Nmap 4.68 release

[Fyodor <fyodor () insecure org>]

Hi All.  I'm happy to report that there have been several stable Nmap
releases since I mailed you about Nmap 4.60 in March.  The latest
version is 4.68, and I think you'll like it (unless you still use
Win2K, which can be problematic due to IPv6 issues that we hope to
resolve in the next release).  Before I give you the full list of 125
improvements, I'll start with a few highlights:

o Added a new --min-rate option that allows specifying a minimum rate
  at which to send packets. This allows you to override Nmap's
  congestion control algorithms and request that Nmap try to keep at
  least the rate you specify.  The rate is given in packets per
  second. Read more in the Nmap man page
  (http://nmap.org/book/man-performance.html).  If you use the latest
  version in the Nmap subversion repository, you'll also get a
  --max-rate option which lets you
  limit Nmap's packet rate (and thus bandwidth used).

o Mac OS X binary packages for Zenmap+Nmap are now available, as I
  mentioned in the previous mail.

o The Windows version of Nmap now supports OpenSSL just as the UNIX
  versions have for years.  Both the .zip and executable installer
  binary packages we ship from the Nmap download page now include
  OpenSSL.

o We now compile in IPv6 support on Windows.  In order to use this,
  you need to have IPv6 set up.  It is installed by default on Vista,
  but must be downloaded from Microsoft for XP.  See
  http://www.microsoft.com/technet/network/ipv6/ipv6faq.mspx .  This
  feature causes Nmap to no longer work on Windows 2000, but we hope to
  fix that in the next release.

o Tons of new version detection signatures and OS detection
  fingerprints have been added.  Version 4.68 has reached more than
  5,000 version detection signatures, and the latest subversion
  version of Nmap has more than 1,500 2nd generation OS detection
  fingerprints.  We were only able to do this because so many of you
  submit updates and corrections when Nmap guesses wrong or provides a
  fingerprint and URL for submission on our site.  Please keep those
  submissions coming!  We receive far more fingerprint submissions
  than correction notices -- please do remember to submit a correction
  when Nmap guesses wrong, as described at http://nmap.org/submit/ .

o Nmap now supports 64-bit versions of Windows.

o We added advanced search functionality (and dozens of other
  improvements) to the Zenamp GUI.  You can now locate previous scans
  using criteria such as which ports were open, keywords in the target
  names, OS detection results. etc.  Try it out with Ctrl-F or
  "Tools->Search Scan Results"

o Fixed an integer overflow which prevented a target specification of
  "*.*.*.*" from working.  Support for the CIDR /0 is now also
  available for those times you wish to scan the entire
  Internet.

o Made many performance enhancements, and also fixed many errors which
  could lead to crashes in Nmap or Zenmap.  See the big list below for
  details.

You can obtain Nmap 4.68 from the normal location:

http://nmap.org/download.html

Please give it a try!  And if you encounter any problems, report them
to nmap-dev as described at http://nmap.org/book/man-bugs.html

I've included the detailed list of changes between 4.60 and 4.68
below.  Or you can read it at http://nmap.org/changelog.html .  The
URL version also includes the post-4.68 changes which you get if you
use the svn version.

Nmap 4.68 [2008-6-28]

o Doug integrated all of your version detection submissions and
  corrections for the year up to May 31.  There were more than 1,000
  new submissions and 18 corrections.  Please keep them coming!  And
  don't forget that corrections are very important, so do submit them
  if you ever catch Nmap making a version detection or OS detection
  mistake.  The version detection DB has grown to 5,054 signatures
  representing 486 service protocols.  Protocols span the gamut from
  abc, acap, access-remote-pc, activefax, and activemq, to zebedee,
  zebra, zenimaging, and zenworks.  The most popular protocols are
  http (1,672 signatures), telnet (519), ftp (459), smtp (344), and
  pop3 (201).

