File openvas-scanner.changes of Package openvas-scanner
-------------------------------------------------------------------
Thu Dec 30 10:44:39 UTC 2021 - Oliver Bengs <appleonkel@opensuse.org>
- added redis db directory
-------------------------------------------------------------------
Thu Dec 30 09:26:07 UTC 2021 - Oliver Bengs <appleonkel@opensuse.org>
- added patch for redis config
-------------------------------------------------------------------
Wed Dec 29 09:46:14 UTC 2021 - Oliver Bengs <appleonkel@opensuse.org>
- added default redis config
-------------------------------------------------------------------
Thu Dec 16 08:46:06 UTC 2021 - Oliver Bengs <appleonkel@opensuse.org>
- added _service remove gvm-common
- Update to version 21.4.3
Added
* nasl function sftp_enabled_check() to check if sftp subsystem is enabled in the target.
Backport #853
Backport #862
Add find_all to eregmatch() nasl function #875
* Fix Segmentation fault when freeing hosts and alive hosts #888
Changed
* defaults for installation locations #826
SYSCONFDIR is /etc by default now
LOCALSTATEDIR is /var by default now
OPENVAS_RUN_DIR is /run/ospd by default now
OPENVAS_FEED_LOCK_PATH is /var/lib/openvas/feed-update.lock by default now
Fixed
* interrupted scan, when the process table is full. #832
* Use fchmod to change file permission instead of on open to prevent race conditions 854
* Fix plugins upload #878
* Fix Error Message when NVTI chache init failed #885
* Fix potential segfault.#884
-------------------------------------------------------------------
Fri Aug 20 10:22:24 UTC 2021 - Martin Hauke <mardnh@gmx.de>
- Update to version 21.4.2
* Fix clang-analyzer warnings.
-------------------------------------------------------------------
Mon Jun 28 09:20:23 UTC 2021 - Martin Hauke <mardnh@gmx.de>
- Update to version 21.4.1
Added
* Improve nasl linter to catch more cases of undeclared variables.
* Add deprecation warning for source_iface related settings which
will be removed with the 21.10 release.
* New Credentials for SSH to get su privileges.
Changed
* Update default log config.
Fixed
* Use host from the original hosts list when boreas is enabled.
* Initialize the the kb to store results for openvas-nasl.
* Fix unittest. Mock kb_lnk_reset.
-------------------------------------------------------------------
Fri Apr 16 18:44:01 UTC 2021 - Martin Hauke <mardnh@gmx.de>
- Update to version 21.4.0
Added
* Add scanner-only option to enable tls debugging.
* Extend nasl lint to detect if function parameter is used twice.
* Add option to specify if a host can be scanned through its
IPv4 and IPv6 in parallel.
* Add insert_tcp_options and insert_tcp_v6_options nasl functions.
* Add get_tcp_option and extend dump_tcp_packet nasl functions.
* Add new scanner only option for spawning NASL functions with
a different owner.
* Add debug logs for allow_simultaneous_ips=no.
* Add min_free_mem and max_sysload scanner only options.
Changed
* Store results in main_kb instead of host_kb.
* Also use internal function name in some nasl log messages.
* Move more scanner preferences to gvm-libs to make them
available for openvas-nasl.
Removed
* Use the nvticache name from gvm-libs, defined in nvticache.h.
-------------------------------------------------------------------
Sat Mar 6 17:00:36 UTC 2021 - Martin Hauke <mardnh@gmx.de>
- Follow upstream package names
* Rename package openvas -> openvas-scanner
- Update to version 20.8.1
Added
* Extend nasl lint to detect if function parameter is used twice
* Add support for TLSv1.3.
* Add alternative for supporting snmp during scans.
* Add resolve_hostname_to_multiple_ips() NASL function.
* Send message to the client with hosts count.
* Use nasl_perror on invalid input and add more documentation.
* Add timeout argument to ssh_connect() nasl function to set the
connection timeout.
Changed
* Downgrade wmi queries log level for common errors.
* Rename some nasl functions and func parameters for consistency
and fix byte order issue in get_ipv6_element.
* Change log level from debug to message to show max_host and
max_scan during scan start.
Fixed
* Fork vhosts before creating the socket.
* Check if another forked child has already added the same vhost.
* Send duplicated hosts as dead hosts to ospd, to adjust scan
progress calculation.
* Only send the signal if the pid is a positive value.
* When routes with same mask are found the route with the better
metric is chosen.
* Fix malformed target.
* Fix snmp result. Only return the value and do not stop at the
first \n.
* Fix masking of IPv6 addresses.
* Fix technique switch for getting the appropriate interface to
use for IPv6 dst addr.
* Fix host count. Set to -1 when the target string is invalid.
-------------------------------------------------------------------
Tue Aug 11 18:42:54 UTC 2020 - Martin Hauke <mardnh@gmx.de>
- Update to version 20.8.0
* Create greenbone-nvt-sync create lock file during feed sync.
* Extend script_get_preference() to get the value by id.
* Add extended environmental variables info to greenbone-nvt-sync
help text.
* Extend nasl functions which generate results with optional
"uri" parameter.
* Add nasl function to get the host kb index.
* Print the filter used by pcap in the error message.
Changed
* The logging of the NASL internal regexp functions was extended
to include the pattern in case of a failed regcomp().
* Add config for gpg keyring path (OPENVAS_GPG_BASE_DIR).
* Use func instead of FUNCTION.
* Use pcap_findalldevs() instead of deprecated function
pcap_lookupdev().
* Add port-range option for openvas-nasl.
* Add test_alive_hosts_only feature.
* Don't reload the plugins when start a new scan.
* Drop http feed sync.
* Add aligned summary to log at scan end.
* Unify log messages about start/end of scan and of hosts.
* Use flock to lock the feed lock file.
* Move alive detection module (Boreas) into gvm-libs.
* Allow to set all legal types of icmp v6 in icmp header in
openvas-nasl.
* The output of the NASL dump_* packet forgery functions was
made consistent.
* Make drop_privileges setting a scanner-only preference.
* Feed lock path is now configurable.
Fixed
* Improve signal handling when update vhosts list.
* Wait for all children instead of waiting just for one a time.
* Don't detect MongoDB as a HTTP service.
* Set status finished and send a message if the port list is
invalid.
* Fix format-truncation warning in GCC 8.2 and later.
* Clean the new kb when the scan was stopped and the host has
not been started.
* Prevent child deadlock.
* Memleak fixes for kb_item_get_str().
* Fix denied hosts.
* Fix openvas-nasl. Add kb key/value for all vhosts.
* Wait for last plugin to finish before change to other category.
* Corrected function parameter names in nasl_perror calls.
* Various updates to the nasl_perror() error texts.
* Fix icmp checksum calculation in openvas-nasl.
* Fix ipv6 flow label in nasl_packet_forgery_v6() for
openvas-nasl.
* Fix name of NASL internal IPPROTO_IP variable.
* Fix byte ordering and wrong PROTO identifier in
dump_ipv6_packet() for openvas-nasl.
* Fix size calculation which lead to alloc error in
get_tcp_element() of openvas-nasl.
* Fix filter out of default 'radio' type preferences.
* Allow group access to lockfile and fix empty timestamp.
Removed
* Removed "network scan" mode. This includes removal of NASL API
methods "scan_phase()" and "network_targets()". Sending a
"network_mode=yes" in a scanner configuration will have no
effect anymore.
-------------------------------------------------------------------
Tue Aug 11 07:25:05 UTC 2020 - Martin Hauke <mardnh@gmx.de>
- Package rename
* openvas-scanner -> openvas
- Update to version 7.0.1
Added
* Display gvm-libs version in openvas --version output
* Create greenbone-nvt-sync create lock file during feed sync.
* Extend script_get_preference() to get the value by id.
Changed
* Improve handling of invalid or existent ids of nvt's
preference id.
* Perform a scan even if there are missing plugins.
* Don't reload the plugins when start a new scan.
* Use new URL for GCF rsync.
Fixed
* Do not store in memory an empty file received as nvt
preference.
* Fix stop scan. #414
* Fix hanging scans. #423
* Improve signal handling when update vhosts list. #426
* Wait for all children instead of waiting just for one a time.
* Fix format-truncation warning in GCC 8.2 and later.
Removed
* Drop HTTP sync #489
- Update to version 7.0.1
Added
* An ID has been added to NVT preferences.
* A new NVT cross references data handling has been added.
* Add option --scan-stop.
* Add support to open an rc4 stream cipher, the function to
encrypt stream data using the cipher handle,
* and the function to close a handler.
* Add one single config for redis to config/redis-openvas.conf.
Changes
* Vendor version is now an option in the config file.
* The NVT preference format has been changed.
* Redis supported versions must be 3.2 or higher.
* Log directory is now configurable.
* The greenbone-nvt-sync script is not allowed to run as root.
* OpenVAS Scanner has been renamed to OpenVAS (Open
Vulnerability Assessment Scanner). #337 #343
* Retry until a host finishes and frees a db before running a
new host scan, in case there is no free redis db. Therefore
a infinite loop has been added when it call kb_new(). #340
* Use new nvti_add_tag() instead of plug_set_tag() and
remove plug_set_tag(). #385
* Remove dead code about tags regarding former openvas settings
"result_prepend_tags" and "result_append_tags". #386
* Check cache/feed errors during plugin scheduling.
* Vendor version is now an option in the config file.
* Use API for accessing NVTI elements.
Fixed
* An issue with stuck scans where only a single plugin is
running and is beyond its timeout has been addressed.
* Fix a type mismatch. Use correct format specifier for size_t.
* An issue which caused falling back into a default port in
get_ssh_port() has been fixed.
* An issue which could have caused a truncated string
in register_service() has been fixed.
* Reset redis connection after the host scan finished. This
avoids to leave open fd, which cause ulimit problems. #384
* Fix mis-identification of Sphinx Search service. #387
* Set a key in redis when the scan finishes and fix stop scan
using the right pid. #390
* Fix detection of finger service. #391
* Wait for zombie process in case of timed out nvts. #379
* Fix handling of file type nvt preferences. #399
Removed
* Unused be_nice scan preferences has been removed. #313
* OTP has been entirely removed in favor of using the
ospd-openvas interface. #333 #351
* Daemon mode has been entirely removed. #337 #341
-------------------------------------------------------------------
Tue Dec 6 13:08:47 UTC 2016 - michael@stroeder.com
- update to 5.0.7
-------------------------------------------------------------------
Mon Feb 15 14:53:52 UTC 2016 - rwawrig@suse.com
- update to 5.0.5
- Fixed a segmentation fault in the Scanner when processing an NVT without a
proper name.
- Install openvas-mkcert-client to "bin" instead of "sbin" to be FHS compliant
- The process title now contains the correct IP address for IPv4-mapped IPv6
addresses.
-------------------------------------------------------------------
Wed Aug 19 16:01:28 UTC 2015 - mrueckert@suse.de
- remove unused -q option from service file
-------------------------------------------------------------------
Tue Aug 18 15:21:29 UTC 2015 - mrueckert@suse.de
- update to 5.0.4
