pax_global_header00006660000000000000000000000064133415445560014524gustar00rootroot0000000000000052 comment=a2dc191d3b9ef27a4d057b82f115dcf284b28e1c openvas-scanner-5.1.3/000077500000000000000000000000001334154455600146345ustar00rootroot00000000000000openvas-scanner-5.1.3/.circleci/000077500000000000000000000000001334154455600164675ustar00rootroot00000000000000openvas-scanner-5.1.3/.circleci/config.yml000066400000000000000000000013551334154455600204630ustar00rootroot00000000000000version: 2 jobs: build: docker: - image: greenbone/build-env-gvm-libs-openvas-libraries-9.0-debian-jessie-gcc-core steps: - run: working_directory: ~/gvm-libs name: Checkout openvas-libraries-9.0 command: git clone --depth 1 https://github.com/greenbone/gvm-libs.git -b openvas-libraries-9.0 - run: working_directory: ~/gvm-libs name: Configure and compile openvas-libraries-9.0 command: pushd gvm-libs && mkdir build && cd build/ && cmake -DCMAKE_BUILD_TYPE=Release .. && make install && popd - checkout - run: name: Configure and Compile command: mkdir build && cd build/ && cmake -DCMAKE_BUILD_TYPE=Release .. && make install openvas-scanner-5.1.3/CHANGES000066400000000000000000004166011334154455600156370ustar00rootroot00000000000000SUMMARY OF RELEASE CHANGES FOR OPENVAS-SCANNER 5.1 ================================================== For detailed code changes, please visit https://github.com/greenbone/openvas-scanner/commits/openvas-scanner-5.1 or get the entire source code repository and view log history: $ git clone https://github.com/greenbone/openvas-scanner.git $ cd openvas-scanner && git checkout openvas-scanner-5.1 && git log openvas-scanner 5.1.3 (2018-08-29) This is the third maintenance release of the openvas-scanner 5.1 module for the Open Vulnerability Assessment System 9 (OpenVAS-9). Many thanks to everyone who has contributed to this release: Hani Benhabiles, Juan Jose Nicola, Timo Pollmeier, Jan-Oliver Wagner and Michael Wiegand. Main changes compared to 5.1.2: * An issue which caused the scanner host process to get stuck searching for plugins has been addressed. * Dependency for openvas-libraries has been raised from 9.0.2 to 9.0.3. * Checking routines for tcp and udp required ports have been improved. * Handling of requests from manager during the plugin load up has been improved. * Support to specify a regex-based mandatory key has been added. * New scanner option "time_between_request" has been added. * NVT metadata cleanup has been improved. openvas-scanner 5.1.2 (2018-03-07) This is the second maintenance release of the openvas-scanner 5.1 module for the Open Vulnerability Assessment System 9 (OpenVAS-9). Many thanks to everyone who has contributed to this release: Hani Benhabiles, Björn Ricks, Michael Wiegand, and Juan Jose Nicola. Main changes compared to 5.1.1: * Plugin scheduling has been improved. * An issue which caused segmentation faults under certain circumstances when openvas-scanner was built with GnuTLS < 3.3.0 has been addressed. * The use of hostname and IP while logging has been made more consistent. * An issue which caused NVTs to be executed out of sequence has been addressed. * An issue which caused the main scanner process to terminate prematurely when receiving a SIGHUP signal under certain circumstances has been addressed. * Increased dependency for openvas-libraries from 9.0.0 to 9.0.2. * A Redis error is considered fatal and all running scans are stopped. A message is sent to the client and the NVTs are reloaded. * A new progress bar style in which dead host are not taken in account was added, which makes more time realistic the progress bar. * An issue which caused low scan performance has been addressed. * The preference log_whole_attack is now an scanner-only preference. * Several memory management issues have been addressed. * Load-up plugins process is now a forked child process, which prevent main process memory footprint growth. * Plugin preferences are sent directly to the client. * Full nvticache has been moved from .nvti files to Redis. * An issue with dependency cycle detection has been addressed. * An issue which cause complete deletion of nvticache before reloading has been addressed. openvas-scanner 5.1.1 (2017-03-07) This is the first maintenance release of the openvas-scanner 5.1 module for the Open Vulnerability Assessment System 9 (OpenVAS-9). Many thanks to everyone who has contributed to this release: Hani Benhabiles. Main changes compared to 5.1.0: * The logging is now properly re-initialized when the main openvassd process receives as SIGHUP signal. * An issue which caused openvassd child processes to enter an infinite busy-wait loop under certain conditions has been fixed. * Handling of 'dead' targets has been improved. openvas-scanner 5.1.0 (2016-11-09) This is the first release of the openvas-scanner 5.1 module for the Open Vulnerability Assessment System 9 (OpenVAS-9). Compared to the previous major release the scanner now serves via a unix file socket instead of a tcp socket which simplifies the setup, handling and code-base. Also, the feed synchronisations were consolidated into a single method. And in general the scanner becomes lighter, faster and more robust. Many thanks to everyone who has contributed to this release: Benoît Allard, Hani Benhabiles, Henri Doreau, Sven Haardiek, Matthew Mundell, Timo Pollmeier, Jan-Oliver Wagner and Michael Wiegand. Main changes compared to the 5.0 series: * Replaced OTP TLS certificate-authorized TCP socket service by a unix file socket based service. * Moved the TLS certificate management script to module openvas-manager. * Merged the two feed sync scripts into a single one that can handle both, the Community Feed and the Greenbone Security Feed. * New command line options --unix-socket, --listen-mode, --listen-group, --listen-owner and --gnupg-home. * Removed command line options --listen, --port, --gnutls-priorities and --dh-params. * The nvt summary isn't send anymore as it is not used anymore. * Send a "Host dead" host detail when the host is dead. * Dropped scanner preferences cert_file, key_file and ca_file. * Add scanner preferences timeout_retry and scanner_plugins_timeout. * Reduced memory consumption and improved performance * Numerous build and code improvements * Increased dependency for glib from 2.16 to 2.32. * Increased dependency for openvas-libraries from 8.0 to 9.0.0. Main changes compared to 5.0beta3: * Replaced OTP TLS certificate-authorized TCP socket service by a unix file socket service. * New command line options --unix-socket, --listen-mode, --listen-group, --listen-owner and --gnupg-home. * Removed command line options --listen, --port, --gnutls-priorities and --dh-params. * Extended greenbone-nvt-sync with some functionalities of openvas-nvt-sync to cover both, GSF feed and Community Feed. openvas-nvt-sync removed. * Moved the openvas-manage-certs script to module openvas-manager. * Dropped scanner preferences cert_file, key_file and ca_file. * Send a "Host dead" host detail when the host is dead. * Improved the cmake buildsystem. * Fixed some memory leaks. * Some improvements to the logging functionality. * The nvt summary isn't send anymore as it is not used anymore. * Increased dependency for glib from 2.16 to 2.32. * Various code improvements. openvas-scanner 5.1+beta3 (2016-04-14) This is the third beta release of the openvas-scanner 5.1 module for the Open Vulnerability Assessment System (OpenVAS). It will be part of the upcoming "OpenVAS-9". This release addresses numerous minor bug fixes, code improvements and build improvements. Many thanks to everyone who has contributed to this release: Hani Benhabiles, Sven Haardiek, Timo Pollmeier and Michael Wiegand. Main changes compared to 5.0beta2: * Add scanner preferences timeout_retry and scanner_plugins_timeout. * Various minor bug fixes and code improvements as well as build improvements. openvas-scanner 5.1+beta2 (2015-10-21) This is the second beta release of the openvas-scanner 5.1 module for the Open Vulnerability Assessment System (OpenVAS). It will be part of the upcoming "OpenVAS-9". Main new feature of this release is the switch from openssl based certificate management scripts to a GNUTLS (certtool) based one. Many thanks to everyone who has contributed to this release: Hani Benhabiles, Sven Haardiek, Jan-Oliver Wagner and Michael Wiegand. Main changes compared to 5.0beta1: * Install "openvas-mkcert-client" FHS compliant. * Improve openvas-manage-certs script. The script is now able to set up a certificate infrastructure for an OpenVAS installation, create additional certificates, verify the installation and perform other certificate related tasks while being highly configurable at run time through environment variables or a configuration file. * Retire openvas-mkcert and openvas-mkcert-client now that their replacement openvas-manage-certs is ready for use. This also means that openssl is not required anymore, instead gnutls (certtool) is now also used for the certificate management scripts. * Improved support for IPv6. * Simplify project version setting. Use SVN version at build time in binary instead of SVN version at configuration time. Make SVN revision retrieval work with SVN >= 1.7. * Apply -Wextra for builds. openvas-scanner 5.1+beta1 (2015-07-17) This is the first beta release of the openvas-scanner 5.1 module for the Open Vulnerability Assessment System (OpenVAS). It will be part of the upcoming "OpenVAS-9". Main new features of 5.1 compared to 5.0 include reduced memory usage and improved performance. Many thanks to everyone who has contributed to this release: Benoît Allard, Hani Benhabiles, Sven Haardiek, Jan-Oliver Wagner and Michael Wiegand. Main changes compared to 5.0.x: * The required minimum version of OpenVAS Libraries has been raised to 8.1.0. * Internal improvements to match changes in OpenVAS Libraries. * Memory usage has been reduced by improved cache usage. * A number of issues discovered through static code analysis have been addressed. * Documentation has been updated. openvas-scanner 5.0.1 (2015-04-01) This is the first maintenance release of the openvas-scanner 5.0 module for the Open Vulnerability Assessment System release 8 (OpenVAS-8). This release basically applies some minor improvements about signal handling and stopping a scan. Many thanks to everyone who contributed to this release: Hani Benhabiles Main changes compared to 5.0.0: * Dropped the useless otp setting "ntp_keep_communication_alive". Clients don't need to send this anymore. * Improved signal handling of the scanner daemon. * Fixes for stopping scans properly. * Various code cleanups. openvas-scanner 5.0.0 (2015-03-16) This is the first release of the openvas-scanner 5.0 module for the Open Vulnerability Assessment System release 8 (OpenVAS-8). Compared to the previous major release it now uses a Redis based back end for the internal knowledge base. It removes support for the scan pausing feature and considerably reduces memory consumption and provides a number of other improvements. Many thanks to everyone who contributed to this release: Benoit Allard, Hani Benhabiles, Henri Doreau, Matthew Mundell, Jan-Oliver Wagner and Michael Wiegand. Main changes compared to the 4.0 series: * OpenVAS Scanner now uses the Redis based knowledge base (KB) back end. This makes it mandatory to run a Redis server for scanning. * Support for the scan pausing feature has been removed. * The commands STOP_ATTACK and OPENVASSD_VERSION have been removed from OTP. * The scanner will no longer set the obsolete "src" element for the NVTi cache. * The default key size for certificates produces by the "mkcert" tools has been changed from 1024 to 4096 bits, the scripts now use SHA-256 instead of SHA-1 as the message digest algorithm. * The scanner will no longer implicitly launch NVTs from the ACT_SETTINGS category when scanning. * When commanded to stop a scan the scanner will now switch to ACT_END instead of immediately bailing out. * Memory consumption has been considerably reduced. * Internal memory management now uses the appropriate glib functions instead of the custom implementation provided by openvas-libraries used previously. * The OID of the affected NVT is now reported if an NVT terminates early. * The scanner now logs a backtrace when a process segfaults. * The communication of the host scanning status with the client has been improved to allow for more accurate progress information. * Library checks during package configuration have been improved and are now more comprehensive and consistent. * Handling of linker and compiler flags during package configuration has been improved and simplified. * Support for migration of unsigned files to the "private/" subdirectory has been removed as it was obsolete since the retirement of OpenVAS-5. * Signal handling has been improved. * Comprehensive code cleanups. Main changes compared to 5.0+beta6: * An issue which caused openvassd process to fail to terminate when a scan was requested to stop has been fixed. * Support for migration of unsigned files to the "private/" subdirectory has been removed as it was obsolete since the retirement of OpenVAS-5. * Signal handling has been improved. * Various code cleanups and improvements. openvas-scanner 5.0+beta6 (2015-02-11) This is the sixth beta release of the openvas-scanner 5.0 module for the Open Vulnerability Assessment System (OpenVAS). It will be part of the upcoming "OpenVAS-8". This release contains a number of small improvements and cleanups. Many thanks to everyone who has contributed to this release: Hani Benhabiles and Michael Wiegand. Main changes compared to 5.0+beta5: * The communication of the host scanning status with the client has been improved to allow for more accurate progress information. * Library checks during package configuration have been improved and are now more comprehensive and consistent. * Handling of linker and compiler flags during package configuration has been improved and simplified. openvas-scanner 5.0+beta5 (2015-01-12) This is the fifth beta release of the openvas-scanner 5.0 module for the Open Vulnerability Assessment System (OpenVAS). It will be part of the upcoming "OpenVAS-8". This release contains a number of small improvements and cleanups. Many thanks to everyone who has contributed to this release: Hani Benhabiles, Jan-Oliver Wagner and Michael Wiegand. Main changes compared to 5.0+beta4: * The NVT file name is now used correctly when enabling dependencies. * The preference "kb_location" has been added to the list of "scanner only" preferences. * The scanner will no longer set the obsolete "src" element for the NVTi cache. * The greenbone-nvt-sync script is now generated by the build process. * Version information has been updated and improved. * Superfluous includes and redundant linking commands have been removed. * Various code cleanups and improvements. openvas-scanner 5.0+beta4 (2014-11-20) This is the fourth beta release of the openvas-scanner 5.0 module for the Open Vulnerability Assessment System (OpenVAS). It will be part of the upcoming "OpenVAS-8". This release considerably improves memory management. Many thanks to everyone who has contributed to this release: Hani Benhabiles, Henri Doreau and Jan-Oliver Wagner. Main changes compared to 5.0+beta3: * Upon stop signal, the scanner will switch to ACT_END instead of immediately bailing out. * Considerable reduction of memory consumption. * Various code cleanups and improvements. * Increase buffer size for preferences to allow for upto 69K NVTs. * Log backtrace when a process segfaults. * Refactored preferences module. openvas-scanner 5.0+beta3 (2014-10-14) This is the third beta release of the openvas-scanner 5.0 module for the Open Vulnerability Assessment System (OpenVAS). It will be part of the upcoming "OpenVAS-8". This release further improves memory management and fixes memory leaks. It also contains adjustments for changes in the NVTi cache API and produces more useful information when an NVT terminates early. Many thanks to everyone who has contributed to this release: Hani Benhabiles and Jan-Oliver Wagner. Main changes compared to 5.0+beta2: * Memory management has been improved and memory leaks have been fixed. * Adjustments for NVTi cache API changes. * If an NVT terminates early, the OID of the affected NVT is reported. * Adjustments for further changes in OpenVAS Libraries. openvas-scanner 5.0+beta2 (2014-09-22) This is the second beta release of the openvas-scanner 5.0 module for the Open Vulnerability Assessment System (OpenVAS). It will be part of the upcoming "OpenVAS-8". This release contains further comprehensive code-cleanups, especially regarding internal calls for memory management. It also removes an exception for NVTs from the ACT_SETTINGS category regarding implicit launches during a scan and makes the location of the redis socket configurable. Many thanks to everyone who has contributed to this release: Hani Benhabiles, Henri Doreau, Jan-Oliver Wagner and Michael Wiegand. Main changes compared to 5.0+beta1: * The scanner will no longer implicitly launch NVTs from the ACT_SETTINGS category when scanning. * Internal memory management now uses the appropriate glib functions instead of the custom implementation provided by openvas-libraries used previously. * The location of the redis socket is now configurable. * Further comprehensive code-cleanups. openvas-scanner 5.0+beta1 (2014-08-21) This is the first beta release of the openvas-scanner 5.0 module for the Open Vulnerability Assessment System (OpenVAS). It will be part of the upcoming "OpenVAS-8". Main new feature of 5.0 compared to 4.0 is the switch to redis-based Knowledge Base (KB), making it mandatory to run a redis-server. Many thanks to everyone who has contributed to this release: Hani Benhabiles, Henri Doreau, Matthew Mundell, Jan-Oliver Wagner and Michael Wiegand. Main changes compared to 4.0.x: * Switch to the redis-based kowledge base (KB) backend. This makes it mandatory to run a redis server for scanning. * Default key size for