o Nmap compilation on Windows is now done with Visual C++ Express 2008
  rather than 2005.  Windows compilation instructions have been
  updated at http://nmap.org/book/inst-windows.html#inst-win-source .
  [Kris]

o The Nmap Windows self-installer now automatically installs the MS
  Visual C++ 2008 runtime components if they aren't already installed
  on a system.  These are some reasonably small DLLs that are
  generally necessary for applications compiled with Visual C++ (with
  dynamic linking).  Many or most systems already have these installed
  from other software packages.  The lack of these components led to
  the error message "The Application failed to initialize properly
  (0xc0150002)." with Nmap 4.65.  A related change is that Nmap on
  Windows is now compiled with /MD rather than /MT so that it
  consistently uses these runtime libraries.  The patch was created by
  Rob Nicholls.

o Added advanced search functionality to Zenmap so that you can locate
  previous scans using criteria such as which ports were open,
  keywords
  in the target names, OS detection results. etc.  Try it out with
  Ctrl-F or "Tools->Search Scan Results". [Vladimir]

o Nmap's special WinPcap installer now handles 64-bit Windows machines
  by installing the proper 64-bit npf.sys. [Rob Nicholls]

o Added a new NSE Comm (common communication) library for common
  network discovery tasks such as banner-grabbing (get_banner()) and
  making a quick exchange of data (exchange()).  16 scripts were
  updated to use this library. [Kris]

o The Nmap Scripting Engine now supports mutexes for gracefully
  handling concurrency issues.  Mutexes are documented at
  http://nmap.org/book/nse-api.html#nse-mutex . [Patrick]

o Added a UDP SNMPv3 probe to version detection, along with 9 vendor
  match lines. The patch was from Tom Sellers, who contributed other
  probes and match lines to this release as well.

o Added a new timing_level() function to NSE which reports the Nmap
  timing level from 0 to 5, as set by the Nmap -T option.  The default
  is 3. [Thomas Buchanan]

o Update the HTTP library to use the new timing_level functionality to
  set connection and response timeouts. An error preventing the new
  timing_level feature from working was also fixed.  [Jah]

o Optimized the doAnyOutstandingProbes() function to make Nmap a bit
  faster and more efficient.  This makes a particularly big difference
  in cases where --min-rate is being used to specify a very high
  packet sending rate. [David]

o Fixed an integer overflow which prevented a target specification of
  "*.*.*.*" from working.  Support for the CIDR /0 is now also
  available for those times you wish to scan the entire
  Internet. [Kris]

o The robots.nse script has been improved to print output more
  compactly and limit the number of entries of large robots.txt files
  based on Nmap verbosity and debugging levels. [Eddie Bell]

o The Nmap NSE scripts have been re-categorized in a more logical
  fashion.  The new categories are described at
  http://nmap.org/book/nse-usage.html#nse-categories . [Kris]

o Improve AIX support by linking against -lodm and -lcfg on that
  platform. [David]

o Updated showHTMLTitle NSE script to follow one HTTP redirect if
  necessary as long as it is on the same server. [Jah]

o Michael Pattrick and David created a new OSassist application which
  streamlines the OS fingerprint submission integration process and
  prevents certain previously common errors.  OSassist isn't part of
  Nmap, but the system was used to integrate some submissions for this
  release.  13 fingerprints were added during OSassist testing, and
  some existing fingerprints were improved as well.  Expect many more
  fingerprints coming soon.

o Improved the mapping from dnet device names (like eth0) and WinPcap
  names (like \Device\NPF_{28700713...}).  You can see this mapping
  with --iflist, and the change should make Nmap more likely to work
  on Windows machines with unusual networking configurations. [David]

o Service fingerprints in XML output are no longer be truncated to
  2kb.  [Michael]

o Some laptops report the IP Family as NULL for disabled WiFi cards.
  This could lead to a crash with the "sin->sin_family == AF_INET6"
  assertion failure.  Nmap no longer quits when this is
  encountered. [Michael]

o On systems without the GNU getopt_long_only() function, Nmap has its
  own replacement.  That replacement used to call the system's
  getopt() function if it exists.  But the AIX and Solaris getopt()
  functions proved insufficient/buggy, so Nmap now always calls its
  own internal getopt() now from its getopt_long_only()
  replacement. [David]

o Integrated several service match lines from Tom Sellers.

