Nmap Development mailing list archives
Nmap 4.62 released
From: Fyodor <fyodor () insecure org>
Date: Sat, 3 May 2008 02:34:09 -0700
Hi all, I'm pleased to release Nmap 4.62, which includes many great changes made over the last month and a half. This release has more than 3 dozen changes(!). One of the most exciting is David's fixed-rate packet sending system, which is something I've wanted in Nmap for years. Davids Mac OS X packaging work is also continuing and showing great results. And don't forget Brandon's version detection DB improvements, Jah's fixing of the COPYING file display on Windows (a long-time blight on that installer), and Kris's NSE Datafiles library. There are many bug fixes and other improvements as well. This is a nice pre-SoC stable Nmap. Remember that we've got 7 full-time SoC coders starting in just a couple of weeks! And most of them have already started in a more limited capacity during this "community bonding period". I've linked to the new version from the Nmap download page: http://nmap.org/download.html Please give it a try and let us know on nmap-dev if you encounter any problems. Here is the (long!) list of changes since 4.60: o Added a new --min-rate option that allows specifying a minimum rate at which to send packets. This allows you to override Nmap's congestion control algorithms and request that Nmap try to keep at least the rate you specify. The rate is given in packets per second. Read more in the Nmap man page (http://nmap.org/book/man-performance.html) [David] o Create /nmap/macosx directory in SVN with files necessary to build binary Mac OS X Nmap/Zenmap packages. We are trying to create binary installer packages which are as useful and easy to use as the Windows installer. This has involved a lot of work by David. We aren't quite yet distributing the results on the Nmap download page, but testing our beta versions is useful. You can find the latest universal (PPC and Intel) binary test version by looking at David Fifield's posts at http://seclists.org/nmap-dev/2008/q2/author.html . You can also read /nmap/macosx/README in svn for more info. o Nmap 2008 Summer of Code students have began working (though full time doesn't start until late May). Learn about the winners and their projects at http://seclists.org/nmap-dev/2008/q2/0132.html . o Brandon added/modified a whole bunch of version detection signatures based on systems discovered when scanning UCSD's network. o Reformat Nmap COPYING file (e.g. remove C comment markers, reduce line length) during Nmap windows build so that it looks much better when presented by the Windows executable (NSIS) installer. Thanks to Jah for the patch, which was modified slightly by Fyodor. o Added NSE Datafiles library which reads and parses Nmap's nmap-* data files for scripts. The functions (parse_protocols(), parse_rpc() and parse_services()) return tables with numbers (e.g. port numbers) indexing names (e.g. service names). The rpcinfo.nse script was also updated to use this library. [Kris] o Fixed a bug in the nbase random number generator (and the way it interacted with Nmap and MS Windows) which caused duplicates in some instances. Thanks to Jah for reporting the problem and working with Brandon Enright, Fyodor and Kris to fix it. o It turns out that hours have 60 minutes, not 24. Fixed a scan status message which was rolling over the hours column prematurely. [David] o Added scripting options to Zenmap profile editor and command wizard to make use of NSE. [David] o Zenmap now prints an exception message rather than segfaulting when it can't open a display (such as when trying to connect to an X server as an unauthorized user). Thanks to Aaron Leininger for the initial report and Guilherme Polo for suggesting the fix. o Now ports in the "unfiltered" state can be selected for attention by NSE scripts. [Kris] o Nbase random number generation system now avoids having a high-bit of zero in every other byte on Windows due to Windows having such a low RAND_MAX. [Jah] o Added release dates for each Nmap version to this CHANGELOG going back to Nmap 3.00 (July 31, 2002). Dates are in MM/DD/YY format. If someone wants to track down dates for the last 22% of the file (pre-3.00), you are welcome to do so and send a patch. Searching Google for the version number and site:seclists.org seems to work well. [Fyodor] o Nmap RPM builds now use the versions of libdnet, libpcap, libpcre, and liblua rather than whatever happens to be installed on the build system. [David] o Zenmap can now be installed in and run in directories with a space in the name. [David] o Fixed an assertion failure ("Target.cc:396: void Target::stopTimeOutClock(const timeval*): Assertion 'htn.toclock_running == true' failed.")caused when a host had NSE scripts in multiple runlevels. This also fixes --host-timeout behavior in NSE. [Kris] o Reduce the maximum number of socket descriptors which Nmap is allowed to open concurrently. This resoles a bug which could cause "Too many open files" error on Mac OS X when not running as root. [David] o Canonicalized service names between nmap-service-probes (version detection DB) and nmap-services (port scanning DB). [Kris] o Removed the "class" attribute from the tcpsequence element in XML output. For a long time it had always been "unknown class" because Nmap doesn't calculate a class anymore. The XML output version has been increased from 1.01 to 1.02. [David] o Fixed a bug on Win32 which caused an infinite loop when Nmap encountered certain broadcast addresses. [Dudi Itzhakov] o Fix MingW compilation by adding a signal.h include to main.cc. [Gisle Vanem] o Fix the test in our build system to determine if liblua is already available or not. For example, the test needed to link with -lm since some systems require that. [David]. o Added TIMEVAL_BEFORE and TIMEVAL_AFTER macros to test whether one timeval is earlier than another while avoiding possible integer overflows in a naive approach we were using previously. [David] o Adjusted a bunch of code to avoid compilation warning messages on some Linux machines. [Andrew J. Bennieston] o Fixed the NmapArpCache so that it actually works. Previously, Nmap was always falling back to the system ARP cache. Of course this raises the question of whether NmapArpCache is needed in the first place. [Daniel Roethlisberger] o Fix a Zenmap bug which could cause the error message "zenmapCore.NmapOptions.OptionNotFound: No option named '' found!" if you create a new profile without checking any options then try to edit it. [David] o Zenmap now shows a more helpful error message when there is an error in executing Nmap. [David] o Zenmap now creates the directory ~/.zenmap-etc to store automatically generated GTK+ and Pango files. They used to go in the application bundle but that doesn't work on a read-only filesystem or disk image. This is what Wireshark does (~/.wireshark-etc), although the directory could be called anything. It doesn't have to persist across sessions. o Added a mechanism in Zenmap for including extra executable search paths on specific platforms, so we can include /usr/local/bin in PATH on Mac OS X by default and add the Nmap install directory on Windows. [David] o We now use --no-strip when building Zenmap Mac OS X packages to prevent many mysterious warnings which occur when the binary is stripped. [David] o When Zenmap invokes Nmap, it now copies the whole environment for the Nmap invocation rather than just providing $PATH. Windows may need this to do proper name resolution. [David] o Corrected uptime parsing and reporting in SNMPsysdesr.nse for an uptime of less than 46 hours. [Kris] o Modified the use of CXXFLAGS, CFLAGS, and CPPFLAGS in Nmap build system to work better when building Mac OS X universal binaries. [David] o Added many additional PCRE option flags to the list returned by the NSE pcre.flags() function. [Kris] o Changed the NSE function nmap.set_port_state() so that it checks to see if the requested port is already in the requested state. This prevents "Duplicate port" messages during the script scan and the inaccurate "script-set" state reason. [Kris] o Canonicalize NSE script license text--more than half did not even spell license correctly. They all still say that they are under Nmap's license, just with consistent capitalization and spelling, and now a link to Nmap legal page at http://nmap.org/man/man-legal.html. o Updated ripeQuery.nse to not print extraneous whitespace. [Kris] o Switched telnet brute force password cracking NSE (bruteTelnet.nse) to vulnerability category so it isn't executed by default. It can take too long to run. [Eddie] o NSE status messages now print host name and IP, rather than just the host name (which was blank when Nmap didn't know it). [Jah] o Allocate 128 characters for the idle scan ScanProgressMeter title. Previously it was 32 characters. The "idle scan against " and the \0 terminator take up 19 characters, leaving only 13, which isn't enough to represent all IP addresses, let alone host names. Bug reported by Stephan Fijneman, fixed by David. Enjoy! Fyodor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Nmap 4.62 released Fyodor (May 03)