certificates of "mkcert" tools changed from 1024 to 4069 bits and use SHA-256 instead of SHA-1. * Removed scan pausing feature. * Removed commands STOP_ATTACK and OPENVASSD_VERSION from OTP. * openvas-manage-certs.sh as initial version to eventually replace openvas-mkcert and openvas-mkcert-client. * Various minor improvements. * Comprehensive code-cleanups. openvas-scanner 4.0.1 (2014-04-23) This is the first maintenance release of the openvas-scanner 4.0 module for the Open Vulnerability Assessment System release 7 (OpenVAS-7). This release removes the last beta identifier from the OTP protocol, as well as fixes some minor issues. Many thanks to everyone who contributed to this release: Hani Benhabiles, Jan-Oliver Wagner Main changes compared to 4.0.0: * Remove "beta" from OTP identifier. * Remove superflous linking. openvas-scanner 4.0.0 (2014-04-10) This is the first release of the openvas-scanner 4.0 module for the Open Vulnerability Assessment System release 7 (OpenVAS-7). Compared to the previous major release it has a reduced OTP protocol, does not manage users anymore and has a improved daemon handling. Further changes are a entirely new target host module that allows advanced specification of target ranges and new is the interface selection for scans. Many thanks to everyone who has contributed to the 4.0.0 release: Benoît Allard, Hani Benhabiles, Henri Doreau, Michael Meyer, Matthew Mundell, Timo Pollmeier, Jan-Oliver Wagner and Michael Wiegand. Main changes compared to 3.4.x: * Speedup cache building process. * Add --gnutls-priorities option. * An ETA for the plugins reload is now included in the proctitle. * The scanner now loads the NVTs in the background after starting instead of waiting for the NVTs to load before backgrounding. Attention: This changes the default behaviour of invoking the scanner. * Drop command line option "-q". Instead scanner is now quiet by default. Attention: This changes the default behaviour of invoking the scanner. * New command line option "--progress" will show progress of start-up. * New handling of SIGHUP: The NVT cache will be updated and configuration be reloaded. This is only done for the main process, not for child processes. * OTP version 2.0 replaces OTP 1.0 and 1.1. * OTP command "PLUGINS_DEPENDENCIES" has been removed. * OTP command "CERTIFICATES" has been removed. * The handling of MD5 checksums and the SEND_PLUGINS_MD5 command has been removed from OTP. * The OTP command PLUGINS_MD5 has been renamed to NVT_INFO. * Support for sending the feed version via OTP has been added. * Report current and total number of loading plugins to clients when scanner is still loading. * Don't early drops out of OTP upon non-critical problems. * Removed server_info preferences from OTP as they have not much use for the client. * OpenVAS Scanner no longer sends NVT descriptions separately since the corresponding information is now contained in the script_tags. * Remove slice_network_addresses and ntp_opt_show_end scanner preferences. * Add hosts_ordering, exclude_hosts, reverse_lookup_only, reverse_lookup_unify scanner preferences. * The port range option "default" has been removed. * The scanner preference "silent_dependencies" has been removed. * Improved port range validation. * Prevent NVT circular depedencies in recursion. * Removed support for OVAL plugins. It was never used as part of the feed and it makes more sense to issue a specialised oval scanner. * The host permissions concept has been reworked, resulting in the removal of the outdated rules system. * Handling of interface permissions has been introduced. * Usage of post_alarm instead of post_error and post_note. * Integrate openvas_hosts interface. Remove usage of HG submodule. * Support for Knowledge Base saving outside of network scans has been removed. * User handling has been removed as it is now handled by OpenVAS Manager. * Support for determining if a NVT feed is current and only synchronizing it when it is not has been added. * The required minimum GnuTLS version has increased to 2.8. * The required minimum OpenVAS Libraries version has increased to 7.0.0. * The I18n support for outdated scripts has been removed. * A number of outdated and unmaintained documentation files have been removed. * Addressed code quality issues. * Code cleanups. openvas-scanner 4.0+beta9 (2014-03-26) This is the ninth beta release of the openvas-scanner 4.0 module for the Open Vulnerability Assessment System (OpenVAS). It will be part of the upcoming "OpenVAS-7". This release speedup the cache building process as well as adds a --gnutls-priorities option to specify the cipher priority. Many thanks to everyone who contributed to this release: Hani Benhabiles, Jan-Oliver Wagner Main changes since 4.0+beta8: * Speedup cache building process. * Add --gnutls-priorities option. * Report current and total number of loading plugins to clients when scanner is still loading. openvas-scanner 4.0+beta8 (2014-03-18) This is the eighth beta release of the openvas-scanner 4.0 module for the Open Vulnerability Assessment System (OpenVAS). It will be part of the upcoming "OpenVAS-7". Starting with this release, OpenVAS Scanner will support only the OTP 2.0 protocol. The OTP 1.0 and 1.1 protocols have been consolidated into OTP 2.0, thus allowing now unnecessary complexities to be removed from the code. This release also removes the obsolete OTP command "PLUGINS_DEPENDENCIES" and improves the loading process. Many thanks to everyone who has contributed to this release: Hani Benhabiles, Jan-Oliver Wagner and Michael Wiegand. Main changes compared to 4.0+beta7: * OpenVAS Scanner will only support OTP version 2.0 from now on. * The OTP command "PLUGINS_DEPENDENCIES" has been removed. * The loading process has been improved. * A number of outdated and unmaintained documentation files have been removed. openvas-scanner 4.0+beta7 (2014-03-12) This is the seventh beta release of the openvas-scanner 4.0 module for the Open Vulnerability Assessment System (OpenVAS). It will be part of the upcoming "OpenVAS-7". This release removes the OTP command "CERTIFICATES". The command was used by the old GTK client to retrieve the signing keys for NVT feed content. The core idea at that time was to have feed content with mixed author signing keys. This turned out to not get into practice. The release also adds an estimate of the time remaining for the NVT reload to the process title and addresses a number of code quality issue. Many thanks to everyone who has contributed to this release: Benoît Allard, Hani Benhabiles, Jan-Oliver Wagner and Michael Wiegand. Main changes compared to 4.0+beta6: * The OTP command "CERTIFICATES" has been removed. * An ETA for the plugins reload is now included in the proctitle. * Addressed code quality issues. openvas-scanner 4.0+beta6 (2014-03-05) This is the sixth beta release of the openvas-scanner 4.0 module for the Open Vulnerability Assessment System (OpenVAS). It will be part of the upcoming "OpenVAS-7". This release addresses code quality issues and changes the launch behaviour of OpenVAS Scanner to backgrounding before the initial loading of the NVTs instead of wait for the NVTs to load before going into the background. Many thanks to everyone who has contributed to this release: Hani Benhabiles, Henri Doreau and Michael Wiegand. Main changes compared to 4.0+beta5: * Addressed code quality issues. * The scanner now loads the NVTs in the background after starting instead of waiting for the NVTs to load before backgrounding. Attention: This changes the default behaviour of invoking the scanner. openvas-scanner 4.0+beta5 (2014-02-16) This is the fifth beta release of the openvas-scanner 4.0 module for the Open Vulnerability Assessment System (OpenVAS). It will be part of the upcoming "OpenVAS-7". Main changes since last beta release address some fixes and code cleanups. Many thanks to everyone who has contributed to this release: Hani Benhabiles, Henri Doreau, Michael Meyer, Matthew Mundell, Michael Wiegand and Jan-Oliver Wagner. Main changes compared to 4.0+beta4: * Don't early drops out of OTP upon non-critical problems. * Improved port range validation. * Prevent NVT circular depedencies in recursion. * Code cleanups. openvas-scanner 4.0+beta4 (2014-01-10) This is the fourth beta release of the openvas-scanner 4.0 module for the Open Vulnerability Assessment System (OpenVAS). It will be part of the upcoming "OpenVAS-7". Main changes since last beta release include: New handling of SIGHUP and replacement of "-q" by "--progress", which changes the default behaviour. Many thanks to everyone who has contributed to this release: Hani Benhabiles, Henri Doreau, Matthew Mundell and Jan-Oliver Wagner. Main changes compared to 4.0+beta3: * Drop command line option "-q". Instead scanner is now quiet by default. Attention: This changes the default behaviour of invoking the scanner. * New command line option "--progress" will show progress of start-up. * New handling of SIGHUP: The NVT cache will be updated and configuration be reloaded. This is only done for the main process, not for child processes. * Removed server_info preferences from OTP as they have not much use for the client. * Removed support for OVAL plugins. It was never used as part of the feed and it makes more sense to issue a specialised oval scanner. * Code cleanups. openvas-scanner 4.0+beta3 (2013-11-21) This is the third beta release of the openvas-scanner 4.0 module for the Open Vulnerability Assessment System (OpenVAS). It will be part of the upcoming "OpenVAS-7". Main changes since last beta release include: A reworked host permissions concept, resulting in the removal of the outdated rules system; improve handling of interface permissions and host related preferences as well as a change in sending NVT descriptions. Many thanks to everyone who has contributed to this release: Hani Benhabiles, Jan-Oliver Wagner and Michael Wiegand. Main changes compared to 4.0+beta2: * The host permissions concept has been reworked, resulting in the removal of the outdated rules system. * Handling of host related preferences has been improved. * Handling of interface permissions has been reworked. * OpenVAS Scanner no longer sends NVT descriptions separately since the corresponding information is now contained in the script_tags. * Code cleanups. openvas-scanner 4.0+beta2 (2013-09-26) This is the second beta release of the openvas-scanner 4.0 module for the Open Vulnerability Assessment System (OpenVAS). It will be part of the upcoming "OpenVAS-7". Main changes since last beta release include: Integration of openvas_hosts interface, replacing the usage of HG submodule. Support of new scanning preferences and removal of other ones and various code cleanups and improvements. Many thanks to everyone who has contributed to this release: Hani Benhabiles, Jan-Oliver Wagner, Matthew Mundell and Michael Wiegand. Main changes compared to 4.0+beta1: * Usage of post_alarm instead of post_error and post_note. * Big number of code cleanups. * Integrate openvas_hosts interface. Remove usage of HG submodule. * Remove slice_network_addresses and ntp_opt_show_end scanner preferences. * Add hosts_ordering, exclude_hosts, reverse_lookup_only, reverse_lookup_unify scanner preferences. openvas-scanner 4.0+beta1 (2013-06-21) This is the first beta release of the openvas-scanner 4.0 module for the Open Vulnerability Assessment System (OpenVAS). It will be part of the upcoming "OpenVAS-7". Main new features and other changes of 4.0 compared to 3.4 include: Functionality such as user and rules management has been moved to OpenVAS Manger and removed from OpenVAS Scanner. As a result, other now superfluous functionality has been removed as well, along with a number of legacy features conflicting with the updated behavior of OpenVAS Scanner. The OTP version number has been increased to reflect the resulting protocol changes. Please note: The changes described above mean that OpenVAS Scanner >= 4.0 will no longer work with the old Gtk based OpenVAS-Client application. Please use OpenVAS Manager and an OMP based client instead. Many thanks to everyone who has contributed to this release: Hani Benhabiles, Matthew Mundell, Timo Pollmeier, Jan-Oliver Wagner and Michael Wiegand. Main changes compared to 3.4.x: * The handling of MD5 checksums and the SEND_PLUGINS_MD5 command has been removed from OTP. * The OTP command PLUGINS_MD5 has been renamed to NVT_INFO. * Protocol version has been changed to OTP 2.x. * The port range option "default" has been removed. * Support for Knowledge Base saving outside of network scans has been removed. * Support for sending the feed version via OTP has been added. * The required minimum GnuTLS version has increased to 2.8. * The required minimum OpenVAS Libraries version has increased to 7.0.0. * The I18n support for outdated scripts has been removed. * User handling has been removed as it is now handled by OpenVAS Manager. * The scanner preference "silent_dependencies" has been removed. * Support for determining if a NVT feed is current and only synchronizing it when it is not has been added. openvas-scanner 3.4+beta2 (2013-02-20) This is the second beta release of the openvas-scanner 3.4 module for the Open Vulnerability Assessment System (OpenVAS). It will be part of the upcoming "OpenVAS-6". Main changes since last beta release are the behaviour change of the Feed Synchronization routine and the more flexible handling of script tags. Many thanks to everyone who has contributed to this release: Hani Benhabiles, Werner Koch, Matthew Mundell, Timo Pollmeier, Jan-Oliver Wagner, Michael Wiegand. Main changes compared to 3.4+beta1: * Changed behaviour of NVT sync script "openvas-nvt-sync": It will now delete scripts not part of the when using rsync, except for the directory "private/". A Migration option "--migrate-to-private" of the sync-script will move private scripts into the "private/" directory. The Feed Sync will stop with an error until the "private/" is created. As soon as this directory is created, the synchronisation will ultimately delete all files in the local feed directory that are not part of the regular Feed. * Newline in script tags are now escaped. * The size of tags is not limited anymore. * Internal use of NVTI references by OID to allow using the NVTI cache properly. This significantly lowers the memory consumption per Scanner process. * Improve bug tracking by directing diagnostics to the log file. * Memleak fixes and other small bugfixes. * Various code and build cleanups. openvas-scanner 3.4+beta1 (2012-10-26) This is the first beta release of the openvas-scanner 3.4 module for the Open Vulnerability Assessment System (OpenVAS). It will be part of the upcoming "OpenVAS-6". Main new feature and other changes of 3.4 compared to 3.3 include: A collection internal and other small improvements, introducing OTP 1.1 as optional protocol. Many thanks to everyone who has contributed to this release: Michael Meyer, Matthew Mundell, Thomas Reinke, Jan-Oliver Wagner and Michael Wiegand. Main changes compared to 3.3.x: * Minimum requirements for openvas-libraries: Increased from 5.0 to 6.0. * Removed built-in logfile rotation. It is not a good idea to try to circumvent system environment technology for logrotate. * New optional OTP version 1.1 which is like 1.0 but sends less info to the client initially. * New: command line switch "--only-cache" to just build the cache and exit. * Changed: The magic that NVTs of category ACT_SETTINGS were always enabled even when user disabled them has been removed. OTP clients now have to take care to enable as needed. * Internal code cleanups for NVTI cache handling. * Fixed a bug when NVT lacks family specification. * Removed deprecated code. * Closed a number of memory leaks. openvas-scanner 3.3.1 (2012-04-24) This is the first maintenance release of the openvas-scanner 3.3 module for the Open Vulnerability Assessment System release 5 (OpenVAS-5). This release contains fixes for the CMake build infrastructure and an updated greenbone-nvt-sync script. It also raises the glib and gnutls dependencies to the minimum of what OpenVAS Libraries requires (currently glib 2.16 and gnutls 2.2). Many thanks to everyone who has contributed to the 3.3.1 release: Lukas Grunwald, Jan-Oliver Wagner and Michael Wiegand. Main changes compared to 3.3.0: * The CMake infrastructure has been cleaned up to ensure that compilation with modern gccs works. * The greenbone-nvt-sync script has been updated. * OpenVAS Scanner now requires at least glib 2.16 and gnutls 2.2, matching the requirements of OpenVAS Libraries. openvas-scanner 3.3.0 (2012-03-25) This is the first release of the openvas-scanner 3.3 module for the Open Vulnerability Assessment System release 5 (OpenVAS-5). Compared to the previous major release it covers a set of various improvements. Many thanks to everyone who has contributed to the 3.3.0 release: Henri Doreau, Stephan Kleine, Matthew Mundell, Jan-Oliver Wagner and Michael Wiegand. Main changes compared to 3.2.x: * New: scanner preference "reverse_lookup", defaulting to "no" (the previous behaviour) * Changed: For network wide scanning, mandatory keys are ignored. * Changed: Don't start the second scan phase when network scan is enabled and user requests "stop" during the first phase. * New: Send an ERRMSG to the client when terminating a process. * Changed: Do not force execution of ACT_INIT category. * Fixed: A number of potential resource leaks. * Fixed: A number of compiler warnings when compiling with gcc 4.6. * Fixed: Usage of the mktemp template in openvas-nvt-sync. * Removed: Support for shared sockets. * New: The scanner options "network_scan" and "report_host_details" have been added to the default scanner options. * The greenbone-nvt-sync script has been updated. * OpenVAS Scanner now uses UTC internally. * The optional use of the external tool "ovaldi" has been made more secure. * NVT management code has been updated to reflect the updated openvas-libraries API. * Further improvements to the build system. openvas-scanner 3.3+rc1 (2012-03-11) This is the first release candidate of the openvas-scanner 3.3 module for the Open Vulnerability Assessment System (OpenVAS). It will be part of the upcoming "OpenVAS-5". This release fixes some minor issues detecting during beta testing. Many thanks to everyone who has contributed to this release: Henri Dorea, Matthew Mundell and Michael Wiegand. Main changes compared to 3.3+beta2: * New scanner preference "reverse_lookup", defaulting to "no" (the previous behaviour) * For network wide scanning, mandatory keys are ignored. * Don't start the second scan phase when network scan is enabled and user requests "stop" during the first phase. * Send an ERRMSG to the client when terminating a process. * Furter improvements to the build system. openvas-scanner 3.3+beta2 (2011-10-10) This is the second beta release of the openvas-scanner 3.3 module for the Open Vulnerability Assessment System (OpenVAS). It will be part of the upcoming "OpenVAS 5". This release tightens security when using the external tool "ovaldi", enforces the internal use of the UTC timezone and features an updated greenbone-nvt-sync script. NOTE: Due to the changes in 5.0+beta2, it is strongly recommended to delete the contents of the OpenVAS Scanner cache directory to remove obsolete files and to force the Scanner to rebuild the cache. ATTENTION: The OpenVAS Scanner now enforces the internal use of the UTC timezone. If the Scanner has been in use with an OpenVAS Manager, it is strongly recommended to update to OpenVAS Manager >= 5.0+beta5 and to migrate the Manager database before using this Scanner version to ensure data consistency. Many thanks to everyone who has contributed to this release: Matthew Mundell, Jan-Oliver Wagner and Michael Wiegand. Main changes compared to 3.3+beta1: * NVT management code has been updated to reflect the updated openvas-libraries API. * The optional use of the external tool "ovaldi" has been made more secure. * OpenVAS Scanner now uses UTC internally. * The greenbone-nvt-sync script has been updated. openvas-scanner 3.3+beta1 (2011-06-21) This is the first beta release of the openvas-scanner 3.3 module for the Open Vulnerability Assessment System (OpenVAS). It will be part of the upcoming "OpenVAS 5". It contains the result of a continuous code audit and fixes a number of potential resource leaks and compiler warnings. It also removes the forced execution of NVTs in the ACT_INIT category and removes support for shared sockets in accordance with the OpenVAS Change Request #53. Many thanks to everyone who has contributed to this release: Henri Doreau, Stephan Kleine, Matthew Mundell, Jan-Oliver Wagner and Michael Wiegand. Main changes compared to 3.2.3: * Changed: Do not force execution of ACT_INIT category. * Fixed: A number of potential resource leaks. * Fixed: A number of compiler warnings when compiling with gcc 4.6. * Fixed: Usage of the mktemp template in openvas-nvt-sync. * Removed: Support for shared sockets. * New: The scanner options "network_scan" and "report_host_details" have been added to the default scanner options. openvas-scanner 3.2.3 (2011-04-11) This is the third maintenance release of the openvas-scanner 3.2 module for the Open Vulnerability Assessment System release 4 (OpenVAS-4). This release features a number of minor improvements to the build process and to the synchronization scripts. It also close three potential resource leaks discovered by Henri Doreau. Many thanks to everyone who has contributed to this release: Henri Doreau and Michael Wiegand. Main changes compared to 3.2.2: * Fixed: Three potential resource leaks. * Fixed: Generation of code documentation. * Updated: Feed synchronization scripts. * Changed: The openvas-nvt-sync script will now perform the initial feed synchronization via HTTP instead of rsync. * Changed: The openvas-nvt-sync script will now default to synchronize into the NVT directory used by the OpenVAS Scanner instead of the one defined at compile time. openvas-scanner 3.2.2 (2011-02-21) This is the second maintenance release of the openvas-scanner 3.2 module for the Open Vulnerability Assessment System release 4 (OpenVAS-4). It features improvements to the synchronization scripts and a minor code cleanup. All synchronization scripts are now free of bashisms, meaning they no longer depend on the GNU Bourne-Again shell to run and should be compatible with most shells. Many thanks to everyone who has contributed to this release: Michael Wiegand. Main changes compared to 3.2.1: * The last bashism has been removed from the openvas-nvt-sync synchronization script. * The greenbone-nvt-sync script now logs additional information during synchronization. * An unimplemented and superfluous function declaration has been removed. openvas-scanner 3.2.1 (2011-02-16) This is the first maintenance release of the openvas-scanner 3.2 module for the Open Vulnerability Assessment System release 4 (OpenVAS-4). It features minor improvements to documentation, build environment and synchronization scripts and sets a default value for the "Consider unscanned ports closed" preference; this means that the scanner will now mark unscanned ports as closed by default unless instructed otherwise by a client. Many thanks to everyone who has contributed to this release: Michael Wiegand. Main changes compared to 3.2.0: * The openvassd man page has been updated. * The build environment has been consolidated. * The greenbone-nvt-sync script has been improved. * OpenVAS Scanner now sets a default value for the "unscanned_closed" preference. openvas-scanner 3.2.0 (2011-02-04) This is the first release of the openvas-scanner 3.2 module for the Open Vulnerability Assessment System release 4 (OpenVAS-4). Compared to the previous major release it contains a major cleanup of code, build process and installation. This increases the efficiency of the OpenVAS Scanner, makes the build easier and the installation compliant with the Filesystem Hierarchy Standard (FHS 2.3). Featurewise this release adds support for a network scan level, finally gets rid of binary plugins (existing binary plugins were turned into NASL built-ins and moved to openvas-libraries 4.0) and improves the handling of setting files. It exposes the vhosts feature, changes the default port to 9391 and now listens on IPv4 sockets by default. Many thanks to everyone who has contributed to the 4.0.0 release: Matthew Mundell, Michael Wiegand and Jan-Oliver Wagner. Main changes compared to 3.1.x: * Improved output of --version to comply with the GNU Coding Standard. * Comprehensive code cleanup. * Binary (.nes) plugins were moved to libraries and turned into built-in NASL methods. * Handling of binary plugins has been removed. * Added preferences for the vhost feature so that clients get them and can offer them to the user. In other words: unhide the vhost feature. * Default port is now 9391 where the OpenVAS Manager expects the Scanner by default. * Command line options "--dump-cfg" and "--gen-config" are removed. * openvassd does not need anymore a "openvassd.conf" file. It uses its defaults and a possibly present conf-file can overwrite settings. * openvas-mkcert got a additional switch "-f" to force overwriting certificates. * openvas-mkcert does not create a openvassd.conf anymore as it shares the defaults with openvassd. * Hardening flags are now enabled during compile time to increase code quality. * openvas-scanner now listens on an IPv4 socket by default, even when IPv6 support is present. * The former autotools build environment has been replaces with a build process using cmake and using pkgconfig for dependency checks. * Removed unnecessary log entries. * Man pages have been updated. Main changes compared to 3.2+rc2: * The sync scripts have been updated. * OpenVAS Scanner now uses pkg-config to find libraries. * Installation of the openvas-services file has been moved to openvas-libraries. * Filesystem Hierarchy Standard (FHS 2.3) compliance has been improved. openvas-scanner 3.2+rc2 (2011-01-20) This release is the second release candidate for the next major release of the Scanner module. It will be part of the upcoming "OpenVAS 4". It features a complete exchange of the build process which now is cmake-based. Also, numerous code elements were removed of which it was unclear whether they have still practical relevance. The third major change concerns the resolving of binary NVTs. Many thanks to everyone who has contributed to this release: Matthew Mundell, Michael Wiegand and Jan-Oliver Wagner. Main changes compared to 3.2+rc1: * Improved output of --version * Comprehensive code cleanup * Binary (.nes) plugins we moved to libraries and turned into builtin NASL methods. * Removed handling of binary plugins as we don't want to have them ever again. * Added preferences for the vhost feature so that clients get them and can offer them to the user. In other words: unhide the vhost feature. * Default port is now 9391 where the OpenVAS Manager expects the Scanner by default. * Command line options "--dump-cfg" and "--gen-config" are removed. * openvassd does not need anymore a "openvassd.conf" file. It uses its defaults and a possibly present conf-file can overwrite settings. * openvas-mkcert got a additional switch "-f" to force overwriting certificates. * openvas-mkcert does not create a openvassd.conf anymore as it shares the defaults with openvassd. openvas-scanner 3.2+rc1 (2010-12-20) This release is the first release candidate for the next release of openvas-scanner. It will be part of the upcoming "OpenVAS 4". It silences a number of debug messages and addresses compiler warnings. Most importantly, openvas-scanner now reliably defaults to listening on IPv4 sockets even in environments where IPv6 support is present. Many thanks to everyone who has contributed to this release: Michael Wiegand. Main changes compared to 3.2+beta2: * Debug messages during the use of shared sockets are no longer logged unless requested during compile time. * A number of compiler warnings from gcc 4.4 has been addressed. * Hardening flags are now enabled during compile time to increase code quality. * openvas-scanner now listens on an IPv4 socket by default, even when IPv6 support is present. openvas-scanner 3.2+beta2 (2010-12-06) This release is the second beta version of the next release of openvas-scanner. It will be part of the upcoming "OpenVAS 4". It addresses three compiler warnings and fixes two issues discovered after the release of openvas-scanner 3.2+beta1. Many thanks to everyone who has contributed to this release: Matthew Mundell, Jan-Oliver Wagner and Michael Wiegand. Main changes compared to 3.2+beta1: * A compiler warning regarding an incorrect function declaration in openvas_tcp_scanner has been addressed. * A compiler warning regarding incorrect pointer casts in find_service has been addressed. * A compiler warning regarding the type of a return value in openvassd has been addressed. * An issue which caused openvassd to refuse to scan certain hosts even when permitted by rules has been fixed. * An issue which caused openvassd to abort the scan process prematurely under certain circumstances has been fixed. openvas-scanner 3.2+beta1 (2010-11-18) This release is the first beta version of the next release of openvas-scanner. It will be part of the upcoming "OpenVAS 4". Main new features and other changes of 3.2 compared to 3.1 include: Support of a network scan level, reduced memory consumption due to changes in openvas-libraries and a cleanup of the code base. Many thanks to everyone who has contributed to this release: Jan-Oliver Wagner and Michael Wiegand. Main changes compared to 3.1.1: * Network level scan support. * Removed unnecessary log entries. * Include paths have been updated to match with openvas-libraries 4.0. openvas-scanner 3.1.1 (2010-10-29) This is the 3.1.1 release of the openvas-scanner module for the Open Vulnerability Assessment System (OpenVAS). This release improves the code documentation, clarifies the licenses of individual source code files, removes obsolete support for systems without entropy generation and fixes a bug in the client certificate generation script. Many thanks to everyone who has contributed to this release: Michael Meyer, Thomas Reinke, Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller. Main changes compared to 3.1.0: * The code documentation infrastructure has been improved. * The license situation of the individual source code files has been clarified. * Obsolete support for systems without entropy generation has been removed. * A bug which caused the client certificate generation to fail under certain circumstances has been fixed. openvas-scanner 3.1.0 (2010-07-14) This is the 3.1.0 release of the openvas-scanner module for the Open Vulnerability Assessment System (OpenVAS). This release adds a number of new features, for example support for soft pausing of scans, for retrieving the version of an installed NVT collection, for automatically installing generated client certificates, for storing uploaded preference files in memory, for dropping privileges for NASL and NES NVTs and for scanning virtual web hosts. It also contains updated feed synchronization scripts and removes legacy support for passwords stored in plaintext (see OpenVAS change request #31, http://www.openvas.org/openvas-cr-31.html). Many thanks to everyone who has contributed to this release: Geoff Galitz, Michael Meyer, Matthew Mundell, Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller. Main changes compared to 3.0.2: * Support for storing scanner passwords in plaintext has been removed. * Support for dropping privileges in NASL and NES NVTs had been added. * Support for scanning virtual web hosts has been added. * The handling of NVTs with an invalid timestamp has been improved. * A bug in the openvas-nvt-sync script which prevented synchronization via http under certain circumstances has been fixed. * Support for retrieving the version of the NVT collection has been added to the openvas-nvt-sync and greenbone-nvt-sync scripts. * Support for soft pausing of scans has been added. * Support for automatically installing generated certificate file has been added to the openvas-mkcert-client script. * The obsolete C based NVT "ssl_cipher" has been removed from the openvas-scanner module. It has been replaced by the NASL implementation "secpod_ssl_ciphers.nasl". * Support for storing an uploaded preference file in memory instead of on disk has been added. openvas-scanner 3.1.0.rc3 (2010-07-01) This is the third release candidate of the openvas-scanner module for the Open Vulnerability Assessment System (OpenVAS) 3.1 series. This release removes legacy support for passwords stored in plaintext ahead of the openvas-scanner 3.1.0 release (see OpenVAS change request #31, http://www.openvas.org/openvas-cr-31.html). Many thanks to everyone who has contributed to this release: Michael Wiegand. Main changes compared to 3.1.0.rc2: * Support for storing scanner passwords in plaintext has been removed. openvas-scanner 3.1.0.rc2 (2010-06-28) This is the second release candidate of the openvas-scanner module for the Open Vulnerability Assessment System (OpenVAS) 3.1 series. This release adds support for dropping privileges for NASL and NES NVTs and for scanning virtual web hosts. It also contains updated feed synchronization scripts. Many thanks to everyone who has contributed to this release: Michael Wiegand and Felix Wolfsteller. Main changes compared to 3.1.0.rc1: * The support scripts for feed synchronization have been updated. * Support for dropping privileges in NASL and NES NVTs had been added. * Support for scanning virtual web hosts has been added. * The handling of NVTs with an invalid timestamp has been improved. openvas-scanner 3.1.0.rc1 (2010-05-19) This is the first release candidate of the openvas-scanner module for the Open Vulnerability Assessment System (OpenVAS) 3.1 series. This release adds support for soft pausing of scans, for retrieving the version of an installed NVT collection, for automatically installing generated client certificates and for storing uploaded preference files in memory. Many thanks to everyone who has contributed to this release: Geoff Galitz, Michael Meyer, Matthew Mundell, Jan-Oliver Wagner and Michael Wiegand. Main changes compared to 3.0.2: * A bug in the openvas-nvt-sync script which prevented synchronization via http under certain circumstances has been fixed. * The build environment for C based NVTs has been cleaned up. * Code formatting has been improved in a number of files to match the coding style. * Support for retrieving the version of the NVT collection has been added to the openvas-nvt-sync and greenbone-nvt-sync scripts. * Support for soft pausing of scans has been added. * Support for automatically installing generated certificate file has been added to the openvas-mkcert-client script. * The obsolete C based NVT "ssl_cipher" has been removed from the openvas-scanner module. It has been replaced by the NASL implementation "secpod_ssl_ciphers.nasl". * Support for storing an uploaded preference file in memory instead of on disk has been added. openvas-scanner 3.0.2 (2010-03-22) This is the second maintenance release of the openvas-scanner module for the Open Vulnerability Assessment System (OpenVAS) 3.0-series. This release mainly improves the supporting shell scripts for user- and feed-management. Many thanks to everyone who has contributed to this release: Javier Fernandez-Sanguino, Stephan Kleine, Michael Meyer, Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller. Main changes compared to 3.0.1: * Changed C-NVT "find_service" to mark unknown services. * Improved script "openvas-adduser" regarding exit code. * Improved script "openvas-mkcert-client" to allow clean certificate creation and to allow non-interactive execution. * Improved script "openvas-nvt-sync" to comply with openvas-adminstrator API specification of NVT sync scripts. Also more robustness. * Added script "greenbone-nvt-sync". * Small internal code cleanups. openvas-scanner 3.0.1 (2010-01-26) This is the first maintenance release of the openvas-scanner module for the Open Vulnerability Assessment System (OpenVAS) 3.0-series. It reenables certificate authentication, improves user rules support and includes an updated openvas-nvt-sync script. Many thanks to everyone who has contributed to this release: Vlatko Kosturjak, Matthew Mundell, Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller. Main changes compared to 3.0.0: * Reenabled certificate authentication * Improved user rules support * Updated openvas-nvt-sync script openvas-scanner 3.0.0 (2009-12-18) This is the 3.0.0 release of the openvas-scanner module for the Open Vulnerability Assessment System (OpenVAS). Apart from the name change from openvas-server to openvas-scanner, now the platform-dependent NVTs as well as the OpenVAS NVT Feed synchronisation script have been integrated. OpenVAS 3.0 introduces a new architecture where openvas-libraries now includes openvas-libnasl as well as redundant code from openvas-client and where openvas-server is renamed to openvas-scanner and includes any platform-dependent elements of openvas-plugins. As a result of this, the source code line count has been reduced even though new features have been added. Also, for running the scanner now only 2 modules are required (instead of 4 as for OpenVAS 2.0). New features of OpenVAS include support for IPv6 and WMI-Clients. Version 3.0 also supports the new OpenVAS Manager and OpenVAS Administrator as optional extensions. This combination leverages the vulnerability scanner to a comprehensive vulnerability management solution. Many thanks to everyone who has contributed to the 3.0.0 release: Chandrashekhar B, Tim Brown, Javier Fernández-Sanguino Peña, Vlatko Kosturjak, Matthew Mundell, Srinivasa NL, Jan Wagner, Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller. Main changes compared to 2.0.x: * IPv6 support * Integration of platform dependent NVTs from openvas-plugins * Integration of openvas-nvt-sync script * Renamed daemon from openvasd to openvassd * glib dependency raised from 2.6 to 2.12 * openvasd-config removed as no other packages require this package for building. * For the same reason, no header files are installed anymore Main changes compared to 3.0.0-rc1: * The openvassd.conf configuration file now complies with the key file specification. openvas-scanner 3.0.0-rc1 (2009-12-07) This release is the first release candidate of openvas-scanner leading up to the upcoming 3.0 release of OpenVAS. Apart from the name change from openvas-server to openvas-scanner, the platform-dependent NVTs as well as the OpenVAS NVT Feed synchronisation script are now integrated. OpenVAS 3.0 will introduce a new architecture where openvas-libraries now includes openvas-libnasl as well as redundant code from openvas-client and where openvas-server is renamed to openvas-scanner and includes any platform-dependent elements of openvas-plugins. As a result of this, the source code will shrink, though new features will be added. Also, for running the scanner now only 2 modules are required (instead of 4 as for OpenVAS 2.0). New features of OpenVAS include support for IPv6 and WMI-Clients. Version 3.0 prepares the new OpenVAS Manager and OpenVAS Administrator as optional extension. This combination leverages the vulnerability scanner to a comprehensive vulnerability management solution. The "release candidate" releases are intended to allow testing of the upcoming 3.0 series. It should be kept separate from OpenVAS 2.0 installations and not be used in a production environment. Unless serious bugs are discovered, this release candidate will become the final OpenVAS 3.0 release. Users are encouraged to test this release and to report bugs to the OpenVAS bug tracker located at http://bugs.openvas.org/ . Many thanks to everyone who has contributed to the 3.0.0 release: Chandrashekhar B, Tim Brown, Javier Fernández-Sanguino Peña, Vlatko Kosturjak, Matthew Mundell, Srinivasa NL, Jan Wagner, Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller. Main changes compared to 2.0.x: * IPv6 support * Integration of platform dependent NVTs from openvas-plugins * Integration of openvas-nvt-sync script * Renamed daemon from openvasd to openvassd * glib dependency raised from 2.6 to 2.12 * openvasd-config removed as no other packages require this package for building. * For the same reason, no header files are installed anymore Main changes compared to 3.0.0-beta6: * IPv6 support has been improved. * Support for the upcoming synchronization script API has been added to openvas-nvt-sync. * The amount of debug messages in the log files when not compiled in debug mode has been reduced. openvas-scanner 3.0.0-beta6 (2009-11-23) This release is the sixth beta version of openvas-scanner leading up to the upcoming 3.0 release of OpenVAS. Apart from the name change from openvas-server to openvas-scanner, the platform-dependent NVTs as well as the OpenVAS NVT Feed synchronisation script are now integrated. OpenVAS 3.0 will introduce a new architecture where openvas-libraries now includes openvas-libnasl as well as redundant code from openvas-client and where openvas-server is renamed to openvas-scanner and includes any platform-dependent elements of openvas-plugins. As a result of this, the source code will shrink, though new features will be added. Also, for running the scanner now only 2 modules are required (instead of 4 as for OpenVAS 2.0). New features of OpenVAS include support for IPv6 and WMI-Clients. Version 3.0 prepares the new OpenVAS Manager and OpenVAS Administrator as optional extension. This combination leverages the vulnerability scanner to a comprehensive vulnerability management solution. The "beta" releases are intended to allow testing of the upcoming 3.0 series. It should be kept separate from OpenVAS 2.0 installations and not be used in a production environment. Many thanks to everyone who has contributed to the 3.0.0 release: Chandrashekhar B, Tim Brown, Javier Fernández-Sanguino Peña, Vlatko Kosturjak, Matthew Mundell, Srinivasa NL, Jan Wagner, Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller. Main changes compared to 2.0.x: * IPv6 support * Integration of platform dependent NVTs from openvas-plugins * Integration of openvas-nvt-sync script * Renamed daemon from openvasd to openvassd * glib dependency raised from 2.6 to 2.12 * openvasd-config removed as no other packages require this package for building. * For the same reason, no header files are installed anymore Main changes compared to 3.0.0-beta5: * IPv6 support has been improved. * Code clean up. openvas-scanner 3.0.0-beta5 (2009-10-26) This release is the fifth beta version of openvas-scanner leading up to the upcoming 3.0 release of OpenVAS. Apart from the name change from openvas-server to openvas-scanner, the platform-dependent NVTs as well as the OpenVAS NVT Feed synchronisation script are now integrated. OpenVAS 3.0 will introduce a new architecture where openvas-libraries now includes openvas-libnasl as well as redundant code from openvas-client and where openvas-server is renamed to openvas-scanner and includes any platform-dependent elements of openvas-plugins. As a result of this, the source code will shrink, though new features will be added. Also, for running the scanner now only 2 modules are required (instead of 4 as for OpenVAS 2.0). New features of OpenVAS include support for IPv6 and WMI-Clients. Version 3.0 prepares the new OpenVAS Manager and OpenVAS Administrator as optional extension. This combination leverages the vulnerability scanner to a comprehensive vulnerability management solution. The "beta" releases are intended to allow testing of the upcoming 3.0 series. It should be kept separate from OpenVAS 2.0 installations and not be used in a production environment. Many thanks to everyone who has contributed to the 3.0.0 release: Chandrashekhar B, Tim Brown, Javier Fernández-Sanguino Peña, Vlatko Kosturjak, Matthew Mundell, Srinivasa NL, Jan Wagner, Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller. Main changes compared to 2.0.x: * IPv6 support * Integration of platform dependent NVTs from openvas-plugins * Integration of openvas-nvt-sync script * Renamed daemon from openvasd to openvassd * glib dependency raised from 2.6 to 2.12 * openvasd-config removed as no other packages require this package for building. * For the same reason, no header files are installed anymore Main changes compared to 3.0.0-beta4: * Adjustments for the API changes that happened from openvas-libraries 3.0.0-beta4 to 3.0.0-beta5. openvas-scanner 3.0.0-beta4 (2009-10-19) This release is the fourth beta version of openvas-scanner leading up to the upcoming 3.0 release of OpenVAS. Apart from the name change from openvas-server to openvas-scanner, the platform-dependent NVTs as well as the OpenVAS NVT Feed synchronisation script are now integrated. OpenVAS 3.0 will introduce a new architecture where openvas-libraries now includes openvas-libnasl as well as redundant code from openvas-client and where openvas-server is renamed to openvas-scanner and includes any platform-dependent elements of openvas-plugins. As a result of this, the source code will shrink, though new features will be added. Also, for running the scanner now only 2 modules are required (instead of 4 as for OpenVAS 2.0). New features of OpenVAS include support for IPv6 and WMI-Clients. Version 3.0 prepares the new OpenVAS Manager and OpenVAS Administrator as optional extension. This combination leverages the vulnerability scanner to a comprehensive vulnerability management solution. The "beta" releases are intended to allow testing of the upcoming 3.0 series. It should be kept separate from OpenVAS 2.0 installations and not be used in a production environment. Many thanks to everyone who has contributed to the 3.0.0 release: Chandrashekhar B, Tim Brown, Javier Fernández-Sanguino Peña, Vlatko Kosturjak, Matthew Mundell, Srinivasa NL, Jan Wagner, Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller. Main changes compared to 2.0.x: * IPv6 support * Integration of platform dependent NVTs from openvas-plugins * Integration of openvas-nvt-sync script * Renamed daemon from openvasd to openvassd * glib dependency raised from 2.6 to 2.12 * openvasd-config removed as no other packages require this package for building. * For the same reason, no header files are installed anymore Main changes compared to 3.0.0-beta3: * A number of resource and memory leaks have been identified and fixed. * Command line options have been updated. * Old and obsolete code has been identified and removed. * Adjustments for the API changes that happened from openvas-libraries 3.0.0-beta3 to 3.0.0-beta4. openvas-scanner 3.0.0-beta3 (2009-10-06) This release is the third beta version of openvas-scanner leading up to the upcoming 3.0 release of OpenVAS. Apart from the name change from openvas-server to openvas-scanner, the platform-dependent NVTs as well as the OpenVAS NVT Feed synchronisation script are now integrated. OpenVAS 3.0 will introduce a new architecture where openvas-libraries now includes openvas-libnasl as well as redundant code from openvas-client and where openvas-server is renamed to openvas-scanner and includes any platform-dependent elements of openvas-plugins. As a result of this, the source code will shrink, though new features will be added. Also, for running the scanner now only 2 modules are required (instead of 4 as for OpenVAS 2.0). New features of OpenVAS include support for IPv6 and WMI-Clients. Version 3.0 prepares the new OpenVAS Manager and OpenVAS Administrator as optional extension. This combination leverages the vulnerability scanner to a comprehensive vulnerability management solution. The "beta" releases are intended to allow testing of the upcoming 3.0 series. It should be kept separate from OpenVAS 2.0 installations and not be used in a production environment. Many thanks to everyone who has contributed to the 3.0.0 release: Chandrashekhar B, Tim Brown, Javier Fernández-Sanguino Peña, Vlatko Kosturjak, Matthew Mundell, Srinivasa NL, Jan Wagner, Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller. Main changes compared to 2.0.x: * IPv6 support * Integration of platform dependent NVTs from openvas-plugins * Integration of openvas-nvt-sync script * Renamed daemon from openvasd to openvassd * glib dependency raised from 2.6 to 2.12 * openvasd-config removed as no other packages require this package for building. * For the same reason, no header files are installed anymore Main changes compared to 3.0.0-beta2: * Adjustments for the API changes that happened from openvas-libraries 3.0.0-beta2 to 3.0.0-beta3. openvas-scanner 3.0.0-beta2 (2009-09-28) This release is the second beta version of openvas-scanner leading up to the upcoming 3.0 release of OpenVAS. Apart from the name change from openvas-server to openvas-scanner, the platform-dependent NVTs as well as the OpenVAS NVT Feed synchronisation script are now integrated. OpenVAS 3.0 will introduce a new architecture where openvas-libraries now includes openvas-libnasl as well as redundant code from openvas-client and where openvas-server is renamed to openvas-scanner and includes any platform-dependent elements of openvas-plugins. As a result of this, the source code will shrink, though new features will be added. Also, for running the scanner now only 2 modules are required (instead of 4 as for OpenVAS 2.0). New features of OpenVAS include support for IPv6 and WMI-Clients. Version 3.0 prepares the new OpenVAS Manager and OpenVAS Administrator as optional extension. This combination leverages the vulnerability scanner to a comprehensive vulnerability management solution. The "beta" releases are intented to allow testing of the upcoming 3.0 series. It should be kept separate from OpenVAS 2.0 installations and not be used in a production environment. Many thanks to everyone who has contributed to the 3.0.0 release: Chandrashekhar B, Tim Brown, Javier Fernández-Sanguino Peña, Vlatko Kosturjak, Matthew Mundell, Srinivasa NL, Jan Wagner, Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller. Main changes compared to 2.0.x: * IPv6 support * Integration of platform dependent NVTs from openvas-plugins * Integration of openvas-nvt-sync script * Renamed daemon from openvasd to openvassd * glib dependency raised from 2.6 to 2.12 * openvasd-config removed as no other packages require this package for building. * For the same reason, no header files are installed anymore Main changes compared to 3.0.0-beta1: * Adjustments for the API changes that happened from openvas-libraries 3.0.0-beta1 to 3.0.0-beta2. * Code cleanups. * Fixed and improved build. openvas-scanner 3.0.0-beta1 (2009-09-23) This release is the first beta version of openvas-scanner leading up to the upcoming 3.0 release of OpenVAS. Apart from the name change from openvas-server to openvas-scanner, and platform-dependent NTSs as well as the OpenVAS NVT Feed synchronisation script are now integrated. OpenVAS 3.0 will introduce a new architecture where openvas-libraries now includes openvas-libnasl as well as redundant code from openvas-client and where openvas-server is renamed to openvas-scanner and includes any platform-dependent elements of openvas-plugins. As a result of this, the source code will shrink, though new features will be added. Also, for running the scanner now only 2 modules are required (instead of 4 as for OpenVAS 2.0). New features of OpenVAS include support for IPv6 and WMI-Clients. Version 3.0 prepares the new OpenVAS Manager and OpenVAS Administrator as optional extension. This combination leverages the vulnerability scanner to a comprehensive vulnerability management solution. The "beta" releases are intented to allow testing of the upcoming 3.0 series. It should be kept separate from OpenVAS 2.0 installations and not be used in a production environment. Many thanks to everyone who has contributed to the 3.0.0 release: Chandrashekhar B, Tim Brown, Javier Fernández-Sanguino Peña, Vlatko Kosturjak, Matthew Mundell, Srinivasa NL, Jan Wagner, Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller. Main changes compared to 2.0.x: * IPv6 support * Integration of platform dependent NVTs from openvas-plugins * Integration of openvas-nvt-sync script * Renamed daemon from openvasd to openvassd * glib dependency raised from 2.6 to 2.12 * openvasd-config removed as no other packages require this package for building. * For the same reason, no header files are installed anymore openvas-server 2.0.2 (2009-06-03) This is the second maintenance release of the openvas-server module for the Open Vulnerability Assessment System (OpenVAS) 2.0-series. It fixes some issues discovered after the release of openvas-server 2.0.1 and introduces support for new features. Thanks to the continuing audit of the code, a number of obsolete, unused and/or unnecessary functions were identified and removed. Effects when installing this version: * The option "Silent dependencies" is now "off" by default. Previously it was set to "on", openvas-client >= 2.0.2 has already switched to "off" per default. Note that this may result in larger reports. * Dependencies: openvas-server 2.0.2 requires openvas-libraries 2.0.2 and openvas-libnasl 2.0.1. You need to install these prior to openvas-server 2.0.2. * The openvas-adduser script will no longer allow passwords in plaintext for new users. This means that the openvas-adduser script will refuse to add a new user if neither openssl nor md5sums is available. Main changes since 2.0.1: * OVAL support has been improved and now supports multiple definitions and results in one file. * Support for per-host password based local checks has been added. * Debian packaging files have been updated. * Dependency searching has been improved to work better with subdirectories. * openvas-server will now generate a warning if a NVT could not be cached. * The openvas-adduser script will no longer create the now obsolete "plugins" directory in the user directory. Many thanks to everyone who has contributed to this release: Vlatko Kosturjak, Jan Wagner, Felix Wolfsteller and Michael Wiegand. openvas-server 2.0.1 (2009-02-17) This is the first maintenance release of the openvas-server module for the Open Vulnerability Assessment System (OpenVAS) 2.0-series. It fixes some issues discovered after the release of openvas-server 2.0.0 and introduces support for new features. Thanks to the continuing audit of the code, a number of obsolete, unused and/or unnecessary functions were identified and removed. Effects when installing this version: * Dependencies: openvas-server 2.0.1 requires openvas-libraries 2.0.1 and openvas-libnasl 2.0.1. You need to install these prior to openvas-server 2.0.1. * Cache files: Effects of openvas-libraries 2.0.1 are changes in the cache file management. With 2.0.1 release of openvas-server it is possible to specify a new location for the cache folder. If you will use a new location, then the effects described for openvas-libraries do not apply anymore (see also below regarding cache folder). * New default port of the server: Please be aware that openvas-server now listens on port 9390 by default since this port has recently been allocated by IANA for the Openvas Transport Protocol (OTP). If you want to continue to use the old port 1241, you have to specify the port you want openvasd to listen on, for example by starting the server with "openvasd -p 1241". If you don't specify this, it might happen that at next boot of your system (or other restart of openvasd), the service is available at a new port and you need to update the connection information in your OpenVAS-Client. Main changes since 2.0.0: * Support for sub-directories in plugins_folder in accordance with Change Request #24 (http://www.openvas.org/openvas-cr-24.html). * Established automated source code documentation. HTML-Version is available under http://www.openvas.org/src-doc/openvas-server/current/index.html * Openvas-server now uses the IANA-assigned port 9390 for communication with the client. * It is now possible to start openvas-server without root privileges. Note that a number of NVTs which rely on operations requiring root privileges (like packet forgery) will not work under these circumstances. * The openvasd-config script now returns the values for sysconfdir, libdir and sbindir set at compile time. * The new server preference "cache_folder" allows you to define the location of the cache ($plugins_folder/.desc in previous versions). The default value for this preference is /var/cache/openvas for new OpenVAS installations. Existing installations need to add cache_folder = /var/cache/openvas manually to openvasd.conf and make sure the directory exists. * The new server preference "include_folders" allows you to specify search paths for the NASL include directive. This aids the use of subdirectories for plugins. The default value for this preference is $plugins_folder to be compatible with the old "flat" (all in one directory) structure. * Initial support for per-target SSH credentials settings has been added. Please note that you will need a new client (>= 2.0.2) and a new ssh_authorization.nasl file to use this feature. * Having a directory structure in $plugins_folder is now supported. openvasd will recurse through the subdirectories in $plugins_folder. Note: The OpenVAS NVT feed will not use the new features for subdirectories and include paths as long as the OpenVAS 1.0.x and OpenVAS 2.0.0 releases are supported. An exception might be OVAL support. Bugfixes: * The usage of the gettext support tool in support scripts like openvas-adduser did expect gettext.sh to be in /usr/bin, which prevented the scripts from working correctly on systems where this was not the case. The gettext usage has been made more robust. (Solves: #860) * During startup, openvasd will now show the correct total number of plugins and not count signatures and other files anymore. * The obsolete user-specific cache (.desc in /var/lib/openvas/users/USER/plugins/) is not created anymore. Many thanks to everyone who has contributed to this release: Tim Brown, Stjepan Gros (for subdirs feature), Joey Schulze, Jan-Oliver Wagner, Felix Wolfsteller and Michael Wiegand. openvas-server 2.0.0 (2008-12-17) This is the 2.0.0 release of OpenVAS. If you have used the 2.0-beta1, -beta2 or -rc1 release, we recommend that you update all your OpenVAS modules (openvas-libraries, openvas-libnasl, openvas-server and openvas-client) to 2.0.0. If you are currently using the 1.0.x branch and want to evaluate OpenVAS 2.0.0, we recommend that you install 2.0.0 separately from your OpenVAS 1.0 installation. Instructions on how to do this are available from the OpenVAS website. Main changes since 2.0-rc1: * Debian packaging files have been updated. * Obsolete code relating to the ENABLE_PLUGIN_SERVER has been removed. * The build environment has been updated. Main changes since 1.0.1: * Support for the new script_tag command in NASL scripts has been added. * 64-bit compatibility has been considerably improved. * Support for transfering NVT signature information to the client has been added. * Certificate checking has been improved. * The obsolete openvas-check-signature tool has been removed. * Support for plugin upload has been removed from OpenVAS-Server. * Support for detached scans has been removed from OpenVAS-Server. * Switch from Nessus Transfer Protocol 1.2 to OpenVAS Transfer Protocol (OTP) 1.0. * Support for OVAL definitions has been added. * Switch from Nessus plugin IDs to NVT OIDs. Many thanks to everyone who has contributed to this release: Tim Brown, Javier Fernandez-Sanguino, Stjepan Gros, Joey Schulze, Jan Wagner, Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller. openvas-server 2.0-rc1 (2008-12-05) This release is the first release candidate for the upcoming 2.0 release of OpenVAS. Unless serious bugs are discovered, this release candidate will become the final OpenVAS 2.0 release. Users are encouraged to test this release and to report bugs to the OpenVAS bug tracker located at http://bugs.openvas.org/ . If you have used the 2.0-beta2 release, we recommend that you update all your OpenVAS modules (openvas-libraries, openvas-libnasl, openvas-server and openvas-client) to 2.0-rc1. If you are currently using the stable 1.0.x branch and want to take part in testing this release candidate, we recommend that you install 2.0-rc1 separately from your OpenVAS 1.0 installation. Instructions on how to do this are available from the OpenVAS website. Main changes since 2.0-beta2: * Support for the new script_tag command in NASL scripts has been added. * Code quality has been improved, a potential buffer overflow due to insufficient memory allocation has been fixed. * Debian packaging files have been updated. * Minor bugfixes. Many thanks to everyone who has contributed to this release: Tim Brown, Joey Schulze, Felix Wolfsteller and Michael Wiegand. openvas-server 2.0-beta2 (2008-11-14) This release is the second beta version of the upcoming 2.0 release of OpenVAS. It contains improved 64-bit compatibility, improved OVAL support, support for transferring NVT signature information to the client and various improvements. This release is intended to contain all features intended for the final OpenVAS 2.0 release. Users are encouraged to test this release and to report bugs to the OpenVAS bug tracker located at http://bugs.openvas.org/ . If you have used the 2.0-beta1 release, we recommend that you update all your OpenVAS modules (openvas-libraries, openvas-libnasl, openvas-server and openvas-client) to 2.0-beta2. If you are currently using the stable 1.0.x branch and want to take part in the beta phase for 2.0, we recommend that you install 2.0-beta2 separately from your OpenVAS 1.0 installation. Instructions on how to do this are available from the OpenVAS website. Main changes since 2.0-beta1: * 64-bit compatibility has been considerably improved. * Debian packaging files have been updated. * Support for transfering NVT signature information to the client has been added. * Certificate checking has been improved. * OVAL support has been improved. * The obsolete openvas-check-signature tool has been removed. * Bugfixes. * Various code cleanups. Many thanks to everyone who has contributed to this release: Tim Brown, Stjepan Gros, Michael Wiegand and Felix Wolfsteller. openvas-server 2.0-beta1 (2008-09-25) This release is a first beta version of the upcoming 2.0 release of OpenVAS. It introduces support for the cleaned up and improved OpenVAS Transport Protocol (OTP, replacing NTP), the new OpenVAS NVT OID scheme and support for the Open Vulnerability and Assessment Language (OVAL). The protocol cleanup also removed some features that were considered unsecure, unneeded or wrongly placed. OpenVAS 2.0 will introduce a full set of new modules for OpenVAS Server (openvas-libraries, openvas-libnasl and openvas-server) and a new OpenVAS-Client. The only module OpenVAS 1.0 and OpenVAS 2.0 will share is openvas-plugins. This means that the OpenVAS NVT Feed is compatible with both generations of OpenVAS. However, in case you plan to try out the new generation of OpenVAS, you should install it separately from OpenVAS 1.0 installation. Instructions on how to do this will be added to the OpenVAS homepage after all relevant modules are released as 2.0-beta1. A separate announcement will officially start the beta testing phase for OpenVAS 2.0. Main changes in this release (compared to release 1.0.1): * Updated packaging files for Debian. * Support for plugin upload has been removed from OpenVAS-Server. * Support for detached scans has been removed from OpenVAS-Server. * Switch from Nessus Transport Protocol 1.2 to OpenVAS Transport Protocol (OTP) 1.0. * New command line parsing implementation for openvasd (internal change). * Fix for memory management issues in plugin scheduler that resulted in aborted scan sessions under certain circumstances. * Updated scripts for user management; this fixes issues with new users being unable to login under certain circumstances. * Initial support for OVAL definitions. * Updated documentation. * Switch from Nessus plugin IDs to NVT OIDs (internal change, also applies for OTP) Many thanks to everyone who has contributed to this release: Tim Brown, Javier Fernandez-Sanguino, Jan Wagner, Jan-Oliver Wagner and Michael Wiegand openvas-server 1.0.1 (2008-07-03) This release contains new and improved packaging files for various distributions as well as bug fixes and cleanups. It also adds syslog support to openvas-server and contains a first draft for the upcoming OpenVAS Transport Protocol. Please note that this version requires openvas-libraries 1.0.2 or newer and openvas-libnasl 1.0.1 or newer. Please be aware that the plugin upload feature has been disabled in openvas-server due to security concerns as described in http://www.openvas.org/openvas-cr-4.html . This functionality is now deprecated and will be removed in future versions of openvas-server. If your existing installation depends on this feature, we recommend that you do not update to 1.0.1. * Added syslog support to openvasd logging facility. * Fixed memory leaks in plugin scheduler. * Added and improved packaging files for Debian, OpenSUSE and Fedora. * Changed version requirements for openvas-libraries from 0.9.2 to 1.0.2 due to API extension for OpenVAS OIDs. * Changed version requirements for openvas-libnasl from 0.9.1 to 1.0.1 due to API extension for OpenVAS OIDs. * Disabled plugin upload feature due to security concerns. * Fixed possible buffer overflow in user authentication. * Fixed a configuration issue that broke the build process on certain 64bit installations. * Added a first draft of the specification for the upcoming OpenVAS Transport Protocol. * Various code cleanups. Many thanks to everyone who has contributed to this release: Bernhard Herzog, Jan Wagner, Jan-Oliver Wagner, Michael Wiegand and others. openvas-server 1.0.0 (2008-01-31) First stable release with only minimal changes compared to latest 0.9 version. No problems or any sort of issues have been reported for over two months now. This release is done basically to reach the mentally important version 1.0, there is no technical need to replace openvas-server for a running installation. Main changes are: * Minor cleanups in package files. * openvasd does not do any (useless) version check for -libraries and -libnasl anymore. openvas-server 0.9.2 (2007-11-07) Legal and minor technical fixes release. Main changes are: * Fixed tool "openvas-config" to output correct version of OpenVAS server (openvasd) * During installation routine, now a "gnupg" directory is created where the other configuration files of OpenVAS are located. This is the place for feed certificates. * Removed some non-free documents (README_SSL, doc/WARNING.En and doc/WARNING.Fr). openvas-server 0.9.1 (2007-10-17) Minor cleanup release. Main changes are: * Version checking for openvas-libaries and openvas-libnasl at package configure time. * Some code cleanups. * Internal code refactoring. openvas-server 0.9.0 (2007-07-27) The first initial release of openvas-server after the fork from Nessus 2.2.x. Main changes are: * Removed the client from this package. * Replace OpenSSL by GNU/TLS (therefore it is allowed now to distribute binary packages with SSL-support) * SSL now mandatory. * Many cleanups of ancient remains (still many to come) * Removed various W32-specific elements, because W32 isn't a taget system anyway. * Lots of renaming to avoid conflicts with parallel Nessus installation Old Changes information from the Nessus times: 2.2.5 : . changes by Renaud Deraison : - Faster scan startup speed (at the expense of a slightly bigger memory usage) - nessus-fetch now calls nessus-update-plugins upon registration - Fixed the use of an uninitialized buffer in the shared socket code - Fixed some uninitialized variables in nessus_tcp_scanner - Fixed several null pointer dereferencement in libnasl - New NASL function 'send_capture()' - Rotate nessusd.messages on startup if the file is too big . changes by Michel Arboi : - nessus_tcp_scanner now tracks down more statistics about the remote ports (filtered vs. closed) . changes by Beirne Kornarksi : - Fixed bug#1224 2.2.4 : . changes by Renaud Deraison : - Fixed a bug in nessusd when killing slow plugins, which may result in a hang of the scan - Fixed a bug in find_services.nes which would prevent it from exiting properly when receiving a SIGTERM message - Fixed a bug in libnessus/network.c which may result in incompletes SSL reads - Fixed proxy support in nessus-fetch - Reduced CPU usage - Brand new SMB API - The nessus-fetch man page is now installed - Updated os_fingerprint.nasl with all the newest signatures . changes by Michel Arboi : - More gentle nessus_tcp_scanner 2.2.3 : . changes by Renaud Deraison : - Added the 'silent dependencies' option (suggested by Nicolas Pouvesle) - Added a new 'Credentials' Tab to put SSH and SMB credentials - Removed some un-recommended options from the GUI (detached scan) - Fixed a NULL-ptr dereferencement in libnasl . changes by Michel Arboi : - Call setrlimit() without any limits when calling popen() . changes by Nicolas Pouvesle : - Replaced the functions in libnasl/nasl/smb_crypt.* by crypt_func.nasl 2.2.2 : . changes by Renaud Deraison : - Fixed HTTPS-over-proxy in nessus-fetch - Fixed a build issue on Solaris in nessus-fetch - Fixed the detached scans 2.2.1 : . changes by Renaud Deraison : - Turn on buffering for every TCP sockets to reduce the number of system calls (only HTTP-related sockets would have a buffered input) - Fixed bug#1065 which would make nessusd do an endless stream of calls to gethostbyname() when testing a non-existant host name - Fixed a bug in the TCP socket buffering which would cause read_stream_connection() to perform a short read under some circumstances - Added nessus-fetch(1), a utility which retrieves plugins from www.nessus.org. - Rewrote nessus-update-plugins to use nessus-fetch instead of wget/lynx/fetch/curl - Fixed bug#1076 (support for bash 3.0) . changes by Michel Arboi : - New TCP port scanner (nessus_tcp_portscan.nes) - Better Hydra integration through multiple nasl scripts 2.2.0 : - Fixed a couple of memory leaks (thanks to Lance Uyehara) 2.2.0RC1 : . changes by Renaud Deraison : - Fixed a bug in the client which would not make it 'remember' the scanner selection - Each plugin can have a bigger number of cross-references associated to it - Starting nessusd displays the current status of the plugins beeing loaded . changes by Boris Wolf : - Increased the buffer size on the client side to receive bigger reports 2.1.3 : . changes by Renaud Deraison : - Shared sockets: NASL scripts can share a socket between each others, instead of re-establishing the connection - New system calls in NASL - get_kb_fresh_item() and replace_kb_item() - The SSH checks now use a shared socket instead of re-logging into the remote host - The plugin selection in the client GUI is much faster 2.1.2 : . changes by Renaud Deraison : - nessus-update-plugins makes sure that the plugin archive has been properly signed before uncompressing it . changes by Michel Arboi : - fixed a memory leak in NASL2 - wrote nmap.nasl, snmpwalk_portscan.nasl and nikto.nasl to replace the equivalent .nes plugins - fixed the pread() NASL function . changes by Nicolas Pouvesle : - Improved SSH compatibility with non-OpenSSH servers 2.1.1 : . changes by Renaud Deraison : - Scripts can be cryptographically signed. A signed script gets access to more NASL functions - Restricted the access to the nasl functions pem_to_rsa(), pem_to_dsa(), rsa_sign() and dsa_do_sign() to signed NASL scripts - The nasl functions pread() and find_in_path() are accessible to signed NASL scripts and allow the execution of local commands 2.1.0 : . changes by Nicolas Pouvesle : - SSH implementation in NASL . changes by Renaud Deraison : - Added support for local security checks on remote hosts, over SSH (support for FreeBSD, MacOS X, RHEL2.1 and RHEL3) - Wrote a clean internal API to let Nessus communicate with its sons - Re-wrote the KB API to use a hash table instead of a slow linked list and to support KB items of arbitrary length 2.0.12 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - Fixed a bug in ./configure which would sometimes assume that GTK is not installed whereas it actually is - Fixed a race condition in nessus-adduser for users who do not configure their TMPDIR variable (thanks to Cyrille Barthelemy) - Fixed a bug in nessus-update-plugins which would not update the plugins properly on all systems - Fixed the installer to compile Nessus with GTK support if gtk-config OR pkg-config is installed. 2.0.11 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - Fixed Solaris portability issue introduced in 2.0.11 - Fixed a bug in the HTML with graphs output which would make it loop indefinitely - Proper GTK+2.x support (GTK+ 1.2 is still supported) - Fixed nessus-update-plugins for FreeBSD 2.0.10 : [maintenance release only] . changes by Renaud Deraison (deraison@cvs.nessus.org) - Fixed MacOS X portability issues - Non-intrusive OS-fingerprinting (based on xprobe's techniques) - DNS fingerprinting - killall -1 nessusd does not restart the bpf server on BSD systems - longer connect() timeout for TCP sockets - Fixed hydra.nes . changes by Michel Arboi (mikhail@nessus.org) - WWW fingerprinting - partially fixed hydra.nes . changes by (galt@fiberpimp.net) - IP addresses are now sorted in EVERY reports . changes by Laurent FACQ (facq@u-bordeaux.fr) - Automagically rewrite banners to handle distributions which do backporting of security fixes (ie: Debian) 2.0.9 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - The bpf sharing system now works fine on BSD systems, so Nessus now only requires one /dev/bpf to work correctly, no matter how many hosts are being tested - Minor bug fixes - A bug in tcp_ping() would make some probes have a source port set to 0 . changes by Michel Arboi (arboi@alussinan.org) - Added functions in libnasl (join_multicast_group(), unixtime(), and more...) - All SSL operations now use non-blocking sockets instead of the alarm() trick to handle timeouts . Changes by Pavel Kankovky - Minimize the number of pixmaps that need to be created in the Nessus client by re-using them 2.0.8 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - Improved plugins dependencies - Improved some plugins performances - Better default values for nessusd.conf and .nessusrc - Fixed insert_ip_options() which was broken 2.0.7 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - Fixed bad performances issues when pinging dead hosts - Fixed a bug which would prevent to store items larger than 2kb in the KB - NFS and SMB file-related functions completed (open, read and cwd are implemented) - Plugins support for Windows 2003 - Network IPs can now be evenly sliced instead of being scanned sequentially - User-definable source-IP(s) for the checks (nessusd -S) - Fixed a possible message corruption problem if a plugin was to send a too long message back to nessusd - Fixed a possible plugin corruption problem when the client overwrites existing plugins - Fixed various false positives and wording issues in several plugins 2.0.6 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - Support for the keyword 'default' as a port range in nmap_wrapper.nes - Fixed a zombie issue in nmap_wrapper.nes - Fixed various issues which could allow a NASL script to crash the NASL interpretor - Improved the process management in find_services.nes 2.0.5 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - Fixed a rare race condition which may make the scan hang - Fixed SMB related issues - Entering "default" as the port range will make nessusd scan the ports listed in the Nessus services file. - Even more sigs in find_services.nes . changes by Julien Bordet (zejames@greyhats.org) - Added over 3,000 signatures to smtpscan.nasl (thanks to the data provided by the Nessus team) 2.0.4 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - fixed the SIGCHLD handler which would not work properly and leave zombies on the system - fixed a race condition when testing a great number of hosts which would cause a testing process to slow down a whole audit or even hang it totally - When a great number of host names is passed to nessusd as a target, they are resolved by chunks of 64 instead of trying to resolve everything then starting the test - RedHat 9 support (in spite of their attempt to make their distro incompatible with everyone else) . changes by Gabriel L. Somlo - The nessus can save the reports to stdout and read them from stdin 2.0.3 : - fixed a compilation error which would prevent find_services from working properly 2.0.2 : . changes by Michel Arboi (arboi@alussinan.org) - NASL port of smtpscan (original Perl program by Julien Bordet) - Nasty bug made loop stop prematurely on rare cases . changes by Renaud Deraison (deraison@cvs.nessus.org) - Re-wrote webmirror.nasl from scratch. The new version has a real parser built-in and is much faster - Added checks for older Microsoft Advisories - SMB plugins now use NTMLv1 authentication, ie: they don't send passwords in clear text over the network any more - Added new crypto functions, taken from samba, in libnasl/ - Repaired detached scans - Fixed IP ranges notation (10.1.1-9.1-254 did not work any more) - Minor bug fixes and enhancements : #234, #233, #230, #229, #228, #225, #222, #220, #218, #217, #216, #215, #213, #212, #211, #207, #206, #205 - nessus-update-plugins properly calls chown under FreeBSD, no matter how many plugins there are - find_services.nes recognizes even more protocols . changes by Xueyong Zhi - Added NTLMv2 authentication . changes by Frank Migge (frank.migge@oracle.com) - nessus-mkcert-client creates the auth/rules file properly 2.0.1 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - Minor bugfixes (bugs #180, #183, #185, #188, #189, #195, #197, #202, #203, #204) - Fixed the "pink" graphical report issue - Added http keep-alive support in the CGI related plugins - Fixed a bug in the function get_kb_list() which would not always work properly - Fixed an issue where in some situations, some HTTP services would not be tested for flaws if they have not been port-scanned first - Added new signatures in find_services.nes . changes by Stephen Friedl (steve@unixwiz.net) - Fixed bugs and warnings in nessus-libraries 2.0.0 : . changes by Michel Arboi (arboi@alussinan.org) - NASL2 : Implement >!< "strings don't match" operator - NASL2 : fixed a vicious case of freed memory copy. . changes by Renaud Deraison (deraison@cvs.nessus.org) - Fixed a small bug in the plugin scheduler - Ported to IRIX - Several small bugfixes . changes by Xueyong Zhi - Added nmap_osfingerprint 1.3.4 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - Re-written the process manager for the hosts - Lots of bugfixes in the plugins text store manager - New port scanner "synscan" which uses the RTT of the packets to do its job. - Fixed several small issues in nasl and nessusd (bug fixes, code cleanup) - Added cryptographic hashing functions in NASL - Added the function get_kb_list() which returns the content of a KB without forking the plugin - Updated the manpages of nessusd and nasl . changes by Michel Arboi (arboi@alussinan.org) - Fixed scanner_get_port() when running in standalone mode - Fixed possible uninitiliazed memory issues in libnasl - Started to write the NASL2 reference guide (to be found in libnasl/doc/) 1.3.3 : . changes by Michel Arboi (arboi@alussinan.org) - Implement bit xor, logical & aithmetic right shift, power - Fix operator precedence - Added new NASL functions . changes by Renaud Deraison (deraison@cvs.nessus.org) - The plugin texts are not loaded in memory any more, thus reducing the consumption of the nessus daemon of two megs. This also speeds up the loading of nessusd. - Fixed a bug in the plugins scheduler (if optimizations were enabled, the scan would sometime hang) - Added a new NASL function (int()) - Fixed strings substraction to handle null values properly - find_services.nes runs in parallel mode, for improved speed - new plugin (synscan) which should perform well against firewalled hosts (computes the RTT before the scan) 1.3.2 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - Added fixes so that nessus-core/nessusd/pluginscheduler.c compiles with the latest version of GCC - Fixed a bug in nessus-libraries/libnessus/bpf_share.c : a timer would not be reset, causing plugins which call bpf_next() to sometimes crash - Set the timer of bpf_share.c to a much lower value, thus making it work much better - Improved tcp_ping() - Fixed two bugs in the plugins scheduler : - If the option "enable dependencies at runtime" is set, it would enable ALL the plugins which are depended on, instead of only those we use ; - In some cases, it may terminate too early, thus preventing a scan from being complete - DESTDIR support 1.3.1 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - Rewrote the plugins scheduler (which determines the order in which the plugins are to be launched). The new one is much more efficient but as a result, it is not possible to accurately determine the order in which the plugins will be ran, so the 'plugin name' in the client is now totally bogus - Fixed various issues with NASL scripts so that they work better with NASL2 - Fixed bugs relative to the creation of icmp and udp packets in nasl - Fixed some fatal bugs in the bpf sharer - NASL scripts do not read /dev/urandom any more, and use time() as a random seed instead. As a result, the loading and execution of nasl scripts if faster on systems where /dev/urandom can be blocking - Fixed the tcp NIDS evasion techniques on BSD systems - Full support for Bugtraq IDs - The HTML reports add links for URLs, and show the ID number of the plugin that issues the report. - Speed up the calls to arg_get_value() by using a hash of the name being searched for. - Changed the licence of NASL2 to the GPLv2 (with the consent of Michel Arboi) . changes by Michel Arboi (arboi@alussinan.org) - Better handling of the arrays in NASL2 . changes by Erik Anderson (eanders@carmichaelsecurity.com) - CVE and bugtraq cross references . changes by Jay (jay@kinetic.org) - Fixed multiple typos in the plugins . changes by Javier Fernandez-Sanguino (jfernandez@germinus.com) - Nessus now ships Hydra 2.2 - Fixed various compilation scritps (see bug#63) 1.3.0 : . changes by Michel Arboi (arboi@alussinan.org) - Use our own nessus-services file (re-generated at first start to include /etc/services and nmap-services) - Added new families of plugins (ACT_KILL_HOST and ACT_END) - Rewrote libnasl . changes by Renaud Deraison (deraison@cvs.nessus.org) - The 'cancel' button of several file selection dialogs is now working - Optimized several plugins : - Web-related checks now use http_recv() instead of recv() - open_priv_sock_tcp() has a lower timeout - RPC related checks now use get_rpc_port(), a function equivalent to libc's getrpcport() but with a much smaller timeout - Decreased the default value of checks_read_timeout from 15 to 5 - Fixed a bug in the plugin selection GUI which would not refresh the list of plugins of a given family properly (bug#3) - Fixed memory leaks in NASL - Fixed a bug in nessusd which would make it leak memory when receiving a SIGHUP (bug#10) - Fixed a compatibility problem with Nmap 3.10ALPHA (bug#11) - Nessus now accepts nmap's U: and T: notation for the port range (bug#5) - Helped Michel Arboi to give the last touches to the new libnasl . changes by Erik Anderson (eanders@pobox.com) - Added CVE and BID links, added urls and removed dead links from the plugins . changes by Michel Scheidell (scheidell@secnap.net) - Improved several SMB-related checks . changes by Rodolfo Baader (rbaader@activesec.biz) - Quotes and apostrophes are properly escaped in the XML output report 1.2.6 : . changes by Michael Slifcak (Michael.Slifcak@guardent.com) - Added Bugtraq cross reference in the plugins - Added support for BID in nessusd (this has yet to be done on the client side) . changes by Axel Nennker (Axel.Nennker@t-systems.com) - fixed the xml and html outputs - fixed array issues in a couple of plugins . changes by Michel Arboi (arboi@alussinan.org) - find_service now detects services protected by TCP wrappers or ACL - find_service detects gnuserv - ptyexecvp() replaced by nessus_popen() (*) . changes by Renaud Deraison (deraison@cvs.nessus.org) - Fixed a bug which may make nasl interpret backquoted strings (\n and \r) received from the network (problem noted by Pavel Kankovsky) - nmap_wrapper.nes calls _exit() instead of exit() (*) - Solved the lack of bpf's on Free/Open/NetBSD and MacOSX by sharing _one_ among all the Nessus processes. As a result, Nessus's ping is much more effective on these platforms - bugfix in plug_set_key() which would eventually make some scripts take too long when writing in the KB - Plugins of family ACT_SETTINGS are run *after* plugins of family ACT_SCANNERS - replaced the implementation of md5 which was used when OpenSSL is disabled by the one from RSA (the old one would not work on a big-endian host) - Fixed plugins build issues on MacOS X - The nessus client compiles and links against GTK+-2.0. Of course, it will be horrible and instable, as the GTK team does not care about backward compatibility (*) These two modifications solve the problems of nmap hanging under FreeBSD 1.2.5 : . changes by Michel Arboi (arboi@alussinan.org) - find_service now displays unknown services that run on assigned ports - read_stream_connection smarter (smaller timeout) - find_service sometimes declared IDENT as "unknown" . changes by Renaud Deraison (deraison@cvs.nessus.org) - Fixed a deadlock that would prevent some plugins from completing - Fixed a possible (although rare) corruption issue in the reports (the script IDs could under some circumstances be random) - Fixed a potential segfault in the execution of nasl scripts 1.2.4 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - Reverted back to autoconf 2.13. - Bug fix in nessus-core/nessusd/pluginlaunch.c - under some circumstances, data might have be lost in the reports - Fixed a bug in several plugins for web checks (under some circumstances, a plugin would do N x N checks against the remote web servers (where N equals to the number of web servers running on the remote host) 1.2.3 : . changes by Isaac Dawson (idawson@securitymanagementpartners.com) - New html output layout. . changes by Pasi Eronen (pasi.eronen@nixu.com) - fix in nmap_wrapper . changes by Renaud Deraison (deraison@cvs.nessus.org) - Fixed a bug which could make, under some circumstances, make nessusd crash the host it is running on. - If the option log_whole_attack is set to "no", then only the begining and the end of the attack is logged (and not the time each plugin takes) - Improved no404.nasl to further reduce false positives - Bug fix in nessusd - under some rare circumstances, report data could be lost (if many many plugins were enabled at the same time and were sending data at the same time). - UDP packets are resent while we wait for a reply (avoids to loose packets en route) - Fixed the option "auto_enable_dependencies" which would not always work - Sending a SIGTERM to the nessus client during a command line scan forces it to save its result to the current test file - Non-printables characters are not shown in the report any more 1.2.2 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - In the GUI, while running a scan, plugins names are only updated once in a while (saves CPU) - Bugfix in the client : some host names would make the client crash - Repaired the '-P' switch in the client 1.2.1 : . changes by Simon Law (sfllaw@engmail.uwaterloo.ca) - Made a manpage for nessus-mkcert-client(1) and have it installed by the Makefile - Revised most other manpages for missing information and to increase clarity . changes by Renaud Deraison (deraison@cvs.nessus.org) - Fixed the -i switch of nessus-update-plugins - Fixed a bug in the server which would, in some circumstances, not make it announce the proper order of the plugins being run - More CVE cross references - get_host_name() always return a FQDN - User-configurable third party domain for SMTP relay checks - Repaired hydra.nes - Fixed MacOS X specific problems (dlcompat vs NSCreateObjectFileImageFromFile) - Plugins dependencies appear in the GUI - Fixed nessus-mkcert so that long email addresses are accepted - Re-generated the 'configure' scripts with autconf 2.53 . changes by Michael Scheidell (scheidell@fdma.com) - Added some bound checkings in some SMB plugins to reduce noise in nessusd.messages . changes by Michel Arboi (arboi@alussinan.org) - ping_host.nasl pings on multiple ports 1.1.15/1.2.0 : . changes by Nicolas Dubee (ndubee@secway.com) : - Better support for AF_UNIX sockets . changes by Brian (bmc@snort.org) : - CVE references - several bugfixes in the plugins . changes by Peter Gründl (pgrundl@kpmg.dk) and Carsten Joergensen (carstenjoergensen@kpmg.dk) : - Extensive review of the plugins and therefore numerous fixes . changes by Axel Nennker (Axel.Nennker@t-systems.com) - FD leak in save_kb.c fixed . changes by Renaud Deraison (deraison at nessus.org) - It is now possible to upload files to the server when using the command line client - lrand48() portability problems worked around - fixed a bug in the report window that would make it crash randomly 1.1.14 : . changes by Renaud Deraison (deraison at nessus.org) - SMB fixes (thanks to Michael Scheidell) - When the safe checks option is enabled, dangerous tests with no alternate code (ie: plugins of type ACT_DESTRUCTIVE_ATTACK and ACT_DENIAL) are disabled - Hosts can be designated by their MAC address of instead of their IP address (mostly useful for DHCP networks) - Fixed a bug in the report generation which would replace newlines (\n) by semi-columns (;) - Fixed a bug in the export of some types of reports, where open ports with no data associated would not be saved - Integrated THC's Hydra as a Nessus plugin - Added new NT security checks (related to user management) - Plugins of type ACT_SETTINGS can not be disabled - Fixed a bug which would make nessusd hang when a scanner was reporting too many open ports (as when a UDP scan reports all UDP ports as being open) . changes by Dion Stempfley (dion at riptech.com) - The client can now filter on category . changes by Axel Nennker (Axel.Nennker@t-systems.com) - Fixed some plugins causing error messages in some circumstances (dns_xfer.nasl, snmp_processes.nasl...) - Stylish changes to prevent gcc -Wall from whining in some files - XML NG output is now XML compliant - Bug fixes . changes by Jenni Scott (jenni.scott@guardent.com) and Michael Slifcak (michael.slifcak@guardent.com) : - Improved the reporting of the plugins (better consistency, better wording) 1.1.13 : . changes by Michel Arboi (arboi@alussinan.org) - New family ACT_SETTINGS dedicated to plugins which just let the user enter some preferences - Optional NIDS evasion techniques (url encoding, tcp slicing) . changes by Renaud Deraison (deraison at nessus.org) - Fixed a bug in the command line client which would make it ignore some preferences - SMB checks can now log into a Windows domain - NIDS evasion techniques (data injection, short ttl) - Fixed a bug which would randomly stall the scan 1.1.12 : . changes by Renaud Deraison (deraison at nessus.org) - Workarounds on FreeBSD to prevent a kernel panic (thanks to Michael Scheidell and Stefan Esser) - nessus can export reports as other file formats again 1.1.11 : . changes by Renaud Deraison (deraison at nessus.org) - Fixed a bug regarding the saving of reports from the GUI - Improved the backend in many ways (speed-wise, content-wise) - Changes in the protocol - More messages are sent between the server and the client (timestamps, plugins version, ...) - New .nbe file format, which looks like .nsr but has more information in it - Plugins now have versions numbers. - The user can upload his plugins to the nessusd server from the client - It is now possible to upload files to the server (ie: nmap's results) in command-line mode - Fixed false positives in SNMP plugins when launched against a non-configured Solaris snmpd . changes by Guillaume Valadon (guillaume at valadon.net) - New XML output (the XML layout was defined by Lionel Cons [lionel.cons at cern.ch]) 1.1.10 : . changes by Renaud Deraison (deraison at nessus.org) - Fixed a bug introduced in 1.1.9 which would sometimes prevent a user from aborting an on-going test - Fixed a bug in the client which would prevent the user from setting a port range longer than 255 chars - Fixed bugs in pcap_next() (thanks to Richard van den Berg). Also, pcap_next() is now more flexible. - Fixed a bug in the command line client which would make it close the communication too early when the client - server communication is not ciphered - Added an "auto-load dependencies at runtime" option 1.1.9 : . changes by Renaud Deraison (deraison at nessus.org) - Fix in the GUI, when closing a saved report - Fixed a bug in ftp_log_in() which would prevent nasl script from logging into some FTP servers - Solaris build problems fixed - Darwin 1.4.1 build problems fixed - MkLinux DR3 build problems fixed (is anyone using it anymore ?) - GTK 1.0.x build problems fixed (the use of GTK 1.2 is recommended though) - Fixed the "wrong call to getopt" problem which would make Nessus segfault when built with cygwin, and which would prevent options from working under Solaris & FreeBSD (thanks to Udo Schweigert) - SMB checks speedup (thanks to Georges Dagousset's suggestion) - Fixed a bug in the client - server communication that would make the server close the communication when the client is idle - Better support for AF_UNIX socket for client-server communication (compile nessus-core with ./configure --enable-unix-socket) - Plugins are disabled by default in batch mode . changes by Michel Arboi (arboi@alussinan.org) - Client now properly checks the certificate of the server . changes by Benoit Brodard (bbrodard at arkoon.net) - fixed bugs in nasl/tcp.c (checksum, handling of unsigned int) 1.1.8 : . changes by Renaud Deraison (deraison at nessus.org) - Workaround for systems with a low number of bpfs (OpenBSD, Darwin) - Added some length checks for SMB checks - No more zombies - Fixed accounts.nes - Fixed the reporting of the client (reports would be mixed) - Client removes tempfiles when exiting - Repaired ptyexecvp() which would not work on Solaris - Slight bugfix in the NASL interpretor . changes by Georges Dagousset (georges at alert4web.com) - More optimizations - Properly reloads KBs with the same value defined more than once - Fixes in some plugins dependencies . changes by Michael Slifcak - More nmap options - Quiet mode in nessus-adduser 1.1.7 : . changes by Renaud Deraison (deraison at nessus.org) - Compiles on platforms without OpenSSL - Better Solaris support - Ported under Darwin (many thanks to Dieter Fiebelkorn (dieter at fiebelkorn.net) who actually started the port and helped me test this) - Unscanned ports can now be considered as closed or open (instead of just open), at user choice - Upgraded to libtool 1.4.2 - fixed a bug in the client which would make it display the wrong report when doing multiple scans - enhanced the plugins filter (that appear when pressing 'l' in the GUI) - fixed a serious problem in the SMB plugins which would prevent them to work against Samba and which would make them slow against Windows (pointed out by Georges Dagousset) . changes by Iouri Pletnev (Iouri.Pletnec at xacta.com) - Ported under Cygwin . changes by Michel Arboi (arboi@alussinan.org) - Added nessus-mkrand for hosts with no /dev/random AND no EGD running 1.1.6 : . changes by Renaud Deraison (deraison at nessus.org) - EGD support for OpenSSL (do ./configure --enable-egd=/path/to/egd/socket in nessus-libraries) - KB items are now stored with individual dates instead of a global date for the whole KB file. Yes, this means you have to delete your old KB files - When an host could not be pinged, his KB is not altered (nor created) - fixed memory leaks in nessusd - nessus-mkcert checks that the certificates were really created before congratulating the user - fixed a security problem where anybody with a shell on the nessusd host could log in 1.1.5 : . changes by Georges Dagousset (georges.dagousset at alert4web.com) : - new KB entries for further "optimizations" - improved find_services.nes . changes by Renaud Deraison (deraison at nessus.org) : - cleaned up the KB - added doc/kb_entries.txt - bugfix in find_services regarding the pem password - new reporting GUI - fixed a problem which would leave some plugin run against a host considered as dead - the KB are now stored with properly escaped \n and \r chars - greatly improved tcp_ping.nasl (and tcp_ping() in libnasl) . changes by Michel Arboi (arboi@alussinan.org) : - replaced PEKS by OpenSSL in the client/server communication . changes by H D Moore (hdm@secureaustin.com) - fixed no404.nasl 1.1.4 : . changes by Renaud Deraison (deraison at nessus.org) : - fixed find_services.nes - plugins that are slow to finish are _really_ killed by the server - the client better handles the scan of big networks - nmap_wrapper now updates its progress bar - nessus-update-plugins support proxies (with or without authentication) - monitor_backend.c and data_mining.c allow any developer to plug a database behind the client (by default flatfiles are used) - bug fixed in nmap_wrapper which would make it kill its parent process randomly - minor fix in the tcp_ping() function of NASL (ack would be set to non-zero for a syn packet) - fixed Alexis's ftp_write_dirs.nes & ftp_bounce_scan.nes . changes by Michel Arboi (arboi@alussinan.org) : - find_services accepts password-protected .pem files - patches in the way files were transmitted between the client and the server (which could end up in a deadlock) . changes by Alexis de Bernis ) - nessusd and nessus : error at loading time when the peks library was compiled with a special ./configure flag (thanks to Bradley M Alexander ) - nessusd and nessus : can be compiled with the --disable-cipher flags - plugins : ftp_overflow.nasl : fixed a false positive pointed out by Jean-Paul Le Fevre - plugins : a dozen of new plugins have been added (piranha, uw imap overflow, Ken!, htimage.exe, lcdproc overflow, real server DoS, and more...) - nasl : added open_priv_sock_{udp,tcp} to open a socket with a priviledged port 1.0.0pre2 : - nessusd : stop the current plugin when the user hits 'stop' - nessusd : the rules now accept the keyword 'client_ip' (suggested by Hermann Himmelbauer ) - nessusd : logs the name of the plugins that are loaded (suggested by Matthias Andree ) - nessus : the 'reverse lookup' option now works - nessus : typo would prevent to compile nessus with gtk 1.0 (thanks to mike for pointing this out) - nessus : changed the .nsr file format to something more easily parseable which contains the ID of the plugins which generate security warnings or holes - nessus : error dialog makes more sense when nessusd is killed in the middle of a test (pointed out by Matthias Andree ) - nessus : fixed a segmentation fault that could occur during the login (Stefan Rapp s.rapp@hrz.uni-dortmund.de) - nessus : the user now has the ability to select all the plugins except the dangerous ones - nessus : fixed the busy waiting loop in the password dialog. For real this time. Thanks to Matthias Andree for pointing this out again. - nessus : other cosmetics things have been fixed - nasl : now supports user-defined functions (see the documentation for more details) - plugins : ssh_insertion.nasl : fixed a typo which would cause the plugin to yell when the user was using OpenSSH 1.2.2 (which is immune to this problem). Thanks to R. Pickett for pointing this out - plugins : lot of new security checks (thanks to Roelof Temmingh for pointing out some missing IIS checks) - all : version check at startup, as suggested by Scott Adkins 1.0.0pre1 : - nessus-adduser : utility to add easily a nessusd user - nessus : remembers the username - nessus : warns the user that the host key has been saved - nessus : fixed a busy waiting in the passphrase requester (thanks to Matthias Andree for pointing this out) - nessus : fixed a segmentation fault that would occur when the user close the test window during a test - nessus : saves the preferences of each plugin - nessusd : fixed a problem in the rules which ended up being too restrictive - nessusd : killall -1 nessusd now works - plugins : nmap_wrapper.nes : compatible with the new output of nmap - traditional netmasks (255.255.255.0) are now accepted - will not scan broadcast addresses (ie: 192.168.1.1/255.255.255.0 will scan from 192.168.1.1 to 192.168.1.254) - Compatible with FreeBSD 4 0.99.10 : - nessus : polished the GUI - nessus : GTK 1.0 compatible (Eduardo Urrea ) - nessusd : fixed a problem which could make the client see what was happening a few seconds later the event happened. (this was occuring when doing few tests against a great number of hosts) - nessusd.conf goes back to ${sysconfdir}/nessus/ (and not ${sysconfdir}/) - nessusd CPU usage : dropped from 100% to much fewer [thanks to Ryan Mooney who pointed this out] - nessus and nessusd : the target file may have an unlimited size (it was cut down to 2047 bytes in the past) [many thanks to Boris Wesslowski for pointing this out] - nasl : fixed a bug in recv() which would make nasl crash when reading data from a non-socket - nasl : close the sockets opened by a script in nasl_exit() - nasl : fixed a bug in egrep() - nasl : init_telnet() behaves well against a tcp-wrapped telnet - plugins : nmap_wrapper : ability to use nmap's ping. 0.99.9 : - nasl : added support for \xNN translation (Sebastian Andersson ) - nasl : cleaner compilation process - nessusd : removed warnings during compilation - nessusd : fixed a possible segmentation fault / logfile corruption that could occur when the user was manually stopping a test - nessusd : fixed typos that would prevent the compilation without the cipher layer - libnessus : timeout in recv_line() - nessus : fixed a dumb segmentation fault in the client when all the plugins are activated - nessus : disable all / enable all buttons - nessus : nicer xpms for error and warnings dialogs - nessus : fixed a bug that could make the client crash during plugin selection - plugins : read_accounts : fixed a problem that would disable this plugin - plugins : read_accounts : better handling of BSD telnet - plugins : queso : fixed a problem which would disable this plugin - plugins : stacheldraht : fixed a typo - plugins : added acc.nasl, netscape_wp_bug.nasl - added nasl_version() and nessuslib_version(), as suggested by Scott Adkins - nessus-core : better support for sysconfdir Keith Amidon (camalot@picnicpark.org) 0.99.8 : - OpenBSD portability - HP/UX shl_* support - re-attributed the plugins category, thanks to the lists made by Jeff Odegard who divided the plugins into three categories : begnign, intrusive and potentially destructive - the client disable all the potentially destructive plugins if they are not in ~/.nessusrc, and puts a warning sign in front of them - plugins have been attributed a unique ID - plugins are CVE compatible - NASL now supports regular expressions through the ereg() function. The syntax of the regexps is egrep-style, that I personnaly like. - several bugfixes - several new plugins - 'nasl' is a standalone NASL interpretor that can be used to debug Nessus scripts and/or write independants ones. - the nasl guide has been updated and comes with libnasl/ 0.99.7 : - fixed a 'file descriptor bomb' which would prevent nessusd to test big networks - fixed a problem in nessusd which would make it slow down then crawl when it was testing big networks 0.99.6 : - many segmentation faults corrected - fixed a problem in the client <-> server communication which would make the server "forget" to send some data to the client 0.99.5 : - New HTML export with pies and graphs - Handles the HTTP redirects (thanks to Andreas J. Koenig for requesting it) - behaves well when the same service is detected more than once on the target side. Ie: if the target is running 2 web servers, then all the security checks will be performed on both - Nicer client GUI - Communication between the client and the server's children done in a cleaner way - Corrected a bug in the client that would prevent it to work when not compiled with the cipher layer - Added a inetd friendly option - The quiet mode of the client will produce HTML, LaTeX, text or .nsr files regarding the file suffix given as argument - ASCII text output - report can be saved to stdout - kept-alive connection between the client and the server (no need to log in again between two tests) 0.99.4 : - Speedup - Several segmentation faults fixed - The user can now select the timeout value of the security checks read() function - The client can specify an alternate configuration file - Client : fixed problems regarding when to use the GUI Previous versions : - Corrected a problem regarding the list of checks selected by the user - ${prefix}/var/nessus is created - Corrected a typo in the code that would generate the preferences file - Changed the behaviour of the nessus client, when it is started in the background and a pass phrase is wanted as input. If available, the client terminates while complaining to the stderr. - Added long options to the nessus client; as a side effect, the command line version works under windows, too - OpenBSD portability issues - Fixed the process tracker on cipher layer to meet the io thread table overflow - Updated the process mgmnt, provided a general pty interface for subprocesses like nmap - Reduced memory consumption by 50% - Nessus can now use nmap(1). Thanks to Phil Brutsche who helped me to figure out how to do this. - Configuration files now installed in ${prefix}/etc/nessus/ - Man pages for nasl-config, nessus-config, nessus-build, as well as patches to problems that may occur during the installation by Josip Rodin - More efficient way to determine whether a DoS was successful or not. Thanks to Michel Arboi for the suggestion (does not work well yet) - The communication errors : 'out of threads already' and 'no cookie for received packets' have been fixed. - All the newest security tests openvas-scanner-5.1.3/CMakeLists.txt000066400000000000000000000215041334154455600173760ustar00rootroot00000000000000# OpenVAS # $Id$ # Description: Top-level cmake control for the Scanner. # # Authors: # Matthew Mundell # Jan-Oliver Wagner # # Copyright: # Copyright (C) 2011-2016 Greenbone Networks GmbH # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. message ("-- Configuring the Scanner...") project (openvas-scanner C) cmake_minimum_required (VERSION 2.8) if (POLICY CMP0005) cmake_policy (SET CMP0005 OLD) endif (POLICY CMP0005) include (FindPkgConfig) if (NOT PKG_CONFIG_FOUND) message(FATAL_ERROR "pkg-config executable not found. Aborting.") endif (NOT PKG_CONFIG_FOUND) if (NOT CMAKE_BUILD_TYPE) set (CMAKE_BUILD_TYPE Debug) endif (NOT CMAKE_BUILD_TYPE) ## Retrieve svn revision (at configure time) # Not using Subversion_WC_INFO, as it would have to connect to the repo find_program (SVN_EXECUTABLE svn DOC "subversion command line client") macro (Subversion_GET_REVISION dir variable) execute_process (COMMAND ${SVN_EXECUTABLE} info ${CMAKE_SOURCE_DIR}/${dir} OUTPUT_VARIABLE ${variable} OUTPUT_STRIP_TRAILING_WHITESPACE) string (REGEX REPLACE "^(.*\n)?Revision: ([^\n]+).