o An error was fixed where Zenmap would crash when trying to load from
  the recent scans database a file containing non-ASCII
  characters. The error looked like
    pysqlite2.dbapi2.OperationalError: Could not decode to UTF-8
  column
      'nmap_xml_output' with text
    '<?xml version="1.0" encoding="iso-8859-1"?>
    <nmaprun profile="nmap -T Aggressive -n -v %s" scanner="nmap"
  hint=""
  The error would be seen when such a scan was found in using the
  search interface. [David]

o Fix a Zenmap crash which occurred when local.getpreferredencoding()
  returns "None".  Similarly, deal with the case when a "X-MAC-KOREAN"
  is returned by this function.  Both problems were found with the
  Zenmap crash reporter. [David]

o A whole bunch of internal Zenmap cleanup was done by David to make
  the code more logical and remove dead code.

o Install icons and pixmaps under /usr/share/zenmap/{icons,pixmaps} so
  they don't get mixed in with the files in
  /usr/share/{icons,pixmaps}.  [Jurand Nogiec]

o Fixed a Zenmap command entry problem where Zenmap would lose a
  custom command you had entered into the command entry field if you
  changed the target field after entering the custom command. [Jurand
  Nogiec]

o The Zenmap crash reporter now includes a stack trace rather than
  just the exception name. [David]

o Zenmap now executes the proper Nmap command by honoring the
  nmap_command_path variable in zenmap.conf. [Jurand Nogiec]

o Fixed a bug which caused -PN to erroneously bail out for
  unprivileged users.  Thanks to Jabra (jabra(a)spl0it.org) for the
  report. [Kris]

o Fixed several Nmap NSE memory leaks found with Valgrind. [Kris]

o Migrated some stray malloc()/realloc() calls to the Nbase
  safe_malloc()/safe_realloc() versions which guard against certain
  errors.

o Fixed a bunch of subtle bugs, some of which could have resulted in
  a crash, reported by Ilja van Sprundel. [Kris]

o Fixed several byte-order bugs in Traceroute. [Kris]

o Fixed a crash in RateMeter::update() which could lead to an error
  saying "diff >= 0.0" assertion failed.  I think the problem was
  actually caused by SMP machines which didn't sync the clock time
  perfectly.  This lead to gettimeofday() sometimes reporting that
  time decreased by some microseconds.  Now Nmap is willing to
  tolerate decreases of up to 1 millisecond in this function. [Fyodor]

o Nmap now returns correct values for --iflist in windows even
  if interface aliases have been set. Previously it would misreport
  the windevices and not list all interfaces. [Michael]

o Nmap no longer crashes with an 'assert' error when its told to
  access a disabled WiFi NIC on some laptops. [Michael]

o Upgraded the OpenSSL shipped for Windows to 0.9.8h. [Kris]

o The NSE http library was updated to gracefully handle certain bogus
  (non-)http responses. [Jah]

o The zoneTrans.nse script now takes a "domain" script argument to
  specify the desired domain name to transfer.  You can narrow the
  scope down with the form "zoneTrans={domain=xxx}". [Kris]

o Increase write buffer length for Nmap output on Windows. This should
  prevent error messages like: "log_vwrite: vnsprintf failed.  Even
  after increasing bufferlen to 819200, Vsnprintf returned -1 (logt ==
  1)."  Thanks to prozente0 for the report. [Fyodor]

o Fixed the --script-updatedb command, which was claiming to be
  "Aborting database update" even when the update was performed
  perfectly.  See http://seclists.org/nmap-dev/2008/q2/0623.html .
  Thanks to Jah for the report.

