SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for openvas-manager-4.0.4-5.1.x86_64.rpm :
Wed Jul 9 14:00:00 2014 meissnerAATTsuse.com
- package the COPYING file

Tue Nov 12 13:00:00 2013 johann.luceAATTwanadoo.fr
- Update in 4.0.4

* Security fix for handling the authentication state in OMP.

Fri Oct 25 14:00:00 2013 johann.luceAATTwanadoo.fr
- Update in 4.0.3

* Bugfix for DB-Migration from v55 to v56 for port lists.

* In GET_REPORT_FORMATS send TRUST and ACTIVE in details case too. Details cases
should always include everything from the simple case.

* In case of problems with SCAP or CERT database, Manager will still start up.

* Delete orphaned results and clear report counts cache if needed. This
could significantly reduce size of the database.

* Delete results of report from results table always upon deleting a report.

* Overrides XML: Output threat element not only when details flag is set.

* Make Manager more robust on absent Scanner when deleting a task.

* Add timezone element for schedules.

* Bug fixes for numerical sorting (CVSS values).

* Bug fix for LSC credentials that had whitesapces in their name.

* Bugfix for database backup to consider all of the journal files.

* Add log for successful creation in CREATE_NOTE and CREATE_OVERRIDE.

* Update NBE report format plugin to improve compatibility with third
party tools.

* For creation of Credentials. encrypt the random password and not the
unrelated given_password.

* Performance improvements.

* Various little bugfixes.

Fri Sep 13 14:00:00 2013 johann.luceAATTwanadoo.fr
- Update changes file for factory

Wed Aug 28 14:00:00 2013 johann.luceAATTwanadoo.fr
- Add systemd init script for openSUSE and SUSE version
Fix OBS Warning

Sat Jul 27 14:00:00 2013 arxboxAATTarxcorp.com
- changed debian.compat file - it was empty and added 6. This will
allow it to complete the packaging process successfully on debian
based systems.

Mon Jul 8 14:00:00 2013 johann.luceAATTwanadoo.fr
- Update in 4.0.2
Main changes since 4.0.1:

* Improve GET_NOTES performance.

* Apply report filtering on nvt tags and cve values too.

* Check null pointer in create_config copy case.

* Improve validation of results port in notes/overrides.

* Escape xrefs before sending xml for nvts.
- Update 4.0.1
Main changes since 4.0.0:

* A bug which caused configured observers and alerts to be ignored when cloning
tasks has been fixed.

* A bug which caused scans via slaves configured with incorrect credentials to
never leave the \"Requested\" state has been fixed.

Tue Apr 23 14:00:00 2013 johann.luceAATTwanadoo.fr
- Add openvas-certdata-sync to openvas-setup

Mon Apr 22 14:00:00 2013 johann.luceAATTwanadoo.fr
- Add file openvas-setup for initial startup
fix duplicate files
fix liscence problem

Thu Apr 18 14:00:00 2013 johann.luceAATTwanadoo.fr
- Update in 4.0.0
Main changes since 3.0.x:

* \"Escalator\" has been renamed to \"Alert\".

* The GnuTLS dependency has been increased to 2.8.

* The openvas-libraries dependency has been increased to 6.0.0.

* New: Auto-FP feature to filter out likely false positives in a report.

* New: Manage closed CVEs, as reported by the Scanner (trusted vendor updates).

* New: Multiple alerts can now be attached to a task.

* New: Wizard framework with first wizard \"quick_first_scan\" and user setting
for wizard appearance.

* Added keyword filter, pagination and edit to Targets.

* New command line options --listen2 and --port2 for a second OMP address.

* Improvements to the target object management; targets can now be edited when
they are associated with a task and the task has not yet run.

* The protocol documentation has been updated.

* The powerfilter now handles spaces in index filters.

* Object management has been extended to support creation and modification
times.

* Support for disabling OMP commands via the command line has been added.

* New: Management for Filter objects.

* New: Report format plugins for ISMS tool \"verinice\".

* New: Alert for sending results to a verinice .PRO server.

* New: Support for accessing OVAL SecInfo data.

