Almost done with CHANGELOG, about to spell check

CHANGELOG

@@ -2,28 +2,20 @@
 
 Nmap 4.85BETA10 [2009-06-12]
 
-o There is a new default ping probe set: -PE -PS443 -PA80 -PP. In
+o The host discovery (ping probe) defaults have been enahanced to
-  exhaustive testing of 90 different probes, this one emerged as the
+  include twice as many probes.  The default is now "-PE -PS443 -PA80
-  best four-probe combination, finding 14% more Internet hosts than
+  -PP". In exhaustive testing of 90 different probes, this emerged as
-  the previous default, -PE -PA80. The default for nonroot users is
+  the best four-probe combination, finding 14% more Internet hosts
-  -PS80,443, replacing the previous default of -PS80. In addition,
+  than the previous default, "-PE -PA80". The default for nonroot
-  ping probes are now sent in order of effectiveness (-PE first) so
+  users is -PS80,443, replacing the previous default of -PS80. In
-  that less likely probes may not have to be sent. [David, Fyodor]
+  addition, ping probes are now sent in order of effectiveness (-PE
+  first) so that less effective probes may not have to be sent. ARP
+  ping is still the default on local ethernet networks. [David,
+  Fyodor]
 
-o [Ncat] Handling of newlines on Windows has been improved. CRLF is
+o Added SCTP port scanning support to Nmap. SCTP is a layer 4 protocol
-  automatically converted to bare LF when input is from the console, but
+  used mostly for telephony related applications.  This brings the
-  not when it is from a pipe or a file. No newline translation is done
+  following new features:
-  on output (it was being done before). This makes it possible to
-  transfer binary files with Ncat on Windows without any corruption,
-  while still being able to interactively ncat into UNIX shells and
-  other processes which require bare newlines. Ncat clients now work
-  the same way on UNIX and Windows in that respect.  For cases where
-  you do want \r\n line endings (such as connections to web and email
-  servers or Windows cmd.exe shells), you can still specify -C. [David]
-
-o Added initial SCTP port scanning support to Nmap.  SCTP is
-  a layer 4 protocol used mostly for telephony related applications.
-  This brings the following new features:
   o SCTP INIT chunk port scan (-sY): open ports return an INIT-ACK
     chunk, closed ones an ABORT chunk.  This is the SCTP equivalent
     of a TCP SYN stealth scan.
@@ -36,6 +28,9 @@ o Added initial SCTP port scanning support to Nmap.  SCTP is
   o The ability to use the deprecated Adler32 algorithm as specified
     in RFC 2960 instead of CRC32C from RFC 4960 (--adler32).
   o 42 well-known SCTP ports were added to the nmap-services file.
+  o The server scanme.csnc.ch has been set up for your SCTP scan
+    testing pleasure. See
+    http://seclists.org/nmap-dev/2009/q2/0669.html.
   Part of the work on SCTP support was kindly sponsored by
   Compass Security AG, Switzerland. [Daniel Roethlisberger]
 
@@ -45,40 +40,25 @@ o [NSE] Added the new script http-iis-webdav-vuln.nse, which detects
   folders without authentication. See
   http://nmap.org/svn/scripts/http-iis-webdav-vuln.nse. [Ron]
 
-o [NSE] Added the imap-capabilities script, which uses the CAPABILITY
-  command to determine the capabilities of a target IMAP mail server.
-  A simple supporting IMAP library was added as well. See
-  http://nmap.org/nsedoc/scripts/imap-capabilities.html. [Brandon]
-
-o Optimized some Nmap version detection match lines for slightly
-  better performance. See
-  http://seclists.org/nmap-dev/2009/q2/0328.html. [Brandon]
-
-o Open Source Press completed and released the German translation of
-  the official Nmap book (Nmap Network Scanning). Learn more at
-  http://nmap.org/book/#translations.
-
-o Nmap RPM packages (x86 and x86-64) are now built with OpenSSL
-  support (statically linked in to avoid dependencies).  They are also
-  now built on CentOS 5.3 for compatability with RHEL, Fedora, and
-  other distributions. Please let us know if you discover any
-  compatability problems (or other issues) with the new RPMs. [Fyodor]
-
 o The Nmap Reference Guide has been translated to German by Open
   Source Press and Indonesian by Tedi Heriyanto. You can now read it
   in 16 langauges at http://nmap.org/docs.html. We're always looking
   for more translations of Nmap and it's documentation--see
   http://seclists.org/nmap-dev/2009/q2/0667.html if you'd like to help.
 
