Subject: pkg/20840: Updated packages net/nmap* to 3.20
To: None <>
From: None <>
List: netbsd-bugs
Date: 03/21/2003 17:47:46
>Number:         20840
>Category:       pkg
>Synopsis:       Updated packages net/nmap* to 3.20
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Fri Mar 21 20:07:00 PST 2003
>Originator:     Juan RP
>Release:        NetBSD 1.6P
System: NetBSD Insomnio 1.6P NetBSD 1.6P (Insomnio) #0: Sun Mar 16 23:06:21 CET 2003 root@Insomnio:/usr/obj/sys/arch/i386/compile/Insomnio i386
Architecture: i386
Machine: i386


Nmap 3.20

o The random IP input option (-iR) now takes an argument specifying
  how many IPs you want to scan (e.g. -iR 1000).  Specify 0 for the old
  neverending scan behavior.
o Fixed a tricky memory leak discovered by Mugz (
o Fixed output truncation problem noted by Lionel CONS (
o Fixed a bug that would cause certain incoming ICMP error messages to
  be improperly ignored.

Nmap 3.15BETA3

o Made numerous improvements to the timing behavior of "-T Aggressive"
  (same as -T4) scans.  It is now recommended for regular use by
  impatient people with a fast connection.  "-T Insane" mode has also
  been updated, but we only recommend that for, well, insane people.

o Made substantial changes to the SYN/connect()/Window scanning
  algorithms for improved speeds, especially against heavily filtered
  hosts.  If you notice any timing problems (misidentified ports,
  etc.), please send me the details (including full Nmap output and a
  description of what is wrong).  Reports of any timing problems with
  -T4 would be helpful as well.

o Changed Nmap such that ALL syn scan packets are sent from the port
  you specify with -g.  Retransmissions used to utilize successively
  higher ports.  This change has a downside in that some operating
  systems (such as Linux) often won't reply to the retransmissions
  because they reuse the same connection specifier quad
  (srcip:srcport:dstip:dstport).  Overall I think this is a win.

o Added timestamps to "Starting nmap" line and each host port scan in
  verbose (-v) mode.  These are in ISO 8601 standard format because
  unlike President Bush, we actually care about International 
  consensus :).

o Nmap now comes by default in .tar.bz2 format, which compresses about
  20% further.  You can still find .tgz in the dist directory at .

o Various other minor bugfixes, new services, fingerprints, etc.

Nmap 3.15BETA2

o I added support for a brand new "port" that many of you may have
  never scanned before!  UDP & TCP "port 0" (and IP protocol 0) are now
  permitted if you specify 0 explicitly.  An argument like "-p -40"
  would still scan ports 1-40.  Unlike ports, protocol 0 IS now scanned
  by default.  This now works for ping probes too (e.g., -PS, -PA).

o Applied patch by Martin Kluge ( which adds --ttl
  option, which sets the outgoing IPv4 TTL field in packets sent via
  all raw scan types (including ping scans and OS detection).  The
  patch "should work" on Windows, but hasn't been tested.  A TTL of 0
  is supported, and even tends to work on a LAN:
    14:17:19.474293 > S 3265375623:3265375623(0) win 1024 [ttl 0] (id 35919, len 40)
    14:17:19.474456 > S 2805154856:2805154856(0) ack 3265375624 win 64240 <mss 1460> (DF) (ttl 128, id 49889, len 44)

o Applied patch by Gabriel L. Somlo ( ) which
  extends the multi-ping-port functionality to nonroot and IPv6
  connect() users.

o I added a new --datadir command line option which allows you to
  specify the highest priority directory for Nmap data files
  nmap-services, nmap-os-fingerprints, and nmap-rpc.  Any files which
  aren't in the given dir, will be searched for in the $NMAPDIR
  environmental variable, ~/nmap/, a compiled in data directory
  (e.g. /usr/share/nmap), and finally the current directory.

o Fixed Windows (VC++ 6) compilation, thanks to patches from Kevin
  Davis ( and Andy Lutomirski

o Included new Latvian man page translation by 
  "miscelerious options" (

o Fixed Solaris compilation when Sun make is used rather than GNU
  make.  Thanks to Tom Duffy ( for assistance.