* New: Support for accessing DFN-CERT SecInfo data.

* New: The risk factor of an NVT is now calculated from the CVSS score.

* New: Support for encrypted credentials has been added.

* New: Support for checking user passwords against a policy has been
added.

* Extended: Management for information such as CPE, including a extended SCAP
data synchronization.

* Extended: Powerfilter now available for Reports.

* Extended: Powerfilters can now be attached to Alerts.

* Extended: New object management now supports for schedules, tasks,
slaves, report formats, port lists and scan configs.

* Improved: Task overview now faster via extra caching methods.

* Improved: Handle daylight saving in schedules.

* Improved: Extended features of Powerfilter such as sorting and result ranges.

* Improved: When importing a report, now the host details are also imported.

* Improved: Reduced database locking times during some operations so that
less blocking happens.

* Improved: Manager serves OMP even when the scanner is down.

* Improved: Notes management now supports Powerfilter and Trashcan.

* Improved: Added switch to control whether a task should contribute to asset
management.

* Improved: Report exports now also contain the comment of the respective task.

* Improved: Report exports now also contain the family of NVTs.

* Improved: Faster report format plugins LaTeX and PDF.

* Improved: Override management now supports Powerfilter and Trashcan.

* Improved: Additional parameters in SCAP synchronization script.

* Improved: Handling of the SCAP database.

* Improved: Classification in the report format plugin for ISMS tool \"verinice\".

* Improved: Performance with large database.

* Improved: Handling of client timeouts during very long operations.

* Improved: Faster report format plugins LaTeX, TXT, HTML and PDF.

* Improved: Master-Slave communication.

* Improved: IPv6 address validation.

* The ARF report format plugin is now a pre-defined format.

* Added creation and modification times to the powerfilter.

* Added handling of OTP 1.1.

* Improved: Hostname validation.

* Simplified Report Format Plugin handling for pre-defined plugins.

* Various bug fixes and small improvements.

* User defined oval repositories in private directories.

* Send nvt tags with results.

* Install greenbone-certdata-sync script.

* Exit if connecting to scanner fails in rebuild/update mode.

* scapdata-sync check for duplicate IDs in verbose mode.

Mon Jan 7 13:00:00 2013 johann.luceAATTwanadoo.fr
-Update in 3.0.5

* Make sure port lists are handled correctly during migration and
startup. Backport from trunk r14137 and r14138, original commits by
Matthew Mundell

* Add family to NVT in results. Backport from trunk r13934.
-New in 3.0.4

* Backport from trunk r14320.

* Backport from trunk r14163.

* Add missing owner clause.Backport from trunk r13945.

* Check entire part for alphanumeric chars when checking for a hostname.

* Skip leading whitespace too. Backport from trunk r13955.

* Consider duration even for once-off tasks, in case people want this. Backport from trunk r13957.

* In CLIENT_MODIFY_TASK add the missing comment check. Backport from trunk r13967.

* Add hidden clause to \"config in use\" check. Thanks to Sebastien Aucouturier for pointing this out.

* Create target with omp_create_target_ext in order to specify port list.

* Drop privileges when run as root. Add quotes to preserve space where appropriate. Sanitize parameters before they reach the shell with proper quoting.
-Drop option -DCMAKE_BUILD_TYPE=release that crash during compil

Fri Aug 10 14:00:00 2012 bitshufflerAATTopensuse.org
- Updated to 3.0.3

* Security bugfix that quotes search phrases for SQL.

* Bugfix to have Slave tasks consider max_checks and max_hosts preferences.

* Fixed bug to correctly consider user-defined NVT-specific timeouts to be sent
to the scanner.

* When getting all reports, get only the visible reports for the current user.

* Improved answer times by avoiding unnecessary database blocking,
especially when doing large reports.

* Improved UTF8 support for data received from OpenVAS Scanner.

* Improved hostname validation.

* Avoid empty lines in user rules.

* Fixed some build issues for older compilers and for newer glib versions.

* Improvement: Make the date formats of the PDF and LaTeX reports nicer.

