Commit 8e1a5758 authored by Stephan Kleine's avatar Stephan Kleine Committed by Mati

Imported Debian patch 3.3+beta2-1

parent 0244d8b9
openvas-scanner (3.3+beta2-1) UNRELEASED; urgency=low
* New upstream release
- NVT management code has been updated to reflect the updated openvas-libraries
API.
- The optional use of the external tool "ovaldi" has been made more secure.
- OpenVAS Scanner now uses UTC internally.
- The greenbone-nvt-sync script has been updated.
- Changed: Do not force execution of ACT_INIT category.
- Fixed: A number of potential resource leaks.
- Fixed: A number of compiler warnings when compiling with gcc 4.6.
- Fixed: Usage of the mktemp template in openvas-nvt-sync.
- Removed: Support for shared sockets.
- New: The scanner options "network_scan" and "report_host_details" have been
added to the default scanner options.
-- Stephan Kleine <bitshuffler@opensuse.org> Sat, 12 Nov 2011 19:09:04 +0100
openvas-scanner (3.2.5-1) UNRELEASED; urgency=low
* New upstream release
- The optional use of the external tool "ovaldi" has been made more secure.
-- Stephan Kleine <bitshuffler@opensuse.org> Fri, 04 Nov 2011 21:42:26 +0100
openvas-scanner (3.2.4-1) UNRELEASED; urgency=low
* New upstream release
- Fixed: Two potential resource leaks.
- Fixed: A number of compiler warning when compiling with gcc 4.6.
- Fixed: Usage of the mktemp template in openvas-nvt-sync.
-- Stephan Kleine <bitshuffler@opensuse.org> Wed, 08 Jun 2011 20:16:05 +0200
openvas-scanner (3.2.3-1) UNRELEASED; urgency=low
* New upstream release
- Fixed: Three potential resource leaks.
- Fixed: Generation of code documentation.
- Updated: Feed synchronization scripts.
- Changed: The openvas-nvt-sync script will now perform the initial feed
synchronization via HTTP instead of rsync.
- Changed: The openvas-nvt-sync script will now default to synchronize into the
NVT directory used by the OpenVAS Scanner instead of the one defined at
compile time.
-- Stephan Kleine <bitshuffler@opensuse.org> Mon, 11 Apr 2011 19:26:36 +0200
openvas-scanner (3.2.2-1) UNRELEASED; urgency=low
* New upstream release
- The last bashism has been removed from the openvas-nvt-sync synchronization
script.
- The greenbone-nvt-sync script now logs additional information during
synchronization.
- An unimplemented and superfluous function declaration has been removed.
- The openvassd man page has been updated.
- The build environment has been consolidated.
- The greenbone-nvt-sync script has been improved.
- OpenVAS Scanner now sets a default value for the "unscanned_closed"
preference.
-- Stephan Kleine <bitshuffler@opensuse.org> Wed, 23 Feb 2011 19:39:35 +0100
openvas-scanner (3.2.0-1) UNRELEASED; urgency=low
* New upstream release
- The sync scripts have been updated.
- OpenVAS Scanner now uses pkg-config to find libraries.
- Installation of the openvas-services file has been moved to openvas-libraries.
- Filesystem Hierarchy Standard (FHS 2.3) compliance has been improved.
-- Stephan Kleine <bitshuffler@opensuse.org> Fri, 04 Feb 2011 20:56:40 +0100
openvas-scanner (3.1.99.2-1) UNRELEASED; urgency=low
* New upstream release
- Improved output of --version
- Comprehensive code cleanup
- Binary (.nes) plugins we moved to libraries and turned into builtin
NASL methods.
- Removed handling of binary plugins as we don't want to have them ever
again.
- Added preferences for the vhost feature so that clients get them
and can offer them to the user. In other words: unhide the vhost feature.
- Default port is now 9391 where the OpenVAS Manager expects the
Scanner by default.
- Command line options "--dump-cfg" and "--gen-config" are removed.
- openvassd does not need anymore a "openvassd.conf" file. It uses
its defaults and a possibly present conf-file can overwrite settings.
- openvas-mkcert got a additional switch "-f" to force overwriting
certificates.
- openvas-mkcert does not create a openvassd.conf anymore as it shares
the defaults with openvassd.
