File openvas-scanner.changes of Package openvas-scanner
-------------------------------------------------------------------
Sun Nov 10 09:04:40 UTC 2024 - Martin Hauke <mardnh@gmx.de>
- Update to version 23.10.1
XXX
XXX
XXX
-------------------------------------------------------------------
Tue Feb 21 11:16:38 UTC 2023 - Martin Hauke <mardnh@gmx.de>
- Update to version 22.4.1
https://github.com/greenbone/openvas-scanner/releases/tag/v22.4.1
-------------------------------------------------------------------
Wed Apr 27 10:06:38 UTC 2022 - Martin Hauke <mardnh@gmx.de>
- Update to version 21.4.4
Added
* flag to set cipher suite preferences on a TLS session.
* Extend nasl_ssh_shell_read().
* Add nasl function nasl_send_arp_request().
* Add function to get the local mac address.
* Add nasl functions for checking ssl/tls secure renegotiation
and performing re-handshake (backport #889).
Changed
* handle Fatal alert during handshake.
* extend cert_query() nasl function to get the public key
algorithm.
* Only log SSL/TLS failure once per script.
* Make OPENVAS_ENCAPS_TLSv13 visible for nasl scripts.
* Make OPENVAS_ENCAPS_TLSv13 visible for nasl scripts.
* Update digest algo OID to string mapping.
Bug Fixes
* possible g_memdup() silent memory truncation.
* Handle string encoding converison fail.
* Fixing isotime_add and add zero padding for isotime [#920].
- Update to version 21.4.3
Added
* Add nasl function sftp_enabled_check() to check if sftp
subsystem is enabled in the target.
* Fix Segmentation fault when freeing hosts and alive hosts.
Changed
* Changed defaults for installation locations.
+ SYSCONFDIR is /etc by default now
+ LOCALSTATEDIR is /var by default now
+ OPENVAS_RUN_DIR is /run/ospd by default now
+ OPENVAS_FEED_LOCK_PATH is /var/lib/openvas/feed-update.lock
by default now
Fixed
* Fix interrupted scan, when the process table is full.
* Use fchmod to change file permission instead of on open to
prevent race conditions.
* Fix plugins upload.
* Fix Error Message when NVTI chache init failed.
* Fix potential segfault.
-------------------------------------------------------------------
Fri Aug 20 10:22:24 UTC 2021 - Martin Hauke <mardnh@gmx.de>
- Update to version 21.4.2
* Fix clang-analyzer warnings.
-------------------------------------------------------------------
Mon Jun 28 09:20:23 UTC 2021 - Martin Hauke <mardnh@gmx.de>
- Update to version 21.4.1
Added
* Improve nasl linter to catch more cases of undeclared variables.
* Add deprecation warning for source_iface related settings which
will be removed with the 21.10 release.
* New Credentials for SSH to get su privileges.
Changed
* Update default log config.
Fixed
* Use host from the original hosts list when boreas is enabled.
* Initialize the the kb to store results for openvas-nasl.
* Fix unittest. Mock kb_lnk_reset.
-------------------------------------------------------------------
Fri Apr 16 18:44:01 UTC 2021 - Martin Hauke <mardnh@gmx.de>
- Update to version 21.4.0
Added
* Add scanner-only option to enable tls debugging.
* Extend nasl lint to detect if function parameter is used twice.
* Add option to specify if a host can be scanned through its
IPv4 and IPv6 in parallel.
* Add insert_tcp_options and insert_tcp_v6_options nasl functions.
* Add get_tcp_option and extend dump_tcp_packet nasl functions.
* Add new scanner only option for spawning NASL functions with
a different owner.
* Add debug logs for allow_simultaneous_ips=no.
* Add min_free_mem and max_sysload scanner only options.
Changed
* Store results in main_kb instead of host_kb.
* Also use internal function name in some nasl log messages.
* Move more scanner preferences to gvm-libs to make them
available for openvas-nasl.
Removed
* Use the nvticache name from gvm-libs, defined in nvticache.h.
-------------------------------------------------------------------
Sat Mar 6 17:00:36 UTC 2021 - Martin Hauke <mardnh@gmx.de>
- Follow upstream package names
* Rename package openvas -> openvas-scanner
- Update to version 20.8.1
Added
* Extend nasl lint to detect if function parameter is used twice
* Add support for TLSv1.3.
* Add alternative for supporting snmp during scans.
* Add resolve_hostname_to_multiple_ips() NASL function.
* Send message to the client with hosts count.
* Use nasl_perror on invalid input and add more documentation.
* Add timeout argument to ssh_connect() nasl function to set the
connection timeout.
Changed
* Downgrade wmi queries log level for common errors.
* Rename some nasl functions and func parameters for consistency
and fix byte order issue in get_ipv6_element.
* Change log level from debug to message to show max_host and
max_scan during scan start.
Fixed
* Fork vhosts before creating the socket.
* Check if another forked child has already added the same vhost.
* Send duplicated hosts as dead hosts to ospd, to adjust scan
progress calculation.
* Only send the signal if the pid is a positive value.
* When routes with same mask are found the route with the better
metric is chosen.
* Fix malformed target.
* Fix snmp result. Only return the value and do not stop at the
first \n.
* Fix masking of IPv6 addresses.
* Fix technique switch for getting the appropriate interface to
use for IPv6 dst addr.
* Fix host count. Set to -1 when the target string is invalid.
-------------------------------------------------------------------
Tue Aug 11 18:42:54 UTC 2020 - Martin Hauke <mardnh@gmx.de>
- Update to version 20.8.0
* Create greenbone-nvt-sync create lock file during feed sync.
* Extend script_get_preference() to get the value by id.
* Add extended environmental variables info to greenbone-nvt-sync
help text.
* Extend nasl functions which generate results with optional
"uri" parameter.
* Add nasl function to get the host kb index.
* Print the filter used by pcap in the error message.
Changed
* The logging of the NASL internal regexp functions was extended
to include the pattern in case of a failed regcomp().
* Add config for gpg keyring path (OPENVAS_GPG_BASE_DIR).
* Use func instead of FUNCTION.
* Use pcap_findalldevs() instead of deprecated function
pcap_lookupdev().
* Add port-range option for openvas-nasl.
* Add test_alive_hosts_only feature.
* Don't reload the plugins when start a new scan.
* Drop http feed sync.
* Add aligned summary to log at scan end.
* Unify log messages about start/end of scan and of hosts.
* Use flock to lock the feed lock file.
* Move alive detection module (Boreas) into gvm-libs.
* Allow to set all legal types of icmp v6 in icmp header in
openvas-nasl.
* The output of the NASL dump_* packet forgery functions was
made consistent.
* Make drop_privileges setting a scanner-only preference.
* Feed lock path is now configurable.
Fixed
* Improve signal handling when update vhosts list.
* Wait for all children instead of waiting just for one a time.
* Don't detect MongoDB as a HTTP service.
* Set status finished and send a message if the port list is
invalid.
* Fix format-truncation warning in GCC 8.2 and later.
* Clean the new kb when the scan was stopped and the host has
not been started.
* Prevent child deadlock.
* Memleak fixes for kb_item_get_str().
* Fix denied hosts.
* Fix openvas-nasl. Add kb key/value for all vhosts.
* Wait for last plugin to finish before change to other category.
* Corrected function parameter names in nasl_perror calls.
* Various updates to the nasl_perror() error texts.
* Fix icmp checksum calculation in openvas-nasl.
* Fix ipv6 flow label in nasl_packet_forgery_v6() for
openvas-nasl.
* Fix name of NASL internal IPPROTO_IP variable.
* Fix byte ordering and wrong PROTO identifier in
dump_ipv6_packet() for openvas-nasl.
* Fix size calculation which lead to alloc error in
get_tcp_element() of openvas-nasl.
* Fix filter out of default 'radio' type preferences.
* Allow group access to lockfile and fix empty timestamp.
Removed
* Removed "network scan" mode. This includes removal of NASL API
methods "scan_phase()" and "network_targets()". Sending a
"network_mode=yes" in a scanner configuration will have no
effect anymore.
-------------------------------------------------------------------
Tue Aug 11 07:25:05 UTC 2020 - Martin Hauke <mardnh@gmx.de>
- Package rename
* openvas-scanner -> openvas
- Update to version 7.0.1
Added
* Display gvm-libs version in openvas --version output
* Create greenbone-nvt-sync create lock file during feed sync.
* Extend script_get_preference() to get the value by id.
Changed
* Improve handling of invalid or existent ids of nvt's
preference id.
* Perform a scan even if there are missing plugins.
* Don't reload the plugins when start a new scan.
* Use new URL for GCF rsync.
Fixed
* Do not store in memory an empty file received as nvt
preference.
* Fix stop scan. #414
* Fix hanging scans. #423
* Improve signal handling when update vhosts list. #426
* Wait for all children instead of waiting just for one a time.
* Fix format-truncation warning in GCC 8.2 and later.
Removed
* Drop HTTP sync #489
- Update to version 7.0.1
Added
* An ID has been added to NVT preferences.
* A new NVT cross references data handling has been added.
* Add option --scan-stop.
* Add support to open an rc4 stream cipher, the function to
encrypt stream data using the cipher handle,
* and the function to close a handler.
* Add one single config for redis to config/redis-openvas.conf.
Changes
* Vendor version is now an option in the config file.
* The NVT preference format has been changed.
* Redis supported versions must be 3.2 or higher.
* Log directory is now configurable.
* The greenbone-nvt-sync script is not allowed to run as root.
* OpenVAS Scanner has been renamed to OpenVAS (Open
Vulnerability Assessment Scanner). #337 #343
* Retry until a host finishes and frees a db before running a
new host scan, in case there is no free redis db. Therefore
a infinite loop has been added when it call kb_new(). #340
* Use new nvti_add_tag() instead of plug_set_tag() and
remove plug_set_tag(). #385
* Remove dead code about tags regarding former openvas settings
"result_prepend_tags" and "result_append_tags". #386
* Check cache/feed errors during plugin scheduling.
* Vendor version is now an option in the config file.
* Use API for accessing NVTI elements.
Fixed
* An issue with stuck scans where only a single plugin is
running and is beyond its timeout has been addressed.
* Fix a type mismatch. Use correct format specifier for size_t.
* An issue which caused falling back into a default port in
get_ssh_port() has been fixed.
* An issue which could have caused a truncated string
in register_service() has been fixed.
* Reset redis connection after the host scan finished. This
avoids to leave open fd, which cause ulimit problems. #384
* Fix mis-identification of Sphinx Search service. #387
* Set a key in redis when the scan finishes and fix stop scan
using the right pid. #390
* Fix detection of finger service. #391
* Wait for zombie process in case of timed out nvts. #379
* Fix handling of file type nvt preferences. #399
Removed
* Unused be_nice scan preferences has been removed. #313
* OTP has been entirely removed in favor of using the
ospd-openvas interface. #333 #351
* Daemon mode has been entirely removed. #337 #341
-------------------------------------------------------------------
Tue Dec 6 13:08:47 UTC 2016 - michael@stroeder.com
- update to 5.0.7
-------------------------------------------------------------------
Mon Feb 15 14:53:52 UTC 2016 - rwawrig@suse.com
- update to 5.0.5
- Fixed a segmentation fault in the Scanner when processing an NVT without a
proper name.
- Install openvas-mkcert-client to "bin" instead of "sbin" to be FHS compliant
- The process title now contains the correct IP address for IPv4-mapped IPv6
addresses.
-------------------------------------------------------------------
Wed Aug 19 16:01:28 UTC 2015 - mrueckert@suse.de
- remove unused -q option from service file
-------------------------------------------------------------------
Tue Aug 18 15:21:29 UTC 2015 - mrueckert@suse.de
- update to 5.0.4
