SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libopenvas_nasl6-6.0.0-1.10.i586.rpm :
Thu Apr 18 14:00:00 2013 johann.luceAATTwanadoo.fr
- Update to 6.0.0 version
+2013-04-11 Henri Doreau

* misc/kb.c: Fixed typo.
2013-04-10 Werner Koch

* nasl/nasl_cert.c: Include gcrypt.h.
(make_hexstring): New.
(tohex): New macro.
(get_fingerprint): New.
(get_name): New.
(nasl_cert_query): Replace some code by the new functions.
(nasl_cert_query): Add commands \"image\", \"fpr-sha-256\", and
\"fpr-sha-1\".
2013-04-09 Hani Benhabiles

* base/cvss.c (__get_cvss_score): Add 0.0 to result to fix cases where
result equals -0.0.
(get_cvss_score_from_base): Return -1.0 instead of 0.0 when passed a
null pointer to indicate an error as documented.
2013-04-09 Hani Benhabiles

* base/cvss.c (impact_map): Fix Authentication Single Instance value
from \"C\" to \"S\".
2013-04-09 Werner Koch

* nasl/nasl_ssh.c (nasl_ssh_get_auth_methods): Fix length of
returned string. A garbage byte at the end was returned.
2013-04-04 Hani Benhabiles

* misc/openvas_auth.c (openvas_auth_init): Test for authentication
configuration\'s existence before trying to load it. Log key file
loading error as warning.
2013-04-04 Jan-Oliver Wagner
This patch forces the scanner to only consider the CVSS of the
NVT to decide about the severity class (HOLE, WARNING, NOTE, also
known as Hight, Medium, Low) sent with the result.
The scanner relies here on presence of a CVSS assigned to each NVT
which was established in March 2013 for the regular feed.
This change has significant impact on reporting behaviour because
many (mostly older and various generic/sepcial ones) used either
a mixture of security_note, _hole, _warning or are not in line
with the assigned CVSS.
For the latter case, these NVTs need to be fixed. Either the CVSS
assignment was wrong, or the severity type. In some cases this
will require to break up the NVT into multiple ones, separating
log activity out into a NVT of its own.
Splitting up into multiple NVTs is also relevant for those NVTs
where severity message mixture was used.
The hardest case to resolve will be NVTs that use the severity
class as user preference.
The analysis for mismatches can be done on NASL source code
level of NVTs, simply comparing security_
* calls with CVSS
tag. At the end of the day any such mismatch must be resolved
in the regular feed.

* nasl/nasl_init.c (libfuncs): Replace call of security_hole,
security_warning and security_note by call of security_message.
Also left a comment on when the API functions can be ultimately
eliminated.

* nasl/nasl_scanner_glue.c (security_hole, security_warning,
security_note): Removed.

* nasl/nasl_scanner_glue.h: Removed protos accordingly.
2013-04-03 Werner Koch

* misc/openvas_server.c (server_attach_internal): Fix doc buglet.
(openvas_server_attach): Ditto.
2013-04-02 Werner Koch

* misc/openvas_server.c (server_attach): Factor all code out to ..
(server_attach_internal): new function. Add and use args HOST and
PORT. Return -2 on handshake failure.
(openvas_server_new): Factor all code out to ..
(server_new_internal): new function. Add optional arg PRIORITY.
(openvas_server_open): Replace duplicate code by calls to
server_new_internal and server_attach_internal.
(openvas_server_connect): Replace handshake code by a call to
openvas_server_attach.
(openvas_server_free): Add backward compatibility change to allow
use by openvas_server_close.
(openvas_server_close): Replace by call to openvas_server_free.
2013-03-28 Hani Benhabiles

* misc/proctitle.c (setproctitle): Remove \"openvassd:\" from new process
name as the library call may be used by other daemons.
2013-03-26 Werner Koch

* INSTALL: State that gnutls 2.8 is required.

* misc/openvas_server.c (openvas_server_new): Change type of the
END_TYPE arg to unsigned int. On most platforms this is
compatible to the enum used by gnutls 2.x.