o Applied patch from Stephen Bishop ( which
  prevends certain false-positive responses when Nmap raw TCP ping scans
  are being run in parallel.

o To emphasize the highly professional nature of Nmap, I changed all
  instances of "fucked up" in error message text into "b0rked".

o Fixed a problem with nmap-frontend RPMs that would cause a bogus
  /bin/xnmap link to be created (it should only create
  /usr/bin/xnmap).  Thanks to Juho Schultz
  ( for reporting the problem.

o I made the maximum number of allowed routes and interfaces allowed
  on the scanning machine dynamic rather than hardcoded #defines of 1024
  and 128.  You never know -- some wacko probably has that many :).

Nmap 3.15BETA1

o Integrated the largest OS fingerprint DB updates ever! Thanks to
  everyone who contributed signatures!  New or substantially modified
  fingerprints included the latest Windows 2K/XP changes, Cisco IOS
  12.2-based routers and PIX 6.3 firewalls, FreeBSD 5.0, AIX 5.1,
  OpenBSD 3.2, Tru64 5.1A, IBM OS/400 V5R1M0, dozens of wireless APs,
  VOIP devices, firewalls, printers, print servers, cable modems,
  webcams, etc.  We've even got some mod-chipped Xbox fingerprints

o Applied NetBSD portability patch by Darren Reed

o Updated Makefile to better-detect if it can't make nmapfe and
  provide a clearer error message.  Also fixed a couple compiler
  warnings on some *BSD platforms.

o Applied patch from "Max" ( which adds the
  port owner to the "addport" XML output lines which are printed (only
  in verbose mode, I think) as each open port is discovered.

o I killed the annoying whitespace that is normally appended after the
  service name.  Now it is only there when an owner was found via -sI
  (in which case there is a fourth column and so "service" must be
  exactly 24 characters).

Nmap 3.10ALPHA9

o Reworked the "ping scan" algorithm (used for any scan except -P0 or
  -sL) to be more robust in the face of low-bandwidth and congested
  connections.  This also improves reliability in the multi-port and
  multi-type ping cases described below.

o "Ping types" are no longer exclusive -- you can now do combinations
  such as "-PS22,53,80 -PT113 -PN -PE" in order to increase your odds of
  passing through strict filters.  The "PB" flag is now deprecated
  since you can achieve the same result via "PE" and "PT" options.

o Applied patch (with modest changes) by Gabriel L. Somlo
  (, which allows multiple TCP probe ports in
  raw (root) mode.  See the previous item for an example.

o Fixed a libpcap compilation issue noted by Josef 'Jupp' Schugt
  ( which relates to the definition (or
  lack thereof) of ARPHRD_HDLC (used for Cisco HDLC frames).

o Tweaked the version number (-V) output slightly.

Nmap 3.10ALPHA7

o Upgraded libpcap from version 0.6.2 to 0.7.1.  Updated the
  libpcap-possiblymodified/NMAP_MODIFICATIONS file to give a much
  more extensive list (including diffs) of the changes included
  in the Nmap bundled version of Libpcap.

o Applied patch to fix a libpcap alignment bug found by Tom Duffy

o Fixed Windows compilation.

o Applied patch by Chad Loder ( of Rapid7 which
  fixes OpenBSD compilation.  I believe Chad is now the official
  OpenBSD Nmap "port" maintainer.  His patch also adjusted
  random-scan (-iR) to include the recently allocated

o Fixed (I hope) a few compilation problems on
  non-IPv6-enabled machines which were noted by Josef 'Jupp'
  Schugt (

o Included some man page translations which were inadvertently
  missed in previous tarballs.

o Applied patch from Matthieu Verbert ( which
  places the Nmap man pages under ${prefix}/share/man rather than
  ${prefix}/man when installed via RPM.  Maybe the tarball
  install should do this too?  Opinions?

o Applied patch from R Anderson ( which
  improves the way ICMP port unreachables from intermediate hosts
  are handled during UDP scans.

o Added note to man page related to Nmap US export control.  I
  believe Nmap falls under ECCN 5D992, which has no special
  restrictions beyond the standard export denial to a handful of
  rogue nations such as Iraq and North Korea.

o Added a warning that some hosts may be skipped and/or repeated
  when someone tries to --resume a --randomize_hosts scan.  This
  was suggested by Crayden Mantelium (

o Fixed a minor memory leak noted by Michael Davis

Nmap 3.10ALPHA4

o Applied patch by Max Schubert ( which adds
  an add-port XML tag whenever a new port is found open when Nmap is
  running in verbose mode.  The new tag looks like:
  <addport state="open" portid="22" protocol="tcp"/>
  I also updated docs/nmap.dtd to recognize this new tag.

o Added German translation of Nmap manpage by Marc Ruef
  (  It is also available at

o Includes a brand new French translation of the manpage by Sebastien
  Blanchet.  You could probably guess that it is available at

o Applied some patches from Chad Loder ( which update
  the random IP allocation pool and improve OpenBSD support.  Some
  were from the OBSD Nmap patchlist.

o Fixed a compile problem on machines without PF_INET6.  Thanks to
  Josef 'Jupp' Schugt ( for noting this.

Nmap 3.10ALPHA3

o Added --min_parallelism option, which makes scans more aggressive
  and MUCH faster in certain situations -- especially against
  firewalled hosts.  It is basically the opposite of --max_parallelism
  (-M).  Note that reliability can be lost if you push it too far.

o Added --packet_trace option, which tells Nmap to display all of the
  packets it sends and receives in a format similar to tcpdump.  I
  mostly added this for debugging purposes, but ppl wishing to learn
  how Nmap works or for experts wanting to ensure Nmap is doing
  exactly what they epect.  If you want this feature supported under
  Windows, please send me a patch :).

o Fixed a segmentation fault in Idlescan (-sI).

o Made Idlescan timing more conservative when -P0 is specified to
  improve accuracy.

o Fixed an infinite-loop condition that could occur during certain
  dropped-packet scenarios in an Idle scan.

o Nmap now reports execution times to millisecond precision (rather
  than rouding to the nearest second).

o Fixed an infinite loop caused by invalid port arguments.  Problem
  noted by fejed (

Nmap 3.10ALPHA2

o Fixed compilation and IPv6 support on FreeBSD (tested on
  4.6-STABLE).  Thanks to Niels Heinen ( for

o Made some portability changes based on suggestions by Josef 'Jupp'
  Schugt (

o Fixed compilation and IPv6 support on Solaris 9 (haven't tested
  earlier versions).

Nmap 3.10ALPHA1

o IPv6 is now supported for TCP scan (-sT), connect()-style ping
  scan (-sP), and list scan (-sL)!  Just specify the -6 option and the
  IPv6 numbers or DNS names.  Netmask notation is not currently
  supported -- I'm not sure how useful it is for IPv6, where even petty
  end users may be allocated trillions of addresses (/80).  If you
  need one of the scan types that hasn't been ported yet, give
  Sebastien Peterson's patch a try at .
  If there is demand, I may integrate more of that into Nmap.

o Major code restructing, which included conversion to C++ -- so
  you'll need g++ or another C++ compiler.  I accidently let a C++
  requirement slip in a while back and found that almost everyone has
  such a compiler.  Windows (VC++) users: see the README-WIN32 for new
  compilation instructions.

o Applied patch from Axel Nennker ( which
  adds a --without-nmapfe option to the configure script.  This si
  useful if your system doesn't have the proper libraries (eg GTK) or
  if you think GUIs are for sissies :).

o Removed arbitrary max_parallelism (-M) limitations, as suggested by
  William McVey ( ).

o Added DEC OSF to the platforms that require the BSDFIX() macro due
  to taking ip length and offset fields in host rather than network byte
  order.  Suggested by Dean Bennett (

o Fixed an debug statement C ambiguity discovered by Kronos


Index: nmap/Makefile
RCS file: /cvsroot/pkgsrc/net/nmap/Makefile,v
retrieving revision 1.18
diff -u -r1.18 Makefile
--- nmap/Makefile	2002/10/10 13:28:29	1.18
+++ nmap/Makefile	2003/03/21 16:34:05
@@ -1,7 +1,7 @@
 # $NetBSD: Makefile,v 1.18 2002/10/10 13:28:29 wiz Exp $
-DISTNAME=	nmap-3.00
+DISTNAME=	nmap-3.20
 CATEGORIES=	net security
@@ -10,16 +10,18 @@
 COMMENT=	Network/port scanner with OS detection
+CONFIGURE_ARGS+=	--with-libpcap=${BUILDLINK_PREFIX.libpcap} \
+			--without-nmapfe \
+			--prefix=${PREFIX}
 .include "../../mk/"
 .if ${OPSYS} == "SunOS" || ${OPSYS} == "Linux"
 .include "../../net/libpcap/"
Index: nmap/distinfo
RCS file: /cvsroot/pkgsrc/net/nmap/distinfo,v
retrieving revision 1.6
diff -u -r1.6 distinfo
--- nmap/distinfo	2002/08/03 12:23:58	1.6
+++ nmap/distinfo	2003/03/21 16:34:05
@@ -1,8 +1,8 @@
 $NetBSD: distinfo,v 1.6 2002/08/03 12:23:58 hubertf Exp $
-SHA1 (nmap-3.00.tgz) = 7c51c4013bf70c223b81af5a5a171fc9af011df2
-Size (nmap-3.00.tgz) = 922293 bytes
-SHA1 (patch-aa) = baa9ef7b31f8e1c74c9acdf17a71517bfc262de1
+SHA1 (nmap-3.20.tgz) = 364146163dc512c0ea751134d2cdd78af4dcbf20
+Size (nmap-3.20.tgz) = 1082736 bytes
+SHA1 (patch-aa) = 90b0789ce7afab4ebd8ea4a9b4a5a2247138270f
 SHA1 (patch-ab) = 590271ab5edd85ec8304ae5ee2248c8249b42195
-SHA1 (patch-ad) = 28a0bc76dbb8fd271c52f26f2b1d95152da129d7
+SHA1 (patch-ad) = 79a45e7085f7bbd65166dfdb72d59865e0746f3b
 SHA1 (patch-af) = e4a0ed033d2931b4e3bd7d9897d3ee079585ef54
Index: nmapfe/Makefile
RCS file: /cvsroot/pkgsrc/net/nmapfe/Makefile,v
retrieving revision 1.5
diff -u -r1.5 Makefile
--- nmapfe/Makefile	2002/11/26 21:46:11	1.5
+++ nmapfe/Makefile	2003/03/21 16:34:06
@@ -1,6 +1,6 @@
 # $NetBSD: Makefile,v 1.5 2002/11/26 21:46:11 cjep Exp $
-DISTNAME=	nmap-3.00
+DISTNAME=	nmap-3.20
 PKGNAME=	nmapfe-0.9.5
 CATEGORIES=	net security
@@ -13,9 +13,9 @@
 DEPENDS+=	nmap-[23].*:../../net/nmap
 DEPENDS+=	gtk+-1.2.*:../../x11/gtk
 .include "../../mk/"
Index: nmapfe/distinfo
RCS file: /cvsroot/pkgsrc/net/nmapfe/distinfo,v
retrieving revision 1.3
diff -u -r1.3 distinfo
--- nmapfe/distinfo	2002/08/03 12:45:52	1.3
+++ nmapfe/distinfo	2003/03/21 16:34:06
@@ -1,4 +1,4 @@
 $NetBSD: distinfo,v 1.3 2002/08/03 12:45:52 hubertf Exp $
-SHA1 (nmap-3.00.tgz) = 7c51c4013bf70c223b81af5a5a171fc9af011df2
-Size (nmap-3.00.tgz) = 922293 bytes
+SHA1 (nmap-3.20.tgz) = 364146163dc512c0ea751134d2cdd78af4dcbf20
+Size (nmap-3.20.tgz) = 1082736 bytes