|
|
|
|
Changelog for libopenvas_misc6-6.0.0-1.10.i586.rpm :
Thu Apr 18 14:00:00 2013 johann.luceAATTwanadoo.fr - Update to 6.0.0 version +2013-04-11 Henri Doreau * misc/kb.c: Fixed typo. 2013-04-10 Werner Koch * nasl/nasl_cert.c: Include gcrypt.h. (make_hexstring): New. (tohex): New macro. (get_fingerprint): New. (get_name): New. (nasl_cert_query): Replace some code by the new functions. (nasl_cert_query): Add commands \"image\", \"fpr-sha-256\", and \"fpr-sha-1\". 2013-04-09 Hani Benhabiles * base/cvss.c (__get_cvss_score): Add 0.0 to result to fix cases where result equals -0.0. (get_cvss_score_from_base): Return -1.0 instead of 0.0 when passed a null pointer to indicate an error as documented. 2013-04-09 Hani Benhabiles * base/cvss.c (impact_map): Fix Authentication Single Instance value from \"C\" to \"S\". 2013-04-09 Werner Koch * nasl/nasl_ssh.c (nasl_ssh_get_auth_methods): Fix length of returned string. A garbage byte at the end was returned. 2013-04-04 Hani Benhabiles * misc/openvas_auth.c (openvas_auth_init): Test for authentication configuration\'s existence before trying to load it. Log key file loading error as warning. 2013-04-04 Jan-Oliver Wagner This patch forces the scanner to only consider the CVSS of the NVT to decide about the severity class (HOLE, WARNING, NOTE, also known as Hight, Medium, Low) sent with the result. The scanner relies here on presence of a CVSS assigned to each NVT which was established in March 2013 for the regular feed. This change has significant impact on reporting behaviour because many (mostly older and various generic/sepcial ones) used either a mixture of security_note, _hole, _warning or are not in line with the assigned CVSS. For the latter case, these NVTs need to be fixed. Either the CVSS assignment was wrong, or the severity type. In some cases this will require to break up the NVT into multiple ones, separating log activity out into a NVT of its own. Splitting up into multiple NVTs is also relevant for those NVTs where severity message mixture was used. The hardest case to resolve will be NVTs that use the severity class as user preference. The analysis for mismatches can be done on NASL source code level of NVTs, simply comparing security_ * calls with CVSS tag. At the end of the day any such mismatch must be resolved in the regular feed. * nasl/nasl_init.c (libfuncs): Replace call of security_hole, security_warning and security_note by call of security_message. Also left a comment on when the API functions can be ultimately eliminated. * nasl/nasl_scanner_glue.c (security_hole, security_warning, security_note): Removed. * nasl/nasl_scanner_glue.h: Removed protos accordingly. 2013-04-03 Werner Koch * misc/openvas_server.c (server_attach_internal): Fix doc buglet. (openvas_server_attach): Ditto. 2013-04-02 Werner Koch * misc/openvas_server.c (server_attach): Factor all code out to .. (server_attach_internal): new function. Add and use args HOST and PORT. Return -2 on handshake failure. (openvas_server_new): Factor all code out to .. (server_new_internal): new function. Add optional arg PRIORITY. (openvas_server_open): Replace duplicate code by calls to server_new_internal and server_attach_internal. (openvas_server_connect): Replace handshake code by a call to openvas_server_attach. (openvas_server_free): Add backward compatibility change to allow use by openvas_server_close. (openvas_server_close): Replace by call to openvas_server_free. 2013-03-28 Hani Benhabiles * misc/proctitle.c (setproctitle): Remove \"openvassd:\" from new process name as the library call may be used by other daemons. 2013-03-26 Werner Koch * INSTALL: State that gnutls 2.8 is required. * misc/openvas_server.c (openvas_server_new): Change type of the END_TYPE arg to unsigned int. On most platforms this is compatible to the enum used by gnutls 2.x. * misc/openvas_server.h (openvas_server_new): Ditto. 2013-03-14 Jan-Oliver Wagner * CMakeLists.txt: Increased dependency to gnutls from 2.2 to 2.8. 2013-03-07 Hani Benhabiles * misc/plugutils.c (plugin_is_newstyle): Change tag name detection to vuldetect. 2013-03-06 Henri Doreau * nasl/nasl_builtin_nmap.c: Changed license from GPLv2 to GPLv2+ copyrighted by Greenbone. 2013-03-05 Hani Benhabiles * misc/plugutils.c (plugin_is_newstyle): New function. (proto_post_wrapped): Don\'t append nvt description to action when plugin has new style tags. * misc/plugutils.h: Add plugin_is_newstyle header. 2013-03-01 Jan-Oliver Wagner Removing handling of services list from libraries/scanner. Basically this is about the statice services list that is used to return a service identifier for port numbers. In case of a ssh running at port 80, the result so far would still be \"http (80/tcp)\" which is pretty misleading. The scanner should not at all use some static services list and match the ports to it. It should rather try to identify a service and report this (which is actually done via NVTs). In fact it should be the task of the Manager to attach IANA definition for informational purposes. Ideally the detected service is also shown. * misc/services1.c, misc/services1.h, misc/services.c, misc/services.h: Removed. * misc/scanners_utils.c: Removed unused include of \"services.h\". * misc/plugutils.c (proto_post_wrapped, scanner_add_port): Removed sending of the service name via OTP. For example \"80/tcp\" is now sent instead of \"http (80/tcp)\" * misc/CMakeLists.txt: Removed handling of modules services1.c and services.c. * nasl/nasl_builtin_openvas_tcp_scanner.c (std_port): Reduced to always return false. The code used the services list to determine whether it was a standard port. Now any port is judged to be a non-standard port. A todo about this to be resolved is left in the code. * CMakeLists.txt: Removed installtion of file \"openvas-services\". * COPYING: Removed modules services1 and services. * openvas-services: Removed. 2013-03-01 Jan-Oliver Wagner Remove handling of \"default\" as a option for the port range. It is a arbitrary and intransparent option for the users. Scanner clients should always send an explicit port range. * nasl/nasl_builtin_nmap.c (get_default_portrange): Removed. (add_portrange): Removed handling of case where port range is \"default\". (cmp): Removed. * nasl/nasl_builtin_openvas_tcp_scanner.c (banner_grab): Removed code to try to get default ports for services list. Exit with error when port_list is empty. * nasl/nasl_builtin_synscan.c (scan): Don\'t apply \"default\" as a fallback when port list is empty. * misc/scanners_utils.c (getpts): Remove handling for port lists of type \"default\". 2013-03-01 Jan-Oliver Wagner Post branch version bump. * CMakeLists.txt: Set version to 7.0.0 and status to beta. 2013-02-27 Timo Pollmeier * omp.c (omp_delete_task_ext, omp_delete_target_ext) (omp_delete_config_ext, omp_delete_lsc_credential_ext): New functions to delete tasks, targets, configs and lsc_credentials with options. * omp.h (omp_delete_opts_t): New typedef for omp_delete_... options. (omp_delete_opts_defaults, omp_delete_opts_ultimate_defaults): New constants for omp_delete_opts_t default values. (omp_delete_task_ext, omp_delete_target_ext) (omp_delete_config_ext, omp_delete_lsc_credential_ext): New function prototypes. 2013-02-25 Michael Wiegand * base/CMakeLists.txt: Add GPGME_CFLAGS to compiler flags. Patch suggested by Hanno Boeck. 2013-02-22 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 6.0+beta6. 2013-02-22 Michael Wiegand * nasl/nasl.c (main): Update year in copyright notice. 2013-02-22 Michael Wiegand Preparing the openvas-libraries 6.0+beta5 release. * CHANGES: Updated. 2013-02-21 Werner Koch * misc/network.c (load_file, unload_file, load_cert_and_key): Replace gnutls_datum by gnutls_datum_t. 2013-02-21 Hani Benhabiles * base/nvticache.c (get_plugin_preference): Check prefs is not null before using it. Style update to remove mixed declarations and code. 2013-02-21 Werner Koch * base/nvticache.c (nvticache_get_by_oid): Take care of a NULL used for CACHE. * base/pwpolicy.c (policy_checking_failed): New. (parse_pattern_line): Split error messages into a log message and a shorter version for the user. (openvas_validate_password): Ditto. 2013-02-21 Jan-Oliver Wagner * COPYING: Added module pwpolicy. 2013-02-20 Werner Koch * base/pwpolicy.c: New. Taken from openvas-administrator. * base/pwpolicy.h: New. * base/CMakeLists.h: Add new files. * base/CMakeLists.txt: Change -D OPENVAS_SYSCONFDIR to OPENVAS_SYSCONF_DIR for consistency. * base/gpgme_util.c (determine_gpghome): Adjust for this change. * nasl/CMakeLists.txt: Change -D OPENVAS_SYSCONFDIR to OPENVAS_SYSCONF_DIR for consistency. It is not used anyway. * misc/openvas_server.c (openvas_server_open): Print host and port in debug and warning messages. 2013-02-19 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 6.0+beta5. 2013-02-19 Michael Wiegand * CHANGES: Updated. 2013-02-19 Michael Wiegand Move \"-Werror\" flag to the \"Debug\" build type. * misc/CMakeLists.txt, omp/CMakeLists.txt, nasl/CMakeLists.txt, hg/CMakeLists.txt, base/CMakeLists.txt: Move \"-Werror\" from CMAKE_C_FLAGS to CMAKE_C_FLAGS_DEBUG to keep it out of the \"Release\" build type. * CMakeLists.txt: Do not set any flags as this is currently handled by the individual CMakeLists.txt in the subdirectories. 2013-02-18 Jan-Oliver Wagner Deperecating \"script_dependencie\" which is some very old work around for typos that happend when trying to spell \"script_dependencies\". * nasl/nasl_init.c (libfuncs): Removed \"script_dependencie\", renamed mapping to \"script_dependencies\". * nasl_scanner_glue.c (script_dependencie): Renamed to script_dependencies. * nasl_scanner_glue.h: Adjusted proto accordingly. 2013-02-17 Jan-Oliver Wagner Preparing the openvas-libraries 6.0+beta4 release. * CHANGES: Updated. 2013-02-14 Werner Koch * misc/openvas_auth.c (get_password_hashes): Remove partly hardwired use of MD5 to be future proof. Rename variable to avoid a Libgcrypt namespace clash. 2013-02-12 Hani Benhabiles * nasl/md5.c (MD5Final): memset with sizeof buffer, not pointer. Via Michal Ambroz. 2013-02-08 Matthew Mundell * omp/omp.h (omp_get_report_opts_t, omp_get_report_opts_defaults): Add levels. * omp/omp.c (omp_get_report_ext): Add levels. 2013-02-07 Michael Wiegand * doc/wmi-howto.txt: Fix cmake call, make example appropriate for out-of-source builds. 2013-02-07 Jan-Oliver Wagner * doc/wmi-howto.txt: Updated with hint on second wmi patch. 2013-02-07 Michael Wiegand Make sure openvas-libraries compiles as well without WMI support. * nasl/openvas_wmi_interface.h: Include stdint.h for use of uint32_t and uint64_t. * nasl/wmi_interface_stub.c (wmi_reg_set_dword_val) (wmi_reg_set_qword_val): Fix wrong types in function declaration. 2013-02-07 Veerendra G.G * nasl/nasl_wmi.c, nasl/nasl_wmi.h, nasl/nasl_init.c, nasl/wmi_interface_stub.c, nasl/openvas_wmi_interface.h: Added 6 new WMI Registry functions. 2013-02-06 Matthew Mundell * omp/omp.c (OMP_FMT_BOOL_ATTRIB): Add the attribute when it is 0 too, because the OMP default is sometimes 1. 2013-01-29 Werner Koch * nasl/nasl.c: Include libssh and nasl_signature.h. (main): Display library versions if --debug-tls is given. 2013-01-28 Michael Wiegand * misc/openvas_auth.c (openvas_auth_init): Downgrade log level for debug message. 2013-01-24 Werner Koch Change to allow printing of useful diagnostics even if stderr is redirected to the bit bucket. * misc/network.c: Include openvas_logging.h. Replace all fprintf to stderr calls by calls to log_legacy_write. (openvas_get_socket_from_connection): Repalce fflush by log_legacy_fflush. (verify_peer_certificate): Add messages for not yet valid and expired certifciates, print invalid status last, and pretty print those messages. * misc/openvas_logging.c: Include stdarg.h. (legacy_log_handler): New variable. (setup_legacy_log_handler, log_legacy_write, log_legacy_fflush): New. * misc/openvas_logging.h: Add prototypes for new functions. * misc/openvas_logging.c: Include gnutls.h. (log_func_for_gnutls): New. (setup_log_handlers): Enable GNUTLS logging if the evnvar OPENVAS_GNUTLS_DEBUG is set. 2013-01-24 Michael Wiegand * misc/openvas_auth.c (openvas_auth_write_config): Correct group for allow-plaintext entry. 2013-01-21 Chandrashekhar B * nasl/nasl_packet_forgery_v6.c (forge_udp_v6_packet): IPv6 packet length was set to 40 more than the size in UDP forging. (set_udp_v6_elements): IPv6 packet length was set to 40 more than the size in UDP forging. 2013-01-21 Felix Wolfsteller * misc/ldap_auth.c (ldap_auth_bind): Before giving up if StartTLS failed, try to establish ldaps connection. 2013-01-21 Felix Wolfsteller * misc/ldap_auth.c (ldap_auth_bind): Renamed parameter from force_starttls to force_encryption (upcoming: ldaps support). 2013-01-21 Hani Benhabiles * base/accessrules.c (accessrule_set_oid): Rename into accessrule_set_rule to match header. * base/credentials.h (credentials_t): Fix documentation. 2013-01-19 Matthew Mundell * omp/omp.c (check_response): Return OMP status if there is one. Reflect this in docs of callers. 2013-01-18 Hani Benhabiles Patch by Henri Doreau. * base/openvas_file.c: Include errno.h. (openvas_file_check_is_dir): Use g_lstat instead of stat. Code cleanup. (openvas_file_copy, openvas_file_move): Code deduplication and cleanup. 2013-01-18 Hani Benhabiles * base/openvas_file.c (openvas_file_rmdir_rf): Remove function as it duplicates with openvas_file_remove_recurse. (openvas_file_copy): Use g_file_copy and g_file_new_path functions from gio. (openvas_file_move): Use g_file_move and g_file_new_path functions from gio. * base/openvas_file.h: Remove openvas_file_rmdir_rf header. Include gio. * CMakeLists.txt: Add gio from glib to pkg-config command. 2013-01-17 Jan-Oliver Wagner Make module openvas_ssh_login independent of module system. * misc/openvas_ssh_login.c (openvas_ssh_login_new): Use g_malloc0 instead of emalloc. (openvas_ssh_login_free): Use g_free instead if efree. 2013-01-17 Jan-Oliver Wagner * COPYING: Added entry for new module base/gpgme_util. 2013-01-17 Jan-Oliver Wagner * base/README.txt: Improve text and extend mission to any mandatory library. 2013-01-17 Werner Koch * base/CMakeLists.txt (CMAKE_C_FLAGS): Add -D_FILE_OFFSETS_BITS=64. 2013-01-17 Werner Koch Move gpgme initialization from nasl/ to base/. This removes the script name from the error messages, but those errors are anyway not script specific. * nasl/nasl_signature.c (locale.h): Remove include. (determine_gpghome): Remove. (init_openvas_gpgme_ctx): Remove. * nasl/nasl_signature.h: Include gpgme_util.h. * base/gpgme_util.c, base/gpgme_util.c: New files with the removed functions. (init_openvas_gpgme_ctx): Rename to openvas_init_gpgme_ctx. Change all callers. * base/CMakeLists.txt: Add gpgme_utils.c and gpgme_util.h. (add_definition): Add OpenVAS_SYSCONFDIR. 2013-01-17 Hani Benhabiles * base/openvas_file.c (openvas_file_copy, openvas_file_move) (openvas_file_rmdir_rf): New functions. * base/openvas_file.h: Add headers accordingly. 2013-01-17 Felix Wolfsteller * misc/ldap_auth.c (ldap_auth_bind): If switching to StartTLS fails and allow-plaintext is true, close and re-establish connection, to overcome fact that ADS does not allow bind after StartTLS negotiation fail. Reuse ldapuri, thus free at other places. 2013-01-17 Felix Wolfsteller * misc/ldap_auth.c (ldap_auth_bind): Abort if password is of zero length. Default ADS behaviour allows binding with correct username but empty password. 2013-01-11 Jan-Oliver Wagner * base/nvticache.c (nvticache_get_src_by_oid): New. Returns the copy of the src string. This function is special because src is the only element that is directly stored in a shrinked nvti object. Using this function prevents the loading of the nvti object from filesystem when only src is needed. * base/nvticache.h: Added proto accordingly. 2013-01-06 Jan-Oliver Wagner Third part towards clean separation of NVTI into the NVTI Cache: The nvti objects in memory are shrinked to essential data and details are loaded from file when needed. This decreases memory consumption by around 30M per process in my test environment. * base/nvti.c (nvti_shrink): New. Free memory of all elements except src and oid. * base/nvti.h: Add proto for nvti_shrink. * base/nvticache.c (nvticache_get): Search the nvtis and return nvti if found. If new, shrink it and then add it to nvtis. In any case a cloned, shrinked nvti is returned. (nvticache_get_by_oid): Because the nvti is shrinked, load the full object from file, create a new object and return it. * nasl/nasl_scanner_glue.c (security_message): Free the nvti object because it is a clone now. * misc/plugutils.c (plug_create_from_nvti_and_prefs): Use a copy of the oid string for OID. (proto_post_wrapped, get_plugin_preference): Free the nvti object after use. 2013-01-06 Jan-Oliver Wagner Second part towards clean separation of NVTI into the NVTI Cache: The nvti objects are stored in the cache object in memory and all remaining access to NVTI object via \"NVTI\" is replaced by access via OID. The only exception is the parsing code for the description block where the OID is not necessarily known at the beginning and therefore can not be relied on. * base/nvticache.h (struct nvticache): Added collection of NVTIs. (nvticache_get_by_oid): Added proto. * base/nvticache.c (nvticache_new): Initialize nvtis. (nvticache_free): Free the nvtis. (nvticache_get): Add the new nvti to the nvtis. (nvticache_get_by_oid): New. * misc/plugutils.c (plug_create_from_nvti_and_prefs): Don\'t set the NVTI anymore. Don\'t duplicate the oid string when setting the OID. (proto_post_wrapped, get_plugin_preference): Don\'t get the object via NVTI, get it via OID. * nasl/nasl_scanner_glue.c (get_script_oid): Create a copy of the OID when setting the str_val. (security_message): Get the nvti object via OID instead of via NVTI. 2013-01-06 Jan-Oliver Wagner First part towards clean separation of NVTI into the NVTI Cache: Plugin arg_list are provided with explicit OID element. And whereever only the OID is required, it is directly retrieved instead via NVTI. This increases memory consumption per process sligthly and makes processing more complicated. The latter is neglectable in terms of performance. The first adds about 3M per process. * misc/plugutils.c (plug_create_from_nvti_and_prefs): Set OID additional to NVTI as arg list element. (mark_successful_plugin, mark_post): Use OID element directly instead of NVTI. * nasl/nasl_scanner_glue.c (get_script_oid): Use OID element directly instead of NVTI. * nasl/nasl_misc_funcs.c (simple_register_host_detail): Use OID element directly instead of NVTI. 2013-01-04 Jan-Oliver Wagner * nasl/nasl_scanner_glue.c (security_message): Removed unneeded check. It was misplaced here. 2013-01-04 Felix Wolfsteller * hg/CMakeLists.txt: In commented hg-test executable target, also statically link against nasl (because of nasl *ssh_internal_close). 2012-12-28 Henri Doreau * base/cvss.c (get_cvss_score_from_base_metrics): Check for a valid toenum() return value. 2012-12-27 Henri Doreau Refactored code to match the project\'s coding standards. * base/cvss.c (toenum, get_impact_subscore) (get_exploitability_subscore, get_cvss_score_from_base_metrics): Reworked code to use the new struct cvss and impact_item table. Numerous style fixes. (set_impact_from_str, __get_cvss_score): New. * base/cvss.h: Updated headers accordingly. 2012-12-20 Jan-Oliver Wagner * nasl/nasl_scanner_glue.c (script_tag): Ignore tags setting a risk_factor. It will therefore not be stored in nvti files and not transferred via OTP. 2012-12-20 Jan-Oliver Wagner * nasl/nasl_scanner_glue.c (script_see_also): Removed. It was marked unused anyway and will not be used in the future. * nasl/nasl_scanner_glue.h: Remove proto accordingly. 2012-12-20 Jan-Oliver Wagner * base/nvti.c (nvti_free): Don\'t free risk factor anymore. (nvti_risk_factor): Compute the risk factor based on cvss. (nvti_set_risk_factor): Removed. (nvti_clone): Don\'t clone risk factor anymore. * base/nvti.h: Removed proto accordingly. (struct nvti): Removed element risk_factor. 2012-12-18 Jan-Oliver Wagner * COPYING: Added cvss module. * base/cvss.c (cvss_as_str): New. * base/cvss.h: Added proto accordingly. 2012-12-17 Jan-Oliver Wagner * nasl/nasl_scanner_glue.c (security_message): Directly retrieve the cvss value from the NVTI meta data when there is no parameter given. 2012-12-17 Jan-Oliver Wagner * nasl/exec.c: Replaced all calls of cvt_bool by cell2bool. (cvt_bool): Remove. It is a unused wrapper around cell2bool() since ages. 2012-12-17 Jan-Oliver Wagner * base/nvti.c (nvti_cvss): Add missing free\'ing. Convert cvss separately from stored base value as last resort. 2012-12-17 Jan-Oliver Wagner * base/nvti.c (nvti_cvss): Compute cvss from cvss_base_vector. 2012-12-16 Jan-Oliver Wagner * base/cvss.c, base/cvss.h: New. Implemented by Preeti Subramanian. * base/CMakeLists.txt: Add new module cvss to build routines. 2012-12-14 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 6.0+beta4.
|
|
|