2007-01-07 23:48:21 +00:00
|
|
|
#
|
2011-10-17 02:46:15 +00:00
|
|
|
# spec file for package nmap
|
2007-01-07 23:48:21 +00:00
|
|
|
#
|
2024-08-01 15:28:27 +00:00
|
|
|
# Copyright (c) 2023 SUSE LLC
|
2024-03-14 18:46:28 +00:00
|
|
|
# Copyright (c) 2024 Andreas Stieger <Andreas.Stieger@gmx.de>
|
2007-01-07 23:48:21 +00:00
|
|
|
#
|
2008-09-08 14:23:23 +00:00
|
|
|
# All modifications and additions to the file contributed by third parties
|
|
|
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
|
|
|
# upon. The license for this file, and modifications and additions to the
|
|
|
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
|
|
|
# license for the pristine package is not an Open Source License, in which
|
|
|
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
|
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
|
|
|
# published by the Open Source Initiative.
|
|
|
|
|
|
2019-07-30 11:40:23 +00:00
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
2007-01-07 23:48:21 +00:00
|
|
|
#
|
|
|
|
|
|
|
|
|
|
|
2018-05-23 13:35:46 +00:00
|
|
|
%define _buildshell /bin/bash
|
2015-03-03 20:08:34 +00:00
|
|
|
%{!?python_sitelib: %global python_sitelib %(python -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")}
|
|
|
|
|
%{!?python_sitearch: %global python_sitearch %(python -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
|
2023-05-29 14:43:13 +00:00
|
|
|
# Something in Lua from openSUSE is broken
|
|
|
|
|
%if 0%{?suse_version}
|
2023-05-25 08:43:04 +00:00
|
|
|
%define with_system_lua 0
|
2023-05-29 14:43:13 +00:00
|
|
|
%else
|
|
|
|
|
%define with_system_lua 1
|
2018-05-10 23:07:02 +00:00
|
|
|
%endif
|
- Update to 7.95:
* Integrated over 4,000 of your IPv4 OS fingerprints. Added 336 signatures,
bringing the new total to 6,036. Additions include iOS 15 & 16, macOS
Ventura & Monterey, Linux 6.1, OpenBSD 7.1, and lwIP 2.2
* Integrated over 2,500 service/version detection fingerprints. The signature
count went up 1.4% to 12,089, including 9 new softmatches. We now detect
1,246 protocols, including new additions of grpc, mysqlx, essnet,
remotemouse, and tuya.
* Added four new scripts from the DINA community for querying industrial
control systems
* Improvements to OS detection fingerprint matching, including a syntax
change for nmap-os-db that allows ranges within the TCP Options
string. This leads to more concise and maintainable fingerprints. [Daniel
Miller]
* Improved the OS detection engine by using a new source port for each retry.
Scans from systems such as Windows that do not send RST for unsolicited
SYN|ACK responses were previously unable to get a response in subsequent
tries. [Daniel Miller]
* Several profile-guided optimizations of the port scan engine. [Daniel Miller]
* Upgraded included libraries: Lua 5.4.6, libpcre2 10.43, zlib 1.3.1, libssh2
1.11.0, liblinear 2.47
* Zenmap and Ndiff now use setuptools, not distutils
for packaging.
* Fixed Ncat UDP server mode to not quit after EOF on
stdin.
* ssh-auth-methods will now print the pre-authentication banner text
when available. Requires libssh2 1.11.0 or later. [Daniel Miller]
* Fix a crash in Zenmap when changing a host comment.
* Fix TLS 1.2 signature algorithms for EdDSA. [Daniel Roethlisberger]
* Fix an out-of-bounds read which led to out-of-memory errors when
duplicate addresses were used with --exclude
* Fixed a memory leak in Nsock: compiled pcap filters were not freed.
* Fixed a crash when using service name wildcards with -p, as in -p "http*"
* Fixed DNS TXT record parsing bug which caused asn-query to fail in
Nmap 7.80 and later. [David Fifield, Mike Pattrick]
* Fixed packet size testing in KNX scripts [f0rw4rd]
- Remove nmap-7.94-handle-unknown-service-name-in-p.patch
- Add zenmap-fix-locale-install.patch
* Fix locale files installation for zenmap
- Use %pyproject macros for building and installing zenmap
- fix segfault with -p (boo#1221403)
add nmap-7.94-handle-unknown-service-name-in-p.patch
- Update License to 'SUSE-NonFree" until determined otherwise
to please checks in openSUSE:Factory:NonFree (boo#1211571)
- Fix build error and wrong requires. Lua version 5.4.4 is required.
But something in opensuse lua package is broken. Set it disable for
Leap too and not only for Tumbleweed.
- Update to 7.94:
* Zenmap and Ndiff now use Python 3
* Nmap now prints vendor names based on MAC address for MA-S (24-bit),
MA-M (28-bit), and MA-L (36-bit) registrations instead of the fixed
3-byte MAC prefix used previously for lookups.
* Lots of profile-guided memory and processing improvements for Nmap,
including OS fingerprint matching, probe matching and retransmission
lookups for large hostgroups, and service name lookups.
* Integrated many of the most-submitted IPv4 OS fingerprints for recent
versions of Windows, iOS, macOS, Linux, and BSD.
* Added the tftp-version script which requests a nonexistent file from a
TFTP server and matches the error message to a database of known software.
* Ncat can now accept "connections" from multiple UDP hosts in listen mode
with the --keep-open option. This also enables --broker and --chat via UDP.
* Upgrade included libraries: zlib 1.2.13, Lua 5.4.4, libpcap 1.10.4
* UDP port scan (-sU) and version scan (-sV) now both use the same data source,
nmap-service-probes, for data payloads. Previously, the nmap-payloads file
was used for port scan.
* Nmap's service scan (-sV) can now probe the UDP service behind a DTLS tunnel,
the same as it already does for TCP services with SSL/TLS encryption.
* Ncat in listen mode with --udp --ssl will use DTLS to secure incoming connections.
* Handle Internationalized Domain Names (IDN) like Яндекс.рф on platforms
where getaddrinfo supports the AI_IDN flag. [Daniel Miller]
* Improved DNS domain name parsing to avoid recursion and enforce name length
limits, avoiding a theoretical stack overflow issue with certain crafted
DNS server responses.
- Update License to 'LicenseRef-NPSL-0.95'
- The package is licenced under the ""Nmap Public Source License",
which is not OSI approved. Specify as "LicenseRef-NPSL-0.93".
(boo#1211571)
- Update to 7.93:
* This release commemorates Nmap's 25th anniversary! It all started with this September 1, 1997 Phrack article by Fyodor: https://nmap.org/p51-11.html.
* Ensure Nmap builds with OpenSSL 3.0 using no deprecated API functions. Binaries for this release include OpenSSL 3.0.5.
* Upgrade included libraries: libssh2 1.10.0, zlib 1.2.12, Lua 5.3.6, libpcap 1.10.1
* Fix a bug that prevented Nmap from discovering interfaces on Linux when no IPv4 addresses were configured.
* NSE "exception handling" with nmap.new_try() will no longer result in a stack traceback in debug output
* Update the Nmap output DTD to match actual output since the `<hosthint>` element was added in Nmap 7.90.
* Fix newtargets support: since Nmap 7.92, scripts could not add targets in script pre-scanning phase.
* Scripts dhcp-discover and broadcast-dhcp-discover now support setting a client identifier.
* Script oracle-tns-version was not reporting the version correctly for Oracle 19c or newer
* Script redis-info was crashing or producing inaccurate information about client connections and/or cluster nodes.
* Script ipidseq was broken due to calling an unreachable library function.
* Support for EC crypto was not properly enabled if Nmap was compiled with OpenSSL in a custom location.
* Improvements to event handling and pcap socket garbage collection, fixing potential hangs and crashes.
* Fix TDS7 password encoding for mssql.lua, which had been assuming ASCII input even though other parts of the library had been passing it Unicode.
* Replace deprecated CPEs for IIS with their updated identifier, cpe:/a:microsoft:internet_information_services
* Fix script-terminating error when unknown BSON data types are encountered. Added parsers for most standard data types.
* Fix hostname/certificate comparison and matching to handle ASN.1 strings without null terminators, a similar bug to OpenSSL's CVE-2021-3712.
* Added support for SOCKS5 proxies that return bind addresses as hostnames, instead of IPv4/IPv6 addresses.
- Do not build with python2 support for SLE15-SP4, bsc#1190997
- Tumbleweed is not affected by the following SLE issues:
* bsc#1148742, CVE-2017-18594
* bsc#1135350
* bsc#1133512
- Update to 7.92:
* TLS 1.3 now supported by most scripts for which it is relevant
* Other bugfixes and improvements
* https://nmap.org/changelog.html#7.92
- Also guard the python-devel BuildRequires if we're building for Python 2
- update to 7.91:
* Rectify error "time result cannot be represented" in the AFP
library
* Support setting the SNMP protocol version in via snmp.version
* Fix MySQL library not properly parsing responses
* mysql-audit now defaults to the bundled mysql-cis.audit for
the audit rule base
- update to 7.90:
* New fingerprints for better OS and service/version detection
* 3 new NSE scripts, new protocol libraries and payloads for host discovery,
port scanning and version detection
* 70+ smaller bug fixes and improvements
* Build system upgrades and code quality improvements
- drop netmask_negativ_bitshift.patch (obsolete)
- fix typo in description
- Update to 7.80:
* 11 new NSE scripts
* Added AF_VSOCK (Linux VM sockets) functionality to Nsock and Ncat
* Deprecate and disable the -PR (ARP ping) host discovery option. ARP ping is
already used whenever possible.
* Temporary RSA keys are now 2048-bit to resolve a compatibility issue with
OpenSSL library configured with security level 2.
* See https://nmap.org/changelog#7.80 for the complete changelog.
- Removed patches included upstream:
* nmap-7.70-CVE-2018-15173_pcre_limits.patch
* nmap-7.70-fix_infinite_loop.patch
- Added netmask_negativ_bitshift.patch to fix netmask calculation for certain
architectures.
- add nmap-7.70-fix_infinite_loop.patch to fix infinite loop in
tls-alpn when server is forcing a protocol [bsc#1143277]
- add nmap-7.70-CVE-2018-15173_pcre_limits.patch to reduce LibPCRE
resource limits so that version detection can't use as much of
the stack. Previously Nmap could crash when run on low-memory
systems against target services which are intentionally or
accidentally difficult to match [bsc#1104139] [CVE-2018-15173].
- Trim filler wording from description.
- Trim idempotent %if..%endif blocks.
- Explicitly request bash for bashisms in %install.
- don't build zenmap and ndiff python2 subpackages because of the
python2 deprecation in Tumbleweed
- run spec-cleaner
- tweak Summaries and Descriptions
- Update to 7.70:
* 14 new NSE scripts
* iec-identify probes for the IEC 60870-5-104 SCADA protocol
* ssh-brute performs brute-forcing of SSH password credentials
* See https://nmap.org/changelog.html#7.70 for the complete changelog.
- Nmap 7.60:
* NSE scripts now have complete SSH support via libssh2
* Added 14 NSE scripts from 6 authors, bringing the total up to 579!
* See https://nmap.org/changelog.html#7.60 for the complete changelog.
- Nmap 7.50:
* Integrated all of your service/version detection fingerprints
submitted from September to March (855 of them). The signature
count went up 2.9% to 11,418. We now detect 1193 protocols from
apachemq, bro, and clickhouse to jmon, slmp, and zookeeper.
Highlights: http://seclists.org/nmap-dev/2017/q2/140
* Many added NSE scripts, OS fingerprints, service probes
* See https://nmap.org/changelog.html#7.50 for the complete changelog.
- Nmap 7.40:
* Many added NSE scripts, OS fingerprints, service probes
* New option --defeat-icmp-ratelimit dramatically reduces UDP
scan times in exchange for labeling unresponsive
(and possibly open) ports as "closed|filtered".
* New NSE library, geoip.lua, provides a common framework for
storing and retrieving IP geolocation results.
* See https://nmap.org/changelog.html#7.40 for the complete
changelog.
- Refresh nmap-5.61-desktop_files.patch as
nmap-7.40-desktop_files.patch
- Nmap 7.31:
* Fix the way Nmap handles scanning names that resolve to the
same IP
* Zenmap: Better visual indication that display of hostname is
tied to address in the Topology page
- Nmap 7.30:
* Many added NSE scripts, OS fingerprints, service probes
* Improved output filtering
* Using Lua 5.3
* Many bug fixes, improvements and performance enhancements
- Nmap 7.12:
* Zenmap: Avoid file corruption in zenmap.conf
* NSE: VNC updates
* NSE: Add STARTTLS support for VNC, NNTP, and LMTP
* Add new service probes and match lines for OpenVPN
- Nmap 7.11:
* Add support for diffie-hellman-group-exchange-* SSH key
exchange methods to ssh2.lua, allowing ssh-hostkey to run on
servers that only support custom Diffie-Hellman groups.
* Add support in sslcert.lua for Microsoft SQL Server's TDS
protocol, so you can now grab certs with ssl-cert or check
ciphers with ssl-enum-ciphers.
* Fix crashes in Zenmap
- Nmap 7.10:
* Add 12 NSE scripts
* Integrate OS, service/version detection fingerprint submissions
* Updated to various NSE scripts
* Zenmap: Remember window geometry (position and size) from the
previous time Zenmap was run.
* Give option parsing errors after the long usage statement
* Changed Nmap's idea of reserved and private IP addresses to include
169.254/16 (RFC3927) and remove 6/8, 7/8, and 55/8 networks
(for -iR randomly generated targets)
Usage of own exclusion lists with --exclude or --exclude-file is
recommended to avoid scanning newly-valid addresses belonging to
the US DoD.
* Allow the -4 option for Nmap to indicate IPv4 address family.
* Add verbosity level of 0 (-v0): not text output
- Nmap 7.01:
* various bug fixes in NSE
- Nmap 7.00:
* see /usr/share/doc/packages/nmap/CHANGELOG
- removed patches:
* nmap-4.00-noreturn.diff
* nmap-6.00-libpcap-filter.diff
not needed since we do not build against the bundled libpcap
- updated patch:
* nmap-ncat-skip-network-tests.patch
- Unbreak everything not Factory
- Fix the build for Factory. Insist on lua 5.2.x
- BuildRequire lua52-devel on openSUSE > 13.2 (current Tumbleweed):
nmap has not been ported to LUA 5.3 yet.
- Minor fix in check session: internal lua identifies itself as
5.2.3 by now.
- fix build on SLE 12 by removing gpg-offline dependency
- run spec-cleaner
- Nmap 6.47:
* updated IPv4 OS fingerprints
* Removed the External Entity Declaration from the DOCTYPE in
Nmap's XML. The doctype is now: <!DOCTYPE nmaprun>
* Ncat: Fixed SOCKS5 username/password authentication
* Avoid formatting NULL as "%s" when running nmap --iflist
* Zenmap, Ndiff: Avoid crashing with old PyXML package
* Handle ICMP admin-prohibited messages when doing service version
detection.
* NSE: Fix a bug causing http.head to not honor redirects.
* Zenmap: Fix a bug in DiffViewer causing a crash
- fix self-obsoletion of zenmap (nmap-gtk)
- Nmap 6.46
- NSE:
* Made numerous improvements to ssl-heartbleed to provide
more reliable detection of the vulnerability
* Fix some bugs which could cause snmp-ios-config and
snmp-sysdescr scripts to crash
* Improved performance of citrixlua library when handling large
XML responses containing application lists
- Zenmap:
* Fixed a bug which caused this crash message: "IOError:
[Errno socket error] [Errno 10060] A connection attempt
failed [...]" due to DOCTYPE definition to Nmap's XML output
- Nmap 6.45
- NSE:
* Add ssl-heartbleed script to detect the Heartbleed OpenSSL bug
* Fixed an error-handling bug in socks-open-proxy that caused it
to fail when scanning a SOCKS4-only proxy
* Improved ntp-info script to handle underscores in returned
data
* Add quake1-info script for retrieving server and player
information from Quake 1 game servers
* Add unicode library for decoding and encoding UTF-8, UTF-16,
CP437 and other character sets to Unicode code points. Scripts
that previously just added or skipped nulls in UTF-16 data can
use this to support non-ASCII characters
* When doing a ping scan (-sn), the --open option will prevent down
hosts from being shown when -v is specified. This aligns with
similar output for othe rscan types
* Add http-ntlm-info script for getting server information from
Web servers that require NTLM authentication
* Added tls library for functions related to SSLv3 and TLS
messages. Existing ssl-enum-ciphers, ssl-date, and
tls-nextprotoneg scripts were updated to use this library
* Add sstp-discover script to discover Microsoft's Secure Socket
Tunnelling Protocol
* Added unittest library and NSE script for adding unit tests to
NSE libraries
* Added allseeingeye-info script
* Add freelancer-info script
* Add http-server-header script
* Add rfc868-time script
* Add weblogic-t3-info script
* Removed a fixed value (28428) which was being set for the Request
ID in the snmpWalk library function
* Add http-iis-short-name-brute script
* Add http-dlink-backdoor
* Made telnet-brute support multiple parallel guessing threads
* Made the table returned by ssh1.fetch_host_key contain a "key"
element, like that of ssh2.fetch_host_key
* Update dns-cache-snoop script to use a new list of top 50
domains rather than a 2010 list
* Added the qconn-exec script
- Ncat:
* Added support for socks5 and corresponding regression tests.
* Fixed compilation when --without-liblua is specified
* Added NCAT_PROTO, NCAT_REMOTE_ADDR, NCAT_REMOTE_PORT,
NCAT_LOCAL_ADDR and NCAT_LOCAL_PORT environment variables being
set in all --*-exec child processes.
- Nsock:
* Handle timers and timeouts via a priority queue
- Various:
* Added TCP support to dns.lua
* Added safe fd_set operations. This makes nmap fail gracefully
instead of crashing when the number of file descriptors grows
over FD_SETSIZE
* Updated bundled liblua from 5.2.2 to 5.2.3 (bugfix release)
* Added version detection signatures and probes for a bunch of
Android remote mouse/keyboard servers, including AndroMouse,
AirHID, Wifi-mouse, and RemoteMouse.
* Fixed a bug with UDP checksum calculation
* Idle scan now supports IPv6
* The ICMP ID of ICMP probes is now matched against the sent ICMP
ID to reduce the chance of false matches
- Zenmap:
* Fixed a crash that would happen when you entered a search
term starting with a colon
- add missing python-gtk dependency for zenmap [bnc#752158]
- update to 6.40
- [Ncat] Added --lua-exec
- new and updated IPv4 OS fingerprints
- new and updated IPv6 OS fingerprints
- new and updated service/version fingerprints
- [Nsock] Added initial proxy support to Nsock
- [NSE] Added 14 NSE scripts
- Updated the Nmap license terms, still GPL-2.0+
https://svn.nmap.org/nmap/COPYING.
- [NSE] fix possibility of writing arbitrary file to client system
when using the http-domino-enum-passwords script with the
domino-enum-passwords.idpath parameter against a malicious server
- Unicast CIDR-style IPv6 range scanning is now supported
- It's now possible to mix IPv4 range notation with CIDR netmasks in
target specifications.
- Timeout script-args are now standardized to use the timespec that
Nmap's command-line arguments take (5s, 5000ms, 1h, etc.)
- Nmap may now partially rearrange its target list for more efficient
host groups.
- [Ncat] The -i option (idle timeout) now works in listen mode as well as
connect mode.
- [Ncat] Ncat now support chained certificates with the --ssl-cert
option.
- [Nping] Nping now checks for a matching ICMP ID on echo replies
- [NSE] The ipOps.isPrivate library now considers the deprecated
site-local prefix fec0::/10 to be private.
- Nmap's routing table is now sorted first by netmask, then by metric.
- Routes are now sorted to prefer those with a lower metric.
- Fixed a byte-ordering problem on little-endian architectures when doing
idle scan with a zombie that uses broken ID increments.
- Stop parsing TCP options after reaching EOL in libnetutil.
- [NSE] The dns-ip6-arpa-scan script now optionally accepts "/" syntax for
a network mask
- Fixed our NSEDoc system for UTF-8 names
- UDP protocol payloads were added for detecting the Murmer service
- [NSE] Added http-phpmyadmin-dir-traversal
- Fixed address matching for SCTP (-PY) ping
- Removed some non-ANSI-C strftime format strings ("%F") and
locale-dependent formats ("%c") from NSE scripts and libraries.
- [Zenmap] Improved internationalization support
- [Zenmap] Fixed internationalization files
- [NSE] Updated the included Liblua from version 5.2.1 to 5.2.2.
- [Nsock] Added a minimal regression test suite for Nsock.
- [NSE] Updated the redis-brute and redis-info scripts to work against
the latest versions of redis server
- [Ncat] Fixed errors in connecting to IPv6 proxies.
- [NSE] Updated hostmap-bfk to work with the latest version of their website
- [NSE] Added XML structured output support to:
+ xmpp-info, irc-info, sslv2, address-info
+ hostmap-bfk, hostmap-robtex, hostmap-ip2hosts.
+ http-git.nse.
- Added new service probes for:
+ Erlang distribution nodes
+ Minecraft servers.
+ Hazelcast data grid.
- [NSE] Rewrote telnet-brute for better compatibility with a variety of
telnet servers.
- Fixed a regression that changed the number of delimiters in machine
output.
- Fixed a regression in broadcast-dropbox-listener which prevented it from
producing output.
- Handle ICMP type 11 (Time Exceeded) responses to port scan probes.
- Add new decoders (BROWSER, DHCP6 and LLMNR) to broadcast-listener and
changed output of some of the decoders slightly.
- Namespace the pipes used to communicate with subprocesses by PID, to avoid
multiple instances of Ncat from interfering with each other.
- [NSE] Changed ip-geolocation-geoplugin to use the web service's new output
format.
- Limited the number of open sockets in ultra_scan to FD_SETSIZE.
- Fixed a bug that prevented Nmap from finding any interfaces when one of
them had the type ARP_HDR_APPLETALK
- [Ncat] Ncat now keeps running in connect mode after receiving EOF from the
remote socket, unless --recv-only is in effect.
- Packet trace of ICMP packets now include the ICMP ID and sequence number
by default.
- [NSE] Fixed various NSEDoc bugs
- [Zenmap] Zenmap now understands the NMAP_PRIVILEGED and NMAP_UNPRIVILEGED
environment variables.
- Added an ncat_assert macro.
- Added nmap-fo.xsl to convert Nmap XML into XSL-FO, which can be converted
into PDF using tools suck as Apache FOP.
- Increased the number of slack file descriptors not used during connect
scan.
- Changed the --webxml XSL stylesheet to point to the new location of
nmap.xsl in the new repository (https://svn.nmap.org/nmap/docs/nmap.xsl).
- [NSE] The vulnerability library can now preserve vulnerability information
across multiple ports of the same host.
- Removed the undocumented -q option, which renamed the nmap process to
something like "pine".
- Moved the Japanese man page from man1/jp to man1/ja. JP is a country code
while JA is a language code.
- [Nsock] Reworked the logging infrastructure to make it more flexible and
consistent.
- [NSE] Fixed scripts using unconnected UDP sockets.
- Made some changes to Ndiff to reduce parsing time when dealing with large
Nmap XML output files.
- [Zenmap] Fixed a crash that could be caused by opening the About dialog,
using the window manager to close it, and opening it again.
- [Ncat] Made test-addrset.sh exit with nonzero status if any tests
fail.
- Fixed compilation with --without-liblua.
- Fixed CRC32c calculation (as used in SCTP scans) on 64-bit
platforms.
- [NSE] Added multicast group name output to broadcast-igmp-discovery.nse.
- [NSE] Added new fingerprints for http-enum: Sitecore, Moodle, typo3,
SquirrelMail, RoundCube.
- Packaging changes:
* remove nmap-ncat-fail-test-addrset.patch, committed upstream
* ja locale was corrected upstream
- add verification of gpg signatures of source tarballs
- run available unit tests
- add nmap-ncat-fail-test-addrset.patch to make ncat tests effective
- add nmap-ncat-skip-network-tests.patch to skip tests requiring
name resolution
- update to 6.25
+ add 373 IPv4 OS fingerprints and improve existing fingerprints
+ add more than 400 service/version detection fingerprints
+ integrate latest IPv6 OS submissions and corrections
+ Enabled support for IPv6 traceroute using UDP, SCTP, and IPProto
(Next Header) probes.
+ Scripts can now return a structured name-value table so that results
are query-able from XML output. Scripts can return a string as
before, or a table, or a table and a string. In this last case, the
table will go to XML output and the string will go to screen output.
+ Ncat: Added support for Unix domain sockets. The new -U and
--unixsock options activate this mode.
+ removal of Windows dependencies reduces size of source tarball
+ Replaced old RPC grinder with NSE-based implementation
+ Updated Nmap Scripting Engine to use Lua 5.2
+ Added 85 NSE scripts
+ Added 12 new protocol libraries:
* ajp (Apache JServ Protocol)
* base32 (Base32 encoding/decoding - RFC 4648)
* bjnp (Canon BJNP printer/scanner discovery protocol)
* cassandra (Cassandra database protocol)
* eigrp (Cisco Enhanced Interior Gateway Routing Protocol)
* gps (Global Positioning System - does GPRMC NMEA decoding)
* ipp (CUPS Internet Printing Protocol)
* isns (Internet Storage Name Service)
* jdwp (Java Debug Wire Protocol)
* mobileme (a service for managing Apple/Mac devices)
* ospf (Open Shortest Path First routing protocol)
* rdp (Remote Desktop Protocol)
+ added more Common Platform Enumeration (CPE) identifiers
+ Scans that use OS sockets (including TCP connect scan, version
detection, and script scan) now use the SO_BINDTODEVICE sockopt on
Linux, so that the -e (select network device) option is
honored.
+ [Zenmap] Host filters can now do negative matching, for example you
can use "os:!linux" to match hosts NOT detected as Linux.
+ further minor improvements and bug fixes as listed in
http://nmap.org/changelog.html
- for openSUSE releases where lua 5.2 is available, build with that
library, otherwise use the library that comes with the sources
- add tests for the correct system or included libraries
- refresh nmap-4.75-nostrip.patch
- refresh su-to-zenmap.patch
- update manpages glob to fix Factory build
- update to upstream 6.0.1
* fix a zenmap a crash that happened when activating the host filter.
* fix finding network interfaces if one of them is in monitor mode
* fixx greppable output of hosts that time-out
- update to upstream 6.00
* enhanced Nmap Scripting Engine
* Better Web Scanning
* Full IPv6 Support
* New NPing Tool
* Better Zenmap GUI & results viewer
* Faster scans
* for a full list of changes see http://nmap.org/6/#changes and
http://nmap.org/changelog.html
- refresh nmap-4.00-libpcap-filter.diff
- as nmap is built with the inluded and stripped nmap-libdnet-1.12,
remove system libdnet as build requirement
- Update to nmap-5.61TEST5
- refresh nmap-4.00-libpcap-filter.diff for moved source lines
- refresh nmap-4.00-noreturn.diff for moved source lines
- refresh nmap-4.75-nostrip.patch for moved source lines
- update nmap-5.00-desktop_files.patch
to nmap-5.61-desktop_files.patch for change source
- update su-to-zenmap.patch for moved source lines
- Conditionally change lua-devel BuildRequires to lua51-devel on
openSUSE > 12.1. The code is not yet ready for lua 5.2.
- Fixed a run Zenmap as sudo in KDE and GNOME
- Update to nmap 5.61-xxx branch, changelog too long, see NEWS
for details.
- Add a new subpackage "nping"
- drop no-md2.patch already in upstream.
- add nmap-5.21-gnomesu.patch (fixed bnc#613847)
- spec file clean up to build on SLE and openSUSE < 11.3
- update to 5.21
* Dramatically improved the version detection database, integrating
2,596 submissions that users contributed since February 3, 2009!
* bugfixes
- disable md2 in the scripting language (no longer supplied
by default openssl)
- fixed bnc#528581
- Pascal updated to 5.00 with way too many changes to list them,
see /usr/share/doc/packages/nmap/CHANGELOG
- introduce ncat and ndiff packages providing tools for nmap scans
- use new python macros
- remove strip so we have debuginfos
- Update to 4.75
* [Zenmap] Added a new Scan Topology system.
* [Zenmap] Another exciting new Zenmap feature is Scan
Aggregation.
* [Zenmap] Added a context-sensitive help system to the Profile
Editor.
* Expanded nmap-services to include information on how frequently
each port number is found open.
* Nmap now scans the most common 1,000 ports by default in either
protocol (UDP scan is still optional).
* Nmap fast scan (-F) now scans the top 100 ports by default in
either protocol.
* The --top-ports option lets you specify the number of ports you
wish to scan in each protocol, and will pick the most popular
ports for you based on the new frequency data.
* integrated all of the OS detection fingerprint and correction
submissions
- rename nmap-gtk subpackage to zenmap
- update to version 4.68
* Too many changes to list, see http://nmap.org/changelog.html
- update to version 4.60 tons of bugfixes, see http://nmap.org/changelog.html
- Wrong files for package nmap in openSUSE:Factory [BNC #369021]
- We have to buildrequire lua-devel, otherwise bundled is used
- fix packaging issues
- update to version 4.53 which
o Added UPnP-info NSE script. It gathers information from the
UPnP service (UDP port 1900) which listens on many network
devices such as routers, printers, and networked media players.
o Fix a lot of Bugs
o The Nmap Scripting Engine (NSE) now supports run-time interaction
and the Nmap --host-timeout option.
- changed libpcap to libpcap-devel in BuildRequires
- change last patch to build
- fix build bug
- update to version 4.20 which
o Integrated the latest OS fingerprint submissions
o Fix Bugs
- GNOME moved to /usr
- build against system provided libdnet
- update to version 4.11 which
o Added a dozens of more detailed SSH version detection
signatures
o Fixed the Nmap Makefile
o Fixed a compilation problem on solaris and possibly other
platforms.
o Applied a patch which helps with HP-UX compilation by linking
in the nm library (-lnm
o Added version detection probes for detecting the Nessus daemon.
- Reduce BuildRequires.
- update to 4.0 final. Only some metadata updates
- added pcre-devel to buildrequires
- updated to 3.999 which includes:
o Upgraded the included LibPCRE from version 6.3 to 6.4.
o Integrated all remaining 2005 service submissions.
o Added run time interaction
o Reverse DNS resolution is now done in parallel
o Added the --badsum option, which causes Nmap to use invalid TCP or
UDP checksums for packets sent to target hosts.
o More excellent NmapFE patches from Priit Laes
o Added --max_retries option
o Many of the Nmap low-level timing options take a value in
milliseconds.
o Made some changes to allow source port zero scans (-g0).
- converted neededforbuild to BuildRequires
- 3.95 update
- 3.93 update (fixes #129227)
- fix specfile
- fix C++ Problem with gcc 4.1
- fix Makefile.in to use RPM_OPT_FLAGS
- Update to nmap-3.90
- use internal pcre to avoid problems with SYN scan
[#104337]
- Don't strip binaries
- Build against system libpcap/libpcre to avoid libpcap bugs
[Bug #98249]
- Moved desktop file, added icon (#73653).
- fix return values of gencode.c.
- Update to nmap-3.81
- Update to nmap-3.80
- Update to nmap-3.77
- Update to nmap-3.75
- Update to nmap-3.70
- Update to nmap-3.55
- Fix accidental deletion of specfile tag
- Add openssl to #nfb in order to enable SSL-scan-through support
- Update to nmap-3.50
- move nmapfe/xnmap to a subpackage nmap-gtk
- make use of openssl
- fix DESTDIR patch
- dont build as root
- Update to version 3.48
- add Categories
- Update to version 3.30
- Update to version 3.28
- Update to nmap-3.27
- Use %defattr
- Update to nmap-3.20
- removed bogus self-provides
- fix neededforbuild
- use BuildRoot
- add missing files to file list
- long awaited version 3.00. News:
* 700 operation systems + network devices in fingerprint database
* uptime scan
* XML output
* all references to God in error messages are capitalized
added filter.dif security fix for homegrown libpcap.
- new version 2.54BETA30.
- fixed specfile to build (suse_update_config before autoconf)
- update to 2.54BETA22
- Add %suse_update_config.
- fixed inet_aton detection
- fix neededforbuild
- update to 2.53, move /usr/lib/nmap to /usr/share/nmap
- Version 2.3BETA14. Move manpage to /usr/share/man
- update to version 2.3BETA6
- new version 2.12
- ran old prepare_spec on spec file to switch to new prepare_spec.
- new package, version 2.02
OBS-URL: https://build.opensuse.org/package/show/network:utilities/nmap?expand=0&rev=136
2024-07-26 09:34:37 +00:00
|
|
|
%define pythons python3
|
2007-01-07 23:48:21 +00:00
|
|
|
Name: nmap
|
- Update to 7.95:
* Integrated over 4,000 of your IPv4 OS fingerprints. Added 336 signatures,
bringing the new total to 6,036. Additions include iOS 15 & 16, macOS
Ventura & Monterey, Linux 6.1, OpenBSD 7.1, and lwIP 2.2
* Integrated over 2,500 service/version detection fingerprints. The signature
count went up 1.4% to 12,089, including 9 new softmatches. We now detect
1,246 protocols, including new additions of grpc, mysqlx, essnet,
remotemouse, and tuya.
* Added four new scripts from the DINA community for querying industrial
control systems
* Improvements to OS detection fingerprint matching, including a syntax
change for nmap-os-db that allows ranges within the TCP Options
string. This leads to more concise and maintainable fingerprints. [Daniel
Miller]
* Improved the OS detection engine by using a new source port for each retry.
Scans from systems such as Windows that do not send RST for unsolicited
SYN|ACK responses were previously unable to get a response in subsequent
tries. [Daniel Miller]
* Several profile-guided optimizations of the port scan engine. [Daniel Miller]
* Upgraded included libraries: Lua 5.4.6, libpcre2 10.43, zlib 1.3.1, libssh2
1.11.0, liblinear 2.47
* Zenmap and Ndiff now use setuptools, not distutils
for packaging.
* Fixed Ncat UDP server mode to not quit after EOF on
stdin.
* ssh-auth-methods will now print the pre-authentication banner text
when available. Requires libssh2 1.11.0 or later. [Daniel Miller]
* Fix a crash in Zenmap when changing a host comment.
* Fix TLS 1.2 signature algorithms for EdDSA. [Daniel Roethlisberger]
* Fix an out-of-bounds read which led to out-of-memory errors when
duplicate addresses were used with --exclude
* Fixed a memory leak in Nsock: compiled pcap filters were not freed.
* Fixed a crash when using service name wildcards with -p, as in -p "http*"
* Fixed DNS TXT record parsing bug which caused asn-query to fail in
Nmap 7.80 and later. [David Fifield, Mike Pattrick]
* Fixed packet size testing in KNX scripts [f0rw4rd]
- Remove nmap-7.94-handle-unknown-service-name-in-p.patch
- Add zenmap-fix-locale-install.patch
* Fix locale files installation for zenmap
- Use %pyproject macros for building and installing zenmap
- fix segfault with -p (boo#1221403)
add nmap-7.94-handle-unknown-service-name-in-p.patch
- Update License to 'SUSE-NonFree" until determined otherwise
to please checks in openSUSE:Factory:NonFree (boo#1211571)
- Fix build error and wrong requires. Lua version 5.4.4 is required.
But something in opensuse lua package is broken. Set it disable for
Leap too and not only for Tumbleweed.
- Update to 7.94:
* Zenmap and Ndiff now use Python 3
* Nmap now prints vendor names based on MAC address for MA-S (24-bit),
MA-M (28-bit), and MA-L (36-bit) registrations instead of the fixed
3-byte MAC prefix used previously for lookups.
* Lots of profile-guided memory and processing improvements for Nmap,
including OS fingerprint matching, probe matching and retransmission
lookups for large hostgroups, and service name lookups.
* Integrated many of the most-submitted IPv4 OS fingerprints for recent
versions of Windows, iOS, macOS, Linux, and BSD.
* Added the tftp-version script which requests a nonexistent file from a
TFTP server and matches the error message to a database of known software.
* Ncat can now accept "connections" from multiple UDP hosts in listen mode
with the --keep-open option. This also enables --broker and --chat via UDP.
* Upgrade included libraries: zlib 1.2.13, Lua 5.4.4, libpcap 1.10.4
* UDP port scan (-sU) and version scan (-sV) now both use the same data source,
nmap-service-probes, for data payloads. Previously, the nmap-payloads file
was used for port scan.
* Nmap's service scan (-sV) can now probe the UDP service behind a DTLS tunnel,
the same as it already does for TCP services with SSL/TLS encryption.
* Ncat in listen mode with --udp --ssl will use DTLS to secure incoming connections.
* Handle Internationalized Domain Names (IDN) like Яндекс.рф on platforms
where getaddrinfo supports the AI_IDN flag. [Daniel Miller]
* Improved DNS domain name parsing to avoid recursion and enforce name length
limits, avoiding a theoretical stack overflow issue with certain crafted
DNS server responses.
- Update License to 'LicenseRef-NPSL-0.95'
- The package is licenced under the ""Nmap Public Source License",
which is not OSI approved. Specify as "LicenseRef-NPSL-0.93".
(boo#1211571)
- Update to 7.93:
* This release commemorates Nmap's 25th anniversary! It all started with this September 1, 1997 Phrack article by Fyodor: https://nmap.org/p51-11.html.
* Ensure Nmap builds with OpenSSL 3.0 using no deprecated API functions. Binaries for this release include OpenSSL 3.0.5.
* Upgrade included libraries: libssh2 1.10.0, zlib 1.2.12, Lua 5.3.6, libpcap 1.10.1
* Fix a bug that prevented Nmap from discovering interfaces on Linux when no IPv4 addresses were configured.
* NSE "exception handling" with nmap.new_try() will no longer result in a stack traceback in debug output
* Update the Nmap output DTD to match actual output since the `<hosthint>` element was added in Nmap 7.90.
* Fix newtargets support: since Nmap 7.92, scripts could not add targets in script pre-scanning phase.
* Scripts dhcp-discover and broadcast-dhcp-discover now support setting a client identifier.
* Script oracle-tns-version was not reporting the version correctly for Oracle 19c or newer
* Script redis-info was crashing or producing inaccurate information about client connections and/or cluster nodes.
* Script ipidseq was broken due to calling an unreachable library function.
* Support for EC crypto was not properly enabled if Nmap was compiled with OpenSSL in a custom location.
* Improvements to event handling and pcap socket garbage collection, fixing potential hangs and crashes.
* Fix TDS7 password encoding for mssql.lua, which had been assuming ASCII input even though other parts of the library had been passing it Unicode.
* Replace deprecated CPEs for IIS with their updated identifier, cpe:/a:microsoft:internet_information_services
* Fix script-terminating error when unknown BSON data types are encountered. Added parsers for most standard data types.
* Fix hostname/certificate comparison and matching to handle ASN.1 strings without null terminators, a similar bug to OpenSSL's CVE-2021-3712.
* Added support for SOCKS5 proxies that return bind addresses as hostnames, instead of IPv4/IPv6 addresses.
- Do not build with python2 support for SLE15-SP4, bsc#1190997
- Tumbleweed is not affected by the following SLE issues:
* bsc#1148742, CVE-2017-18594
* bsc#1135350
* bsc#1133512
- Update to 7.92:
* TLS 1.3 now supported by most scripts for which it is relevant
* Other bugfixes and improvements
* https://nmap.org/changelog.html#7.92
- Also guard the python-devel BuildRequires if we're building for Python 2
- update to 7.91:
* Rectify error "time result cannot be represented" in the AFP
library
* Support setting the SNMP protocol version in via snmp.version
* Fix MySQL library not properly parsing responses
* mysql-audit now defaults to the bundled mysql-cis.audit for
the audit rule base
- update to 7.90:
* New fingerprints for better OS and service/version detection
* 3 new NSE scripts, new protocol libraries and payloads for host discovery,
port scanning and version detection
* 70+ smaller bug fixes and improvements
* Build system upgrades and code quality improvements
- drop netmask_negativ_bitshift.patch (obsolete)
- fix typo in description
- Update to 7.80:
* 11 new NSE scripts
* Added AF_VSOCK (Linux VM sockets) functionality to Nsock and Ncat
* Deprecate and disable the -PR (ARP ping) host discovery option. ARP ping is
already used whenever possible.
* Temporary RSA keys are now 2048-bit to resolve a compatibility issue with
OpenSSL library configured with security level 2.
* See https://nmap.org/changelog#7.80 for the complete changelog.
- Removed patches included upstream:
* nmap-7.70-CVE-2018-15173_pcre_limits.patch
* nmap-7.70-fix_infinite_loop.patch
- Added netmask_negativ_bitshift.patch to fix netmask calculation for certain
architectures.
- add nmap-7.70-fix_infinite_loop.patch to fix infinite loop in
tls-alpn when server is forcing a protocol [bsc#1143277]
- add nmap-7.70-CVE-2018-15173_pcre_limits.patch to reduce LibPCRE
resource limits so that version detection can't use as much of
the stack. Previously Nmap could crash when run on low-memory
systems against target services which are intentionally or
accidentally difficult to match [bsc#1104139] [CVE-2018-15173].
- Trim filler wording from description.
- Trim idempotent %if..%endif blocks.
- Explicitly request bash for bashisms in %install.
- don't build zenmap and ndiff python2 subpackages because of the
python2 deprecation in Tumbleweed
- run spec-cleaner
- tweak Summaries and Descriptions
- Update to 7.70:
* 14 new NSE scripts
* iec-identify probes for the IEC 60870-5-104 SCADA protocol
* ssh-brute performs brute-forcing of SSH password credentials
* See https://nmap.org/changelog.html#7.70 for the complete changelog.
- Nmap 7.60:
* NSE scripts now have complete SSH support via libssh2
* Added 14 NSE scripts from 6 authors, bringing the total up to 579!
* See https://nmap.org/changelog.html#7.60 for the complete changelog.
- Nmap 7.50:
* Integrated all of your service/version detection fingerprints
submitted from September to March (855 of them). The signature
count went up 2.9% to 11,418. We now detect 1193 protocols from
apachemq, bro, and clickhouse to jmon, slmp, and zookeeper.
Highlights: http://seclists.org/nmap-dev/2017/q2/140
* Many added NSE scripts, OS fingerprints, service probes
* See https://nmap.org/changelog.html#7.50 for the complete changelog.
- Nmap 7.40:
* Many added NSE scripts, OS fingerprints, service probes
* New option --defeat-icmp-ratelimit dramatically reduces UDP
scan times in exchange for labeling unresponsive
(and possibly open) ports as "closed|filtered".
* New NSE library, geoip.lua, provides a common framework for
storing and retrieving IP geolocation results.
* See https://nmap.org/changelog.html#7.40 for the complete
changelog.
- Refresh nmap-5.61-desktop_files.patch as
nmap-7.40-desktop_files.patch
- Nmap 7.31:
* Fix the way Nmap handles scanning names that resolve to the
same IP
* Zenmap: Better visual indication that display of hostname is
tied to address in the Topology page
- Nmap 7.30:
* Many added NSE scripts, OS fingerprints, service probes
* Improved output filtering
* Using Lua 5.3
* Many bug fixes, improvements and performance enhancements
- Nmap 7.12:
* Zenmap: Avoid file corruption in zenmap.conf
* NSE: VNC updates
* NSE: Add STARTTLS support for VNC, NNTP, and LMTP
* Add new service probes and match lines for OpenVPN
- Nmap 7.11:
* Add support for diffie-hellman-group-exchange-* SSH key
exchange methods to ssh2.lua, allowing ssh-hostkey to run on
servers that only support custom Diffie-Hellman groups.
* Add support in sslcert.lua for Microsoft SQL Server's TDS
protocol, so you can now grab certs with ssl-cert or check
ciphers with ssl-enum-ciphers.
* Fix crashes in Zenmap
- Nmap 7.10:
* Add 12 NSE scripts
* Integrate OS, service/version detection fingerprint submissions
* Updated to various NSE scripts
* Zenmap: Remember window geometry (position and size) from the
previous time Zenmap was run.
* Give option parsing errors after the long usage statement
* Changed Nmap's idea of reserved and private IP addresses to include
169.254/16 (RFC3927) and remove 6/8, 7/8, and 55/8 networks
(for -iR randomly generated targets)
Usage of own exclusion lists with --exclude or --exclude-file is
recommended to avoid scanning newly-valid addresses belonging to
the US DoD.
* Allow the -4 option for Nmap to indicate IPv4 address family.
* Add verbosity level of 0 (-v0): not text output
- Nmap 7.01:
* various bug fixes in NSE
- Nmap 7.00:
* see /usr/share/doc/packages/nmap/CHANGELOG
- removed patches:
* nmap-4.00-noreturn.diff
* nmap-6.00-libpcap-filter.diff
not needed since we do not build against the bundled libpcap
- updated patch:
* nmap-ncat-skip-network-tests.patch
- Unbreak everything not Factory
- Fix the build for Factory. Insist on lua 5.2.x
- BuildRequire lua52-devel on openSUSE > 13.2 (current Tumbleweed):
nmap has not been ported to LUA 5.3 yet.
- Minor fix in check session: internal lua identifies itself as
5.2.3 by now.
- fix build on SLE 12 by removing gpg-offline dependency
- run spec-cleaner
- Nmap 6.47:
* updated IPv4 OS fingerprints
* Removed the External Entity Declaration from the DOCTYPE in
Nmap's XML. The doctype is now: <!DOCTYPE nmaprun>
* Ncat: Fixed SOCKS5 username/password authentication
* Avoid formatting NULL as "%s" when running nmap --iflist
* Zenmap, Ndiff: Avoid crashing with old PyXML package
* Handle ICMP admin-prohibited messages when doing service version
detection.
* NSE: Fix a bug causing http.head to not honor redirects.
* Zenmap: Fix a bug in DiffViewer causing a crash
- fix self-obsoletion of zenmap (nmap-gtk)
- Nmap 6.46
- NSE:
* Made numerous improvements to ssl-heartbleed to provide
more reliable detection of the vulnerability
* Fix some bugs which could cause snmp-ios-config and
snmp-sysdescr scripts to crash
* Improved performance of citrixlua library when handling large
XML responses containing application lists
- Zenmap:
* Fixed a bug which caused this crash message: "IOError:
[Errno socket error] [Errno 10060] A connection attempt
failed [...]" due to DOCTYPE definition to Nmap's XML output
- Nmap 6.45
- NSE:
* Add ssl-heartbleed script to detect the Heartbleed OpenSSL bug
* Fixed an error-handling bug in socks-open-proxy that caused it
to fail when scanning a SOCKS4-only proxy
* Improved ntp-info script to handle underscores in returned
data
* Add quake1-info script for retrieving server and player
information from Quake 1 game servers
* Add unicode library for decoding and encoding UTF-8, UTF-16,
CP437 and other character sets to Unicode code points. Scripts
that previously just added or skipped nulls in UTF-16 data can
use this to support non-ASCII characters
* When doing a ping scan (-sn), the --open option will prevent down
hosts from being shown when -v is specified. This aligns with
similar output for othe rscan types
* Add http-ntlm-info script for getting server information from
Web servers that require NTLM authentication
* Added tls library for functions related to SSLv3 and TLS
messages. Existing ssl-enum-ciphers, ssl-date, and
tls-nextprotoneg scripts were updated to use this library
* Add sstp-discover script to discover Microsoft's Secure Socket
Tunnelling Protocol
* Added unittest library and NSE script for adding unit tests to
NSE libraries
* Added allseeingeye-info script
* Add freelancer-info script
* Add http-server-header script
* Add rfc868-time script
* Add weblogic-t3-info script
* Removed a fixed value (28428) which was being set for the Request
ID in the snmpWalk library function
* Add http-iis-short-name-brute script
* Add http-dlink-backdoor
* Made telnet-brute support multiple parallel guessing threads
* Made the table returned by ssh1.fetch_host_key contain a "key"
element, like that of ssh2.fetch_host_key
* Update dns-cache-snoop script to use a new list of top 50
domains rather than a 2010 list
* Added the qconn-exec script
- Ncat:
* Added support for socks5 and corresponding regression tests.
* Fixed compilation when --without-liblua is specified
* Added NCAT_PROTO, NCAT_REMOTE_ADDR, NCAT_REMOTE_PORT,
NCAT_LOCAL_ADDR and NCAT_LOCAL_PORT environment variables being
set in all --*-exec child processes.
- Nsock:
* Handle timers and timeouts via a priority queue
- Various:
* Added TCP support to dns.lua
* Added safe fd_set operations. This makes nmap fail gracefully
instead of crashing when the number of file descriptors grows
over FD_SETSIZE
* Updated bundled liblua from 5.2.2 to 5.2.3 (bugfix release)
* Added version detection signatures and probes for a bunch of
Android remote mouse/keyboard servers, including AndroMouse,
AirHID, Wifi-mouse, and RemoteMouse.
* Fixed a bug with UDP checksum calculation
* Idle scan now supports IPv6
* The ICMP ID of ICMP probes is now matched against the sent ICMP
ID to reduce the chance of false matches
- Zenmap:
* Fixed a crash that would happen when you entered a search
term starting with a colon
- add missing python-gtk dependency for zenmap [bnc#752158]
- update to 6.40
- [Ncat] Added --lua-exec
- new and updated IPv4 OS fingerprints
- new and updated IPv6 OS fingerprints
- new and updated service/version fingerprints
- [Nsock] Added initial proxy support to Nsock
- [NSE] Added 14 NSE scripts
- Updated the Nmap license terms, still GPL-2.0+
https://svn.nmap.org/nmap/COPYING.
- [NSE] fix possibility of writing arbitrary file to client system
when using the http-domino-enum-passwords script with the
domino-enum-passwords.idpath parameter against a malicious server
- Unicast CIDR-style IPv6 range scanning is now supported
- It's now possible to mix IPv4 range notation with CIDR netmasks in
target specifications.
- Timeout script-args are now standardized to use the timespec that
Nmap's command-line arguments take (5s, 5000ms, 1h, etc.)
- Nmap may now partially rearrange its target list for more efficient
host groups.
- [Ncat] The -i option (idle timeout) now works in listen mode as well as
connect mode.
- [Ncat] Ncat now support chained certificates with the --ssl-cert
option.
- [Nping] Nping now checks for a matching ICMP ID on echo replies
- [NSE] The ipOps.isPrivate library now considers the deprecated
site-local prefix fec0::/10 to be private.
- Nmap's routing table is now sorted first by netmask, then by metric.
- Routes are now sorted to prefer those with a lower metric.
- Fixed a byte-ordering problem on little-endian architectures when doing
idle scan with a zombie that uses broken ID increments.
- Stop parsing TCP options after reaching EOL in libnetutil.
- [NSE] The dns-ip6-arpa-scan script now optionally accepts "/" syntax for
a network mask
- Fixed our NSEDoc system for UTF-8 names
- UDP protocol payloads were added for detecting the Murmer service
- [NSE] Added http-phpmyadmin-dir-traversal
- Fixed address matching for SCTP (-PY) ping
- Removed some non-ANSI-C strftime format strings ("%F") and
locale-dependent formats ("%c") from NSE scripts and libraries.
- [Zenmap] Improved internationalization support
- [Zenmap] Fixed internationalization files
- [NSE] Updated the included Liblua from version 5.2.1 to 5.2.2.
- [Nsock] Added a minimal regression test suite for Nsock.
- [NSE] Updated the redis-brute and redis-info scripts to work against
the latest versions of redis server
- [Ncat] Fixed errors in connecting to IPv6 proxies.
- [NSE] Updated hostmap-bfk to work with the latest version of their website
- [NSE] Added XML structured output support to:
+ xmpp-info, irc-info, sslv2, address-info
+ hostmap-bfk, hostmap-robtex, hostmap-ip2hosts.
+ http-git.nse.
- Added new service probes for:
+ Erlang distribution nodes
+ Minecraft servers.
+ Hazelcast data grid.
- [NSE] Rewrote telnet-brute for better compatibility with a variety of
telnet servers.
- Fixed a regression that changed the number of delimiters in machine
output.
- Fixed a regression in broadcast-dropbox-listener which prevented it from
producing output.
- Handle ICMP type 11 (Time Exceeded) responses to port scan probes.
- Add new decoders (BROWSER, DHCP6 and LLMNR) to broadcast-listener and
changed output of some of the decoders slightly.
- Namespace the pipes used to communicate with subprocesses by PID, to avoid
multiple instances of Ncat from interfering with each other.
- [NSE] Changed ip-geolocation-geoplugin to use the web service's new output
format.
