Changelog for
openvas-scanner-22.4.1-1.9.x86_64.rpm :
* Tue Feb 21 2023 Martin Hauke
- Update to version 22.4.1 https://github.com/greenbone/openvas-scanner/releases/tag/v22.4.1
* Wed Apr 27 2022 Martin Hauke - Update to version 21.4.4 Added
* flag to set cipher suite preferences on a TLS session.
* Extend nasl_ssh_shell_read().
* Add nasl function nasl_send_arp_request().
* Add function to get the local mac address.
* Add nasl functions for checking ssl/tls secure renegotiation and performing re-handshake (backport #889). Changed
* handle Fatal alert during handshake.
* extend cert_query() nasl function to get the public key algorithm.
* Only log SSL/TLS failure once per script.
* Make OPENVAS_ENCAPS_TLSv13 visible for nasl scripts.
* Make OPENVAS_ENCAPS_TLSv13 visible for nasl scripts.
* Update digest algo OID to string mapping. Bug Fixes
* possible g_memdup() silent memory truncation.
* Handle string encoding converison fail.
* Fixing isotime_add and add zero padding for isotime [#920].- Update to version 21.4.3 Added
* Add nasl function sftp_enabled_check() to check if sftp subsystem is enabled in the target.
* Fix Segmentation fault when freeing hosts and alive hosts. Changed
* Changed defaults for installation locations. + SYSCONFDIR is /etc by default now + LOCALSTATEDIR is /var by default now + OPENVAS_RUN_DIR is /run/ospd by default now + OPENVAS_FEED_LOCK_PATH is /var/lib/openvas/feed-update.lock by default now Fixed
* Fix interrupted scan, when the process table is full.
* Use fchmod to change file permission instead of on open to prevent race conditions.
* Fix plugins upload.
* Fix Error Message when NVTI chache init failed.
* Fix potential segfault.
* Fri Aug 20 2021 Martin Hauke - Update to version 21.4.2
* Fix clang-analyzer warnings.
* Mon Jun 28 2021 Martin Hauke - Update to version 21.4.1 Added
* Improve nasl linter to catch more cases of undeclared variables.
* Add deprecation warning for source_iface related settings which will be removed with the 21.10 release.
* New Credentials for SSH to get su privileges. Changed
* Update default log config. Fixed
* Use host from the original hosts list when boreas is enabled.
* Initialize the the kb to store results for openvas-nasl.
* Fix unittest. Mock kb_lnk_reset.
* Fri Apr 16 2021 Martin Hauke - Update to version 21.4.0 Added
* Add scanner-only option to enable tls debugging.
* Extend nasl lint to detect if function parameter is used twice.
* Add option to specify if a host can be scanned through its IPv4 and IPv6 in parallel.
* Add insert_tcp_options and insert_tcp_v6_options nasl functions.
* Add get_tcp_option and extend dump_tcp_packet nasl functions.
* Add new scanner only option for spawning NASL functions with a different owner.
* Add debug logs for allow_simultaneous_ips=no.
* Add min_free_mem and max_sysload scanner only options. Changed
* Store results in main_kb instead of host_kb.
* Also use internal function name in some nasl log messages.
* Move more scanner preferences to gvm-libs to make them available for openvas-nasl. Removed
* Use the nvticache name from gvm-libs, defined in nvticache.h.
* Sat Mar 06 2021 Martin Hauke - Follow upstream package names
* Rename package openvas -> openvas-scanner- Update to version 20.8.1 Added
* Extend nasl lint to detect if function parameter is used twice
* Add support for TLSv1.3.
* Add alternative for supporting snmp during scans.
* Add resolve_hostname_to_multiple_ips() NASL function.
* Send message to the client with hosts count.
* Use nasl_perror on invalid input and add more documentation.
* Add timeout argument to ssh_connect() nasl function to set the connection timeout. Changed
* Downgrade wmi queries log level for common errors.
* Rename some nasl functions and func parameters for consistency and fix byte order issue in get_ipv6_element.
* Change log level from debug to message to show max_host and max_scan during scan start. Fixed
* Fork vhosts before creating the socket.
* Check if another forked child has already added the same vhost.
* Send duplicated hosts as dead hosts to ospd, to adjust scan progress calculation.
* Only send the signal if the pid is a positive value.
* When routes with same mask are found the route with the better metric is chosen.
* Fix malformed target.
* Fix snmp result. Only return the value and do not stop at the first \
.
* Fix masking of IPv6 addresses.
* Fix technique switch for getting the appropriate interface to use for IPv6 dst addr.
* Fix host count. Set to -1 when the target string is invalid.
* Tue Aug 11 2020 Martin Hauke - Update to version 20.8.0
* Create greenbone-nvt-sync create lock file during feed sync.
* Extend script_get_preference() to get the value by id.
* Add extended environmental variables info to greenbone-nvt-sync help text.
* Extend nasl functions which generate results with optional \"uri\" parameter.
* Add nasl function to get the host kb index.
* Print the filter used by pcap in the error message. Changed
* The logging of the NASL internal regexp functions was extended to include the pattern in case of a failed regcomp().
* Add config for gpg keyring path (OPENVAS_GPG_BASE_DIR).
* Use func instead of FUNCTION.
* Use pcap_findalldevs() instead of deprecated function pcap_lookupdev().