-o [Zenmap] The Topology tab now has a "Save Graphic" button that allows
+o Open Source Press completed and released the German translation of
-  saving the current topology display as PNG, PostScript, PDF, and SVG.
+  the official Nmap book (Nmap Network Scanning). Learn more at
-  [Joao Medeiros, David]
+  http://nmap.org/book/#translations.
 
-o Version detection can now detect Ncat's --chat mode (IPv4 and
+o [NSE] Added the script socks-open-proxy.nse for scanning networks
-  IPv6). [David]
+  for open SOCKS proxy servers. See
+  http://nmap.org/nsedoc/scripts/socks-open-proxy.html. [Joao Correa]
 
-o Changed the default UDP ping port to 40125.  This appears to be a
+o [NSE] http-open-proxy.nse has been updated to attempt HEAD and
-  better port based on tests done by David [Josh Marlow]
+  CONNECT methods as well as previously supported GET method.  It
+  still tries to reach http://www.google.com through the proxy by
+  default, but now also offers an argument for specifying a different
+  URL. [Joao Correa]
 
 o [Ncat] There is a backwards-incompatible change in the way that
   listen mode works. The new default behavior is to accept only one
@@ -90,39 +70,104 @@ o [Ncat] There is a backwards-incompatible change in the way that
   Use the new -k or --keep-open option to get the old behavior, in
   which Ncat will accept multiple simultaneous connection, combine all
   their input, and accept more connections after a disconnection.
-  [Daniel Roethlisberger]
+  [Daniel Roethlisberger, David]
 
-o Improved validate_scan_lists to handle -SP and -SA at the same time
+o Ncat handling of newlines on Windows has been improved. CRLF is
-  when running nmap as nonroot or using IPv6.  It now combines the two
+  automatically converted to a bare LF when input is from the console,
-  port lists [Josh Marlow]
+  but left untouched when it is from a pipe or a file. No newline
+  translation is done on output (where it was being done before). This
+  makes it possible to transfer binary files with Ncat on Windows
+  without any corruption, while still being able to interactively ncat
+  into UNIX shells and other processes which require bare
+  newlines. Ncat clients now work the same way on UNIX and Windows in
+  that respect.  For cases where you do want \r\n line endings (such
+  as connections to web and email servers or Windows cmd.exe shells),
+  specify -C whether your client is running on UNIX or
+  Windows. [David]
+
+o Nmap RPM packages (x86 and x86-64) are now built with OpenSSL
+  support (statically linked in to avoid dependencies).  They are also
+  now built on CentOS 5.3 for compatability with RHEL, Fedora, and
+  other distributions. Please let us know if you discover any
+  compatability problems (or other issues) with the new RPMs. [Fyodor]
+
+o [Zenmap] The Topology tab now has a "Save Graphic" button that
+  allows saving the current topology display as a PNG, PostScript,
+  PDF, and SVG image.  [Joao Medeiros, David]
+
+o Changed the default UDP ping (-PU) port from 31338 to 40125.  This
+  appears to be a better port based on David's empirical testing.
+
+o [NSE] Added the imap-capabilities script, which uses the CAPABILITY
+  command to determine the capabilities of a target IMAP mail server.
+  A simple supporting IMAP library was added as well. See
+  http://nmap.org/nsedoc/scripts/imap-capabilities.html. [Brandon]
+
+o [NSE] Brandon Enright from UCSD reports that, thanks to all the NSE
+  fixes in this release, he no longer sees any Nmap crashes in his
+  large scale scans. See
+  http://seclists.org/nmap-dev/2009/q2/0639.html.
+
+o Zenmap now works on RHEL/CentOS since it no longer requires the
+  hashlib library (which was introduced in Python 2.5, but RHEL 5
+  still uses 2.4) and removing the pysqlite2 requirement (RHEL does
+  not offer that module).  It is still desirable to have pysqlite2
+  when available, since it enables Zenmap searching and database
+  saving features. [David]
+
+o Ncat can now send SSL certificates in connect mode for client
+  authentication by using the --ssl-cert and --ssl-key options.  The
+  specified certificates are only sent when requested by the
+  server. [Venkat]
+
+o Nmap can now handle -SP and -SA at the same time when running nmap
+  as nonroot or using IPv6.  It now combines the two port lists [Josh
+  Marlow]
 
 o [Ncat] SSL in listen mode now works on systems like BSD in which a
   socket inherits its blocking or non-blocking status from the
-  listening socket. Thanks to Daniel Roethlisberger for reporting the
+  listening socket. [David, Daniel Roethlisberger]
-  bug and providing test results. [David]
 
