as
  hostname, device type, and extra info.  For example, we may not know
  what vendor created an sshd, but we can still parse out the protocol
  number.  This was a patch from  Doug Hoyte (doug(a)hcsw.org).

o Fixed a problem which caused UDP version scanning to fail to print
  the matched service.  Thanks to Martin Macok
  (martin.macok(a)underground.cz) for reporting the problem and Doug
  Hoyte (doug(a)hcsw.org) for fixing it.

o Made the version detection "ports" directive (in
  nmap-service-probes) more comprehensive.  This should speed up scans a
  bit.  The patch was done by Doug Hoyte (doug(a)hcsw.org).

o Added the --webxml option, which does the same thing as 
  --stylesheet http://www.insecure.org/nmap/data/nmap.xsl , without
  requiring you to remember the exact URL or type that whole thing.

o Fixed a crash occurred when the --exclude option was used with
  netmasks on certain platforms.  Thanks to Adam
  (nmapuser(a)globalmegahost.com) for reporting the problem and to
  Greg Darke (starstuff(a)optusnet.com.au) for sending a patch (I
  modified the patch a bit to make it more efficient).

o Fixed a problem with the -S and -e options (spoof/set
  source address, and set interface by name, respectively).  The problem
  report and a partial patch were sent by Richard Birkett
  (richard(a)musicbox.net).

o Fixed a possible aliasing problem in tcpip.cc by applying a patch sent in by
  Gwenole Beauchesne (gbeauchesne(a)mandriva.com).  This problem
  shouldn't have had any effect on users since we already include the
  -fno-strict-aliasing option whenever gcc 4 is detected, but it
  brings us closer to being able to remove that option.

o Fixed a bug that caused Nmap to crash if an nmap-service-probes file
  was used which didn't contain the Exclude directive.

o Fixed a bunch of typos and misspellings throughout the Nmap source
  code (mostly in comments).  This was a 625-line patch by Saint Xavier
  (skyxav(a)skynet.be).

o Nmap now accepts target list files in Windows end-of-line format (\r\n)
  as well as standard UNIX format (\n) on all platforms.  Passing a
  Windows style file to Nmap on UNIX didn't work before unless you ran
  dos2unix first.

o Removed Identd scan support from NmapFE since Nmap no longer
  supports it.  Thanks to Jonathan Dieter (jdieter99(a)gmx.net) for the
  patch.

o Integrated all of the September version detection fingerprint
  submissions.  This was done by Version Detection Czar Doug Hoyte
  (doug(a)hcsw.org) and resulted in 86 new match lines.  Please keep
  those submissions coming!

o Fixed a divide-by-zero crash when you specify rather bogus
  command-line arguments (a TCP scan with zero tcp ports).  Thanks to
  Bart Dopheide (dopheide(a)fmf.nl) for identifying the problem and
  sending a patch.

o Fixed a minor syntax error in tcpip.h that was causing problems with
  GCC 4.1.  Thanks to Dirk Mueller (dmuell(a)gmx.net) for reporting
  the problem and sending a fix.

Nmap 3.93

o Modified Libpcap's configure.ac to compile with the
  -fno-strict-aliasing option if gcc 4.X is used.  This prevents
  crashes when said compiler is used.  This was done for Nmap in 3.90, but is
  apparently needed for pcap too.  Thanks to Craig Humphrey
  (Craig.Humphrey(a)chapmantripp.com) for the discovery.

o Patched libdnet to include sys/uio.h in src/tun-linux.c.  This is
  apparently necessary on some Glibc 2.1 systems.  Thanks to Rob Foehl
  (rwf(a)loonybin.net) for the patch.

o Fixed a crash which could occur when a ridiculously short
  --host_timeout was specified on Windows (or on UNIX if --send_eth was
  specified).  Nmap now also prints a warning if you specify a
  host_timeout of less than 1 second.  Thanks to Ole Morten Grodaas
  (grodaas(a)gmail.com) for discovering the problem.

Nmap 3.91

o Fixed a crash on Windows when you -P0 scan an unused IP on a local
  network (or a range that contains unused IPs).  This could also
  happen on UNIX if you specified the new --send_eth option.  Thanks
  to Jim Carras (JFCECL(a)engr.psu.edu) for reporting the problem.

o Fixed compilation on OpenBSD by applying a patch from Okan Demirmen
  (okan(a)demirmen.com), who maintains Nmap in the OpenBSD Ports
  collection.

o Updated nmap-mac-prefixes to include OUIs assigned by the IEEE since
  April.

o Updated the included libpcre (used for version detection) from
  version 4.3 to 6.3.  A libpcre security issue was fixed in 6.3, but
  that issue never affected Nmap.

o Updated the included libpcap from 0.8.3 to 0.9.3.  I also changed
  the directory name in the Nmap tarball from libpcap-possiblymodified
  to just libpcap.  As usual, the modifications are described in the
  NMAP_MODIFICATIONS in that directory.

Nmap 3.90

o Added the ability for Nmap to send and properly route raw ethernet
  packets containing IP datagrams rather than always sending the
  packets via raw sockets. This is particularly useful for Windows,
  since Microsoft has disabled raw socket support in XP for no good
  reason.  Nmap tries to choose the best method at runtime based on
  platform, though you can override it with the new --send_eth and
  --send_ip options.

o Added ARP scanning (-PR). Nmap can now send raw ethernet ARP requests to
  determine whether hosts on a LAN are up, rather than relying on
  higher-level IP packets (which can only be sent after a successful
  ARP request and reply anyway).  This is much faster and more
  reliable (not subject to IP-level firewalling) than IP-based probes.
  The downside is that it only works when the target machine is on the
  same LAN as the scanning machine.  It is now used automatically for
  any hosts that are detected to be on a local ethernet network,
  unless --send_ip was specified.  Example usage: nmap -sP -PR
  192.168.0.0/16 .

o Added the --spoof_mac option, which asks Nmap to use the given MAC
  address for all of the raw ethernet frames it sends.  The MAC given
  can take several formats.  If it is simply the string "0", Nmap
  chooses a completely random MAC for the session.  If the given
  string is an even number of hex digits (with the pairs optionally
  separated by a colon), Nmap will use those as the MAC.  If less than
  12 hex digits are provided, Nmap fills in the remainder of the 6
  bytes with random values.  If the argument isn't a 0 or hex string,
  Nmap looks through the nmap-mac-prefixes to find a vendor name
  containing the given string (it is case insensitive).  If a match is
  found, Nmap uses the vendor's OUI (3-byte prefix) and fills out the
  remaining 3 bytes randomly.  Valid --spoof_mac argument examples are
  "Apple", "0", "01:02:03:04:05:06", "deadbeefcafe", "0020F2", and
  "Cisco".

o Applied an enormous nmap-service-probes (version detection) update
  from SoC student Doug Hoyte (doug(a)hcsw.org).  Version 3.81 had
  1064 match lines covering 195 service protocols.  Now we have 2865
  match lines covering 359 protocols!  So the database size has nearly
  tripled!  This should make your -sV scans quicker and more
  accurate.  Thanks also go to the (literally) thousands of you who
  submitted service fingerprints.  Keep them coming!

o Applied a massive OS fingerprint update from Zhao Lei
  (zhaolei(a)gmail.com).  About 350 fingerprints were added, and many
  more were updated.  Notable additions include Mac OS X 10.4 (Tiger),
  OpenBSD 3.7, FreeBSD 5.4, Windows Server 2003 SP1, Sony AIBO (along
  with a new "robotic pet" device type category), the latest Linux 2.6
  kernels Cisco routers with IOS 12.4, a ton of VoIP devices, Tru64
  UNIX 5.1B, new Fortinet firewalls, AIX 5.3, NetBSD 2.0, Nokia IPSO
  3.8.X, and Solaris 10.  Of course there are also tons of new
  broadband routers, printers, WAPs and pretty much any other device
  you can coax an ethernet cable (or wireless card) into!

o Added 'leet ASCII art to the configurator!  ARTIST NOTE: If you think
  the ASCII art sucks, feel free to send me alternatives.  Note that
  only people compiling the UNIX source code get this. (ASCII artist
  unknown).

o Added OS, device type, and hostname detection using the service
  detection framework.  Many services print a hostname, which may be
  different than DNS.  The services often give more away as well.  If
  Nmap detects IIS, it reports an OS family of "Windows".  If it sees
  HP JetDirect telnetd, it reports a device type of "printer".  Rather
  than try to combine TCP/IP stack fingerprinting and service OS
  fingerprinting, they are both printed.  After all, they could