nmap version bump Nmap 4.68 Reproducible: Always
# Nmap Changelog ($Id: CHANGELOG 8515 2008-06-29 09:37:46Z fyodor $); -*-text-*- Nmap 4.68 [2008-6-28] o Doug integrated all of your version detection submissions and corrections for the year up to May 31. There were more than 1,000 new submissions and 18 corrections. Please keep them coming! And don't forget that corrections are very important, so do submit them if you ever catch Nmap making a version detection or OS detection mistake. The version detection DB has grown to 5,054 signatures representing 486 service protocols. Protocols span the gamut from abc, acap, access-remote-pc, activefax, and activemq, to zebedee, zebra, zenimaging, and zenworks. The most popular protocols are http (1,672 signatures), telnet (519), ftp (459), smtp (344), and pop3 (201). o Nmap compilation on Windows is now done with Visual C++ Express 2008 rather than 2005. Windows compilation instructions have been updated at http://nmap.org/book/inst-windows.html#inst-win-source . [Kris] o The Nmap Windows self-installer now automatically installs the MS Visual C++ 2008 runtime components if they aren't already installed on a system. These are some reasonably small DLLs that are generally necessary for applications compiled with Visual C++ (with dynamic linking). Many or most systems already have these installed from other software packages. The lack of these components led to the error message "The Application failed to initialize properly (0xc0150002)." with Nmap 4.65. A related change is that Nmap on Windows is now compiled with /MD rather than /MT so that it consistently uses these runtime libraries. The patch was created by Rob Nicholls. o Added advanced search functionality to Zenmap so that you can locate previous scans using criteria such as which ports were open, keywords in the target names, OS detection results. etc. Try it out with Ctrl-F or "Tools->Search Scan Results". [Vladimir] o Nmap's special WinPcap installer now handles 64-bit Windows machines by installing the proper 64-bit npf.sys. [Rob Nicholls] o Added a new NSE Comm (common communication) library for common network discovery tasks such as banner-grabbing (get_banner()) and making a quick exchange of data (exchange()). 16 scripts were updated to use this library. [Kris] o The Nmap Scripting Engine now supports mutexes for gracefully handling concurrency issues. Mutexes are documented at http://nmap.org/book/nse-api.html#nse-mutex . [Patrick] o Added a UDP SNMPv3 probe to version detection, along with 9 vendor match lines. The patch was from Tom Sellers, who contributed other probes and match lines to this release as well. o Added a new timing_level() function to NSE which reports the Nmap timing level from 0 to 5, as set by the Nmap -T option. The default is 3. [Thomas Buchanan] o Update the HTTP library to use the new timing_level functionality to set connection and response timeouts. An error preventing the new timing_level feature from working was also fixed. [Jah] o Optimized the doAnyOutstandingProbes() function to make Nmap a bit faster and more efficient. This makes a particularly big difference in cases where --min-rate is being used to specify a very high packet sending rate. [David] o Fixed an integer overflow which prevented a target specification of "*.*.*.*" from working. Support for the CIDR /0 is now also available for those times you wish to scan the entire Internet. [Kris] o The robots.nse has been improved to print output more compactly and limit the number of entries of large robots.txt files based on Nmap verbosity and debugging levels. [Eddie Bell] o The Nmap NSE scripts have been re-categorized in a more logical fashion. The new categories are described at http://nmap.org/book/nse-usage.html#nse-categories . [Kris] o Improve AIX support by linking against -lodm and -lcfg on that platform. [David] o Updated showHTMLTitle NSE script to follow one HTTP redirect if necessary as long as it is on the same server. [Jah] o Michael Pattrick and David created a new OSassist application which streamlines the OS fingerprint submission integration process and prevents certain previously common errors. OSassist isn't part of Nmap, but the system was used to integrate some submissions for this release. 13 fingerprints were added during OSassist testing, and some existing fingerprints were improved as well. Expect many more fingerprints coming soon. o Improved the mapping from dnet device names (like eth0) and WinPcap names (like \Device\NPF_{28700713...}). You can see this mapping with --iflist, and the change should make Nmap more likely to work on Windows machines with unusual networking configurations. [David] o Service fingerprints in XML output are no longer be truncated to 2kb. [Michael] o Some laptops report the IP Family as NULL for disabled WiFi cards. This could lead to a crash with the "sin->sin_family == AF_INET6" assertion failure. Nmap no longer quits when this is encountered. [Michael] o On systems without the GNU getopt_long_only() function, Nmap has its own replacement. That replacement used to call the system's getopt() function if it exists. But the AIX and Solaris getopt() functions proved insufficient/buggy, so Nmap now always calls its own internal getopt() now from its getopt_long_only() replacement. [David] o Integrated several service match lines from Tom Sellers. o An error was fixed where Zenmap would crash when trying to load from the recent scans database a file containing non-ASCII characters. The error looked like pysqlite2.dbapi2.OperationalError: Could not decode to UTF-8 column 'nmap_xml_output' with text ' = 0.0" assertion failed. I think the problem was actually caused by SMP machines which didn't sync the clock time perfectly. This lead to gettimeofday() sometimes reporting that time decreased by some microseconds. Now Nmap is willing to tolerate decreases of up to 1 millisecond in this function. [Fyodor] o Nmap now returns correct values for --iflist in windows even if interface aliases have been set. Previously it would misreport the windevices and not list all interfaces. [Michael] o Nmap no longer crashes with an 'assert' error when its told to access a disabled WiFi NIC on some laptops. [Michael] o Upgraded the OpenSSL shipped for Windows to 0.9.8h. [Kris] o The NSE http library was updated to gracefully handle certain bogus (non-)http responses. [Jah] o The zoneTrans.nse script now takes a "domain" script argument to specify the desired domain name to transfer. You can narrow the scope down with the form "zoneTrans={domain=xxx}". [Kris] o Increase write buffer length for Nmap output on Windows. This should prevent error messages like: "log_vwrite: vnsprintf failed. Even after increasing bufferlen to 819200, Vsnprintf returned -1 (logt == 1)." Thanks to prozente0 for the report. [Fyodor] o Fixed the --script-updatedb command, which was claiming to be "Aborting database update" even when the update was performed perfectly. See http://seclists.org/nmap-dev/2008/q2/0623.html . Thanks to Jah for the report.
Added to CVS. Thanks for notifying us about the new version.
1. Should I put the "change file" notes in the original report? 2. How many days should I wait before reporting "version bumps"? (e.g. wireshark updated Jun 30 with a security fix, but I was going to wait 'til Thursday or so -- don't want to irritate volunteers who keep Gentoo going)
(In reply to comment #3) > 1. Should I put the "change file" notes in the original report? No, it's just something *I* irregularly do because sometimes a version bump includes a security fix, and then it needs to be handled differently. > 2. How many days should I wait before reporting "version bumps"? (e.g. > wireshark updated Jun 30 with a security fix, but I was going to wait 'til > Thursday or so -- don't want to irritate volunteers who keep Gentoo going) There are developers who despise "zero day version bump bugs" but they're just jealous. ;-)
FWIW, as far as I'm concerned both are fine (i.e. 0-day version bumps and changelog excerpts in the bug reports).