Commit e909d367 authored by Sophie Brun's avatar Sophie Brun

Merge remote-tracking branch 'debian/master' into kali/master

parents efd26103 12c4398f
openvas-scanner 5.0.7 (2016-09-06)
openvas-scanner 5.1.0 (2016-11-09)
This is the seventh maintenance release of the openvas-scanner 5.0 module for
the Open Vulnerability Assessment System release 8 (OpenVAS-8).
This release addresses a segmentation fault discovered after the release of
OpenVAS Scanner 5.0.6 which could result in hanging or failing scans under
certain circumstances.
Many thanks to everyone who contributed to this release:
Timo Pollmeier.
Main changes compared to 5.0.6:
* An issue which caused memory to be freed too early in the plugin launch
process potentially leading to segmentation faults has been addressed.
openvas-scanner 5.0.6 (2016-08-30)
This is the sixth maintenance release of the openvas-scanner 5.0 module for
the Open Vulnerability Assessment System release 8 (OpenVAS-8).
This release adds support for the 'scanner_plugins_timeout' and 'timeout_retry'
preferences, addresses a number of memory leaks and improves signal handling in
scanner processes.
Many thanks to everyone who contributed to this release:
Hani Benhabiles and Matthew Mundell.
Main changes compared to 5.0.5:
* Support for the 'scanner_plugins_timeout' preference has been added.
* Support for the 'timeout_retry' preference has been added.
* A number of memory leaks have been fixed.
* Signal handling in scanner processes has been improved.
* Documentation has been updated.
openvas-scanner 5.0.5 (2015-12-21)
This is the fifth maintenance release of the openvas-scanner 5.0 module for
the Open Vulnerability Assessment System release 8 (OpenVAS-8).
This release addresses a segmentation fault in OpenVAS Scanner and two minor
issues regarding the support script for client certificate generation and
regarding the process title in certain circumstances.
Many thanks to everyone who contributed to this release:
Hani Benhabiles and Michael Wiegand.
This is the first release of the openvas-scanner 5.1 module for the Open
Vulnerability Assessment System 9 (OpenVAS-9). Compared to the previous
major release the scanner now serves via a unix file socket instead
of a tcp socket which simplifies the setup, handling and code-base.
Also, the feed synchronisations were consolidated into a single method.
And in general the scanner becomes lighter, faster and more robust.
Main changes compared to 5.0.4:
* Fixed a segmentation fault in the Scanner when processing an NVT without a
proper name.
* The support script for the creation of client certificates is now installed
in a FHS compliant location.
* The process title now contains the correct IP address for IPv4-mapped IPv6
addresses.
openvas-scanner 5.0.4 (2015-07-09)
This is the fourth maintenance release of the openvas-scanner 5.0 module for
the Open Vulnerability Assessment System release 8 (OpenVAS-8).
This release fixes an issue which could produce duplicate scan results. It also
enables the removal of the pidfile on exit in OpenVAS Scanner.
Many thanks to everyone who has contributed to this release:
Benoît Allard, Hani Benhabiles, Henri Doreau, Sven Haardiek, Matthew Mundell,
Timo Pollmeier, Jan-Oliver Wagner and Michael Wiegand.
Many thanks to everyone who contributed to this release:
Hani Benhabiles.
Main changes compared to the 5.0 series:
* Replaced OTP TLS certificate-authorized TCP socket service by
a unix file socket based service.
* Moved the TLS certificate management script to module openvas-manager.
* Merged the two feed sync scripts into a single one that can handle
both, the Community Feed and the Greenbone Security Feed.
* New command line options --unix-socket, --listen-mode,
--listen-group, --listen-owner and --gnupg-home.
* Removed command line options --listen, --port, --gnutls-priorities and
--dh-params.
* The nvt summary isn't send anymore as it is not used anymore.
* Send a "Host dead" host detail when the host is dead.
* Dropped scanner preferences cert_file, key_file and ca_file.
* Add scanner preferences timeout_retry and scanner_plugins_timeout.