-- Stephan Kleine <bitshuffler@opensuse.org> Tue, 25 Jan 2011 18:59:27 +0100
openvas-scanner (3.1.99.1-1) UNRELEASED; urgency=low
* New upstream release
- Debug messages during the use of shared sockets are no longer logged unless
requested during compile time.
- A number of compiler warnings from gcc 4.4 has been addressed.
- Hardening flags are now enabled during compile time to increase code quality.
- openvas-scanner now listens on an IPv4 socket by default, even when IPv6
support is present.
-- Stephan Kleine <bitshuffler@opensuse.org> Mon, 20 Dec 2010 13:39:52 +0100
openvas-scanner (3.1.98.2-1) UNRELEASED; urgency=low
* New upstream release
- A compiler warning regarding an incorrect function declaration in
openvas_tcp_scanner has been addressed.
- A compiler warning regarding incorrect pointer casts in find_service has been
addressed.
- A compiler warning regarding the type of a return value in openvassd has been
addressed.
- An issue which caused openvassd to refuse to scan certain hosts even when
permitted by rules has been fixed.
- An issue which caused openvassd to abort the scan process prematurely under
certain circumstances has been fixed.
-- Stephan Kleine <bitshuffler@opensuse.org> Mon, 06 Dec 2010 18:51:59 +0100
openvas-scanner (3.1.98.1-1) UNRELEASED; urgency=low
* New upstream release
- Network level scan support.
- Removed unnecessary log entries.
- Include paths have been updated to match with openvas-libraries 4.0.
-- Stephan Kleine <bitshuffler@opensuse.org> Fri, 03 Dec 2010 17:26:34 +0100
openvas-scanner (3.1.1-1) UNRELEASED; urgency=low
* New upstream release
- The code documentation infrastructure has been improved.
- The license situation of the individual source code files has been clarified.
- Obsolete support for systems without entropy generation has been removed.
- A bug which caused the client certificate generation to fail under certain
circumstances has been fixed.
-- Stephan Kleine <bitshuffler@opensuse.org> Sun, 31 Oct 2010 19:09:26 +0100
openvas-scanner (3.1.0-1) UNRELEASED; urgency=low
* New upstream release
- Support for storing scanner passwords in plaintext has been removed.
- Support for dropping privileges in NASL and NES NVTs had been added.
- Support for scanning virtual web hosts has been added.
- The handling of NVTs with an invalid timestamp has been improved.
- A bug in the openvas-nvt-sync script which prevented synchronization via http
under certain circumstances has been fixed.
- Support for retrieving the version of the NVT collection has been added to the
openvas-nvt-sync and greenbone-nvt-sync scripts.
- Support for soft pausing of scans has been added.
- Support for automatically installing generated certificate file has been added
to the openvas-mkcert-client script.
- The obsolete C based NVT "ssl_cipher" has been removed from the
openvas-scanner module. It has been replaced by the NASL implementation
"secpod_ssl_ciphers.nasl".
- Support for storing an uploaded preference file in memory instead of on disk
has been added.
-- Stephan Kleine <bitshuffler@opensuse.org> Wed, 14 Jul 2010 19:13:20 +0100
openvas-scanner (3.1.0.rc3-1) UNRELEASED; urgency=low
* New upstream release
- Support for storing scanner passwords in plaintext has been removed.
-- Stephan Kleine <bitshuffler@opensuse.org> Fri, 02 Jul 2010 22:52:18 +0100
openvas-scanner (3.1.0.rc2-1) UNRELEASED; urgency=low
* New upstream release
- The support scripts for feed synchronization have been updated.
- Support for dropping privileges in NASL and NES NVTs had been added.
- Support for scanning virtual web hosts has been added.
- The handling of NVTs with an invalid timestamp has been improved.
-- Stephan Kleine <bitshuffler@opensuse.org> Mon, 28 Jun 2010 18:42:55 +0100
openvas-scanner (3.1.0.rc1-1) UNRELEASED; urgency=low
* New upstream release
- A bug in the openvas-nvt-sync script which prevented synchronization via http
under certain circumstances has been fixed.
- The build environment for C based NVTs has been cleaned up.