- Limited the number of open sockets in ultra_scan to FD_SETSIZE.
- Fixed a bug that prevented Nmap from finding any interfaces when one of
them had the type ARP_HDR_APPLETALK
- [Ncat] Ncat now keeps running in connect mode after receiving EOF from the
remote socket, unless --recv-only is in effect.
- Packet trace of ICMP packets now include the ICMP ID and sequence number
by default.
- [NSE] Fixed various NSEDoc bugs
- [Zenmap] Zenmap now understands the NMAP_PRIVILEGED and NMAP_UNPRIVILEGED
environment variables.
- Added an ncat_assert macro.
- Added nmap-fo.xsl to convert Nmap XML into XSL-FO, which can be converted
into PDF using tools suck as Apache FOP.
- Increased the number of slack file descriptors not used during connect
scan.
- Changed the --webxml XSL stylesheet to point to the new location of
nmap.xsl in the new repository (https://svn.nmap.org/nmap/docs/nmap.xsl).
- [NSE] The vulnerability library can now preserve vulnerability information
across multiple ports of the same host.
- Removed the undocumented -q option, which renamed the nmap process to
something like "pine".
- Moved the Japanese man page from man1/jp to man1/ja. JP is a country code
while JA is a language code.
- [Nsock] Reworked the logging infrastructure to make it more flexible and
consistent.
- [NSE] Fixed scripts using unconnected UDP sockets.
- Made some changes to Ndiff to reduce parsing time when dealing with large
Nmap XML output files.
- [Zenmap] Fixed a crash that could be caused by opening the About dialog,
using the window manager to close it, and opening it again.
- [Ncat] Made test-addrset.sh exit with nonzero status if any tests
fail.
- Fixed compilation with --without-liblua.
- Fixed CRC32c calculation (as used in SCTP scans) on 64-bit
platforms.
- [NSE] Added multicast group name output to broadcast-igmp-discovery.nse.
- [NSE] Added new fingerprints for http-enum: Sitecore, Moodle, typo3,
SquirrelMail, RoundCube.
- Packaging changes:
* remove nmap-ncat-fail-test-addrset.patch, committed upstream
* ja locale was corrected upstream
- add verification of gpg signatures of source tarballs
- run available unit tests
- add nmap-ncat-fail-test-addrset.patch to make ncat tests effective
- add nmap-ncat-skip-network-tests.patch to skip tests requiring
name resolution
- update to 6.25
+ add 373 IPv4 OS fingerprints and improve existing fingerprints
+ add more than 400 service/version detection fingerprints
+ integrate latest IPv6 OS submissions and corrections
+ Enabled support for IPv6 traceroute using UDP, SCTP, and IPProto
(Next Header) probes.
+ Scripts can now return a structured name-value table so that results
are query-able from XML output. Scripts can return a string as
before, or a table, or a table and a string. In this last case, the
table will go to XML output and the string will go to screen output.
+ Ncat: Added support for Unix domain sockets. The new -U and
--unixsock options activate this mode.
+ removal of Windows dependencies reduces size of source tarball
+ Replaced old RPC grinder with NSE-based implementation
+ Updated Nmap Scripting Engine to use Lua 5.2
+ Added 85 NSE scripts
+ Added 12 new protocol libraries:
* ajp (Apache JServ Protocol)
* base32 (Base32 encoding/decoding - RFC 4648)
* bjnp (Canon BJNP printer/scanner discovery protocol)
* cassandra (Cassandra database protocol)
* eigrp (Cisco Enhanced Interior Gateway Routing Protocol)
* gps (Global Positioning System - does GPRMC NMEA decoding)
* ipp (CUPS Internet Printing Protocol)
* isns (Internet Storage Name Service)
* jdwp (Java Debug Wire Protocol)
* mobileme (a service for managing Apple/Mac devices)
* ospf (Open Shortest Path First routing protocol)
* rdp (Remote Desktop Protocol)
+ added more Common Platform Enumeration (CPE) identifiers
+ Scans that use OS sockets (including TCP connect scan, version
detection, and script scan) now use the SO_BINDTODEVICE sockopt on
Linux, so that the -e (select network device) option is
honored.
+ [Zenmap] Host filters can now do negative matching, for example you
can use "os:!linux" to match hosts NOT detected as Linux.
+ further minor improvements and bug fixes as listed in
http://nmap.org/changelog.html
- for openSUSE releases where lua 5.2 is available, build with that
library, otherwise use the library that comes with the sources
- add tests for the correct system or included libraries
- refresh nmap-4.75-nostrip.patch
- refresh su-to-zenmap.patch
- update manpages glob to fix Factory build
- update to upstream 6.0.1
* fix a zenmap a crash that happened when activating the host filter.
* fix finding network interfaces if one of them is in monitor mode
* fixx greppable output of hosts that time-out
- update to upstream 6.00
* enhanced Nmap Scripting Engine
* Better Web Scanning
* Full IPv6 Support
* New NPing Tool
* Better Zenmap GUI & results viewer
* Faster scans
* for a full list of changes see http://nmap.org/6/#changes and
http://nmap.org/changelog.html
- refresh nmap-4.00-libpcap-filter.diff
- as nmap is built with the inluded and stripped nmap-libdnet-1.12,
remove system libdnet as build requirement
- Update to nmap-5.61TEST5
- refresh nmap-4.00-libpcap-filter.diff for moved source lines
- refresh nmap-4.00-noreturn.diff for moved source lines
- refresh nmap-4.75-nostrip.patch for moved source lines
- update nmap-5.00-desktop_files.patch
to nmap-5.61-desktop_files.patch for change source
- update su-to-zenmap.patch for moved source lines
- Conditionally change lua-devel BuildRequires to lua51-devel on
openSUSE > 12.1. The code is not yet ready for lua 5.2.
- Fixed a run Zenmap as sudo in KDE and GNOME
- Update to nmap 5.61-xxx branch, changelog too long, see NEWS
for details.
- Add a new subpackage "nping"
- drop no-md2.patch already in upstream.
- add nmap-5.21-gnomesu.patch (fixed bnc#613847)
- spec file clean up to build on SLE and openSUSE < 11.3
- update to 5.21
* Dramatically improved the version detection database, integrating
2,596 submissions that users contributed since February 3, 2009!
* bugfixes
- disable md2 in the scripting language (no longer supplied
by default openssl)
- fixed bnc#528581
- Pascal updated to 5.00 with way too many changes to list them,
see /usr/share/doc/packages/nmap/CHANGELOG
- introduce ncat and ndiff packages providing tools for nmap scans
- use new python macros
- remove strip so we have debuginfos
- Update to 4.75
* [Zenmap] Added a new Scan Topology system.
* [Zenmap] Another exciting new Zenmap feature is Scan
Aggregation.
* [Zenmap] Added a context-sensitive help system to the Profile
Editor.
* Expanded nmap-services to include information on how frequently
each port number is found open.
* Nmap now scans the most common 1,000 ports by default in either
protocol (UDP scan is still optional).
* Nmap fast scan (-F) now scans the top 100 ports by default in
either protocol.
* The --top-ports option lets you specify the number of ports you
wish to scan in each protocol, and will pick the most popular
ports for you based on the new frequency data.
* integrated all of the OS detection fingerprint and correction
submissions
- rename nmap-gtk subpackage to zenmap
- update to version 4.68
* Too many changes to list, see http://nmap.org/changelog.html
- update to version 4.60 tons of bugfixes, see http://nmap.org/changelog.html
- Wrong files for package nmap in openSUSE:Factory [BNC #369021]
- We have to buildrequire lua-devel, otherwise bundled is used
- fix packaging issues
- update to version 4.53 which
o Added UPnP-info NSE script. It gathers information from the
UPnP service (UDP port 1900) which listens on many network
devices such as routers, printers, and networked media players.
o Fix a lot of Bugs
o The Nmap Scripting Engine (NSE) now supports run-time interaction
and the Nmap --host-timeout option.
- changed libpcap to libpcap-devel in BuildRequires
- change last patch to build
- fix build bug
- update to version 4.20 which
o Integrated the latest OS fingerprint submissions
o Fix Bugs
- GNOME moved to /usr
- build against system provided libdnet
- update to version 4.11 which
o Added a dozens of more detailed SSH version detection
signatures
o Fixed the Nmap Makefile
o Fixed a compilation problem on solaris and possibly other
platforms.
o Applied a patch which helps with HP-UX compilation by linking
in the nm library (-lnm
o Added version detection probes for detecting the Nessus daemon.
- Reduce BuildRequires.
- update to 4.0 final. Only some metadata updates
- added pcre-devel to buildrequires
- updated to 3.999 which includes:
o Upgraded the included LibPCRE from version 6.3 to 6.4.
o Integrated all remaining 2005 service submissions.
o Added run time interaction
o Reverse DNS resolution is now done in parallel
o Added the --badsum option, which causes Nmap to use invalid TCP or
UDP checksums for packets sent to target hosts.
o More excellent NmapFE patches from Priit Laes
o Added --max_retries option
o Many of the Nmap low-level timing options take a value in
milliseconds.
o Made some changes to allow source port zero scans (-g0).
- converted neededforbuild to BuildRequires
- 3.95 update
- 3.93 update (fixes #129227)
- fix specfile
- fix C++ Problem with gcc 4.1
- fix Makefile.in to use RPM_OPT_FLAGS
- Update to nmap-3.90
- use internal pcre to avoid problems with SYN scan
[#104337]
- Don't strip binaries
- Build against system libpcap/libpcre to avoid libpcap bugs
[Bug #98249]
- Moved desktop file, added icon (#73653).
- fix return values of gencode.c.
- Update to nmap-3.81
- Update to nmap-3.80
- Update to nmap-3.77
- Update to nmap-3.75
- Update to nmap-3.70
- Update to nmap-3.55
- Fix accidental deletion of specfile tag
- Add openssl to #nfb in order to enable SSL-scan-through support
- Update to nmap-3.50
- move nmapfe/xnmap to a subpackage nmap-gtk
- make use of openssl
- fix DESTDIR patch
- dont build as root
- Update to version 3.48
- add Categories
- Update to version 3.30
- Update to version 3.28
- Update to nmap-3.27
- Use %defattr
- Update to nmap-3.20
- removed bogus self-provides
- fix neededforbuild
- use BuildRoot
- add missing files to file list
- long awaited version 3.00. News:
* 700 operation systems + network devices in fingerprint database
* uptime scan
* XML output
* all references to God in error messages are capitalized
added filter.dif security fix for homegrown libpcap.
- new version 2.54BETA30.
- fixed specfile to build (suse_update_config before autoconf)
- update to 2.54BETA22
- Add %suse_update_config.
- fixed inet_aton detection
- fix neededforbuild
- update to 2.53, move /usr/lib/nmap to /usr/share/nmap
- Version 2.3BETA14. Move manpage to /usr/share/man
- update to version 2.3BETA6
- new version 2.12
- ran old prepare_spec on spec file to switch to new prepare_spec.
- new package, version 2.02
OBS-URL: https://build.opensuse.org/package/show/network:utilities/nmap?expand=0&rev=136
2024-07-26 09:34:37 +00:00
|
|
|
Version: 7.95
|
2012-03-26 21:09:31 +00:00
|
|
|
Release: 0
|
2018-05-10 23:07:02 +00:00
|
|
|
Summary: Network exploration tool and security scanner
|
2024-01-25 08:49:49 +00:00
|
|
|
# nmap 7.94 is licensed under Nmap Public Source License Version 0.95
|
|
|
|
|
# https://nmap.org/npsl/
|
|
|
|
|
# https://bugzilla.opensuse.org/show_bug.cgi?id=1211571
|
2024-03-14 18:46:28 +00:00
|
|
|
License: NonFree
|
2012-03-26 21:09:31 +00:00
|
|
|
Group: Productivity/Networking/Diagnostic
|
2020-11-02 13:45:23 +00:00
|
|
|
URL: https://nmap.org/
|
2015-11-23 04:12:32 +00:00
|
|
|
Source: https://nmap.org/dist/nmap-%{version}.tar.bz2
|
2013-08-19 23:15:15 +00:00
|
|
|
Source1: https://svn.nmap.org/nmap/docs/nmap_gpgkeys.txt#/%{name}.keyring
|
2013-03-10 22:42:45 +00:00
|
|
|
Source2: http://nmap.org/dist/sigs/%{name}-%{version}.tar.bz2.asc
|
2016-12-29 13:14:22 +00:00
|
|
|
Patch1: nmap-7.40-desktop_files.patch
|
2015-11-23 04:12:32 +00:00
|
|
|
Patch2: nmap-4.75-nostrip.patch
|
|
|
|
|
Patch3: su-to-zenmap.patch
|
|
|
|
|
Patch4: nmap-ncat-skip-network-tests.patch
|
- Update to 7.95:
* Integrated over 4,000 of your IPv4 OS fingerprints. Added 336 signatures,
bringing the new total to 6,036. Additions include iOS 15 & 16, macOS
Ventura & Monterey, Linux 6.1, OpenBSD 7.1, and lwIP 2.2
* Integrated over 2,500 service/version detection fingerprints. The signature
count went up 1.4% to 12,089, including 9 new softmatches. We now detect
1,246 protocols, including new additions of grpc, mysqlx, essnet,
remotemouse, and tuya.
* Added four new scripts from the DINA community for querying industrial
control systems
* Improvements to OS detection fingerprint matching, including a syntax
change for nmap-os-db that allows ranges within the TCP Options
string. This leads to more concise and maintainable fingerprints. [Daniel
Miller]
* Improved the OS detection engine by using a new source port for each retry.
Scans from systems such as Windows that do not send RST for unsolicited
SYN|ACK responses were previously unable to get a response in subsequent
tries. [Daniel Miller]
* Several profile-guided optimizations of the port scan engine. [Daniel Miller]
* Upgraded included libraries: Lua 5.4.6, libpcre2 10.43, zlib 1.3.1, libssh2
1.11.0, liblinear 2.47
* Zenmap and Ndiff now use setuptools, not distutils
for packaging.
* Fixed Ncat UDP server mode to not quit after EOF on
stdin.
* ssh-auth-methods will now print the pre-authentication banner text
when available. Requires libssh2 1.11.0 or later. [Daniel Miller]
* Fix a crash in Zenmap when changing a host comment.
* Fix TLS 1.2 signature algorithms for EdDSA. [Daniel Roethlisberger]
* Fix an out-of-bounds read which led to out-of-memory errors when
duplicate addresses were used with --exclude
* Fixed a memory leak in Nsock: compiled pcap filters were not freed.
* Fixed a crash when using service name wildcards with -p, as in -p "http*"
* Fixed DNS TXT record parsing bug which caused asn-query to fail in
Nmap 7.80 and later. [David Fifield, Mike Pattrick]
* Fixed packet size testing in KNX scripts [f0rw4rd]
- Remove nmap-7.94-handle-unknown-service-name-in-p.patch
- Add zenmap-fix-locale-install.patch
* Fix locale files installation for zenmap
- Use %pyproject macros for building and installing zenmap
- fix segfault with -p (boo#1221403)
add nmap-7.94-handle-unknown-service-name-in-p.patch
- Update License to 'SUSE-NonFree" until determined otherwise
to please checks in openSUSE:Factory:NonFree (boo#1211571)
- Fix build error and wrong requires. Lua version 5.4.4 is required.
But something in opensuse lua package is broken. Set it disable for
Leap too and not only for Tumbleweed.
- Update to 7.94:
* Zenmap and Ndiff now use Python 3
* Nmap now prints vendor names based on MAC address for MA-S (24-bit),
MA-M (28-bit), and MA-L (36-bit) registrations instead of the fixed
3-byte MAC prefix used previously for lookups.
* Lots of profile-guided memory and processing improvements for Nmap,
including OS fingerprint matching, probe matching and retransmission
lookups for large hostgroups, and service name lookups.
* Integrated many of the most-submitted IPv4 OS fingerprints for recent
versions of Windows, iOS, macOS, Linux, and BSD.
* Added the tftp-version script which requests a nonexistent file from a
TFTP server and matches the error message to a database of known software.
* Ncat can now accept "connections" from multiple UDP hosts in listen mode
with the --keep-open option. This also enables --broker and --chat via UDP.
* Upgrade included libraries: zlib 1.2.13, Lua 5.4.4, libpcap 1.10.4
* UDP port scan (-sU) and version scan (-sV) now both use the same data source,
nmap-service-probes, for data payloads. Previously, the nmap-payloads file
was used for port scan.
* Nmap's service scan (-sV) can now probe the UDP service behind a DTLS tunnel,
the same as it already does for TCP services with SSL/TLS encryption.
* Ncat in listen mode with --udp --ssl will use DTLS to secure incoming connections.
* Handle Internationalized Domain Names (IDN) like Яндекс.рф on platforms
where getaddrinfo supports the AI_IDN flag. [Daniel Miller]
* Improved DNS domain name parsing to avoid recursion and enforce name length
limits, avoiding a theoretical stack overflow issue with certain crafted
DNS server responses.
- Update License to 'LicenseRef-NPSL-0.95'
- The package is licenced under the ""Nmap Public Source License",
which is not OSI approved. Specify as "LicenseRef-NPSL-0.93".
(boo#1211571)
- Update to 7.93:
* This release commemorates Nmap's 25th anniversary! It all started with this September 1, 1997 Phrack article by Fyodor: https://nmap.org/p51-11.html.
* Ensure Nmap builds with OpenSSL 3.0 using no deprecated API functions. Binaries for this release include OpenSSL 3.0.5.
* Upgrade included libraries: libssh2 1.10.0, zlib 1.2.12, Lua 5.3.6, libpcap 1.10.1
* Fix a bug that prevented Nmap from discovering interfaces on Linux when no IPv4 addresses were configured.
* NSE "exception handling" with nmap.new_try() will no longer result in a stack traceback in debug output
* Update the Nmap output DTD to match actual output since the `<hosthint>` element was added in Nmap 7.90.
* Fix newtargets support: since Nmap 7.92, scripts could not add targets in script pre-scanning phase.
* Scripts dhcp-discover and broadcast-dhcp-discover now support setting a client identifier.
* Script oracle-tns-version was not reporting the version correctly for Oracle 19c or newer
* Script redis-info was crashing or producing inaccurate information about client connections and/or cluster nodes.
* Script ipidseq was broken due to calling an unreachable library function.
* Support for EC crypto was not properly enabled if Nmap was compiled with OpenSSL in a custom location.
* Improvements to event handling and pcap socket garbage collection, fixing potential hangs and crashes.
* Fix TDS7 password encoding for mssql.lua, which had been assuming ASCII input even though other parts of the library had been passing it Unicode.
* Replace deprecated CPEs for IIS with their updated identifier, cpe:/a:microsoft:internet_information_services
* Fix script-terminating error when unknown BSON data types are encountered. Added parsers for most standard data types.
* Fix hostname/certificate comparison and matching to handle ASN.1 strings without null terminators, a similar bug to OpenSSL's CVE-2021-3712.
* Added support for SOCKS5 proxies that return bind addresses as hostnames, instead of IPv4/IPv6 addresses.
- Do not build with python2 support for SLE15-SP4, bsc#1190997
- Tumbleweed is not affected by the following SLE issues:
* bsc#1148742, CVE-2017-18594
* bsc#1135350
* bsc#1133512
- Update to 7.92:
* TLS 1.3 now supported by most scripts for which it is relevant
* Other bugfixes and improvements
* https://nmap.org/changelog.html#7.92
- Also guard the python-devel BuildRequires if we're building for Python 2
- update to 7.91:
* Rectify error "time result cannot be represented" in the AFP
library
* Support setting the SNMP protocol version in via snmp.version
* Fix MySQL library not properly parsing responses
* mysql-audit now defaults to the bundled mysql-cis.audit for
the audit rule base
- update to 7.90:
* New fingerprints for better OS and service/version detection
* 3 new NSE scripts, new protocol libraries and payloads for host discovery,
port scanning and version detection
* 70+ smaller bug fixes and improvements
* Build system upgrades and code quality improvements
- drop netmask_negativ_bitshift.patch (obsolete)
- fix typo in description
- Update to 7.80:
* 11 new NSE scripts
* Added AF_VSOCK (Linux VM sockets) functionality to Nsock and Ncat
* Deprecate and disable the -PR (ARP ping) host discovery option. ARP ping is
already used whenever possible.
* Temporary RSA keys are now 2048-bit to resolve a compatibility issue with
OpenSSL library configured with security level 2.
* See https://nmap.org/changelog#7.80 for the complete changelog.
- Removed patches included upstream:
* nmap-7.70-CVE-2018-15173_pcre_limits.patch
* nmap-7.70-fix_infinite_loop.patch
- Added netmask_negativ_bitshift.patch to fix netmask calculation for certain
architectures.
- add nmap-7.70-fix_infinite_loop.patch to fix infinite loop in
tls-alpn when server is forcing a protocol [bsc#1143277]
- add nmap-7.70-CVE-2018-15173_pcre_limits.patch to reduce LibPCRE
resource limits so that version detection can't use as much of
the stack. Previously Nmap could crash when run on low-memory
systems against target services which are intentionally or
accidentally difficult to match [bsc#1104139] [CVE-2018-15173].
- Trim filler wording from description.
- Trim idempotent %if..%endif blocks.
- Explicitly request bash for bashisms in %install.
- don't build zenmap and ndiff python2 subpackages because of the
python2 deprecation in Tumbleweed
- run spec-cleaner
- tweak Summaries and Descriptions
- Update to 7.70:
* 14 new NSE scripts
* iec-identify probes for the IEC 60870-5-104 SCADA protocol
* ssh-brute performs brute-forcing of SSH password credentials
* See https://nmap.org/changelog.html#7.70 for the complete changelog.
- Nmap 7.60:
* NSE scripts now have complete SSH support via libssh2
* Added 14 NSE scripts from 6 authors, bringing the total up to 579!
* See https://nmap.org/changelog.html#7.60 for the complete changelog.
- Nmap 7.50:
* Integrated all of your service/version detection fingerprints
submitted from September to March (855 of them). The signature
count went up 2.9% to 11,418. We now detect 1193 protocols from
apachemq, bro, and clickhouse to jmon, slmp, and zookeeper.
Highlights: http://seclists.org/nmap-dev/2017/q2/140
* Many added NSE scripts, OS fingerprints, service probes
* See https://nmap.org/changelog.html#7.50 for the complete changelog.
- Nmap 7.40:
* Many added NSE scripts, OS fingerprints, service probes
* New option --defeat-icmp-ratelimit dramatically reduces UDP
scan times in exchange for labeling unresponsive
(and possibly open) ports as "closed|filtered".
* New NSE library, geoip.lua, provides a common framework for
storing and retrieving IP geolocation results.
* See https://nmap.org/changelog.html#7.40 for the complete
changelog.
- Refresh nmap-5.61-desktop_files.patch as
nmap-7.40-desktop_files.patch
- Nmap 7.31:
* Fix the way Nmap handles scanning names that resolve to the
same IP
* Zenmap: Better visual indication that display of hostname is
tied to address in the Topology page
- Nmap 7.30:
* Many added NSE scripts, OS fingerprints, service probes
* Improved output filtering
* Using Lua 5.3
* Many bug fixes, improvements and performance enhancements
- Nmap 7.12:
* Zenmap: Avoid file corruption in zenmap.conf
* NSE: VNC updates
* NSE: Add STARTTLS support for VNC, NNTP, and LMTP
* Add new service probes and match lines for OpenVPN
- Nmap 7.11:
* Add support for diffie-hellman-group-exchange-* SSH key
exchange methods to ssh2.lua, allowing ssh-hostkey to run on
servers that only support custom Diffie-Hellman groups.
* Add support in sslcert.lua for Microsoft SQL Server's TDS
protocol, so you can now grab certs with ssl-cert or check
ciphers with ssl-enum-ciphers.
* Fix crashes in Zenmap
- Nmap 7.10:
* Add 12 NSE scripts
* Integrate OS, service/version detection fingerprint submissions
* Updated to various NSE scripts
* Zenmap: Remember window geometry (position and size) from the
previous time Zenmap was run.
* Give option parsing errors after the long usage statement
* Changed Nmap's idea of reserved and private IP addresses to include
169.254/16 (RFC3927) and remove 6/8, 7/8, and 55/8 networks
(for -iR randomly generated targets)
Usage of own exclusion lists with --exclude or --exclude-file is
recommended to avoid scanning newly-valid addresses belonging to
the US DoD.
* Allow the -4 option for Nmap to indicate IPv4 address family.
* Add verbosity level of 0 (-v0): not text output
- Nmap 7.01:
* various bug fixes in NSE
- Nmap 7.00:
* see /usr/share/doc/packages/nmap/CHANGELOG
- removed patches:
* nmap-4.00-noreturn.diff
* nmap-6.00-libpcap-filter.diff
not needed since we do not build against the bundled libpcap
- updated patch:
* nmap-ncat-skip-network-tests.patch
- Unbreak everything not Factory
- Fix the build for Factory. Insist on lua 5.2.x
- BuildRequire lua52-devel on openSUSE > 13.2 (current Tumbleweed):
nmap has not been ported to LUA 5.3 yet.
- Minor fix in check session: internal lua identifies itself as
5.2.3 by now.
- fix build on SLE 12 by removing gpg-offline dependency
- run spec-cleaner
- Nmap 6.47:
* updated IPv4 OS fingerprints
* Removed the External Entity Declaration from the DOCTYPE in
Nmap's XML. The doctype is now: <!DOCTYPE nmaprun>
* Ncat: Fixed SOCKS5 username/password authentication
* Avoid formatting NULL as "%s" when running nmap --iflist
* Zenmap, Ndiff: Avoid crashing with old PyXML package
* Handle ICMP admin-prohibited messages when doing service version
detection.
* NSE: Fix a bug causing http.head to not honor redirects.
* Zenmap: Fix a bug in DiffViewer causing a crash
- fix self-obsoletion of zenmap (nmap-gtk)
- Nmap 6.46
- NSE:
* Made numerous improvements to ssl-heartbleed to provide
more reliable detection of the vulnerability
* Fix some bugs which could cause snmp-ios-config and
snmp-sysdescr scripts to crash
* Improved performance of citrixlua library when handling large
XML responses containing application lists
- Zenmap:
* Fixed a bug which caused this crash message: "IOError:
[Errno socket error] [Errno 10060] A connection attempt
failed [...]" due to DOCTYPE definition to Nmap's XML output
- Nmap 6.45
- NSE:
* Add ssl-heartbleed script to detect the Heartbleed OpenSSL bug
* Fixed an error-handling bug in socks-open-proxy that caused it
to fail when scanning a SOCKS4-only proxy
* Improved ntp-info script to handle underscores in returned
data
* Add quake1-info script for retrieving server and player
information from Quake 1 game servers
* Add unicode library for decoding and encoding UTF-8, UTF-16,
CP437 and other character sets to Unicode code points. Scripts
that previously just added or skipped nulls in UTF-16 data can
use this to support non-ASCII characters
* When doing a ping scan (-sn), the --open option will prevent down
hosts from being shown when -v is specified. This aligns with
similar output for othe rscan types
* Add http-ntlm-info script for getting server information from
Web servers that require NTLM authentication
* Added tls library for functions related to SSLv3 and TLS
messages. Existing ssl-enum-ciphers, ssl-date, and
tls-nextprotoneg scripts were updated to use this library
* Add sstp-discover script to discover Microsoft's Secure Socket
Tunnelling Protocol
* Added unittest library and NSE script for adding unit tests to
NSE libraries
* Added allseeingeye-info script
* Add freelancer-info script
* Add http-server-header script
* Add rfc868-time script
* Add weblogic-t3-info script
* Removed a fixed value (28428) which was being set for the Request
ID in the snmpWalk library function
* Add http-iis-short-name-brute script
* Add http-dlink-backdoor
* Made telnet-brute support multiple parallel guessing threads
* Made the table returned by ssh1.fetch_host_key contain a "key"
element, like that of ssh2.fetch_host_key
* Update dns-cache-snoop script to use a new list of top 50
domains rather than a 2010 list
* Added the qconn-exec script
- Ncat:
* Added support for socks5 and corresponding regression tests.
* Fixed compilation when --without-liblua is specified
* Added NCAT_PROTO, NCAT_REMOTE_ADDR, NCAT_REMOTE_PORT,
NCAT_LOCAL_ADDR and NCAT_LOCAL_PORT environment variables being
set in all --*-exec child processes.
- Nsock:
* Handle timers and timeouts via a priority queue
- Various:
* Added TCP support to dns.lua
* Added safe fd_set operations. This makes nmap fail gracefully
instead of crashing when the number of file descriptors grows
over FD_SETSIZE
* Updated bundled liblua from 5.2.2 to 5.2.3 (bugfix release)
* Added version detection signatures and probes for a bunch of
Android remote mouse/keyboard servers, including AndroMouse,
AirHID, Wifi-mouse, and RemoteMouse.
* Fixed a bug with UDP checksum calculation
* Idle scan now supports IPv6
* The ICMP ID of ICMP probes is now matched against the sent ICMP
ID to reduce the chance of false matches
- Zenmap:
* Fixed a crash that would happen when you entered a search
term starting with a colon
- add missing python-gtk dependency for zenmap [bnc#752158]
- update to 6.40
- [Ncat] Added --lua-exec
- new and updated IPv4 OS fingerprints
- new and updated IPv6 OS fingerprints
- new and updated service/version fingerprints
- [Nsock] Added initial proxy support to Nsock
- [NSE] Added 14 NSE scripts
- Updated the Nmap license terms, still GPL-2.0+
https://svn.nmap.org/nmap/COPYING.
- [NSE] fix possibility of writing arbitrary file to client system
when using the http-domino-enum-passwords script with the
domino-enum-passwords.idpath parameter against a malicious server
- Unicast CIDR-style IPv6 range scanning is now supported
- It's now possible to mix IPv4 range notation with CIDR netmasks in
target specifications.
- Timeout script-args are now standardized to use the timespec that
Nmap's command-line arguments take (5s, 5000ms, 1h, etc.)
- Nmap may now partially rearrange its target list for more efficient
host groups.
- [Ncat] The -i option (idle timeout) now works in listen mode as well as
connect mode.
- [Ncat] Ncat now support chained certificates with the --ssl-cert
option.
- [Nping] Nping now checks for a matching ICMP ID on echo replies
- [NSE] The ipOps.isPrivate library now considers the deprecated
site-local prefix fec0::/10 to be private.
- Nmap's routing table is now sorted first by netmask, then by metric.
- Routes are now sorted to prefer those with a lower metric.
- Fixed a byte-ordering problem on little-endian architectures when doing
idle scan with a zombie that uses broken ID increments.
- Stop parsing TCP options after reaching EOL in libnetutil.
- [NSE] The dns-ip6-arpa-scan script now optionally accepts "/" syntax for
a network mask
- Fixed our NSEDoc system for UTF-8 names
- UDP protocol payloads were added for detecting the Murmer service
- [NSE] Added http-phpmyadmin-dir-traversal
- Fixed address matching for SCTP (-PY) ping
- Removed some non-ANSI-C strftime format strings ("%F") and
locale-dependent formats ("%c") from NSE scripts and libraries.
- [Zenmap] Improved internationalization support
- [Zenmap] Fixed internationalization files
- [NSE] Updated the included Liblua from version 5.2.1 to 5.2.2.
- [Nsock] Added a minimal regression test suite for Nsock.
- [NSE] Updated the redis-brute and redis-info scripts to work against
the latest versions of redis server
- [Ncat] Fixed errors in connecting to IPv6 proxies.
- [NSE] Updated hostmap-bfk to work with the latest version of their website
- [NSE] Added XML structured output support to:
+ xmpp-info, irc-info, sslv2, address-info
+ hostmap-bfk, hostmap-robtex, hostmap-ip2hosts.
+ http-git.nse.
- Added new service probes for:
+ Erlang distribution nodes
+ Minecraft servers.
+ Hazelcast data grid.
- [NSE] Rewrote telnet-brute for better compatibility with a variety of
telnet servers.
- Fixed a regression that changed the number of delimiters in machine
output.
- Fixed a regression in broadcast-dropbox-listener which prevented it from
producing output.
- Handle ICMP type 11 (Time Exceeded) responses to port scan probes.
- Add new decoders (BROWSER, DHCP6 and LLMNR) to broadcast-listener and
changed output of some of the decoders slightly.
- Namespace the pipes used to communicate with subprocesses by PID, to avoid
multiple instances of Ncat from interfering with each other.
- [NSE] Changed ip-geolocation-geoplugin to use the web service's new output
format.
- Limited the number of open sockets in ultra_scan to FD_SETSIZE.
- Fixed a bug that prevented Nmap from finding any interfaces when one of
them had the type ARP_HDR_APPLETALK
- [Ncat] Ncat now keeps running in connect mode after receiving EOF from the
remote socket, unless --recv-only is in effect.
- Packet trace of ICMP packets now include the ICMP ID and sequence number
by default.
- [NSE] Fixed various NSEDoc bugs
- [Zenmap] Zenmap now understands the NMAP_PRIVILEGED and NMAP_UNPRIVILEGED
environment variables.
- Added an ncat_assert macro.
- Added nmap-fo.xsl to convert Nmap XML into XSL-FO, which can be converted
into PDF using tools suck as Apache FOP.
- Increased the number of slack file descriptors not used during connect
scan.
- Changed the --webxml XSL stylesheet to point to the new location of
nmap.xsl in the new repository (https://svn.nmap.org/nmap/docs/nmap.xsl).
- [NSE] The vulnerability library can now preserve vulnerability information
across multiple ports of the same host.
- Removed the undocumented -q option, which renamed the nmap process to
something like "pine".
- Moved the Japanese man page from man1/jp to man1/ja. JP is a country code
while JA is a language code.
- [Nsock] Reworked the logging infrastructure to make it more flexible and
consistent.
- [NSE] Fixed scripts using unconnected UDP sockets.
- Made some changes to Ndiff to reduce parsing time when dealing with large
Nmap XML output files.
- [Zenmap] Fixed a crash that could be caused by opening the About dialog,
using the window manager to close it, and opening it again.
- [Ncat] Made test-addrset.sh exit with nonzero status if any tests
fail.
- Fixed compilation with --without-liblua.
- Fixed CRC32c calculation (as used in SCTP scans) on 64-bit
platforms.
- [NSE] Added multicast group name output to broadcast-igmp-discovery.nse.
- [NSE] Added new fingerprints for http-enum: Sitecore, Moodle, typo3,
SquirrelMail, RoundCube.
- Packaging changes:
* remove nmap-ncat-fail-test-addrset.patch, committed upstream
* ja locale was corrected upstream
- add verification of gpg signatures of source tarballs
- run available unit tests
- add nmap-ncat-fail-test-addrset.patch to make ncat tests effective
- add nmap-ncat-skip-network-tests.patch to skip tests requiring
name resolution
- update to 6.25
+ add 373 IPv4 OS fingerprints and improve existing fingerprints
+ add more than 400 service/version detection fingerprints
+ integrate latest IPv6 OS submissions and corrections
+ Enabled support for IPv6 traceroute using UDP, SCTP, and IPProto
(Next Header) probes.
+ Scripts can now return a structured name-value table so that results
are query-able from XML output. Scripts can return a string as
before, or a table, or a table and a string. In this last case, the
table will go to XML output and the string will go to screen output.
+ Ncat: Added support for Unix domain sockets. The new -U and
--unixsock options activate this mode.
+ removal of Windows dependencies reduces size of source tarball
+ Replaced old RPC grinder with NSE-based implementation
+ Updated Nmap Scripting Engine to use Lua 5.2
+ Added 85 NSE scripts
+ Added 12 new protocol libraries:
* ajp (Apache JServ Protocol)
* base32 (Base32 encoding/decoding - RFC 4648)
* bjnp (Canon BJNP printer/scanner discovery protocol)
* cassandra (Cassandra database protocol)
* eigrp (Cisco Enhanced Interior Gateway Routing Protocol)
* gps (Global Positioning System - does GPRMC NMEA decoding)
* ipp (CUPS Internet Printing Protocol)
* isns (Internet Storage Name Service)
* jdwp (Java Debug Wire Protocol)
* mobileme (a service for managing Apple/Mac devices)
* ospf (Open Shortest Path First routing protocol)
* rdp (Remote Desktop Protocol)
+ added more Common Platform Enumeration (CPE) identifiers
+ Scans that use OS sockets (including TCP connect scan, version
detection, and script scan) now use the SO_BINDTODEVICE sockopt on
Linux, so that the -e (select network device) option is
honored.
+ [Zenmap] Host filters can now do negative matching, for example you
can use "os:!linux" to match hosts NOT detected as Linux.
+ further minor improvements and bug fixes as listed in
http://nmap.org/changelog.html
- for openSUSE releases where lua 5.2 is available, build with that
library, otherwise use the library that comes with the sources
- add tests for the correct system or included libraries
- refresh nmap-4.75-nostrip.patch
- refresh su-to-zenmap.patch
- update manpages glob to fix Factory build
- update to upstream 6.0.1
* fix a zenmap a crash that happened when activating the host filter.
* fix finding network interfaces if one of them is in monitor mode
* fixx greppable output of hosts that time-out
- update to upstream 6.00
* enhanced Nmap Scripting Engine
* Better Web Scanning
* Full IPv6 Support
* New NPing Tool
* Better Zenmap GUI & results viewer
* Faster scans
* for a full list of changes see http://nmap.org/6/#changes and
http://nmap.org/changelog.html
- refresh nmap-4.00-libpcap-filter.diff
- as nmap is built with the inluded and stripped nmap-libdnet-1.12,
remove system libdnet as build requirement
- Update to nmap-5.61TEST5
- refresh nmap-4.00-libpcap-filter.diff for moved source lines
- refresh nmap-4.00-noreturn.diff for moved source lines
- refresh nmap-4.75-nostrip.patch for moved source lines
- update nmap-5.00-desktop_files.patch
to nmap-5.61-desktop_files.patch for change source
- update su-to-zenmap.patch for moved source lines
- Conditionally change lua-devel BuildRequires to lua51-devel on
openSUSE > 12.1. The code is not yet ready for lua 5.2.
- Fixed a run Zenmap as sudo in KDE and GNOME
- Update to nmap 5.61-xxx branch, changelog too long, see NEWS
for details.
- Add a new subpackage "nping"
- drop no-md2.patch already in upstream.
- add nmap-5.21-gnomesu.patch (fixed bnc#613847)
- spec file clean up to build on SLE and openSUSE < 11.3
- update to 5.21
* Dramatically improved the version detection database, integrating
2,596 submissions that users contributed since February 3, 2009!
* bugfixes
- disable md2 in the scripting language (no longer supplied
by default openssl)
- fixed bnc#528581
- Pascal updated to 5.00 with way too many changes to list them,
see /usr/share/doc/packages/nmap/CHANGELOG
- introduce ncat and ndiff packages providing tools for nmap scans
- use new python macros
- remove strip so we have debuginfos
- Update to 4.75
* [Zenmap] Added a new Scan Topology system.
* [Zenmap] Another exciting new Zenmap feature is Scan
Aggregation.
* [Zenmap] Added a context-sensitive help system to the Profile
Editor.
* Expanded nmap-services to include information on how frequently
each port number is found open.
* Nmap now scans the most common 1,000 ports by default in either
protocol (UDP scan is still optional).
* Nmap fast scan (-F) now scans the top 100 ports by default in
either protocol.
* The --top-ports option lets you specify the number of ports you
wish to scan in each protocol, and will pick the most popular
ports for you based on the new frequency data.
* integrated all of the OS detection fingerprint and correction
submissions
- rename nmap-gtk subpackage to zenmap
- update to version 4.68
* Too many changes to list, see http://nmap.org/changelog.html
- update to version 4.60 tons of bugfixes, see http://nmap.org/changelog.html
- Wrong files for package nmap in openSUSE:Factory [BNC #369021]
- We have to buildrequire lua-devel, otherwise bundled is used
- fix packaging issues
- update to version 4.53 which
o Added UPnP-info NSE script. It gathers information from the
UPnP service (UDP port 1900) which listens on many network
devices such as routers, printers, and networked media players.
o Fix a lot of Bugs
o The Nmap Scripting Engine (NSE) now supports run-time interaction
and the Nmap --host-timeout option.
- changed libpcap to libpcap-devel in BuildRequires
- change last patch to build
- fix build bug
- update to version 4.20 which
o Integrated the latest OS fingerprint submissions
o Fix Bugs
- GNOME moved to /usr
- build against system provided libdnet
- update to version 4.11 which
o Added a dozens of more detailed SSH version detection
signatures
o Fixed the Nmap Makefile
o Fixed a compilation problem on solaris and possibly other
platforms.
o Applied a patch which helps with HP-UX compilation by linking
in the nm library (-lnm
o Added version detection probes for detecting the Nessus daemon.
- Reduce BuildRequires.
- update to 4.0 final. Only some metadata updates
- added pcre-devel to buildrequires
- updated to 3.999 which includes:
o Upgraded the included LibPCRE from version 6.3 to 6.4.
o Integrated all remaining 2005 service submissions.
o Added run time interaction
o Reverse DNS resolution is now done in parallel
o Added the --badsum option, which causes Nmap to use invalid TCP or
UDP checksums for packets sent to target hosts.
o More excellent NmapFE patches from Priit Laes
o Added --max_retries option
o Many of the Nmap low-level timing options take a value in
milliseconds.
o Made some changes to allow source port zero scans (-g0).
- converted neededforbuild to BuildRequires
- 3.95 update
- 3.93 update (fixes #129227)
- fix specfile
- fix C++ Problem with gcc 4.1
- fix Makefile.in to use RPM_OPT_FLAGS
- Update to nmap-3.90
- use internal pcre to avoid problems with SYN scan
[#104337]
- Don't strip binaries
- Build against system libpcap/libpcre to avoid libpcap bugs
[Bug #98249]
- Moved desktop file, added icon (#73653).
- fix return values of gencode.c.
- Update to nmap-3.81
- Update to nmap-3.80
- Update to nmap-3.77
- Update to nmap-3.75
- Update to nmap-3.70
- Update to nmap-3.55
- Fix accidental deletion of specfile tag
- Add openssl to #nfb in order to enable SSL-scan-through support
- Update to nmap-3.50
- move nmapfe/xnmap to a subpackage nmap-gtk
- make use of openssl
- fix DESTDIR patch
- dont build as root
- Update to version 3.48
- add Categories
- Update to version 3.30
- Update to version 3.28
- Update to nmap-3.27
- Use %defattr
- Update to nmap-3.20
- removed bogus self-provides
- fix neededforbuild
- use BuildRoot
- add missing files to file list
- long awaited version 3.00. News:
* 700 operation systems + network devices in fingerprint database
* uptime scan
* XML output
* all references to God in error messages are capitalized
added filter.dif security fix for homegrown libpcap.
- new version 2.54BETA30.
- fixed specfile to build (suse_update_config before autoconf)
- update to 2.54BETA22
- Add %suse_update_config.
- fixed inet_aton detection
- fix neededforbuild
- update to 2.53, move /usr/lib/nmap to /usr/share/nmap
- Version 2.3BETA14. Move manpage to /usr/share/man
- update to version 2.3BETA6
- new version 2.12
- ran old prepare_spec on spec file to switch to new prepare_spec.
- new package, version 2.02
OBS-URL: https://build.opensuse.org/package/show/network:utilities/nmap?expand=0&rev=136
2024-07-26 09:34:37 +00:00
|
|
|
Patch5: zenmap-fix-locale-install.patch
|
2015-03-03 20:08:34 +00:00
|
|
|
BuildRequires: dos2unix
|
|
|
|
|
BuildRequires: fdupes
|
|
|
|
|
BuildRequires: gcc-c++
|
2025-01-23 12:27:53 +00:00
|
|
|
BuildRequires: gobject-introspection
|
2022-09-05 10:18:46 +00:00
|
|
|
BuildRequires: libopenssl-3-devel
|
2015-03-03 20:08:34 +00:00
|
|
|
BuildRequires: libpcap-devel
|
2021-09-10 14:30:34 +00:00
|
|
|
BuildRequires: libssh2-devel
|
2025-01-23 12:27:53 +00:00
|
|
|
BuildRequires: pcre2-devel
|
2023-05-25 08:43:04 +00:00
|
|
|
BuildRequires: python3-base
|
2015-03-03 20:08:34 +00:00
|
|
|
BuildRequires: update-desktop-files
|
2023-05-25 08:43:04 +00:00
|
|
|
BuildRequires: zlib-devel
|
2015-10-05 19:09:31 +00:00
|
|
|
%if %{with_system_lua}
|
2023-05-29 14:43:13 +00:00
|
|
|
BuildRequires: pkgconfig(lua) >= 5.4.4
|
2015-10-05 19:09:31 +00:00
|
|
|
%endif
|
- Update to 7.95:
* Integrated over 4,000 of your IPv4 OS fingerprints. Added 336 signatures,
bringing the new total to 6,036. Additions include iOS 15 & 16, macOS
Ventura & Monterey, Linux 6.1, OpenBSD 7.1, and lwIP 2.2
* Integrated over 2,500 service/version detection fingerprints. The signature
count went up 1.4% to 12,089, including 9 new softmatches. We now detect
1,246 protocols, including new additions of grpc, mysqlx, essnet,
remotemouse, and tuya.
* Added four new scripts from the DINA community for querying industrial
control systems
* Improvements to OS detection fingerprint matching, including a syntax
change for nmap-os-db that allows ranges within the TCP Options
string. This leads to more concise and maintainable fingerprints. [Daniel
Miller]
* Improved the OS detection engine by using a new source port for each retry.
Scans from systems such as Windows that do not send RST for unsolicited
SYN|ACK responses were previously unable to get a response in subsequent
tries. [Daniel Miller]
* Several profile-guided optimizations of the port scan engine. [Daniel Miller]
* Upgraded included libraries: Lua 5.4.6, libpcre2 10.43, zlib 1.3.1, libssh2
1.11.0, liblinear 2.47
* Zenmap and Ndiff now use setuptools, not distutils
for packaging.
* Fixed Ncat UDP server mode to not quit after EOF on
stdin.
* ssh-auth-methods will now print the pre-authentication banner text
when available. Requires libssh2 1.11.0 or later. [Daniel Miller]
* Fix a crash in Zenmap when changing a host comment.
* Fix TLS 1.2 signature algorithms for EdDSA. [Daniel Roethlisberger]
* Fix an out-of-bounds read which led to out-of-memory errors when
duplicate addresses were used with --exclude
* Fixed a memory leak in Nsock: compiled pcap filters were not freed.
* Fixed a crash when using service name wildcards with -p, as in -p "http*"
* Fixed DNS TXT record parsing bug which caused asn-query to fail in
Nmap 7.80 and later. [David Fifield, Mike Pattrick]
* Fixed packet size testing in KNX scripts [f0rw4rd]
- Remove nmap-7.94-handle-unknown-service-name-in-p.patch
- Add zenmap-fix-locale-install.patch
* Fix locale files installation for zenmap
- Use %pyproject macros for building and installing zenmap
- fix segfault with -p (boo#1221403)
add nmap-7.94-handle-unknown-service-name-in-p.patch
- Update License to 'SUSE-NonFree" until determined otherwise
to please checks in openSUSE:Factory:NonFree (boo#1211571)
- Fix build error and wrong requires. Lua version 5.4.4 is required.
But something in opensuse lua package is broken. Set it disable for
Leap too and not only for Tumbleweed.
- Update to 7.94:
* Zenmap and Ndiff now use Python 3
* Nmap now prints vendor names based on MAC address for MA-S (24-bit),
MA-M (28-bit), and MA-L (36-bit) registrations instead of the fixed
3-byte MAC prefix used previously for lookups.
* Lots of profile-guided memory and processing improvements for Nmap,
including OS fingerprint matching, probe matching and retransmission
lookups for large hostgroups, and service name lookups.
* Integrated many of the most-submitted IPv4 OS fingerprints for recent
versions of Windows, iOS, macOS, Linux, and BSD.
* Added the tftp-version script which requests a nonexistent file from a
TFTP server and matches the error message to a database of known software.
* Ncat can now accept "connections" from multiple UDP hosts in listen mode
with the --keep-open option. This also enables --broker and --chat via UDP.
* Upgrade included libraries: zlib 1.2.13, Lua 5.4.4, libpcap 1.10.4
* UDP port scan (-sU) and version scan (-sV) now both use the same data source,
nmap-service-probes, for data payloads. Previously, the nmap-payloads file
was used for port scan.
* Nmap's service scan (-sV) can now probe the UDP service behind a DTLS tunnel,
the same as it already does for TCP services with SSL/TLS encryption.
* Ncat in listen mode with --udp --ssl will use DTLS to secure incoming connections.
* Handle Internationalized Domain Names (IDN) like Яндекс.рф on platforms
where getaddrinfo supports the AI_IDN flag. [Daniel Miller]
* Improved DNS domain name parsing to avoid recursion and enforce name length
limits, avoiding a theoretical stack overflow issue with certain crafted
DNS server responses.
- Update License to 'LicenseRef-NPSL-0.95'
- The package is licenced under the ""Nmap Public Source License",
which is not OSI approved. Specify as "LicenseRef-NPSL-0.93".
(boo#1211571)
- Update to 7.93:
* This release commemorates Nmap's 25th anniversary! It all started with this September 1, 1997 Phrack article by Fyodor: https://nmap.org/p51-11.html.
* Ensure Nmap builds with OpenSSL 3.0 using no deprecated API functions. Binaries for this release include OpenSSL 3.0.5.
* Upgrade included libraries: libssh2 1.10.0, zlib 1.2.12, Lua 5.3.6, libpcap 1.10.1
* Fix a bug that prevented Nmap from discovering interfaces on Linux when no IPv4 addresses were configured.
* NSE "exception handling" with nmap.new_try() will no longer result in a stack traceback in debug output
* Update the Nmap output DTD to match actual output since the `<hosthint>` element was added in Nmap 7.90.
* Fix newtargets support: since Nmap 7.92, scripts could not add targets in script pre-scanning phase.
* Scripts dhcp-discover and broadcast-dhcp-discover now support setting a client identifier.
* Script oracle-tns-version was not reporting the version correctly for Oracle 19c or newer
* Script redis-info was crashing or producing inaccurate information about client connections and/or cluster nodes.
* Script ipidseq was broken due to calling an unreachable library function.
* Support for EC crypto was not properly enabled if Nmap was compiled with OpenSSL in a custom location.
* Improvements to event handling and pcap socket garbage collection, fixing potential hangs and crashes.
* Fix TDS7 password encoding for mssql.lua, which had been assuming ASCII input even though other parts of the library had been passing it Unicode.
* Replace deprecated CPEs for IIS with their updated identifier, cpe:/a:microsoft:internet_information_services
* Fix script-terminating error when unknown BSON data types are encountered. Added parsers for most standard data types.
* Fix hostname/certificate comparison and matching to handle ASN.1 strings without null terminators, a similar bug to OpenSSL's CVE-2021-3712.
* Added support for SOCKS5 proxies that return bind addresses as hostnames, instead of IPv4/IPv6 addresses.
- Do not build with python2 support for SLE15-SP4, bsc#1190997
- Tumbleweed is not affected by the following SLE issues:
* bsc#1148742, CVE-2017-18594
* bsc#1135350
* bsc#1133512
- Update to 7.92:
* TLS 1.3 now supported by most scripts for which it is relevant
* Other bugfixes and improvements
* https://nmap.org/changelog.html#7.92
- Also guard the python-devel BuildRequires if we're building for Python 2
- update to 7.91:
* Rectify error "time result cannot be represented" in the AFP
library
* Support setting the SNMP protocol version in via snmp.version
* Fix MySQL library not properly parsing responses
* mysql-audit now defaults to the bundled mysql-cis.audit for
the audit rule base
- update to 7.90:
* New fingerprints for better OS and service/version detection
* 3 new NSE scripts, new protocol libraries and payloads for host discovery,
port scanning and version detection
* 70+ smaller bug fixes and improvements
* Build system upgrades and code quality improvements
- drop netmask_negativ_bitshift.patch (obsolete)
- fix typo in description
- Update to 7.80:
* 11 new NSE scripts
* Added AF_VSOCK (Linux VM sockets) functionality to Nsock and Ncat
* Deprecate and disable the -PR (ARP ping) host discovery option. ARP ping is
already used whenever possible.
* Temporary RSA keys are now 2048-bit to resolve a compatibility issue with
OpenSSL library configured with security level 2.
* See https://nmap.org/changelog#7.80 for the complete changelog.
- Removed patches included upstream:
* nmap-7.70-CVE-2018-15173_pcre_limits.patch
* nmap-7.70-fix_infinite_loop.patch
- Added netmask_negativ_bitshift.patch to fix netmask calculation for certain
architectures.