* Reduced memory consumption and improved performance
* Numerous build and code improvements
* Increased dependency for glib from 2.16 to 2.32.
* Increased dependency for openvas-libraries from 8.0 to 9.0.0.
Main changes compared to 5.0beta3:
* Replaced OTP TLS certificate-authorized TCP socket service by
a unix file socket service.
* New command line options --unix-socket, --listen-mode,
--listen-group, --listen-owner and --gnupg-home.
* Removed command line options --listen, --port, --gnutls-priorities and
--dh-params.
* Extended greenbone-nvt-sync with some functionalities of openvas-nvt-sync to
cover both, GSF feed and Community Feed. openvas-nvt-sync removed.
* Moved the openvas-manage-certs script to module openvas-manager.
* Dropped scanner preferences cert_file, key_file and ca_file.
* Send a "Host dead" host detail when the host is dead.
* Improved the cmake buildsystem.
* Fixed some memory leaks.
* Some improvements to the logging functionality.
* The nvt summary isn't send anymore as it is not used anymore.
* Increased dependency for glib from 2.16 to 2.32.
* Various code improvements.
openvas-scanner 5.1+beta3 (2016-04-14)
This is the third beta release of the openvas-scanner 5.1 module for
the Open Vulnerability Assessment System (OpenVAS). It will be part of
the upcoming "OpenVAS-9".
This release addresses numerous minor bug fixes, code improvements and
build improvements.
Main changes compared to 5.0.3:
* An issue which could produce duplicate scan results when a scan was stopped
and later resumed has been fixed.
* An issue which caused new host scans to start even though the overall scan had
been requested to stop has been fixed.
* An issue which caused scans to terminate prematurely upon receiving the
SIGPIPE signal has been fixed.
* The OpenVAS Scanner parent process now removes its pidfile when exiting.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Sven Haardiek, Timo Pollmeier and Michael Wiegand.
Main changes compared to 5.0beta2:
* Add scanner preferences timeout_retry and scanner_plugins_timeout.
* Various minor bug fixes and code improvements as well as build
improvements.
openvas-scanner 5.0.3 (2015-05-11)
This is the third maintenance release of the openvas-scanner 5.0 module for
the Open Vulnerability Assessment System release 8 (OpenVAS-8).
openvas-scanner 5.1+beta2 (2015-10-21)
This release fixes an issue introduced with OpenVAS Scanner 5.0.2 which
sometimes resulted in the parent process not releasing the CPU after loading the
NVTs.
This is the second beta release of the openvas-scanner 5.1 module for
the Open Vulnerability Assessment System (OpenVAS). It will be part of
the upcoming "OpenVAS-9".
Many thanks to everyone who contributed to this release:
Hani Benhabiles.
Main new feature of this release is the switch from openssl based
certificate management scripts to a GNUTLS (certtool) based one.
Main changes compared to 5.0.2:
* An issue which caused OpenVAS Scanner to fail to release the CPU after loading
the NVTs under certain circumstances has been fixed.
openvas-scanner 5.0.2 (2015-04-30)
Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Sven Haardiek, Jan-Oliver Wagner and Michael Wiegand.
Main changes compared to 5.0beta1:
* Install "openvas-mkcert-client" FHS compliant.
* Improve openvas-manage-certs script. The script is now able to set up
a certificate infrastructure for an OpenVAS installation, create
additional certificates, verify the installation and perform other
certificate related tasks while being highly configurable at run time
through environment variables or a configuration file.
* Retire openvas-mkcert and openvas-mkcert-client now that their
replacement openvas-manage-certs is ready for use. This also means
that openssl is not required anymore, instead gnutls (certtool) is now
also used for the certificate management scripts.
* Improved support for IPv6.
* Simplify project version setting. Use SVN version at build time in
binary instead of SVN version at configuration time. Make SVN revision
retrieval work with SVN >= 1.7.
* Apply -Wextra for builds.
openvas-scanner 5.1+beta1 (2015-07-17)
This is the first beta release of the openvas-scanner 5.1 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-9".
This is the second maintenance release of the openvas-scanner 5.0 module for
the Open Vulnerability Assessment System release 8 (OpenVAS-8).
Main new features of 5.1 compared to 5.0 include reduced memory usage and
improved performance.
This release increases the minimum required version of OpenVAS Libraries to
8.0.2. It uses new functionality from OpenVAS Libraries to set the target hosts
FQDN based on a reverse DNS lookup. It also fixes an issue which caused NVTs to
hang under certain circumstances.
Many thanks to everyone who has contributed to this release:
Benoît Allard, Hani Benhabiles, Sven Haardiek, Jan-Oliver Wagner and Michael
Wiegand.
Many thanks to everyone who contributed to this release:
Hani Benhabiles, Miguel Angel Cabrera Moya and Michael Wiegand.
Main changes compared to 5.0.1:
* The required minimum OpenVAS Libraries version has increased to 8.0.2.
* The target FQDN is now set to the result of a reverse DNS lookup on the IP
when available.
* An issue which caused NVTs to hang on open, but unresponsive ports due to the
timeout not being set correctly has been fixed.
* An issue which caused the loading handler process to live on even after the
parent process had been killed has been fixed.
* An issue which prevented openvas-scanner from building with GLib =< 2.28 has
been addressed.
Main changes compared to 5.0.x:
* The required minimum version of OpenVAS Libraries has been raised to 8.1.0.
* Internal improvements to match changes in OpenVAS Libraries.
* Memory usage has been reduced by improved cache usage.
* A number of issues discovered through static code analysis have been
addressed.
* Documentation has been updated.
openvas-scanner 5.0.1 (2015-04-01)
......
......@@ -7,7 +7,7 @@
# Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
#
# Copyright:
# Copyright (C) 2011-2015 Greenbone Networks GmbH
# Copyright (C) 2011-2016 Greenbone Networks GmbH
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
......@@ -27,7 +27,7 @@ message ("-- Configuring the Scanner...")
project (openvas-scanner C)
cmake_minimum_required (VERSION 2.6)
cmake_minimum_required (VERSION 2.8)
if (POLICY CMP0005)
cmake_policy (SET CMP0005 OLD)
......@@ -56,18 +56,45 @@ macro (Subversion_GET_REVISION dir variable)
endmacro (Subversion_GET_REVISION)
if (NOT CMAKE_BUILD_TYPE MATCHES "Release")
if (EXISTS "${CMAKE_SOURCE_DIR}/.svn/")
if (EXISTS "${CMAKE_SOURCE_DIR}/.svn/" OR EXISTS "${CMAKE_SOURCE_DIR}/../.svn/")
if (SVN_EXECUTABLE)
Subversion_GET_REVISION(. ProjectRevision)
set (SVN_REVISION ".SVN.r${ProjectRevision}")
set (SVN_REVISION "~svn${ProjectRevision}")
else (SVN_EXECUTABLE)
set (SVN_REVISION ".SVN")
set (SVN_REVISION "~svn")
endif (SVN_EXECUTABLE)
endif (EXISTS "${CMAKE_SOURCE_DIR}/.svn/")
endif (EXISTS "${CMAKE_SOURCE_DIR}/.svn/" OR EXISTS "${CMAKE_SOURCE_DIR}/../.svn/")
endif (NOT CMAKE_BUILD_TYPE MATCHES "Release")
# TODO: Check pkg-config (maybe with code like in gsa/CMakeLists.txt).
## Project version
# The following three variables should be set through the project command once
# we require CMake >= 3.0
set (PROJECT_VERSION_MAJOR 5)
set (PROJECT_VERSION_MINOR 1)
set (PROJECT_VERSION_PATCH 0)
# Set beta version if this is a beta release series,
# unset if this is a stable release series.
#set (PROJECT_BETA_RELEASE 1)
if (SVN_REVISION)
set (PROJECT_VERSION_SVN "${SVN_REVISION}")
endif (SVN_REVISION)
# If PROJECT_BETA_RELEASE is set, the version string will be set to:
# "major.minor+beta${PROJECT_BETA_RELEASE}"
# If PROJECT_BETA_RELEASE is NOT set, the version string will be set to:
# "major.minor.patch"
if (PROJECT_BETA_RELEASE)
set (PROJECT_VERSION_SUFFIX "+beta${PROJECT_BETA_RELEASE}")
else (PROJECT_BETA_RELEASE)
set (PROJECT_VERSION_SUFFIX ".${PROJECT_VERSION_PATCH}")
endif (PROJECT_BETA_RELEASE)
set (PROJECT_VERSION_STRING "${PROJECT_VERSION_MAJOR}.${PROJECT_VERSION_MINOR}${PROJECT_VERSION_SUFFIX}")
## CPack configuration
set (CPACK_CMAKE_GENERATOR "Unix Makefiles")
......@@ -81,41 +108,16 @@ set (CPACK_SOURCE_GENERATOR "TGZ")
set (CPACK_SOURCE_TOPLEVEL_TAG "")
set (CPACK_SYSTEM_NAME "")
set (CPACK_TOPLEVEL_TAG "")
set (CPACK_PACKAGE_VERSION_MAJOR "5")
set (CPACK_PACKAGE_VERSION_MINOR "0")
# Use this scheme for stable releases
set (CPACK_PACKAGE_VERSION_PATCH "7${SVN_REVISION}")
set (CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}")
# Use this scheme for +betaN and +rcN releases:
#set (CPACK_PACKAGE_VERSION_PATCH "+beta1${SVN_REVISION}")
#set (CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}${CPACK_PACKAGE_VERSION_PATCH}")
set (CPACK_PACKAGE_VERSION "${PROJECT_VERSION_STRING}${PROJECT_VERSION_SVN}")
set (CPACK_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}")
set (CPACK_SOURCE_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}")
set (CPACK_PACKAGE_VENDOR "The OpenVAS Project")
set (CPACK_SOURCE_IGNORE_FILES
"${CMAKE_BINARY_DIR}"
"/.svn/"
"/_CPack_Packages/"
"/CMakeFiles/"
"cmake$"
"swp$"
"Cache.txt$"
".tar.gz"
"install_manifest.txt"
"Makefile"
"/doc/generated/"
"log.conf$"
"Doxyfile$"
"Doxyfile_full$"
"openvassd.8$"
"VERSION$"
"tools/openvas-mkcert$"
"tools/openvas-mkcert-client$"
"tools/openvas-nvt-sync$"
"tools/greenbone-nvt-sync$"
"doc/example_redis_2_4.conf$"
"doc/example_redis_2_6.conf$"
)
include (CPack)
......@@ -157,22 +159,21 @@ endif (NOT DATADIR)
#if (NOT SYSCONFDIR)
# set (SYSCONFDIR "${CMAKE_INSTALL_PREFIX}/etc")
#endif (NOT SYSCONFDIR)
if (NOT OPENVAS_RUN_DIR)
set (OPENVAS_RUN_DIR "${LOCALSTATEDIR}/run")
endif (NOT OPENVAS_RUN_DIR)
set (OPENVAS_DATA_DIR "${DATADIR}/openvas")
set (OPENVAS_STATE_DIR "${LOCALSTATEDIR}/lib/openvas")
set (OPENVAS_LOG_DIR "${LOCALSTATEDIR}/log/openvas")
set (OPENVAS_CACHE_DIR "${LOCALSTATEDIR}/cache/openvas")
set (OPENVAS_PID_DIR "${LOCALSTATEDIR}/run")
set (OPENVAS_SYSCONF_DIR "${SYSCONFDIR}/openvas")
set (OPENVAS_NVT_DIR "${OPENVAS_STATE_DIR}/plugins")
if (NOT OPENVAS_NVT_DIR)
set (OPENVAS_NVT_DIR "${OPENVAS_STATE_DIR}/plugins")
endif (NOT OPENVAS_NVT_DIR)
set (OPENVAS_LIB_INSTALL_DIR "${LIBDIR}")
set (OPENVAS_SCANNER_CERTIFICATE "${OPENVAS_STATE_DIR}/CA/servercert.pem")
set (OPENVAS_SCANNER_KEY "${OPENVAS_STATE_DIR}/private/CA/serverkey.pem")
set (OPENVAS_CLIENT_CERTIFICATE "${OPENVAS_STATE_DIR}/CA/clientcert.pem")
set (OPENVAS_CLIENT_KEY "${OPENVAS_STATE_DIR}/private/CA/clientkey.pem")
set (OPENVAS_CA_CERTIFICATE "${OPENVAS_STATE_DIR}/CA/cacert.pem")
set (OPENVASSD_MESSAGES "${OPENVAS_LOG_DIR}/openvassd.messages")
set (OPENVASSD_DEBUGMSG "${OPENVAS_LOG_DIR}/openvassd.dump")
......@@ -185,11 +186,10 @@ message ("-- Install prefix: ${CMAKE_INSTALL_PREFIX}")
## Dependency checks
pkg_check_modules (LIBOPENVAS_NASL REQUIRED libopenvas_nasl>=8.0.2)
pkg_check_modules (LIBOPENVAS_BASE REQUIRED libopenvas_base>=8.0.2)
pkg_check_modules (LIBOPENVAS_MISC REQUIRED libopenvas_misc>=8.0.2)
pkg_check_modules (LIBOPENVAS_OMP REQUIRED libopenvas_omp>=8.0.2)
pkg_check_modules (GLIB REQUIRED glib-2.0>=2.16)
pkg_check_modules (LIBOPENVAS_NASL REQUIRED libopenvas_nasl>=9.0.0)
pkg_check_modules (LIBOPENVAS_BASE REQUIRED libopenvas_base>=9.0.0)
pkg_check_modules (LIBOPENVAS_MISC REQUIRED libopenvas_misc>=9.0.0)
pkg_check_modules (GLIB REQUIRED glib-2.0>=2.32)
message (STATUS "Looking for libgcrypt...")
find_library (GCRYPT gcrypt)
......@@ -207,8 +207,7 @@ endif (NOT GCRYPT)
## Version
string (REPLACE "
" "" OPENVASSD_VERSION ${CPACK_PACKAGE_VERSION})
set (OPENVASSD_VERSION "${PROJECT_VERSION_STRING}")
# Configure Doxyfile with version number
configure_file (doc/Doxyfile.in doc/Doxyfile @ONLY)
......@@ -217,19 +216,18 @@ configure_file (doc/openvassd.8.in doc/openvassd.8 @ONLY)
configure_file (doc/example_redis_2_4.conf.in doc/example_redis_2_4.conf @ONLY)
configure_file (doc/example_redis_2_6.conf.in doc/example_redis_2_6.conf @ONLY)
configure_file (VERSION.in VERSION @ONLY)
configure_file (tools/openvas-mkcert.in tools/openvas-mkcert @ONLY)
configure_file (tools/openvas-mkcert-client.in tools/openvas-mkcert-client @ONLY)
configure_file (tools/openvas-nvt-sync.in tools/openvas-nvt-sync @ONLY)
configure_file (tools/greenbone-nvt-sync.in tools/greenbone-nvt-sync @ONLY)
# TODO: Once Scanner has a proper logging mechanism like Manager.
#configure_file (src/openvassd_log_conf.cmake_in src/openvassd_log.conf)
## Program
set (HARDENING_FLAGS "-Wformat -Wformat-security -O2 -D_FORTIFY_SOURCE=2 -fstack-protector -Wl,-z,relro -Wl,-z,now")
set (HARDENING_FLAGS "-Wformat -Wformat-security -O2 -D_FORTIFY_SOURCE=2 -fstack-protector")
set (LINKER_HARDENING_FLAGS "-Wl,-z,relro -Wl,-z,now")
set (GPGME_C_FLAGS "-D_FILE_OFFSET_BITS=64 -DLARGEFILE_SOURCE=1")
set (CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -Werror")
set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${HARDENING_FLAGS} -Wall -D_BSD_SOURCE -D_ISOC99_SOURCE -D_SVID_SOURCE -D_DEFAULT_SOURCE")
set (CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} ${GPGME_C_FLAGS} -Werror -Wextra")
set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${HARDENING_FLAGS} ${GPGME_C_FLAGS} -Wall -D_BSD_SOURCE -D_ISOC99_SOURCE -D_SVID_SOURCE -D_DEFAULT_SOURCE")
add_subdirectory (src)
......@@ -251,27 +249,15 @@ install (FILES ${CMAKE_BINARY_DIR}/src/openvassd
#install (FILES openvassd_log.conf
# DESTINATION ${OPENVAS_SYSCONF_DIR})
install (FILES ${CMAKE_BINARY_DIR}/tools/openvas-mkcert
${CMAKE_BINARY_DIR}/tools/openvas-nvt-sync
${CMAKE_BINARY_DIR}/tools/greenbone-nvt-sync
install (FILES ${CMAKE_BINARY_DIR}/tools/greenbone-nvt-sync
DESTINATION ${SBINDIR}
PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
install (FILES ${CMAKE_BINARY_DIR}/tools/openvas-mkcert-client
DESTINATION ${BINDIR}
PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
install (FILES ${CMAKE_SOURCE_DIR}/doc/openvas-mkcert-client.1
DESTINATION ${DATADIR}/man/man1 )
install (FILES ${CMAKE_BINARY_DIR}/doc/openvassd.8
DESTINATION ${DATADIR}/man/man8 )
install (FILES ${CMAKE_SOURCE_DIR}/doc/openvas-mkcert.8
${CMAKE_SOURCE_DIR}/doc/openvas-nvt-sync.8
${CMAKE_SOURCE_DIR}/doc/greenbone-nvt-sync.8
install (FILES ${CMAKE_SOURCE_DIR}/doc/greenbone-nvt-sync.8
DESTINATION ${DATADIR}/man/man8 )
install (FILES ${CMAKE_BINARY_DIR}/doc/example_redis_2_4.conf
......
......@@ -30,7 +30,4 @@ src/processes.[c|h]: GPLv2
src/sighand.[c|h]: GPLv2
src/utils.[c|h]: GPLv2
tools/greenbone-nvt-sync: GPLv2+
tools/openvas-mkcert-client.in: GPLv2
tools/openvas-mkcert.in: GPLv2
tools/openvas-nvt-sync.in: GPLv2
tools/greenbone-nvt-sync.in: GPLv2+
2016-09-06 Michael Wiegand <michael.wiegand@greenbone.net>
2016-11-09 Michael Wiegand <michael.wiegand@greenbone.net>
Preparing the openvas-scanner 5.0.7 release.
* CHANGES: Fix typo.
2016-11-09 Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
Preparing the openvas-scanner 5.1.0 release.
* CHANGES: Updated.
2016-09-01 Timo Pollmeier <timo.pollmeier@greenbone.net>
* CMakeLists.txt: Switch version scheme from beta to stable.
* src/nasl_plugins.c (nasl_plugin_launch): Do not free plugin arglist.
* INSTALL: Remove a prerequisite for GNUTLS certool which is not needed
anymore in this module.
2016-08-30 Michael Wiegand <michael.wiegand@greenbone.net>
* src/openvassd.c (main): Updated (C) year.
Post release version bump.
2016-10-28 Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
* CMakeLists.txt: Set version to 5.0.7.
* tools/greenbone-nvt-sync.in: Change URL for feed tarball
to use the dedicated community server.
2016-08-30 Michael Wiegand <michael.wiegand@greenbone.net>
2016-10-24 Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
Preparing the openvas-scanner 5.0.6 release.
Move the openvas-manage-certs script to module openvas-manager
because the module openvas-scanner does not need to manage
certs anymore.
* CHANGES: Updated.
* tools/openvas-manage-certs.in: Removed.
This moved to module openvas-manager.
2016-07-28 Matthew Mundell <matthew.mundell@greenbone.net>
* tools/README_TOOLS: Adjust to reflect removal.
Revert part of the r25384 backport.
* doc/example-openvas-manage-certs.conf.in: Removed.
This moved to module openvas-manager.
* src/sighand.c (attack_start): Remove free, this is a stack array.
* doc/openvas-manage-certs.1: Removed.
This moved to module openvas-manager.
2016-07-28 Matthew Mundell <matthew.mundell@greenbone.net>
* CMakeLists.txt: Removed handling of the removed files.
* COPYING: Remove entry accordingly.
* doc/openvassd.8.in: Remove reference accordingly.
2016-10-24 Hani Benhabiles <hani.benhabiles@greenbone.net>
* src/pluginlaunch.c (pluginlaunch_stop): Add soft_stop argument.
* src/pluginlaunch.h: Adjust function parameter.
* src/attack.c (launch_plugin, attack_host, handle_scan_stop_signal):
Adjust function call.
2016-10-23 Hani Benhabiles <hani.benhabiles@greenbone.net>
* src/hosts.c (hosts_read_client): Fix nfds argument for select() call.
2016-10-23 Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
* src/util.c (is_scanner_only_pref): No need to exclude ca_file,
key_file and cert_file because they are not used anymore.
* src/openvassd.c (openvassd_option openvassd_defaults): Drop cert_file,
key_file and ca_file because they are not used anymore.
* CMakeLists.txt, src/CMakeLists.txt: Removed handling of
OPENVAS_SCANNER_CERTIFICATE, OPENVAS_SCANNER_KEY,
OPENVAS_CLIENT_CERTIFICATE, OPENVAS_CLIENT_KEY, OPENVAS_CA_CERTIFICATE
because these are not needed anymore.
2016-10-23 Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
* INSTALL: Updated. Especially removed step 1 about the TLS
certificates.
2016-10-22 Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
Drop the "openvasnvt-sync" script as the "greenbone-nvt-sync"
script does syncrhonise with the community feed in case no
subscription key is present. This also makes the maintenance easier.
* tools/openvas-nvt-sync.in, doc/openvas-nvt-sync.8: Removed.
* COPYING: Removed the entry accordingly.
* INSTALL: Mention to use greenbone-nvt-sync.
* CMakeLists.txt: Remove handling of removed files.
* doc/greenbone-nvt-sync.8: Updated to say it is also for the
community feed.
* tools/README_TOOLS: Description improved.
2016-10-22 Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
* tools/greenbone-nvt-sync.in: Add hints on env variables
added to --help output.
2016-10-20 Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
* tools/greenbone-nvt-sync.in: Use a consistent name for
temporary directory.
2016-10-20 Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
* tools/greenbone-nvt-sync.in: Drop the ancient convenience pinning
to rsync protocol version 29 to circumvent a problem with rsync 3.0.3.
2016-10-20 Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
* tools/greenbone-nvt-sync.in: Use the package version instead
of a self-maintained one.
2016-10-20 Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
* tools/greenbone-nvt-sync.in: Update URL about general information
about GSF.
2016-10-20 Timo Pollmeier <timo.pollmeier@greenbone.net>
* tools/greenbone-nvt-sync.in: Add command line arguments --rsync,
--wget and --curl to select download method.
(is_feed_current, do_sync_community_feed, sync_nvts, do_help): Add
cases for new command line arguments.
2016-10-19 Timo Pollmeier <timo.pollmeier@greenbone.net>
* tools/greenbone-nvt-sync.in (is_feed_current): Skip check if rsync is
not available.
(do_curl_community_feed): Output "curl failed" error if the archive
file does not exist after running curl.
2016-10-13 Hani Benhabiles <hani.benhabiles@greenbone.net>
* src/openvassd.c (loading_handler_stop): Call terminate_process().
Handles a race condition where the scanner tries to terminate the
loading handler process before the later has set the signal handler.
2016-10-13 Timo Pollmeier <timo.pollmeier@greenbone.net>
* tools/greenbone-nvt-sync.in (do_wget_community_feed): Log error and
exit on failure.
(do_curl_community_feed): Add missing definition of TMP_NVT. Log error
and exit on failure.
2016-10-11 Hani Benhabiles <hani.benhabiles@greenbone.net>
* src/pluginscheduler.c (plugin_next_unrun_dependency): Add parameter to
check for infinite recursive calls caused by dependency cycles.
(plugins_scheduler_next): Adjust plugin_next_unrun_dependency() function
call.
2016-10-10 Hani Benhabiles <hani.benhabiles@greenbone.net>
* CMakeLists.txt: Add -D_FILE_OFFSET_BITS=64 -DLARGEFILE_SOURCE=1.
Needed due to the include in r26353. Patch by Michael Wiegand.
2016-10-07 Hani Benhabiles <hani.benhabiles@greenbone.net>
* src/openvassd.c (main): Add --gnupg-home option. Call set_gpghome()
accordingly.
2016-10-05 Timo Pollmeier <timo.pollmeier@greenbone.net>
* tools/greenbone-nvt-sync.in (setup_temp_access_key)
(cleanup_temp_access_key): New functions.
(is_feed_current, sync_nvts): Use a temporary copy of the access key
with restrictive file access permissions if necessary.
2016-09-30 Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
* tools/greenbone-nvt-sync.in: Removed accidently placed
check for root. This is only relevant for scap/cert feed syncs,
not for nvt.
2016-09-27 Timo Pollmeier <timo.pollmeier@greenbone.net>
* tools/greenbone-nvt-sync.in: Increase version number.
2016-09-27 Timo Pollmeier <timo.pollmeier@greenbone.net>
Allow greenbone-nvt-sync to fall back to community feed if no access
key is available.
* tools/greenbone-nvt-sync.in: Add check if an access key is available
and use community feed as fallback.
(log_info, log_notice, log_warning): New functions.
(is_feed_current): Fall back to community feed if no access key is
available.
(do_wget_community_feed, do_curl_community_feed)
(do_rsync_community_feed, do_sync_community_feed): New functions.
(sync_feed): Fall back to community feed if no access key is
available.
(do_self_test): Do not fail if access key is missing. Check rsync
availablilty only in mode using access key.
2016-09-27 Hani Benhabiles <hani.benhabiles@greenbone.net>
* src/attack.c (attack_host): Send a "Host dead" host detail when the
host is dead.
2016-09-26 Timo Pollmeier <timo.pollmeier@greenbone.net>
* src/CMakeLists.txt: Add add_definitions for SCANNER_NVT_TIMEOUT to
have it defined in the C code.
2016-09-20 Hani Benhabiles <hani.benhabiles@greenbone.net>
* src/openvassd.c (main): Don't flush the kb when --cfg-specs is
provided.
2016-09-16 Hani Benhabiles <hani.benhabiles@greenbone.net>
Remove support for OTP over TCP sockets.
* src/comm.c (is_client_present), src/hosts.c (hosts_read_client),
src/ntp.c (ntp_read_prefs): Remove handling of otp over tcp.
* src/openvassd.c (loading_client_handle, loading_handler_start)
(scanner_thread, main_loop): Remove handling of otp over tcp.
(init_ssl_ctx, init_network): Remove function.
(main): Remove --listen --port --gnutls-priorities and --dh-params
cli parameters.
* doc/openvassd.8.in: Update documentation.
2016-09-09 Hani Benhabiles <hani.benhabiles@greenbone.net>
* src/hosts.c (forward): Don't end sending loop when nsend() returns 0.
2016-09-05 Hani Benhabiles <hani.benhabiles@greenbone.net>
* src/attack.c (launch_plugin), src/pluginlaunch.c
(update_running_processes): Log plugin name alongside of the oid.
2016-08-31 Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
* src/ntp.c: Remove unneeded includes.
2016-08-29 Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
* src/attack.c: Removed an unneeded include.
2016-08-23 Hani Benhabiles <hani.benhabiles@greenbone.net>
* CMakeLists.txt, src/CMakeLists.txt, tools/greenbone-nvt-sync.in
(OPENVAS_PID_DIR): Rename to OPENVAS_RUN_DIR.
* src/openvassd.c (main): Default to listening on
OPENVAS_PID_DIR/openvassd.sock unix socket.
2016-08-22 Hani Benhabiles <hani.benhabiles@greenbone.net>