- Code formatting has been improved in a number of files to match the coding
style.
- Support for retrieving the version of the NVT collection has been added to the
openvas-nvt-sync and greenbone-nvt-sync scripts.
- Support for soft pausing of scans has been added.
- Support for automatically installing generated certificate file has been added
to the openvas-mkcert-client script.
- The obsolete C based NVT "ssl_cipher" has been removed from the
openvas-scanner module. It has been replaced by the NASL implementation
"secpod_ssl_ciphers.nasl".
- Support for storing an uploaded preference file in memory instead of on disk
has been added.
-- Stephan Kleine <bitshuffler@opensuse.org> Wed, 19 May 2010 19:54:49 +0100
openvas-scanner (3.0.2-1) UNRELEASED; urgency=low
* New upstream release
-- Stephan Kleine <bitshuffler@opensuse.org> Mon, 22 Mar 2010 22:24:52 +0100
openvas-scanner (3.0.1-1) UNRELEASED; urgency=low
* New upstream release
-- Stephan Kleine <bitshuffler@opensuse.org> Tue, 26 Jan 2010 19:14:34 +0100
openvas-scanner (3.0.0-1) UNRELEASED; urgency=low
* New upstream release
-- Stephan Kleine <bitshuffler@opensuse.org> Fri, 25 Dec 2009 15:30:15 +0100
Source: openvas-scanner
Section: admin
Priority: optional
Maintainer: Stephan Kleine <bitshuffler@opensuse.org>
Build-Depends: debhelper (>= 6), devscripts, dpatch, cmake, hardening-wrapper, libopenvas5-dev, libwrap0-dev, pkg-config, po-debconf
Homepage: http://www.openvas.org/
Standards-Version: 3.8.0
Package: openvas-scanner
Section: net
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, openssl
Replaces: openvas-server, openvas-plugins
Conflicts: openvas-server, openvas-plugins
Recommends: rsync, nmap
Suggests: openvas-client, snmp, pnscan, strobe, ike-scan
Description: remote network security auditor - scanner
The Open Vulnerability Assessment System is a modular security auditing
tool, used for testing remote systems for vulnerabilities that should be
fixed.
.
It is made up of two parts: a scan server, and a client. The scanner/daemon,
openvassd, is in charge of the attacks, whereas the client,
OpenVAS-Client, provides an X11/GTK+ user interface.
.
This package provides the scanner.
Package: openvas-scanner-dbg
Section: debug
Priority: extra
Architecture: any
Depends: ${misc:Depends}, openvas-scanner (= ${binary:Version})
Description: remote network security auditor - scanner (debug)
The Open Vulnerability Assessment System is a modular security auditing
tool, used for testing remote systems for vulnerabilities that should be
fixed.
.
It is made up of two parts: a scan server, and a client. The scanner/daemon,
openvassd, is in charge of the attacks, whereas the client,
OpenVAS-Client, provides an X11/GTK+ user interface.
.
This package provides the debugging symbols for the scanner.