- add nmap-7.70-fix_infinite_loop.patch to fix infinite loop in
tls-alpn when server is forcing a protocol [bsc#1143277]
- add nmap-7.70-CVE-2018-15173_pcre_limits.patch to reduce LibPCRE
resource limits so that version detection can't use as much of
the stack. Previously Nmap could crash when run on low-memory
systems against target services which are intentionally or
accidentally difficult to match [bsc#1104139] [CVE-2018-15173].
- Trim filler wording from description.
- Trim idempotent %if..%endif blocks.
- Explicitly request bash for bashisms in %install.
- don't build zenmap and ndiff python2 subpackages because of the
python2 deprecation in Tumbleweed
- run spec-cleaner
- tweak Summaries and Descriptions
- Update to 7.70:
* 14 new NSE scripts
* iec-identify probes for the IEC 60870-5-104 SCADA protocol
* ssh-brute performs brute-forcing of SSH password credentials
* See https://nmap.org/changelog.html#7.70 for the complete changelog.
- Nmap 7.60:
* NSE scripts now have complete SSH support via libssh2
* Added 14 NSE scripts from 6 authors, bringing the total up to 579!
* See https://nmap.org/changelog.html#7.60 for the complete changelog.
- Nmap 7.50:
* Integrated all of your service/version detection fingerprints
submitted from September to March (855 of them). The signature
count went up 2.9% to 11,418. We now detect 1193 protocols from
apachemq, bro, and clickhouse to jmon, slmp, and zookeeper.
Highlights: http://seclists.org/nmap-dev/2017/q2/140
* Many added NSE scripts, OS fingerprints, service probes
* See https://nmap.org/changelog.html#7.50 for the complete changelog.
- Nmap 7.40:
* Many added NSE scripts, OS fingerprints, service probes
* New option --defeat-icmp-ratelimit dramatically reduces UDP
scan times in exchange for labeling unresponsive
(and possibly open) ports as "closed|filtered".
* New NSE library, geoip.lua, provides a common framework for
storing and retrieving IP geolocation results.
* See https://nmap.org/changelog.html#7.40 for the complete
changelog.
- Refresh nmap-5.61-desktop_files.patch as
nmap-7.40-desktop_files.patch
- Nmap 7.31:
* Fix the way Nmap handles scanning names that resolve to the
same IP
* Zenmap: Better visual indication that display of hostname is
tied to address in the Topology page
- Nmap 7.30:
* Many added NSE scripts, OS fingerprints, service probes
* Improved output filtering
* Using Lua 5.3
* Many bug fixes, improvements and performance enhancements
- Nmap 7.12:
* Zenmap: Avoid file corruption in zenmap.conf
* NSE: VNC updates
* NSE: Add STARTTLS support for VNC, NNTP, and LMTP
* Add new service probes and match lines for OpenVPN
- Nmap 7.11:
* Add support for diffie-hellman-group-exchange-* SSH key
exchange methods to ssh2.lua, allowing ssh-hostkey to run on
servers that only support custom Diffie-Hellman groups.
* Add support in sslcert.lua for Microsoft SQL Server's TDS
protocol, so you can now grab certs with ssl-cert or check
ciphers with ssl-enum-ciphers.
* Fix crashes in Zenmap
- Nmap 7.10:
* Add 12 NSE scripts
* Integrate OS, service/version detection fingerprint submissions
* Updated to various NSE scripts
* Zenmap: Remember window geometry (position and size) from the
previous time Zenmap was run.
* Give option parsing errors after the long usage statement
* Changed Nmap's idea of reserved and private IP addresses to include
169.254/16 (RFC3927) and remove 6/8, 7/8, and 55/8 networks
(for -iR randomly generated targets)
Usage of own exclusion lists with --exclude or --exclude-file is
recommended to avoid scanning newly-valid addresses belonging to
the US DoD.
* Allow the -4 option for Nmap to indicate IPv4 address family.
* Add verbosity level of 0 (-v0): not text output
- Nmap 7.01:
* various bug fixes in NSE
- Nmap 7.00:
* see /usr/share/doc/packages/nmap/CHANGELOG
- removed patches:
* nmap-4.00-noreturn.diff
* nmap-6.00-libpcap-filter.diff
not needed since we do not build against the bundled libpcap
- updated patch:
* nmap-ncat-skip-network-tests.patch
- Unbreak everything not Factory
- Fix the build for Factory. Insist on lua 5.2.x
- BuildRequire lua52-devel on openSUSE > 13.2 (current Tumbleweed):
nmap has not been ported to LUA 5.3 yet.
- Minor fix in check session: internal lua identifies itself as
5.2.3 by now.
- fix build on SLE 12 by removing gpg-offline dependency
- run spec-cleaner
- Nmap 6.47:
* updated IPv4 OS fingerprints
* Removed the External Entity Declaration from the DOCTYPE in
Nmap's XML. The doctype is now: <!DOCTYPE nmaprun>
* Ncat: Fixed SOCKS5 username/password authentication
* Avoid formatting NULL as "%s" when running nmap --iflist
* Zenmap, Ndiff: Avoid crashing with old PyXML package
* Handle ICMP admin-prohibited messages when doing service version
detection.
* NSE: Fix a bug causing http.head to not honor redirects.
* Zenmap: Fix a bug in DiffViewer causing a crash
- fix self-obsoletion of zenmap (nmap-gtk)
- Nmap 6.46
- NSE:
* Made numerous improvements to ssl-heartbleed to provide
more reliable detection of the vulnerability
* Fix some bugs which could cause snmp-ios-config and
snmp-sysdescr scripts to crash
* Improved performance of citrixlua library when handling large
XML responses containing application lists
- Zenmap:
* Fixed a bug which caused this crash message: "IOError:
[Errno socket error] [Errno 10060] A connection attempt
failed [...]" due to DOCTYPE definition to Nmap's XML output
- Nmap 6.45
- NSE:
* Add ssl-heartbleed script to detect the Heartbleed OpenSSL bug
* Fixed an error-handling bug in socks-open-proxy that caused it
to fail when scanning a SOCKS4-only proxy
* Improved ntp-info script to handle underscores in returned
data
* Add quake1-info script for retrieving server and player
information from Quake 1 game servers
* Add unicode library for decoding and encoding UTF-8, UTF-16,
CP437 and other character sets to Unicode code points. Scripts
that previously just added or skipped nulls in UTF-16 data can
use this to support non-ASCII characters
* When doing a ping scan (-sn), the --open option will prevent down
hosts from being shown when -v is specified. This aligns with
similar output for othe rscan types
* Add http-ntlm-info script for getting server information from
Web servers that require NTLM authentication
* Added tls library for functions related to SSLv3 and TLS
messages. Existing ssl-enum-ciphers, ssl-date, and
tls-nextprotoneg scripts were updated to use this library
* Add sstp-discover script to discover Microsoft's Secure Socket
Tunnelling Protocol
* Added unittest library and NSE script for adding unit tests to
NSE libraries
* Added allseeingeye-info script
* Add freelancer-info script
* Add http-server-header script
* Add rfc868-time script
* Add weblogic-t3-info script
* Removed a fixed value (28428) which was being set for the Request
ID in the snmpWalk library function
* Add http-iis-short-name-brute script
* Add http-dlink-backdoor
* Made telnet-brute support multiple parallel guessing threads
* Made the table returned by ssh1.fetch_host_key contain a "key"
element, like that of ssh2.fetch_host_key
* Update dns-cache-snoop script to use a new list of top 50
domains rather than a 2010 list
* Added the qconn-exec script
- Ncat:
* Added support for socks5 and corresponding regression tests.
* Fixed compilation when --without-liblua is specified
* Added NCAT_PROTO, NCAT_REMOTE_ADDR, NCAT_REMOTE_PORT,
NCAT_LOCAL_ADDR and NCAT_LOCAL_PORT environment variables being
set in all --*-exec child processes.
- Nsock:
* Handle timers and timeouts via a priority queue
- Various:
* Added TCP support to dns.lua
* Added safe fd_set operations. This makes nmap fail gracefully
instead of crashing when the number of file descriptors grows
over FD_SETSIZE
* Updated bundled liblua from 5.2.2 to 5.2.3 (bugfix release)
* Added version detection signatures and probes for a bunch of
Android remote mouse/keyboard servers, including AndroMouse,
AirHID, Wifi-mouse, and RemoteMouse.
* Fixed a bug with UDP checksum calculation
* Idle scan now supports IPv6
* The ICMP ID of ICMP probes is now matched against the sent ICMP
ID to reduce the chance of false matches
- Zenmap:
* Fixed a crash that would happen when you entered a search
term starting with a colon
- add missing python-gtk dependency for zenmap [bnc#752158]
- update to 6.40
- [Ncat] Added --lua-exec
- new and updated IPv4 OS fingerprints
- new and updated IPv6 OS fingerprints
- new and updated service/version fingerprints
- [Nsock] Added initial proxy support to Nsock
- [NSE] Added 14 NSE scripts
- Updated the Nmap license terms, still GPL-2.0+
https://svn.nmap.org/nmap/COPYING.
- [NSE] fix possibility of writing arbitrary file to client system
when using the http-domino-enum-passwords script with the
domino-enum-passwords.idpath parameter against a malicious server
- Unicast CIDR-style IPv6 range scanning is now supported
- It's now possible to mix IPv4 range notation with CIDR netmasks in
target specifications.
- Timeout script-args are now standardized to use the timespec that
Nmap's command-line arguments take (5s, 5000ms, 1h, etc.)
- Nmap may now partially rearrange its target list for more efficient
host groups.
- [Ncat] The -i option (idle timeout) now works in listen mode as well as
connect mode.
- [Ncat] Ncat now support chained certificates with the --ssl-cert
option.
- [Nping] Nping now checks for a matching ICMP ID on echo replies
- [NSE] The ipOps.isPrivate library now considers the deprecated
site-local prefix fec0::/10 to be private.
- Nmap's routing table is now sorted first by netmask, then by metric.
- Routes are now sorted to prefer those with a lower metric.
- Fixed a byte-ordering problem on little-endian architectures when doing
idle scan with a zombie that uses broken ID increments.
- Stop parsing TCP options after reaching EOL in libnetutil.
- [NSE] The dns-ip6-arpa-scan script now optionally accepts "/" syntax for
a network mask
- Fixed our NSEDoc system for UTF-8 names
- UDP protocol payloads were added for detecting the Murmer service
- [NSE] Added http-phpmyadmin-dir-traversal
- Fixed address matching for SCTP (-PY) ping
- Removed some non-ANSI-C strftime format strings ("%F") and
locale-dependent formats ("%c") from NSE scripts and libraries.
- [Zenmap] Improved internationalization support
- [Zenmap] Fixed internationalization files
- [NSE] Updated the included Liblua from version 5.2.1 to 5.2.2.
- [Nsock] Added a minimal regression test suite for Nsock.
- [NSE] Updated the redis-brute and redis-info scripts to work against
the latest versions of redis server
- [Ncat] Fixed errors in connecting to IPv6 proxies.
- [NSE] Updated hostmap-bfk to work with the latest version of their website
- [NSE] Added XML structured output support to:
+ xmpp-info, irc-info, sslv2, address-info
+ hostmap-bfk, hostmap-robtex, hostmap-ip2hosts.
+ http-git.nse.
- Added new service probes for:
+ Erlang distribution nodes
+ Minecraft servers.
+ Hazelcast data grid.
- [NSE] Rewrote telnet-brute for better compatibility with a variety of
telnet servers.
- Fixed a regression that changed the number of delimiters in machine
output.
- Fixed a regression in broadcast-dropbox-listener which prevented it from
producing output.
- Handle ICMP type 11 (Time Exceeded) responses to port scan probes.
- Add new decoders (BROWSER, DHCP6 and LLMNR) to broadcast-listener and
changed output of some of the decoders slightly.
- Namespace the pipes used to communicate with subprocesses by PID, to avoid
multiple instances of Ncat from interfering with each other.
- [NSE] Changed ip-geolocation-geoplugin to use the web service's new output
format.
- Limited the number of open sockets in ultra_scan to FD_SETSIZE.
- Fixed a bug that prevented Nmap from finding any interfaces when one of
them had the type ARP_HDR_APPLETALK
- [Ncat] Ncat now keeps running in connect mode after receiving EOF from the
remote socket, unless --recv-only is in effect.
- Packet trace of ICMP packets now include the ICMP ID and sequence number
by default.
- [NSE] Fixed various NSEDoc bugs
- [Zenmap] Zenmap now understands the NMAP_PRIVILEGED and NMAP_UNPRIVILEGED
environment variables.
- Added an ncat_assert macro.
- Added nmap-fo.xsl to convert Nmap XML into XSL-FO, which can be converted
into PDF using tools suck as Apache FOP.
- Increased the number of slack file descriptors not used during connect
scan.
- Changed the --webxml XSL stylesheet to point to the new location of
nmap.xsl in the new repository (https://svn.nmap.org/nmap/docs/nmap.xsl).
- [NSE] The vulnerability library can now preserve vulnerability information
across multiple ports of the same host.
- Removed the undocumented -q option, which renamed the nmap process to
something like "pine".
- Moved the Japanese man page from man1/jp to man1/ja. JP is a country code
while JA is a language code.
- [Nsock] Reworked the logging infrastructure to make it more flexible and
consistent.
- [NSE] Fixed scripts using unconnected UDP sockets.
- Made some changes to Ndiff to reduce parsing time when dealing with large
Nmap XML output files.
- [Zenmap] Fixed a crash that could be caused by opening the About dialog,
using the window manager to close it, and opening it again.
- [Ncat] Made test-addrset.sh exit with nonzero status if any tests
fail.
- Fixed compilation with --without-liblua.
- Fixed CRC32c calculation (as used in SCTP scans) on 64-bit
platforms.
- [NSE] Added multicast group name output to broadcast-igmp-discovery.nse.
- [NSE] Added new fingerprints for http-enum: Sitecore, Moodle, typo3,
SquirrelMail, RoundCube.
- Packaging changes:
* remove nmap-ncat-fail-test-addrset.patch, committed upstream
* ja locale was corrected upstream
- add verification of gpg signatures of source tarballs
- run available unit tests
- add nmap-ncat-fail-test-addrset.patch to make ncat tests effective
- add nmap-ncat-skip-network-tests.patch to skip tests requiring
name resolution
- update to 6.25
+ add 373 IPv4 OS fingerprints and improve existing fingerprints
+ add more than 400 service/version detection fingerprints
+ integrate latest IPv6 OS submissions and corrections
+ Enabled support for IPv6 traceroute using UDP, SCTP, and IPProto
(Next Header) probes.
+ Scripts can now return a structured name-value table so that results
are query-able from XML output. Scripts can return a string as
before, or a table, or a table and a string. In this last case, the
table will go to XML output and the string will go to screen output.
+ Ncat: Added support for Unix domain sockets. The new -U and
--unixsock options activate this mode.
+ removal of Windows dependencies reduces size of source tarball
+ Replaced old RPC grinder with NSE-based implementation
+ Updated Nmap Scripting Engine to use Lua 5.2
+ Added 85 NSE scripts
+ Added 12 new protocol libraries:
* ajp (Apache JServ Protocol)
* base32 (Base32 encoding/decoding - RFC 4648)
* bjnp (Canon BJNP printer/scanner discovery protocol)
* cassandra (Cassandra database protocol)
* eigrp (Cisco Enhanced Interior Gateway Routing Protocol)
* gps (Global Positioning System - does GPRMC NMEA decoding)
* ipp (CUPS Internet Printing Protocol)
* isns (Internet Storage Name Service)
* jdwp (Java Debug Wire Protocol)
* mobileme (a service for managing Apple/Mac devices)
* ospf (Open Shortest Path First routing protocol)
* rdp (Remote Desktop Protocol)
+ added more Common Platform Enumeration (CPE) identifiers
+ Scans that use OS sockets (including TCP connect scan, version
detection, and script scan) now use the SO_BINDTODEVICE sockopt on
Linux, so that the -e (select network device) option is
honored.
+ [Zenmap] Host filters can now do negative matching, for example you
can use "os:!linux" to match hosts NOT detected as Linux.
+ further minor improvements and bug fixes as listed in
http://nmap.org/changelog.html
- for openSUSE releases where lua 5.2 is available, build with that
library, otherwise use the library that comes with the sources
- add tests for the correct system or included libraries
- refresh nmap-4.75-nostrip.patch
- refresh su-to-zenmap.patch
- update manpages glob to fix Factory build
- update to upstream 6.0.1
* fix a zenmap a crash that happened when activating the host filter.
* fix finding network interfaces if one of them is in monitor mode
* fixx greppable output of hosts that time-out
- update to upstream 6.00
* enhanced Nmap Scripting Engine
* Better Web Scanning
* Full IPv6 Support
* New NPing Tool
* Better Zenmap GUI & results viewer
* Faster scans
* for a full list of changes see http://nmap.org/6/#changes and
http://nmap.org/changelog.html
- refresh nmap-4.00-libpcap-filter.diff
- as nmap is built with the inluded and stripped nmap-libdnet-1.12,
remove system libdnet as build requirement
- Update to nmap-5.61TEST5
- refresh nmap-4.00-libpcap-filter.diff for moved source lines
- refresh nmap-4.00-noreturn.diff for moved source lines
- refresh nmap-4.75-nostrip.patch for moved source lines
- update nmap-5.00-desktop_files.patch
to nmap-5.61-desktop_files.patch for change source
- update su-to-zenmap.patch for moved source lines
- Conditionally change lua-devel BuildRequires to lua51-devel on
openSUSE > 12.1. The code is not yet ready for lua 5.2.
- Fixed a run Zenmap as sudo in KDE and GNOME
- Update to nmap 5.61-xxx branch, changelog too long, see NEWS
for details.
- Add a new subpackage "nping"
- drop no-md2.patch already in upstream.
- add nmap-5.21-gnomesu.patch (fixed bnc#613847)
- spec file clean up to build on SLE and openSUSE < 11.3
- update to 5.21
* Dramatically improved the version detection database, integrating
2,596 submissions that users contributed since February 3, 2009!
* bugfixes
- disable md2 in the scripting language (no longer supplied
by default openssl)
- fixed bnc#528581
- Pascal updated to 5.00 with way too many changes to list them,
see /usr/share/doc/packages/nmap/CHANGELOG
- introduce ncat and ndiff packages providing tools for nmap scans
- use new python macros
- remove strip so we have debuginfos
- Update to 4.75
* [Zenmap] Added a new Scan Topology system.
* [Zenmap] Another exciting new Zenmap feature is Scan
Aggregation.
* [Zenmap] Added a context-sensitive help system to the Profile
Editor.
* Expanded nmap-services to include information on how frequently
each port number is found open.
* Nmap now scans the most common 1,000 ports by default in either
protocol (UDP scan is still optional).
* Nmap fast scan (-F) now scans the top 100 ports by default in
either protocol.
* The --top-ports option lets you specify the number of ports you
wish to scan in each protocol, and will pick the most popular
ports for you based on the new frequency data.
* integrated all of the OS detection fingerprint and correction
submissions
- rename nmap-gtk subpackage to zenmap
- update to version 4.68
* Too many changes to list, see http://nmap.org/changelog.html
- update to version 4.60 tons of bugfixes, see http://nmap.org/changelog.html
- Wrong files for package nmap in openSUSE:Factory [BNC #369021]
- We have to buildrequire lua-devel, otherwise bundled is used
- fix packaging issues
- update to version 4.53 which
o Added UPnP-info NSE script. It gathers information from the
UPnP service (UDP port 1900) which listens on many network
devices such as routers, printers, and networked media players.
o Fix a lot of Bugs
o The Nmap Scripting Engine (NSE) now supports run-time interaction
and the Nmap --host-timeout option.
- changed libpcap to libpcap-devel in BuildRequires
- change last patch to build
- fix build bug
- update to version 4.20 which
o Integrated the latest OS fingerprint submissions
o Fix Bugs
- GNOME moved to /usr
- build against system provided libdnet
- update to version 4.11 which
o Added a dozens of more detailed SSH version detection
signatures
o Fixed the Nmap Makefile
o Fixed a compilation problem on solaris and possibly other
platforms.
o Applied a patch which helps with HP-UX compilation by linking
in the nm library (-lnm
o Added version detection probes for detecting the Nessus daemon.
- Reduce BuildRequires.
- update to 4.0 final. Only some metadata updates
- added pcre-devel to buildrequires
- updated to 3.999 which includes:
o Upgraded the included LibPCRE from version 6.3 to 6.4.
o Integrated all remaining 2005 service submissions.
o Added run time interaction
o Reverse DNS resolution is now done in parallel
o Added the --badsum option, which causes Nmap to use invalid TCP or
UDP checksums for packets sent to target hosts.
o More excellent NmapFE patches from Priit Laes
o Added --max_retries option
o Many of the Nmap low-level timing options take a value in
milliseconds.
o Made some changes to allow source port zero scans (-g0).
- converted neededforbuild to BuildRequires
- 3.95 update
- 3.93 update (fixes #129227)
- fix specfile
- fix C++ Problem with gcc 4.1
- fix Makefile.in to use RPM_OPT_FLAGS
- Update to nmap-3.90
- use internal pcre to avoid problems with SYN scan
[#104337]
- Don't strip binaries
- Build against system libpcap/libpcre to avoid libpcap bugs
[Bug #98249]
- Moved desktop file, added icon (#73653).
- fix return values of gencode.c.
- Update to nmap-3.81
- Update to nmap-3.80
- Update to nmap-3.77
- Update to nmap-3.75
- Update to nmap-3.70
- Update to nmap-3.55
- Fix accidental deletion of specfile tag
- Add openssl to #nfb in order to enable SSL-scan-through support
- Update to nmap-3.50
- move nmapfe/xnmap to a subpackage nmap-gtk
- make use of openssl
- fix DESTDIR patch
- dont build as root
- Update to version 3.48
- add Categories
- Update to version 3.30
- Update to version 3.28
- Update to nmap-3.27
- Use %defattr
- Update to nmap-3.20
- removed bogus self-provides
- fix neededforbuild
- use BuildRoot
- add missing files to file list
- long awaited version 3.00. News:
* 700 operation systems + network devices in fingerprint database
* uptime scan
* XML output
* all references to God in error messages are capitalized
added filter.dif security fix for homegrown libpcap.
- new version 2.54BETA30.
- fixed specfile to build (suse_update_config before autoconf)
- update to 2.54BETA22
- Add %suse_update_config.
- fixed inet_aton detection
- fix neededforbuild
- update to 2.53, move /usr/lib/nmap to /usr/share/nmap
- Version 2.3BETA14. Move manpage to /usr/share/man
- update to version 2.3BETA6
- new version 2.12
- ran old prepare_spec on spec file to switch to new prepare_spec.
- new package, version 2.02
OBS-URL: https://build.opensuse.org/package/show/network:utilities/nmap?expand=0&rev=136
2024-07-26 09:34:37 +00:00
|
|
|
BuildRequires: %{python_module setuptools}
|
|
|
|
|
BuildRequires: %{python_module build}
|
|
|
|
|
BuildRequires: %{python_module pip}
|
|
|
|
|
BuildRequires: %{python_module wheel}
|
2007-01-07 23:48:21 +00:00
|
|
|
|
|
|
|
|
%description
|
2018-05-23 13:35:46 +00:00
|
|
|
Nmap ("Network Mapper") is a utility for network exploration or
|
|
|
|
|
security auditing. It may as well be used for tasks such as network
|
2018-05-10 23:07:02 +00:00
|
|
|
inventory, managing service upgrade schedules, and monitoring host or
|
2018-05-23 13:35:46 +00:00
|
|
|
service uptime. Nmap uses raw IP packets to determine what hosts are
|
|
|
|
|
available on the network, what services (application name and
|
|
|
|
|
version) those hosts are offering, what operating systems (and OS
|
|
|
|
|
versions) they are running, what type of packet filters/firewalls are
|
|
|
|
|
in use, and dozens of other characteristics. It scans large networks,
|
2019-09-23 11:19:35 +00:00
|
|
|
and works fine against single hosts.
|
2018-05-10 23:07:02 +00:00
|
|
|
|
2011-10-17 02:46:15 +00:00
|
|
|
%package -n zenmap
|
2018-05-10 23:07:02 +00:00
|
|
|
Summary: A graphical front-end for Nmap
|
2007-01-07 23:48:21 +00:00
|
|
|
Group: Productivity/Networking/Diagnostic
|
2014-08-26 23:29:26 +00:00
|
|
|
Requires: %{name} = %{version}
|
2025-01-23 12:27:53 +00:00
|
|
|
Requires: python3-gobject-Gdk
|
2014-08-26 23:29:26 +00:00
|
|
|
Obsoletes: %{name}-gtk < %{version}
|
|
|
|
|
Provides: %{name}-gtk = %{version}-%{release}
|
2007-01-07 23:48:21 +00:00
|
|
|
|
2008-09-13 04:00:48 +00:00
|
|
|
%description -n zenmap
|
|
|
|
|
zenmap is a graphical front-end for the nmap network scanner
|
2007-01-07 23:48:21 +00:00
|
|
|
|
2009-08-13 01:16:26 +00:00
|
|
|
%package -n ndiff
|
2018-05-10 23:07:02 +00:00
|
|
|
Summary: Compare results of Nmap scans
|
2009-08-13 01:16:26 +00:00
|
|
|
Group: Productivity/Networking/Diagnostic
|
|
|
|
|
|
|
|
|
|
%description -n ndiff
|
|
|
|
|
Ndiff is a tool to aid in the comparison of Nmap scans. It takes two Nmap XML
|
|
|
|
|
output files and prints the differences between them: hosts coming up and down,
|
|
|
|
|
ports becoming open or closed, etc.
|
2018-05-10 23:07:02 +00:00
|
|
|
|
|
|
|
|
%package -n ncat
|
|
|
|
|
Summary: Network tool to concatenate and redirect sockets
|
|
|
|
|
Group: Productivity/Networking/Diagnostic
|
|
|
|
|
|
|
|
|
|
%description -n ncat
|
2018-05-23 13:35:46 +00:00
|
|
|
Ncat is a networking utility which will read and write data across a
|
|
|
|
|
network from the command line. It uses both TCP and UDP for
|
|
|
|
|
communication and provides network connectivity to other applications
|
|
|
|
|
and users.
|
2009-08-13 01:16:26 +00:00
|
|
|
|
2011-10-17 02:46:15 +00:00
|
|
|
%package -n nping
|
2018-05-10 23:07:02 +00:00
|
|
|
Summary: Packet generator
|
2011-10-17 02:46:15 +00:00
|
|
|
Group: Productivity/Networking/Diagnostic
|
|
|
|
|
|
|
|
|
|
%description -n nping
|
2018-05-23 13:35:46 +00:00
|
|
|
Nping is a tool for network packet generation, response
|
2018-05-10 23:07:02 +00:00
|
|
|
analysis and response time measurement. Nping allows to generate network
|
|
|
|
|
packets of a wide range of protocols, letting users to tune virtually
|
|
|
|
|
any field of the protocol headers. While Nping can be used as a simple
|
|
|
|
|
ping utility to detect active hosts, it can also be used as a raw packet
|
|
|
|
|
generator for network stack stress tests, ARP poisoning, Denial of
|
|
|
|
|
Service attacks, route tracing, etc.
|
2011-10-17 02:46:15 +00:00
|
|
|
|
2007-01-07 23:48:21 +00:00
|
|
|
%prep
|
2024-03-14 18:46:28 +00:00
|
|
|
%autosetup -p1
|
2015-11-23 04:12:32 +00:00
|
|
|
|
|
|
|
|
# use system provided libraries
|
|
|
|
|
rm -rf libpcap libpcre macosx mswin32
|
2007-01-07 23:48:21 +00:00
|
|
|
|
2013-08-19 23:15:15 +00:00
|
|
|
#fix pt_PT/pt zh/zh_CN locale
|
2010-10-30 07:49:27 +00:00
|
|
|
sed -i '/ALL_LINGUAS =/s/pt_PT/pt/' Makefile.in
|
|
|
|
|
sed -i '/ALL_LINGUAS =/s/zh/zh_CN/' Makefile.in
|
|
|
|
|
mv docs/man-xlate/nmap-pt_PT.1 docs/man-xlate/nmap-pt.1
|
|
|
|
|
mv docs/man-xlate/nmap-zh.1 docs/man-xlate/nmap-zh_CN.1
|
|
|
|
|
|
2007-01-07 23:48:21 +00:00
|
|
|
%build
|
2015-03-03 20:08:34 +00:00
|
|
|
export CFLAGS="%{optflags} -DOPENSSL_LOAD_CONF"
|
|
|
|
|
export CXXFLAGS="%{optflags} -DOPENSSL_LOAD_CONF"
|
2016-12-29 13:14:22 +00:00
|
|
|
|
2018-05-10 23:07:02 +00:00
|
|
|
%configure --with-libpcap=%{_prefix} \
|
|
|
|
|
--with-libdnet=included \
|
2015-03-03 20:08:34 +00:00
|
|
|
%if %{with_system_lua}
|
2018-05-10 23:07:02 +00:00
|
|
|
--with-liblua=%{_prefix} \
|
2012-12-02 15:27:49 +00:00
|
|
|
%else
|
2018-05-10 23:07:02 +00:00
|
|
|
--with-liblua=included \
|
|
|
|
|
%endif
|
|
|
|
|
--with-libpcre=%{_prefix} \
|
- Update to 7.95:
* Integrated over 4,000 of your IPv4 OS fingerprints. Added 336 signatures,
bringing the new total to 6,036. Additions include iOS 15 & 16, macOS
Ventura & Monterey, Linux 6.1, OpenBSD 7.1, and lwIP 2.2
* Integrated over 2,500 service/version detection fingerprints. The signature
count went up 1.4% to 12,089, including 9 new softmatches. We now detect
1,246 protocols, including new additions of grpc, mysqlx, essnet,
remotemouse, and tuya.
* Added four new scripts from the DINA community for querying industrial
control systems
* Improvements to OS detection fingerprint matching, including a syntax
change for nmap-os-db that allows ranges within the TCP Options
string. This leads to more concise and maintainable fingerprints. [Daniel
Miller]
* Improved the OS detection engine by using a new source port for each retry.
Scans from systems such as Windows that do not send RST for unsolicited
SYN|ACK responses were previously unable to get a response in subsequent
tries. [Daniel Miller]
* Several profile-guided optimizations of the port scan engine. [Daniel Miller]
* Upgraded included libraries: Lua 5.4.6, libpcre2 10.43, zlib 1.3.1, libssh2
1.11.0, liblinear 2.47
* Zenmap and Ndiff now use setuptools, not distutils
for packaging.
* Fixed Ncat UDP server mode to not quit after EOF on
stdin.
* ssh-auth-methods will now print the pre-authentication banner text
when available. Requires libssh2 1.11.0 or later. [Daniel Miller]
* Fix a crash in Zenmap when changing a host comment.
* Fix TLS 1.2 signature algorithms for EdDSA. [Daniel Roethlisberger]
* Fix an out-of-bounds read which led to out-of-memory errors when
duplicate addresses were used with --exclude
* Fixed a memory leak in Nsock: compiled pcap filters were not freed.
* Fixed a crash when using service name wildcards with -p, as in -p "http*"
* Fixed DNS TXT record parsing bug which caused asn-query to fail in
Nmap 7.80 and later. [David Fifield, Mike Pattrick]
* Fixed packet size testing in KNX scripts [f0rw4rd]
- Remove nmap-7.94-handle-unknown-service-name-in-p.patch
- Add zenmap-fix-locale-install.patch
* Fix locale files installation for zenmap
- Use %pyproject macros for building and installing zenmap
- fix segfault with -p (boo#1221403)
add nmap-7.94-handle-unknown-service-name-in-p.patch
- Update License to 'SUSE-NonFree" until determined otherwise
to please checks in openSUSE:Factory:NonFree (boo#1211571)
- Fix build error and wrong requires. Lua version 5.4.4 is required.
But something in opensuse lua package is broken. Set it disable for
Leap too and not only for Tumbleweed.
- Update to 7.94:
* Zenmap and Ndiff now use Python 3
* Nmap now prints vendor names based on MAC address for MA-S (24-bit),
MA-M (28-bit), and MA-L (36-bit) registrations instead of the fixed
3-byte MAC prefix used previously for lookups.
* Lots of profile-guided memory and processing improvements for Nmap,
including OS fingerprint matching, probe matching and retransmission
lookups for large hostgroups, and service name lookups.
* Integrated many of the most-submitted IPv4 OS fingerprints for recent
versions of Windows, iOS, macOS, Linux, and BSD.
* Added the tftp-version script which requests a nonexistent file from a
TFTP server and matches the error message to a database of known software.
* Ncat can now accept "connections" from multiple UDP hosts in listen mode
with the --keep-open option. This also enables --broker and --chat via UDP.
* Upgrade included libraries: zlib 1.2.13, Lua 5.4.4, libpcap 1.10.4
* UDP port scan (-sU) and version scan (-sV) now both use the same data source,
nmap-service-probes, for data payloads. Previously, the nmap-payloads file
was used for port scan.
* Nmap's service scan (-sV) can now probe the UDP service behind a DTLS tunnel,
the same as it already does for TCP services with SSL/TLS encryption.
* Ncat in listen mode with --udp --ssl will use DTLS to secure incoming connections.
* Handle Internationalized Domain Names (IDN) like Яндекс.рф on platforms
where getaddrinfo supports the AI_IDN flag. [Daniel Miller]
* Improved DNS domain name parsing to avoid recursion and enforce name length
limits, avoiding a theoretical stack overflow issue with certain crafted
DNS server responses.
- Update License to 'LicenseRef-NPSL-0.95'
- The package is licenced under the ""Nmap Public Source License",
which is not OSI approved. Specify as "LicenseRef-NPSL-0.93".
(boo#1211571)
- Update to 7.93:
* This release commemorates Nmap's 25th anniversary! It all started with this September 1, 1997 Phrack article by Fyodor: https://nmap.org/p51-11.html.
* Ensure Nmap builds with OpenSSL 3.0 using no deprecated API functions. Binaries for this release include OpenSSL 3.0.5.
* Upgrade included libraries: libssh2 1.10.0, zlib 1.2.12, Lua 5.3.6, libpcap 1.10.1
* Fix a bug that prevented Nmap from discovering interfaces on Linux when no IPv4 addresses were configured.
* NSE "exception handling" with nmap.new_try() will no longer result in a stack traceback in debug output
* Update the Nmap output DTD to match actual output since the `<hosthint>` element was added in Nmap 7.90.
* Fix newtargets support: since Nmap 7.92, scripts could not add targets in script pre-scanning phase.
* Scripts dhcp-discover and broadcast-dhcp-discover now support setting a client identifier.
* Script oracle-tns-version was not reporting the version correctly for Oracle 19c or newer
* Script redis-info was crashing or producing inaccurate information about client connections and/or cluster nodes.
* Script ipidseq was broken due to calling an unreachable library function.
* Support for EC crypto was not properly enabled if Nmap was compiled with OpenSSL in a custom location.
* Improvements to event handling and pcap socket garbage collection, fixing potential hangs and crashes.
* Fix TDS7 password encoding for mssql.lua, which had been assuming ASCII input even though other parts of the library had been passing it Unicode.
* Replace deprecated CPEs for IIS with their updated identifier, cpe:/a:microsoft:internet_information_services
* Fix script-terminating error when unknown BSON data types are encountered. Added parsers for most standard data types.
* Fix hostname/certificate comparison and matching to handle ASN.1 strings without null terminators, a similar bug to OpenSSL's CVE-2021-3712.
* Added support for SOCKS5 proxies that return bind addresses as hostnames, instead of IPv4/IPv6 addresses.
- Do not build with python2 support for SLE15-SP4, bsc#1190997
- Tumbleweed is not affected by the following SLE issues:
* bsc#1148742, CVE-2017-18594
* bsc#1135350
* bsc#1133512
- Update to 7.92:
* TLS 1.3 now supported by most scripts for which it is relevant
* Other bugfixes and improvements
* https://nmap.org/changelog.html#7.92
- Also guard the python-devel BuildRequires if we're building for Python 2
- update to 7.91:
* Rectify error "time result cannot be represented" in the AFP
library
* Support setting the SNMP protocol version in via snmp.version
* Fix MySQL library not properly parsing responses
* mysql-audit now defaults to the bundled mysql-cis.audit for
the audit rule base
- update to 7.90:
* New fingerprints for better OS and service/version detection
* 3 new NSE scripts, new protocol libraries and payloads for host discovery,
port scanning and version detection
* 70+ smaller bug fixes and improvements
* Build system upgrades and code quality improvements
- drop netmask_negativ_bitshift.patch (obsolete)
- fix typo in description
- Update to 7.80:
* 11 new NSE scripts
* Added AF_VSOCK (Linux VM sockets) functionality to Nsock and Ncat
* Deprecate and disable the -PR (ARP ping) host discovery option. ARP ping is
already used whenever possible.
* Temporary RSA keys are now 2048-bit to resolve a compatibility issue with
OpenSSL library configured with security level 2.
* See https://nmap.org/changelog#7.80 for the complete changelog.
- Removed patches included upstream:
* nmap-7.70-CVE-2018-15173_pcre_limits.patch
* nmap-7.70-fix_infinite_loop.patch
- Added netmask_negativ_bitshift.patch to fix netmask calculation for certain
architectures.
- add nmap-7.70-fix_infinite_loop.patch to fix infinite loop in
tls-alpn when server is forcing a protocol [bsc#1143277]
- add nmap-7.70-CVE-2018-15173_pcre_limits.patch to reduce LibPCRE
resource limits so that version detection can't use as much of
the stack. Previously Nmap could crash when run on low-memory
systems against target services which are intentionally or
accidentally difficult to match [bsc#1104139] [CVE-2018-15173].
- Trim filler wording from description.
- Trim idempotent %if..%endif blocks.
- Explicitly request bash for bashisms in %install.
- don't build zenmap and ndiff python2 subpackages because of the
python2 deprecation in Tumbleweed
- run spec-cleaner
- tweak Summaries and Descriptions
- Update to 7.70:
* 14 new NSE scripts
* iec-identify probes for the IEC 60870-5-104 SCADA protocol
* ssh-brute performs brute-forcing of SSH password credentials
* See https://nmap.org/changelog.html#7.70 for the complete changelog.
- Nmap 7.60:
* NSE scripts now have complete SSH support via libssh2
* Added 14 NSE scripts from 6 authors, bringing the total up to 579!
* See https://nmap.org/changelog.html#7.60 for the complete changelog.
- Nmap 7.50:
* Integrated all of your service/version detection fingerprints
submitted from September to March (855 of them). The signature
count went up 2.9% to 11,418. We now detect 1193 protocols from
apachemq, bro, and clickhouse to jmon, slmp, and zookeeper.
Highlights: http://seclists.org/nmap-dev/2017/q2/140
* Many added NSE scripts, OS fingerprints, service probes
* See https://nmap.org/changelog.html#7.50 for the complete changelog.
- Nmap 7.40:
* Many added NSE scripts, OS fingerprints, service probes
* New option --defeat-icmp-ratelimit dramatically reduces UDP
scan times in exchange for labeling unresponsive
(and possibly open) ports as "closed|filtered".
* New NSE library, geoip.lua, provides a common framework for
storing and retrieving IP geolocation results.
* See https://nmap.org/changelog.html#7.40 for the complete
changelog.
- Refresh nmap-5.61-desktop_files.patch as
nmap-7.40-desktop_files.patch
- Nmap 7.31:
* Fix the way Nmap handles scanning names that resolve to the
same IP
* Zenmap: Better visual indication that display of hostname is
tied to address in the Topology page
- Nmap 7.30:
* Many added NSE scripts, OS fingerprints, service probes
* Improved output filtering
* Using Lua 5.3
* Many bug fixes, improvements and performance enhancements
- Nmap 7.12:
* Zenmap: Avoid file corruption in zenmap.conf
* NSE: VNC updates
* NSE: Add STARTTLS support for VNC, NNTP, and LMTP
* Add new service probes and match lines for OpenVPN
- Nmap 7.11:
* Add support for diffie-hellman-group-exchange-* SSH key
exchange methods to ssh2.lua, allowing ssh-hostkey to run on
servers that only support custom Diffie-Hellman groups.
* Add support in sslcert.lua for Microsoft SQL Server's TDS
protocol, so you can now grab certs with ssl-cert or check
ciphers with ssl-enum-ciphers.
* Fix crashes in Zenmap
- Nmap 7.10:
* Add 12 NSE scripts
* Integrate OS, service/version detection fingerprint submissions
* Updated to various NSE scripts
* Zenmap: Remember window geometry (position and size) from the
previous time Zenmap was run.
* Give option parsing errors after the long usage statement
* Changed Nmap's idea of reserved and private IP addresses to include
169.254/16 (RFC3927) and remove 6/8, 7/8, and 55/8 networks
(for -iR randomly generated targets)
Usage of own exclusion lists with --exclude or --exclude-file is
recommended to avoid scanning newly-valid addresses belonging to
the US DoD.
* Allow the -4 option for Nmap to indicate IPv4 address family.
* Add verbosity level of 0 (-v0): not text output
- Nmap 7.01:
* various bug fixes in NSE
- Nmap 7.00:
* see /usr/share/doc/packages/nmap/CHANGELOG
- removed patches:
* nmap-4.00-noreturn.diff
* nmap-6.00-libpcap-filter.diff
not needed since we do not build against the bundled libpcap
- updated patch:
* nmap-ncat-skip-network-tests.patch
- Unbreak everything not Factory
- Fix the build for Factory. Insist on lua 5.2.x
- BuildRequire lua52-devel on openSUSE > 13.2 (current Tumbleweed):
nmap has not been ported to LUA 5.3 yet.
- Minor fix in check session: internal lua identifies itself as
5.2.3 by now.
- fix build on SLE 12 by removing gpg-offline dependency
- run spec-cleaner
- Nmap 6.47:
* updated IPv4 OS fingerprints
* Removed the External Entity Declaration from the DOCTYPE in
Nmap's XML. The doctype is now: <!DOCTYPE nmaprun>
* Ncat: Fixed SOCKS5 username/password authentication
* Avoid formatting NULL as "%s" when running nmap --iflist
* Zenmap, Ndiff: Avoid crashing with old PyXML package
* Handle ICMP admin-prohibited messages when doing service version
detection.
* NSE: Fix a bug causing http.head to not honor redirects.
* Zenmap: Fix a bug in DiffViewer causing a crash
- fix self-obsoletion of zenmap (nmap-gtk)
- Nmap 6.46
- NSE:
* Made numerous improvements to ssl-heartbleed to provide
more reliable detection of the vulnerability
* Fix some bugs which could cause snmp-ios-config and
snmp-sysdescr scripts to crash
* Improved performance of citrixlua library when handling large
XML responses containing application lists
- Zenmap:
* Fixed a bug which caused this crash message: "IOError:
[Errno socket error] [Errno 10060] A connection attempt
failed [...]" due to DOCTYPE definition to Nmap's XML output
- Nmap 6.45
- NSE:
* Add ssl-heartbleed script to detect the Heartbleed OpenSSL bug
* Fixed an error-handling bug in socks-open-proxy that caused it
to fail when scanning a SOCKS4-only proxy
* Improved ntp-info script to handle underscores in returned
data
* Add quake1-info script for retrieving server and player
information from Quake 1 game servers
* Add unicode library for decoding and encoding UTF-8, UTF-16,
CP437 and other character sets to Unicode code points. Scripts
that previously just added or skipped nulls in UTF-16 data can
use this to support non-ASCII characters
* When doing a ping scan (-sn), the --open option will prevent down
hosts from being shown when -v is specified. This aligns with
similar output for othe rscan types
* Add http-ntlm-info script for getting server information from
Web servers that require NTLM authentication
* Added tls library for functions related to SSLv3 and TLS
messages. Existing ssl-enum-ciphers, ssl-date, and
tls-nextprotoneg scripts were updated to use this library
* Add sstp-discover script to discover Microsoft's Secure Socket
Tunnelling Protocol
* Added unittest library and NSE script for adding unit tests to
NSE libraries
* Added allseeingeye-info script
* Add freelancer-info script
* Add http-server-header script
* Add rfc868-time script
* Add weblogic-t3-info script
* Removed a fixed value (28428) which was being set for the Request
ID in the snmpWalk library function
* Add http-iis-short-name-brute script
* Add http-dlink-backdoor
* Made telnet-brute support multiple parallel guessing threads
* Made the table returned by ssh1.fetch_host_key contain a "key"
element, like that of ssh2.fetch_host_key
* Update dns-cache-snoop script to use a new list of top 50
domains rather than a 2010 list
* Added the qconn-exec script
- Ncat:
* Added support for socks5 and corresponding regression tests.
* Fixed compilation when --without-liblua is specified
* Added NCAT_PROTO, NCAT_REMOTE_ADDR, NCAT_REMOTE_PORT,
NCAT_LOCAL_ADDR and NCAT_LOCAL_PORT environment variables being
set in all --*-exec child processes.
- Nsock:
* Handle timers and timeouts via a priority queue
- Various:
* Added TCP support to dns.lua
* Added safe fd_set operations. This makes nmap fail gracefully
instead of crashing when the number of file descriptors grows
over FD_SETSIZE
* Updated bundled liblua from 5.2.2 to 5.2.3 (bugfix release)
* Added version detection signatures and probes for a bunch of
Android remote mouse/keyboard servers, including AndroMouse,
AirHID, Wifi-mouse, and RemoteMouse.
* Fixed a bug with UDP checksum calculation
* Idle scan now supports IPv6
* The ICMP ID of ICMP probes is now matched against the sent ICMP
ID to reduce the chance of false matches
- Zenmap:
* Fixed a crash that would happen when you entered a search
term starting with a colon
- add missing python-gtk dependency for zenmap [bnc#752158]
- update to 6.40
- [Ncat] Added --lua-exec
- new and updated IPv4 OS fingerprints
- new and updated IPv6 OS fingerprints
- new and updated service/version fingerprints
- [Nsock] Added initial proxy support to Nsock
- [NSE] Added 14 NSE scripts
- Updated the Nmap license terms, still GPL-2.0+
https://svn.nmap.org/nmap/COPYING.
- [NSE] fix possibility of writing arbitrary file to client system
when using the http-domino-enum-passwords script with the
domino-enum-passwords.idpath parameter against a malicious server
- Unicast CIDR-style IPv6 range scanning is now supported
- It's now possible to mix IPv4 range notation with CIDR netmasks in
target specifications.
- Timeout script-args are now standardized to use the timespec that
Nmap's command-line arguments take (5s, 5000ms, 1h, etc.)
- Nmap may now partially rearrange its target list for more efficient
host groups.
- [Ncat] The -i option (idle timeout) now works in listen mode as well as
connect mode.
- [Ncat] Ncat now support chained certificates with the --ssl-cert
option.
- [Nping] Nping now checks for a matching ICMP ID on echo replies
- [NSE] The ipOps.isPrivate library now considers the deprecated
site-local prefix fec0::/10 to be private.
- Nmap's routing table is now sorted first by netmask, then by metric.
- Routes are now sorted to prefer those with a lower metric.
- Fixed a byte-ordering problem on little-endian architectures when doing
idle scan with a zombie that uses broken ID increments.
- Stop parsing TCP options after reaching EOL in libnetutil.
- [NSE] The dns-ip6-arpa-scan script now optionally accepts "/" syntax for
a network mask
- Fixed our NSEDoc system for UTF-8 names
- UDP protocol payloads were added for detecting the Murmer service
- [NSE] Added http-phpmyadmin-dir-traversal
- Fixed address matching for SCTP (-PY) ping
- Removed some non-ANSI-C strftime format strings ("%F") and
locale-dependent formats ("%c") from NSE scripts and libraries.
- [Zenmap] Improved internationalization support
- [Zenmap] Fixed internationalization files
- [NSE] Updated the included Liblua from version 5.2.1 to 5.2.2.
- [Nsock] Added a minimal regression test suite for Nsock.
- [NSE] Updated the redis-brute and redis-info scripts to work against
the latest versions of redis server
- [Ncat] Fixed errors in connecting to IPv6 proxies.
- [NSE] Updated hostmap-bfk to work with the latest version of their website
- [NSE] Added XML structured output support to:
+ xmpp-info, irc-info, sslv2, address-info
+ hostmap-bfk, hostmap-robtex, hostmap-ip2hosts.
+ http-git.nse.
- Added new service probes for:
+ Erlang distribution nodes
+ Minecraft servers.
+ Hazelcast data grid.
- [NSE] Rewrote telnet-brute for better compatibility with a variety of
telnet servers.
- Fixed a regression that changed the number of delimiters in machine
output.
- Fixed a regression in broadcast-dropbox-listener which prevented it from
producing output.
- Handle ICMP type 11 (Time Exceeded) responses to port scan probes.
- Add new decoders (BROWSER, DHCP6 and LLMNR) to broadcast-listener and
changed output of some of the decoders slightly.
- Namespace the pipes used to communicate with subprocesses by PID, to avoid
multiple instances of Ncat from interfering with each other.
- [NSE] Changed ip-geolocation-geoplugin to use the web service's new output
format.
- Limited the number of open sockets in ultra_scan to FD_SETSIZE.
- Fixed a bug that prevented Nmap from finding any interfaces when one of
them had the type ARP_HDR_APPLETALK
- [Ncat] Ncat now keeps running in connect mode after receiving EOF from the
remote socket, unless --recv-only is in effect.
- Packet trace of ICMP packets now include the ICMP ID and sequence number
by default.
- [NSE] Fixed various NSEDoc bugs
- [Zenmap] Zenmap now understands the NMAP_PRIVILEGED and NMAP_UNPRIVILEGED
environment variables.
- Added an ncat_assert macro.
- Added nmap-fo.xsl to convert Nmap XML into XSL-FO, which can be converted
into PDF using tools suck as Apache FOP.
- Increased the number of slack file descriptors not used during connect
scan.
- Changed the --webxml XSL stylesheet to point to the new location of
nmap.xsl in the new repository (https://svn.nmap.org/nmap/docs/nmap.xsl).
- [NSE] The vulnerability library can now preserve vulnerability information
across multiple ports of the same host.
- Removed the undocumented -q option, which renamed the nmap process to
something like "pine".
- Moved the Japanese man page from man1/jp to man1/ja. JP is a country code
while JA is a language code.
- [Nsock] Reworked the logging infrastructure to make it more flexible and
consistent.
- [NSE] Fixed scripts using unconnected UDP sockets.
- Made some changes to Ndiff to reduce parsing time when dealing with large
Nmap XML output files.
- [Zenmap] Fixed a crash that could be caused by opening the About dialog,
using the window manager to close it, and opening it again.
- [Ncat] Made test-addrset.sh exit with nonzero status if any tests
fail.
- Fixed compilation with --without-liblua.
- Fixed CRC32c calculation (as used in SCTP scans) on 64-bit
platforms.
- [NSE] Added multicast group name output to broadcast-igmp-discovery.nse.
- [NSE] Added new fingerprints for http-enum: Sitecore, Moodle, typo3,
SquirrelMail, RoundCube.
- Packaging changes:
* remove nmap-ncat-fail-test-addrset.patch, committed upstream
* ja locale was corrected upstream
- add verification of gpg signatures of source tarballs
- run available unit tests
- add nmap-ncat-fail-test-addrset.patch to make ncat tests effective
- add nmap-ncat-skip-network-tests.patch to skip tests requiring
name resolution
- update to 6.25
+ add 373 IPv4 OS fingerprints and improve existing fingerprints
+ add more than 400 service/version detection fingerprints
+ integrate latest IPv6 OS submissions and corrections
+ Enabled support for IPv6 traceroute using UDP, SCTP, and IPProto
(Next Header) probes.
+ Scripts can now return a structured name-value table so that results
are query-able from XML output. Scripts can return a string as
before, or a table, or a table and a string. In this last case, the
table will go to XML output and the string will go to screen output.
+ Ncat: Added support for Unix domain sockets. The new -U and
--unixsock options activate this mode.