Nmap 4.65 [2008-6-1]

o A Mac OS X Nmap/Zenmap installer is now available from the Nmap
  download page!  It is rather straightforward, but detailed
  instructions are available anyway at
  http://nmap.org/book/inst-macosx.html .  As a universal installer,
  it works on both Intel and PPC Macs. It is distributed as a disk
  image file (.dmg) containing an mpkg package.  The installed Nmap
  does include OpenSSL support.  It also supports Authorization
  Services so that Zenmap can run as root.  David created this
  installer.  He wants to thank Benson Kalahar and Vlad Alexa for
  extensive testing of the nine test releases.

o The Windows version of Nmap now supports OpenSSL just as the UNIX
  versions have for years.  Both the .zip and executable installer
  binary packages we ship from the Nmap download page now include
  OpenSSL. [Kris, Thomas Buchanan]

o We now compile in IPv6 support on Windows.  In order to use this,
  you need to have IPv6 set up.  It is installed by default on Vista,
  but must be downloaded from Microsoft for XP.  See
  http://www.microsoft.com/technet/network/ipv6/ipv6faq.mspx . [Kris]

o Seven Google-sponsored Summer of Code students began working on
  exciting Nmap projects full times.  The winning students and their
  Nmap development projects are described at
  http://seclists.org/nmap-dev/2008/q2/0132.html .

o Our WinPcap installer now starts the NPF driver running as a
  service immediately upon installation and after restarts. You can
  disable this with new check-boxes. This behavior is important for
  Vista and Windows Server 2008 machines when User Account
  Control (UAC) is enabled. [Rob Nicholls]

o Nmap and Nmap-WinPcap silent installation now works.  Nmap can
  be silently installed with the /S option to the installer.
  If you install Nmap from the zip file, you can install just
  WinPcap silently with the /S option to that
  installer. [Rob Nicholls]

o Our WinPcap installer is now included with the Nmap Win32 zip
  file. [Fyodor]

o Numerous miscellaneous improvements were made to our Win32
  installer, such as using the "Modern" NSIS UI for WinPcap,
  improving the option description labels, and showing a finish
  page in all cases. [Rob Nicholls]

o The nmap-dev and nmap-hackers mailing list RSS feeds at seclists.org
  now include message excerpts to make it easier to identify
  interesting messages and speed the process of reading through the
  list.  Feeds for all other mailing lists archived at SecLists.Org
  have been similarly augmented.  For details, see
  http://seclists.org/nmap-dev/2008/q2/0333.html . [David]

o A new "default" Nmap Scripting Engine category was added.  Only
  scripts in this category now run by default (except for "version"
  scripts which run when version detection was requested).
  Previously, any scripts in the "safe" or "intrusive" categories were
  run.  21  being recorded properly when scanning certain printers
  from
  little-endian computers. Updated nmap-os-db to compensate for
  signatures that had an incorrect U1.RID value.  [Michael]

o Updated to include the latest MAC Address prefixes from the IEEE in
  nmap-mac-prefixes [Fyodor]

o Updated the SMTPcommands NSE script to work better against Postfix
  and reduce verbosity. [Jason DePriest, Fyodor]

o Reorganized the way ping probes are handled internally.  Rather than
  being stored in the NmapOps structure, they are now stored within
  the individual scan_lists structures.  This is a cleaner
  organization. [Michael]

o Fix grepable output's "Ignored State" reporting.  Only one ignored
  state (the one with the highest numbers of ports) is shown. [David]

o Update to Lua version 5.1.3 [Patrick]

o Add NSE stdnse library to include tobinary, tooctal, and tohex
  functions. [Patrick]

o Fixed a bug which caused the Zenmap crash reporter to, uh,
  crash. [David]

o NSE engine was cleaned up significantly.  nse_auxiliar was removed,
  and file system manipulation functions were moved from nse_init.cc
  into a new nse_fs.cc file.  Numerous interfaces between Nmap and Lua
  were improved.  Most of these functions are now callable directly by
  Lua. [Patrick]

o Fixed a bug in the showOwner NSE script which caused it to try UDP
  ports instead of just TCP ports.  This made it very slow in the
  common case where there are many UDP ports in the open|filtered
  state.  Thanks to Jason DePriest for reporting the problem and Jah
  for tracking it down and fixing it.