* Improvement: Added mechanism for updating the report format UUIDs on startup.
This allows easier update of built-in report format plugins.

* Bugfix: Set port list when creating predefined
target. Ensure that list is correct if target exists already.

* Bugfix: Consider filtered debug messages properly.

* Add DETECTION and NVT/XREF to RESULT in report import.

* Improve status management of running tasks.

Sat May 12 14:00:00 2012 bitshufflerAATTopensuse.org
- Updated to 3.0.1

* A bug which caused the comment of imported configs to be empty has been fixed.

* Hostname and IP validation has been improved.

* A bug which caused the port list selection to be empty has been fixed.

* The minimum version requirements for the glib and gnutls libraries have been
set to the minimum requirements of OpenVAS Libraries (2.16 for glib and 2.2
for gnutls).

* Extra report formats work standalone.

* Observer lists now may also use \',\' as separator.

* Observers may now also create notes and overrides for observed tasks.

* Opservers with with Role observer are now allowed to see single results
of the observed tasks.

* Added handling of ssh keys for authenticated tests for Master-Slave mode.

* The PID file is created earlier to avoid daemon handling believe there
is an error.

* Build improvements for modern gcc.

* Support for Port Lists has been added.

* Updated builtin Report Format Plugins HTML, Text and LaTeX/PDF to reflect
various new features that are already present in GSA, including delta and
prognostic reports.

* Changed signing of Report Format Plugins to exclude comment.

* Improved product detection information in results XML.

* Improved performance for massiv scanner results by using transaction groups.

* Improved Import of Target lists to allow comma-separated, line-by-line lists.

* Doubled entries in Target lists are now eliminated.

* New optional Report Format Plugin for ARF.

* Updated OMP documentation.

* Various little bugs fixed.

Sat Dec 3 13:00:00 2011 bitshufflerAATTopensuse.org
- Updated to 3.0+beta8

* Support for note lifetimes has been added.

* A bug which caused an incorrect result count in the Asset Management view has
been fixed.

* Support for displaying the hostname and the note and override lifetimes has
been added to the following report formats: HTML, LaTeX and TXT.

Thu Nov 24 13:00:00 2011 bitshufflerAATTopensuse.org
- Updated to 3.0+beta7

* The handling of timestamps in reports has been improved.

* Report format signatures no longer contain user editable fields.

Thu Nov 17 13:00:00 2011 bitshufflerAATTopensuse.org
- Updated to 3.0+beta6

* Support for listing NVTs addressing a certain CVE has been added.

* A bug which cause the wrong threat level to be displayed for tasks with
multiple reports under rare circumstances has been fixed.

* Support for override lifetimes has been added.

* Support for displaying the SCAP update timestamp has been added.

Sat Nov 12 13:00:00 2011 bitshufflerAATTopensuse.org
- Updated to 3.0+beta5

* Support for asset management been added.

* Support for using SCAP data directly has been added.

* A support script for retrieving SCAP data has been added.

* Support for prognostic scans has been added.

* Support for large database files on 32-bit platforms has been improved.

* Support for task observers has been added.

* Support for individual time zones for users has been added.

* A bug which caused the filter result count to be calculated incorrectly when
searching for text phrases has been fixed.

* Support for sorting results by CVSS score has been added.

* Support for importing results sent through the XML escalator has been added.

* The max_host and max_checks scan performance parameters have been moved from
scan configs to tasks.

* Support for delta reports has been added.

* An issue which caused meta data for NVTs in the \"Credentials\" family to be not
present in the database has been fixed.

* A number of compiler warnings discovered by Stephan Kleine have been
addressed.

* A race condition which caused empty reports from the slave when running in
master-slave mode under certain conditions has been fixed.

* Scan start and end times are now set for imported reports.

Sat May 21 14:00:00 2011 bitshufflerAATTopensuse.org
- Updated to 3.0+beta2

* An issue which caused the import of very large reports to fail under certain
circumstances has been fixed.

* An issue which caused the date of the scan end to be missing from scans if
they were associated with an escalator created with an early Manager version
has been fixed.

* The handling of long host lists has been improved.

* New feature: Trashcan. It is now possible to place objects in a trashcan
instead of deleting them directly.

* Support for Host Details reported by OpenVAS Scanner has been added.

* Support for container task (imported reports) has been added.

* Support for specifying an SSH port for Local Security Checks has been added.

* Security: Enforces strict permissions on sensitive OpenVAS Manager files.

* Security: Drop privileges before executing report format plugins if running with
elevated privileges.

* Security: Ensures report formats are trusted before executing them.

* Support for escalating result to a Sourcefire Defense Center has been added.

* Support for using an SSH key pair for SSH authentication has been added.

* The mail addresses supplied for an email escalator are now used in the correct
order.

Fri Apr 22 14:00:00 2011 bitshufflerAATTopensuse.org
- Updated to 2.0.3

* Enforces strict permissions on sensitive OpenVAS Manager files.

* Drop privileges before executing report format plugins if running with
elevated privileges.

* Ensures report formats are trusted before executing them.

Thu Mar 3 13:00:00 2011 bitshufflerAATTopensuse.org
- Updated to 2.0.2

* The test infrastructure has been updated.

* A bug which caused the host count to be calculated incorrectly under certain
circumstances has been fixed.

* A number of memory and resource leaks discovered by Felix Wolfsteller have
been closed.

* A bug which caused database migration to fail when upgrading very old
installations has been fixed.

Wed Feb 23 13:00:00 2011 bitshufflerAATTopensuse.org
- Updated to 2.0.1

* Support for fallback system reports has been added in case where a full system
report is unavailable.

* The expected location for signatures has been updated to match the FHS related
changes in OpenVAS Scanner.

* The \"unscanned_closed\" preference now defaults to \"yes\" for predefined
configs.

* The report format signature infrastructure has been improved.

* A bug which caused valid host names to be reject under certain circumstances
has been fixed.

Wed Feb 9 13:00:00 2011 bitshufflerAATTopensuse.org
- Updated to 2.0.0

* The logging behaviour when started with --verbose has been improved.

* The w3af NVT is no longer part of the Full and fast default scan config.

* The build environment has been cleaned up.

Fri Feb 4 13:00:00 2011 bitshufflerAATTopensuse.org
- Updated to 1.99.4

* Documentation has been updated.

* OpenVAS Manager now uses pkg-config to find required libraries.

* An issue which caused the creation of overrides to fail under some
circumstances has been fixed.

* The installation is now compliant with Filesystem Hierarchy Standard (FHS
2.3).

Mon Jan 24 13:00:00 2011 bitshufflerAATTopensuse.org
- Updated to 1.99.3

* A security-relevant bug has been fixed regarding email escalation methods.
Configured OpenVAS users were able to damage installation and/or gain higher
privileges.

* An issue which caused database migration to fail under certain circumstances
has been fixed.

* The default log level has been reduced to warning to prevent the logging of
potentially sensitive information in the default configuration.

Mon Jan 10 13:00:00 2011 bitshufflerAATTopensuse.org
- Updated to 1.99.2

* The protocol documentation has been brought up to date.

* The output of --version now complies with the GNU Coding Standards.

* Passwords are now masked when loggings LSC package creation commands.

Tue Dec 21 13:00:00 2010 bitshufflerAATTopensuse.org
- Updated to 1.99.1

* The protocol documentation has been improved.

* Target credentials for SMB and SSH are now separated.

* Support for setting the port range for a target has been added.

* Hardening flags are now enabled during compile time to increase code quality.

* Support for retrieving the total number of results matching an applied filter
has been added.

Fri Dec 10 13:00:00 2010 bitshufflerAATTopensuse.org
- Updated to 1.98.3

* The protocol self-documentation has been improved.

* NTLMSSP is now enabled by default.

* Escalator message now include more information.

* The LaTeX and PDF reports have been made more consistent with the other
report formats.

* An issue which caused internal links in the PDF report to link to wrong
results under certain circumstances has been fixed.

* An issue which caused some existing LSC credential packages to be empty on
subsequent downloads under certain circumstances has been fixed.

Fri Dec 3 13:00:00 2010 bitshufflerAATTopensuse.org
- Updated to 1.98.2

* The protocol self-documentation has been improved.

* A number of superfluous log messages has been downgraded or removed.

* A bug which caused issues to be counted incorrectly in the ports overview has
been fixed.

* The generation of PDF and LaTeX reports is now faster.

Fri Nov 19 13:00:00 2010 bitshufflerAATTopensuse.org
- Updated to 1.98.1

* Report Format plugin framework. All previous reporting features
were converted to plugins. The XML representation of a report
is now the base for any plugin and thus consistency of reports
is improved.
Report Format Plugins can be set active so that they
appear in the selection lists. Selections can consider
content types so that for example only the plugins with
content type \"text\" are offered as Email body.
It is possible to use parameters for the plugins so the
user can adjust the behaviour of the Report Format to
the individual preferences or needs.
A verification method allows to distribute signatures
for valid plugins via the NVT Feed.

* New default Report Format: TXT for simple text.

* New default Report Format: LaTeX for LaTeX source.

* New sample Report Format: Simple Bar Chart.
Demonstrates how to use Gnuplot for graphical reports.

* New sample Report Format: Simple Topo Plot.
Demonstrates how to use Graphviz for graphical reports.

* New sample Report Format: Simple Pie Chart.
Demonstrates how to use PyChart for graphical reports.

* New sample Report Format: Simple Map Plot.
Demonstrates how to use MapServer and GDAL for graphical reports.

* New sample Report Format: Sourcefire Host Input.
Demonstrates that Report Formats can be used to build connectors.

* Master-Slave feature. Any OpenVAS Manager can use one or many other
OpenVAS Manager as slave to run scans. The whole scan task
is transferred to the slave, results are continuously reported
to the Master during scan process. After the scan is finished
all data are removed from the slave.
The master can also retrieve system reports from the slave and
thus can collect the performance overview for all configured slaves.

* New Escalator: HTTP GET. This allows for example to access
text message (SMS) gateways or ticket management systems.

* Extended Escalator: For EMail escalation it is now possible
to select from configured Report Formats to be included in the
Email body.

* Agents: A verification method was added. This allows to
distribute signatures for valid agents via the NVT Feed.

* Credentials: Can now be edited. This allows to change the login
name or password without the need to create a new scan configuration.

* Credentials: Auto-generated installer packages are now created on
the fly. If the generators are improved, it is now easy to create
an updated package for already existing credentials.

* OMP self-documentation: Part of the Managers\' XML-based communication protocol
OMP 2.0 is to deliver the full specification and documentation of the
protocol itself (command \"HELP\"). It can be retrieved as XML-,
RNC- or HTML representation.

* Targets: Various opportunities have been added to specify and combine IP ranges.

* Tasks: The task overview is delivered much faster now.

* Reports: The report filtering is much faster now.

Sun Oct 31 13:00:00 2010 bitshufflerAATTopensuse.org
- Updated to 1.0.3

* Two bugs which caused the manager to fail to give adequate replies on certain
report and scan config requests have been fixed.

* A bug which caused PDF reports to be unavailable for reports which contained
certain unicode character has been fixed.

Tue Aug 17 14:00:00 2010 bitshufflerAATTopensuse.org
- Updated to 1.0.2

* A bug which could cause changes in derived scan configs to affect predefined
scan configs under certain circumstances has been fixed.

Mon Aug 9 14:00:00 2010 bitshufflerAATTopensuse.org
- Updated to 1.0.1

* A fix for incorrect preference values in the database has been adjusted to
work with GSA 1.0.1 as well.

Thu Jul 29 14:00:00 2010 bitshufflerAATTopensuse.org
- Updated to 1.0.0

* A number of build issues has been addressed.

* The code documentation has been updated.

* Code cleanup: Internal error handling has been made more consistent.

* A potential ressource leak identified by static analysis has been fixed.

* A bug which caused NVT preferences to be displayed incorrectly has been
fixed.

Fri Jul 16 14:00:00 2010 bitshufflerAATTopensuse.org
- Updated to 1.0.0.rc1

* Code cleanup: Internal resource management has been improved to use UUIDs in
more places.

* Support for agents has been improved.

* Support for external target sources has been added.

* A bug which caused PDF exports to fail if the NVT description contained
certain characters has been fixed.

* A bug which caused hosts in the scan result to be sorted incorrectly under
certain circumstances has been fixed.

* Support for defining threat overrides has been added.

* Some OMP commands have been renamed and adjusted to make the protocol more
concise and useful.

* Support for event logging has been added.

* Support for syslog escalators has been added.

* The documentation has been updated.

Sat May 29 14:00:00 2010 bitshufflerAATTopensuse.org
- Updated to 1.0.0.beta7

* A large amount of code which was present in both openvas-manager and
openvas-administrator has been moved to openvas-libraries.

* An issue that caused started tasks to remain in the \"Requested\" stage
indenfinitely has been fixed.

* An issue that caused incorrect values of the scan progress under certain
conditions has been fixed.

* A new escalator condition has been add: Threat Level Changed.

* Open ports are now included in scan reports even if no vulnerability was
detected on that port.

* Support for CVSS scores and Risk Factors has been improved.

* Support for excluding host without any results from the report has been added.

Thu Apr 15 14:00:00 2010 bitshufflerAATTopensuse.org
- Updated to 1.0.0.beta6

* A bug which caused incorrect NVT counts in the scan config under certain
circumstances has been fixed.

* The manager now uses certificate based authentication.

* Support for resuming stopped tasks has been added.

* Support for task scheduling has been added.

* The openvasmd binary will now install into /usr/sbin instead of /usr/bin.

Thu Mar 4 13:00:00 2010 bitshufflerAATTopensuse.org
- Updated to 1.0.0.beta5

* More internal data structures are now identified by UUID and not by
name.

* Several build issues have been fixed.

* Note management has been introduced.

* Support for handling ITG and CPE reports has been added.

* OTP forwarding is now disabled by default.

Mon Feb 8 13:00:00 2010 bitshufflerAATTopensuse.org
- Updated to 1.0.0.beta4

* More internal data structures are now identified by UUID and not by name.

* A bug which prevented PDF reports to be generated from certain results due to
unescaped LaTeX characters has been fixed.

* A number of formatting and casting issues found by Stephan Kleine have been
fixed.

* The man page has been updated.

Fri Feb 5 13:00:00 2010 bitshufflerAATTopensuse.org
- Updated to 1.0.0.beta3

* Nmap is now the default port scanner for predefined configurations.

* The man page has been updated.

* LSC credential management has been improved.

* A number of internal data structures are now identified by UUID and not by
name.

* The manager now converts all input from the scanner to UTF-8.

* The encoding of the LaTeX report has been switch to UTF-8.

* A bug that caused some settings to be ignored during scan configuration import
has been fixed.

Wed Jan 27 13:00:00 2010 bitshufflerAATTopensuse.org
- Updated to 1.0.0.beta2

* Deleting of active reports is prevented.

* Introduced ownership for all objects.
This makes objects (like a \"target\") not
appear for other users anymore.

* Improved ISO-8859-1 to UTF-8 conversion hacks.

* Allowed \"\\\" for login names (important for windows)

* Send users host restrictions (\"rules\") via OTP when
starting a scan.

* Activated NSIS package generator for credentials management.

* Filter out potentials passwords from logging.

* Introduced UUIDs for users.

* Improved PDF report generator.

Sun Jan 24 13:00:00 2010 bitshufflerAATTopensuse.org
- Added %%ghost entry for log file.
- Added logrotate file.
- Added init script.
- Fixed cmake arguments.

Sun Jan 17 13:00:00 2010 bitshufflerAATTopensuse.org
- Updated to 1.0.0.beta1

Tue Dec 22 13:00:00 2009 felix.wolfstellerAATTintevation.de
- Updated to 0.9.8

Thu Dec 10 13:00:00 2009 bitshufflerAATTopensuse.org
- Updated to 0.9.7

Tue Nov 24 13:00:00 2009 bitshufflerAATTopensuse.org
- Initial RPM


  
ICM