+ removal of Windows dependencies reduces size of source tarball
+ Replaced old RPC grinder with NSE-based implementation
+ Updated Nmap Scripting Engine to use Lua 5.2
+ Added 85 NSE scripts
+ Added 12 new protocol libraries:
* ajp (Apache JServ Protocol)
* base32 (Base32 encoding/decoding - RFC 4648)
* bjnp (Canon BJNP printer/scanner discovery protocol)
* cassandra (Cassandra database protocol)
* eigrp (Cisco Enhanced Interior Gateway Routing Protocol)
* gps (Global Positioning System - does GPRMC NMEA decoding)
* ipp (CUPS Internet Printing Protocol)
* isns (Internet Storage Name Service)
* jdwp (Java Debug Wire Protocol)
* mobileme (a service for managing Apple/Mac devices)
* ospf (Open Shortest Path First routing protocol)
* rdp (Remote Desktop Protocol)
+ added more Common Platform Enumeration (CPE) identifiers
+ Scans that use OS sockets (including TCP connect scan, version
detection, and script scan) now use the SO_BINDTODEVICE sockopt on
Linux, so that the -e (select network device) option is
honored.
+ [Zenmap] Host filters can now do negative matching, for example you
can use "os:!linux" to match hosts NOT detected as Linux.
+ further minor improvements and bug fixes as listed in
http://nmap.org/changelog.html
- for openSUSE releases where lua 5.2 is available, build with that
library, otherwise use the library that comes with the sources
- add tests for the correct system or included libraries
- refresh nmap-4.75-nostrip.patch
- refresh su-to-zenmap.patch
- update manpages glob to fix Factory build
- update to upstream 6.0.1
* fix a zenmap a crash that happened when activating the host filter.
* fix finding network interfaces if one of them is in monitor mode
* fixx greppable output of hosts that time-out
- update to upstream 6.00
* enhanced Nmap Scripting Engine
* Better Web Scanning
* Full IPv6 Support
* New NPing Tool
* Better Zenmap GUI & results viewer
* Faster scans
* for a full list of changes see http://nmap.org/6/#changes and
http://nmap.org/changelog.html
- refresh nmap-4.00-libpcap-filter.diff
- as nmap is built with the inluded and stripped nmap-libdnet-1.12,
remove system libdnet as build requirement
- Update to nmap-5.61TEST5
- refresh nmap-4.00-libpcap-filter.diff for moved source lines
- refresh nmap-4.00-noreturn.diff for moved source lines
- refresh nmap-4.75-nostrip.patch for moved source lines
- update nmap-5.00-desktop_files.patch
to nmap-5.61-desktop_files.patch for change source
- update su-to-zenmap.patch for moved source lines
- Conditionally change lua-devel BuildRequires to lua51-devel on
openSUSE > 12.1. The code is not yet ready for lua 5.2.
- Fixed a run Zenmap as sudo in KDE and GNOME
- Update to nmap 5.61-xxx branch, changelog too long, see NEWS
for details.
- Add a new subpackage "nping"
- drop no-md2.patch already in upstream.
- add nmap-5.21-gnomesu.patch (fixed bnc#613847)
- spec file clean up to build on SLE and openSUSE < 11.3
- update to 5.21
* Dramatically improved the version detection database, integrating
2,596 submissions that users contributed since February 3, 2009!
* bugfixes
- disable md2 in the scripting language (no longer supplied
by default openssl)
- fixed bnc#528581
- Pascal updated to 5.00 with way too many changes to list them,
see /usr/share/doc/packages/nmap/CHANGELOG
- introduce ncat and ndiff packages providing tools for nmap scans
- use new python macros
- remove strip so we have debuginfos
- Update to 4.75
* [Zenmap] Added a new Scan Topology system.
* [Zenmap] Another exciting new Zenmap feature is Scan
Aggregation.
* [Zenmap] Added a context-sensitive help system to the Profile
Editor.
* Expanded nmap-services to include information on how frequently
each port number is found open.
* Nmap now scans the most common 1,000 ports by default in either
protocol (UDP scan is still optional).
* Nmap fast scan (-F) now scans the top 100 ports by default in
either protocol.
* The --top-ports option lets you specify the number of ports you
wish to scan in each protocol, and will pick the most popular
ports for you based on the new frequency data.
* integrated all of the OS detection fingerprint and correction
submissions
- rename nmap-gtk subpackage to zenmap
- update to version 4.68
* Too many changes to list, see http://nmap.org/changelog.html
- update to version 4.60 tons of bugfixes, see http://nmap.org/changelog.html
- Wrong files for package nmap in openSUSE:Factory [BNC #369021]
- We have to buildrequire lua-devel, otherwise bundled is used
- fix packaging issues
- update to version 4.53 which
o Added UPnP-info NSE script. It gathers information from the
UPnP service (UDP port 1900) which listens on many network
devices such as routers, printers, and networked media players.
o Fix a lot of Bugs
o The Nmap Scripting Engine (NSE) now supports run-time interaction
and the Nmap --host-timeout option.
- changed libpcap to libpcap-devel in BuildRequires
- change last patch to build
- fix build bug
- update to version 4.20 which
o Integrated the latest OS fingerprint submissions
o Fix Bugs
- GNOME moved to /usr
- build against system provided libdnet
- update to version 4.11 which
o Added a dozens of more detailed SSH version detection
signatures
o Fixed the Nmap Makefile
o Fixed a compilation problem on solaris and possibly other
platforms.
o Applied a patch which helps with HP-UX compilation by linking
in the nm library (-lnm
o Added version detection probes for detecting the Nessus daemon.
- Reduce BuildRequires.
- update to 4.0 final. Only some metadata updates
- added pcre-devel to buildrequires
- updated to 3.999 which includes:
o Upgraded the included LibPCRE from version 6.3 to 6.4.
o Integrated all remaining 2005 service submissions.
o Added run time interaction
o Reverse DNS resolution is now done in parallel
o Added the --badsum option, which causes Nmap to use invalid TCP or
UDP checksums for packets sent to target hosts.
o More excellent NmapFE patches from Priit Laes
o Added --max_retries option
o Many of the Nmap low-level timing options take a value in
milliseconds.
o Made some changes to allow source port zero scans (-g0).
- converted neededforbuild to BuildRequires
- 3.95 update
- 3.93 update (fixes #129227)
- fix specfile
- fix C++ Problem with gcc 4.1
- fix Makefile.in to use RPM_OPT_FLAGS
- Update to nmap-3.90
- use internal pcre to avoid problems with SYN scan
[#104337]
- Don't strip binaries
- Build against system libpcap/libpcre to avoid libpcap bugs
[Bug #98249]
- Moved desktop file, added icon (#73653).
- fix return values of gencode.c.
- Update to nmap-3.81
- Update to nmap-3.80
- Update to nmap-3.77
- Update to nmap-3.75
- Update to nmap-3.70
- Update to nmap-3.55
- Fix accidental deletion of specfile tag
- Add openssl to #nfb in order to enable SSL-scan-through support
- Update to nmap-3.50
- move nmapfe/xnmap to a subpackage nmap-gtk
- make use of openssl
- fix DESTDIR patch
- dont build as root
- Update to version 3.48
- add Categories
- Update to version 3.30
- Update to version 3.28
- Update to nmap-3.27
- Use %defattr
- Update to nmap-3.20
- removed bogus self-provides
- fix neededforbuild
- use BuildRoot
- add missing files to file list
- long awaited version 3.00. News:
* 700 operation systems + network devices in fingerprint database
* uptime scan
* XML output
* all references to God in error messages are capitalized
added filter.dif security fix for homegrown libpcap.
- new version 2.54BETA30.
- fixed specfile to build (suse_update_config before autoconf)
- update to 2.54BETA22
- Add %suse_update_config.
- fixed inet_aton detection
- fix neededforbuild
- update to 2.53, move /usr/lib/nmap to /usr/share/nmap
- Version 2.3BETA14. Move manpage to /usr/share/man
- update to version 2.3BETA6
- new version 2.12
- ran old prepare_spec on spec file to switch to new prepare_spec.
- new package, version 2.02
OBS-URL: https://build.opensuse.org/package/show/network:utilities/nmap?expand=0&rev=136
2024-07-26 09:34:37 +00:00
|
|
|
--without-zenmap \
|
2016-12-29 13:14:22 +00:00
|
|
|
STRIP=/bin/true
|
- Update to 7.95:
* Integrated over 4,000 of your IPv4 OS fingerprints. Added 336 signatures,
bringing the new total to 6,036. Additions include iOS 15 & 16, macOS
Ventura & Monterey, Linux 6.1, OpenBSD 7.1, and lwIP 2.2
* Integrated over 2,500 service/version detection fingerprints. The signature
count went up 1.4% to 12,089, including 9 new softmatches. We now detect
1,246 protocols, including new additions of grpc, mysqlx, essnet,
remotemouse, and tuya.
* Added four new scripts from the DINA community for querying industrial
control systems
* Improvements to OS detection fingerprint matching, including a syntax
change for nmap-os-db that allows ranges within the TCP Options
string. This leads to more concise and maintainable fingerprints. [Daniel
Miller]
* Improved the OS detection engine by using a new source port for each retry.
Scans from systems such as Windows that do not send RST for unsolicited
SYN|ACK responses were previously unable to get a response in subsequent
tries. [Daniel Miller]
* Several profile-guided optimizations of the port scan engine. [Daniel Miller]
* Upgraded included libraries: Lua 5.4.6, libpcre2 10.43, zlib 1.3.1, libssh2
1.11.0, liblinear 2.47
* Zenmap and Ndiff now use setuptools, not distutils
for packaging.
* Fixed Ncat UDP server mode to not quit after EOF on
stdin.
* ssh-auth-methods will now print the pre-authentication banner text
when available. Requires libssh2 1.11.0 or later. [Daniel Miller]
* Fix a crash in Zenmap when changing a host comment.
* Fix TLS 1.2 signature algorithms for EdDSA. [Daniel Roethlisberger]
* Fix an out-of-bounds read which led to out-of-memory errors when
duplicate addresses were used with --exclude
* Fixed a memory leak in Nsock: compiled pcap filters were not freed.
* Fixed a crash when using service name wildcards with -p, as in -p "http*"
* Fixed DNS TXT record parsing bug which caused asn-query to fail in
Nmap 7.80 and later. [David Fifield, Mike Pattrick]
* Fixed packet size testing in KNX scripts [f0rw4rd]
- Remove nmap-7.94-handle-unknown-service-name-in-p.patch
- Add zenmap-fix-locale-install.patch
* Fix locale files installation for zenmap
- Use %pyproject macros for building and installing zenmap
- fix segfault with -p (boo#1221403)
add nmap-7.94-handle-unknown-service-name-in-p.patch
- Update License to 'SUSE-NonFree" until determined otherwise
to please checks in openSUSE:Factory:NonFree (boo#1211571)
- Fix build error and wrong requires. Lua version 5.4.4 is required.
But something in opensuse lua package is broken. Set it disable for
Leap too and not only for Tumbleweed.
- Update to 7.94:
* Zenmap and Ndiff now use Python 3
* Nmap now prints vendor names based on MAC address for MA-S (24-bit),
MA-M (28-bit), and MA-L (36-bit) registrations instead of the fixed
3-byte MAC prefix used previously for lookups.
* Lots of profile-guided memory and processing improvements for Nmap,
including OS fingerprint matching, probe matching and retransmission
lookups for large hostgroups, and service name lookups.
* Integrated many of the most-submitted IPv4 OS fingerprints for recent
versions of Windows, iOS, macOS, Linux, and BSD.
* Added the tftp-version script which requests a nonexistent file from a
TFTP server and matches the error message to a database of known software.
* Ncat can now accept "connections" from multiple UDP hosts in listen mode
with the --keep-open option. This also enables --broker and --chat via UDP.
* Upgrade included libraries: zlib 1.2.13, Lua 5.4.4, libpcap 1.10.4
* UDP port scan (-sU) and version scan (-sV) now both use the same data source,
nmap-service-probes, for data payloads. Previously, the nmap-payloads file
was used for port scan.
* Nmap's service scan (-sV) can now probe the UDP service behind a DTLS tunnel,
the same as it already does for TCP services with SSL/TLS encryption.
* Ncat in listen mode with --udp --ssl will use DTLS to secure incoming connections.
* Handle Internationalized Domain Names (IDN) like Яндекс.рф on platforms
where getaddrinfo supports the AI_IDN flag. [Daniel Miller]
* Improved DNS domain name parsing to avoid recursion and enforce name length
limits, avoiding a theoretical stack overflow issue with certain crafted
DNS server responses.
- Update License to 'LicenseRef-NPSL-0.95'
- The package is licenced under the ""Nmap Public Source License",
which is not OSI approved. Specify as "LicenseRef-NPSL-0.93".
(boo#1211571)
- Update to 7.93:
* This release commemorates Nmap's 25th anniversary! It all started with this September 1, 1997 Phrack article by Fyodor: https://nmap.org/p51-11.html.
* Ensure Nmap builds with OpenSSL 3.0 using no deprecated API functions. Binaries for this release include OpenSSL 3.0.5.
* Upgrade included libraries: libssh2 1.10.0, zlib 1.2.12, Lua 5.3.6, libpcap 1.10.1
* Fix a bug that prevented Nmap from discovering interfaces on Linux when no IPv4 addresses were configured.
* NSE "exception handling" with nmap.new_try() will no longer result in a stack traceback in debug output
* Update the Nmap output DTD to match actual output since the `<hosthint>` element was added in Nmap 7.90.
* Fix newtargets support: since Nmap 7.92, scripts could not add targets in script pre-scanning phase.
* Scripts dhcp-discover and broadcast-dhcp-discover now support setting a client identifier.
* Script oracle-tns-version was not reporting the version correctly for Oracle 19c or newer
* Script redis-info was crashing or producing inaccurate information about client connections and/or cluster nodes.
* Script ipidseq was broken due to calling an unreachable library function.
* Support for EC crypto was not properly enabled if Nmap was compiled with OpenSSL in a custom location.
* Improvements to event handling and pcap socket garbage collection, fixing potential hangs and crashes.
* Fix TDS7 password encoding for mssql.lua, which had been assuming ASCII input even though other parts of the library had been passing it Unicode.
* Replace deprecated CPEs for IIS with their updated identifier, cpe:/a:microsoft:internet_information_services
* Fix script-terminating error when unknown BSON data types are encountered. Added parsers for most standard data types.
* Fix hostname/certificate comparison and matching to handle ASN.1 strings without null terminators, a similar bug to OpenSSL's CVE-2021-3712.
* Added support for SOCKS5 proxies that return bind addresses as hostnames, instead of IPv4/IPv6 addresses.
- Do not build with python2 support for SLE15-SP4, bsc#1190997
- Tumbleweed is not affected by the following SLE issues:
* bsc#1148742, CVE-2017-18594
* bsc#1135350
* bsc#1133512
- Update to 7.92:
* TLS 1.3 now supported by most scripts for which it is relevant
* Other bugfixes and improvements
* https://nmap.org/changelog.html#7.92
- Also guard the python-devel BuildRequires if we're building for Python 2
- update to 7.91:
* Rectify error "time result cannot be represented" in the AFP
library
* Support setting the SNMP protocol version in via snmp.version
* Fix MySQL library not properly parsing responses
* mysql-audit now defaults to the bundled mysql-cis.audit for
the audit rule base
- update to 7.90:
* New fingerprints for better OS and service/version detection
* 3 new NSE scripts, new protocol libraries and payloads for host discovery,
port scanning and version detection
* 70+ smaller bug fixes and improvements
* Build system upgrades and code quality improvements
- drop netmask_negativ_bitshift.patch (obsolete)
- fix typo in description
- Update to 7.80:
* 11 new NSE scripts
* Added AF_VSOCK (Linux VM sockets) functionality to Nsock and Ncat
* Deprecate and disable the -PR (ARP ping) host discovery option. ARP ping is
already used whenever possible.
* Temporary RSA keys are now 2048-bit to resolve a compatibility issue with
OpenSSL library configured with security level 2.
* See https://nmap.org/changelog#7.80 for the complete changelog.
- Removed patches included upstream:
* nmap-7.70-CVE-2018-15173_pcre_limits.patch
* nmap-7.70-fix_infinite_loop.patch
- Added netmask_negativ_bitshift.patch to fix netmask calculation for certain
architectures.
- add nmap-7.70-fix_infinite_loop.patch to fix infinite loop in
tls-alpn when server is forcing a protocol [bsc#1143277]
- add nmap-7.70-CVE-2018-15173_pcre_limits.patch to reduce LibPCRE
resource limits so that version detection can't use as much of
the stack. Previously Nmap could crash when run on low-memory
systems against target services which are intentionally or
accidentally difficult to match [bsc#1104139] [CVE-2018-15173].
- Trim filler wording from description.
- Trim idempotent %if..%endif blocks.
- Explicitly request bash for bashisms in %install.
- don't build zenmap and ndiff python2 subpackages because of the
python2 deprecation in Tumbleweed
- run spec-cleaner
- tweak Summaries and Descriptions
- Update to 7.70:
* 14 new NSE scripts
* iec-identify probes for the IEC 60870-5-104 SCADA protocol
* ssh-brute performs brute-forcing of SSH password credentials
* See https://nmap.org/changelog.html#7.70 for the complete changelog.
- Nmap 7.60:
* NSE scripts now have complete SSH support via libssh2
* Added 14 NSE scripts from 6 authors, bringing the total up to 579!
* See https://nmap.org/changelog.html#7.60 for the complete changelog.
- Nmap 7.50:
* Integrated all of your service/version detection fingerprints
submitted from September to March (855 of them). The signature
count went up 2.9% to 11,418. We now detect 1193 protocols from
apachemq, bro, and clickhouse to jmon, slmp, and zookeeper.
Highlights: http://seclists.org/nmap-dev/2017/q2/140
* Many added NSE scripts, OS fingerprints, service probes
* See https://nmap.org/changelog.html#7.50 for the complete changelog.
- Nmap 7.40:
* Many added NSE scripts, OS fingerprints, service probes
* New option --defeat-icmp-ratelimit dramatically reduces UDP
scan times in exchange for labeling unresponsive
(and possibly open) ports as "closed|filtered".
* New NSE library, geoip.lua, provides a common framework for
storing and retrieving IP geolocation results.
* See https://nmap.org/changelog.html#7.40 for the complete
changelog.
- Refresh nmap-5.61-desktop_files.patch as
nmap-7.40-desktop_files.patch
- Nmap 7.31:
* Fix the way Nmap handles scanning names that resolve to the
same IP
* Zenmap: Better visual indication that display of hostname is
tied to address in the Topology page
- Nmap 7.30:
* Many added NSE scripts, OS fingerprints, service probes
* Improved output filtering
* Using Lua 5.3
* Many bug fixes, improvements and performance enhancements
- Nmap 7.12:
* Zenmap: Avoid file corruption in zenmap.conf
* NSE: VNC updates
* NSE: Add STARTTLS support for VNC, NNTP, and LMTP
* Add new service probes and match lines for OpenVPN
- Nmap 7.11:
* Add support for diffie-hellman-group-exchange-* SSH key
exchange methods to ssh2.lua, allowing ssh-hostkey to run on
servers that only support custom Diffie-Hellman groups.
* Add support in sslcert.lua for Microsoft SQL Server's TDS
protocol, so you can now grab certs with ssl-cert or check
ciphers with ssl-enum-ciphers.
* Fix crashes in Zenmap
- Nmap 7.10:
* Add 12 NSE scripts
* Integrate OS, service/version detection fingerprint submissions
* Updated to various NSE scripts
* Zenmap: Remember window geometry (position and size) from the
previous time Zenmap was run.
* Give option parsing errors after the long usage statement
* Changed Nmap's idea of reserved and private IP addresses to include
169.254/16 (RFC3927) and remove 6/8, 7/8, and 55/8 networks
(for -iR randomly generated targets)
Usage of own exclusion lists with --exclude or --exclude-file is
recommended to avoid scanning newly-valid addresses belonging to
the US DoD.
* Allow the -4 option for Nmap to indicate IPv4 address family.
* Add verbosity level of 0 (-v0): not text output
- Nmap 7.01:
* various bug fixes in NSE
- Nmap 7.00:
* see /usr/share/doc/packages/nmap/CHANGELOG
- removed patches:
* nmap-4.00-noreturn.diff
* nmap-6.00-libpcap-filter.diff
not needed since we do not build against the bundled libpcap
- updated patch:
* nmap-ncat-skip-network-tests.patch
- Unbreak everything not Factory
- Fix the build for Factory. Insist on lua 5.2.x
- BuildRequire lua52-devel on openSUSE > 13.2 (current Tumbleweed):
nmap has not been ported to LUA 5.3 yet.
- Minor fix in check session: internal lua identifies itself as
5.2.3 by now.
- fix build on SLE 12 by removing gpg-offline dependency
- run spec-cleaner
- Nmap 6.47:
* updated IPv4 OS fingerprints
* Removed the External Entity Declaration from the DOCTYPE in
Nmap's XML. The doctype is now: <!DOCTYPE nmaprun>
* Ncat: Fixed SOCKS5 username/password authentication
* Avoid formatting NULL as "%s" when running nmap --iflist
* Zenmap, Ndiff: Avoid crashing with old PyXML package
* Handle ICMP admin-prohibited messages when doing service version
detection.
* NSE: Fix a bug causing http.head to not honor redirects.
* Zenmap: Fix a bug in DiffViewer causing a crash
- fix self-obsoletion of zenmap (nmap-gtk)
- Nmap 6.46
- NSE:
* Made numerous improvements to ssl-heartbleed to provide
more reliable detection of the vulnerability
* Fix some bugs which could cause snmp-ios-config and
snmp-sysdescr scripts to crash
* Improved performance of citrixlua library when handling large
XML responses containing application lists
- Zenmap:
* Fixed a bug which caused this crash message: "IOError:
[Errno socket error] [Errno 10060] A connection attempt
failed [...]" due to DOCTYPE definition to Nmap's XML output
- Nmap 6.45
- NSE:
* Add ssl-heartbleed script to detect the Heartbleed OpenSSL bug
* Fixed an error-handling bug in socks-open-proxy that caused it
to fail when scanning a SOCKS4-only proxy
* Improved ntp-info script to handle underscores in returned
data
* Add quake1-info script for retrieving server and player
information from Quake 1 game servers
* Add unicode library for decoding and encoding UTF-8, UTF-16,
CP437 and other character sets to Unicode code points. Scripts
that previously just added or skipped nulls in UTF-16 data can
use this to support non-ASCII characters
* When doing a ping scan (-sn), the --open option will prevent down
hosts from being shown when -v is specified. This aligns with
similar output for othe rscan types
* Add http-ntlm-info script for getting server information from
Web servers that require NTLM authentication
* Added tls library for functions related to SSLv3 and TLS
messages. Existing ssl-enum-ciphers, ssl-date, and
tls-nextprotoneg scripts were updated to use this library
* Add sstp-discover script to discover Microsoft's Secure Socket
Tunnelling Protocol
* Added unittest library and NSE script for adding unit tests to
NSE libraries
* Added allseeingeye-info script
* Add freelancer-info script
* Add http-server-header script
* Add rfc868-time script
* Add weblogic-t3-info script
* Removed a fixed value (28428) which was being set for the Request
ID in the snmpWalk library function
* Add http-iis-short-name-brute script
* Add http-dlink-backdoor
* Made telnet-brute support multiple parallel guessing threads
* Made the table returned by ssh1.fetch_host_key contain a "key"
element, like that of ssh2.fetch_host_key
* Update dns-cache-snoop script to use a new list of top 50
domains rather than a 2010 list
* Added the qconn-exec script
- Ncat:
* Added support for socks5 and corresponding regression tests.
* Fixed compilation when --without-liblua is specified
* Added NCAT_PROTO, NCAT_REMOTE_ADDR, NCAT_REMOTE_PORT,
NCAT_LOCAL_ADDR and NCAT_LOCAL_PORT environment variables being
set in all --*-exec child processes.
- Nsock:
* Handle timers and timeouts via a priority queue
- Various:
* Added TCP support to dns.lua
* Added safe fd_set operations. This makes nmap fail gracefully
instead of crashing when the number of file descriptors grows
over FD_SETSIZE
* Updated bundled liblua from 5.2.2 to 5.2.3 (bugfix release)
* Added version detection signatures and probes for a bunch of
Android remote mouse/keyboard servers, including AndroMouse,
AirHID, Wifi-mouse, and RemoteMouse.
* Fixed a bug with UDP checksum calculation
* Idle scan now supports IPv6
* The ICMP ID of ICMP probes is now matched against the sent ICMP
ID to reduce the chance of false matches
- Zenmap:
* Fixed a crash that would happen when you entered a search
term starting with a colon
- add missing python-gtk dependency for zenmap [bnc#752158]
- update to 6.40
- [Ncat] Added --lua-exec
- new and updated IPv4 OS fingerprints
- new and updated IPv6 OS fingerprints
- new and updated service/version fingerprints
- [Nsock] Added initial proxy support to Nsock
- [NSE] Added 14 NSE scripts
- Updated the Nmap license terms, still GPL-2.0+
https://svn.nmap.org/nmap/COPYING.
- [NSE] fix possibility of writing arbitrary file to client system
when using the http-domino-enum-passwords script with the
domino-enum-passwords.idpath parameter against a malicious server
- Unicast CIDR-style IPv6 range scanning is now supported
- It's now possible to mix IPv4 range notation with CIDR netmasks in
target specifications.
- Timeout script-args are now standardized to use the timespec that
Nmap's command-line arguments take (5s, 5000ms, 1h, etc.)
- Nmap may now partially rearrange its target list for more efficient
host groups.
- [Ncat] The -i option (idle timeout) now works in listen mode as well as
connect mode.
- [Ncat] Ncat now support chained certificates with the --ssl-cert
option.
- [Nping] Nping now checks for a matching ICMP ID on echo replies
- [NSE] The ipOps.isPrivate library now considers the deprecated
site-local prefix fec0::/10 to be private.
- Nmap's routing table is now sorted first by netmask, then by metric.
- Routes are now sorted to prefer those with a lower metric.
- Fixed a byte-ordering problem on little-endian architectures when doing
idle scan with a zombie that uses broken ID increments.
- Stop parsing TCP options after reaching EOL in libnetutil.
- [NSE] The dns-ip6-arpa-scan script now optionally accepts "/" syntax for
a network mask
- Fixed our NSEDoc system for UTF-8 names
- UDP protocol payloads were added for detecting the Murmer service
- [NSE] Added http-phpmyadmin-dir-traversal
- Fixed address matching for SCTP (-PY) ping
- Removed some non-ANSI-C strftime format strings ("%F") and
locale-dependent formats ("%c") from NSE scripts and libraries.
- [Zenmap] Improved internationalization support
- [Zenmap] Fixed internationalization files
- [NSE] Updated the included Liblua from version 5.2.1 to 5.2.2.
- [Nsock] Added a minimal regression test suite for Nsock.
- [NSE] Updated the redis-brute and redis-info scripts to work against
the latest versions of redis server
- [Ncat] Fixed errors in connecting to IPv6 proxies.
- [NSE] Updated hostmap-bfk to work with the latest version of their website
- [NSE] Added XML structured output support to:
+ xmpp-info, irc-info, sslv2, address-info
+ hostmap-bfk, hostmap-robtex, hostmap-ip2hosts.
+ http-git.nse.
- Added new service probes for:
+ Erlang distribution nodes
+ Minecraft servers.
+ Hazelcast data grid.
- [NSE] Rewrote telnet-brute for better compatibility with a variety of
telnet servers.
- Fixed a regression that changed the number of delimiters in machine
output.
- Fixed a regression in broadcast-dropbox-listener which prevented it from
producing output.
- Handle ICMP type 11 (Time Exceeded) responses to port scan probes.
- Add new decoders (BROWSER, DHCP6 and LLMNR) to broadcast-listener and
changed output of some of the decoders slightly.
- Namespace the pipes used to communicate with subprocesses by PID, to avoid
multiple instances of Ncat from interfering with each other.
- [NSE] Changed ip-geolocation-geoplugin to use the web service's new output
format.
- Limited the number of open sockets in ultra_scan to FD_SETSIZE.
- Fixed a bug that prevented Nmap from finding any interfaces when one of
them had the type ARP_HDR_APPLETALK
- [Ncat] Ncat now keeps running in connect mode after receiving EOF from the
remote socket, unless --recv-only is in effect.
- Packet trace of ICMP packets now include the ICMP ID and sequence number
by default.
- [NSE] Fixed various NSEDoc bugs
- [Zenmap] Zenmap now understands the NMAP_PRIVILEGED and NMAP_UNPRIVILEGED
environment variables.
- Added an ncat_assert macro.
- Added nmap-fo.xsl to convert Nmap XML into XSL-FO, which can be converted
into PDF using tools suck as Apache FOP.
- Increased the number of slack file descriptors not used during connect
scan.
- Changed the --webxml XSL stylesheet to point to the new location of
nmap.xsl in the new repository (https://svn.nmap.org/nmap/docs/nmap.xsl).
- [NSE] The vulnerability library can now preserve vulnerability information
across multiple ports of the same host.
- Removed the undocumented -q option, which renamed the nmap process to
something like "pine".
- Moved the Japanese man page from man1/jp to man1/ja. JP is a country code
while JA is a language code.
- [Nsock] Reworked the logging infrastructure to make it more flexible and
consistent.
- [NSE] Fixed scripts using unconnected UDP sockets.
- Made some changes to Ndiff to reduce parsing time when dealing with large
Nmap XML output files.
- [Zenmap] Fixed a crash that could be caused by opening the About dialog,
using the window manager to close it, and opening it again.
- [Ncat] Made test-addrset.sh exit with nonzero status if any tests
fail.
- Fixed compilation with --without-liblua.
- Fixed CRC32c calculation (as used in SCTP scans) on 64-bit
platforms.
- [NSE] Added multicast group name output to broadcast-igmp-discovery.nse.
- [NSE] Added new fingerprints for http-enum: Sitecore, Moodle, typo3,
SquirrelMail, RoundCube.
- Packaging changes:
* remove nmap-ncat-fail-test-addrset.patch, committed upstream
* ja locale was corrected upstream
- add verification of gpg signatures of source tarballs
- run available unit tests
- add nmap-ncat-fail-test-addrset.patch to make ncat tests effective
- add nmap-ncat-skip-network-tests.patch to skip tests requiring
name resolution
- update to 6.25
+ add 373 IPv4 OS fingerprints and improve existing fingerprints
+ add more than 400 service/version detection fingerprints
+ integrate latest IPv6 OS submissions and corrections
+ Enabled support for IPv6 traceroute using UDP, SCTP, and IPProto
(Next Header) probes.
+ Scripts can now return a structured name-value table so that results
are query-able from XML output. Scripts can return a string as
before, or a table, or a table and a string. In this last case, the
table will go to XML output and the string will go to screen output.
+ Ncat: Added support for Unix domain sockets. The new -U and
--unixsock options activate this mode.
+ removal of Windows dependencies reduces size of source tarball
+ Replaced old RPC grinder with NSE-based implementation
+ Updated Nmap Scripting Engine to use Lua 5.2
+ Added 85 NSE scripts
+ Added 12 new protocol libraries:
* ajp (Apache JServ Protocol)
* base32 (Base32 encoding/decoding - RFC 4648)
* bjnp (Canon BJNP printer/scanner discovery protocol)
* cassandra (Cassandra database protocol)
* eigrp (Cisco Enhanced Interior Gateway Routing Protocol)
* gps (Global Positioning System - does GPRMC NMEA decoding)
* ipp (CUPS Internet Printing Protocol)
* isns (Internet Storage Name Service)
* jdwp (Java Debug Wire Protocol)
* mobileme (a service for managing Apple/Mac devices)
* ospf (Open Shortest Path First routing protocol)
* rdp (Remote Desktop Protocol)
+ added more Common Platform Enumeration (CPE) identifiers
+ Scans that use OS sockets (including TCP connect scan, version
detection, and script scan) now use the SO_BINDTODEVICE sockopt on
Linux, so that the -e (select network device) option is
honored.
+ [Zenmap] Host filters can now do negative matching, for example you
can use "os:!linux" to match hosts NOT detected as Linux.
+ further minor improvements and bug fixes as listed in
http://nmap.org/changelog.html
- for openSUSE releases where lua 5.2 is available, build with that
library, otherwise use the library that comes with the sources
- add tests for the correct system or included libraries
- refresh nmap-4.75-nostrip.patch
- refresh su-to-zenmap.patch
- update manpages glob to fix Factory build
- update to upstream 6.0.1
* fix a zenmap a crash that happened when activating the host filter.
* fix finding network interfaces if one of them is in monitor mode
* fixx greppable output of hosts that time-out
- update to upstream 6.00
* enhanced Nmap Scripting Engine
* Better Web Scanning
* Full IPv6 Support
* New NPing Tool
* Better Zenmap GUI & results viewer
* Faster scans
* for a full list of changes see http://nmap.org/6/#changes and
http://nmap.org/changelog.html
- refresh nmap-4.00-libpcap-filter.diff
- as nmap is built with the inluded and stripped nmap-libdnet-1.12,
remove system libdnet as build requirement
- Update to nmap-5.61TEST5
- refresh nmap-4.00-libpcap-filter.diff for moved source lines
- refresh nmap-4.00-noreturn.diff for moved source lines
- refresh nmap-4.75-nostrip.patch for moved source lines
- update nmap-5.00-desktop_files.patch
to nmap-5.61-desktop_files.patch for change source
- update su-to-zenmap.patch for moved source lines
- Conditionally change lua-devel BuildRequires to lua51-devel on
openSUSE > 12.1. The code is not yet ready for lua 5.2.
- Fixed a run Zenmap as sudo in KDE and GNOME
- Update to nmap 5.61-xxx branch, changelog too long, see NEWS
for details.
- Add a new subpackage "nping"
- drop no-md2.patch already in upstream.
- add nmap-5.21-gnomesu.patch (fixed bnc#613847)
- spec file clean up to build on SLE and openSUSE < 11.3
- update to 5.21
* Dramatically improved the version detection database, integrating
2,596 submissions that users contributed since February 3, 2009!
* bugfixes
- disable md2 in the scripting language (no longer supplied
by default openssl)
- fixed bnc#528581
- Pascal updated to 5.00 with way too many changes to list them,
see /usr/share/doc/packages/nmap/CHANGELOG
- introduce ncat and ndiff packages providing tools for nmap scans
- use new python macros
- remove strip so we have debuginfos
- Update to 4.75
* [Zenmap] Added a new Scan Topology system.
* [Zenmap] Another exciting new Zenmap feature is Scan
Aggregation.
* [Zenmap] Added a context-sensitive help system to the Profile
Editor.
* Expanded nmap-services to include information on how frequently
each port number is found open.
* Nmap now scans the most common 1,000 ports by default in either
protocol (UDP scan is still optional).
* Nmap fast scan (-F) now scans the top 100 ports by default in
either protocol.
* The --top-ports option lets you specify the number of ports you
wish to scan in each protocol, and will pick the most popular
ports for you based on the new frequency data.
* integrated all of the OS detection fingerprint and correction
submissions
- rename nmap-gtk subpackage to zenmap
- update to version 4.68
* Too many changes to list, see http://nmap.org/changelog.html
- update to version 4.60 tons of bugfixes, see http://nmap.org/changelog.html
- Wrong files for package nmap in openSUSE:Factory [BNC #369021]
- We have to buildrequire lua-devel, otherwise bundled is used
- fix packaging issues
- update to version 4.53 which
o Added UPnP-info NSE script. It gathers information from the
UPnP service (UDP port 1900) which listens on many network
devices such as routers, printers, and networked media players.
o Fix a lot of Bugs
o The Nmap Scripting Engine (NSE) now supports run-time interaction
and the Nmap --host-timeout option.
- changed libpcap to libpcap-devel in BuildRequires
- change last patch to build
- fix build bug
- update to version 4.20 which
o Integrated the latest OS fingerprint submissions
o Fix Bugs
- GNOME moved to /usr
- build against system provided libdnet
- update to version 4.11 which
o Added a dozens of more detailed SSH version detection
signatures
o Fixed the Nmap Makefile
o Fixed a compilation problem on solaris and possibly other
platforms.
o Applied a patch which helps with HP-UX compilation by linking
in the nm library (-lnm
o Added version detection probes for detecting the Nessus daemon.
- Reduce BuildRequires.
- update to 4.0 final. Only some metadata updates
- added pcre-devel to buildrequires
- updated to 3.999 which includes:
o Upgraded the included LibPCRE from version 6.3 to 6.4.
o Integrated all remaining 2005 service submissions.
o Added run time interaction
o Reverse DNS resolution is now done in parallel
o Added the --badsum option, which causes Nmap to use invalid TCP or
UDP checksums for packets sent to target hosts.
o More excellent NmapFE patches from Priit Laes
o Added --max_retries option
o Many of the Nmap low-level timing options take a value in
milliseconds.
o Made some changes to allow source port zero scans (-g0).
- converted neededforbuild to BuildRequires
- 3.95 update
- 3.93 update (fixes #129227)
- fix specfile
- fix C++ Problem with gcc 4.1
- fix Makefile.in to use RPM_OPT_FLAGS
- Update to nmap-3.90
- use internal pcre to avoid problems with SYN scan
[#104337]
- Don't strip binaries
- Build against system libpcap/libpcre to avoid libpcap bugs
[Bug #98249]
- Moved desktop file, added icon (#73653).
- fix return values of gencode.c.
- Update to nmap-3.81
- Update to nmap-3.80
- Update to nmap-3.77
- Update to nmap-3.75
- Update to nmap-3.70
- Update to nmap-3.55
- Fix accidental deletion of specfile tag
- Add openssl to #nfb in order to enable SSL-scan-through support
- Update to nmap-3.50
- move nmapfe/xnmap to a subpackage nmap-gtk
- make use of openssl
- fix DESTDIR patch
- dont build as root
- Update to version 3.48
- add Categories
- Update to version 3.30
- Update to version 3.28
- Update to nmap-3.27
- Use %defattr
- Update to nmap-3.20
- removed bogus self-provides
- fix neededforbuild
- use BuildRoot
- add missing files to file list
- long awaited version 3.00. News:
* 700 operation systems + network devices in fingerprint database
* uptime scan
* XML output
* all references to God in error messages are capitalized
added filter.dif security fix for homegrown libpcap.
- new version 2.54BETA30.
- fixed specfile to build (suse_update_config before autoconf)
- update to 2.54BETA22
- Add %suse_update_config.
- fixed inet_aton detection
- fix neededforbuild
- update to 2.53, move /usr/lib/nmap to /usr/share/nmap
- Version 2.3BETA14. Move manpage to /usr/share/man
- update to version 2.3BETA6
- new version 2.12
- ran old prepare_spec on spec file to switch to new prepare_spec.
- new package, version 2.02
OBS-URL: https://build.opensuse.org/package/show/network:utilities/nmap?expand=0&rev=136
2024-07-26 09:34:37 +00:00
|
|
|
|
2010-08-27 21:43:33 +00:00
|
|
|
|
2020-11-02 13:45:23 +00:00
|
|
|
%make_build
|
- Update to 7.95:
* Integrated over 4,000 of your IPv4 OS fingerprints. Added 336 signatures,
bringing the new total to 6,036. Additions include iOS 15 & 16, macOS
Ventura & Monterey, Linux 6.1, OpenBSD 7.1, and lwIP 2.2
* Integrated over 2,500 service/version detection fingerprints. The signature
count went up 1.4% to 12,089, including 9 new softmatches. We now detect
1,246 protocols, including new additions of grpc, mysqlx, essnet,
remotemouse, and tuya.
* Added four new scripts from the DINA community for querying industrial
control systems
* Improvements to OS detection fingerprint matching, including a syntax
change for nmap-os-db that allows ranges within the TCP Options
string. This leads to more concise and maintainable fingerprints. [Daniel
Miller]
* Improved the OS detection engine by using a new source port for each retry.
Scans from systems such as Windows that do not send RST for unsolicited
SYN|ACK responses were previously unable to get a response in subsequent
tries. [Daniel Miller]
* Several profile-guided optimizations of the port scan engine. [Daniel Miller]
* Upgraded included libraries: Lua 5.4.6, libpcre2 10.43, zlib 1.3.1, libssh2
1.11.0, liblinear 2.47
* Zenmap and Ndiff now use setuptools, not distutils
for packaging.
* Fixed Ncat UDP server mode to not quit after EOF on
stdin.
* ssh-auth-methods will now print the pre-authentication banner text
when available. Requires libssh2 1.11.0 or later. [Daniel Miller]
* Fix a crash in Zenmap when changing a host comment.
* Fix TLS 1.2 signature algorithms for EdDSA. [Daniel Roethlisberger]
* Fix an out-of-bounds read which led to out-of-memory errors when
duplicate addresses were used with --exclude
* Fixed a memory leak in Nsock: compiled pcap filters were not freed.
* Fixed a crash when using service name wildcards with -p, as in -p "http*"
* Fixed DNS TXT record parsing bug which caused asn-query to fail in
Nmap 7.80 and later. [David Fifield, Mike Pattrick]
* Fixed packet size testing in KNX scripts [f0rw4rd]
- Remove nmap-7.94-handle-unknown-service-name-in-p.patch
- Add zenmap-fix-locale-install.patch
* Fix locale files installation for zenmap
- Use %pyproject macros for building and installing zenmap
- fix segfault with -p (boo#1221403)
add nmap-7.94-handle-unknown-service-name-in-p.patch
- Update License to 'SUSE-NonFree" until determined otherwise
to please checks in openSUSE:Factory:NonFree (boo#1211571)
- Fix build error and wrong requires. Lua version 5.4.4 is required.
But something in opensuse lua package is broken. Set it disable for
Leap too and not only for Tumbleweed.
- Update to 7.94:
* Zenmap and Ndiff now use Python 3
* Nmap now prints vendor names based on MAC address for MA-S (24-bit),
MA-M (28-bit), and MA-L (36-bit) registrations instead of the fixed
3-byte MAC prefix used previously for lookups.
* Lots of profile-guided memory and processing improvements for Nmap,
including OS fingerprint matching, probe matching and retransmission
lookups for large hostgroups, and service name lookups.
* Integrated many of the most-submitted IPv4 OS fingerprints for recent
versions of Windows, iOS, macOS, Linux, and BSD.
* Added the tftp-version script which requests a nonexistent file from a
TFTP server and matches the error message to a database of known software.
* Ncat can now accept "connections" from multiple UDP hosts in listen mode
with the --keep-open option. This also enables --broker and --chat via UDP.
* Upgrade included libraries: zlib 1.2.13, Lua 5.4.4, libpcap 1.10.4
* UDP port scan (-sU) and version scan (-sV) now both use the same data source,
nmap-service-probes, for data payloads. Previously, the nmap-payloads file
was used for port scan.
* Nmap's service scan (-sV) can now probe the UDP service behind a DTLS tunnel,
the same as it already does for TCP services with SSL/TLS encryption.
* Ncat in listen mode with --udp --ssl will use DTLS to secure incoming connections.
* Handle Internationalized Domain Names (IDN) like Яндекс.рф on platforms
where getaddrinfo supports the AI_IDN flag. [Daniel Miller]
* Improved DNS domain name parsing to avoid recursion and enforce name length
limits, avoiding a theoretical stack overflow issue with certain crafted
DNS server responses.
- Update License to 'LicenseRef-NPSL-0.95'
- The package is licenced under the ""Nmap Public Source License",
which is not OSI approved. Specify as "LicenseRef-NPSL-0.93".
(boo#1211571)
- Update to 7.93:
* This release commemorates Nmap's 25th anniversary! It all started with this September 1, 1997 Phrack article by Fyodor: https://nmap.org/p51-11.html.
* Ensure Nmap builds with OpenSSL 3.0 using no deprecated API functions. Binaries for this release include OpenSSL 3.0.5.
* Upgrade included libraries: libssh2 1.10.0, zlib 1.2.12, Lua 5.3.6, libpcap 1.10.1
* Fix a bug that prevented Nmap from discovering interfaces on Linux when no IPv4 addresses were configured.
* NSE "exception handling" with nmap.new_try() will no longer result in a stack traceback in debug output
* Update the Nmap output DTD to match actual output since the `<hosthint>` element was added in Nmap 7.90.
* Fix newtargets support: since Nmap 7.92, scripts could not add targets in script pre-scanning phase.
* Scripts dhcp-discover and broadcast-dhcp-discover now support setting a client identifier.
* Script oracle-tns-version was not reporting the version correctly for Oracle 19c or newer
* Script redis-info was crashing or producing inaccurate information about client connections and/or cluster nodes.
* Script ipidseq was broken due to calling an unreachable library function.
* Support for EC crypto was not properly enabled if Nmap was compiled with OpenSSL in a custom location.
* Improvements to event handling and pcap socket garbage collection, fixing potential hangs and crashes.
* Fix TDS7 password encoding for mssql.lua, which had been assuming ASCII input even though other parts of the library had been passing it Unicode.
* Replace deprecated CPEs for IIS with their updated identifier, cpe:/a:microsoft:internet_information_services
* Fix script-terminating error when unknown BSON data types are encountered. Added parsers for most standard data types.
* Fix hostname/certificate comparison and matching to handle ASN.1 strings without null terminators, a similar bug to OpenSSL's CVE-2021-3712.
* Added support for SOCKS5 proxies that return bind addresses as hostnames, instead of IPv4/IPv6 addresses.
- Do not build with python2 support for SLE15-SP4, bsc#1190997
- Tumbleweed is not affected by the following SLE issues:
* bsc#1148742, CVE-2017-18594
* bsc#1135350
* bsc#1133512
- Update to 7.92:
* TLS 1.3 now supported by most scripts for which it is relevant
* Other bugfixes and improvements
* https://nmap.org/changelog.html#7.92
- Also guard the python-devel BuildRequires if we're building for Python 2
- update to 7.91:
* Rectify error "time result cannot be represented" in the AFP
library
* Support setting the SNMP protocol version in via snmp.version
* Fix MySQL library not properly parsing responses
* mysql-audit now defaults to the bundled mysql-cis.audit for
the audit rule base
- update to 7.90:
* New fingerprints for better OS and service/version detection
* 3 new NSE scripts, new protocol libraries and payloads for host discovery,
port scanning and version detection
* 70+ smaller bug fixes and improvements
* Build system upgrades and code quality improvements
- drop netmask_negativ_bitshift.patch (obsolete)
- fix typo in description
- Update to 7.80:
* 11 new NSE scripts
* Added AF_VSOCK (Linux VM sockets) functionality to Nsock and Ncat
* Deprecate and disable the -PR (ARP ping) host discovery option. ARP ping is
already used whenever possible.
* Temporary RSA keys are now 2048-bit to resolve a compatibility issue with
OpenSSL library configured with security level 2.
* See https://nmap.org/changelog#7.80 for the complete changelog.
- Removed patches included upstream:
* nmap-7.70-CVE-2018-15173_pcre_limits.patch
* nmap-7.70-fix_infinite_loop.patch
- Added netmask_negativ_bitshift.patch to fix netmask calculation for certain
architectures.
- add nmap-7.70-fix_infinite_loop.patch to fix infinite loop in
tls-alpn when server is forcing a protocol [bsc#1143277]
- add nmap-7.70-CVE-2018-15173_pcre_limits.patch to reduce LibPCRE
resource limits so that version detection can't use as much of
the stack. Previously Nmap could crash when run on low-memory
systems against target services which are intentionally or
accidentally difficult to match [bsc#1104139] [CVE-2018-15173].
- Trim filler wording from description.
- Trim idempotent %if..%endif blocks.
- Explicitly request bash for bashisms in %install.
- don't build zenmap and ndiff python2 subpackages because of the
python2 deprecation in Tumbleweed
- run spec-cleaner
- tweak Summaries and Descriptions
- Update to 7.70:
* 14 new NSE scripts
* iec-identify probes for the IEC 60870-5-104 SCADA protocol
* ssh-brute performs brute-forcing of SSH password credentials
* See https://nmap.org/changelog.html#7.70 for the complete changelog.
- Nmap 7.60:
* NSE scripts now have complete SSH support via libssh2
* Added 14 NSE scripts from 6 authors, bringing the total up to 579!
* See https://nmap.org/changelog.html#7.60 for the complete changelog.
- Nmap 7.50:
* Integrated all of your service/version detection fingerprints
submitted from September to March (855 of them). The signature
count went up 2.9% to 11,418. We now detect 1193 protocols from
apachemq, bro, and clickhouse to jmon, slmp, and zookeeper.
Highlights: http://seclists.org/nmap-dev/2017/q2/140
* Many added NSE scripts, OS fingerprints, service probes
* See https://nmap.org/changelog.html#7.50 for the complete changelog.
- Nmap 7.40:
* Many added NSE scripts, OS fingerprints, service probes
* New option --defeat-icmp-ratelimit dramatically reduces UDP
scan times in exchange for labeling unresponsive
(and possibly open) ports as "closed|filtered".
* New NSE library, geoip.lua, provides a common framework for
storing and retrieving IP geolocation results.
* See https://nmap.org/changelog.html#7.40 for the complete
changelog.
- Refresh nmap-5.61-desktop_files.patch as
nmap-7.40-desktop_files.patch
- Nmap 7.31:
* Fix the way Nmap handles scanning names that resolve to the
same IP
* Zenmap: Better visual indication that display of hostname is
tied to address in the Topology page
- Nmap 7.30:
* Many added NSE scripts, OS fingerprints, service probes
* Improved output filtering
* Using Lua 5.3
* Many bug fixes, improvements and performance enhancements
- Nmap 7.12:
* Zenmap: Avoid file corruption in zenmap.conf
* NSE: VNC updates
* NSE: Add STARTTLS support for VNC, NNTP, and LMTP
* Add new service probes and match lines for OpenVPN
- Nmap 7.11:
* Add support for diffie-hellman-group-exchange-* SSH key
exchange methods to ssh2.lua, allowing ssh-hostkey to run on
servers that only support custom Diffie-Hellman groups.
* Add support in sslcert.lua for Microsoft SQL Server's TDS
protocol, so you can now grab certs with ssl-cert or check
ciphers with ssl-enum-ciphers.
* Fix crashes in Zenmap
- Nmap 7.10:
* Add 12 NSE scripts
* Integrate OS, service/version detection fingerprint submissions
* Updated to various NSE scripts
* Zenmap: Remember window geometry (position and size) from the
previous time Zenmap was run.
* Give option parsing errors after the long usage statement
* Changed Nmap's idea of reserved and private IP addresses to include
169.254/16 (RFC3927) and remove 6/8, 7/8, and 55/8 networks
(for -iR randomly generated targets)
Usage of own exclusion lists with --exclude or --exclude-file is
recommended to avoid scanning newly-valid addresses belonging to
the US DoD.
* Allow the -4 option for Nmap to indicate IPv4 address family.
* Add verbosity level of 0 (-v0): not text output
- Nmap 7.01:
* various bug fixes in NSE
- Nmap 7.00:
* see /usr/share/doc/packages/nmap/CHANGELOG
- removed patches:
* nmap-4.00-noreturn.diff
* nmap-6.00-libpcap-filter.diff
not needed since we do not build against the bundled libpcap
- updated patch:
* nmap-ncat-skip-network-tests.patch
- Unbreak everything not Factory
- Fix the build for Factory. Insist on lua 5.2.x
- BuildRequire lua52-devel on openSUSE > 13.2 (current Tumbleweed):
nmap has not been ported to LUA 5.3 yet.
- Minor fix in check session: internal lua identifies itself as
5.2.3 by now.
- fix build on SLE 12 by removing gpg-offline dependency
- run spec-cleaner
- Nmap 6.47:
* updated IPv4 OS fingerprints
* Removed the External Entity Declaration from the DOCTYPE in
Nmap's XML. The doctype is now: <!DOCTYPE nmaprun>
* Ncat: Fixed SOCKS5 username/password authentication
* Avoid formatting NULL as "%s" when running nmap --iflist
* Zenmap, Ndiff: Avoid crashing with old PyXML package
* Handle ICMP admin-prohibited messages when doing service version
detection.
* NSE: Fix a bug causing http.head to not honor redirects.
* Zenmap: Fix a bug in DiffViewer causing a crash
- fix self-obsoletion of zenmap (nmap-gtk)
- Nmap 6.46
- NSE:
* Made numerous improvements to ssl-heartbleed to provide
more reliable detection of the vulnerability
* Fix some bugs which could cause snmp-ios-config and
snmp-sysdescr scripts to crash
* Improved performance of citrixlua library when handling large
XML responses containing application lists
- Zenmap:
* Fixed a bug which caused this crash message: "IOError:
[Errno socket error] [Errno 10060] A connection attempt
failed [...]" due to DOCTYPE definition to Nmap's XML output
- Nmap 6.45
- NSE:
* Add ssl-heartbleed script to detect the Heartbleed OpenSSL bug
* Fixed an error-handling bug in socks-open-proxy that caused it
to fail when scanning a SOCKS4-only proxy
* Improved ntp-info script to handle underscores in returned
data
* Add quake1-info script for retrieving server and player
information from Quake 1 game servers
* Add unicode library for decoding and encoding UTF-8, UTF-16,
CP437 and other character sets to Unicode code points. Scripts
that previously just added or skipped nulls in UTF-16 data can
use this to support non-ASCII characters
* When doing a ping scan (-sn), the --open option will prevent down
hosts from being shown when -v is specified. This aligns with
similar output for othe rscan types
* Add http-ntlm-info script for getting server information from
Web servers that require NTLM authentication
* Added tls library for functions related to SSLv3 and TLS
messages. Existing ssl-enum-ciphers, ssl-date, and
tls-nextprotoneg scripts were updated to use this library
* Add sstp-discover script to discover Microsoft's Secure Socket
Tunnelling Protocol
* Added unittest library and NSE script for adding unit tests to
NSE libraries
* Added allseeingeye-info script
* Add freelancer-info script
* Add http-server-header script
* Add rfc868-time script
* Add weblogic-t3-info script
* Removed a fixed value (28428) which was being set for the Request
ID in the snmpWalk library function
* Add http-iis-short-name-brute script
* Add http-dlink-backdoor
* Made telnet-brute support multiple parallel guessing threads
* Made the table returned by ssh1.fetch_host_key contain a "key"
element, like that of ssh2.fetch_host_key
* Update dns-cache-snoop script to use a new list of top 50
domains rather than a 2010 list
* Added the qconn-exec script
- Ncat:
* Added support for socks5 and corresponding regression tests.
* Fixed compilation when --without-liblua is specified
* Added NCAT_PROTO, NCAT_REMOTE_ADDR, NCAT_REMOTE_PORT,
NCAT_LOCAL_ADDR and NCAT_LOCAL_PORT environment variables being
set in all --*-exec child processes.
- Nsock:
* Handle timers and timeouts via a priority queue
- Various:
* Added TCP support to dns.lua
* Added safe fd_set operations. This makes nmap fail gracefully
instead of crashing when the number of file descriptors grows
over FD_SETSIZE
* Updated bundled liblua from 5.2.2 to 5.2.3 (bugfix release)
* Added version detection signatures and probes for a bunch of
Android remote mouse/keyboard servers, including AndroMouse,
AirHID, Wifi-mouse, and RemoteMouse.
* Fixed a bug with UDP checksum calculation
* Idle scan now supports IPv6
* The ICMP ID of ICMP probes is now matched against the sent ICMP
ID to reduce the chance of false matches
- Zenmap:
* Fixed a crash that would happen when you entered a search
term starting with a colon
- add missing python-gtk dependency for zenmap [bnc#752158]
- update to 6.40
- [Ncat] Added --lua-exec
- new and updated IPv4 OS fingerprints
- new and updated IPv6 OS fingerprints
- new and updated service/version fingerprints
- [Nsock] Added initial proxy support to Nsock
- [NSE] Added 14 NSE scripts
- Updated the Nmap license terms, still GPL-2.0+
https://svn.nmap.org/nmap/COPYING.
- [NSE] fix possibility of writing arbitrary file to client system
when using the http-domino-enum-passwords script with the
domino-enum-passwords.idpath parameter against a malicious server
- Unicast CIDR-style IPv6 range scanning is now supported
- It's now possible to mix IPv4 range notation with CIDR netmasks in
target specifications.
- Timeout script-args are now standardized to use the timespec that
Nmap's command-line arguments take (5s, 5000ms, 1h, etc.)
- Nmap may now partially rearrange its target list for more efficient
host groups.
- [Ncat] The -i option (idle timeout) now works in listen mode as well as
connect mode.
- [Ncat] Ncat now support chained certificates with the --ssl-cert
option.
- [Nping] Nping now checks for a matching ICMP ID on echo replies
- [NSE] The ipOps.isPrivate library now considers the deprecated
site-local prefix fec0::/10 to be private.
- Nmap's routing table is now sorted first by netmask, then by metric.
- Routes are now sorted to prefer those with a lower metric.
- Fixed a byte-ordering problem on little-endian architectures when doing
idle scan with a zombie that uses broken ID increments.
- Stop parsing TCP options after reaching EOL in libnetutil.
- [NSE] The dns-ip6-arpa-scan script now optionally accepts "/" syntax for
a network mask
- Fixed our NSEDoc system for UTF-8 names
- UDP protocol payloads were added for detecting the Murmer service
- [NSE] Added http-phpmyadmin-dir-traversal
- Fixed address matching for SCTP (-PY) ping
- Removed some non-ANSI-C strftime format strings ("%F") and
locale-dependent formats ("%c") from NSE scripts and libraries.
- [Zenmap] Improved internationalization support
- [Zenmap] Fixed internationalization files
- [NSE] Updated the included Liblua from version 5.2.1 to 5.2.2.
- [Nsock] Added a minimal regression test suite for Nsock.
- [NSE] Updated the redis-brute and redis-info scripts to work against
the latest versions of redis server
- [Ncat] Fixed errors in connecting to IPv6 proxies.
- [NSE] Updated hostmap-bfk to work with the latest version of their website
- [NSE] Added XML structured output support to:
+ xmpp-info, irc-info, sslv2, address-info
+ hostmap-bfk, hostmap-robtex, hostmap-ip2hosts.
+ http-git.nse.
- Added new service probes for:
+ Erlang distribution nodes
+ Minecraft servers.
+ Hazelcast data grid.
- [NSE] Rewrote telnet-brute for better compatibility with a variety of
telnet servers.
- Fixed a regression that changed the number of delimiters in machine
output.
- Fixed a regression in broadcast-dropbox-listener which prevented it from
producing output.
- Handle ICMP type 11 (Time Exceeded) responses to port scan probes.
- Add new decoders (BROWSER, DHCP6 and LLMNR) to broadcast-listener and
changed output of some of the decoders slightly.
- Namespace the pipes used to communicate with subprocesses by PID, to avoid
multiple instances of Ncat from interfering with each other.
- [NSE] Changed ip-geolocation-geoplugin to use the web service's new output
format.
- Limited the number of open sockets in ultra_scan to FD_SETSIZE.
- Fixed a bug that prevented Nmap from finding any interfaces when one of
them had the type ARP_HDR_APPLETALK
- [Ncat] Ncat now keeps running in connect mode after receiving EOF from the
remote socket, unless --recv-only is in effect.
- Packet trace of ICMP packets now include the ICMP ID and sequence number
by default.
- [NSE] Fixed various NSEDoc bugs
- [Zenmap] Zenmap now understands the NMAP_PRIVILEGED and NMAP_UNPRIVILEGED
environment variables.
- Added an ncat_assert macro.
- Added nmap-fo.xsl to convert Nmap XML into XSL-FO, which can be converted
into PDF using tools suck as Apache FOP.
- Increased the number of slack file descriptors not used during connect
scan.
- Changed the --webxml XSL stylesheet to point to the new location of
nmap.xsl in the new repository (https://svn.nmap.org/nmap/docs/nmap.xsl).
- [NSE] The vulnerability library can now preserve vulnerability information
across multiple ports of the same host.
- Removed the undocumented -q option, which renamed the nmap process to
something like "pine".
- Moved the Japanese man page from man1/jp to man1/ja. JP is a country code
while JA is a language code.
- [Nsock] Reworked the logging infrastructure to make it more flexible and
consistent.
- [NSE] Fixed scripts using unconnected UDP sockets.
- Made some changes to Ndiff to reduce parsing time when dealing with large
Nmap XML output files.
- [Zenmap] Fixed a crash that could be caused by opening the About dialog,
using the window manager to close it, and opening it again.
- [Ncat] Made test-addrset.sh exit with nonzero status if any tests
fail.
- Fixed compilation with --without-liblua.
- Fixed CRC32c calculation (as used in SCTP scans) on 64-bit
platforms.
- [NSE] Added multicast group name output to broadcast-igmp-discovery.nse.
- [NSE] Added new fingerprints for http-enum: Sitecore, Moodle, typo3,
SquirrelMail, RoundCube.
- Packaging changes:
* remove nmap-ncat-fail-test-addrset.patch, committed upstream
* ja locale was corrected upstream
- add verification of gpg signatures of source tarballs
- run available unit tests
- add nmap-ncat-fail-test-addrset.patch to make ncat tests effective
- add nmap-ncat-skip-network-tests.patch to skip tests requiring
name resolution
- update to 6.25
+ add 373 IPv4 OS fingerprints and improve existing fingerprints
+ add more than 400 service/version detection fingerprints
+ integrate latest IPv6 OS submissions and corrections
+ Enabled support for IPv6 traceroute using UDP, SCTP, and IPProto
(Next Header) probes.
+ Scripts can now return a structured name-value table so that results
are query-able from XML output. Scripts can return a string as
before, or a table, or a table and a string. In this last case, the
table will go to XML output and the string will go to screen output.
+ Ncat: Added support for Unix domain sockets. The new -U and
--unixsock options activate this mode.
+ removal of Windows dependencies reduces size of source tarball
+ Replaced old RPC grinder with NSE-based implementation
+ Updated Nmap Scripting Engine to use Lua 5.2
+ Added 85 NSE scripts
+ Added 12 new protocol libraries:
* ajp (Apache JServ Protocol)
* base32 (Base32 encoding/decoding - RFC 4648)
* bjnp (Canon BJNP printer/scanner discovery protocol)
* cassandra (Cassandra database protocol)
* eigrp (Cisco Enhanced Interior Gateway Routing Protocol)
* gps (Global Positioning System - does GPRMC NMEA decoding)
* ipp (CUPS Internet Printing Protocol)
* isns (Internet Storage Name Service)
* jdwp (Java Debug Wire Protocol)
* mobileme (a service for managing Apple/Mac devices)
* ospf (Open Shortest Path First routing protocol)
* rdp (Remote Desktop Protocol)
+ added more Common Platform Enumeration (CPE) identifiers
+ Scans that use OS sockets (including TCP connect scan, version
detection, and script scan) now use the SO_BINDTODEVICE sockopt on
Linux, so that the -e (select network device) option is
honored.
+ [Zenmap] Host filters can now do negative matching, for example you
can use "os:!linux" to match hosts NOT detected as Linux.
+ further minor improvements and bug fixes as listed in
http://nmap.org/changelog.html
- for openSUSE releases where lua 5.2 is available, build with that
library, otherwise use the library that comes with the sources
- add tests for the correct system or included libraries
- refresh nmap-4.75-nostrip.patch
- refresh su-to-zenmap.patch
- update manpages glob to fix Factory build
- update to upstream 6.0.1
* fix a zenmap a crash that happened when activating the host filter.
* fix finding network interfaces if one of them is in monitor mode
* fixx greppable output of hosts that time-out
- update to upstream 6.00
* enhanced Nmap Scripting Engine
* Better Web Scanning
* Full IPv6 Support
* New NPing Tool
* Better Zenmap GUI & results viewer
* Faster scans
* for a full list of changes see http://nmap.org/6/#changes and
http://nmap.org/changelog.html
- refresh nmap-4.00-libpcap-filter.diff
- as nmap is built with the inluded and stripped nmap-libdnet-1.12,
remove system libdnet as build requirement
- Update to nmap-5.61TEST5
- refresh nmap-4.00-libpcap-filter.diff for moved source lines
- refresh nmap-4.00-noreturn.diff for moved source lines
- refresh nmap-4.75-nostrip.patch for moved source lines
- update nmap-5.00-desktop_files.patch
to nmap-5.61-desktop_files.patch for change source
- update su-to-zenmap.patch for moved source lines
- Conditionally change lua-devel BuildRequires to lua51-devel on
openSUSE > 12.1. The code is not yet ready for lua 5.2.
- Fixed a run Zenmap as sudo in KDE and GNOME
- Update to nmap 5.61-xxx branch, changelog too long, see NEWS
for details.
- Add a new subpackage "nping"
- drop no-md2.patch already in upstream.
- add nmap-5.21-gnomesu.patch (fixed bnc#613847)
- spec file clean up to build on SLE and openSUSE < 11.3
- update to 5.21
* Dramatically improved the version detection database, integrating
2,596 submissions that users contributed since February 3, 2009!
* bugfixes
- disable md2 in the scripting language (no longer supplied
by default openssl)
- fixed bnc#528581
- Pascal updated to 5.00 with way too many changes to list them,
see /usr/share/doc/packages/nmap/CHANGELOG
- introduce ncat and ndiff packages providing tools for nmap scans
- use new python macros
- remove strip so we have debuginfos
- Update to 4.75
* [Zenmap] Added a new Scan Topology system.
* [Zenmap] Another exciting new Zenmap feature is Scan
Aggregation.
* [Zenmap] Added a context-sensitive help system to the Profile
Editor.
* Expanded nmap-services to include information on how frequently
each port number is found open.
* Nmap now scans the most common 1,000 ports by default in either
protocol (UDP scan is still optional).
* Nmap fast scan (-F) now scans the top 100 ports by default in
either protocol.
* The --top-ports option lets you specify the number of ports you
wish to scan in each protocol, and will pick the most popular
ports for you based on the new frequency data.
* integrated all of the OS detection fingerprint and correction
submissions
- rename nmap-gtk subpackage to zenmap
- update to version 4.68
* Too many changes to list, see http://nmap.org/changelog.html
- update to version 4.60 tons of bugfixes, see http://nmap.org/changelog.html
- Wrong files for package nmap in openSUSE:Factory [BNC #369021]
- We have to buildrequire lua-devel, otherwise bundled is used
- fix packaging issues
- update to version 4.53 which
o Added UPnP-info NSE script. It gathers information from the
UPnP service (UDP port 1900) which listens on many network
devices such as routers, printers, and networked media players.
o Fix a lot of Bugs
o The Nmap Scripting Engine (NSE) now supports run-time interaction
and the Nmap --host-timeout option.
- changed libpcap to libpcap-devel in BuildRequires
- change last patch to build
- fix build bug
- update to version 4.20 which
o Integrated the latest OS fingerprint submissions
o Fix Bugs
- GNOME moved to /usr
- build against system provided libdnet
- update to version 4.11 which
o Added a dozens of more detailed SSH version detection
signatures
o Fixed the Nmap Makefile
o Fixed a compilation problem on solaris and possibly other
platforms.
o Applied a patch which helps with HP-UX compilation by linking
in the nm library (-lnm
o Added version detection probes for detecting the Nessus daemon.
- Reduce BuildRequires.
- update to 4.0 final. Only some metadata updates
- added pcre-devel to buildrequires
- updated to 3.999 which includes:
o Upgraded the included LibPCRE from version 6.3 to 6.4.
o Integrated all remaining 2005 service submissions.
o Added run time interaction
o Reverse DNS resolution is now done in parallel
o Added the --badsum option, which causes Nmap to use invalid TCP or
UDP checksums for packets sent to target hosts.
o More excellent NmapFE patches from Priit Laes
o Added --max_retries option
o Many of the Nmap low-level timing options take a value in
milliseconds.
o Made some changes to allow source port zero scans (-g0).
- converted neededforbuild to BuildRequires
- 3.95 update
- 3.93 update (fixes #129227)
- fix specfile
- fix C++ Problem with gcc 4.1
- fix Makefile.in to use RPM_OPT_FLAGS
- Update to nmap-3.90
- use internal pcre to avoid problems with SYN scan
[#104337]
- Don't strip binaries
- Build against system libpcap/libpcre to avoid libpcap bugs
[Bug #98249]
- Moved desktop file, added icon (#73653).
- fix return values of gencode.c.
- Update to nmap-3.81
- Update to nmap-3.80
- Update to nmap-3.77
- Update to nmap-3.75
- Update to nmap-3.70
- Update to nmap-3.55
- Fix accidental deletion of specfile tag
- Add openssl to #nfb in order to enable SSL-scan-through support
- Update to nmap-3.50
- move nmapfe/xnmap to a subpackage nmap-gtk
- make use of openssl
- fix DESTDIR patch
- dont build as root
- Update to version 3.48
- add Categories
- Update to version 3.30
- Update to version 3.28
- Update to nmap-3.27
- Use %defattr
- Update to nmap-3.20
- removed bogus self-provides
- fix neededforbuild
- use BuildRoot
- add missing files to file list
- long awaited version 3.00. News:
* 700 operation systems + network devices in fingerprint database
* uptime scan
* XML output
* all references to God in error messages are capitalized
added filter.dif security fix for homegrown libpcap.
- new version 2.54BETA30.
- fixed specfile to build (suse_update_config before autoconf)
- update to 2.54BETA22
- Add %suse_update_config.
- fixed inet_aton detection
- fix neededforbuild
- update to 2.53, move /usr/lib/nmap to /usr/share/nmap
- Version 2.3BETA14. Move manpage to /usr/share/man
- update to version 2.3BETA6
- new version 2.12
- ran old prepare_spec on spec file to switch to new prepare_spec.
- new package, version 2.02
OBS-URL: https://build.opensuse.org/package/show/network:utilities/nmap?expand=0&rev=136
2024-07-26 09:34:37 +00:00
|
|
|
pushd zenmap
|
|
|
|
|
%pyproject_wheel
|
|
|
|
|
popd
|
2007-01-07 23:48:21 +00:00
|
|
|
|
|
|
|
|
%install
|
2015-03-03 20:08:34 +00:00
|
|
|
make DESTDIR=%{buildroot} deskdir="%{_datadir}/gnome/apps/Utilities/" install
|
2018-05-10 23:07:02 +00:00
|
|
|
install -d "%{buildroot}%{_datadir}/pixmaps/"
|
- Update to 7.95:
* Integrated over 4,000 of your IPv4 OS fingerprints. Added 336 signatures,
bringing the new total to 6,036. Additions include iOS 15 & 16, macOS
Ventura & Monterey, Linux 6.1, OpenBSD 7.1, and lwIP 2.2
* Integrated over 2,500 service/version detection fingerprints. The signature
count went up 1.4% to 12,089, including 9 new softmatches. We now detect
1,246 protocols, including new additions of grpc, mysqlx, essnet,
remotemouse, and tuya.
* Added four new scripts from the DINA community for querying industrial
control systems
* Improvements to OS detection fingerprint matching, including a syntax
change for nmap-os-db that allows ranges within the TCP Options
string. This leads to more concise and maintainable fingerprints. [Daniel
Miller]
* Improved the OS detection engine by using a new source port for each retry.
Scans from systems such as Windows that do not send RST for unsolicited
SYN|ACK responses were previously unable to get a response in subsequent
tries. [Daniel Miller]
* Several profile-guided optimizations of the port scan engine. [Daniel Miller]
* Upgraded included libraries: Lua 5.4.6, libpcre2 10.43, zlib 1.3.1, libssh2
1.11.0, liblinear 2.47
* Zenmap and Ndiff now use setuptools, not distutils
for packaging.
* Fixed Ncat UDP server mode to not quit after EOF on
stdin.
* ssh-auth-methods will now print the pre-authentication banner text
when available. Requires libssh2 1.11.0 or later. [Daniel Miller]
* Fix a crash in Zenmap when changing a host comment.
* Fix TLS 1.2 signature algorithms for EdDSA. [Daniel Roethlisberger]
* Fix an out-of-bounds read which led to out-of-memory errors when
duplicate addresses were used with --exclude
* Fixed a memory leak in Nsock: compiled pcap filters were not freed.
* Fixed a crash when using service name wildcards with -p, as in -p "http*"
* Fixed DNS TXT record parsing bug which caused asn-query to fail in
Nmap 7.80 and later. [David Fifield, Mike Pattrick]
* Fixed packet size testing in KNX scripts [f0rw4rd]
- Remove nmap-7.94-handle-unknown-service-name-in-p.patch
- Add zenmap-fix-locale-install.patch
* Fix locale files installation for zenmap
- Use %pyproject macros for building and installing zenmap
- fix segfault with -p (boo#1221403)
add nmap-7.94-handle-unknown-service-name-in-p.patch
- Update License to 'SUSE-NonFree" until determined otherwise
to please checks in openSUSE:Factory:NonFree (boo#1211571)
- Fix build error and wrong requires. Lua version 5.4.4 is required.
But something in opensuse lua package is broken. Set it disable for
Leap too and not only for Tumbleweed.
- Update to 7.94:
* Zenmap and Ndiff now use Python 3
* Nmap now prints vendor names based on MAC address for MA-S (24-bit),
MA-M (28-bit), and MA-L (36-bit) registrations instead of the fixed
3-byte MAC prefix used previously for lookups.
* Lots of profile-guided memory and processing improvements for Nmap,
including OS fingerprint matching, probe matching and retransmission
lookups for large hostgroups, and service name lookups.
* Integrated many of the most-submitted IPv4 OS fingerprints for recent
versions of Windows, iOS, macOS, Linux, and BSD.
* Added the tftp-version script which requests a nonexistent file from a
TFTP server and matches the error message to a database of known software.
* Ncat can now accept "connections" from multiple UDP hosts in listen mode
with the --keep-open option. This also enables --broker and --chat via UDP.
* Upgrade included libraries: zlib 1.2.13, Lua 5.4.4, libpcap 1.10.4
* UDP port scan (-sU) and version scan (-sV) now both use the same data source,
nmap-service-probes, for data payloads. Previously, the nmap-payloads file
was used for port scan.
* Nmap's service scan (-sV) can now probe the UDP service behind a DTLS tunnel,
the same as it already does for TCP services with SSL/TLS encryption.
* Ncat in listen mode with --udp --ssl will use DTLS to secure incoming connections.
* Handle Internationalized Domain Names (IDN) like Яндекс.рф on platforms
where getaddrinfo supports the AI_IDN flag. [Daniel Miller]
* Improved DNS domain name parsing to avoid recursion and enforce name length
limits, avoiding a theoretical stack overflow issue with certain crafted
DNS server responses.
- Update License to 'LicenseRef-NPSL-0.95'
- The package is licenced under the ""Nmap Public Source License",
which is not OSI approved. Specify as "LicenseRef-NPSL-0.93".
(boo#1211571)
- Update to 7.93:
* This release commemorates Nmap's 25th anniversary! It all started with this September 1, 1997 Phrack article by Fyodor: https://nmap.org/p51-11.html.
* Ensure Nmap builds with OpenSSL 3.0 using no deprecated API functions. Binaries for this release include OpenSSL 3.0.5.
* Upgrade included libraries: libssh2 1.10.0, zlib 1.2.12, Lua 5.3.6, libpcap 1.10.1
* Fix a bug that prevented Nmap from discovering interfaces on Linux when no IPv4 addresses were configured.
* NSE "exception handling" with nmap.new_try() will no longer result in a stack traceback in debug output
* Update the Nmap output DTD to match actual output since the `<hosthint>` element was added in Nmap 7.90.
* Fix newtargets support: since Nmap 7.92, scripts could not add targets in script pre-scanning phase.
* Scripts dhcp-discover and broadcast-dhcp-discover now support setting a client identifier.
* Script oracle-tns-version was not reporting the version correctly for Oracle 19c or newer
* Script redis-info was crashing or producing inaccurate information about client connections and/or cluster nodes.
* Script ipidseq was broken due to calling an unreachable library function.
* Support for EC crypto was not properly enabled if Nmap was compiled with OpenSSL in a custom location.
* Improvements to event handling and pcap socket garbage collection, fixing potential hangs and crashes.
* Fix TDS7 password encoding for mssql.lua, which had been assuming ASCII input even though other parts of the library had been passing it Unicode.
* Replace deprecated CPEs for IIS with their updated identifier, cpe:/a:microsoft:internet_information_services
* Fix script-terminating error when unknown BSON data types are encountered. Added parsers for most standard data types.
* Fix hostname/certificate comparison and matching to handle ASN.1 strings without null terminators, a similar bug to OpenSSL's CVE-2021-3712.
* Added support for SOCKS5 proxies that return bind addresses as hostnames, instead of IPv4/IPv6 addresses.
- Do not build with python2 support for SLE15-SP4, bsc#1190997
- Tumbleweed is not affected by the following SLE issues:
* bsc#1148742, CVE-2017-18594
* bsc#1135350
* bsc#1133512
- Update to 7.92:
* TLS 1.3 now supported by most scripts for which it is relevant
* Other bugfixes and improvements
* https://nmap.org/changelog.html#7.92
- Also guard the python-devel BuildRequires if we're building for Python 2
- update to 7.91:
* Rectify error "time result cannot be represented" in the AFP
library
* Support setting the SNMP protocol version in via snmp.version
* Fix MySQL library not properly parsing responses
* mysql-audit now defaults to the bundled mysql-cis.audit for
the audit rule base
- update to 7.90:
* New fingerprints for better OS and service/version detection
* 3 new NSE scripts, new protocol libraries and payloads for host discovery,
port scanning and version detection
* 70+ smaller bug fixes and improvements
* Build system upgrades and code quality improvements
- drop netmask_negativ_bitshift.patch (obsolete)
- fix typo in description
- Update to 7.80:
* 11 new NSE scripts
* Added AF_VSOCK (Linux VM sockets) functionality to Nsock and Ncat
* Deprecate and disable the -PR (ARP ping) host discovery option. ARP ping is
already used whenever possible.
* Temporary RSA keys are now 2048-bit to resolve a compatibility issue with
OpenSSL library configured with security level 2.
* See https://nmap.org/changelog#7.80 for the complete changelog.
- Removed patches included upstream:
* nmap-7.70-CVE-2018-15173_pcre_limits.patch
* nmap-7.70-fix_infinite_loop.patch
- Added netmask_negativ_bitshift.patch to fix netmask calculation for certain
architectures.
- add nmap-7.70-fix_infinite_loop.patch to fix infinite loop in
tls-alpn when server is forcing a protocol [bsc#1143277]
- add nmap-7.70-CVE-2018-15173_pcre_limits.patch to reduce LibPCRE
resource limits so that version detection can't use as much of
the stack. Previously Nmap could crash when run on low-memory
systems against target services which are intentionally or
accidentally difficult to match [bsc#1104139] [CVE-2018-15173].
- Trim filler wording from description.
- Trim idempotent %if..%endif blocks.
- Explicitly request bash for bashisms in %install.
- don't build zenmap and ndiff python2 subpackages because of the
python2 deprecation in Tumbleweed
- run spec-cleaner
- tweak Summaries and Descriptions
- Update to 7.70:
* 14 new NSE scripts
* iec-identify probes for the IEC 60870-5-104 SCADA protocol
* ssh-brute performs brute-forcing of SSH password credentials
* See https://nmap.org/changelog.html#7.70 for the complete changelog.
- Nmap 7.60:
* NSE scripts now have complete SSH support via libssh2
* Added 14 NSE scripts from 6 authors, bringing the total up to 579!
* See https://nmap.org/changelog.html#7.60 for the complete changelog.
- Nmap 7.50:
* Integrated all of your service/version detection fingerprints
submitted from September to March (855 of them). The signature
count went up 2.9% to 11,418. We now detect 1193 protocols from
apachemq, bro, and clickhouse to jmon, slmp, and zookeeper.
Highlights: http://seclists.org/nmap-dev/2017/q2/140
* Many added NSE scripts, OS fingerprints, service probes
* See https://nmap.org/changelog.html#7.50 for the complete changelog.
- Nmap 7.40:
* Many added NSE scripts, OS fingerprints, service probes
* New option --defeat-icmp-ratelimit dramatically reduces UDP
scan times in exchange for labeling unresponsive
(and possibly open) ports as "closed|filtered".
* New NSE library, geoip.lua, provides a common framework for
storing and retrieving IP geolocation results.
* See https://nmap.org/changelog.html#7.40 for the complete
changelog.
- Refresh nmap-5.61-desktop_files.patch as
nmap-7.40-desktop_files.patch
- Nmap 7.31:
* Fix the way Nmap handles scanning names that resolve to the
same IP
* Zenmap: Better visual indication that display of hostname is
tied to address in the Topology page
- Nmap 7.30:
* Many added NSE scripts, OS fingerprints, service probes
* Improved output filtering
* Using Lua 5.3
* Many bug fixes, improvements and performance enhancements
- Nmap 7.12:
* Zenmap: Avoid file corruption in zenmap.conf
* NSE: VNC updates
* NSE: Add STARTTLS support for VNC, NNTP, and LMTP
* Add new service probes and match lines for OpenVPN
- Nmap 7.11:
* Add support for diffie-hellman-group-exchange-* SSH key
exchange methods to ssh2.lua, allowing ssh-hostkey to run on
servers that only support custom Diffie-Hellman groups.
* Add support in sslcert.lua for Microsoft SQL Server's TDS
protocol, so you can now grab certs with ssl-cert or check
ciphers with ssl-enum-ciphers.
* Fix crashes in Zenmap
- Nmap 7.10:
* Add 12 NSE scripts
* Integrate OS, service/version detection fingerprint submissions
* Updated to various NSE scripts
* Zenmap: Remember window geometry (position and size) from the
previous time Zenmap was run.
* Give option parsing errors after the long usage statement
* Changed Nmap's idea of reserved and private IP addresses to include
169.254/16 (RFC3927) and remove 6/8, 7/8, and 55/8 networks
(for -iR randomly generated targets)
Usage of own exclusion lists with --exclude or --exclude-file is
recommended to avoid scanning newly-valid addresses belonging to
the US DoD.
* Allow the -4 option for Nmap to indicate IPv4 address family.
* Add verbosity level of 0 (-v0): not text output
- Nmap 7.01:
* various bug fixes in NSE
- Nmap 7.00:
* see /usr/share/doc/packages/nmap/CHANGELOG
- removed patches:
* nmap-4.00-noreturn.diff
* nmap-6.00-libpcap-filter.diff
not needed since we do not build against the bundled libpcap
- updated patch:
* nmap-ncat-skip-network-tests.patch
- Unbreak everything not Factory
- Fix the build for Factory. Insist on lua 5.2.x
- BuildRequire lua52-devel on openSUSE > 13.2 (current Tumbleweed):
nmap has not been ported to LUA 5.3 yet.
- Minor fix in check session: internal lua identifies itself as
5.2.3 by now.
- fix build on SLE 12 by removing gpg-offline dependency
- run spec-cleaner
- Nmap 6.47:
* updated IPv4 OS fingerprints
* Removed the External Entity Declaration from the DOCTYPE in
Nmap's XML. The doctype is now: <!DOCTYPE nmaprun>
* Ncat: Fixed SOCKS5 username/password authentication
* Avoid formatting NULL as "%s" when running nmap --iflist
* Zenmap, Ndiff: Avoid crashing with old PyXML package
* Handle ICMP admin-prohibited messages when doing service version
detection.
* NSE: Fix a bug causing http.head to not honor redirects.
* Zenmap: Fix a bug in DiffViewer causing a crash
- fix self-obsoletion of zenmap (nmap-gtk)
- Nmap 6.46
- NSE:
* Made numerous improvements to ssl-heartbleed to provide
more reliable detection of the vulnerability
* Fix some bugs which could cause snmp-ios-config and
snmp-sysdescr scripts to crash
* Improved performance of citrixlua library when handling large
XML responses containing application lists
- Zenmap:
* Fixed a bug which caused this crash message: "IOError:
[Errno socket error] [Errno 10060] A connection attempt
failed [...]" due to DOCTYPE definition to Nmap's XML output
- Nmap 6.45
- NSE:
* Add ssl-heartbleed script to detect the Heartbleed OpenSSL bug
* Fixed an error-handling bug in socks-open-proxy that caused it
to fail when scanning a SOCKS4-only proxy
* Improved ntp-info script to handle underscores in returned
data
* Add quake1-info script for retrieving server and player
information from Quake 1 game servers
* Add unicode library for decoding and encoding UTF-8, UTF-16,
CP437 and other character sets to Unicode code points. Scripts
that previously just added or skipped nulls in UTF-16 data can
use this to support non-ASCII characters
* When doing a ping scan (-sn), the --open option will prevent down
hosts from being shown when -v is specified. This aligns with
similar output for othe rscan types
* Add http-ntlm-info script for getting server information from
Web servers that require NTLM authentication
* Added tls library for functions related to SSLv3 and TLS
messages. Existing ssl-enum-ciphers, ssl-date, and
tls-nextprotoneg scripts were updated to use this library
* Add sstp-discover script to discover Microsoft's Secure Socket
Tunnelling Protocol
* Added unittest library and NSE script for adding unit tests to
NSE libraries
* Added allseeingeye-info script
* Add freelancer-info script
* Add http-server-header script
* Add rfc868-time script
* Add weblogic-t3-info script
* Removed a fixed value (28428) which was being set for the Request
ID in the snmpWalk library function
* Add http-iis-short-name-brute script
* Add http-dlink-backdoor
* Made telnet-brute support multiple parallel guessing threads
* Made the table returned by ssh1.fetch_host_key contain a "key"
element, like that of ssh2.fetch_host_key
* Update dns-cache-snoop script to use a new list of top 50
domains rather than a 2010 list
* Added the qconn-exec script
- Ncat:
* Added support for socks5 and corresponding regression tests.
* Fixed compilation when --without-liblua is specified
* Added NCAT_PROTO, NCAT_REMOTE_ADDR, NCAT_REMOTE_PORT,
NCAT_LOCAL_ADDR and NCAT_LOCAL_PORT environment variables being
set in all --*-exec child processes.
- Nsock:
* Handle timers and timeouts via a priority queue
- Various:
* Added TCP support to dns.lua
* Added safe fd_set operations. This makes nmap fail gracefully
instead of crashing when the number of file descriptors grows
over FD_SETSIZE
* Updated bundled liblua from 5.2.2 to 5.2.3 (bugfix release)
* Added version detection signatures and probes for a bunch of
Android remote mouse/keyboard servers, including AndroMouse,
AirHID, Wifi-mouse, and RemoteMouse.
* Fixed a bug with UDP checksum calculation
* Idle scan now supports IPv6
* The ICMP ID of ICMP probes is now matched against the sent ICMP
ID to reduce the chance of false matches
- Zenmap:
* Fixed a crash that would happen when you entered a search
term starting with a colon
- add missing python-gtk dependency for zenmap [bnc#752158]
- update to 6.40
- [Ncat] Added --lua-exec
- new and updated IPv4 OS fingerprints
- new and updated IPv6 OS fingerprints
- new and updated service/version fingerprints
- [Nsock] Added initial proxy support to Nsock
- [NSE] Added 14 NSE scripts
- Updated the Nmap license terms, still GPL-2.0+
https://svn.nmap.org/nmap/COPYING.
- [NSE] fix possibility of writing arbitrary file to client system
when using the http-domino-enum-passwords script with the
domino-enum-passwords.idpath parameter against a malicious server
- Unicast CIDR-style IPv6 range scanning is now supported
- It's now possible to mix IPv4 range notation with CIDR netmasks in
target specifications.
- Timeout script-args are now standardized to use the timespec that
Nmap's command-line arguments take (5s, 5000ms, 1h, etc.)
- Nmap may now partially rearrange its target list for more efficient
host groups.
- [Ncat] The -i option (idle timeout) now works in listen mode as well as
connect mode.
- [Ncat] Ncat now support chained certificates with the --ssl-cert
option.
- [Nping] Nping now checks for a matching ICMP ID on echo replies
- [NSE] The ipOps.isPrivate library now considers the deprecated
site-local prefix fec0::/10 to be private.
- Nmap's routing table is now sorted first by netmask, then by metric.
- Routes are now sorted to prefer those with a lower metric.
- Fixed a byte-ordering problem on little-endian architectures when doing
idle scan with a zombie that uses broken ID increments.
- Stop parsing TCP options after reaching EOL in libnetutil.
- [NSE] The dns-ip6-arpa-scan script now optionally accepts "/" syntax for
a network mask
- Fixed our NSEDoc system for UTF-8 names
- UDP protocol payloads were added for detecting the Murmer service
- [NSE] Added http-phpmyadmin-dir-traversal
- Fixed address matching for SCTP (-PY) ping
- Removed some non-ANSI-C strftime format strings ("%F") and
locale-dependent formats ("%c") from NSE scripts and libraries.
- [Zenmap] Improved internationalization support
- [Zenmap] Fixed internationalization files
- [NSE] Updated the included Liblua from version 5.2.1 to 5.2.2.
- [Nsock] Added a minimal regression test suite for Nsock.
- [NSE] Updated the redis-brute and redis-info scripts to work against
the latest versions of redis server
- [Ncat] Fixed errors in connecting to IPv6 proxies.
- [NSE] Updated hostmap-bfk to work with the latest version of their website
- [NSE] Added XML structured output support to:
+ xmpp-info, irc-info, sslv2, address-info
+ hostmap-bfk, hostmap-robtex, hostmap-ip2hosts.
+ http-git.nse.
- Added new service probes for:
+ Erlang distribution nodes
+ Minecraft servers.
+ Hazelcast data grid.
- [NSE] Rewrote telnet-brute for better compatibility with a variety of
telnet servers.
- Fixed a regression that changed the number of delimiters in machine
output.
- Fixed a regression in broadcast-dropbox-listener which prevented it from
producing output.
- Handle ICMP type 11 (Time Exceeded) responses to port scan probes.
- Add new decoders (BROWSER, DHCP6 and LLMNR) to broadcast-listener and
changed output of some of the decoders slightly.
- Namespace the pipes used to communicate with subprocesses by PID, to avoid
multiple instances of Ncat from interfering with each other.
- [NSE] Changed ip-geolocation-geoplugin to use the web service's new output
format.
- Limited the number of open sockets in ultra_scan to FD_SETSIZE.
- Fixed a bug that prevented Nmap from finding any interfaces when one of
them had the type ARP_HDR_APPLETALK
- [Ncat] Ncat now keeps running in connect mode after receiving EOF from the
remote socket, unless --recv-only is in effect.
- Packet trace of ICMP packets now include the ICMP ID and sequence number
by default.
- [NSE] Fixed various NSEDoc bugs
- [Zenmap] Zenmap now understands the NMAP_PRIVILEGED and NMAP_UNPRIVILEGED
environment variables.
- Added an ncat_assert macro.
- Added nmap-fo.xsl to convert Nmap XML into XSL-FO, which can be converted
into PDF using tools suck as Apache FOP.
- Increased the number of slack file descriptors not used during connect
scan.
- Changed the --webxml XSL stylesheet to point to the new location of
nmap.xsl in the new repository (https://svn.nmap.org/nmap/docs/nmap.xsl).
- [NSE] The vulnerability library can now preserve vulnerability information
across multiple ports of the same host.
- Removed the undocumented -q option, which renamed the nmap process to
something like "pine".
- Moved the Japanese man page from man1/jp to man1/ja. JP is a country code
while JA is a language code.
- [Nsock] Reworked the logging infrastructure to make it more flexible and
consistent.
- [NSE] Fixed scripts using unconnected UDP sockets.
- Made some changes to Ndiff to reduce parsing time when dealing with large
Nmap XML output files.
- [Zenmap] Fixed a crash that could be caused by opening the About dialog,
using the window manager to close it, and opening it again.
- [Ncat] Made test-addrset.sh exit with nonzero status if any tests
fail.
- Fixed compilation with --without-liblua.
- Fixed CRC32c calculation (as used in SCTP scans) on 64-bit
platforms.
- [NSE] Added multicast group name output to broadcast-igmp-discovery.nse.
- [NSE] Added new fingerprints for http-enum: Sitecore, Moodle, typo3,
SquirrelMail, RoundCube.
- Packaging changes:
* remove nmap-ncat-fail-test-addrset.patch, committed upstream
* ja locale was corrected upstream
- add verification of gpg signatures of source tarballs
- run available unit tests
- add nmap-ncat-fail-test-addrset.patch to make ncat tests effective
- add nmap-ncat-skip-network-tests.patch to skip tests requiring
name resolution
- update to 6.25
+ add 373 IPv4 OS fingerprints and improve existing fingerprints
+ add more than 400 service/version detection fingerprints
+ integrate latest IPv6 OS submissions and corrections
+ Enabled support for IPv6 traceroute using UDP, SCTP, and IPProto
(Next Header) probes.
+ Scripts can now return a structured name-value table so that results
are query-able from XML output. Scripts can return a string as
before, or a table, or a table and a string. In this last case, the
table will go to XML output and the string will go to screen output.
+ Ncat: Added support for Unix domain sockets. The new -U and
--unixsock options activate this mode.
+ removal of Windows dependencies reduces size of source tarball
+ Replaced old RPC grinder with NSE-based implementation
+ Updated Nmap Scripting Engine to use Lua 5.2
+ Added 85 NSE scripts
+ Added 12 new protocol libraries:
* ajp (Apache JServ Protocol)
* base32 (Base32 encoding/decoding - RFC 4648)
* bjnp (Canon BJNP printer/scanner discovery protocol)
* cassandra (Cassandra database protocol)
* eigrp (Cisco Enhanced Interior Gateway Routing Protocol)
* gps (Global Positioning System - does GPRMC NMEA decoding)
* ipp (CUPS Internet Printing Protocol)
* isns (Internet Storage Name Service)
* jdwp (Java Debug Wire Protocol)
* mobileme (a service for managing Apple/Mac devices)
* ospf (Open Shortest Path First routing protocol)
* rdp (Remote Desktop Protocol)
+ added more Common Platform Enumeration (CPE) identifiers
+ Scans that use OS sockets (including TCP connect scan, version
detection, and script scan) now use the SO_BINDTODEVICE sockopt on
Linux, so that the -e (select network device) option is
honored.
+ [Zenmap] Host filters can now do negative matching, for example you
can use "os:!linux" to match hosts NOT detected as Linux.
+ further minor improvements and bug fixes as listed in
http://nmap.org/changelog.html
- for openSUSE releases where lua 5.2 is available, build with that
library, otherwise use the library that comes with the sources
- add tests for the correct system or included libraries
- refresh nmap-4.75-nostrip.patch
- refresh su-to-zenmap.patch
- update manpages glob to fix Factory build
- update to upstream 6.0.1
* fix a zenmap a crash that happened when activating the host filter.
* fix finding network interfaces if one of them is in monitor mode
* fixx greppable output of hosts that time-out
- update to upstream 6.00
* enhanced Nmap Scripting Engine
* Better Web Scanning
* Full IPv6 Support
* New NPing Tool
* Better Zenmap GUI & results viewer
* Faster scans
* for a full list of changes see http://nmap.org/6/#changes and
http://nmap.org/changelog.html
- refresh nmap-4.00-libpcap-filter.diff
- as nmap is built with the inluded and stripped nmap-libdnet-1.12,
remove system libdnet as build requirement
- Update to nmap-5.61TEST5
- refresh nmap-4.00-libpcap-filter.diff for moved source lines
- refresh nmap-4.00-noreturn.diff for moved source lines
- refresh nmap-4.75-nostrip.patch for moved source lines
- update nmap-5.00-desktop_files.patch
to nmap-5.61-desktop_files.patch for change source
- update su-to-zenmap.patch for moved source lines
- Conditionally change lua-devel BuildRequires to lua51-devel on
openSUSE > 12.1. The code is not yet ready for lua 5.2.
- Fixed a run Zenmap as sudo in KDE and GNOME
- Update to nmap 5.61-xxx branch, changelog too long, see NEWS
for details.
- Add a new subpackage "nping"
- drop no-md2.patch already in upstream.
- add nmap-5.21-gnomesu.patch (fixed bnc#613847)
- spec file clean up to build on SLE and openSUSE < 11.3
- update to 5.21
* Dramatically improved the version detection database, integrating
2,596 submissions that users contributed since February 3, 2009!
* bugfixes
- disable md2 in the scripting language (no longer supplied
by default openssl)
- fixed bnc#528581
- Pascal updated to 5.00 with way too many changes to list them,
see /usr/share/doc/packages/nmap/CHANGELOG
- introduce ncat and ndiff packages providing tools for nmap scans
- use new python macros
- remove strip so we have debuginfos
- Update to 4.75
* [Zenmap] Added a new Scan Topology system.
* [Zenmap] Another exciting new Zenmap feature is Scan
Aggregation.
* [Zenmap] Added a context-sensitive help system to the Profile
Editor.
* Expanded nmap-services to include information on how frequently
each port number is found open.
* Nmap now scans the most common 1,000 ports by default in either
protocol (UDP scan is still optional).
* Nmap fast scan (-F) now scans the top 100 ports by default in
either protocol.
* The --top-ports option lets you specify the number of ports you
wish to scan in each protocol, and will pick the most popular
ports for you based on the new frequency data.
* integrated all of the OS detection fingerprint and correction
submissions
- rename nmap-gtk subpackage to zenmap
- update to version 4.68
* Too many changes to list, see http://nmap.org/changelog.html
- update to version 4.60 tons of bugfixes, see http://nmap.org/changelog.html
- Wrong files for package nmap in openSUSE:Factory [BNC #369021]
- We have to buildrequire lua-devel, otherwise bundled is used
- fix packaging issues
- update to version 4.53 which
o Added UPnP-info NSE script. It gathers information from the
UPnP service (UDP port 1900) which listens on many network
devices such as routers, printers, and networked media players.
o Fix a lot of Bugs
o The Nmap Scripting Engine (NSE) now supports run-time interaction
and the Nmap --host-timeout option.
- changed libpcap to libpcap-devel in BuildRequires
- change last patch to build
- fix build bug
- update to version 4.20 which
o Integrated the latest OS fingerprint submissions
o Fix Bugs
- GNOME moved to /usr
- build against system provided libdnet
- update to version 4.11 which
o Added a dozens of more detailed SSH version detection
signatures
o Fixed the Nmap Makefile
o Fixed a compilation problem on solaris and possibly other
platforms.
o Applied a patch which helps with HP-UX compilation by linking
in the nm library (-lnm
o Added version detection probes for detecting the Nessus daemon.
- Reduce BuildRequires.
- update to 4.0 final. Only some metadata updates
- added pcre-devel to buildrequires
- updated to 3.999 which includes:
o Upgraded the included LibPCRE from version 6.3 to 6.4.
o Integrated all remaining 2005 service submissions.
o Added run time interaction
o Reverse DNS resolution is now done in parallel
o Added the --badsum option, which causes Nmap to use invalid TCP or
UDP checksums for packets sent to target hosts.
o More excellent NmapFE patches from Priit Laes
o Added --max_retries option
o Many of the Nmap low-level timing options take a value in
milliseconds.
o Made some changes to allow source port zero scans (-g0).
- converted neededforbuild to BuildRequires
- 3.95 update
- 3.93 update (fixes #129227)
- fix specfile
- fix C++ Problem with gcc 4.1
- fix Makefile.in to use RPM_OPT_FLAGS
- Update to nmap-3.90
- use internal pcre to avoid problems with SYN scan
[#104337]
- Don't strip binaries
- Build against system libpcap/libpcre to avoid libpcap bugs
[Bug #98249]
- Moved desktop file, added icon (#73653).
- fix return values of gencode.c.
- Update to nmap-3.81
- Update to nmap-3.80
- Update to nmap-3.77
- Update to nmap-3.75
- Update to nmap-3.70
- Update to nmap-3.55
- Fix accidental deletion of specfile tag
- Add openssl to #nfb in order to enable SSL-scan-through support
- Update to nmap-3.50
- move nmapfe/xnmap to a subpackage nmap-gtk
- make use of openssl
- fix DESTDIR patch
- dont build as root
- Update to version 3.48
- add Categories
- Update to version 3.30
- Update to version 3.28
- Update to nmap-3.27
- Use %defattr
- Update to nmap-3.20
- removed bogus self-provides
- fix neededforbuild
- use BuildRoot
- add missing files to file list
- long awaited version 3.00. News:
* 700 operation systems + network devices in fingerprint database
* uptime scan
* XML output
* all references to God in error messages are capitalized
added filter.dif security fix for homegrown libpcap.
- new version 2.54BETA30.
- fixed specfile to build (suse_update_config before autoconf)
- update to 2.54BETA22
- Add %suse_update_config.
- fixed inet_aton detection
- fix neededforbuild
- update to 2.53, move /usr/lib/nmap to /usr/share/nmap
- Version 2.3BETA14. Move manpage to /usr/share/man
- update to version 2.3BETA6
- new version 2.12
- ran old prepare_spec on spec file to switch to new prepare_spec.
- new package, version 2.02
OBS-URL: https://build.opensuse.org/package/show/network:utilities/nmap?expand=0&rev=136
2024-07-26 09:34:37 +00:00
|
|
|
install -d "%{buildroot}%{_datadir}/applications/"
|
2018-05-10 23:07:02 +00:00
|
|
|
|
2015-11-23 04:12:32 +00:00
|
|
|
rm "%{buildroot}%{_bindir}/uninstall_ndiff"
|
- Update to 7.95:
* Integrated over 4,000 of your IPv4 OS fingerprints. Added 336 signatures,
bringing the new total to 6,036. Additions include iOS 15 & 16, macOS
Ventura & Monterey, Linux 6.1, OpenBSD 7.1, and lwIP 2.2
* Integrated over 2,500 service/version detection fingerprints. The signature
count went up 1.4% to 12,089, including 9 new softmatches. We now detect
1,246 protocols, including new additions of grpc, mysqlx, essnet,
remotemouse, and tuya.
* Added four new scripts from the DINA community for querying industrial
control systems
* Improvements to OS detection fingerprint matching, including a syntax
change for nmap-os-db that allows ranges within the TCP Options
string. This leads to more concise and maintainable fingerprints. [Daniel
Miller]
* Improved the OS detection engine by using a new source port for each retry.
Scans from systems such as Windows that do not send RST for unsolicited
SYN|ACK responses were previously unable to get a response in subsequent
tries. [Daniel Miller]
* Several profile-guided optimizations of the port scan engine. [Daniel Miller]
* Upgraded included libraries: Lua 5.4.6, libpcre2 10.43, zlib 1.3.1, libssh2
1.11.0, liblinear 2.47
* Zenmap and Ndiff now use setuptools, not distutils
for packaging.
* Fixed Ncat UDP server mode to not quit after EOF on
stdin.
* ssh-auth-methods will now print the pre-authentication banner text
when available. Requires libssh2 1.11.0 or later. [Daniel Miller]
* Fix a crash in Zenmap when changing a host comment.
* Fix TLS 1.2 signature algorithms for EdDSA. [Daniel Roethlisberger]
* Fix an out-of-bounds read which led to out-of-memory errors when
duplicate addresses were used with --exclude
* Fixed a memory leak in Nsock: compiled pcap filters were not freed.
* Fixed a crash when using service name wildcards with -p, as in -p "http*"
* Fixed DNS TXT record parsing bug which caused asn-query to fail in
Nmap 7.80 and later. [David Fifield, Mike Pattrick]
* Fixed packet size testing in KNX scripts [f0rw4rd]
- Remove nmap-7.94-handle-unknown-service-name-in-p.patch
- Add zenmap-fix-locale-install.patch
* Fix locale files installation for zenmap
- Use %pyproject macros for building and installing zenmap
- fix segfault with -p (boo#1221403)
add nmap-7.94-handle-unknown-service-name-in-p.patch
- Update License to 'SUSE-NonFree" until determined otherwise
to please checks in openSUSE:Factory:NonFree (boo#1211571)
- Fix build error and wrong requires. Lua version 5.4.4 is required.
But something in opensuse lua package is broken. Set it disable for
Leap too and not only for Tumbleweed.
- Update to 7.94:
* Zenmap and Ndiff now use Python 3
* Nmap now prints vendor names based on MAC address for MA-S (24-bit),
MA-M (28-bit), and MA-L (36-bit) registrations instead of the fixed
3-byte MAC prefix used previously for lookups.
* Lots of profile-guided memory and processing improvements for Nmap,
including OS fingerprint matching, probe matching and retransmission
lookups for large hostgroups, and service name lookups.
* Integrated many of the most-submitted IPv4 OS fingerprints for recent
versions of Windows, iOS, macOS, Linux, and BSD.
* Added the tftp-version script which requests a nonexistent file from a
TFTP server and matches the error message to a database of known software.
* Ncat can now accept "connections" from multiple UDP hosts in listen mode
with the --keep-open option. This also enables --broker and --chat via UDP.
* Upgrade included libraries: zlib 1.2.13, Lua 5.4.4, libpcap 1.10.4
* UDP port scan (-sU) and version scan (-sV) now both use the same data source,
nmap-service-probes, for data payloads. Previously, the nmap-payloads file
was used for port scan.
* Nmap's service scan (-sV) can now probe the UDP service behind a DTLS tunnel,
the same as it already does for TCP services with SSL/TLS encryption.
* Ncat in listen mode with --udp --ssl will use DTLS to secure incoming connections.
* Handle Internationalized Domain Names (IDN) like Яндекс.рф on platforms
where getaddrinfo supports the AI_IDN flag. [Daniel Miller]
* Improved DNS domain name parsing to avoid recursion and enforce name length
limits, avoiding a theoretical stack overflow issue with certain crafted
DNS server responses.