o Nbase now generates pseudo-random numbers itself rather than using
  /dev/urandom on Linux and the terrible rand() function on Windows.
  The new system uses ARC4 based on libdnet's
  implementation. [Brandon]

o Made a number of updates and improvements to the Zenmap Users' Guide
  at http://nmap.org/book/zenmap.html . [David]

o Fixed the way Zenmap handles command-line entry to prevent your
  custom command-line to be overwritten with the current profile's
  command just because you edited the target field. [Jurand]

o Nsock was improved to better support reading from non-network
  descriptors such as stdin.  This is important for the upcoming Ncat
  project Mixter is working on. [Mixter]

o A bug was fixed that could cause Zenmap to crash when loading a
  results file that had multibyte characters in it. The error looked
  like:
  Gtk-ERROR **: file gtktextsegment.c: line 196
  (_gtk_char_segment_new): assertion failed:
  (gtk_text_byte_begins_utf8_char (text))
  [David]

o Removed a superfluous test for the existence of the C++ compiler in
  the configure script. The test was not robust when configured with
  CXX="ccache g++". Thanks to Rainer Müller for the report.

o Optimized cached DNS lookups so they are equally efficient when
  running on big-endian or little-endian systems. [Michael]

o Fixed the nmap_command_path Zenmap configuration variable so that it
  is actually used to start the specified Nmap executable
  path. [Jurand Nogiec]

o Nmap now reports scan start and end times for individual hosts
  within a larger scan. The information is added to the XML host
  element like so: [host starttime="1198292349" endtime="1198292370"]
  (but of course with angle brackets rather than square ones).  It is
  also printed in normal output if -d or "-v -v" are
  specified. [Brandon, Kris, Fyodor]

o "make uninstaltion returns. [Michael]

o Nmap now understands the RFC 4007 percent syntax for IPv6 Zone IDs.
  On Windows, this ID has to be a numeric index.  On Linux and some
  other OS's, this ID can instead be an interface name.  Some examples
  of this syntax:
    fe80::20f:b0ff:fec6:15af%2
    fe80::20f:b0ff:fec6:15af%eth0
  [Kris]

o The Zenmap installer and uninstaller are more careful about escaping
  filenames and dealing with an installation root (DESTDIR). [David]

o Since assert() calls are used for various security-related tests,
  their safety is now ensured by keeping NDEBUG undefined throughout
  Nmap, Nbase and Nsock. [Kris]

o Fix a couple bugs in the way the Nmap build system checked for an
  existing LUA library.  A bashism caused one test to fail on system
  which don't use bash as /bin/sh, and another bug fixed --with-liblua
  configure option for specifying your own liblua. [Daniel
  Roethlisberger]

o The NSE nmap.registry.args table is now available, albeit empty,
  when --script-args isn't used.  Now scripts don't need to check if
  it's nil before attempting to index it. [Kris]

o Changed SSLv2-support.nse so that it only enumerates the list of
  available ciphers with a verbosity level of at least two or with
  debugging enabled. [Kris]

o Replaced kibuvDetection.nse with version detection match lines which
  work better than the script. [Kris, Brandon]

o Removed mswindowsShell.nse as there is a version detection NULL
  probe match which does the same thing. [Brandon, Fyodor, Kris]

o Updated IANA assignment IP list for random IP (-iR)
  generation. [Kris]

Nmap 4.62 [2008-5-3]

o Added a new --min-rate option that allows specifying a minimum rate
  at which to send packets. This allows you to override Nmap's
  congestion control algorithms and request that Nmap try to keep at
  least the rate you specify.  The rate is given in packets per
  second. Read more in the Nmap man page
  (http://nmap.org/book/man-performance.html) [David]

o Create /nmap/macosx directory in SVN with files necessary to build
  binary Mac OS X Nmap/Zenmap packages.  We are trying to create
  binary installer packages which are as useful and easy to use as the
  Windows installer.  This has involved a lot of work by David.  We
  aren't quite yet distributing the results on the Nmap download page,
  but testing our beta versions is useful.  You can find the latest
  universal (PPC and Intel) binary test version by looking at David
  Fifield's posts at http://seclists.org/nmap-dev/2008/q2/author.html.
  You can also read /nmap/macosx/README in svn for more info.

o Nmap 2008 Summer of Code students have began working (though full
  time doesn't start until late May).  Learn about the winners and
  their projects at http://seclists.org/nmap-dev/2008/q2/0132.html .

o Brandon added/modified a whole bunch of version detection signatures
  based on systems discovered when scanning UCSD's network.

o Reformat Nmap COPYING file (e.g. remove C comment markers, reduce
  line length) during Nmap windows build so that it looks much better
  when presented by the Windows executable (NSIS) installer.  Thanks
  to Jah for the patch, which was modified slightly by Fyodor.

o Added NSE Datafiles library which reads and parses Nmap's nmap-*
  data files for scripts.  The functions (parse_protocols(),
  parse_rpc() and parse_services()) return tables with numbers
  (e.g. port numbers) indexing names (e.g. service names).  The
  rpcinfo.nse script was also updated to use this library. [Kris]

o Fixed a bug in the nbase random number generator (and the way it
  interacted with Nmap and MS Windows) which caused duplicates in some
  instances.  Thanks to Jah for reporting the problem and working with
  Brandon Enright, Fyodor and Kris to fix it.

o It turns out that hours contain 60 minutes, not 24.  Fixed a scan
  status message which was rolling over the hours column
  prematurely. [David]

o Added scripting options to Zenmap profile editor and command wizard
  to make use of NSE. [David]

o Zenmap now prints an exception message rather than segfaulting when
  it can't open a display (such as when trying to connect to an X
  server as an unauthorized user). Thanks to Aaron Leininger for the
  initial report and Guilherme Polo for suggesting the fix.

o Now ports in the "unfiltered" state can be selected for attention by
  NSE scripts. [Kris]

o Nbase random number generation system now avoids having a high-bit
  of zero in every other byte on Windows due to Windows having such a
  low RAND_MAX. [Jah]

o Added release dates for each Nmap version to this CHANGELOG going
  back to Nmap 3.00 (July 31, 2002).  Dates are in MM/DD/YY format.
  If someone wants to track down dates for the last 22% of the file
  (pre-3.00), you are welcome to do so and send a patch.  Searching
  Google for the version number and site:seclists.org seems to work
  well. [Fyodor]

o Nmap RPM builds now use the versions of libdnet, libpcap, libpcre,
  and liblua included with Nmap rather than whatever happens to be
  installed on the build system. [David]

o Zenmap can now be installed in and run in directories with a space
  in the name. [David]

o Fixed an assertion failure ("Target.cc:396: void
  Target::stopTimeOutClock(const timeval*): Assertion
  'htn.toclock_running == true' failed.")caused when a host had NSE
  scripts in multiple runlevels.  This also fixes --host-timeout
  behavior in NSE. [Kris]

o Reduce the maximum number of socket descriptors which Nmap is
  allowed to open concurrently.  This resoles a bug which could cause
  "Too many open files" error on Mac OS X when not running as
  root. [David]

o Canonicalized service names between nmap-service-probes (version
  detection DB) and nmap-services (port scanning DB). [Kris]

o Removed the "class" attribute from the tcpsequence element in XML
  output. For a long time it had always been "unknown class" because
  Nmap doesn't calculate a class anymore. The XML output version has
  been increased from 1.01 to 1.02. [David]

o Fixed a bug on Win32 which caused an infinite loop when Nmap
  encountered certain broadcast addresses. [Dudi Itzhakov]

o Fix MingW compilation by adding a signal.h include to
  main.cc. [Gisle Vanem]

o Fix the test in our build system to determine if liblua is already
  available or not. For example, the test needed to link with -lm
  since some systems require that.  [David].