-o The --version-trace option now shows the names of the probes as they
+o The --packet-trace/--version-trace options now shows the names of
-  are sent to ease debugging/understanding. [Tom Sellers]
+  version detection probes as they are sent, making the version
+  detection process easier to understand and debug. [Tom Sellers]
 
-o The GPG detached signatures of Nmap releases now use the more
+o The GPG detached signatures for Nmap releases now use the more
   standard .asc extension rather than .gpg.txt.  They can still be
   found at http://nmap.org/dist/sigs/ and the .gpg.txt versions for
-  previous releases are still retained for compatability reasons. For
+  previous releases are still available for compatability reasons. For
   instructions on verifying Nmap package integrity, see
   http://nmap.org/book/install.html#inst-integrity. [Fyodor]
 
-o [Zenmap] Fixed two bugs: 1) HostInfo objects would be modified in memory to
+o [Zenmap] Fixed two bugs: 1) When two scans are performed in Zenmap
-  reflect information gathered from new scans, making scan comparisons
+  and aggregated, the first one was being modified in the process,
-  difficult.  Now, modifications are done to copies of existing hosts.
+  preventing you from doing diffs in the "compare scans" dialogue or
-  2) Canceling a scan and then removing it would cause the NetworkInventory
+  properly saving the first scan individually. 2) If you start two
-  hosts dictionary to be cleared and not refreashed [Josh Marlow]
+  scans, then the faster one finishes and you cancel and remove the
+  slower one while still in progress, much of the results from both
+  scans are lost. [Josh Marlow]
+
+o [Ncat] When connecting to an SSL service in verbose mode, Ncat now
+   prints confirmation of the SSL connection, some certificate
+   information, and a cert fingerprint. For example:
+   SSL connection to 64.147.188.3:443. Electronic Frontier Foundation
+   SHA-1 fingerprint: 28BE B476 2E49 7ED5 3A9B 4D79 AD1E 69A9 82DB C75A
+
+o [NSE] Clean up output (generally reducing default verbosity) for the
+  p2p-conficker, smb-check-vulns, and http-iis-webdav-vuln scripts. In
+  general, we don't ask scripts to report that a host is clean unless
+  Nmap's verbosity level (-v) is at least one or two. [Ron, Fyodor]
 
 o [Zenmap] Added the -PS22,25,80 option found in the Quick Traceroute
   profile to some of the Intense scan profiles for improved host
   discovery. [Josh Marlow]
 
+o Fixed a bug with the --defeat-rst-ratelimit option which prevented
+  it from working properly.  See this thread:
+  http://seclists.org/nmap-dev/2009/q2/0476.html. [Josh]
+
 o [Ndiff] Avoid printing a "Not shown:" line if there weren't any
-  ports in that (extraports) state. [David]
+  ports in the non-shown (extraports) list. [David]
 
 o [Ncat] Fixed Ncat compilation with versions of OpenSSL before 0.9.7.
   Previously it would fail in ncat_openssl.c with the message
@@ -131,38 +176,35 @@ o [Ncat] Fixed Ncat compilation with versions of OpenSSL before 0.9.7.
 
 o [NSE] Removed the packet.hextobin(str) and packet.bintohex(str)
   functions. They are redundant since you get the same functionality
-  by calling with bin.pack("H", str) and bin.unpack("H", str),
+  by calling bin.pack("H", str) and bin.unpack("H", str),
   respectively. [Patrick]
 
 o [NSE[ Fixed the parsing of --script-args, which was only accepting
-  values with alphanumeric characters and underscores. Now a key, value,
+  alphanumeric characters and underscores in values. Now a key, value,
-  or array value may be a sequence of characters except '{', '}', ',',
+  or array value may be a sequence of any characters except '{', '}',
-  '=', and all space characters. You may overcome this restriction by
+  ',', '=', and all space characters. You may overcome this
-  using quotes (single or double) to allow all characters within the
+  restriction by using quotes (single or double) to allow all
-  quotation marks. You may also use the quote delimiter inside the
+  characters within the quotation marks. You may also use the quote
-  sequence so long as it is escaped by a backslash. See
+  delimiter inside the sequence so long as it is escaped by a
+  backslash. See
   http://seclists.org/nmap-dev/2009/q2/0211.html. [Patrick]
 
-o [NSE] When a script ends for any reason, all of its mutexes are
+o [NSE] When a script ends for any reason, all of its mutexes are now
   unlocked.  This prevents a permanant (and painful to debug) deadlock
   when a script crashes without unlocking a mutex. See
   http://seclists.org/nmap-dev/2009/q2/0533.html.
 
-o Added another case to NmapOps::RawScan() to cover the case where we are using
+o Fixed a bug wherein nmap would not display the post-scan count of
-  a SYN ping scan and issuing raw packets.  This fixes a bug wherein nmap would
+  raw packets sent during a SYN ping scan (-sP -PS). [Josh Marlow]
-  not display the post-scan count of raw packets sent. [Josh Marlow]
 
-o Changed the ICMP ping probes to use a random non-zero ICMP id.  Some hosts
+o Changed the ICMP ping probes to use a random non-zero ICMP id.
-  seem to drop probes when the ICMP id is 0 [Josh Marlow]
+  David's empirical testing found that some hosts drop probes when the
+  ICMP id is 0 [Josh Marlow]
 
-o Fixed a --script argument processing bug in which Nmap would abort
+o [NSE] Fixed a --script argument processing bug in which Nmap would
-  when an expression matches a set of scripts which were loaded by
+  abort when an expression matches a set of scripts which were loaded
-  other expressions first (a simple example is 
+  by other expressions first (a simple example is "--script
-  "--script default,DEFAULT". [Patrick]
+  default,DEFAULT". [Patrick]
-
-o Fixed a bug with the --defeat-rst-ratelimit option which prevented
-  it from working properly.  See this thread:
-  http://seclists.org/nmap-dev/2009/q2/0476.html. [Josh]
 
 o [Zenmap] Operating system icons are now always loaded as PNGs, even on
   platforms which support SVG images. That is much faster, and Zenmap
@@ -171,19 +213,18 @@ o [Zenmap] Operating system icons are now always loaded as PNGs, even on
 o [Ncat] The Nmap Windows uninstaller now removes the Ncat CA list
   (ca-bundle.crt) which has been installed since 4.85BETA9. [Jah]
 
-o [NSE] Brandon Enright from UCSD reports that, thanks to all the NSE
+o Optimized some Nmap version detection match lines for slightly
-  fixes in this release, he no longer sees any Nmap crashes in his
+  better performance. See
-  large scale scans. See
+  http://seclists.org/nmap-dev/2009/q2/0328.html. [Brandon]
-  http://seclists.org/nmap-dev/2009/q2/0639.html.
 
 o [NSE] Upon connection failure, a socket now immediately unlocks its
   "socket lock" to allow other pending socket connections to succeed
-  sooner. This slightly improves scan speeds by removing the wait for
+  sooner. This slightly improves scan speeds by eliminating the wait
-  garbage collection to free the resource. [Patrick]
+  for garbage collection to free the resource. [Patrick]
 
-o [NSE] Corrected a bug in nse_nsock.cc that could result in the use
+o [NSE] Corrected a bug in nse_nsock.cc that could result in a crash
-  of an invalid Lua state if a thread is collected due to timeout or
+  from the use of an invalid Lua state if a thread is collected due to
-  other even more rare reasons. Essentially, the callbacks from the
+  timeout or other rare reasons. Essentially, the callbacks from the
   nsock library were returning to an already-collected Lua state. We
   now maintain a reference to the Lua State Thread in the nsock
   userdata environment table to prevent early collection.  This is a
@@ -210,13 +251,24 @@ o [Zenmap] Fixed a crash, introduced in 4.85BETA4, that happened when
   set_date TypeError: argument must be sequence of length 9, not 3
 
 o Patched configure.ac to detect Lua include and library files in
-  "lua5.1" subdirectories of /usr/include and the like. Apparently
+  "lua5.1" subdirectories of /usr/include and the like. Debian
-  Debian puts them there. We still check the likes of
+  apparently puts them there. We still check the likes of
   /usr/include/lua.h and /usr/include/lua/lua.h as well. [Jan
   Christoph Nordholz]
 