#
# The address the OpenVAS Scanner is listening on.
#
SCANNER_ADDRESS=127.0.0.1
#
# The port the OpenVAS Scanner is listening on.
#
SCANNER_PORT=9391
var/cache/openvas
var/lib/openvas
var/log/openvas
#!/bin/sh -e
#
# /etc/init.d/openvas-scanner
#
# Originally written by Miquel van Smoorenburg <miquels@drinkel.ow.org>.
# Modified for Debian GNU/Linux by Ian Murdock <imurdock@gnu.ai.mit.edu>.
# Modified for nessusd by Luca Andreucci <andrew@andrew.org>
# Further changes by Javier Fernandez-Sanguino <jfs@debian.org> for the
# Debian GNU/Linux distribution
# Even more changes for Debian GNU/Linux openvas-scanner package by
# Tim Brown <timb@nth-dimension.org.uk>
#
### BEGIN INIT INFO
# Provides: openvas-scanner
# Required-Start: $remote_fs
# Required-Stop: $remote_fs
# Should-Start:
# Should-Stop:
# Default-Start:
# Default-Stop: 0 6
# Short-Description: Start and stop the OpenVAS daemon
# Description: Controls the main OpenVAS daemon "openvassd".
### END INIT INFO
# time to wait for daemons death, in seconds
# don't set it too low or you might not let openvassd die gracefully
DODTIME=5
[ -r /etc/default/openvas-scanner ] && . /etc/default/openvas-scanner
# daemon options
DAEMONOPTS="-q"
[ "$SCANNER_ADDRESS" ] && DAEMONOPTS="$DAEMONOPTS --listen=$SCANNER_ADDRESS"
[ "$SCANNER_PORT" ] && DAEMONOPTS="$DAEMONOPTS --port=$SCANNER_PORT"
DAEMON=/usr/sbin/openvassd
PIDFILE=/var/run/openvassd.pid
NAME=openvassd
LABEL="OpenVAS Scanner"
test -x $DAEMON || exit 0
running()
{
# No pidfile, probably no daemon present
#
[ ! -f "$PIDFILE" ] && return 1
pid=`cat $PIDFILE`
# No pid, probably no daemon present
[ -z "$pid" ] && return 1
[ ! -d /proc/$pid ] && return 1
cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1 |cut -d : -f 1`
# No openvassd?
[ "$cmd" != "$NAME" ] && return 1
return 0
}
warn_cert_file() {
echo -n "WARN: The (expected) certificate file $1 is not available." >&2
echo -n "The OpenVAS daemon might not start up." >&2
}
check_certs() {
CERTDIR=/var/lib/openvas/CA/
PRIVCERTDIR=/var/lib/openvas/private/CA/
for cert in cacert.pem servercert.pem; do
[ ! -r "$CERTDIR/$cert" ] && warn_cert_file "$CERTDIR/$cert"
done
for cert in cakey.pem serverkey.pem; do
[ ! -r "$PRIVCERTDIR/$cert" ] && warn_cert_file "$CERTDIR/$cert"
done
}
openvas_start() {
check_certs
start-stop-daemon --start --exec $DAEMON -- $DAEMONOPTS 2>&1 >/dev/null
errcode=$?
# If we don't sleep then running() might not see the pidfile
sleep $DODTIME
return $errcode
}
force_stop() {
[ ! -e "$PIDFILE" ] && return
if running ; then
kill -15 $pid
# Is it really dead?
sleep "$DODTIME"s
if running ; then
kill -9 $pid
sleep "$DODTIME"s
if running ; then
echo "Cannot kill $LABEL (pid=$pid)!"
exit 1
fi
fi
fi
rm -f $PIDFILE
}
case "$1" in
start)
echo -n "Starting $LABEL: "
if openvas_start && running ; then
echo "openvassd."
else
echo "ERROR."
exit 1
fi
;;
stop)
echo -n "Stopping $LABEL: "
if running ; then
start-stop-daemon --stop --pidfile $PIDFILE --quiet --oknodo --exec $DAEMON
sleep "$DODTIME"s
fi
if running; then
force_stop
fi
echo "openvassd."
;;
restart)
echo -n "Restarting $LABEL: "
if running; then
start-stop-daemon --stop --pidfile $PIDFILE --quiet --oknodo --exec $DAEMON
sleep "$DODTIME"s
fi
if running; then
force_stop
fi
if openvas_start && running ; then
echo "openvassd."
else
echo "ERROR."
exit 1
fi
;;
reload|force-reload)
echo -n "Reloading $LABEL configuration files: "
start-stop-daemon --stop --pidfile $PIDFILE --signal 1 --exec $DAEMON
sleep "$DODTIME"s
if running ; then
echo "done."
else
echo "ERROR."
exit 1
fi
;;
status)
echo -n "$LABEL is "
if running ; then
echo "running"
else
echo " not running."