* misc/openvas_server.h (openvas_server_new): Ditto.
2013-03-14 Jan-Oliver Wagner

* CMakeLists.txt: Increased dependency to gnutls from 2.2 to 2.8.
2013-03-07 Hani Benhabiles

* misc/plugutils.c (plugin_is_newstyle): Change tag name detection to
vuldetect.
2013-03-06 Henri Doreau

* nasl/nasl_builtin_nmap.c: Changed license from GPLv2 to GPLv2+
copyrighted by Greenbone.
2013-03-05 Hani Benhabiles

* misc/plugutils.c (plugin_is_newstyle): New function.
(proto_post_wrapped): Don\'t append nvt description to action when plugin
has new style tags.

* misc/plugutils.h: Add plugin_is_newstyle header.
2013-03-01 Jan-Oliver Wagner
Removing handling of services list from libraries/scanner.
Basically this is about the statice services list that
is used to return a service identifier for port numbers.
In case of a ssh running at port 80, the result so far
would still be \"http (80/tcp)\" which is pretty misleading.
The scanner should not at all use some static services list
and match the ports to it. It should rather try to identify
a service and report this (which is actually done via NVTs).
In fact it should be the task of the Manager to attach IANA
definition for informational purposes. Ideally the detected
service is also shown.

* misc/services1.c, misc/services1.h, misc/services.c,
misc/services.h: Removed.

* misc/scanners_utils.c: Removed unused include of \"services.h\".

* misc/plugutils.c (proto_post_wrapped, scanner_add_port): Removed
sending of the service name via OTP. For example \"80/tcp\" is now
sent instead of \"http (80/tcp)\"

* misc/CMakeLists.txt: Removed handling of modules services1.c
and services.c.

* nasl/nasl_builtin_openvas_tcp_scanner.c (std_port): Reduced to always
return false. The code used the services list to determine whether it was
a standard port. Now any port is judged to be a non-standard port.
A todo about this to be resolved is left in the code.

* CMakeLists.txt: Removed installtion of file \"openvas-services\".

* COPYING: Removed modules services1 and services.

* openvas-services: Removed.
2013-03-01 Jan-Oliver Wagner
Remove handling of \"default\" as a option for the port range.
It is a arbitrary and intransparent option for the users.
Scanner clients should always send an explicit port range.

* nasl/nasl_builtin_nmap.c (get_default_portrange): Removed.
(add_portrange): Removed handling of case where port range
is \"default\".
(cmp): Removed.

* nasl/nasl_builtin_openvas_tcp_scanner.c (banner_grab): Removed
code to try to get default ports for services list. Exit with
error when port_list is empty.

* nasl/nasl_builtin_synscan.c (scan): Don\'t apply \"default\" as a
fallback when port list is empty.

* misc/scanners_utils.c (getpts): Remove handling for port lists
of type \"default\".
2013-03-01 Jan-Oliver Wagner
Post branch version bump.

* CMakeLists.txt: Set version to 7.0.0 and status to beta.
2013-02-27 Timo Pollmeier

* omp.c (omp_delete_task_ext, omp_delete_target_ext)
(omp_delete_config_ext, omp_delete_lsc_credential_ext): New functions
to delete tasks, targets, configs and lsc_credentials with options.

* omp.h (omp_delete_opts_t): New typedef for omp_delete_... options.
(omp_delete_opts_defaults, omp_delete_opts_ultimate_defaults): New
constants for omp_delete_opts_t default values.
(omp_delete_task_ext, omp_delete_target_ext)
(omp_delete_config_ext, omp_delete_lsc_credential_ext): New function
prototypes.
2013-02-25 Michael Wiegand

* base/CMakeLists.txt: Add GPGME_CFLAGS to compiler flags. Patch
suggested by Hanno Boeck.
2013-02-22 Michael Wiegand
Post release version bump.

* CMakeLists.txt: Set version to 6.0+beta6.
2013-02-22 Michael Wiegand

* nasl/nasl.c (main): Update year in copyright notice.
2013-02-22 Michael Wiegand
Preparing the openvas-libraries 6.0+beta5 release.

* CHANGES: Updated.
2013-02-21 Werner Koch

* misc/network.c (load_file, unload_file, load_cert_and_key):
Replace gnutls_datum by gnutls_datum_t.
2013-02-21 Hani Benhabiles

* base/nvticache.c (get_plugin_preference): Check prefs is not null
before using it. Style update to remove mixed declarations and code.
2013-02-21 Werner Koch

* base/nvticache.c (nvticache_get_by_oid): Take care of a NULL
used for CACHE.

* base/pwpolicy.c (policy_checking_failed): New.
(parse_pattern_line): Split error messages into a log message and
a shorter version for the user.
(openvas_validate_password): Ditto.
2013-02-21 Jan-Oliver Wagner

* COPYING: Added module pwpolicy.
2013-02-20 Werner Koch

* base/pwpolicy.c: New. Taken from openvas-administrator.

* base/pwpolicy.h: New.

* base/CMakeLists.h: Add new files.

* base/CMakeLists.txt: Change -D OPENVAS_SYSCONFDIR to
OPENVAS_SYSCONF_DIR for consistency.

* base/gpgme_util.c (determine_gpghome): Adjust for this change.

* nasl/CMakeLists.txt: Change -D OPENVAS_SYSCONFDIR to
OPENVAS_SYSCONF_DIR for consistency. It is not used anyway.

* misc/openvas_server.c (openvas_server_open): Print host and port
in debug and warning messages.
2013-02-19 Michael Wiegand
Post release version bump.

* CMakeLists.txt: Set version to 6.0+beta5.
2013-02-19 Michael Wiegand

* CHANGES: Updated.
2013-02-19 Michael Wiegand
Move \"-Werror\" flag to the \"Debug\" build type.

* misc/CMakeLists.txt, omp/CMakeLists.txt, nasl/CMakeLists.txt,
hg/CMakeLists.txt, base/CMakeLists.txt: Move \"-Werror\" from
CMAKE_C_FLAGS to CMAKE_C_FLAGS_DEBUG to keep it out of the \"Release\"
build type.

* CMakeLists.txt: Do not set any flags as this is currently handled by
the individual CMakeLists.txt in the subdirectories.
2013-02-18 Jan-Oliver Wagner
Deperecating \"script_dependencie\" which is some very old
work around for typos that happend when trying to spell
\"script_dependencies\".

* nasl/nasl_init.c (libfuncs): Removed \"script_dependencie\",
renamed mapping to \"script_dependencies\".

* nasl_scanner_glue.c (script_dependencie): Renamed to
script_dependencies.

* nasl_scanner_glue.h: Adjusted proto accordingly.
2013-02-17 Jan-Oliver Wagner
Preparing the openvas-libraries 6.0+beta4 release.

* CHANGES: Updated.
2013-02-14 Werner Koch

* misc/openvas_auth.c (get_password_hashes): Remove partly
hardwired use of MD5 to be future proof. Rename variable to avoid
a Libgcrypt namespace clash.
2013-02-12 Hani Benhabiles

* nasl/md5.c (MD5Final): memset with sizeof buffer, not pointer.
Via Michal Ambroz.
2013-02-08 Matthew Mundell

* omp/omp.h (omp_get_report_opts_t, omp_get_report_opts_defaults): Add
levels.

* omp/omp.c (omp_get_report_ext): Add levels.
2013-02-07 Michael Wiegand

* doc/wmi-howto.txt: Fix cmake call, make example appropriate for
out-of-source builds.
2013-02-07 Jan-Oliver Wagner

* doc/wmi-howto.txt: Updated with hint on second wmi patch.
2013-02-07 Michael Wiegand
Make sure openvas-libraries compiles as well without WMI support.

* nasl/openvas_wmi_interface.h: Include stdint.h for use of uint32_t
and uint64_t.

* nasl/wmi_interface_stub.c (wmi_reg_set_dword_val)
(wmi_reg_set_qword_val): Fix wrong types in function declaration.
2013-02-07 Veerendra G.G

* nasl/nasl_wmi.c,
nasl/nasl_wmi.h,
nasl/nasl_init.c,
nasl/wmi_interface_stub.c,
nasl/openvas_wmi_interface.h: Added 6 new WMI Registry functions.
2013-02-06 Matthew Mundell

* omp/omp.c (OMP_FMT_BOOL_ATTRIB): Add the attribute when it is 0 too,
because the OMP default is sometimes 1.
2013-01-29 Werner Koch

* nasl/nasl.c: Include libssh and nasl_signature.h.
(main): Display library versions if --debug-tls is given.
2013-01-28 Michael Wiegand

* misc/openvas_auth.c (openvas_auth_init): Downgrade log level for
debug message.
2013-01-24 Werner Koch
Change to allow printing of useful diagnostics even if stderr is
redirected to the bit bucket.

* misc/network.c: Include openvas_logging.h. Replace all fprintf
to stderr calls by calls to log_legacy_write.
(openvas_get_socket_from_connection): Repalce fflush by
log_legacy_fflush.
(verify_peer_certificate): Add messages for not yet valid and
expired certifciates, print invalid status last, and pretty print
those messages.

* misc/openvas_logging.c: Include stdarg.h.
(legacy_log_handler): New variable.
(setup_legacy_log_handler, log_legacy_write, log_legacy_fflush): New.

* misc/openvas_logging.h: Add prototypes for new functions.

* misc/openvas_logging.c: Include gnutls.h.
(log_func_for_gnutls): New.
(setup_log_handlers): Enable GNUTLS logging if the evnvar
OPENVAS_GNUTLS_DEBUG is set.
2013-01-24 Michael Wiegand

* misc/openvas_auth.c (openvas_auth_write_config): Correct group for
allow-plaintext entry.
2013-01-21 Chandrashekhar B

* nasl/nasl_packet_forgery_v6.c (forge_udp_v6_packet): IPv6
packet length was set to 40 more than the size in UDP forging.
(set_udp_v6_elements): IPv6 packet length was set to 40 more
than the size in UDP forging.
2013-01-21 Felix Wolfsteller

* misc/ldap_auth.c (ldap_auth_bind): Before giving up if
StartTLS failed, try to establish ldaps connection.
2013-01-21 Felix Wolfsteller

* misc/ldap_auth.c (ldap_auth_bind): Renamed parameter from
force_starttls to force_encryption (upcoming: ldaps support).
2013-01-21 Hani Benhabiles

* base/accessrules.c (accessrule_set_oid): Rename into
accessrule_set_rule to match header.

* base/credentials.h (credentials_t): Fix documentation.
2013-01-19 Matthew Mundell

* omp/omp.c (check_response): Return OMP status if there is one.
Reflect this in docs of callers.
2013-01-18 Hani Benhabiles
Patch by Henri Doreau.

* base/openvas_file.c: Include errno.h.
(openvas_file_check_is_dir): Use g_lstat instead of stat. Code cleanup.
(openvas_file_copy, openvas_file_move): Code deduplication and cleanup.
2013-01-18 Hani Benhabiles

* base/openvas_file.c (openvas_file_rmdir_rf): Remove function as it
duplicates with openvas_file_remove_recurse.
(openvas_file_copy): Use g_file_copy and g_file_new_path functions from
gio.
(openvas_file_move): Use g_file_move and g_file_new_path functions from
gio.

* base/openvas_file.h: Remove openvas_file_rmdir_rf header. Include gio.

* CMakeLists.txt: Add gio from glib to pkg-config command.
2013-01-17 Jan-Oliver Wagner
Make module openvas_ssh_login independent of module system.

* misc/openvas_ssh_login.c (openvas_ssh_login_new): Use g_malloc0
instead of emalloc.
(openvas_ssh_login_free): Use g_free instead if efree.
2013-01-17 Jan-Oliver Wagner

* COPYING: Added entry for new module base/gpgme_util.
2013-01-17 Jan-Oliver Wagner

* base/README.txt: Improve text and extend mission to any
mandatory library.
2013-01-17 Werner Koch

* base/CMakeLists.txt (CMAKE_C_FLAGS): Add -D_FILE_OFFSETS_BITS=64.
2013-01-17 Werner Koch
Move gpgme initialization from nasl/ to base/. This removes the
script name from the error messages, but those errors are anyway
not script specific.

* nasl/nasl_signature.c (locale.h): Remove include.
(determine_gpghome): Remove.
(init_openvas_gpgme_ctx): Remove.

* nasl/nasl_signature.h: Include gpgme_util.h.

* base/gpgme_util.c, base/gpgme_util.c: New files with the removed
functions.
(init_openvas_gpgme_ctx): Rename to openvas_init_gpgme_ctx.
Change all callers.

* base/CMakeLists.txt: Add gpgme_utils.c and gpgme_util.h.
(add_definition): Add OpenVAS_SYSCONFDIR.
2013-01-17 Hani Benhabiles

* base/openvas_file.c (openvas_file_copy, openvas_file_move)
(openvas_file_rmdir_rf): New functions.

* base/openvas_file.h: Add headers accordingly.
2013-01-17 Felix Wolfsteller

* misc/ldap_auth.c (ldap_auth_bind): If switching to StartTLS
fails and allow-plaintext is true, close and re-establish connection,
to overcome fact that ADS does not allow bind after StartTLS
negotiation fail. Reuse ldapuri, thus free at other places.
2013-01-17 Felix Wolfsteller

* misc/ldap_auth.c (ldap_auth_bind): Abort if password is
of zero length. Default ADS behaviour allows binding with
correct username but empty password.
2013-01-11 Jan-Oliver Wagner

* base/nvticache.c (nvticache_get_src_by_oid): New. Returns
the copy of the src string. This function is special because
src is the only element that is directly stored in a shrinked
nvti object. Using this function prevents the loading of the
nvti object from filesystem when only src is needed.

* base/nvticache.h: Added proto accordingly.
2013-01-06 Jan-Oliver Wagner
Third part towards clean separation of NVTI into the NVTI Cache:
The nvti objects in memory are shrinked to essential data
and details are loaded from file when needed.
This decreases memory consumption by around 30M per process
in my test environment.

* base/nvti.c (nvti_shrink): New. Free memory of all elements
except src and oid.

* base/nvti.h: Add proto for nvti_shrink.

* base/nvticache.c (nvticache_get): Search the nvtis and return
nvti if found. If new, shrink it and then add it to nvtis.
In any case a cloned, shrinked nvti is returned.
(nvticache_get_by_oid): Because the nvti is shrinked, load
the full object from file, create a new object and return it.

* nasl/nasl_scanner_glue.c (security_message): Free the nvti object
because it is a clone now.

* misc/plugutils.c (plug_create_from_nvti_and_prefs): Use a copy
of the oid string for OID.
(proto_post_wrapped, get_plugin_preference): Free the nvti object
after use.
2013-01-06 Jan-Oliver Wagner
Second part towards clean separation of NVTI into the NVTI Cache:
The nvti objects are stored in the cache object in memory and
all remaining access to NVTI object via \"NVTI\" is replaced
by access via OID.
The only exception is the parsing code for the description
block where the OID is not necessarily known at the beginning
and therefore can not be relied on.

* base/nvticache.h (struct nvticache): Added collection of NVTIs.
(nvticache_get_by_oid): Added proto.

* base/nvticache.c (nvticache_new): Initialize nvtis.
(nvticache_free): Free the nvtis.
(nvticache_get): Add the new nvti to the nvtis.
(nvticache_get_by_oid): New.

* misc/plugutils.c (plug_create_from_nvti_and_prefs): Don\'t set
the NVTI anymore. Don\'t duplicate the oid string when setting the OID.
(proto_post_wrapped, get_plugin_preference): Don\'t get the object
via NVTI, get it via OID.

* nasl/nasl_scanner_glue.c (get_script_oid): Create a copy of the OID
when setting the str_val.
(security_message): Get the nvti object via OID instead of via NVTI.
2013-01-06 Jan-Oliver Wagner
First part towards clean separation of NVTI into the NVTI Cache:
Plugin arg_list are provided with explicit OID element.
And whereever only the OID is required, it is directly retrieved
instead via NVTI.
This increases memory consumption per process sligthly and
makes processing more complicated. The latter is neglectable
in terms of performance. The first adds about 3M per process.

* misc/plugutils.c (plug_create_from_nvti_and_prefs): Set OID
additional to NVTI as arg list element.
(mark_successful_plugin, mark_post): Use OID element directly instead
of NVTI.

* nasl/nasl_scanner_glue.c (get_script_oid): Use OID element directly
instead of NVTI.

* nasl/nasl_misc_funcs.c (simple_register_host_detail): Use OID element
directly instead of NVTI.
2013-01-04 Jan-Oliver Wagner

* nasl/nasl_scanner_glue.c (security_message): Removed
unneeded check. It was misplaced here.
2013-01-04 Felix Wolfsteller

* hg/CMakeLists.txt: In commented hg-test executable target,
also statically link against nasl (because of
nasl
*ssh_internal_close).
2012-12-28 Henri Doreau

* base/cvss.c (get_cvss_score_from_base_metrics): Check for
a valid toenum() return value.
2012-12-27 Henri Doreau
Refactored code to match the project\'s coding standards.

* base/cvss.c (toenum, get_impact_subscore)
(get_exploitability_subscore, get_cvss_score_from_base_metrics):
Reworked code to use the new struct cvss and impact_item table.
Numerous style fixes.
(set_impact_from_str, __get_cvss_score): New.

* base/cvss.h: Updated headers accordingly.
2012-12-20 Jan-Oliver Wagner

* nasl/nasl_scanner_glue.c (script_tag): Ignore tags setting
a risk_factor. It will therefore not be stored in nvti
files and not transferred via OTP.
2012-12-20 Jan-Oliver Wagner

* nasl/nasl_scanner_glue.c (script_see_also): Removed. It was
marked unused anyway and will not be used in the future.

* nasl/nasl_scanner_glue.h: Remove proto accordingly.
2012-12-20 Jan-Oliver Wagner

* base/nvti.c (nvti_free): Don\'t free risk factor anymore.
(nvti_risk_factor): Compute the risk factor based on cvss.
(nvti_set_risk_factor): Removed.
(nvti_clone): Don\'t clone risk factor anymore.

* base/nvti.h: Removed proto accordingly.
(struct nvti): Removed element risk_factor.
2012-12-18 Jan-Oliver Wagner

* COPYING: Added cvss module.

* base/cvss.c (cvss_as_str): New.

* base/cvss.h: Added proto accordingly.
2012-12-17 Jan-Oliver Wagner

* nasl/nasl_scanner_glue.c (security_message): Directly retrieve
the cvss value from the NVTI meta data when there is no parameter
given.
2012-12-17 Jan-Oliver Wagner

* nasl/exec.c: Replaced all calls of cvt_bool by cell2bool.
(cvt_bool): Remove. It is a unused wrapper around cell2bool() since
ages.
2012-12-17 Jan-Oliver Wagner

* base/nvti.c (nvti_cvss): Add missing free\'ing. Convert
cvss separately from stored base value as last resort.
2012-12-17 Jan-Oliver Wagner

* base/nvti.c (nvti_cvss): Compute cvss from cvss_base_vector.
2012-12-16 Jan-Oliver Wagner

* base/cvss.c, base/cvss.h: New. Implemented by Preeti Subramanian.

* base/CMakeLists.txt: Add new module cvss to build routines.
2012-12-14 Michael Wiegand
Post release version bump.

* CMakeLists.txt: Set version to 6.0+beta4.


 
ICM