-o The --traceroute feature is now properly disabled whenever IPv6 (-6)
+o Improved nsock's fselect() to be a more complete replacement for
-  is requested, since IPv6 traceroutes are not yet supported. [Jah]
+  select() on the Windows platform. In particularly, any or all of the
+  FD sets can be null or empty descriptor sets. This fixes an error
+  ("nsock_loop error 10022") which would occur when you ran ncat
+  --send-only on Windows. [David]
+
+o The --with-openssl= directive now works for specifying the SSL
+  location to the nsock library.  It was previously not passing the
+  poper include file path to the compiler. [Fyodor]
+
+o The --traceroute feature is now properly disabled for IPv6 (-6) ping
+  scans (-sP), since IPv6 traceroutes are not currently
+  supported. [Jah]
 
 o Fixed an assertion failure which could occur on at least SPARC Linux
   The error looked like "nsock_core.c:294: handle_connect_result:
@@ -228,11 +280,6 @@ o Nmap's make install target now uses $(INSTALL) rather than cp to
 
 o Improved the Oracle DB version detection signatures. [Tom Sellers]
 
-o [NSE] Clean up output (generally reducing default verbosity) for the
-  p2p-conficker, smb-check-vulns, and http-iis-webdav-vuln scripts. In
-  general, we don't ask scripts to report that a host is clean unless
-  Nmap's verbosity level (-v) is at least one or two. [Ron, Fyodor]
-
 o [NSE] Remove the old nse_macros.h header file. This involved
   removing the SCRIPT_ENGINE_* status defines, moving the likes of
   SCRIPT_ENGINE_LUA_DIR to nse_main.h, removing the last remaining use
@@ -248,8 +295,9 @@ o Fixed a bug which would cause Nmap to sometimes miscount the number
   were specified, so 0 hosts scanned" when --traceroute and -sP were
   combined. [Jah]
 
-o Changed Nmap's configure.ac to check in more situations whether -ldl
+o Changed Nmap and Ncat's configure.ac files to check in more
-  is required for compilation and add it where necessary. [Fyodor]
+  situations whether -ldl is required for compilation and add it where
+  necessary. [Fyodor]
 
 o When building Nmap RPMs using the spec file, you can now pass in an
   openssl argument, the contents of which are passed to ./configure's
@@ -257,17 +305,27 @@ o When building Nmap RPMs using the spec file, you can now pass in an
   --define "openssl /usr/local/ssl". [Fyodor]
 
 o Fixed the make distclean target to avoid a failure which could occur
-  when you ran it right after a make clean and potentially in other
+  when you ran it right after a make clean (it might have failed in
-  situations. [David]
+  other situations as well). [David]
 
 o Updated nmap-mac-prefixes with the latest MAC address prefix data
   from http://standards.ieee.org/regauth/oui/oui.txt as of
   5/20/09. [Fyodor]
 
-o Ncat can now send SSL certificates in connect mode for client
+o Ncat now uses a blocking socket in connect mode to resolve a failure
-  authentication by using the --ssl-cert and --ssl-key options.  The
+  where the command "ncat --exec /usr/bin/yes localhost" would stop
-  specified certificates are only sent when requested by the
+  sending because yes would send data so quickly that kernel send
-  server. [Venkat]
+  buffers could not keep up and socket writes would start generating
+  EAGAIN errors. [Venkat]
+
+o Ncat now ignores SIGPIPE in listen mode.  This fixes the comamnd
+  "yes | ncat -l --keep-open --send-only", which was failing after the
+  first client disconnected due to a broken pipe signal when Ncat
+  would try to write more date before realizing that the client had
+  closed the connection.
+
+o Version detection can now detect Ncat's --chat mode (in IPv4 and
+  IPv6 modes). [David]
 
 Nmap 4.85BETA9 [2009-05-12]