exit 1
fi
;;
*)
echo "Usage: /etc/init.d/openvas-scanner {start|stop|restart|reload|status}"
exit 1
;;
esac
exit 0
usr/sbin/greenbone-nvt-sync
usr/*bin/openvas*
usr/share/man/man8/greenbone-nvt-sync*
usr/share/man/man8/openvas*
/var/log/openvas/openvassd.messages {
missingok
notifempty
create 640 root adm
daily
rotate 7
compress
postrotate
if [ -s /var/run/openvassd.pid ]; then kill -1 `cat /var/run/openvassd.pid`; fi
openvaslogs=`ls /var/log/openvas/openvassd.messages.*`
if [ -n "$openvaslogs" ]; then
chown root:adm $openvaslogs
chmod 640 $openvaslogs
fi
endscript
}
#! /bin/bash
# Restart the OpenVAS daemon if running
if [ -x /etc/init.d/openvas-scanner ] && \
/etc/init.d/openvas-scanner status 2>&1 >/dev/null; then
if which invoke-rc.d >/dev/null 2>&1; then
invoke-rc.d openvas-scanner restart
else
/etc/init.d/openvas-scanner restart
fi
fi
# We don't let dh_installinit touch this so we do it byhand
update-rc.d openvas-scanner stop 20 0 6 . >/dev/null
#!/bin/sh
if [ "$1" = "purge" ]; then
update-rc.d openvas-scanner remove >/dev/null
fi
exit 0
#!/bin/sh
set -e
if [ "$1" != "upgrade" ]; then
if [ -x "/etc/init.d/openvas-scanner" ] ; then
if which invoke-rc.d >/dev/null 2>&1; then
invoke-rc.d openvas-scanner stop
else
/etc/init.d/openvas-scanner stop
fi
else
start-stop-daemon --stop --quiet --oknodo --exec /usr/sbin/openvassd
fi
fi
#DEBHELPER#
exit 0
#!/usr/bin/make -f
# -*- makefile -*-
# Sample debian/rules that uses debhelper.
# This file was originally written by Joey Hess and Craig Small.
# As a special exception, when this file is copied by dh-make into a
# dh-make output file, you may use that output file without restriction.
# This special exception was added by Craig Small in version 0.37 of dh-make.
# Uncomment this to turn on verbose mode.
export DH_VERBOSE=1
# Enable hardening-wrapper
export DEB_BUILD_HARDENING=1
config: config-stamp
config-stamp:
dh_testdir
# Add here commands to configure the package.
cmake -DCMAKE_VERBOSE_MAKEFILE=ON -DCMAKE_INSTALL_PREFIX=/usr -DSYSCONFDIR=/etc -DLOCALSTATEDIR=/var -DCMAKE_BUILD_TYPE=release .
touch $@
build: build-stamp
build-stamp: config
dh_testdir
# Add here commands to compile the package.
$(MAKE) VERBOSE=1
touch $@
clean:
dh_testdir
dh_testroot
rm -f build-stamp
dh_clean
install: build
dh_testdir
dh_testroot
dh_clean -k
dh_installdirs
# Add here commands to install the package into debian/tmp
$(MAKE) DESTDIR=$(CURDIR)/debian/tmp install
for file in $(CURDIR)/debian/tmp/usr/*bin/openvas-* ; do \
if file $$file | grep -q "POSIX shell script"; then \
echo "Checking $$file for bashisms..." ; \
checkbashisms $$file || true ; \
fi ; \
done
# Build architecture-independent files here.
binary-indep: build install
# We have nothing to do by default.
# Build architecture-dependent files here.
binary-arch: build install
dh_testdir
dh_testroot
dh_installchangelogs CHANGES
dh_installdocs
dh_install --sourcedir=debian/tmp
dh_installdebconf
dh_installlogrotate
dh_installinit -n -r -u stop 20 0 6 .
dh_installman
dh_link
dh_strip --dbg-package=openvas-scanner-dbg
dh_compress
dh_fixperms
dh_installdeb
dh_shlibdeps
dh_gencontrol
dh_md5sums
dh_builddeb
binary: binary-indep binary-arch
.PHONY: build clean binary-indep binary-arch binary install
......@@ -133,7 +133,7 @@ endif (NVT_TIMEOUT)
set_target_properties (openvassd PROPERTIES LINK_FLAGS
"${LIB_TEMP} ${GLIB_LDFLAGS} ${OPENVAS_LDFLAGS}")
target_link_libraries (openvassd gnutls dl gcrypt)
target_link_libraries (openvassd dl gcrypt glib-2.0 gnutls openvas_base openvas_hg openvas_misc)
set_target_properties (openvassd PROPERTIES COMPILE_FLAGS
"${HEADER_TEMP} ${OPENVAS_CFLAGS} ${GLIB_CFLAGS}")
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment