Log message:
nmap: fix detection of pkgsrc libpcap

Log message:
ndiff nmap zenmap: updated to 7.95

Nmap 7.95 [2024-04-19]

o [Windows] Upgraded Npcap (our Windows raw packet capturing and
  transmission driver) from version 1.75 to the latest version 1.79. It
  includes many performance improvements, bug fixes and feature
  enhancements described at https://npcap.com/changelog.

o Integrated over 4000 IPv4 OS fingerprints submitted since June 2020. Added
  336 fingerprints, bringing the new total to 6036.  Additions include iOS 15 &
  16, macOS Ventura & Monterey, Linux 6.1, OpenBSD 7.1, and lwIP 2.2

o Integrated over 2500 service/version detection fingerprints submitted since
  June 2020. The signature count went up 1.4% to 12089, including 9 new
  softmatches.  We now detect 1246 protocols, including new additions of grpc,
  mysqlx, essnet, remotemouse, and tuya.

o [NSE] Four new scripts from the DINA community (https://github.com/DINA-community)
  for querying industrial control systems:

  + hartip-info reads device information from devices using the Highway
    Addressable Remote Transducer protocol

  + iec61850-mms queries devices using Manufacturing Message Specification
    requests. [Dennis Rösch, Max Helbig]

  + multicast-profinet-discovery Sends a multicast PROFINET DCP Identify All
    message and prints the responses. [Stefan Eiwanger, DINA-community]

  + profinet-cm-lookup queries the DCERPC endpoint mapper exposed via the
    PNIO-CM service.

o Upgraded included libraries: Lua 5.4.6, libpcre2 10.43, zlib 1.3.1,
  libssh2 1.11.0, liblinear 2.47

o Upgraded OpenSSL binaries (for the Windows builds and for
  RPMs) to version 3.0.13. CVEs resolved in this update include only 2
  moderate-severity issues which we do not believe affect Nmap:
  CVE-2023-5363 and CVE-2023-2650

o [Zenmap][Ndiff] Zenmap and Ndiff now use setuptools, not distutils for packaging.

o [Ncat] Fixed Ncat UDP server mode to not quit after EOF on stdin. Reported
  as Debian bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039613

o Fixed an issue where TCP Connect scan (-sT) on Windows would fail to open any
  sockets, leading to scans that never finish. [Daniel Miller]

o [NSE] ssh-auth-methods will now print the pre-authentication banner text when
  available. Requires libssh2 1.11.0 or later. [Daniel Miller]

o [Zenmap] Fix a crash in Zenmap when changing a host comment.

o [NSE] Fix TLS 1.2 signature algorithms for EdDSA. [Daniel Roethlisberger]

o [Zenmap] RPM spec files now correctly require the python3 package, not python>=3

o Improvements to OS detection fingerprint matching, including a syntax change
  for nmap-os-db that allows ranges within the TCP Options string. This leads
  to more concise and maintainable fingerprints. [Daniel Miller]

o Improved the OS detection engine by using a new source port for each retry.
  Scans from systems such as Windows that do not send RST for unsolicited
  SYN|ACK responses were previously unable to get a response in subsequent
  tries. [Daniel Miller]

o Several profile-guided optimizations of the port scan engine. [Daniel Miller]

o Fix an out-of-bounds read which led to out-of-memory errors when
  duplicate addresses were used with --exclude

o Fixed a memory leak in Nsock: compiled pcap filters were not freed.

o Fixed a crash when using service name wildcards with -p, as in -p "http*"

o [NSE] Fixed DNS TXT record parsing which caused asn-query to fail in Nmap
  7.80 and later. [David Fifield, Mike Pattrick]

o [NSE] Fixed packet size testing in KNX scripts [f0rw4rd]

Log message:
*: bump for openssl 3

Log message:
*: recursive bump for Python 3.11 as new default

Log message:
nmap: Add missing climits header inclusion. Spotted in SunOS bulk build.

Log message:
nmap: fix build

Log message:
nmap: remove patch that was removed from distinfo during update

Log message:
nmap ndiff zenmap: updated to 7.94

Nmap 7.94 [2023-05-19]

o Zenmap and Ndiff now use Python 3! Thanks to the many contributors who made
  this effort possible:
  + [Zenmap] Updated Zenmap to Python 3 and PyGObject. [Jakub Kulík]

  + [Ndiff] Updated Ndiff to Python 3. [Brian Quigley]

  + Additional Python 3 update fixes by Sam James, Daniel Miller. Special thanks
    to those who opened Python 3-related issues and pull requests: Eli
    Schwartz, Romain Leonard, Varunram Ganesh, Pavel Zhukov, Carey Balboa,
    Hasan Aliyev, and others.

o [Windows] Upgraded Npcap (our Windows raw packet capturing and
  transmission driver) from version 1.71 to the latest version 1.75. It
  includes dozens of performance improvements, bug fixes and feature
  enhancements described at https://npcap.com/changelog.

o Nmap now prints vendor names based on MAC address for MA-S (24-bit), MA-M
  (28-bit), and MA-L (36-bit) registrations instead of the fixed 3-byte MAC
  prefix used previously for lookups.

o Added partial silent-install support to the Nmap Windows
  installer. It previously didn't offer silent mode (/S) because the
  free/demo version of Npcap Windoes packet capturing driver that it
  needs and ships with doesn't include a silent installer. Now with
  the /S option, Nmap checks whether Npcap is already installed
  (either the free version or OEM) and will silently install itself if
  so. This is similar to how the Wireshark installer works and is
  particularly helpful for organizations that want to fully automate
  their Nmap (and Npcap) deployments. See
  https://nmap.org/nmap-silent-install for more details.

o Lots of profile-guided memory and processing improvements for Nmap, including
  OS fingerprint matching, probe matching and retransmission lookups for large
  hostgroups, and service name lookups. Overhauled Nmap's string interning and
  several other startup-related procedures to speed up start times, especially
  for scans using OS detection. [Daniel Miller]

o Integrated many of the most-submitted IPv4 OS fingerprints for recent
  versions of Windows, iOS, macOS, Linux, and BSD. Added 22 fingerprints,
  bringing the new total to 5700!

o [NSE] Added the tftp-version script which requests a
  nonexistent file from a TFTP server and matches the error message
  to a database of known software. [Mak Kolybabi]

o [Ncat] Ncat can now accept "connections" from multiple UDP hosts in
  listen mode with the --keep-open option. This also enables --broker and
  --chat via UDP. [Daniel Miller]

o Upgraded OpenSSL binaries (for the Windows builds and for
  RPM's) to version 3.0.8. This resolves some CVE's (CVE-2022-3602;
  CVE-2022-3786) which don't impact Nmap proper since it doesn't do
  certificate validation, but could possibly impact Ncat when the
  --ssl-verify option is used.

o Upgrade included libraries: zlib 1.2.13, Lua 5.4.4, libpcap 1.10.4

o Removed the bogus OpenSSL message from the Windows Nmap
  executable which looked like "NSOCK ERROR ssl_init_helper(): OpenSSL
  legacy provider failed to load." We actually already have the legacy
  provider built-in to our OpenSSL builds, and that's why loading the
  external one fails.

o UDP port scan (-sU) and version scan (-sV) now both use the same
  data source, nmap-service-probes, for data payloads. Previously, the
  nmap-payloads file was used for port scan. Port scan responses will be used
  to kick-start the version matching process. [Daniel Miller]

o Nmap's service scan (-sV) can now probe the UDP service behind a DTLS tunnel,
  the same as it already does for TCP services with SSL/TLS encryption. The
  DTLSSessionReq probe has had its rarity lowered to 2 to allow it to be sent
  sooner in the scan. [Daniel Miller]

o [Ncat] Ncat in listen mode with --udp --ssl will use DTLS to secure incoming
  connections. [Daniel Miller]

o Handle Internationalized Domain Names (IDN) like Яндекс.рф on
  platforms where getaddrinfo supports the AI_IDN flag. [Daniel Miller]

o [Ncat] Addressed an issue from the Debian bug tracker
  (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969314) regarding data
  received immediately after a SOCKS CONNECT response. Ncat can now be
  correctly used in the ProxyCommand option of OpenSSH.

o Improved DNS domain name parsing to avoid recursion and enforce name length
  limits, avoiding a theoretical stack overflow issue with certain crafted DNS
  server responses, reported by Philippe Antoine.

o [NSE] Fix mpint packing in ssh2 library, which was causing OpenSSH
  errors like "ssh_dispatch_run_fatal: bignum is negative" [Sami Loone]

o Updates to the Japanese manpage translation by Taichi Kotake.

o [Ncat] Dramatically speed up Ncat transfers on
  Windows by avoiding a 125ms wait for every read from
  STDIN. [scriptjunkie]

o [Windows] Periodically reset the system idle timer to keep the
  system from going to sleep while scans are in process. This only affects port
  scans and OS detection scans, since NSE and version scan do not rely on
  timing data to adjust speed.

o Updated the Nmap Public Source License (NPSL) to Version 0.95. This
  just clarifies that the derivative works definition and all other
  license clauses only apply to parties who choose to accept the
  license in return for the special rights granted (such as Nmap
  redistribution rights). If a party can do everything they need to
  using copyright provisions outside of this license such as fair use,
  we support that and aren't trying to claim any control over their
  work. Versions of Nmap released under previous versions of the NPSL
  may also be used under the NPSL 0.95 terms.

o Avoid storing many small strings from IPv4 OS detection results in the global
  string_pool. These were effectively leaked after a host is done being
  scanned, since string_pool allocations are not freed until Nmap quits.