- Update License to 'LicenseRef-NPSL-0.95'
- The package is licenced under the ""Nmap Public Source License",
which is not OSI approved. Specify as "LicenseRef-NPSL-0.93".
(boo#1211571)
- Update to 7.93:
* This release commemorates Nmap's 25th anniversary! It all started with this September 1, 1997 Phrack article by Fyodor: https://nmap.org/p51-11.html.
* Ensure Nmap builds with OpenSSL 3.0 using no deprecated API functions. Binaries for this release include OpenSSL 3.0.5.
* Upgrade included libraries: libssh2 1.10.0, zlib 1.2.12, Lua 5.3.6, libpcap 1.10.1
* Fix a bug that prevented Nmap from discovering interfaces on Linux when no IPv4 addresses were configured.
* NSE "exception handling" with nmap.new_try() will no longer result in a stack traceback in debug output
* Update the Nmap output DTD to match actual output since the `<hosthint>` element was added in Nmap 7.90.
* Fix newtargets support: since Nmap 7.92, scripts could not add targets in script pre-scanning phase.
* Scripts dhcp-discover and broadcast-dhcp-discover now support setting a client identifier.
* Script oracle-tns-version was not reporting the version correctly for Oracle 19c or newer
* Script redis-info was crashing or producing inaccurate information about client connections and/or cluster nodes.
* Script ipidseq was broken due to calling an unreachable library function.
* Support for EC crypto was not properly enabled if Nmap was compiled with OpenSSL in a custom location.
* Improvements to event handling and pcap socket garbage collection, fixing potential hangs and crashes.
* Fix TDS7 password encoding for mssql.lua, which had been assuming ASCII input even though other parts of the library had been passing it Unicode.
* Replace deprecated CPEs for IIS with their updated identifier, cpe:/a:microsoft:internet_information_services
* Fix script-terminating error when unknown BSON data types are encountered. Added parsers for most standard data types.
* Fix hostname/certificate comparison and matching to handle ASN.1 strings without null terminators, a similar bug to OpenSSL's CVE-2021-3712.
* Added support for SOCKS5 proxies that return bind addresses as hostnames, instead of IPv4/IPv6 addresses.
- Do not build with python2 support for SLE15-SP4, bsc#1190997
- Tumbleweed is not affected by the following SLE issues:
* bsc#1148742, CVE-2017-18594
* bsc#1135350
* bsc#1133512
- Update to 7.92:
* TLS 1.3 now supported by most scripts for which it is relevant
* Other bugfixes and improvements
* https://nmap.org/changelog.html#7.92
- Also guard the python-devel BuildRequires if we're building for Python 2
- update to 7.91:
* Rectify error "time result cannot be represented" in the AFP
library
* Support setting the SNMP protocol version in via snmp.version
* Fix MySQL library not properly parsing responses
* mysql-audit now defaults to the bundled mysql-cis.audit for
the audit rule base
- update to 7.90:
* New fingerprints for better OS and service/version detection
* 3 new NSE scripts, new protocol libraries and payloads for host discovery,
port scanning and version detection
* 70+ smaller bug fixes and improvements
* Build system upgrades and code quality improvements
- drop netmask_negativ_bitshift.patch (obsolete)
- fix typo in description
- Update to 7.80:
* 11 new NSE scripts
* Added AF_VSOCK (Linux VM sockets) functionality to Nsock and Ncat
* Deprecate and disable the -PR (ARP ping) host discovery option. ARP ping is
already used whenever possible.
* Temporary RSA keys are now 2048-bit to resolve a compatibility issue with
OpenSSL library configured with security level 2.
* See https://nmap.org/changelog#7.80 for the complete changelog.
- Removed patches included upstream:
* nmap-7.70-CVE-2018-15173_pcre_limits.patch
* nmap-7.70-fix_infinite_loop.patch
- Added netmask_negativ_bitshift.patch to fix netmask calculation for certain
architectures.
- add nmap-7.70-fix_infinite_loop.patch to fix infinite loop in
tls-alpn when server is forcing a protocol [bsc#1143277]
- add nmap-7.70-CVE-2018-15173_pcre_limits.patch to reduce LibPCRE
resource limits so that version detection can't use as much of
the stack. Previously Nmap could crash when run on low-memory
systems against target services which are intentionally or
accidentally difficult to match [bsc#1104139] [CVE-2018-15173].
- Trim filler wording from description.
- Trim idempotent %if..%endif blocks.
- Explicitly request bash for bashisms in %install.
- don't build zenmap and ndiff python2 subpackages because of the
python2 deprecation in Tumbleweed
- run spec-cleaner
- tweak Summaries and Descriptions
- Update to 7.70:
* 14 new NSE scripts
* iec-identify probes for the IEC 60870-5-104 SCADA protocol
* ssh-brute performs brute-forcing of SSH password credentials
* See https://nmap.org/changelog.html#7.70 for the complete changelog.
- Nmap 7.60:
* NSE scripts now have complete SSH support via libssh2
* Added 14 NSE scripts from 6 authors, bringing the total up to 579!
* See https://nmap.org/changelog.html#7.60 for the complete changelog.
- Nmap 7.50:
* Integrated all of your service/version detection fingerprints
submitted from September to March (855 of them). The signature
count went up 2.9% to 11,418. We now detect 1193 protocols from
apachemq, bro, and clickhouse to jmon, slmp, and zookeeper.
Highlights: http://seclists.org/nmap-dev/2017/q2/140
* Many added NSE scripts, OS fingerprints, service probes
* See https://nmap.org/changelog.html#7.50 for the complete changelog.
- Nmap 7.40:
* Many added NSE scripts, OS fingerprints, service probes
* New option --defeat-icmp-ratelimit dramatically reduces UDP
scan times in exchange for labeling unresponsive
(and possibly open) ports as "closed|filtered".
* New NSE library, geoip.lua, provides a common framework for
storing and retrieving IP geolocation results.
* See https://nmap.org/changelog.html#7.40 for the complete
changelog.
- Refresh nmap-5.61-desktop_files.patch as
nmap-7.40-desktop_files.patch
- Nmap 7.31:
* Fix the way Nmap handles scanning names that resolve to the
same IP
* Zenmap: Better visual indication that display of hostname is
tied to address in the Topology page
- Nmap 7.30:
* Many added NSE scripts, OS fingerprints, service probes
* Improved output filtering
* Using Lua 5.3
* Many bug fixes, improvements and performance enhancements
- Nmap 7.12:
* Zenmap: Avoid file corruption in zenmap.conf
* NSE: VNC updates
* NSE: Add STARTTLS support for VNC, NNTP, and LMTP
* Add new service probes and match lines for OpenVPN
- Nmap 7.11:
* Add support for diffie-hellman-group-exchange-* SSH key
exchange methods to ssh2.lua, allowing ssh-hostkey to run on
servers that only support custom Diffie-Hellman groups.
* Add support in sslcert.lua for Microsoft SQL Server's TDS
protocol, so you can now grab certs with ssl-cert or check
ciphers with ssl-enum-ciphers.
* Fix crashes in Zenmap
- Nmap 7.10:
* Add 12 NSE scripts
* Integrate OS, service/version detection fingerprint submissions
* Updated to various NSE scripts
* Zenmap: Remember window geometry (position and size) from the
previous time Zenmap was run.
* Give option parsing errors after the long usage statement
* Changed Nmap's idea of reserved and private IP addresses to include
169.254/16 (RFC3927) and remove 6/8, 7/8, and 55/8 networks
(for -iR randomly generated targets)
Usage of own exclusion lists with --exclude or --exclude-file is
recommended to avoid scanning newly-valid addresses belonging to
the US DoD.
* Allow the -4 option for Nmap to indicate IPv4 address family.
* Add verbosity level of 0 (-v0): not text output
- Nmap 7.01:
* various bug fixes in NSE
- Nmap 7.00:
* see /usr/share/doc/packages/nmap/CHANGELOG
- removed patches:
* nmap-4.00-noreturn.diff
* nmap-6.00-libpcap-filter.diff
not needed since we do not build against the bundled libpcap
- updated patch:
* nmap-ncat-skip-network-tests.patch
- Unbreak everything not Factory
- Fix the build for Factory. Insist on lua 5.2.x
- BuildRequire lua52-devel on openSUSE > 13.2 (current Tumbleweed):
nmap has not been ported to LUA 5.3 yet.
- Minor fix in check session: internal lua identifies itself as
5.2.3 by now.
- fix build on SLE 12 by removing gpg-offline dependency
- run spec-cleaner
- Nmap 6.47:
* updated IPv4 OS fingerprints
* Removed the External Entity Declaration from the DOCTYPE in
Nmap's XML. The doctype is now: <!DOCTYPE nmaprun>
* Ncat: Fixed SOCKS5 username/password authentication
* Avoid formatting NULL as "%s" when running nmap --iflist
* Zenmap, Ndiff: Avoid crashing with old PyXML package
* Handle ICMP admin-prohibited messages when doing service version
detection.
* NSE: Fix a bug causing http.head to not honor redirects.
* Zenmap: Fix a bug in DiffViewer causing a crash
- fix self-obsoletion of zenmap (nmap-gtk)
- Nmap 6.46
- NSE:
* Made numerous improvements to ssl-heartbleed to provide
more reliable detection of the vulnerability
* Fix some bugs which could cause snmp-ios-config and
snmp-sysdescr scripts to crash
* Improved performance of citrixlua library when handling large
XML responses containing application lists
- Zenmap:
* Fixed a bug which caused this crash message: "IOError:
[Errno socket error] [Errno 10060] A connection attempt
failed [...]" due to DOCTYPE definition to Nmap's XML output
- Nmap 6.45
- NSE:
* Add ssl-heartbleed script to detect the Heartbleed OpenSSL bug
* Fixed an error-handling bug in socks-open-proxy that caused it
to fail when scanning a SOCKS4-only proxy
* Improved ntp-info script to handle underscores in returned
data
* Add quake1-info script for retrieving server and player
information from Quake 1 game servers
* Add unicode library for decoding and encoding UTF-8, UTF-16,
CP437 and other character sets to Unicode code points. Scripts
that previously just added or skipped nulls in UTF-16 data can
use this to support non-ASCII characters
* When doing a ping scan (-sn), the --open option will prevent down
hosts from being shown when -v is specified. This aligns with
similar output for othe rscan types
* Add http-ntlm-info script for getting server information from
Web servers that require NTLM authentication
* Added tls library for functions related to SSLv3 and TLS
messages. Existing ssl-enum-ciphers, ssl-date, and
tls-nextprotoneg scripts were updated to use this library
* Add sstp-discover script to discover Microsoft's Secure Socket
Tunnelling Protocol
* Added unittest library and NSE script for adding unit tests to
NSE libraries
* Added allseeingeye-info script
* Add freelancer-info script
* Add http-server-header script
* Add rfc868-time script
* Add weblogic-t3-info script
* Removed a fixed value (28428) which was being set for the Request
ID in the snmpWalk library function
* Add http-iis-short-name-brute script
* Add http-dlink-backdoor
* Made telnet-brute support multiple parallel guessing threads
* Made the table returned by ssh1.fetch_host_key contain a "key"
element, like that of ssh2.fetch_host_key
* Update dns-cache-snoop script to use a new list of top 50
domains rather than a 2010 list
* Added the qconn-exec script
- Ncat:
* Added support for socks5 and corresponding regression tests.
* Fixed compilation when --without-liblua is specified
* Added NCAT_PROTO, NCAT_REMOTE_ADDR, NCAT_REMOTE_PORT,
NCAT_LOCAL_ADDR and NCAT_LOCAL_PORT environment variables being
set in all --*-exec child processes.
- Nsock:
* Handle timers and timeouts via a priority queue
- Various:
* Added TCP support to dns.lua
* Added safe fd_set operations. This makes nmap fail gracefully
instead of crashing when the number of file descriptors grows
over FD_SETSIZE
* Updated bundled liblua from 5.2.2 to 5.2.3 (bugfix release)
* Added version detection signatures and probes for a bunch of
Android remote mouse/keyboard servers, including AndroMouse,
AirHID, Wifi-mouse, and RemoteMouse.
* Fixed a bug with UDP checksum calculation
* Idle scan now supports IPv6
* The ICMP ID of ICMP probes is now matched against the sent ICMP
ID to reduce the chance of false matches
- Zenmap:
* Fixed a crash that would happen when you entered a search
term starting with a colon
- add missing python-gtk dependency for zenmap [bnc#752158]
- update to 6.40
- [Ncat] Added --lua-exec
- new and updated IPv4 OS fingerprints
- new and updated IPv6 OS fingerprints
- new and updated service/version fingerprints
- [Nsock] Added initial proxy support to Nsock
- [NSE] Added 14 NSE scripts
- Updated the Nmap license terms, still GPL-2.0+
https://svn.nmap.org/nmap/COPYING.
- [NSE] fix possibility of writing arbitrary file to client system
when using the http-domino-enum-passwords script with the
domino-enum-passwords.idpath parameter against a malicious server
- Unicast CIDR-style IPv6 range scanning is now supported
- It's now possible to mix IPv4 range notation with CIDR netmasks in
target specifications.
- Timeout script-args are now standardized to use the timespec that
Nmap's command-line arguments take (5s, 5000ms, 1h, etc.)
- Nmap may now partially rearrange its target list for more efficient
host groups.
- [Ncat] The -i option (idle timeout) now works in listen mode as well as
connect mode.
- [Ncat] Ncat now support chained certificates with the --ssl-cert
option.
- [Nping] Nping now checks for a matching ICMP ID on echo replies
- [NSE] The ipOps.isPrivate library now considers the deprecated
site-local prefix fec0::/10 to be private.
- Nmap's routing table is now sorted first by netmask, then by metric.
- Routes are now sorted to prefer those with a lower metric.
- Fixed a byte-ordering problem on little-endian architectures when doing
idle scan with a zombie that uses broken ID increments.
- Stop parsing TCP options after reaching EOL in libnetutil.
- [NSE] The dns-ip6-arpa-scan script now optionally accepts "/" syntax for
a network mask
- Fixed our NSEDoc system for UTF-8 names
- UDP protocol payloads were added for detecting the Murmer service
- [NSE] Added http-phpmyadmin-dir-traversal
- Fixed address matching for SCTP (-PY) ping
- Removed some non-ANSI-C strftime format strings ("%F") and
locale-dependent formats ("%c") from NSE scripts and libraries.
- [Zenmap] Improved internationalization support
- [Zenmap] Fixed internationalization files
- [NSE] Updated the included Liblua from version 5.2.1 to 5.2.2.
- [Nsock] Added a minimal regression test suite for Nsock.
- [NSE] Updated the redis-brute and redis-info scripts to work against
the latest versions of redis server
- [Ncat] Fixed errors in connecting to IPv6 proxies.
- [NSE] Updated hostmap-bfk to work with the latest version of their website
- [NSE] Added XML structured output support to:
+ xmpp-info, irc-info, sslv2, address-info
+ hostmap-bfk, hostmap-robtex, hostmap-ip2hosts.
+ http-git.nse.
- Added new service probes for:
+ Erlang distribution nodes
+ Minecraft servers.
+ Hazelcast data grid.
- [NSE] Rewrote telnet-brute for better compatibility with a variety of
telnet servers.
- Fixed a regression that changed the number of delimiters in machine
output.
- Fixed a regression in broadcast-dropbox-listener which prevented it from
producing output.
- Handle ICMP type 11 (Time Exceeded) responses to port scan probes.
- Add new decoders (BROWSER, DHCP6 and LLMNR) to broadcast-listener and
changed output of some of the decoders slightly.
- Namespace the pipes used to communicate with subprocesses by PID, to avoid
multiple instances of Ncat from interfering with each other.
- [NSE] Changed ip-geolocation-geoplugin to use the web service's new output
format.
- Limited the number of open sockets in ultra_scan to FD_SETSIZE.
- Fixed a bug that prevented Nmap from finding any interfaces when one of
them had the type ARP_HDR_APPLETALK
- [Ncat] Ncat now keeps running in connect mode after receiving EOF from the
remote socket, unless --recv-only is in effect.
- Packet trace of ICMP packets now include the ICMP ID and sequence number
by default.
- [NSE] Fixed various NSEDoc bugs
- [Zenmap] Zenmap now understands the NMAP_PRIVILEGED and NMAP_UNPRIVILEGED
environment variables.
- Added an ncat_assert macro.
- Added nmap-fo.xsl to convert Nmap XML into XSL-FO, which can be converted
into PDF using tools suck as Apache FOP.
- Increased the number of slack file descriptors not used during connect
scan.
- Changed the --webxml XSL stylesheet to point to the new location of
nmap.xsl in the new repository (https://svn.nmap.org/nmap/docs/nmap.xsl).
- [NSE] The vulnerability library can now preserve vulnerability information
across multiple ports of the same host.
- Removed the undocumented -q option, which renamed the nmap process to
something like "pine".
- Moved the Japanese man page from man1/jp to man1/ja. JP is a country code
while JA is a language code.
- [Nsock] Reworked the logging infrastructure to make it more flexible and
consistent.
- [NSE] Fixed scripts using unconnected UDP sockets.
- Made some changes to Ndiff to reduce parsing time when dealing with large
Nmap XML output files.
- [Zenmap] Fixed a crash that could be caused by opening the About dialog,
using the window manager to close it, and opening it again.
- [Ncat] Made test-addrset.sh exit with nonzero status if any tests
fail.
- Fixed compilation with --without-liblua.
- Fixed CRC32c calculation (as used in SCTP scans) on 64-bit
platforms.
- [NSE] Added multicast group name output to broadcast-igmp-discovery.nse.
- [NSE] Added new fingerprints for http-enum: Sitecore, Moodle, typo3,
SquirrelMail, RoundCube.
- Packaging changes:
* remove nmap-ncat-fail-test-addrset.patch, committed upstream
* ja locale was corrected upstream
- add verification of gpg signatures of source tarballs
- run available unit tests
- add nmap-ncat-fail-test-addrset.patch to make ncat tests effective
- add nmap-ncat-skip-network-tests.patch to skip tests requiring
name resolution
- update to 6.25
+ add 373 IPv4 OS fingerprints and improve existing fingerprints
+ add more than 400 service/version detection fingerprints
+ integrate latest IPv6 OS submissions and corrections
+ Enabled support for IPv6 traceroute using UDP, SCTP, and IPProto
(Next Header) probes.
+ Scripts can now return a structured name-value table so that results
are query-able from XML output. Scripts can return a string as
before, or a table, or a table and a string. In this last case, the
table will go to XML output and the string will go to screen output.
+ Ncat: Added support for Unix domain sockets. The new -U and
--unixsock options activate this mode.
+ removal of Windows dependencies reduces size of source tarball
+ Replaced old RPC grinder with NSE-based implementation
+ Updated Nmap Scripting Engine to use Lua 5.2
+ Added 85 NSE scripts
+ Added 12 new protocol libraries:
* ajp (Apache JServ Protocol)
* base32 (Base32 encoding/decoding - RFC 4648)
* bjnp (Canon BJNP printer/scanner discovery protocol)
* cassandra (Cassandra database protocol)
* eigrp (Cisco Enhanced Interior Gateway Routing Protocol)
* gps (Global Positioning System - does GPRMC NMEA decoding)
* ipp (CUPS Internet Printing Protocol)
* isns (Internet Storage Name Service)
* jdwp (Java Debug Wire Protocol)
* mobileme (a service for managing Apple/Mac devices)
* ospf (Open Shortest Path First routing protocol)
* rdp (Remote Desktop Protocol)
+ added more Common Platform Enumeration (CPE) identifiers
+ Scans that use OS sockets (including TCP connect scan, version
detection, and script scan) now use the SO_BINDTODEVICE sockopt on
Linux, so that the -e (select network device) option is
honored.
+ [Zenmap] Host filters can now do negative matching, for example you
can use "os:!linux" to match hosts NOT detected as Linux.
+ further minor improvements and bug fixes as listed in
http://nmap.org/changelog.html
- for openSUSE releases where lua 5.2 is available, build with that
library, otherwise use the library that comes with the sources
- add tests for the correct system or included libraries
- refresh nmap-4.75-nostrip.patch
- refresh su-to-zenmap.patch
- update manpages glob to fix Factory build
- update to upstream 6.0.1
* fix a zenmap a crash that happened when activating the host filter.
* fix finding network interfaces if one of them is in monitor mode
* fixx greppable output of hosts that time-out
- update to upstream 6.00
* enhanced Nmap Scripting Engine
* Better Web Scanning
* Full IPv6 Support
* New NPing Tool
* Better Zenmap GUI & results viewer
* Faster scans
* for a full list of changes see http://nmap.org/6/#changes and
http://nmap.org/changelog.html
- refresh nmap-4.00-libpcap-filter.diff
- as nmap is built with the inluded and stripped nmap-libdnet-1.12,
remove system libdnet as build requirement
- Update to nmap-5.61TEST5
- refresh nmap-4.00-libpcap-filter.diff for moved source lines
- refresh nmap-4.00-noreturn.diff for moved source lines
- refresh nmap-4.75-nostrip.patch for moved source lines
- update nmap-5.00-desktop_files.patch
to nmap-5.61-desktop_files.patch for change source
- update su-to-zenmap.patch for moved source lines
- Conditionally change lua-devel BuildRequires to lua51-devel on
openSUSE > 12.1. The code is not yet ready for lua 5.2.
- Fixed a run Zenmap as sudo in KDE and GNOME
- Update to nmap 5.61-xxx branch, changelog too long, see NEWS
for details.
- Add a new subpackage "nping"
- drop no-md2.patch already in upstream.
- add nmap-5.21-gnomesu.patch (fixed bnc#613847)
- spec file clean up to build on SLE and openSUSE < 11.3
- update to 5.21
* Dramatically improved the version detection database, integrating
2,596 submissions that users contributed since February 3, 2009!
* bugfixes
- disable md2 in the scripting language (no longer supplied
by default openssl)
- fixed bnc#528581
- Pascal updated to 5.00 with way too many changes to list them,
see /usr/share/doc/packages/nmap/CHANGELOG
- introduce ncat and ndiff packages providing tools for nmap scans
- use new python macros
- remove strip so we have debuginfos
- Update to 4.75
* [Zenmap] Added a new Scan Topology system.
* [Zenmap] Another exciting new Zenmap feature is Scan
Aggregation.
* [Zenmap] Added a context-sensitive help system to the Profile
Editor.
* Expanded nmap-services to include information on how frequently
each port number is found open.
* Nmap now scans the most common 1,000 ports by default in either
protocol (UDP scan is still optional).
* Nmap fast scan (-F) now scans the top 100 ports by default in
either protocol.
* The --top-ports option lets you specify the number of ports you
wish to scan in each protocol, and will pick the most popular
ports for you based on the new frequency data.
* integrated all of the OS detection fingerprint and correction
submissions
- rename nmap-gtk subpackage to zenmap
- update to version 4.68
* Too many changes to list, see http://nmap.org/changelog.html
- update to version 4.60 tons of bugfixes, see http://nmap.org/changelog.html
- Wrong files for package nmap in openSUSE:Factory [BNC #369021]
- We have to buildrequire lua-devel, otherwise bundled is used
- fix packaging issues
- update to version 4.53 which
o Added UPnP-info NSE script. It gathers information from the
UPnP service (UDP port 1900) which listens on many network
devices such as routers, printers, and networked media players.
o Fix a lot of Bugs
o The Nmap Scripting Engine (NSE) now supports run-time interaction
and the Nmap --host-timeout option.
- changed libpcap to libpcap-devel in BuildRequires
- change last patch to build
- fix build bug
- update to version 4.20 which
o Integrated the latest OS fingerprint submissions
o Fix Bugs
- GNOME moved to /usr
- build against system provided libdnet
- update to version 4.11 which
o Added a dozens of more detailed SSH version detection
signatures
o Fixed the Nmap Makefile
o Fixed a compilation problem on solaris and possibly other
platforms.
o Applied a patch which helps with HP-UX compilation by linking
in the nm library (-lnm
o Added version detection probes for detecting the Nessus daemon.
- Reduce BuildRequires.
- update to 4.0 final. Only some metadata updates
- added pcre-devel to buildrequires
- updated to 3.999 which includes:
o Upgraded the included LibPCRE from version 6.3 to 6.4.
o Integrated all remaining 2005 service submissions.
o Added run time interaction
o Reverse DNS resolution is now done in parallel
o Added the --badsum option, which causes Nmap to use invalid TCP or
UDP checksums for packets sent to target hosts.
o More excellent NmapFE patches from Priit Laes
o Added --max_retries option
o Many of the Nmap low-level timing options take a value in
milliseconds.
o Made some changes to allow source port zero scans (-g0).
- converted neededforbuild to BuildRequires
- 3.95 update
- 3.93 update (fixes #129227)
- fix specfile
- fix C++ Problem with gcc 4.1
- fix Makefile.in to use RPM_OPT_FLAGS
- Update to nmap-3.90
- use internal pcre to avoid problems with SYN scan
[#104337]
- Don't strip binaries
- Build against system libpcap/libpcre to avoid libpcap bugs
[Bug #98249]
- Moved desktop file, added icon (#73653).
- fix return values of gencode.c.
- Update to nmap-3.81
- Update to nmap-3.80
- Update to nmap-3.77
- Update to nmap-3.75
- Update to nmap-3.70
- Update to nmap-3.55
- Fix accidental deletion of specfile tag
- Add openssl to #nfb in order to enable SSL-scan-through support
- Update to nmap-3.50
- move nmapfe/xnmap to a subpackage nmap-gtk
- make use of openssl
- fix DESTDIR patch
- dont build as root
- Update to version 3.48
- add Categories
- Update to version 3.30
- Update to version 3.28
- Update to nmap-3.27
- Use %defattr
- Update to nmap-3.20
- removed bogus self-provides
- fix neededforbuild
- use BuildRoot
- add missing files to file list
- long awaited version 3.00. News:
* 700 operation systems + network devices in fingerprint database
* uptime scan
* XML output
* all references to God in error messages are capitalized
added filter.dif security fix for homegrown libpcap.
- new version 2.54BETA30.
- fixed specfile to build (suse_update_config before autoconf)
- update to 2.54BETA22
- Add %suse_update_config.
- fixed inet_aton detection
- fix neededforbuild
- update to 2.53, move /usr/lib/nmap to /usr/share/nmap
- Version 2.3BETA14. Move manpage to /usr/share/man
- update to version 2.3BETA6
- new version 2.12
- ran old prepare_spec on spec file to switch to new prepare_spec.
- new package, version 2.02
OBS-URL: https://build.opensuse.org/package/show/network:utilities/nmap?expand=0&rev=136
2024-07-26 09:34:37 +00:00
|
|
|
|
|
|
|
|
pushd zenmap
|
|
|
|
|
%pyproject_install
|
|
|
|
|
install -m 644 ../docs/zenmap.1 %{buildroot}%{_mandir}/man1/
|
|
|
|
|
install -m 644 install_scripts/unix/*.desktop %{buildroot}%{_datadir}/applications/
|
|
|
|
|
install -m 755 install_scripts/unix/su-to-zenmap.sh %{buildroot}%{_bindir}/su-to-zenmap.sh
|
|
|
|
|
ln -s %{python_sitelib}/zenmapCore/data/pixmaps/zenmap.png %{buildroot}%{_datadir}/pixmaps/zenmap.png
|
|
|
|
|
ln -sf zenmap %{buildroot}%{_bindir}/nmapfe
|
|
|
|
|
ln -sf zenmap %{buildroot}%{_bindir}/xnmap
|
|
|
|
|
popd
|
|
|
|
|
|
|
|
|
|
%find_lang zenmap
|
|
|
|
|
|
2008-09-13 04:00:48 +00:00
|
|
|
%suse_update_desktop_file zenmap System Network
|
|
|
|
|
%suse_update_desktop_file zenmap-root System Network
|
2010-10-30 07:49:27 +00:00
|
|
|
touch -r %{buildroot}/%{python_sitelib}/zenmapCore/Paths.py %{buildroot}/%{python_sitelib}/zenmapCore/Paths.pyc
|
|
|
|
|
dos2unix %{buildroot}%{_datadir}/%{name}/nselib/data/oracle-sids
|
|
|
|
|
|
|
|
|
|
%fdupes -s %{buildroot}
|
2007-01-07 23:48:21 +00:00
|
|
|
|
2012-12-02 15:27:49 +00:00
|
|
|
%check
|
2012-12-02 21:51:33 +00:00
|
|
|
|
|
|
|
|
pushd ncat
|
2020-11-02 13:45:23 +00:00
|
|
|
%make_build check
|
2012-12-02 21:51:33 +00:00
|
|
|
popd
|
|
|
|
|
|
|
|
|
|
pushd libdnet-stripped
|
2020-11-02 13:45:23 +00:00
|
|
|
%make_build check
|
2012-12-02 21:51:33 +00:00
|
|
|
popd
|
|
|
|
|
|
2012-12-02 15:27:49 +00:00
|
|
|
# retrieve list of compiled in modules
|
2015-03-03 20:08:34 +00:00
|
|
|
compiled_with=$("%{buildroot}%{_bindir}/nmap" -V | grep "Compiled with:" )
|
2012-12-02 15:27:49 +00:00
|
|
|
# for the following tests, the leading space is relevant
|
|
|
|
|
# check features built with system libraries
|
- Update to 7.95:
* Integrated over 4,000 of your IPv4 OS fingerprints. Added 336 signatures,
bringing the new total to 6,036. Additions include iOS 15 & 16, macOS
Ventura & Monterey, Linux 6.1, OpenBSD 7.1, and lwIP 2.2
* Integrated over 2,500 service/version detection fingerprints. The signature
count went up 1.4% to 12,089, including 9 new softmatches. We now detect
1,246 protocols, including new additions of grpc, mysqlx, essnet,
remotemouse, and tuya.
* Added four new scripts from the DINA community for querying industrial
control systems
* Improvements to OS detection fingerprint matching, including a syntax
change for nmap-os-db that allows ranges within the TCP Options
string. This leads to more concise and maintainable fingerprints. [Daniel
Miller]
* Improved the OS detection engine by using a new source port for each retry.
Scans from systems such as Windows that do not send RST for unsolicited
SYN|ACK responses were previously unable to get a response in subsequent
tries. [Daniel Miller]
* Several profile-guided optimizations of the port scan engine. [Daniel Miller]
* Upgraded included libraries: Lua 5.4.6, libpcre2 10.43, zlib 1.3.1, libssh2
1.11.0, liblinear 2.47
* Zenmap and Ndiff now use setuptools, not distutils
for packaging.
* Fixed Ncat UDP server mode to not quit after EOF on
stdin.
* ssh-auth-methods will now print the pre-authentication banner text
when available. Requires libssh2 1.11.0 or later. [Daniel Miller]
* Fix a crash in Zenmap when changing a host comment.
* Fix TLS 1.2 signature algorithms for EdDSA. [Daniel Roethlisberger]
* Fix an out-of-bounds read which led to out-of-memory errors when
duplicate addresses were used with --exclude
* Fixed a memory leak in Nsock: compiled pcap filters were not freed.
* Fixed a crash when using service name wildcards with -p, as in -p "http*"
* Fixed DNS TXT record parsing bug which caused asn-query to fail in
Nmap 7.80 and later. [David Fifield, Mike Pattrick]
* Fixed packet size testing in KNX scripts [f0rw4rd]
- Remove nmap-7.94-handle-unknown-service-name-in-p.patch
- Add zenmap-fix-locale-install.patch
* Fix locale files installation for zenmap
- Use %pyproject macros for building and installing zenmap
- fix segfault with -p (boo#1221403)
add nmap-7.94-handle-unknown-service-name-in-p.patch
- Update License to 'SUSE-NonFree" until determined otherwise
to please checks in openSUSE:Factory:NonFree (boo#1211571)
- Fix build error and wrong requires. Lua version 5.4.4 is required.
But something in opensuse lua package is broken. Set it disable for
Leap too and not only for Tumbleweed.
- Update to 7.94:
* Zenmap and Ndiff now use Python 3
* Nmap now prints vendor names based on MAC address for MA-S (24-bit),
MA-M (28-bit), and MA-L (36-bit) registrations instead of the fixed
3-byte MAC prefix used previously for lookups.
* Lots of profile-guided memory and processing improvements for Nmap,
including OS fingerprint matching, probe matching and retransmission
lookups for large hostgroups, and service name lookups.
* Integrated many of the most-submitted IPv4 OS fingerprints for recent
versions of Windows, iOS, macOS, Linux, and BSD.
* Added the tftp-version script which requests a nonexistent file from a
TFTP server and matches the error message to a database of known software.
* Ncat can now accept "connections" from multiple UDP hosts in listen mode
with the --keep-open option. This also enables --broker and --chat via UDP.
* Upgrade included libraries: zlib 1.2.13, Lua 5.4.4, libpcap 1.10.4
* UDP port scan (-sU) and version scan (-sV) now both use the same data source,
nmap-service-probes, for data payloads. Previously, the nmap-payloads file
was used for port scan.
* Nmap's service scan (-sV) can now probe the UDP service behind a DTLS tunnel,
the same as it already does for TCP services with SSL/TLS encryption.
* Ncat in listen mode with --udp --ssl will use DTLS to secure incoming connections.
* Handle Internationalized Domain Names (IDN) like Яндекс.рф on platforms
where getaddrinfo supports the AI_IDN flag. [Daniel Miller]
* Improved DNS domain name parsing to avoid recursion and enforce name length
limits, avoiding a theoretical stack overflow issue with certain crafted
DNS server responses.
- Update License to 'LicenseRef-NPSL-0.95'
- The package is licenced under the ""Nmap Public Source License",
which is not OSI approved. Specify as "LicenseRef-NPSL-0.93".
(boo#1211571)
- Update to 7.93:
* This release commemorates Nmap's 25th anniversary! It all started with this September 1, 1997 Phrack article by Fyodor: https://nmap.org/p51-11.html.
* Ensure Nmap builds with OpenSSL 3.0 using no deprecated API functions. Binaries for this release include OpenSSL 3.0.5.
* Upgrade included libraries: libssh2 1.10.0, zlib 1.2.12, Lua 5.3.6, libpcap 1.10.1
* Fix a bug that prevented Nmap from discovering interfaces on Linux when no IPv4 addresses were configured.
* NSE "exception handling" with nmap.new_try() will no longer result in a stack traceback in debug output
* Update the Nmap output DTD to match actual output since the `<hosthint>` element was added in Nmap 7.90.
* Fix newtargets support: since Nmap 7.92, scripts could not add targets in script pre-scanning phase.
* Scripts dhcp-discover and broadcast-dhcp-discover now support setting a client identifier.
* Script oracle-tns-version was not reporting the version correctly for Oracle 19c or newer
* Script redis-info was crashing or producing inaccurate information about client connections and/or cluster nodes.
* Script ipidseq was broken due to calling an unreachable library function.
* Support for EC crypto was not properly enabled if Nmap was compiled with OpenSSL in a custom location.
* Improvements to event handling and pcap socket garbage collection, fixing potential hangs and crashes.
* Fix TDS7 password encoding for mssql.lua, which had been assuming ASCII input even though other parts of the library had been passing it Unicode.
* Replace deprecated CPEs for IIS with their updated identifier, cpe:/a:microsoft:internet_information_services
* Fix script-terminating error when unknown BSON data types are encountered. Added parsers for most standard data types.
* Fix hostname/certificate comparison and matching to handle ASN.1 strings without null terminators, a similar bug to OpenSSL's CVE-2021-3712.
* Added support for SOCKS5 proxies that return bind addresses as hostnames, instead of IPv4/IPv6 addresses.
- Do not build with python2 support for SLE15-SP4, bsc#1190997
- Tumbleweed is not affected by the following SLE issues:
* bsc#1148742, CVE-2017-18594
* bsc#1135350
* bsc#1133512
- Update to 7.92:
* TLS 1.3 now supported by most scripts for which it is relevant
* Other bugfixes and improvements
* https://nmap.org/changelog.html#7.92
- Also guard the python-devel BuildRequires if we're building for Python 2
- update to 7.91:
* Rectify error "time result cannot be represented" in the AFP
library
* Support setting the SNMP protocol version in via snmp.version
* Fix MySQL library not properly parsing responses
* mysql-audit now defaults to the bundled mysql-cis.audit for
the audit rule base
- update to 7.90:
* New fingerprints for better OS and service/version detection
* 3 new NSE scripts, new protocol libraries and payloads for host discovery,
port scanning and version detection
* 70+ smaller bug fixes and improvements
* Build system upgrades and code quality improvements
- drop netmask_negativ_bitshift.patch (obsolete)
- fix typo in description
- Update to 7.80:
* 11 new NSE scripts
* Added AF_VSOCK (Linux VM sockets) functionality to Nsock and Ncat
* Deprecate and disable the -PR (ARP ping) host discovery option. ARP ping is
already used whenever possible.
* Temporary RSA keys are now 2048-bit to resolve a compatibility issue with
OpenSSL library configured with security level 2.
* See https://nmap.org/changelog#7.80 for the complete changelog.
- Removed patches included upstream:
* nmap-7.70-CVE-2018-15173_pcre_limits.patch
* nmap-7.70-fix_infinite_loop.patch
- Added netmask_negativ_bitshift.patch to fix netmask calculation for certain
architectures.
- add nmap-7.70-fix_infinite_loop.patch to fix infinite loop in
tls-alpn when server is forcing a protocol [bsc#1143277]
- add nmap-7.70-CVE-2018-15173_pcre_limits.patch to reduce LibPCRE
resource limits so that version detection can't use as much of
the stack. Previously Nmap could crash when run on low-memory
systems against target services which are intentionally or
accidentally difficult to match [bsc#1104139] [CVE-2018-15173].
- Trim filler wording from description.
- Trim idempotent %if..%endif blocks.
- Explicitly request bash for bashisms in %install.
- don't build zenmap and ndiff python2 subpackages because of the
python2 deprecation in Tumbleweed
- run spec-cleaner
- tweak Summaries and Descriptions
- Update to 7.70:
* 14 new NSE scripts
* iec-identify probes for the IEC 60870-5-104 SCADA protocol
* ssh-brute performs brute-forcing of SSH password credentials
* See https://nmap.org/changelog.html#7.70 for the complete changelog.
- Nmap 7.60:
* NSE scripts now have complete SSH support via libssh2
* Added 14 NSE scripts from 6 authors, bringing the total up to 579!
* See https://nmap.org/changelog.html#7.60 for the complete changelog.
- Nmap 7.50:
* Integrated all of your service/version detection fingerprints
submitted from September to March (855 of them). The signature
count went up 2.9% to 11,418. We now detect 1193 protocols from
apachemq, bro, and clickhouse to jmon, slmp, and zookeeper.
Highlights: http://seclists.org/nmap-dev/2017/q2/140
* Many added NSE scripts, OS fingerprints, service probes
* See https://nmap.org/changelog.html#7.50 for the complete changelog.
- Nmap 7.40:
* Many added NSE scripts, OS fingerprints, service probes
* New option --defeat-icmp-ratelimit dramatically reduces UDP
scan times in exchange for labeling unresponsive
(and possibly open) ports as "closed|filtered".
* New NSE library, geoip.lua, provides a common framework for
storing and retrieving IP geolocation results.
* See https://nmap.org/changelog.html#7.40 for the complete
changelog.
- Refresh nmap-5.61-desktop_files.patch as
nmap-7.40-desktop_files.patch
- Nmap 7.31:
* Fix the way Nmap handles scanning names that resolve to the
same IP
* Zenmap: Better visual indication that display of hostname is
tied to address in the Topology page
- Nmap 7.30:
* Many added NSE scripts, OS fingerprints, service probes
* Improved output filtering
* Using Lua 5.3
* Many bug fixes, improvements and performance enhancements
- Nmap 7.12:
* Zenmap: Avoid file corruption in zenmap.conf
* NSE: VNC updates
* NSE: Add STARTTLS support for VNC, NNTP, and LMTP
* Add new service probes and match lines for OpenVPN
- Nmap 7.11:
* Add support for diffie-hellman-group-exchange-* SSH key
exchange methods to ssh2.lua, allowing ssh-hostkey to run on
servers that only support custom Diffie-Hellman groups.
* Add support in sslcert.lua for Microsoft SQL Server's TDS
protocol, so you can now grab certs with ssl-cert or check
ciphers with ssl-enum-ciphers.
* Fix crashes in Zenmap
- Nmap 7.10:
* Add 12 NSE scripts
* Integrate OS, service/version detection fingerprint submissions
* Updated to various NSE scripts
* Zenmap: Remember window geometry (position and size) from the
previous time Zenmap was run.
* Give option parsing errors after the long usage statement
* Changed Nmap's idea of reserved and private IP addresses to include
169.254/16 (RFC3927) and remove 6/8, 7/8, and 55/8 networks
(for -iR randomly generated targets)
Usage of own exclusion lists with --exclude or --exclude-file is
recommended to avoid scanning newly-valid addresses belonging to
the US DoD.
* Allow the -4 option for Nmap to indicate IPv4 address family.
* Add verbosity level of 0 (-v0): not text output
- Nmap 7.01:
* various bug fixes in NSE
- Nmap 7.00:
* see /usr/share/doc/packages/nmap/CHANGELOG
- removed patches:
* nmap-4.00-noreturn.diff
* nmap-6.00-libpcap-filter.diff
not needed since we do not build against the bundled libpcap
- updated patch:
* nmap-ncat-skip-network-tests.patch
- Unbreak everything not Factory
- Fix the build for Factory. Insist on lua 5.2.x
- BuildRequire lua52-devel on openSUSE > 13.2 (current Tumbleweed):
nmap has not been ported to LUA 5.3 yet.
- Minor fix in check session: internal lua identifies itself as
5.2.3 by now.
- fix build on SLE 12 by removing gpg-offline dependency
- run spec-cleaner
- Nmap 6.47:
* updated IPv4 OS fingerprints
* Removed the External Entity Declaration from the DOCTYPE in
Nmap's XML. The doctype is now: <!DOCTYPE nmaprun>
* Ncat: Fixed SOCKS5 username/password authentication
* Avoid formatting NULL as "%s" when running nmap --iflist
* Zenmap, Ndiff: Avoid crashing with old PyXML package
* Handle ICMP admin-prohibited messages when doing service version
detection.
* NSE: Fix a bug causing http.head to not honor redirects.
* Zenmap: Fix a bug in DiffViewer causing a crash
- fix self-obsoletion of zenmap (nmap-gtk)
- Nmap 6.46
- NSE:
* Made numerous improvements to ssl-heartbleed to provide
more reliable detection of the vulnerability
* Fix some bugs which could cause snmp-ios-config and
snmp-sysdescr scripts to crash
* Improved performance of citrixlua library when handling large
XML responses containing application lists
- Zenmap:
* Fixed a bug which caused this crash message: "IOError:
[Errno socket error] [Errno 10060] A connection attempt
failed [...]" due to DOCTYPE definition to Nmap's XML output
- Nmap 6.45
- NSE:
* Add ssl-heartbleed script to detect the Heartbleed OpenSSL bug
* Fixed an error-handling bug in socks-open-proxy that caused it
to fail when scanning a SOCKS4-only proxy
* Improved ntp-info script to handle underscores in returned
data
* Add quake1-info script for retrieving server and player
information from Quake 1 game servers
* Add unicode library for decoding and encoding UTF-8, UTF-16,
CP437 and other character sets to Unicode code points. Scripts
that previously just added or skipped nulls in UTF-16 data can
use this to support non-ASCII characters
* When doing a ping scan (-sn), the --open option will prevent down
hosts from being shown when -v is specified. This aligns with
similar output for othe rscan types
* Add http-ntlm-info script for getting server information from
Web servers that require NTLM authentication
* Added tls library for functions related to SSLv3 and TLS
messages. Existing ssl-enum-ciphers, ssl-date, and
tls-nextprotoneg scripts were updated to use this library
* Add sstp-discover script to discover Microsoft's Secure Socket
Tunnelling Protocol
* Added unittest library and NSE script for adding unit tests to
NSE libraries
* Added allseeingeye-info script
* Add freelancer-info script
* Add http-server-header script
* Add rfc868-time script
* Add weblogic-t3-info script
* Removed a fixed value (28428) which was being set for the Request
ID in the snmpWalk library function
* Add http-iis-short-name-brute script
* Add http-dlink-backdoor
* Made telnet-brute support multiple parallel guessing threads
* Made the table returned by ssh1.fetch_host_key contain a "key"
element, like that of ssh2.fetch_host_key
* Update dns-cache-snoop script to use a new list of top 50
domains rather than a 2010 list
* Added the qconn-exec script
- Ncat:
* Added support for socks5 and corresponding regression tests.
* Fixed compilation when --without-liblua is specified
* Added NCAT_PROTO, NCAT_REMOTE_ADDR, NCAT_REMOTE_PORT,
NCAT_LOCAL_ADDR and NCAT_LOCAL_PORT environment variables being
set in all --*-exec child processes.
- Nsock:
* Handle timers and timeouts via a priority queue
- Various:
* Added TCP support to dns.lua
* Added safe fd_set operations. This makes nmap fail gracefully
instead of crashing when the number of file descriptors grows
over FD_SETSIZE
* Updated bundled liblua from 5.2.2 to 5.2.3 (bugfix release)
* Added version detection signatures and probes for a bunch of
Android remote mouse/keyboard servers, including AndroMouse,
AirHID, Wifi-mouse, and RemoteMouse.
* Fixed a bug with UDP checksum calculation
* Idle scan now supports IPv6
* The ICMP ID of ICMP probes is now matched against the sent ICMP
ID to reduce the chance of false matches
- Zenmap:
* Fixed a crash that would happen when you entered a search
term starting with a colon
- add missing python-gtk dependency for zenmap [bnc#752158]
- update to 6.40
- [Ncat] Added --lua-exec
- new and updated IPv4 OS fingerprints
- new and updated IPv6 OS fingerprints
- new and updated service/version fingerprints
- [Nsock] Added initial proxy support to Nsock
- [NSE] Added 14 NSE scripts
- Updated the Nmap license terms, still GPL-2.0+
https://svn.nmap.org/nmap/COPYING.
- [NSE] fix possibility of writing arbitrary file to client system
when using the http-domino-enum-passwords script with the
domino-enum-passwords.idpath parameter against a malicious server
- Unicast CIDR-style IPv6 range scanning is now supported
- It's now possible to mix IPv4 range notation with CIDR netmasks in
target specifications.
- Timeout script-args are now standardized to use the timespec that
Nmap's command-line arguments take (5s, 5000ms, 1h, etc.)
- Nmap may now partially rearrange its target list for more efficient
host groups.
- [Ncat] The -i option (idle timeout) now works in listen mode as well as
connect mode.
- [Ncat] Ncat now support chained certificates with the --ssl-cert
option.
- [Nping] Nping now checks for a matching ICMP ID on echo replies
- [NSE] The ipOps.isPrivate library now considers the deprecated
site-local prefix fec0::/10 to be private.
- Nmap's routing table is now sorted first by netmask, then by metric.
- Routes are now sorted to prefer those with a lower metric.
- Fixed a byte-ordering problem on little-endian architectures when doing
idle scan with a zombie that uses broken ID increments.
- Stop parsing TCP options after reaching EOL in libnetutil.
- [NSE] The dns-ip6-arpa-scan script now optionally accepts "/" syntax for
a network mask
- Fixed our NSEDoc system for UTF-8 names
- UDP protocol payloads were added for detecting the Murmer service
- [NSE] Added http-phpmyadmin-dir-traversal
- Fixed address matching for SCTP (-PY) ping
- Removed some non-ANSI-C strftime format strings ("%F") and
locale-dependent formats ("%c") from NSE scripts and libraries.
- [Zenmap] Improved internationalization support
- [Zenmap] Fixed internationalization files
- [NSE] Updated the included Liblua from version 5.2.1 to 5.2.2.
- [Nsock] Added a minimal regression test suite for Nsock.
- [NSE] Updated the redis-brute and redis-info scripts to work against
the latest versions of redis server
- [Ncat] Fixed errors in connecting to IPv6 proxies.
- [NSE] Updated hostmap-bfk to work with the latest version of their website
- [NSE] Added XML structured output support to:
+ xmpp-info, irc-info, sslv2, address-info
+ hostmap-bfk, hostmap-robtex, hostmap-ip2hosts.
+ http-git.nse.
- Added new service probes for:
+ Erlang distribution nodes
+ Minecraft servers.
+ Hazelcast data grid.
- [NSE] Rewrote telnet-brute for better compatibility with a variety of
telnet servers.
- Fixed a regression that changed the number of delimiters in machine
output.
- Fixed a regression in broadcast-dropbox-listener which prevented it from
producing output.
- Handle ICMP type 11 (Time Exceeded) responses to port scan probes.
- Add new decoders (BROWSER, DHCP6 and LLMNR) to broadcast-listener and
changed output of some of the decoders slightly.
- Namespace the pipes used to communicate with subprocesses by PID, to avoid
multiple instances of Ncat from interfering with each other.
- [NSE] Changed ip-geolocation-geoplugin to use the web service's new output
format.
- Limited the number of open sockets in ultra_scan to FD_SETSIZE.
- Fixed a bug that prevented Nmap from finding any interfaces when one of
them had the type ARP_HDR_APPLETALK
- [Ncat] Ncat now keeps running in connect mode after receiving EOF from the
remote socket, unless --recv-only is in effect.
- Packet trace of ICMP packets now include the ICMP ID and sequence number
by default.
- [NSE] Fixed various NSEDoc bugs
- [Zenmap] Zenmap now understands the NMAP_PRIVILEGED and NMAP_UNPRIVILEGED
environment variables.
- Added an ncat_assert macro.
- Added nmap-fo.xsl to convert Nmap XML into XSL-FO, which can be converted
into PDF using tools suck as Apache FOP.
- Increased the number of slack file descriptors not used during connect
scan.
- Changed the --webxml XSL stylesheet to point to the new location of
nmap.xsl in the new repository (https://svn.nmap.org/nmap/docs/nmap.xsl).
- [NSE] The vulnerability library can now preserve vulnerability information
across multiple ports of the same host.
- Removed the undocumented -q option, which renamed the nmap process to
something like "pine".
- Moved the Japanese man page from man1/jp to man1/ja. JP is a country code
while JA is a language code.
- [Nsock] Reworked the logging infrastructure to make it more flexible and
consistent.
- [NSE] Fixed scripts using unconnected UDP sockets.
- Made some changes to Ndiff to reduce parsing time when dealing with large
Nmap XML output files.
- [Zenmap] Fixed a crash that could be caused by opening the About dialog,
using the window manager to close it, and opening it again.
- [Ncat] Made test-addrset.sh exit with nonzero status if any tests
fail.
- Fixed compilation with --without-liblua.
- Fixed CRC32c calculation (as used in SCTP scans) on 64-bit
platforms.
- [NSE] Added multicast group name output to broadcast-igmp-discovery.nse.
- [NSE] Added new fingerprints for http-enum: Sitecore, Moodle, typo3,
SquirrelMail, RoundCube.
- Packaging changes:
* remove nmap-ncat-fail-test-addrset.patch, committed upstream
* ja locale was corrected upstream
- add verification of gpg signatures of source tarballs
- run available unit tests
- add nmap-ncat-fail-test-addrset.patch to make ncat tests effective
- add nmap-ncat-skip-network-tests.patch to skip tests requiring
name resolution
- update to 6.25
+ add 373 IPv4 OS fingerprints and improve existing fingerprints
+ add more than 400 service/version detection fingerprints
+ integrate latest IPv6 OS submissions and corrections
+ Enabled support for IPv6 traceroute using UDP, SCTP, and IPProto
(Next Header) probes.
+ Scripts can now return a structured name-value table so that results
are query-able from XML output. Scripts can return a string as
before, or a table, or a table and a string. In this last case, the
table will go to XML output and the string will go to screen output.
+ Ncat: Added support for Unix domain sockets. The new -U and
--unixsock options activate this mode.
+ removal of Windows dependencies reduces size of source tarball
+ Replaced old RPC grinder with NSE-based implementation
+ Updated Nmap Scripting Engine to use Lua 5.2
+ Added 85 NSE scripts
+ Added 12 new protocol libraries:
* ajp (Apache JServ Protocol)
* base32 (Base32 encoding/decoding - RFC 4648)
* bjnp (Canon BJNP printer/scanner discovery protocol)
* cassandra (Cassandra database protocol)
* eigrp (Cisco Enhanced Interior Gateway Routing Protocol)
* gps (Global Positioning System - does GPRMC NMEA decoding)
* ipp (CUPS Internet Printing Protocol)
* isns (Internet Storage Name Service)
* jdwp (Java Debug Wire Protocol)
* mobileme (a service for managing Apple/Mac devices)
* ospf (Open Shortest Path First routing protocol)
* rdp (Remote Desktop Protocol)
+ added more Common Platform Enumeration (CPE) identifiers
+ Scans that use OS sockets (including TCP connect scan, version
detection, and script scan) now use the SO_BINDTODEVICE sockopt on
Linux, so that the -e (select network device) option is
honored.