* Add port-range option for openvas-nasl.
* Add test_alive_hosts_only feature.
* Don\'t reload the plugins when start a new scan.
* Drop http feed sync.
* Add aligned summary to log at scan end.
* Unify log messages about start/end of scan and of hosts.
* Use flock to lock the feed lock file.
* Move alive detection module (Boreas) into gvm-libs.
* Allow to set all legal types of icmp v6 in icmp header in openvas-nasl.
* The output of the NASL dump_
* packet forgery functions was made consistent.
* Make drop_privileges setting a scanner-only preference.
* Feed lock path is now configurable. Fixed
* Improve signal handling when update vhosts list.
* Wait for all children instead of waiting just for one a time.
* Don\'t detect MongoDB as a HTTP service.
* Set status finished and send a message if the port list is invalid.
* Fix format-truncation warning in GCC 8.2 and later.
* Clean the new kb when the scan was stopped and the host has not been started.
* Prevent child deadlock.
* Memleak fixes for kb_item_get_str().
* Fix denied hosts.
* Fix openvas-nasl. Add kb key/value for all vhosts.
* Wait for last plugin to finish before change to other category.
* Corrected function parameter names in nasl_perror calls.
* Various updates to the nasl_perror() error texts.
* Fix icmp checksum calculation in openvas-nasl.
* Fix ipv6 flow label in nasl_packet_forgery_v6() for openvas-nasl.
* Fix name of NASL internal IPPROTO_IP variable.
* Fix byte ordering and wrong PROTO identifier in dump_ipv6_packet() for openvas-nasl.
* Fix size calculation which lead to alloc error in get_tcp_element() of openvas-nasl.
* Fix filter out of default \'radio\' type preferences.
* Allow group access to lockfile and fix empty timestamp. Removed
* Removed \"network scan\" mode. This includes removal of NASL API methods \"scan_phase()\" and \"network_targets()\". Sending a \"network_mode=yes\" in a scanner configuration will have no effect anymore.
* Tue Aug 11 2020 Martin Hauke - Package rename
* openvas-scanner -> openvas- Update to version 7.0.1 Added
* Display gvm-libs version in openvas --version output
* Create greenbone-nvt-sync create lock file during feed sync.
* Extend script_get_preference() to get the value by id. Changed
* Improve handling of invalid or existent ids of nvt\'s preference id.
* Perform a scan even if there are missing plugins.
* Don\'t reload the plugins when start a new scan.
* Use new URL for GCF rsync. Fixed
* Do not store in memory an empty file received as nvt preference.
* Fix stop scan. #414
* Fix hanging scans. #423
* Improve signal handling when update vhosts list. #426
* Wait for all children instead of waiting just for one a time.
* Fix format-truncation warning in GCC 8.2 and later. Removed
* Drop HTTP sync #489- Update to version 7.0.1 Added
* An ID has been added to NVT preferences.
* A new NVT cross references data handling has been added.
* Add option --scan-stop.
* Add support to open an rc4 stream cipher, the function to encrypt stream data using the cipher handle,
* and the function to close a handler.
* Add one single config for redis to config/redis-openvas.conf. Changes
* Vendor version is now an option in the config file.
* The NVT preference format has been changed.
* Redis supported versions must be 3.2 or higher.
* Log directory is now configurable.
* The greenbone-nvt-sync script is not allowed to run as root.
* OpenVAS Scanner has been renamed to OpenVAS (Open Vulnerability Assessment Scanner). #337 #343
* Retry until a host finishes and frees a db before running a new host scan, in case there is no free redis db. Therefore a infinite loop has been added when it call kb_new(). #340
* Use new nvti_add_tag() instead of plug_set_tag() and remove plug_set_tag(). #385
* Remove dead code about tags regarding former openvas settings \"result_prepend_tags\" and \"result_append_tags\". #386
* Check cache/feed errors during plugin scheduling.
* Vendor version is now an option in the config file.
* Use API for accessing NVTI elements. Fixed
* An issue with stuck scans where only a single plugin is running and is beyond its timeout has been addressed.
* Fix a type mismatch. Use correct format specifier for size_t.
* An issue which caused falling back into a default port in get_ssh_port() has been fixed.
* An issue which could have caused a truncated string in register_service() has been fixed.
* Reset redis connection after the host scan finished. This avoids to leave open fd, which cause ulimit problems. #384
* Fix mis-identification of Sphinx Search service. #387
* Set a key in redis when the scan finishes and fix stop scan using the right pid. #390
* Fix detection of finger service. #391
* Wait for zombie process in case of timed out nvts. #379
* Fix handling of file type nvt preferences. #399 Removed
* Unused be_nice scan preferences has been removed. #313
* OTP has been entirely removed in favor of using the ospd-openvas interface. #333 #351
* Daemon mode has been entirely removed. #337 #341
* Tue Dec 06 2016 michaelAATTstroeder.com- update to 5.0.7
* Mon Feb 15 2016 rwawrigAATTsuse.com- update to 5.0.5- Fixed a segmentation fault in the Scanner when processing an NVT without a proper name.- Install openvas-mkcert-client to \"bin\" instead of \"sbin\" to be FHS compliant- The process title now contains the correct IP address for IPv4-mapped IPv6 addresses.