o Added TIMEVAL_BEFORE and TIMEVAL_AFTER macros to test whether one
  timeval is earlier than another while avoiding possible integer
  overflows in a naive approach we were using previously. [David]

o Adjusted a bunch of code to avoid compilation warning messages on
  some Linux machines. [Andrew J. Bennieston]

o Fixed the NmapArpCache so that it actually works. Previously, Nmap
  was always falling back to the system ARP cache. Of course this
  raises the question of whether NmapArpCache is needed in the first
  place. [Daniel Roethlisberger]

o Fix a Zenmap bug which could cause the error message
  "zenmapCore.NmapOptions.OptionNotFound: No option named '' found!"
  if you create a new profile without checking any options then try to
  edit it. [David]

o Zenmap now shows a more helpful error message when there is an error
  in executing Nmap. [David]

o Zenmap now creates the directory ~/.zenmap-etc to store
  automatically generated GTK+ and Pango files. They used to go in the
  application bundle but that doesn't work on a read-only filesystem
  or disk image. This is what Wireshark does (~/.wireshark-etc),
  although the directory could be called anything. It doesn't have to
  persist across sessions.

o Added a mechanism in Zenmap for including extra executable search
  paths on specific platforms, so we can include /usr/local/bin in
  PATH on Mac OS X by default and add the Nmap install directory on
  Windows. [David]

o We now use --no-strip when building Zenmap Mac OS X packages to
  prevent many mysterious warnings which occur when the binary is
  stripped. [David]

o When Zenmap invokes Nmap, it now copies the whole environment for
  the Nmap invocation rather than just providing $PATH.  Windows may
  need this to do proper name resolution. [David]

o Corrected uptime parsing and reporting in SNMPsysdesr.nse for an
  uptime of less than 46 hours. [Kris]

o Modified the use of CXXFLAGS, CFLAGS, and CPPFLAGS in Nmap build
  system to work better when building Mac OS X universal
  binaries. [David]

o Added many additional PCRE option flags to the list returned by the
  NSE pcre.flags() function. [Kris]

o Changed the NSE function nmap.set_port_state() so that it checks to
  see if the requested port is already in the requested state.  This
  prevents "Duplicate port" messages during the script scan and the
  inaccurate "script-set" state reason. [Kris]

o Canonicalize NSE script license text--more than half did not even
  spell license correctly. They all still say that they are under
  Nmap's license, just with consistent capitalization and spelling,
  and now a link to Nmap legal page at
  http://nmap.org/man/man-legal.html.

o Updated ripeQuery.nse to not print extraneous whitespace. [Kris]

o Switched telnet brute force password cracking NSE (bruteTelnet.nse)
  to vulnerability category so it isn't executed by default.  It can
  take too long to run. [Eddie]

o NSE status messages now print host name and IP, rather than just the
  host name (which was blank when Nmap didn't know it). [Jah]

o Allocate 128 characters for the idle scan ScanProgressMeter
  title. Previously it was 32 characters. The "idle scan against " and
  the \0 terminator take up 19 characters, leaving only 13, which
  isn't enough to represent all IP addresses, let alone host
  names. Bug reported by Stephan Fijneman, fixed by David.


Enjoy the release!
-Fyodor

_______________________________________________
Sent through the nmap-hackers mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-hackers
Archived at http://seclists.org