+ [Zenmap] Host filters can now do negative matching, for example you
can use "os:!linux" to match hosts NOT detected as Linux.
+ further minor improvements and bug fixes as listed in
http://nmap.org/changelog.html
- for openSUSE releases where lua 5.2 is available, build with that
library, otherwise use the library that comes with the sources
- add tests for the correct system or included libraries
- refresh nmap-4.75-nostrip.patch
- refresh su-to-zenmap.patch
- update manpages glob to fix Factory build
- update to upstream 6.0.1
* fix a zenmap a crash that happened when activating the host filter.
* fix finding network interfaces if one of them is in monitor mode
* fixx greppable output of hosts that time-out
- update to upstream 6.00
* enhanced Nmap Scripting Engine
* Better Web Scanning
* Full IPv6 Support
* New NPing Tool
* Better Zenmap GUI & results viewer
* Faster scans
* for a full list of changes see http://nmap.org/6/#changes and
http://nmap.org/changelog.html
- refresh nmap-4.00-libpcap-filter.diff
- as nmap is built with the inluded and stripped nmap-libdnet-1.12,
remove system libdnet as build requirement
- Update to nmap-5.61TEST5
- refresh nmap-4.00-libpcap-filter.diff for moved source lines
- refresh nmap-4.00-noreturn.diff for moved source lines
- refresh nmap-4.75-nostrip.patch for moved source lines
- update nmap-5.00-desktop_files.patch
to nmap-5.61-desktop_files.patch for change source
- update su-to-zenmap.patch for moved source lines
- Conditionally change lua-devel BuildRequires to lua51-devel on
openSUSE > 12.1. The code is not yet ready for lua 5.2.
- Fixed a run Zenmap as sudo in KDE and GNOME
- Update to nmap 5.61-xxx branch, changelog too long, see NEWS
for details.
- Add a new subpackage "nping"
- drop no-md2.patch already in upstream.
- add nmap-5.21-gnomesu.patch (fixed bnc#613847)
- spec file clean up to build on SLE and openSUSE < 11.3
- update to 5.21
* Dramatically improved the version detection database, integrating
2,596 submissions that users contributed since February 3, 2009!
* bugfixes
- disable md2 in the scripting language (no longer supplied
by default openssl)
- fixed bnc#528581
- Pascal updated to 5.00 with way too many changes to list them,
see /usr/share/doc/packages/nmap/CHANGELOG
- introduce ncat and ndiff packages providing tools for nmap scans
- use new python macros
- remove strip so we have debuginfos
- Update to 4.75
* [Zenmap] Added a new Scan Topology system.
* [Zenmap] Another exciting new Zenmap feature is Scan
Aggregation.
* [Zenmap] Added a context-sensitive help system to the Profile
Editor.
* Expanded nmap-services to include information on how frequently
each port number is found open.
* Nmap now scans the most common 1,000 ports by default in either
protocol (UDP scan is still optional).
* Nmap fast scan (-F) now scans the top 100 ports by default in
either protocol.
* The --top-ports option lets you specify the number of ports you
wish to scan in each protocol, and will pick the most popular
ports for you based on the new frequency data.
* integrated all of the OS detection fingerprint and correction
submissions
- rename nmap-gtk subpackage to zenmap
- update to version 4.68
* Too many changes to list, see http://nmap.org/changelog.html
- update to version 4.60 tons of bugfixes, see http://nmap.org/changelog.html
- Wrong files for package nmap in openSUSE:Factory [BNC #369021]
- We have to buildrequire lua-devel, otherwise bundled is used
- fix packaging issues
- update to version 4.53 which
o Added UPnP-info NSE script. It gathers information from the
UPnP service (UDP port 1900) which listens on many network
devices such as routers, printers, and networked media players.
o Fix a lot of Bugs
o The Nmap Scripting Engine (NSE) now supports run-time interaction
and the Nmap --host-timeout option.
- changed libpcap to libpcap-devel in BuildRequires
- change last patch to build
- fix build bug
- update to version 4.20 which
o Integrated the latest OS fingerprint submissions
o Fix Bugs
- GNOME moved to /usr
- build against system provided libdnet
- update to version 4.11 which
o Added a dozens of more detailed SSH version detection
signatures
o Fixed the Nmap Makefile
o Fixed a compilation problem on solaris and possibly other
platforms.
o Applied a patch which helps with HP-UX compilation by linking
in the nm library (-lnm
o Added version detection probes for detecting the Nessus daemon.
- Reduce BuildRequires.
- update to 4.0 final. Only some metadata updates
- added pcre-devel to buildrequires
- updated to 3.999 which includes:
o Upgraded the included LibPCRE from version 6.3 to 6.4.
o Integrated all remaining 2005 service submissions.
o Added run time interaction
o Reverse DNS resolution is now done in parallel
o Added the --badsum option, which causes Nmap to use invalid TCP or
UDP checksums for packets sent to target hosts.
o More excellent NmapFE patches from Priit Laes
o Added --max_retries option
o Many of the Nmap low-level timing options take a value in
milliseconds.
o Made some changes to allow source port zero scans (-g0).
- converted neededforbuild to BuildRequires
- 3.95 update
- 3.93 update (fixes #129227)
- fix specfile
- fix C++ Problem with gcc 4.1
- fix Makefile.in to use RPM_OPT_FLAGS
- Update to nmap-3.90
- use internal pcre to avoid problems with SYN scan
[#104337]
- Don't strip binaries
- Build against system libpcap/libpcre to avoid libpcap bugs
[Bug #98249]
- Moved desktop file, added icon (#73653).
- fix return values of gencode.c.
- Update to nmap-3.81
- Update to nmap-3.80
- Update to nmap-3.77
- Update to nmap-3.75
- Update to nmap-3.70
- Update to nmap-3.55
- Fix accidental deletion of specfile tag
- Add openssl to #nfb in order to enable SSL-scan-through support
- Update to nmap-3.50
- move nmapfe/xnmap to a subpackage nmap-gtk
- make use of openssl
- fix DESTDIR patch
- dont build as root
- Update to version 3.48
- add Categories
- Update to version 3.30
- Update to version 3.28
- Update to nmap-3.27
- Use %defattr
- Update to nmap-3.20
- removed bogus self-provides
- fix neededforbuild
- use BuildRoot
- add missing files to file list
- long awaited version 3.00. News:
* 700 operation systems + network devices in fingerprint database
* uptime scan
* XML output
* all references to God in error messages are capitalized
added filter.dif security fix for homegrown libpcap.
- new version 2.54BETA30.
- fixed specfile to build (suse_update_config before autoconf)
- update to 2.54BETA22
- Add %suse_update_config.
- fixed inet_aton detection
- fix neededforbuild
- update to 2.53, move /usr/lib/nmap to /usr/share/nmap
- Version 2.3BETA14. Move manpage to /usr/share/man
- update to version 2.3BETA6
- new version 2.12
- ran old prepare_spec on spec file to switch to new prepare_spec.
- new package, version 2.02
OBS-URL: https://build.opensuse.org/package/show/network:utilities/nmap?expand=0&rev=136
2024-07-26 09:34:37 +00:00
|
|
|
[[ $compiled_with == *\ libpcre2-* ]]
|
2012-12-02 15:27:49 +00:00
|
|
|
[[ $compiled_with == *\ libpcap-* ]]
|
|
|
|
|
[[ $compiled_with == *\ openssl-* ]]
|
|
|
|
|
# check features built with included sources
|
|
|
|
|
[[ $compiled_with == *\ nmap-libdnet-* ]]
|
|
|
|
|
# check for lua
|
2015-03-03 20:08:34 +00:00
|
|
|
%if %{with_system_lua}
|
2016-10-07 14:42:21 +00:00
|
|
|
[[ $compiled_with == *\ liblua-5.3* ]]
|
2012-12-02 15:27:49 +00:00
|
|
|
%else
|
2023-05-25 08:43:04 +00:00
|
|
|
# lua in nmap tarball identifies itself as "liblua-5.4.4"
|
|
|
|
|
[[ $compiled_with == *\ nmap-liblua-5.4.* ]]
|
2012-12-02 15:27:49 +00:00
|
|
|
%endif
|
|
|
|
|
#
|
|
|
|
|
|
2007-01-07 23:48:21 +00:00
|
|
|
%files
|
2020-11-02 13:45:23 +00:00
|
|
|
%license LICENSE
|
2018-05-10 23:07:02 +00:00
|
|
|
%doc CHANGELOG HACKING
|
2011-10-17 02:46:15 +00:00
|
|
|
%doc docs/README
|
2007-01-07 23:48:21 +00:00
|
|
|
%doc docs/nmap.usage.txt
|
2012-07-16 22:16:15 +00:00
|
|
|
%dir %{_mandir}/??
|
|
|
|
|
%dir %{_mandir}/??/man1
|
|
|
|
|
%dir %{_mandir}/??_??
|
|
|
|
|
%dir %{_mandir}/??_??/man1
|
2018-05-10 23:07:02 +00:00
|
|
|
%{_mandir}/man1/nmap.1%{?ext_man}
|
2010-10-30 07:49:27 +00:00
|
|
|
%{_mandir}/*/man1/*
|
2008-03-02 14:04:30 +00:00
|
|
|
%{_bindir}/nmap
|
2008-04-03 08:53:38 +00:00
|
|
|
%{_datadir}/nmap
|
2007-01-07 23:48:21 +00:00
|
|
|
|
- Update to 7.95:
* Integrated over 4,000 of your IPv4 OS fingerprints. Added 336 signatures,
bringing the new total to 6,036. Additions include iOS 15 & 16, macOS
Ventura & Monterey, Linux 6.1, OpenBSD 7.1, and lwIP 2.2
* Integrated over 2,500 service/version detection fingerprints. The signature
count went up 1.4% to 12,089, including 9 new softmatches. We now detect
1,246 protocols, including new additions of grpc, mysqlx, essnet,
remotemouse, and tuya.
* Added four new scripts from the DINA community for querying industrial
control systems
* Improvements to OS detection fingerprint matching, including a syntax
change for nmap-os-db that allows ranges within the TCP Options
string. This leads to more concise and maintainable fingerprints. [Daniel
Miller]
* Improved the OS detection engine by using a new source port for each retry.
Scans from systems such as Windows that do not send RST for unsolicited
SYN|ACK responses were previously unable to get a response in subsequent
tries. [Daniel Miller]
* Several profile-guided optimizations of the port scan engine. [Daniel Miller]
* Upgraded included libraries: Lua 5.4.6, libpcre2 10.43, zlib 1.3.1, libssh2
1.11.0, liblinear 2.47
* Zenmap and Ndiff now use setuptools, not distutils
for packaging.
* Fixed Ncat UDP server mode to not quit after EOF on
stdin.
* ssh-auth-methods will now print the pre-authentication banner text
when available. Requires libssh2 1.11.0 or later. [Daniel Miller]
* Fix a crash in Zenmap when changing a host comment.
* Fix TLS 1.2 signature algorithms for EdDSA. [Daniel Roethlisberger]
* Fix an out-of-bounds read which led to out-of-memory errors when
duplicate addresses were used with --exclude
* Fixed a memory leak in Nsock: compiled pcap filters were not freed.
* Fixed a crash when using service name wildcards with -p, as in -p "http*"
* Fixed DNS TXT record parsing bug which caused asn-query to fail in
Nmap 7.80 and later. [David Fifield, Mike Pattrick]
* Fixed packet size testing in KNX scripts [f0rw4rd]
- Remove nmap-7.94-handle-unknown-service-name-in-p.patch
- Add zenmap-fix-locale-install.patch
* Fix locale files installation for zenmap
- Use %pyproject macros for building and installing zenmap
- fix segfault with -p (boo#1221403)
add nmap-7.94-handle-unknown-service-name-in-p.patch
- Update License to 'SUSE-NonFree" until determined otherwise
to please checks in openSUSE:Factory:NonFree (boo#1211571)
- Fix build error and wrong requires. Lua version 5.4.4 is required.
But something in opensuse lua package is broken. Set it disable for
Leap too and not only for Tumbleweed.
- Update to 7.94:
* Zenmap and Ndiff now use Python 3
* Nmap now prints vendor names based on MAC address for MA-S (24-bit),
MA-M (28-bit), and MA-L (36-bit) registrations instead of the fixed
3-byte MAC prefix used previously for lookups.
* Lots of profile-guided memory and processing improvements for Nmap,
including OS fingerprint matching, probe matching and retransmission
lookups for large hostgroups, and service name lookups.
* Integrated many of the most-submitted IPv4 OS fingerprints for recent
versions of Windows, iOS, macOS, Linux, and BSD.
* Added the tftp-version script which requests a nonexistent file from a
TFTP server and matches the error message to a database of known software.
* Ncat can now accept "connections" from multiple UDP hosts in listen mode
with the --keep-open option. This also enables --broker and --chat via UDP.
* Upgrade included libraries: zlib 1.2.13, Lua 5.4.4, libpcap 1.10.4
* UDP port scan (-sU) and version scan (-sV) now both use the same data source,
nmap-service-probes, for data payloads. Previously, the nmap-payloads file
was used for port scan.
* Nmap's service scan (-sV) can now probe the UDP service behind a DTLS tunnel,
the same as it already does for TCP services with SSL/TLS encryption.
* Ncat in listen mode with --udp --ssl will use DTLS to secure incoming connections.
* Handle Internationalized Domain Names (IDN) like Яндекс.рф on platforms
where getaddrinfo supports the AI_IDN flag. [Daniel Miller]
* Improved DNS domain name parsing to avoid recursion and enforce name length
limits, avoiding a theoretical stack overflow issue with certain crafted
DNS server responses.
- Update License to 'LicenseRef-NPSL-0.95'
- The package is licenced under the ""Nmap Public Source License",
which is not OSI approved. Specify as "LicenseRef-NPSL-0.93".
(boo#1211571)
- Update to 7.93:
* This release commemorates Nmap's 25th anniversary! It all started with this September 1, 1997 Phrack article by Fyodor: https://nmap.org/p51-11.html.
* Ensure Nmap builds with OpenSSL 3.0 using no deprecated API functions. Binaries for this release include OpenSSL 3.0.5.
* Upgrade included libraries: libssh2 1.10.0, zlib 1.2.12, Lua 5.3.6, libpcap 1.10.1
* Fix a bug that prevented Nmap from discovering interfaces on Linux when no IPv4 addresses were configured.
* NSE "exception handling" with nmap.new_try() will no longer result in a stack traceback in debug output
* Update the Nmap output DTD to match actual output since the `<hosthint>` element was added in Nmap 7.90.
* Fix newtargets support: since Nmap 7.92, scripts could not add targets in script pre-scanning phase.
* Scripts dhcp-discover and broadcast-dhcp-discover now support setting a client identifier.
* Script oracle-tns-version was not reporting the version correctly for Oracle 19c or newer
* Script redis-info was crashing or producing inaccurate information about client connections and/or cluster nodes.
* Script ipidseq was broken due to calling an unreachable library function.
* Support for EC crypto was not properly enabled if Nmap was compiled with OpenSSL in a custom location.
* Improvements to event handling and pcap socket garbage collection, fixing potential hangs and crashes.
* Fix TDS7 password encoding for mssql.lua, which had been assuming ASCII input even though other parts of the library had been passing it Unicode.
* Replace deprecated CPEs for IIS with their updated identifier, cpe:/a:microsoft:internet_information_services
* Fix script-terminating error when unknown BSON data types are encountered. Added parsers for most standard data types.
* Fix hostname/certificate comparison and matching to handle ASN.1 strings without null terminators, a similar bug to OpenSSL's CVE-2021-3712.
* Added support for SOCKS5 proxies that return bind addresses as hostnames, instead of IPv4/IPv6 addresses.
- Do not build with python2 support for SLE15-SP4, bsc#1190997
- Tumbleweed is not affected by the following SLE issues:
* bsc#1148742, CVE-2017-18594
* bsc#1135350
* bsc#1133512
- Update to 7.92:
* TLS 1.3 now supported by most scripts for which it is relevant
* Other bugfixes and improvements
* https://nmap.org/changelog.html#7.92
- Also guard the python-devel BuildRequires if we're building for Python 2
- update to 7.91:
* Rectify error "time result cannot be represented" in the AFP
library
* Support setting the SNMP protocol version in via snmp.version
* Fix MySQL library not properly parsing responses
* mysql-audit now defaults to the bundled mysql-cis.audit for
the audit rule base
- update to 7.90:
* New fingerprints for better OS and service/version detection
* 3 new NSE scripts, new protocol libraries and payloads for host discovery,
port scanning and version detection
* 70+ smaller bug fixes and improvements
* Build system upgrades and code quality improvements
- drop netmask_negativ_bitshift.patch (obsolete)
- fix typo in description
- Update to 7.80:
* 11 new NSE scripts
* Added AF_VSOCK (Linux VM sockets) functionality to Nsock and Ncat
* Deprecate and disable the -PR (ARP ping) host discovery option. ARP ping is
already used whenever possible.
* Temporary RSA keys are now 2048-bit to resolve a compatibility issue with
OpenSSL library configured with security level 2.
* See https://nmap.org/changelog#7.80 for the complete changelog.
- Removed patches included upstream:
* nmap-7.70-CVE-2018-15173_pcre_limits.patch
* nmap-7.70-fix_infinite_loop.patch
- Added netmask_negativ_bitshift.patch to fix netmask calculation for certain
architectures.
- add nmap-7.70-fix_infinite_loop.patch to fix infinite loop in
tls-alpn when server is forcing a protocol [bsc#1143277]
- add nmap-7.70-CVE-2018-15173_pcre_limits.patch to reduce LibPCRE
resource limits so that version detection can't use as much of
the stack. Previously Nmap could crash when run on low-memory
systems against target services which are intentionally or
accidentally difficult to match [bsc#1104139] [CVE-2018-15173].
- Trim filler wording from description.
- Trim idempotent %if..%endif blocks.
- Explicitly request bash for bashisms in %install.
- don't build zenmap and ndiff python2 subpackages because of the
python2 deprecation in Tumbleweed
- run spec-cleaner
- tweak Summaries and Descriptions
- Update to 7.70:
* 14 new NSE scripts
* iec-identify probes for the IEC 60870-5-104 SCADA protocol
* ssh-brute performs brute-forcing of SSH password credentials
* See https://nmap.org/changelog.html#7.70 for the complete changelog.
- Nmap 7.60:
* NSE scripts now have complete SSH support via libssh2
* Added 14 NSE scripts from 6 authors, bringing the total up to 579!
* See https://nmap.org/changelog.html#7.60 for the complete changelog.
- Nmap 7.50:
* Integrated all of your service/version detection fingerprints
submitted from September to March (855 of them). The signature
count went up 2.9% to 11,418. We now detect 1193 protocols from
apachemq, bro, and clickhouse to jmon, slmp, and zookeeper.
Highlights: http://seclists.org/nmap-dev/2017/q2/140
* Many added NSE scripts, OS fingerprints, service probes
* See https://nmap.org/changelog.html#7.50 for the complete changelog.
- Nmap 7.40:
* Many added NSE scripts, OS fingerprints, service probes
* New option --defeat-icmp-ratelimit dramatically reduces UDP
scan times in exchange for labeling unresponsive
(and possibly open) ports as "closed|filtered".
* New NSE library, geoip.lua, provides a common framework for
storing and retrieving IP geolocation results.
* See https://nmap.org/changelog.html#7.40 for the complete
changelog.
- Refresh nmap-5.61-desktop_files.patch as
nmap-7.40-desktop_files.patch
- Nmap 7.31:
* Fix the way Nmap handles scanning names that resolve to the
same IP
* Zenmap: Better visual indication that display of hostname is
tied to address in the Topology page
- Nmap 7.30:
* Many added NSE scripts, OS fingerprints, service probes
* Improved output filtering
* Using Lua 5.3
* Many bug fixes, improvements and performance enhancements
- Nmap 7.12:
* Zenmap: Avoid file corruption in zenmap.conf
* NSE: VNC updates
* NSE: Add STARTTLS support for VNC, NNTP, and LMTP
* Add new service probes and match lines for OpenVPN
- Nmap 7.11:
* Add support for diffie-hellman-group-exchange-* SSH key
exchange methods to ssh2.lua, allowing ssh-hostkey to run on
servers that only support custom Diffie-Hellman groups.
* Add support in sslcert.lua for Microsoft SQL Server's TDS
protocol, so you can now grab certs with ssl-cert or check
ciphers with ssl-enum-ciphers.
* Fix crashes in Zenmap
- Nmap 7.10:
* Add 12 NSE scripts
* Integrate OS, service/version detection fingerprint submissions
* Updated to various NSE scripts
* Zenmap: Remember window geometry (position and size) from the
previous time Zenmap was run.
* Give option parsing errors after the long usage statement
* Changed Nmap's idea of reserved and private IP addresses to include
169.254/16 (RFC3927) and remove 6/8, 7/8, and 55/8 networks
(for -iR randomly generated targets)
Usage of own exclusion lists with --exclude or --exclude-file is
recommended to avoid scanning newly-valid addresses belonging to
the US DoD.
* Allow the -4 option for Nmap to indicate IPv4 address family.
* Add verbosity level of 0 (-v0): not text output
- Nmap 7.01:
* various bug fixes in NSE
- Nmap 7.00:
* see /usr/share/doc/packages/nmap/CHANGELOG
- removed patches:
* nmap-4.00-noreturn.diff
* nmap-6.00-libpcap-filter.diff
not needed since we do not build against the bundled libpcap
- updated patch:
* nmap-ncat-skip-network-tests.patch
- Unbreak everything not Factory
- Fix the build for Factory. Insist on lua 5.2.x
- BuildRequire lua52-devel on openSUSE > 13.2 (current Tumbleweed):
nmap has not been ported to LUA 5.3 yet.
- Minor fix in check session: internal lua identifies itself as
5.2.3 by now.
- fix build on SLE 12 by removing gpg-offline dependency
- run spec-cleaner
- Nmap 6.47:
* updated IPv4 OS fingerprints
* Removed the External Entity Declaration from the DOCTYPE in
Nmap's XML. The doctype is now: <!DOCTYPE nmaprun>
* Ncat: Fixed SOCKS5 username/password authentication
* Avoid formatting NULL as "%s" when running nmap --iflist
* Zenmap, Ndiff: Avoid crashing with old PyXML package
* Handle ICMP admin-prohibited messages when doing service version
detection.
* NSE: Fix a bug causing http.head to not honor redirects.
* Zenmap: Fix a bug in DiffViewer causing a crash
- fix self-obsoletion of zenmap (nmap-gtk)
- Nmap 6.46
- NSE:
* Made numerous improvements to ssl-heartbleed to provide
more reliable detection of the vulnerability
* Fix some bugs which could cause snmp-ios-config and
snmp-sysdescr scripts to crash
* Improved performance of citrixlua library when handling large
XML responses containing application lists
- Zenmap:
* Fixed a bug which caused this crash message: "IOError:
[Errno socket error] [Errno 10060] A connection attempt
failed [...]" due to DOCTYPE definition to Nmap's XML output
- Nmap 6.45
- NSE:
* Add ssl-heartbleed script to detect the Heartbleed OpenSSL bug
* Fixed an error-handling bug in socks-open-proxy that caused it
to fail when scanning a SOCKS4-only proxy
* Improved ntp-info script to handle underscores in returned
data
* Add quake1-info script for retrieving server and player
information from Quake 1 game servers
* Add unicode library for decoding and encoding UTF-8, UTF-16,
CP437 and other character sets to Unicode code points. Scripts
that previously just added or skipped nulls in UTF-16 data can
use this to support non-ASCII characters
* When doing a ping scan (-sn), the --open option will prevent down
hosts from being shown when -v is specified. This aligns with
similar output for othe rscan types
* Add http-ntlm-info script for getting server information from
Web servers that require NTLM authentication
* Added tls library for functions related to SSLv3 and TLS
messages. Existing ssl-enum-ciphers, ssl-date, and
tls-nextprotoneg scripts were updated to use this library
* Add sstp-discover script to discover Microsoft's Secure Socket
Tunnelling Protocol
* Added unittest library and NSE script for adding unit tests to
NSE libraries
* Added allseeingeye-info script
* Add freelancer-info script
* Add http-server-header script
* Add rfc868-time script
* Add weblogic-t3-info script
* Removed a fixed value (28428) which was being set for the Request
ID in the snmpWalk library function
* Add http-iis-short-name-brute script
* Add http-dlink-backdoor
* Made telnet-brute support multiple parallel guessing threads
* Made the table returned by ssh1.fetch_host_key contain a "key"
element, like that of ssh2.fetch_host_key
* Update dns-cache-snoop script to use a new list of top 50
domains rather than a 2010 list
* Added the qconn-exec script
- Ncat:
* Added support for socks5 and corresponding regression tests.
* Fixed compilation when --without-liblua is specified
* Added NCAT_PROTO, NCAT_REMOTE_ADDR, NCAT_REMOTE_PORT,
NCAT_LOCAL_ADDR and NCAT_LOCAL_PORT environment variables being
set in all --*-exec child processes.
- Nsock:
* Handle timers and timeouts via a priority queue
- Various:
* Added TCP support to dns.lua
* Added safe fd_set operations. This makes nmap fail gracefully
instead of crashing when the number of file descriptors grows
over FD_SETSIZE
* Updated bundled liblua from 5.2.2 to 5.2.3 (bugfix release)
* Added version detection signatures and probes for a bunch of
Android remote mouse/keyboard servers, including AndroMouse,
AirHID, Wifi-mouse, and RemoteMouse.
* Fixed a bug with UDP checksum calculation
* Idle scan now supports IPv6
* The ICMP ID of ICMP probes is now matched against the sent ICMP
ID to reduce the chance of false matches
- Zenmap:
* Fixed a crash that would happen when you entered a search
term starting with a colon
- add missing python-gtk dependency for zenmap [bnc#752158]
- update to 6.40
- [Ncat] Added --lua-exec
- new and updated IPv4 OS fingerprints
- new and updated IPv6 OS fingerprints
- new and updated service/version fingerprints
- [Nsock] Added initial proxy support to Nsock
- [NSE] Added 14 NSE scripts
- Updated the Nmap license terms, still GPL-2.0+
https://svn.nmap.org/nmap/COPYING.
- [NSE] fix possibility of writing arbitrary file to client system
when using the http-domino-enum-passwords script with the
domino-enum-passwords.idpath parameter against a malicious server
- Unicast CIDR-style IPv6 range scanning is now supported
- It's now possible to mix IPv4 range notation with CIDR netmasks in
target specifications.
- Timeout script-args are now standardized to use the timespec that
Nmap's command-line arguments take (5s, 5000ms, 1h, etc.)
- Nmap may now partially rearrange its target list for more efficient
host groups.
- [Ncat] The -i option (idle timeout) now works in listen mode as well as
connect mode.
- [Ncat] Ncat now support chained certificates with the --ssl-cert
option.
- [Nping] Nping now checks for a matching ICMP ID on echo replies
- [NSE] The ipOps.isPrivate library now considers the deprecated
site-local prefix fec0::/10 to be private.
- Nmap's routing table is now sorted first by netmask, then by metric.
- Routes are now sorted to prefer those with a lower metric.
- Fixed a byte-ordering problem on little-endian architectures when doing
idle scan with a zombie that uses broken ID increments.
- Stop parsing TCP options after reaching EOL in libnetutil.
- [NSE] The dns-ip6-arpa-scan script now optionally accepts "/" syntax for
a network mask
- Fixed our NSEDoc system for UTF-8 names
- UDP protocol payloads were added for detecting the Murmer service
- [NSE] Added http-phpmyadmin-dir-traversal
- Fixed address matching for SCTP (-PY) ping
- Removed some non-ANSI-C strftime format strings ("%F") and
locale-dependent formats ("%c") from NSE scripts and libraries.
- [Zenmap] Improved internationalization support
- [Zenmap] Fixed internationalization files
- [NSE] Updated the included Liblua from version 5.2.1 to 5.2.2.
- [Nsock] Added a minimal regression test suite for Nsock.
- [NSE] Updated the redis-brute and redis-info scripts to work against
the latest versions of redis server
- [Ncat] Fixed errors in connecting to IPv6 proxies.
- [NSE] Updated hostmap-bfk to work with the latest version of their website
- [NSE] Added XML structured output support to:
+ xmpp-info, irc-info, sslv2, address-info
+ hostmap-bfk, hostmap-robtex, hostmap-ip2hosts.
+ http-git.nse.
- Added new service probes for:
+ Erlang distribution nodes
+ Minecraft servers.
+ Hazelcast data grid.
- [NSE] Rewrote telnet-brute for better compatibility with a variety of
telnet servers.
- Fixed a regression that changed the number of delimiters in machine
output.
- Fixed a regression in broadcast-dropbox-listener which prevented it from
producing output.
- Handle ICMP type 11 (Time Exceeded) responses to port scan probes.
- Add new decoders (BROWSER, DHCP6 and LLMNR) to broadcast-listener and
changed output of some of the decoders slightly.
- Namespace the pipes used to communicate with subprocesses by PID, to avoid
multiple instances of Ncat from interfering with each other.
- [NSE] Changed ip-geolocation-geoplugin to use the web service's new output
format.
- Limited the number of open sockets in ultra_scan to FD_SETSIZE.
- Fixed a bug that prevented Nmap from finding any interfaces when one of
them had the type ARP_HDR_APPLETALK
- [Ncat] Ncat now keeps running in connect mode after receiving EOF from the
remote socket, unless --recv-only is in effect.
- Packet trace of ICMP packets now include the ICMP ID and sequence number
by default.
- [NSE] Fixed various NSEDoc bugs
- [Zenmap] Zenmap now understands the NMAP_PRIVILEGED and NMAP_UNPRIVILEGED
environment variables.
- Added an ncat_assert macro.
- Added nmap-fo.xsl to convert Nmap XML into XSL-FO, which can be converted
into PDF using tools suck as Apache FOP.
- Increased the number of slack file descriptors not used during connect
scan.
- Changed the --webxml XSL stylesheet to point to the new location of
nmap.xsl in the new repository (https://svn.nmap.org/nmap/docs/nmap.xsl).
- [NSE] The vulnerability library can now preserve vulnerability information
across multiple ports of the same host.
- Removed the undocumented -q option, which renamed the nmap process to
something like "pine".
- Moved the Japanese man page from man1/jp to man1/ja. JP is a country code
while JA is a language code.
- [Nsock] Reworked the logging infrastructure to make it more flexible and
consistent.
- [NSE] Fixed scripts using unconnected UDP sockets.
- Made some changes to Ndiff to reduce parsing time when dealing with large
Nmap XML output files.
- [Zenmap] Fixed a crash that could be caused by opening the About dialog,
using the window manager to close it, and opening it again.
- [Ncat] Made test-addrset.sh exit with nonzero status if any tests
fail.
- Fixed compilation with --without-liblua.
- Fixed CRC32c calculation (as used in SCTP scans) on 64-bit
platforms.
- [NSE] Added multicast group name output to broadcast-igmp-discovery.nse.
- [NSE] Added new fingerprints for http-enum: Sitecore, Moodle, typo3,
SquirrelMail, RoundCube.
- Packaging changes:
* remove nmap-ncat-fail-test-addrset.patch, committed upstream
* ja locale was corrected upstream
- add verification of gpg signatures of source tarballs
- run available unit tests
- add nmap-ncat-fail-test-addrset.patch to make ncat tests effective
- add nmap-ncat-skip-network-tests.patch to skip tests requiring
name resolution
- update to 6.25
+ add 373 IPv4 OS fingerprints and improve existing fingerprints
+ add more than 400 service/version detection fingerprints
+ integrate latest IPv6 OS submissions and corrections
+ Enabled support for IPv6 traceroute using UDP, SCTP, and IPProto
(Next Header) probes.
+ Scripts can now return a structured name-value table so that results
are query-able from XML output. Scripts can return a string as
before, or a table, or a table and a string. In this last case, the
table will go to XML output and the string will go to screen output.
+ Ncat: Added support for Unix domain sockets. The new -U and
--unixsock options activate this mode.
+ removal of Windows dependencies reduces size of source tarball
+ Replaced old RPC grinder with NSE-based implementation
+ Updated Nmap Scripting Engine to use Lua 5.2
+ Added 85 NSE scripts
+ Added 12 new protocol libraries:
* ajp (Apache JServ Protocol)
* base32 (Base32 encoding/decoding - RFC 4648)
* bjnp (Canon BJNP printer/scanner discovery protocol)
* cassandra (Cassandra database protocol)
* eigrp (Cisco Enhanced Interior Gateway Routing Protocol)
* gps (Global Positioning System - does GPRMC NMEA decoding)
* ipp (CUPS Internet Printing Protocol)
* isns (Internet Storage Name Service)
* jdwp (Java Debug Wire Protocol)
* mobileme (a service for managing Apple/Mac devices)
* ospf (Open Shortest Path First routing protocol)
* rdp (Remote Desktop Protocol)
+ added more Common Platform Enumeration (CPE) identifiers
+ Scans that use OS sockets (including TCP connect scan, version
detection, and script scan) now use the SO_BINDTODEVICE sockopt on
Linux, so that the -e (select network device) option is
honored.
+ [Zenmap] Host filters can now do negative matching, for example you
can use "os:!linux" to match hosts NOT detected as Linux.
+ further minor improvements and bug fixes as listed in
http://nmap.org/changelog.html
- for openSUSE releases where lua 5.2 is available, build with that
library, otherwise use the library that comes with the sources
- add tests for the correct system or included libraries
- refresh nmap-4.75-nostrip.patch
- refresh su-to-zenmap.patch
- update manpages glob to fix Factory build
- update to upstream 6.0.1
* fix a zenmap a crash that happened when activating the host filter.
* fix finding network interfaces if one of them is in monitor mode
* fixx greppable output of hosts that time-out
- update to upstream 6.00
* enhanced Nmap Scripting Engine
* Better Web Scanning
* Full IPv6 Support
* New NPing Tool
* Better Zenmap GUI & results viewer
* Faster scans
* for a full list of changes see http://nmap.org/6/#changes and
http://nmap.org/changelog.html
- refresh nmap-4.00-libpcap-filter.diff
- as nmap is built with the inluded and stripped nmap-libdnet-1.12,
remove system libdnet as build requirement
- Update to nmap-5.61TEST5
- refresh nmap-4.00-libpcap-filter.diff for moved source lines
- refresh nmap-4.00-noreturn.diff for moved source lines
- refresh nmap-4.75-nostrip.patch for moved source lines
- update nmap-5.00-desktop_files.patch
to nmap-5.61-desktop_files.patch for change source
- update su-to-zenmap.patch for moved source lines
- Conditionally change lua-devel BuildRequires to lua51-devel on
openSUSE > 12.1. The code is not yet ready for lua 5.2.
- Fixed a run Zenmap as sudo in KDE and GNOME
- Update to nmap 5.61-xxx branch, changelog too long, see NEWS
for details.
- Add a new subpackage "nping"
- drop no-md2.patch already in upstream.
- add nmap-5.21-gnomesu.patch (fixed bnc#613847)
- spec file clean up to build on SLE and openSUSE < 11.3
- update to 5.21
* Dramatically improved the version detection database, integrating
2,596 submissions that users contributed since February 3, 2009!
* bugfixes
- disable md2 in the scripting language (no longer supplied
by default openssl)
- fixed bnc#528581
- Pascal updated to 5.00 with way too many changes to list them,
see /usr/share/doc/packages/nmap/CHANGELOG
- introduce ncat and ndiff packages providing tools for nmap scans
- use new python macros
- remove strip so we have debuginfos
- Update to 4.75
* [Zenmap] Added a new Scan Topology system.
* [Zenmap] Another exciting new Zenmap feature is Scan
Aggregation.
* [Zenmap] Added a context-sensitive help system to the Profile
Editor.
* Expanded nmap-services to include information on how frequently
each port number is found open.
* Nmap now scans the most common 1,000 ports by default in either
protocol (UDP scan is still optional).
* Nmap fast scan (-F) now scans the top 100 ports by default in
either protocol.
* The --top-ports option lets you specify the number of ports you
wish to scan in each protocol, and will pick the most popular
ports for you based on the new frequency data.
* integrated all of the OS detection fingerprint and correction
submissions
- rename nmap-gtk subpackage to zenmap
- update to version 4.68
* Too many changes to list, see http://nmap.org/changelog.html
- update to version 4.60 tons of bugfixes, see http://nmap.org/changelog.html
- Wrong files for package nmap in openSUSE:Factory [BNC #369021]
- We have to buildrequire lua-devel, otherwise bundled is used
- fix packaging issues
- update to version 4.53 which
o Added UPnP-info NSE script. It gathers information from the
UPnP service (UDP port 1900) which listens on many network
devices such as routers, printers, and networked media players.
o Fix a lot of Bugs
o The Nmap Scripting Engine (NSE) now supports run-time interaction
and the Nmap --host-timeout option.
- changed libpcap to libpcap-devel in BuildRequires
- change last patch to build
- fix build bug
- update to version 4.20 which
o Integrated the latest OS fingerprint submissions
o Fix Bugs
- GNOME moved to /usr
- build against system provided libdnet
- update to version 4.11 which
o Added a dozens of more detailed SSH version detection
signatures
o Fixed the Nmap Makefile
o Fixed a compilation problem on solaris and possibly other
platforms.
o Applied a patch which helps with HP-UX compilation by linking
in the nm library (-lnm
o Added version detection probes for detecting the Nessus daemon.
- Reduce BuildRequires.
- update to 4.0 final. Only some metadata updates
- added pcre-devel to buildrequires
- updated to 3.999 which includes:
o Upgraded the included LibPCRE from version 6.3 to 6.4.
o Integrated all remaining 2005 service submissions.
o Added run time interaction
o Reverse DNS resolution is now done in parallel
o Added the --badsum option, which causes Nmap to use invalid TCP or
UDP checksums for packets sent to target hosts.
o More excellent NmapFE patches from Priit Laes
o Added --max_retries option
o Many of the Nmap low-level timing options take a value in
milliseconds.
o Made some changes to allow source port zero scans (-g0).
- converted neededforbuild to BuildRequires
- 3.95 update
- 3.93 update (fixes #129227)
- fix specfile
- fix C++ Problem with gcc 4.1
- fix Makefile.in to use RPM_OPT_FLAGS
- Update to nmap-3.90
- use internal pcre to avoid problems with SYN scan
[#104337]
- Don't strip binaries
- Build against system libpcap/libpcre to avoid libpcap bugs
[Bug #98249]
- Moved desktop file, added icon (#73653).
- fix return values of gencode.c.
- Update to nmap-3.81
- Update to nmap-3.80
- Update to nmap-3.77
- Update to nmap-3.75
- Update to nmap-3.70
- Update to nmap-3.55
- Fix accidental deletion of specfile tag
- Add openssl to #nfb in order to enable SSL-scan-through support
- Update to nmap-3.50
- move nmapfe/xnmap to a subpackage nmap-gtk
- make use of openssl
- fix DESTDIR patch
- dont build as root
- Update to version 3.48
- add Categories
- Update to version 3.30
- Update to version 3.28
- Update to nmap-3.27
- Use %defattr
- Update to nmap-3.20
- removed bogus self-provides
- fix neededforbuild
- use BuildRoot
- add missing files to file list
- long awaited version 3.00. News:
* 700 operation systems + network devices in fingerprint database
* uptime scan
* XML output
* all references to God in error messages are capitalized
added filter.dif security fix for homegrown libpcap.
- new version 2.54BETA30.
- fixed specfile to build (suse_update_config before autoconf)
- update to 2.54BETA22
- Add %suse_update_config.
- fixed inet_aton detection
- fix neededforbuild
- update to 2.53, move /usr/lib/nmap to /usr/share/nmap
- Version 2.3BETA14. Move manpage to /usr/share/man
- update to version 2.3BETA6
- new version 2.12
- ran old prepare_spec on spec file to switch to new prepare_spec.
- new package, version 2.02
OBS-URL: https://build.opensuse.org/package/show/network:utilities/nmap?expand=0&rev=136
2024-07-26 09:34:37 +00:00
|
|
|
%files -n zenmap -f zenmap.lang
|
2008-03-02 14:04:30 +00:00
|
|
|
%{_bindir}/xnmap
|
|
|
|
|
%{_bindir}/zenmap
|
|
|
|
|
%{_bindir}/nmapfe
|
- Update to 7.95:
* Integrated over 4,000 of your IPv4 OS fingerprints. Added 336 signatures,
bringing the new total to 6,036. Additions include iOS 15 & 16, macOS
Ventura & Monterey, Linux 6.1, OpenBSD 7.1, and lwIP 2.2
* Integrated over 2,500 service/version detection fingerprints. The signature
count went up 1.4% to 12,089, including 9 new softmatches. We now detect
1,246 protocols, including new additions of grpc, mysqlx, essnet,
remotemouse, and tuya.
* Added four new scripts from the DINA community for querying industrial
control systems
* Improvements to OS detection fingerprint matching, including a syntax
change for nmap-os-db that allows ranges within the TCP Options
string. This leads to more concise and maintainable fingerprints. [Daniel
Miller]
* Improved the OS detection engine by using a new source port for each retry.
Scans from systems such as Windows that do not send RST for unsolicited
SYN|ACK responses were previously unable to get a response in subsequent
tries. [Daniel Miller]
* Several profile-guided optimizations of the port scan engine. [Daniel Miller]
* Upgraded included libraries: Lua 5.4.6, libpcre2 10.43, zlib 1.3.1, libssh2
1.11.0, liblinear 2.47
* Zenmap and Ndiff now use setuptools, not distutils
for packaging.
* Fixed Ncat UDP server mode to not quit after EOF on
stdin.
* ssh-auth-methods will now print the pre-authentication banner text
when available. Requires libssh2 1.11.0 or later. [Daniel Miller]
* Fix a crash in Zenmap when changing a host comment.
* Fix TLS 1.2 signature algorithms for EdDSA. [Daniel Roethlisberger]
* Fix an out-of-bounds read which led to out-of-memory errors when
duplicate addresses were used with --exclude
* Fixed a memory leak in Nsock: compiled pcap filters were not freed.
* Fixed a crash when using service name wildcards with -p, as in -p "http*"
* Fixed DNS TXT record parsing bug which caused asn-query to fail in
Nmap 7.80 and later. [David Fifield, Mike Pattrick]
* Fixed packet size testing in KNX scripts [f0rw4rd]
- Remove nmap-7.94-handle-unknown-service-name-in-p.patch
- Add zenmap-fix-locale-install.patch
* Fix locale files installation for zenmap
- Use %pyproject macros for building and installing zenmap
- fix segfault with -p (boo#1221403)
add nmap-7.94-handle-unknown-service-name-in-p.patch
- Update License to 'SUSE-NonFree" until determined otherwise
to please checks in openSUSE:Factory:NonFree (boo#1211571)
- Fix build error and wrong requires. Lua version 5.4.4 is required.
But something in opensuse lua package is broken. Set it disable for
Leap too and not only for Tumbleweed.
- Update to 7.94:
* Zenmap and Ndiff now use Python 3
* Nmap now prints vendor names based on MAC address for MA-S (24-bit),
MA-M (28-bit), and MA-L (36-bit) registrations instead of the fixed
3-byte MAC prefix used previously for lookups.
* Lots of profile-guided memory and processing improvements for Nmap,
including OS fingerprint matching, probe matching and retransmission
lookups for large hostgroups, and service name lookups.
* Integrated many of the most-submitted IPv4 OS fingerprints for recent
versions of Windows, iOS, macOS, Linux, and BSD.
* Added the tftp-version script which requests a nonexistent file from a
TFTP server and matches the error message to a database of known software.
* Ncat can now accept "connections" from multiple UDP hosts in listen mode
with the --keep-open option. This also enables --broker and --chat via UDP.
* Upgrade included libraries: zlib 1.2.13, Lua 5.4.4, libpcap 1.10.4
* UDP port scan (-sU) and version scan (-sV) now both use the same data source,
nmap-service-probes, for data payloads. Previously, the nmap-payloads file
was used for port scan.
* Nmap's service scan (-sV) can now probe the UDP service behind a DTLS tunnel,
the same as it already does for TCP services with SSL/TLS encryption.
* Ncat in listen mode with --udp --ssl will use DTLS to secure incoming connections.
* Handle Internationalized Domain Names (IDN) like Яндекс.рф on platforms
where getaddrinfo supports the AI_IDN flag. [Daniel Miller]
* Improved DNS domain name parsing to avoid recursion and enforce name length
limits, avoiding a theoretical stack overflow issue with certain crafted
DNS server responses.
- Update License to 'LicenseRef-NPSL-0.95'
- The package is licenced under the ""Nmap Public Source License",
which is not OSI approved. Specify as "LicenseRef-NPSL-0.93".
(boo#1211571)
- Update to 7.93:
* This release commemorates Nmap's 25th anniversary! It all started with this September 1, 1997 Phrack article by Fyodor: https://nmap.org/p51-11.html.
* Ensure Nmap builds with OpenSSL 3.0 using no deprecated API functions. Binaries for this release include OpenSSL 3.0.5.
* Upgrade included libraries: libssh2 1.10.0, zlib 1.2.12, Lua 5.3.6, libpcap 1.10.1
* Fix a bug that prevented Nmap from discovering interfaces on Linux when no IPv4 addresses were configured.
* NSE "exception handling" with nmap.new_try() will no longer result in a stack traceback in debug output
* Update the Nmap output DTD to match actual output since the `<hosthint>` element was added in Nmap 7.90.
* Fix newtargets support: since Nmap 7.92, scripts could not add targets in script pre-scanning phase.
* Scripts dhcp-discover and broadcast-dhcp-discover now support setting a client identifier.
* Script oracle-tns-version was not reporting the version correctly for Oracle 19c or newer
* Script redis-info was crashing or producing inaccurate information about client connections and/or cluster nodes.
* Script ipidseq was broken due to calling an unreachable library function.
* Support for EC crypto was not properly enabled if Nmap was compiled with OpenSSL in a custom location.
* Improvements to event handling and pcap socket garbage collection, fixing potential hangs and crashes.
* Fix TDS7 password encoding for mssql.lua, which had been assuming ASCII input even though other parts of the library had been passing it Unicode.
* Replace deprecated CPEs for IIS with their updated identifier, cpe:/a:microsoft:internet_information_services
* Fix script-terminating error when unknown BSON data types are encountered. Added parsers for most standard data types.
* Fix hostname/certificate comparison and matching to handle ASN.1 strings without null terminators, a similar bug to OpenSSL's CVE-2021-3712.
* Added support for SOCKS5 proxies that return bind addresses as hostnames, instead of IPv4/IPv6 addresses.
- Do not build with python2 support for SLE15-SP4, bsc#1190997
- Tumbleweed is not affected by the following SLE issues:
* bsc#1148742, CVE-2017-18594
* bsc#1135350
* bsc#1133512
- Update to 7.92:
* TLS 1.3 now supported by most scripts for which it is relevant
* Other bugfixes and improvements
* https://nmap.org/changelog.html#7.92
- Also guard the python-devel BuildRequires if we're building for Python 2
- update to 7.91:
* Rectify error "time result cannot be represented" in the AFP
library
* Support setting the SNMP protocol version in via snmp.version
* Fix MySQL library not properly parsing responses
* mysql-audit now defaults to the bundled mysql-cis.audit for
the audit rule base
- update to 7.90:
* New fingerprints for better OS and service/version detection
* 3 new NSE scripts, new protocol libraries and payloads for host discovery,
port scanning and version detection
* 70+ smaller bug fixes and improvements
* Build system upgrades and code quality improvements
- drop netmask_negativ_bitshift.patch (obsolete)
- fix typo in description
- Update to 7.80:
* 11 new NSE scripts
* Added AF_VSOCK (Linux VM sockets) functionality to Nsock and Ncat
* Deprecate and disable the -PR (ARP ping) host discovery option. ARP ping is
already used whenever possible.
* Temporary RSA keys are now 2048-bit to resolve a compatibility issue with
OpenSSL library configured with security level 2.
* See https://nmap.org/changelog#7.80 for the complete changelog.
- Removed patches included upstream:
* nmap-7.70-CVE-2018-15173_pcre_limits.patch
* nmap-7.70-fix_infinite_loop.patch
- Added netmask_negativ_bitshift.patch to fix netmask calculation for certain
architectures.
- add nmap-7.70-fix_infinite_loop.patch to fix infinite loop in
tls-alpn when server is forcing a protocol [bsc#1143277]
- add nmap-7.70-CVE-2018-15173_pcre_limits.patch to reduce LibPCRE
resource limits so that version detection can't use as much of
the stack. Previously Nmap could crash when run on low-memory
systems against target services which are intentionally or
accidentally difficult to match [bsc#1104139] [CVE-2018-15173].
- Trim filler wording from description.
- Trim idempotent %if..%endif blocks.
- Explicitly request bash for bashisms in %install.
- don't build zenmap and ndiff python2 subpackages because of the
python2 deprecation in Tumbleweed
- run spec-cleaner
- tweak Summaries and Descriptions
- Update to 7.70:
* 14 new NSE scripts
* iec-identify probes for the IEC 60870-5-104 SCADA protocol
* ssh-brute performs brute-forcing of SSH password credentials
* See https://nmap.org/changelog.html#7.70 for the complete changelog.
- Nmap 7.60:
* NSE scripts now have complete SSH support via libssh2
* Added 14 NSE scripts from 6 authors, bringing the total up to 579!
* See https://nmap.org/changelog.html#7.60 for the complete changelog.
- Nmap 7.50:
* Integrated all of your service/version detection fingerprints
submitted from September to March (855 of them). The signature
count went up 2.9% to 11,418. We now detect 1193 protocols from
apachemq, bro, and clickhouse to jmon, slmp, and zookeeper.
Highlights: http://seclists.org/nmap-dev/2017/q2/140
* Many added NSE scripts, OS fingerprints, service probes
* See https://nmap.org/changelog.html#7.50 for the complete changelog.
- Nmap 7.40:
* Many added NSE scripts, OS fingerprints, service probes
* New option --defeat-icmp-ratelimit dramatically reduces UDP
scan times in exchange for labeling unresponsive
(and possibly open) ports as "closed|filtered".
* New NSE library, geoip.lua, provides a common framework for
storing and retrieving IP geolocation results.
* See https://nmap.org/changelog.html#7.40 for the complete
changelog.
- Refresh nmap-5.61-desktop_files.patch as
nmap-7.40-desktop_files.patch
- Nmap 7.31:
* Fix the way Nmap handles scanning names that resolve to the
same IP
* Zenmap: Better visual indication that display of hostname is
tied to address in the Topology page
- Nmap 7.30:
* Many added NSE scripts, OS fingerprints, service probes
* Improved output filtering
* Using Lua 5.3
* Many bug fixes, improvements and performance enhancements
- Nmap 7.12:
* Zenmap: Avoid file corruption in zenmap.conf
* NSE: VNC updates
* NSE: Add STARTTLS support for VNC, NNTP, and LMTP
* Add new service probes and match lines for OpenVPN
- Nmap 7.11:
* Add support for diffie-hellman-group-exchange-* SSH key
exchange methods to ssh2.lua, allowing ssh-hostkey to run on
servers that only support custom Diffie-Hellman groups.
* Add support in sslcert.lua for Microsoft SQL Server's TDS
protocol, so you can now grab certs with ssl-cert or check
ciphers with ssl-enum-ciphers.
* Fix crashes in Zenmap
- Nmap 7.10:
* Add 12 NSE scripts
* Integrate OS, service/version detection fingerprint submissions
* Updated to various NSE scripts
* Zenmap: Remember window geometry (position and size) from the
previous time Zenmap was run.
* Give option parsing errors after the long usage statement
* Changed Nmap's idea of reserved and private IP addresses to include
169.254/16 (RFC3927) and remove 6/8, 7/8, and 55/8 networks
(for -iR randomly generated targets)
Usage of own exclusion lists with --exclude or --exclude-file is
recommended to avoid scanning newly-valid addresses belonging to
the US DoD.
* Allow the -4 option for Nmap to indicate IPv4 address family.
* Add verbosity level of 0 (-v0): not text output
- Nmap 7.01:
* various bug fixes in NSE
- Nmap 7.00:
* see /usr/share/doc/packages/nmap/CHANGELOG
- removed patches:
* nmap-4.00-noreturn.diff
* nmap-6.00-libpcap-filter.diff
not needed since we do not build against the bundled libpcap
- updated patch:
* nmap-ncat-skip-network-tests.patch
- Unbreak everything not Factory
- Fix the build for Factory. Insist on lua 5.2.x
- BuildRequire lua52-devel on openSUSE > 13.2 (current Tumbleweed):
nmap has not been ported to LUA 5.3 yet.
- Minor fix in check session: internal lua identifies itself as
5.2.3 by now.
- fix build on SLE 12 by removing gpg-offline dependency
- run spec-cleaner
- Nmap 6.47:
* updated IPv4 OS fingerprints
* Removed the External Entity Declaration from the DOCTYPE in
Nmap's XML. The doctype is now: <!DOCTYPE nmaprun>
* Ncat: Fixed SOCKS5 username/password authentication
* Avoid formatting NULL as "%s" when running nmap --iflist
* Zenmap, Ndiff: Avoid crashing with old PyXML package
* Handle ICMP admin-prohibited messages when doing service version
detection.
* NSE: Fix a bug causing http.head to not honor redirects.
* Zenmap: Fix a bug in DiffViewer causing a crash
- fix self-obsoletion of zenmap (nmap-gtk)
- Nmap 6.46
- NSE:
* Made numerous improvements to ssl-heartbleed to provide
more reliable detection of the vulnerability
* Fix some bugs which could cause snmp-ios-config and
snmp-sysdescr scripts to crash
* Improved performance of citrixlua library when handling large
XML responses containing application lists
- Zenmap:
* Fixed a bug which caused this crash message: "IOError:
[Errno socket error] [Errno 10060] A connection attempt
failed [...]" due to DOCTYPE definition to Nmap's XML output
- Nmap 6.45
- NSE:
* Add ssl-heartbleed script to detect the Heartbleed OpenSSL bug
* Fixed an error-handling bug in socks-open-proxy that caused it
to fail when scanning a SOCKS4-only proxy
* Improved ntp-info script to handle underscores in returned
data
* Add quake1-info script for retrieving server and player
information from Quake 1 game servers
* Add unicode library for decoding and encoding UTF-8, UTF-16,
CP437 and other character sets to Unicode code points. Scripts
that previously just added or skipped nulls in UTF-16 data can
use this to support non-ASCII characters
* When doing a ping scan (-sn), the --open option will prevent down
hosts from being shown when -v is specified. This aligns with
similar output for othe rscan types
* Add http-ntlm-info script for getting server information from
Web servers that require NTLM authentication
* Added tls library for functions related to SSLv3 and TLS
messages. Existing ssl-enum-ciphers, ssl-date, and
tls-nextprotoneg scripts were updated to use this library
* Add sstp-discover script to discover Microsoft's Secure Socket
Tunnelling Protocol
* Added unittest library and NSE script for adding unit tests to
NSE libraries
* Added allseeingeye-info script
* Add freelancer-info script
* Add http-server-header script
* Add rfc868-time script
* Add weblogic-t3-info script
* Removed a fixed value (28428) which was being set for the Request
ID in the snmpWalk library function
* Add http-iis-short-name-brute script
* Add http-dlink-backdoor
* Made telnet-brute support multiple parallel guessing threads
* Made the table returned by ssh1.fetch_host_key contain a "key"
element, like that of ssh2.fetch_host_key
* Update dns-cache-snoop script to use a new list of top 50
domains rather than a 2010 list
* Added the qconn-exec script
- Ncat:
* Added support for socks5 and corresponding regression tests.
* Fixed compilation when --without-liblua is specified
* Added NCAT_PROTO, NCAT_REMOTE_ADDR, NCAT_REMOTE_PORT,
NCAT_LOCAL_ADDR and NCAT_LOCAL_PORT environment variables being
set in all --*-exec child processes.
- Nsock:
* Handle timers and timeouts via a priority queue
- Various:
* Added TCP support to dns.lua
* Added safe fd_set operations. This makes nmap fail gracefully
instead of crashing when the number of file descriptors grows
over FD_SETSIZE
* Updated bundled liblua from 5.2.2 to 5.2.3 (bugfix release)
* Added version detection signatures and probes for a bunch of
Android remote mouse/keyboard servers, including AndroMouse,
AirHID, Wifi-mouse, and RemoteMouse.
* Fixed a bug with UDP checksum calculation
* Idle scan now supports IPv6
* The ICMP ID of ICMP probes is now matched against the sent ICMP
ID to reduce the chance of false matches
- Zenmap:
* Fixed a crash that would happen when you entered a search
term starting with a colon
- add missing python-gtk dependency for zenmap [bnc#752158]
- update to 6.40
- [Ncat] Added --lua-exec
- new and updated IPv4 OS fingerprints
- new and updated IPv6 OS fingerprints
- new and updated service/version fingerprints
- [Nsock] Added initial proxy support to Nsock
- [NSE] Added 14 NSE scripts
- Updated the Nmap license terms, still GPL-2.0+
https://svn.nmap.org/nmap/COPYING.
- [NSE] fix possibility of writing arbitrary file to client system
when using the http-domino-enum-passwords script with the
domino-enum-passwords.idpath parameter against a malicious server
- Unicast CIDR-style IPv6 range scanning is now supported
- It's now possible to mix IPv4 range notation with CIDR netmasks in
target specifications.
- Timeout script-args are now standardized to use the timespec that
Nmap's command-line arguments take (5s, 5000ms, 1h, etc.)
- Nmap may now partially rearrange its target list for more efficient
host groups.
- [Ncat] The -i option (idle timeout) now works in listen mode as well as
connect mode.
- [Ncat] Ncat now support chained certificates with the --ssl-cert
option.
- [Nping] Nping now checks for a matching ICMP ID on echo replies
- [NSE] The ipOps.isPrivate library now considers the deprecated
site-local prefix fec0::/10 to be private.
- Nmap's routing table is now sorted first by netmask, then by metric.
- Routes are now sorted to prefer those with a lower metric.
- Fixed a byte-ordering problem on little-endian architectures when doing
idle scan with a zombie that uses broken ID increments.
- Stop parsing TCP options after reaching EOL in libnetutil.
- [NSE] The dns-ip6-arpa-scan script now optionally accepts "/" syntax for
a network mask
- Fixed our NSEDoc system for UTF-8 names
- UDP protocol payloads were added for detecting the Murmer service
- [NSE] Added http-phpmyadmin-dir-traversal
- Fixed address matching for SCTP (-PY) ping
- Removed some non-ANSI-C strftime format strings ("%F") and
locale-dependent formats ("%c") from NSE scripts and libraries.
- [Zenmap] Improved internationalization support
- [Zenmap] Fixed internationalization files
- [NSE] Updated the included Liblua from version 5.2.1 to 5.2.2.
- [Nsock] Added a minimal regression test suite for Nsock.
- [NSE] Updated the redis-brute and redis-info scripts to work against
the latest versions of redis server
- [Ncat] Fixed errors in connecting to IPv6 proxies.
- [NSE] Updated hostmap-bfk to work with the latest version of their website
- [NSE] Added XML structured output support to:
+ xmpp-info, irc-info, sslv2, address-info
+ hostmap-bfk, hostmap-robtex, hostmap-ip2hosts.
+ http-git.nse.
- Added new service probes for:
+ Erlang distribution nodes
+ Minecraft servers.
+ Hazelcast data grid.
- [NSE] Rewrote telnet-brute for better compatibility with a variety of
telnet servers.
- Fixed a regression that changed the number of delimiters in machine
output.
- Fixed a regression in broadcast-dropbox-listener which prevented it from
producing output.
- Handle ICMP type 11 (Time Exceeded) responses to port scan probes.
- Add new decoders (BROWSER, DHCP6 and LLMNR) to broadcast-listener and
changed output of some of the decoders slightly.
- Namespace the pipes used to communicate with subprocesses by PID, to avoid
multiple instances of Ncat from interfering with each other.
- [NSE] Changed ip-geolocation-geoplugin to use the web service's new output
format.
- Limited the number of open sockets in ultra_scan to FD_SETSIZE.
- Fixed a bug that prevented Nmap from finding any interfaces when one of
them had the type ARP_HDR_APPLETALK
- [Ncat] Ncat now keeps running in connect mode after receiving EOF from the
remote socket, unless --recv-only is in effect.
- Packet trace of ICMP packets now include the ICMP ID and sequence number
by default.
- [NSE] Fixed various NSEDoc bugs
- [Zenmap] Zenmap now understands the NMAP_PRIVILEGED and NMAP_UNPRIVILEGED
environment variables.
- Added an ncat_assert macro.
- Added nmap-fo.xsl to convert Nmap XML into XSL-FO, which can be converted
into PDF using tools suck as Apache FOP.
- Increased the number of slack file descriptors not used during connect
scan.
- Changed the --webxml XSL stylesheet to point to the new location of
nmap.xsl in the new repository (https://svn.nmap.org/nmap/docs/nmap.xsl).
- [NSE] The vulnerability library can now preserve vulnerability information
across multiple ports of the same host.
- Removed the undocumented -q option, which renamed the nmap process to
something like "pine".
- Moved the Japanese man page from man1/jp to man1/ja. JP is a country code
while JA is a language code.
- [Nsock] Reworked the logging infrastructure to make it more flexible and
consistent.
- [NSE] Fixed scripts using unconnected UDP sockets.
- Made some changes to Ndiff to reduce parsing time when dealing with large
Nmap XML output files.
- [Zenmap] Fixed a crash that could be caused by opening the About dialog,
using the window manager to close it, and opening it again.
- [Ncat] Made test-addrset.sh exit with nonzero status if any tests
fail.
- Fixed compilation with --without-liblua.
- Fixed CRC32c calculation (as used in SCTP scans) on 64-bit
platforms.
- [NSE] Added multicast group name output to broadcast-igmp-discovery.nse.
- [NSE] Added new fingerprints for http-enum: Sitecore, Moodle, typo3,
SquirrelMail, RoundCube.
- Packaging changes:
* remove nmap-ncat-fail-test-addrset.patch, committed upstream
* ja locale was corrected upstream
- add verification of gpg signatures of source tarballs
- run available unit tests
- add nmap-ncat-fail-test-addrset.patch to make ncat tests effective
- add nmap-ncat-skip-network-tests.patch to skip tests requiring
name resolution
- update to 6.25
+ add 373 IPv4 OS fingerprints and improve existing fingerprints
+ add more than 400 service/version detection fingerprints
+ integrate latest IPv6 OS submissions and corrections
+ Enabled support for IPv6 traceroute using UDP, SCTP, and IPProto
(Next Header) probes.
+ Scripts can now return a structured name-value table so that results
are query-able from XML output. Scripts can return a string as
before, or a table, or a table and a string. In this last case, the
table will go to XML output and the string will go to screen output.
+ Ncat: Added support for Unix domain sockets. The new -U and
--unixsock options activate this mode.
+ removal of Windows dependencies reduces size of source tarball
+ Replaced old RPC grinder with NSE-based implementation
+ Updated Nmap Scripting Engine to use Lua 5.2
+ Added 85 NSE scripts
+ Added 12 new protocol libraries:
* ajp (Apache JServ Protocol)
* base32 (Base32 encoding/decoding - RFC 4648)
* bjnp (Canon BJNP printer/scanner discovery protocol)
* cassandra (Cassandra database protocol)
* eigrp (Cisco Enhanced Interior Gateway Routing Protocol)
* gps (Global Positioning System - does GPRMC NMEA decoding)
* ipp (CUPS Internet Printing Protocol)
* isns (Internet Storage Name Service)
* jdwp (Java Debug Wire Protocol)
* mobileme (a service for managing Apple/Mac devices)
* ospf (Open Shortest Path First routing protocol)
* rdp (Remote Desktop Protocol)
+ added more Common Platform Enumeration (CPE) identifiers
+ Scans that use OS sockets (including TCP connect scan, version
detection, and script scan) now use the SO_BINDTODEVICE sockopt on
Linux, so that the -e (select network device) option is
honored.
+ [Zenmap] Host filters can now do negative matching, for example you
can use "os:!linux" to match hosts NOT detected as Linux.
+ further minor improvements and bug fixes as listed in
http://nmap.org/changelog.html
- for openSUSE releases where lua 5.2 is available, build with that
library, otherwise use the library that comes with the sources
- add tests for the correct system or included libraries
- refresh nmap-4.75-nostrip.patch
- refresh su-to-zenmap.patch
- update manpages glob to fix Factory build
- update to upstream 6.0.1
* fix a zenmap a crash that happened when activating the host filter.
* fix finding network interfaces if one of them is in monitor mode
* fixx greppable output of hosts that time-out
- update to upstream 6.00
* enhanced Nmap Scripting Engine
* Better Web Scanning
* Full IPv6 Support
* New NPing Tool
* Better Zenmap GUI & results viewer
* Faster scans
* for a full list of changes see http://nmap.org/6/#changes and
http://nmap.org/changelog.html
- refresh nmap-4.00-libpcap-filter.diff
- as nmap is built with the inluded and stripped nmap-libdnet-1.12,
remove system libdnet as build requirement
- Update to nmap-5.61TEST5
- refresh nmap-4.00-libpcap-filter.diff for moved source lines
- refresh nmap-4.00-noreturn.diff for moved source lines
- refresh nmap-4.75-nostrip.patch for moved source lines
- update nmap-5.00-desktop_files.patch
to nmap-5.61-desktop_files.patch for change source
- update su-to-zenmap.patch for moved source lines
- Conditionally change lua-devel BuildRequires to lua51-devel on
openSUSE > 12.1. The code is not yet ready for lua 5.2.
- Fixed a run Zenmap as sudo in KDE and GNOME
- Update to nmap 5.61-xxx branch, changelog too long, see NEWS
for details.
- Add a new subpackage "nping"
- drop no-md2.patch already in upstream.
- add nmap-5.21-gnomesu.patch (fixed bnc#613847)
- spec file clean up to build on SLE and openSUSE < 11.3
- update to 5.21
* Dramatically improved the version detection database, integrating
2,596 submissions that users contributed since February 3, 2009!
* bugfixes
- disable md2 in the scripting language (no longer supplied
by default openssl)
- fixed bnc#528581
- Pascal updated to 5.00 with way too many changes to list them,
see /usr/share/doc/packages/nmap/CHANGELOG
- introduce ncat and ndiff packages providing tools for nmap scans
- use new python macros
- remove strip so we have debuginfos
- Update to 4.75
* [Zenmap] Added a new Scan Topology system.
* [Zenmap] Another exciting new Zenmap feature is Scan
Aggregation.
* [Zenmap] Added a context-sensitive help system to the Profile
Editor.
* Expanded nmap-services to include information on how frequently
each port number is found open.
* Nmap now scans the most common 1,000 ports by default in either
protocol (UDP scan is still optional).
* Nmap fast scan (-F) now scans the top 100 ports by default in
either protocol.
* The --top-ports option lets you specify the number of ports you
wish to scan in each protocol, and will pick the most popular
ports for you based on the new frequency data.
* integrated all of the OS detection fingerprint and correction
submissions
- rename nmap-gtk subpackage to zenmap
- update to version 4.68
* Too many changes to list, see http://nmap.org/changelog.html
- update to version 4.60 tons of bugfixes, see http://nmap.org/changelog.html
- Wrong files for package nmap in openSUSE:Factory [BNC #369021]
- We have to buildrequire lua-devel, otherwise bundled is used
- fix packaging issues
- update to version 4.53 which
o Added UPnP-info NSE script. It gathers information from the
UPnP service (UDP port 1900) which listens on many network
devices such as routers, printers, and networked media players.
o Fix a lot of Bugs
o The Nmap Scripting Engine (NSE) now supports run-time interaction
and the Nmap --host-timeout option.
- changed libpcap to libpcap-devel in BuildRequires
- change last patch to build
- fix build bug
- update to version 4.20 which
o Integrated the latest OS fingerprint submissions
o Fix Bugs
- GNOME moved to /usr
- build against system provided libdnet
- update to version 4.11 which
o Added a dozens of more detailed SSH version detection
signatures
o Fixed the Nmap Makefile
o Fixed a compilation problem on solaris and possibly other
platforms.
o Applied a patch which helps with HP-UX compilation by linking
in the nm library (-lnm
o Added version detection probes for detecting the Nessus daemon.
- Reduce BuildRequires.
- update to 4.0 final. Only some metadata updates
- added pcre-devel to buildrequires
- updated to 3.999 which includes:
o Upgraded the included LibPCRE from version 6.3 to 6.4.
o Integrated all remaining 2005 service submissions.
o Added run time interaction
o Reverse DNS resolution is now done in parallel
o Added the --badsum option, which causes Nmap to use invalid TCP or
UDP checksums for packets sent to target hosts.
o More excellent NmapFE patches from Priit Laes
o Added --max_retries option
o Many of the Nmap low-level timing options take a value in
milliseconds.
o Made some changes to allow source port zero scans (-g0).
- converted neededforbuild to BuildRequires
- 3.95 update
- 3.93 update (fixes #129227)
- fix specfile
- fix C++ Problem with gcc 4.1
- fix Makefile.in to use RPM_OPT_FLAGS
- Update to nmap-3.90
- use internal pcre to avoid problems with SYN scan
[#104337]
- Don't strip binaries
- Build against system libpcap/libpcre to avoid libpcap bugs
[Bug #98249]
- Moved desktop file, added icon (#73653).
- fix return values of gencode.c.
- Update to nmap-3.81
- Update to nmap-3.80
- Update to nmap-3.77
- Update to nmap-3.75
- Update to nmap-3.70
- Update to nmap-3.55
- Fix accidental deletion of specfile tag
- Add openssl to #nfb in order to enable SSL-scan-through support
- Update to nmap-3.50
- move nmapfe/xnmap to a subpackage nmap-gtk
- make use of openssl
- fix DESTDIR patch
- dont build as root
- Update to version 3.48
- add Categories
- Update to version 3.30
- Update to version 3.28
- Update to nmap-3.27
- Use %defattr
- Update to nmap-3.20
- removed bogus self-provides
- fix neededforbuild
- use BuildRoot
- add missing files to file list
- long awaited version 3.00. News:
* 700 operation systems + network devices in fingerprint database
* uptime scan
* XML output
* all references to God in error messages are capitalized
added filter.dif security fix for homegrown libpcap.
- new version 2.54BETA30.
- fixed specfile to build (suse_update_config before autoconf)
- update to 2.54BETA22
- Add %suse_update_config.
- fixed inet_aton detection
- fix neededforbuild
- update to 2.53, move /usr/lib/nmap to /usr/share/nmap
- Version 2.3BETA14. Move manpage to /usr/share/man
- update to version 2.3BETA6
- new version 2.12
- ran old prepare_spec on spec file to switch to new prepare_spec.
- new package, version 2.02
OBS-URL: https://build.opensuse.org/package/show/network:utilities/nmap?expand=0&rev=136
2024-07-26 09:34:37 +00:00
|
|
|
%{_bindir}/su-to-zenmap.sh
|
|
|
|
|
%dir %{python_sitelib}/zenmapCore
|
|
|
|
|
%{python_sitelib}/zenmapCore/*.py{c,}
|
|
|
|
|
%{python_sitelib}/zenmapCore/__pycache__
|
|
|
|
|
%dir %{python_sitelib}/zenmapCore/data
|
|
|
|
|
%{python_sitelib}/zenmapCore/data/{config,docs,misc,pixmaps}
|
|
|
|
|
%dir %{python_sitelib}/zenmapCore/data/locale
|
|
|
|
|
%dir %{python_sitelib}/zenmapCore/data/locale/*
|
|
|
|
|
%dir %{python_sitelib}/zenmapCore/data/locale/*/LC_MESSAGES
|
|
|
|
|
%{python_sitelib}/zenmapCore/data/locale/xgettext-profile_editor.py
|
|
|
|
|
%{python_sitelib}/zenmapCore/data/locale/__pycache__/*
|
2009-08-13 01:16:26 +00:00
|
|
|
%{python_sitelib}/zenmapGUI
|
|
|
|
|
%{python_sitelib}/radialnet
|
2008-09-13 04:00:48 +00:00
|
|
|
%{_datadir}/applications/zenmap-root.desktop
|
|
|
|
|
%{_datadir}/applications/zenmap.desktop
|
- Update to 7.95:
* Integrated over 4,000 of your IPv4 OS fingerprints. Added 336 signatures,
bringing the new total to 6,036. Additions include iOS 15 & 16, macOS
Ventura & Monterey, Linux 6.1, OpenBSD 7.1, and lwIP 2.2
* Integrated over 2,500 service/version detection fingerprints. The signature
count went up 1.4% to 12,089, including 9 new softmatches. We now detect
1,246 protocols, including new additions of grpc, mysqlx, essnet,
remotemouse, and tuya.
* Added four new scripts from the DINA community for querying industrial
control systems
* Improvements to OS detection fingerprint matching, including a syntax
change for nmap-os-db that allows ranges within the TCP Options
string. This leads to more concise and maintainable fingerprints. [Daniel
Miller]
* Improved the OS detection engine by using a new source port for each retry.
Scans from systems such as Windows that do not send RST for unsolicited
SYN|ACK responses were previously unable to get a response in subsequent
tries. [Daniel Miller]
* Several profile-guided optimizations of the port scan engine. [Daniel Miller]
* Upgraded included libraries: Lua 5.4.6, libpcre2 10.43, zlib 1.3.1, libssh2
1.11.0, liblinear 2.47
* Zenmap and Ndiff now use setuptools, not distutils
for packaging.
* Fixed Ncat UDP server mode to not quit after EOF on
stdin.
* ssh-auth-methods will now print the pre-authentication banner text
when available. Requires libssh2 1.11.0 or later. [Daniel Miller]
* Fix a crash in Zenmap when changing a host comment.
* Fix TLS 1.2 signature algorithms for EdDSA. [Daniel Roethlisberger]
* Fix an out-of-bounds read which led to out-of-memory errors when
duplicate addresses were used with --exclude
* Fixed a memory leak in Nsock: compiled pcap filters were not freed.
* Fixed a crash when using service name wildcards with -p, as in -p "http*"
* Fixed DNS TXT record parsing bug which caused asn-query to fail in
Nmap 7.80 and later. [David Fifield, Mike Pattrick]
* Fixed packet size testing in KNX scripts [f0rw4rd]
- Remove nmap-7.94-handle-unknown-service-name-in-p.patch
- Add zenmap-fix-locale-install.patch
* Fix locale files installation for zenmap
- Use %pyproject macros for building and installing zenmap
- fix segfault with -p (boo#1221403)
add nmap-7.94-handle-unknown-service-name-in-p.patch
- Update License to 'SUSE-NonFree" until determined otherwise
to please checks in openSUSE:Factory:NonFree (boo#1211571)
- Fix build error and wrong requires. Lua version 5.4.4 is required.
But something in opensuse lua package is broken. Set it disable for
Leap too and not only for Tumbleweed.
- Update to 7.94:
* Zenmap and Ndiff now use Python 3
* Nmap now prints vendor names based on MAC address for MA-S (24-bit),
MA-M (28-bit), and MA-L (36-bit) registrations instead of the fixed
3-byte MAC prefix used previously for lookups.
* Lots of profile-guided memory and processing improvements for Nmap,
including OS fingerprint matching, probe matching and retransmission
lookups for large hostgroups, and service name lookups.
* Integrated many of the most-submitted IPv4 OS fingerprints for recent
versions of Windows, iOS, macOS, Linux, and BSD.
* Added the tftp-version script which requests a nonexistent file from a
TFTP server and matches the error message to a database of known software.
* Ncat can now accept "connections" from multiple UDP hosts in listen mode
with the --keep-open option. This also enables --broker and --chat via UDP.
* Upgrade included libraries: zlib 1.2.13, Lua 5.4.4, libpcap 1.10.4
* UDP port scan (-sU) and version scan (-sV) now both use the same data source,
nmap-service-probes, for data payloads. Previously, the nmap-payloads file
was used for port scan.
* Nmap's service scan (-sV) can now probe the UDP service behind a DTLS tunnel,
the same as it already does for TCP services with SSL/TLS encryption.
* Ncat in listen mode with --udp --ssl will use DTLS to secure incoming connections.
* Handle Internationalized Domain Names (IDN) like Яндекс.рф on platforms
where getaddrinfo supports the AI_IDN flag. [Daniel Miller]
* Improved DNS domain name parsing to avoid recursion and enforce name length
limits, avoiding a theoretical stack overflow issue with certain crafted
DNS server responses.
- Update License to 'LicenseRef-NPSL-0.95'
- The package is licenced under the ""Nmap Public Source License",
which is not OSI approved. Specify as "LicenseRef-NPSL-0.93".
(boo#1211571)
- Update to 7.93:
* This release commemorates Nmap's 25th anniversary! It all started with this September 1, 1997 Phrack article by Fyodor: https://nmap.org/p51-11.html.
* Ensure Nmap builds with OpenSSL 3.0 using no deprecated API functions. Binaries for this release include OpenSSL 3.0.5.
* Upgrade included libraries: libssh2 1.10.0, zlib 1.2.12, Lua 5.3.6, libpcap 1.10.1
* Fix a bug that prevented Nmap from discovering interfaces on Linux when no IPv4 addresses were configured.
* NSE "exception handling" with nmap.new_try() will no longer result in a stack traceback in debug output
* Update the Nmap output DTD to match actual output since the `<hosthint>` element was added in Nmap 7.90.
* Fix newtargets support: since Nmap 7.92, scripts could not add targets in script pre-scanning phase.
* Scripts dhcp-discover and broadcast-dhcp-discover now support setting a client identifier.
* Script oracle-tns-version was not reporting the version correctly for Oracle 19c or newer
* Script redis-info was crashing or producing inaccurate information about client connections and/or cluster nodes.
* Script ipidseq was broken due to calling an unreachable library function.
* Support for EC crypto was not properly enabled if Nmap was compiled with OpenSSL in a custom location.
* Improvements to event handling and pcap socket garbage collection, fixing potential hangs and crashes.
* Fix TDS7 password encoding for mssql.lua, which had been assuming ASCII input even though other parts of the library had been passing it Unicode.
* Replace deprecated CPEs for IIS with their updated identifier, cpe:/a:microsoft:internet_information_services
* Fix script-terminating error when unknown BSON data types are encountered. Added parsers for most standard data types.
* Fix hostname/certificate comparison and matching to handle ASN.1 strings without null terminators, a similar bug to OpenSSL's CVE-2021-3712.
* Added support for SOCKS5 proxies that return bind addresses as hostnames, instead of IPv4/IPv6 addresses.
- Do not build with python2 support for SLE15-SP4, bsc#1190997
- Tumbleweed is not affected by the following SLE issues:
* bsc#1148742, CVE-2017-18594
* bsc#1135350
* bsc#1133512
- Update to 7.92:
* TLS 1.3 now supported by most scripts for which it is relevant
* Other bugfixes and improvements
* https://nmap.org/changelog.html#7.92
- Also guard the python-devel BuildRequires if we're building for Python 2
- update to 7.91:
* Rectify error "time result cannot be represented" in the AFP
library
* Support setting the SNMP protocol version in via snmp.version
* Fix MySQL library not properly parsing responses
* mysql-audit now defaults to the bundled mysql-cis.audit for
the audit rule base
- update to 7.90:
* New fingerprints for better OS and service/version detection
* 3 new NSE scripts, new protocol libraries and payloads for host discovery,
port scanning and version detection
* 70+ smaller bug fixes and improvements
* Build system upgrades and code quality improvements
- drop netmask_negativ_bitshift.patch (obsolete)
- fix typo in description
- Update to 7.80:
* 11 new NSE scripts
* Added AF_VSOCK (Linux VM sockets) functionality to Nsock and Ncat
* Deprecate and disable the -PR (ARP ping) host discovery option. ARP ping is
already used whenever possible.
* Temporary RSA keys are now 2048-bit to resolve a compatibility issue with
OpenSSL library configured with security level 2.
* See https://nmap.org/changelog#7.80 for the complete changelog.
- Removed patches included upstream:
* nmap-7.70-CVE-2018-15173_pcre_limits.patch
* nmap-7.70-fix_infinite_loop.patch
- Added netmask_negativ_bitshift.patch to fix netmask calculation for certain
architectures.
- add nmap-7.70-fix_infinite_loop.patch to fix infinite loop in
tls-alpn when server is forcing a protocol [bsc#1143277]
- add nmap-7.70-CVE-2018-15173_pcre_limits.patch to reduce LibPCRE
resource limits so that version detection can't use as much of
the stack. Previously Nmap could crash when run on low-memory
systems against target services which are intentionally or
accidentally difficult to match [bsc#1104139] [CVE-2018-15173].
- Trim filler wording from description.
- Trim idempotent %if..%endif blocks.
- Explicitly request bash for bashisms in %install.
- don't build zenmap and ndiff python2 subpackages because of the
python2 deprecation in Tumbleweed
- run spec-cleaner
- tweak Summaries and Descriptions
- Update to 7.70:
* 14 new NSE scripts
* iec-identify probes for the IEC 60870-5-104 SCADA protocol
* ssh-brute performs brute-forcing of SSH password credentials
* See https://nmap.org/changelog.html#7.70 for the complete changelog.
- Nmap 7.60:
* NSE scripts now have complete SSH support via libssh2
* Added 14 NSE scripts from 6 authors, bringing the total up to 579!
* See https://nmap.org/changelog.html#7.60 for the complete changelog.
- Nmap 7.50:
* Integrated all of your service/version detection fingerprints
submitted from September to March (855 of them). The signature
count went up 2.9% to 11,418. We now detect 1193 protocols from
apachemq, bro, and clickhouse to jmon, slmp, and zookeeper.
Highlights: http://seclists.org/nmap-dev/2017/q2/140
* Many added NSE scripts, OS fingerprints, service probes
* See https://nmap.org/changelog.html#7.50 for the complete changelog.
- Nmap 7.40:
* Many added NSE scripts, OS fingerprints, service probes
* New option --defeat-icmp-ratelimit dramatically reduces UDP
scan times in exchange for labeling unresponsive
(and possibly open) ports as "closed|filtered".
* New NSE library, geoip.lua, provides a common framework for
storing and retrieving IP geolocation results.
* See https://nmap.org/changelog.html#7.40 for the complete
changelog.
- Refresh nmap-5.61-desktop_files.patch as
nmap-7.40-desktop_files.patch
- Nmap 7.31:
* Fix the way Nmap handles scanning names that resolve to the
same IP
* Zenmap: Better visual indication that display of hostname is
tied to address in the Topology page
- Nmap 7.30:
* Many added NSE scripts, OS fingerprints, service probes
* Improved output filtering
* Using Lua 5.3
* Many bug fixes, improvements and performance enhancements
- Nmap 7.12:
* Zenmap: Avoid file corruption in zenmap.conf
* NSE: VNC updates
* NSE: Add STARTTLS support for VNC, NNTP, and LMTP
* Add new service probes and match lines for OpenVPN
- Nmap 7.11:
* Add support for diffie-hellman-group-exchange-* SSH key
exchange methods to ssh2.lua, allowing ssh-hostkey to run on
servers that only support custom Diffie-Hellman groups.
* Add support in sslcert.lua for Microsoft SQL Server's TDS
protocol, so you can now grab certs with ssl-cert or check
ciphers with ssl-enum-ciphers.
* Fix crashes in Zenmap
- Nmap 7.10:
* Add 12 NSE scripts
* Integrate OS, service/version detection fingerprint submissions
* Updated to various NSE scripts
* Zenmap: Remember window geometry (position and size) from the
previous time Zenmap was run.
* Give option parsing errors after the long usage statement
* Changed Nmap's idea of reserved and private IP addresses to include
169.254/16 (RFC3927) and remove 6/8, 7/8, and 55/8 networks
(for -iR randomly generated targets)
Usage of own exclusion lists with --exclude or --exclude-file is
recommended to avoid scanning newly-valid addresses belonging to
the US DoD.
* Allow the -4 option for Nmap to indicate IPv4 address family.
* Add verbosity level of 0 (-v0): not text output
- Nmap 7.01:
* various bug fixes in NSE
- Nmap 7.00:
* see /usr/share/doc/packages/nmap/CHANGELOG
- removed patches:
* nmap-4.00-noreturn.diff
* nmap-6.00-libpcap-filter.diff
not needed since we do not build against the bundled libpcap
- updated patch:
* nmap-ncat-skip-network-tests.patch
- Unbreak everything not Factory
- Fix the build for Factory. Insist on lua 5.2.x
- BuildRequire lua52-devel on openSUSE > 13.2 (current Tumbleweed):
nmap has not been ported to LUA 5.3 yet.
- Minor fix in check session: internal lua identifies itself as
5.2.3 by now.
- fix build on SLE 12 by removing gpg-offline dependency
- run spec-cleaner
- Nmap 6.47:
* updated IPv4 OS fingerprints
* Removed the External Entity Declaration from the DOCTYPE in
Nmap's XML. The doctype is now: <!DOCTYPE nmaprun>
* Ncat: Fixed SOCKS5 username/password authentication
* Avoid formatting NULL as "%s" when running nmap --iflist
* Zenmap, Ndiff: Avoid crashing with old PyXML package
* Handle ICMP admin-prohibited messages when doing service version
detection.
* NSE: Fix a bug causing http.head to not honor redirects.
* Zenmap: Fix a bug in DiffViewer causing a crash
- fix self-obsoletion of zenmap (nmap-gtk)
- Nmap 6.46
- NSE:
* Made numerous improvements to ssl-heartbleed to provide
more reliable detection of the vulnerability
* Fix some bugs which could cause snmp-ios-config and
snmp-sysdescr scripts to crash
* Improved performance of citrixlua library when handling large
XML responses containing application lists
- Zenmap:
* Fixed a bug which caused this crash message: "IOError:
[Errno socket error] [Errno 10060] A connection attempt
failed [...]" due to DOCTYPE definition to Nmap's XML output
- Nmap 6.45
- NSE:
* Add ssl-heartbleed script to detect the Heartbleed OpenSSL bug
* Fixed an error-handling bug in socks-open-proxy that caused it
to fail when scanning a SOCKS4-only proxy
* Improved ntp-info script to handle underscores in returned
data
* Add quake1-info script for retrieving server and player
information from Quake 1 game servers
* Add unicode library for decoding and encoding UTF-8, UTF-16,
CP437 and other character sets to Unicode code points. Scripts
that previously just added or skipped nulls in UTF-16 data can
use this to support non-ASCII characters
* When doing a ping scan (-sn), the --open option will prevent down
hosts from being shown when -v is specified. This aligns with
similar output for othe rscan types
* Add http-ntlm-info script for getting server information from
Web servers that require NTLM authentication
* Added tls library for functions related to SSLv3 and TLS
messages. Existing ssl-enum-ciphers, ssl-date, and
tls-nextprotoneg scripts were updated to use this library
* Add sstp-discover script to discover Microsoft's Secure Socket
Tunnelling Protocol
* Added unittest library and NSE script for adding unit tests to
NSE libraries
* Added allseeingeye-info script
* Add freelancer-info script
* Add http-server-header script
* Add rfc868-time script
* Add weblogic-t3-info script
* Removed a fixed value (28428) which was being set for the Request
ID in the snmpWalk library function
* Add http-iis-short-name-brute script
* Add http-dlink-backdoor
* Made telnet-brute support multiple parallel guessing threads
* Made the table returned by ssh1.fetch_host_key contain a "key"
element, like that of ssh2.fetch_host_key
* Update dns-cache-snoop script to use a new list of top 50
domains rather than a 2010 list
* Added the qconn-exec script
- Ncat:
* Added support for socks5 and corresponding regression tests.
* Fixed compilation when --without-liblua is specified
* Added NCAT_PROTO, NCAT_REMOTE_ADDR, NCAT_REMOTE_PORT,
NCAT_LOCAL_ADDR and NCAT_LOCAL_PORT environment variables being
set in all --*-exec child processes.
- Nsock:
* Handle timers and timeouts via a priority queue
- Various:
* Added TCP support to dns.lua
* Added safe fd_set operations. This makes nmap fail gracefully
instead of crashing when the number of file descriptors grows
over FD_SETSIZE
* Updated bundled liblua from 5.2.2 to 5.2.3 (bugfix release)
* Added version detection signatures and probes for a bunch of
Android remote mouse/keyboard servers, including AndroMouse,
AirHID, Wifi-mouse, and RemoteMouse.
* Fixed a bug with UDP checksum calculation
* Idle scan now supports IPv6
* The ICMP ID of ICMP probes is now matched against the sent ICMP
ID to reduce the chance of false matches
- Zenmap:
* Fixed a crash that would happen when you entered a search
term starting with a colon
- add missing python-gtk dependency for zenmap [bnc#752158]
- update to 6.40
- [Ncat] Added --lua-exec
- new and updated IPv4 OS fingerprints
- new and updated IPv6 OS fingerprints
- new and updated service/version fingerprints
- [Nsock] Added initial proxy support to Nsock
- [NSE] Added 14 NSE scripts
- Updated the Nmap license terms, still GPL-2.0+
https://svn.nmap.org/nmap/COPYING.
- [NSE] fix possibility of writing arbitrary file to client system
when using the http-domino-enum-passwords script with the
domino-enum-passwords.idpath parameter against a malicious server
- Unicast CIDR-style IPv6 range scanning is now supported
- It's now possible to mix IPv4 range notation with CIDR netmasks in
target specifications.
- Timeout script-args are now standardized to use the timespec that
Nmap's command-line arguments take (5s, 5000ms, 1h, etc.)
- Nmap may now partially rearrange its target list for more efficient
host groups.
- [Ncat] The -i option (idle timeout) now works in listen mode as well as
connect mode.
- [Ncat] Ncat now support chained certificates with the --ssl-cert
option.
- [Nping] Nping now checks for a matching ICMP ID on echo replies
- [NSE] The ipOps.isPrivate library now considers the deprecated
site-local prefix fec0::/10 to be private.
- Nmap's routing table is now sorted first by netmask, then by metric.
- Routes are now sorted to prefer those with a lower metric.
- Fixed a byte-ordering problem on little-endian architectures when doing
idle scan with a zombie that uses broken ID increments.
- Stop parsing TCP options after reaching EOL in libnetutil.
- [NSE] The dns-ip6-arpa-scan script now optionally accepts "/" syntax for
a network mask
- Fixed our NSEDoc system for UTF-8 names
- UDP protocol payloads were added for detecting the Murmer service
- [NSE] Added http-phpmyadmin-dir-traversal
- Fixed address matching for SCTP (-PY) ping
- Removed some non-ANSI-C strftime format strings ("%F") and
locale-dependent formats ("%c") from NSE scripts and libraries.
- [Zenmap] Improved internationalization support
- [Zenmap] Fixed internationalization files
- [NSE] Updated the included Liblua from version 5.2.1 to 5.2.2.
- [Nsock] Added a minimal regression test suite for Nsock.
- [NSE] Updated the redis-brute and redis-info scripts to work against
the latest versions of redis server
- [Ncat] Fixed errors in connecting to IPv6 proxies.
- [NSE] Updated hostmap-bfk to work with the latest version of their website
- [NSE] Added XML structured output support to:
+ xmpp-info, irc-info, sslv2, address-info
+ hostmap-bfk, hostmap-robtex, hostmap-ip2hosts.
+ http-git.nse.
- Added new service probes for:
+ Erlang distribution nodes
+ Minecraft servers.
+ Hazelcast data grid.
- [NSE] Rewrote telnet-brute for better compatibility with a variety of
telnet servers.
- Fixed a regression that changed the number of delimiters in machine
output.
- Fixed a regression in broadcast-dropbox-listener which prevented it from
producing output.
- Handle ICMP type 11 (Time Exceeded) responses to port scan probes.
- Add new decoders (BROWSER, DHCP6 and LLMNR) to broadcast-listener and
changed output of some of the decoders slightly.
- Namespace the pipes used to communicate with subprocesses by PID, to avoid
multiple instances of Ncat from interfering with each other.
- [NSE] Changed ip-geolocation-geoplugin to use the web service's new output
format.
- Limited the number of open sockets in ultra_scan to FD_SETSIZE.
- Fixed a bug that prevented Nmap from finding any interfaces when one of
them had the type ARP_HDR_APPLETALK
- [Ncat] Ncat now keeps running in connect mode after receiving EOF from the
remote socket, unless --recv-only is in effect.
- Packet trace of ICMP packets now include the ICMP ID and sequence number
by default.
- [NSE] Fixed various NSEDoc bugs
- [Zenmap] Zenmap now understands the NMAP_PRIVILEGED and NMAP_UNPRIVILEGED
environment variables.
- Added an ncat_assert macro.
- Added nmap-fo.xsl to convert Nmap XML into XSL-FO, which can be converted
into PDF using tools suck as Apache FOP.
- Increased the number of slack file descriptors not used during connect
scan.
- Changed the --webxml XSL stylesheet to point to the new location of
nmap.xsl in the new repository (https://svn.nmap.org/nmap/docs/nmap.xsl).
- [NSE] The vulnerability library can now preserve vulnerability information
across multiple ports of the same host.
- Removed the undocumented -q option, which renamed the nmap process to
something like "pine".
- Moved the Japanese man page from man1/jp to man1/ja. JP is a country code
while JA is a language code.
- [Nsock] Reworked the logging infrastructure to make it more flexible and
consistent.
- [NSE] Fixed scripts using unconnected UDP sockets.
- Made some changes to Ndiff to reduce parsing time when dealing with large
Nmap XML output files.
- [Zenmap] Fixed a crash that could be caused by opening the About dialog,
using the window manager to close it, and opening it again.
- [Ncat] Made test-addrset.sh exit with nonzero status if any tests
fail.
- Fixed compilation with --without-liblua.
- Fixed CRC32c calculation (as used in SCTP scans) on 64-bit
platforms.
- [NSE] Added multicast group name output to broadcast-igmp-discovery.nse.
- [NSE] Added new fingerprints for http-enum: Sitecore, Moodle, typo3,
SquirrelMail, RoundCube.
- Packaging changes:
* remove nmap-ncat-fail-test-addrset.patch, committed upstream
* ja locale was corrected upstream
- add verification of gpg signatures of source tarballs
- run available unit tests
- add nmap-ncat-fail-test-addrset.patch to make ncat tests effective
- add nmap-ncat-skip-network-tests.patch to skip tests requiring
name resolution
- update to 6.25
+ add 373 IPv4 OS fingerprints and improve existing fingerprints
+ add more than 400 service/version detection fingerprints
+ integrate latest IPv6 OS submissions and corrections
+ Enabled support for IPv6 traceroute using UDP, SCTP, and IPProto
(Next Header) probes.
+ Scripts can now return a structured name-value table so that results
are query-able from XML output. Scripts can return a string as
before, or a table, or a table and a string. In this last case, the
table will go to XML output and the string will go to screen output.
+ Ncat: Added support for Unix domain sockets. The new -U and
--unixsock options activate this mode.
+ removal of Windows dependencies reduces size of source tarball
+ Replaced old RPC grinder with NSE-based implementation
+ Updated Nmap Scripting Engine to use Lua 5.2
+ Added 85 NSE scripts
+ Added 12 new protocol libraries:
* ajp (Apache JServ Protocol)
* base32 (Base32 encoding/decoding - RFC 4648)
* bjnp (Canon BJNP printer/scanner discovery protocol)
* cassandra (Cassandra database protocol)
* eigrp (Cisco Enhanced Interior Gateway Routing Protocol)
* gps (Global Positioning System - does GPRMC NMEA decoding)
* ipp (CUPS Internet Printing Protocol)
* isns (Internet Storage Name Service)
* jdwp (Java Debug Wire Protocol)
* mobileme (a service for managing Apple/Mac devices)
* ospf (Open Shortest Path First routing protocol)
* rdp (Remote Desktop Protocol)
+ added more Common Platform Enumeration (CPE) identifiers
+ Scans that use OS sockets (including TCP connect scan, version
detection, and script scan) now use the SO_BINDTODEVICE sockopt on
Linux, so that the -e (select network device) option is
honored.
+ [Zenmap] Host filters can now do negative matching, for example you
can use "os:!linux" to match hosts NOT detected as Linux.
+ further minor improvements and bug fixes as listed in
http://nmap.org/changelog.html
- for openSUSE releases where lua 5.2 is available, build with that
library, otherwise use the library that comes with the sources
- add tests for the correct system or included libraries
- refresh nmap-4.75-nostrip.patch
- refresh su-to-zenmap.patch
- update manpages glob to fix Factory build
- update to upstream 6.0.1
* fix a zenmap a crash that happened when activating the host filter.
* fix finding network interfaces if one of them is in monitor mode
* fixx greppable output of hosts that time-out
- update to upstream 6.00
* enhanced Nmap Scripting Engine
* Better Web Scanning
* Full IPv6 Support
* New NPing Tool
* Better Zenmap GUI & results viewer
* Faster scans
* for a full list of changes see http://nmap.org/6/#changes and
http://nmap.org/changelog.html
- refresh nmap-4.00-libpcap-filter.diff
- as nmap is built with the inluded and stripped nmap-libdnet-1.12,
remove system libdnet as build requirement
- Update to nmap-5.61TEST5
- refresh nmap-4.00-libpcap-filter.diff for moved source lines
- refresh nmap-4.00-noreturn.diff for moved source lines
- refresh nmap-4.75-nostrip.patch for moved source lines
- update nmap-5.00-desktop_files.patch
to nmap-5.61-desktop_files.patch for change source
- update su-to-zenmap.patch for moved source lines
- Conditionally change lua-devel BuildRequires to lua51-devel on
openSUSE > 12.1. The code is not yet ready for lua 5.2.
- Fixed a run Zenmap as sudo in KDE and GNOME
- Update to nmap 5.61-xxx branch, changelog too long, see NEWS
for details.
- Add a new subpackage "nping"
- drop no-md2.patch already in upstream.
- add nmap-5.21-gnomesu.patch (fixed bnc#613847)
- spec file clean up to build on SLE and openSUSE < 11.3
- update to 5.21
* Dramatically improved the version detection database, integrating
2,596 submissions that users contributed since February 3, 2009!
* bugfixes
- disable md2 in the scripting language (no longer supplied
by default openssl)
- fixed bnc#528581
- Pascal updated to 5.00 with way too many changes to list them,
see /usr/share/doc/packages/nmap/CHANGELOG
- introduce ncat and ndiff packages providing tools for nmap scans
- use new python macros
- remove strip so we have debuginfos
- Update to 4.75
* [Zenmap] Added a new Scan Topology system.
* [Zenmap] Another exciting new Zenmap feature is Scan
Aggregation.
* [Zenmap] Added a context-sensitive help system to the Profile
Editor.
* Expanded nmap-services to include information on how frequently
each port number is found open.
* Nmap now scans the most common 1,000 ports by default in either
protocol (UDP scan is still optional).
* Nmap fast scan (-F) now scans the top 100 ports by default in
either protocol.
* The --top-ports option lets you specify the number of ports you
wish to scan in each protocol, and will pick the most popular
ports for you based on the new frequency data.
* integrated all of the OS detection fingerprint and correction
submissions
- rename nmap-gtk subpackage to zenmap
- update to version 4.68
* Too many changes to list, see http://nmap.org/changelog.html
- update to version 4.60 tons of bugfixes, see http://nmap.org/changelog.html
- Wrong files for package nmap in openSUSE:Factory [BNC #369021]
- We have to buildrequire lua-devel, otherwise bundled is used
- fix packaging issues
- update to version 4.53 which
o Added UPnP-info NSE script. It gathers information from the
UPnP service (UDP port 1900) which listens on many network
devices such as routers, printers, and networked media players.
o Fix a lot of Bugs
o The Nmap Scripting Engine (NSE) now supports run-time interaction
and the Nmap --host-timeout option.
- changed libpcap to libpcap-devel in BuildRequires
- change last patch to build
- fix build bug
- update to version 4.20 which
o Integrated the latest OS fingerprint submissions
o Fix Bugs
- GNOME moved to /usr
- build against system provided libdnet
- update to version 4.11 which
o Added a dozens of more detailed SSH version detection
signatures
o Fixed the Nmap Makefile
o Fixed a compilation problem on solaris and possibly other
platforms.
o Applied a patch which helps with HP-UX compilation by linking
in the nm library (-lnm
o Added version detection probes for detecting the Nessus daemon.
- Reduce BuildRequires.
- update to 4.0 final. Only some metadata updates
- added pcre-devel to buildrequires
- updated to 3.999 which includes:
o Upgraded the included LibPCRE from version 6.3 to 6.4.
o Integrated all remaining 2005 service submissions.
o Added run time interaction
o Reverse DNS resolution is now done in parallel
o Added the --badsum option, which causes Nmap to use invalid TCP or
UDP checksums for packets sent to target hosts.
o More excellent NmapFE patches from Priit Laes
o Added --max_retries option
o Many of the Nmap low-level timing options take a value in
milliseconds.
o Made some changes to allow source port zero scans (-g0).
- converted neededforbuild to BuildRequires
- 3.95 update
- 3.93 update (fixes #129227)
- fix specfile
- fix C++ Problem with gcc 4.1
- fix Makefile.in to use RPM_OPT_FLAGS
- Update to nmap-3.90
- use internal pcre to avoid problems with SYN scan
[#104337]
- Don't strip binaries
- Build against system libpcap/libpcre to avoid libpcap bugs
[Bug #98249]
- Moved desktop file, added icon (#73653).
- fix return values of gencode.c.
- Update to nmap-3.81
- Update to nmap-3.80
- Update to nmap-3.77
- Update to nmap-3.75
- Update to nmap-3.70
- Update to nmap-3.55
- Fix accidental deletion of specfile tag
- Add openssl to #nfb in order to enable SSL-scan-through support
- Update to nmap-3.50
- move nmapfe/xnmap to a subpackage nmap-gtk
- make use of openssl
- fix DESTDIR patch
- dont build as root
- Update to version 3.48
- add Categories
- Update to version 3.30
- Update to version 3.28
- Update to nmap-3.27
- Use %defattr
- Update to nmap-3.20
- removed bogus self-provides
- fix neededforbuild
- use BuildRoot
- add missing files to file list
- long awaited version 3.00. News:
* 700 operation systems + network devices in fingerprint database
* uptime scan
* XML output
* all references to God in error messages are capitalized
added filter.dif security fix for homegrown libpcap.
- new version 2.54BETA30.
- fixed specfile to build (suse_update_config before autoconf)
- update to 2.54BETA22
- Add %suse_update_config.
- fixed inet_aton detection
- fix neededforbuild
- update to 2.53, move /usr/lib/nmap to /usr/share/nmap
- Version 2.3BETA14. Move manpage to /usr/share/man
- update to version 2.3BETA6
- new version 2.12
- ran old prepare_spec on spec file to switch to new prepare_spec.
- new package, version 2.02
OBS-URL: https://build.opensuse.org/package/show/network:utilities/nmap?expand=0&rev=136
2024-07-26 09:34:37 +00:00
|
|
|
%{python_sitelib}/zenmap-%{version}.dist-info
|
2008-09-13 04:00:48 +00:00
|
|
|
%{_datadir}/pixmaps/zenmap.png
|
2018-05-10 23:07:02 +00:00
|
|
|
%{_mandir}/man1/zenmap.1%{?ext_man}
|
|
|
|
|
|
|
|
|
|
%files -n ndiff
|
|
|
|
|
%{_bindir}/ndiff
|
|
|
|
|
%{_mandir}/man1/ndiff.1%{?ext_man}
|
|
|
|
|
%{python_sitelib}/ndiff.*
|
2023-05-25 08:43:04 +00:00
|
|
|
%pycache_only %{python_sitelib}/__pycache__/ndiff.*
|
2009-08-13 01:16:26 +00:00
|
|
|
|
|
|
|
|
%files -n ncat
|
|
|
|
|
%{_bindir}/ncat
|
2018-05-10 23:07:02 +00:00
|
|
|
%{_mandir}/man1/ncat.1%{?ext_man}
|
2009-08-13 01:16:26 +00:00
|
|
|
%dir %{_datadir}/ncat
|
|
|
|
|
%config(noreplace) %{_datadir}/ncat/ca-bundle.crt
|
|
|
|
|
|
2011-10-17 02:46:15 +00:00
|
|
|
%files -n nping
|
|
|
|
|
%{_bindir}/nping
|
2018-05-10 23:07:02 +00:00
|
|
|
%{_mandir}/man1/nping.1%{?ext_man}
|
2011-10-17 02:46:15 +00:00
|
|
|
|
2007-02-25 22:32:26 +00:00
|
|
|
%changelog
|