*" "\\2" ${variable} "${${variable}}") endmacro (Subversion_GET_REVISION) if (NOT CMAKE_BUILD_TYPE MATCHES "Release") if (EXISTS "${CMAKE_SOURCE_DIR}/.svn/" OR EXISTS "${CMAKE_SOURCE_DIR}/../.svn/") if (SVN_EXECUTABLE) Subversion_GET_REVISION(. ProjectRevision) set (SVN_REVISION "~svn${ProjectRevision}") else (SVN_EXECUTABLE) set (SVN_REVISION "~svn") endif (SVN_EXECUTABLE) endif (EXISTS "${CMAKE_SOURCE_DIR}/.svn/" OR EXISTS "${CMAKE_SOURCE_DIR}/../.svn/") endif (NOT CMAKE_BUILD_TYPE MATCHES "Release") # TODO: Check pkg-config (maybe with code like in gsa/CMakeLists.txt). ## Project version # The following three variables should be set through the project command once # we require CMake >= 3.0 set (PROJECT_VERSION_MAJOR 5) set (PROJECT_VERSION_MINOR 1) set (PROJECT_VERSION_PATCH 3) # Set beta version if this is a beta release series, # unset if this is a stable release series. #set (PROJECT_BETA_RELEASE 1) if (SVN_REVISION) set (PROJECT_VERSION_SVN "${SVN_REVISION}") endif (SVN_REVISION) # If PROJECT_BETA_RELEASE is set, the version string will be set to: # "major.minor+beta${PROJECT_BETA_RELEASE}" # If PROJECT_BETA_RELEASE is NOT set, the version string will be set to: # "major.minor.patch" if (PROJECT_BETA_RELEASE) set (PROJECT_VERSION_SUFFIX "+beta${PROJECT_BETA_RELEASE}") else (PROJECT_BETA_RELEASE) set (PROJECT_VERSION_SUFFIX ".${PROJECT_VERSION_PATCH}") endif (PROJECT_BETA_RELEASE) set (PROJECT_VERSION_STRING "${PROJECT_VERSION_MAJOR}.${PROJECT_VERSION_MINOR}${PROJECT_VERSION_SUFFIX}") ## CPack configuration set (CPACK_CMAKE_GENERATOR "Unix Makefiles") set (CPACK_GENERATOR "TGZ") set (CPACK_INSTALL_CMAKE_PROJECTS ".;openvas-scanner;ALL;/") set (CPACK_MODULE_PATH "") set (CPACK_RESOURCE_FILE_LICENSE "${CMAKE_SOURCE_DIR}/COPYING") set (CPACK_RESOURCE_FILE_README "${CMAKE_SOURCE_DIR}/README") set (CPACK_RESOURCE_FILE_WELCOME "${CMAKE_SOURCE_DIR}/README") set (CPACK_SOURCE_GENERATOR "TGZ") set (CPACK_SOURCE_TOPLEVEL_TAG "") set (CPACK_SYSTEM_NAME "") set (CPACK_TOPLEVEL_TAG "") set (CPACK_PACKAGE_VERSION "${PROJECT_VERSION_STRING}${PROJECT_VERSION_SVN}") set (CPACK_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") set (CPACK_SOURCE_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") set (CPACK_PACKAGE_VENDOR "The OpenVAS Project") set (CPACK_SOURCE_IGNORE_FILES "${CMAKE_BINARY_DIR}" "/.svn/" "swp$" ) include (CPack) ## Variables if (SYSCONF_INSTALL_DIR) set (SYSCONFDIR "${SYSCONF_INSTALL_DIR}") endif (SYSCONF_INSTALL_DIR) if (NOT SYSCONFDIR) set (SYSCONFDIR "${CMAKE_INSTALL_PREFIX}/etc") endif (NOT SYSCONFDIR) if (NOT EXEC_PREFIX) set (EXEC_PREFIX "${CMAKE_INSTALL_PREFIX}") endif (NOT EXEC_PREFIX) if (NOT BINDIR) set (BINDIR "${EXEC_PREFIX}/bin") endif (NOT BINDIR) if (NOT SBINDIR) set (SBINDIR "${EXEC_PREFIX}/sbin") endif (NOT SBINDIR) if (NOT LIBDIR) set (LIBDIR "${EXEC_PREFIX}/lib") endif (NOT LIBDIR) if (NOT LOCALSTATEDIR) set (LOCALSTATEDIR "${CMAKE_INSTALL_PREFIX}/var") endif (NOT LOCALSTATEDIR) if (NOT DATADIR) set (DATADIR "${CMAKE_INSTALL_PREFIX}/share") endif (NOT DATADIR) #if (NOT SYSCONFDIR) # set (SYSCONFDIR "${CMAKE_INSTALL_PREFIX}/etc") #endif (NOT SYSCONFDIR) if (NOT OPENVAS_RUN_DIR) set (OPENVAS_RUN_DIR "${LOCALSTATEDIR}/run") endif (NOT OPENVAS_RUN_DIR) set (OPENVAS_DATA_DIR "${DATADIR}/openvas") set (OPENVAS_STATE_DIR "${LOCALSTATEDIR}/lib/openvas") set (OPENVAS_LOG_DIR "${LOCALSTATEDIR}/log/openvas") set (OPENVAS_CACHE_DIR "${LOCALSTATEDIR}/cache/openvas") set (OPENVAS_SYSCONF_DIR "${SYSCONFDIR}/openvas") if (NOT OPENVAS_NVT_DIR) set (OPENVAS_NVT_DIR "${OPENVAS_STATE_DIR}/plugins") endif (NOT OPENVAS_NVT_DIR) set (OPENVAS_LIB_INSTALL_DIR "${LIBDIR}") set (OPENVASSD_MESSAGES "${OPENVAS_LOG_DIR}/openvassd.messages") set (OPENVASSD_DEBUGMSG "${OPENVAS_LOG_DIR}/openvassd.dump") set (OPENVASSD_CONF "${OPENVAS_SYSCONF_DIR}/openvassd.conf") set (NVT_TIMEOUT "320") set (SCANNER_NVT_TIMEOUT "36000") message ("-- Install prefix: ${CMAKE_INSTALL_PREFIX}") ## Dependency checks pkg_check_modules (LIBOPENVAS_NASL REQUIRED libopenvas_nasl>=9.0.3) pkg_check_modules (LIBOPENVAS_BASE REQUIRED libopenvas_base>=9.0.3) pkg_check_modules (LIBOPENVAS_MISC REQUIRED libopenvas_misc>=9.0.3) pkg_check_modules (GLIB REQUIRED glib-2.0>=2.32) message (STATUS "Looking for libgcrypt...") find_library (GCRYPT gcrypt) if (NOT GCRYPT) message (SEND_ERROR "The libgcrypt library is required.") else (NOT GCRYPT) message (STATUS "Looking for libgcrypt... ${GCRYPT}") execute_process (COMMAND libgcrypt-config --libs OUTPUT_VARIABLE GCRYPT_LDFLAGS OUTPUT_STRIP_TRAILING_WHITESPACE) execute_process (COMMAND libgcrypt-config --cflags OUTPUT_VARIABLE GCRYPT_CFLAGS OUTPUT_STRIP_TRAILING_WHITESPACE) endif (NOT GCRYPT) ## Version set (OPENVASSD_VERSION "${PROJECT_VERSION_STRING}") # Configure Doxyfile with version number configure_file (doc/Doxyfile.in doc/Doxyfile @ONLY) configure_file (doc/Doxyfile_full.in doc/Doxyfile_full @ONLY) configure_file (doc/openvassd.8.in doc/openvassd.8 @ONLY) configure_file (doc/example_redis_2_4.conf.in doc/example_redis_2_4.conf @ONLY) configure_file (doc/example_redis_2_6.conf.in doc/example_redis_2_6.conf @ONLY) configure_file (VERSION.in VERSION @ONLY) configure_file (tools/greenbone-nvt-sync.in tools/greenbone-nvt-sync @ONLY) # TODO: Once Scanner has a proper logging mechanism like Manager. #configure_file (src/openvassd_log_conf.cmake_in src/openvassd_log.conf) ## Program set (HARDENING_FLAGS "-Wformat -Wformat-security -O2 -D_FORTIFY_SOURCE=2 -fstack-protector") set (LINKER_HARDENING_FLAGS "-Wl,-z,relro -Wl,-z,now") set (GPGME_C_FLAGS "-D_FILE_OFFSET_BITS=64 -DLARGEFILE_SOURCE=1") set (CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} ${GPGME_C_FLAGS} -Werror -Wextra") set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${HARDENING_FLAGS} ${GPGME_C_FLAGS} -Wall -D_BSD_SOURCE -D_ISOC99_SOURCE -D_SVID_SOURCE -D_DEFAULT_SOURCE") add_subdirectory (src) ## Documentation add_subdirectory (doc) ## Install ## Install install (FILES ${CMAKE_BINARY_DIR}/src/openvassd DESTINATION ${SBINDIR} PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) # TODO: Once Scanner has a proper logging mechanism like Manager. #install (FILES openvassd_log.conf # DESTINATION ${OPENVAS_SYSCONF_DIR}) install (FILES ${CMAKE_BINARY_DIR}/tools/greenbone-nvt-sync DESTINATION ${SBINDIR} PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) install (FILES ${CMAKE_BINARY_DIR}/doc/openvassd.8 DESTINATION ${DATADIR}/man/man8 ) install (FILES ${CMAKE_SOURCE_DIR}/doc/greenbone-nvt-sync.8 DESTINATION ${DATADIR}/man/man8 ) install (FILES ${CMAKE_BINARY_DIR}/doc/example_redis_2_4.conf ${CMAKE_BINARY_DIR}/doc/example_redis_2_6.conf DESTINATION ${DATADIR}/doc/openvas-scanner/ ) install (DIRECTORY DESTINATION ${OPENVAS_NVT_DIR}) install (DIRECTORY DESTINATION ${OPENVAS_CACHE_DIR}) ## Tests enable_testing () ## End openvas-scanner-5.1.3/COPYING000066400000000000000000000016521334154455600156730ustar00rootroot00000000000000License information about openvas-scanner ------------------------------------------ Th effective license of the modules as a whole is the GNU General Public License Version 2 (GNU GPLv2). Single files, however, are licensed either under GNU General Public License Version 2 (GNU GPLv2) or under "GNU GPLv2 or any later version" (GNU GPLv2+). GPLv2: See file COPYING.GPLv2 The following overview was initially collected 20100812 based on the header of the respective files and since then updated as changes were applied: src/attack.[c|h]: GPLv2 src/comm.[c|h]: GPLv2 src/hosts.[c|h]: GPLv2 src/log.[c|h]: GPLv2 src/nasl_plugins.c: GPLv2 src/ntp.[c|h]: GPLv2 src/openvassd.c: GPLv2 src/otp.[c|h]: GPLv2+ src/pluginlaunch.[c|h]: GPLv2 src/pluginload.[c|h]: GPLv2 src/pluginscheduler.[c|h]: GPLv2 src/plugs_req.[c|h]: GPLv2 src/processes.[c|h]: GPLv2 src/sighand.[c|h]: GPLv2 src/utils.[c|h]: GPLv2 tools/greenbone-nvt-sync.in: GPLv2+ openvas-scanner-5.1.3/COPYING.GPLv2000066400000000000000000000431221334154455600165620ustar00rootroot00000000000000 GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License. openvas-scanner-5.1.3/ChangeLog000066400000000000000000013560511334154455600164210ustar00rootroot000000000000002018-01-17 Hani Benhabiles Backport src/ part of r29656. * src/comm.c (send_plugin_preferences): New function. (comm_send_preferences): Call new function. * src/nasl_plugins.c (prefs_add_nvti): Remove functions. (nasl_plugin_add): Don't add plugin preferences in memory. 2018-01-17 Hani Benhabiles Backport r29584. * src/pluginload.c (plugins_reload_from_dir): Don't call nvticache_save(). Don't set include dirs. Exit instead of returning. (include_dirs): New function. (plugins_init): Fork a child process to load-up plugins and prevent main process memory footprint growth. Call nvtiache_save() and new function accordingly. 2018-01-15 Hani Benhabiles * src/nasl_plugins.c (nasl_plugin_add): Fix memory leak. 2017-12-06 Juan Jose Nicola Backport r30008. * src/utils.c (is_scanner_only_pref): The preference is log_whole_attack instead of log_while_attack. the preference will not be sent to the manager. 2017-10-31 Hani Benhabiles * src/attack.c (attack_start): Revert r29928. Also use log_write instead of g_warning. 2017-10-25 Hani Benhabiles Backport r29884. * src/attack.c (attack_start): Send error message to client on reverse-lookup failure. 2017-10-11 Juan Jose Nicola Backport r29818 with adjustments due to code changes. * src/opevassd.c (stop_all_scans): Remove popen() and get the pids reading the /proc directory. 2017-10-10 Juan Jose Nicola Backport r29808 with adjustments due to code changes. * src/opevassd.c (stop_all_scans): Do not get the group process ID. Set the char array size to 8. 2017-10-09 Juan Jose Nicola Backport r29785 with adjustments due to code changes. In case of redis error, the scanner detects it and send the SIGUSR2 signal to all the running scans. * src/opevassd.c (stop_all_scans): New function. (check_kb_status): Call stop_all_scans(). (main_loop): Set the socket nonblocking before and use select for listen() before call accept() and then set it blocking again. It permits to go through the loop to check the redis status and does not stuck in the accept() call. * src/attack.c: New variable global_stop_all_scans. (all_scans_are_stopped): New function. (launch_plugin, attack_host): Call all_scans_are_stopped(). Revert r29507. (attack_start): Call all_scans_are_stopped(). (handle_stop_all_scans_signal): New function. (attack_network): Set SIGUSR2 signal handler. Call all_scans_are_stopped(). 2017-10-06 Hani Benhabiles Backport r29753. * src/attack.c (attack_start_args): Remove hostip and fqdn elements. (attack_network, attack_start): Move hostname resolving and reverse resolving from main scan process to the spawned host process. 2017-10-06 Hani Benhabiles Backport r29747. * src/attack.c (struct attack_start_args): Remove host_mac_addr element. (attack_start): Remove host_mac_addr check. (attack_network): Remove handling of unused use_mac_addr preference. 2017-10-02 Juan Jose Nicola * src/openvassd.c (check_kb_status): Add comment about the use of the function kb_no_empty(). 2017-09-27 Juan Jose Nicola * Changelog: Add info to the last entry. 2017-09-27 Juan Jose Nicola Backport r29680 with adjustments due to code changes. * src/openvassd.c (check_kb_status): New function. Check if Redis Server is up and if the KB exists. If KB does not exist force a reload. (main_loop): Call new function. 2017-09-12 Juan Jose Nicola Backport r29548. * src/attack.c: Define PROGRESS_BAR_STYLE. (attack_host): Add preprocessor directives to switch the progress bar style. In case of a dead host, it sends max_ports = -1 to the manager, and it will not be taken into account to calculate the scan progress. 2017-09-11 Hani Benhabiles * src/pluginload.c: Revert r29045. 2017-09-08 Juan Jose Nicola Backport r29523 with adjustments due to code change. * src/openvassd.c: Include ../misc/vendorversion.h. (main) Add new command line option vendor-version. Set vendor_version if it was passed as parameter. 2017-09-05 Juan Jose Nicola Backport r28157 with adjustments due to code changes. A connection failures to the redis-server is considered fatal to the running scan, meaning that it is stopped immediately and send an 'Error' result. * src/attack.c: Define new error type ERR_REDIS_CONN. (launch_plugin): Check access to the knowledge base. If a problem is found, return an error and the running scan is stoped. (attack_host): Adds an item to the host knowledge base. After launch the plugin check if there was an error trying to connect to the redis-server. In that case send a error message. 2017-07-12 Hani Benhabiles Backport r28888. * src/pluginload.c (plugin_reload_from_dir): Call nasl_clean_inc(). 2017-07-06 Michael Wiegand Start preparing openvas-scanner 5.1.2 release. * CHANGES: Add partly complete changes for 5.1.2. * CMakeLists.txt: Bump libopenvas dependency to 9.0.2. * INSTALL: Document increased minimum version for libopenvas. 2017-06-29 Juan Jose Nicola Backport r28861. * src/nasl_plugins.c (nasl_plugin_add): Set the preference's name to Timeout instead of Script timeout. 2017-06-27 Juan Jose Nicola * Changelog: Add more info to the previous entry. 2017-06-27 Juan Jose Nicola Backport r28816. With adjustments due to code changes. * src/nasl_plugins.c (nasl_plugin_add): Add the script timeout to the preferences list to be passed to manager. 2017-06-13 Hani Benhabiles Backport parts of r28628. * src/attack.c (launch_plugin): Remove redundant check for Host/ping_failed. Improve code style. Move check dead host after checks of mandatory keys, to reduce kb hits for plugins that are not launched. 2017-05-24 Hani Benhabiles Backport r28455. * src/nasl_plugins.c (nasl_plugin_add): Set args kb to nvticache kb to be used for storing nvts signature checks. 2017-05-23 Juan Jose Nicola Backport r28456. * src/openvassd.c (main): Ignore SIGHUP until the scanner is ready. 2017-05-16 Hani Benhabiles Backport r28347 and r28358 * src/pluginscheduler.c (get_next_plugin, get_next_in_range): New functions. (plugins_scheduler_next): Use new functions. Run all plugins up to ACT_GATHER_INFO before ACT_ATTACK plugins. Run ACT_END plugins after finishing other plugins. 2017-04-24 Hani Benhabiles * src/pluginscheduler.c (plugins_scheduler_next): Fix compilation warning with GCC 7. 2017-04-21 Juan Jose Nicola * Changelog: Correct a wrong entry date. 2017-04-21 Juan Jose Nicola Backport r28264 with adjustments due to code changes. * src/attack.c (attack_start, launch_plugin): Use consistent hostname (ip) logging. Add fqdn to the messages. 2017-03-27 Juan Jose Nicola Backport r28088, r28091, with adjustments due to code changes. * src/openvassd.c: Include network.h and add preprocessor directives to check the gnutls version. (main): Call openvas_SSL_init to initialize gnutls to avoid SIGSEGV in gnutls version prior to 3.3.0. Add preprocessor directives to check the gnutls version. 2017-03-10 Hani Benhabiles Backport r27968. * src/pluginscheduler.c (plugins_scheduler_next): Simplify checks for returning PLUG_RUNNING. 2017-03-07 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 5.1.2. 2017-03-07 Michael Wiegand Preparing the openvas-scanner 5.1.1 release. * CHANGES: Updated. 2017-02-03 Hani Benhabiles Backport r27340. * src/attack.c (launch_plugin): Check for Host/dead and Host/ping_failed before attempting to launch the plugin. 2017-01-03 Hani Benhabiles Backport r26905. * src/comm.c (comm_wait_order): Zero str buffer. Fixes possible infinite loop. 2016-11-29 Hani Benhabiles Backport r26731. * src/openvassd.c (reload_openvassd): Reinitialize logging on scanner reload. 2016-11-09 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 5.1.1. 2016-11-09 Michael Wiegand * CHANGES: Fix typo. 2016-11-09 Jan-Oliver Wagner Preparing the openvas-scanner 5.1.0 release. * CHANGES: Updated. * CMakeLists.txt: Switch version scheme from beta to stable. * INSTALL: Remove a prerequisite for GNUTLS certool which is not needed anymore in this module. * src/openvassd.c (main): Updated (C) year. 2016-10-28 Jan-Oliver Wagner * tools/greenbone-nvt-sync.in: Change URL for feed tarball to use the dedicated community server. 2016-10-24 Jan-Oliver Wagner Move the openvas-manage-certs script to module openvas-manager because the module openvas-scanner does not need to manage certs anymore. * tools/openvas-manage-certs.in: Removed. This moved to module openvas-manager. * tools/README_TOOLS: Adjust to reflect removal. * doc/example-openvas-manage-certs.conf.in: Removed. This moved to module openvas-manager. * doc/openvas-manage-certs.1: Removed. This moved to module openvas-manager. * CMakeLists.txt: Removed handling of the removed files. * COPYING: Remove entry accordingly. * doc/openvassd.8.in: Remove reference accordingly. 2016-10-24 Hani Benhabiles * src/pluginlaunch.c (pluginlaunch_stop): Add soft_stop argument. * src/pluginlaunch.h: Adjust function parameter. * src/attack.c (launch_plugin, attack_host, handle_scan_stop_signal): Adjust function call. 2016-10-23 Hani Benhabiles * src/hosts.c (hosts_read_client): Fix nfds argument for select() call. 2016-10-23 Jan-Oliver Wagner * src/util.c (is_scanner_only_pref): No need to exclude ca_file, key_file and cert_file because they are not used anymore. * src/openvassd.c (openvassd_option openvassd_defaults): Drop cert_file, key_file and ca_file because they are not used anymore. * CMakeLists.txt, src/CMakeLists.txt: Removed handling of OPENVAS_SCANNER_CERTIFICATE, OPENVAS_SCANNER_KEY, OPENVAS_CLIENT_CERTIFICATE, OPENVAS_CLIENT_KEY, OPENVAS_CA_CERTIFICATE because these are not needed anymore. 2016-10-23 Jan-Oliver Wagner * INSTALL: Updated. Especially removed step 1 about the TLS certificates. 2016-10-22 Jan-Oliver Wagner Drop the "openvasnvt-sync" script as the "greenbone-nvt-sync" script does syncrhonise with the community feed in case no subscription key is present. This also makes the maintenance easier. * tools/openvas-nvt-sync.in, doc/openvas-nvt-sync.8: Removed. * COPYING: Removed the entry accordingly. * INSTALL: Mention to use greenbone-nvt-sync. * CMakeLists.txt: Remove handling of removed files. * doc/greenbone-nvt-sync.8: Updated to say it is also for the community feed. * tools/README_TOOLS: Description improved. 2016-10-22 Jan-Oliver Wagner * tools/greenbone-nvt-sync.in: Add hints on env variables added to --help output. 2016-10-20 Jan-Oliver Wagner * tools/greenbone-nvt-sync.in: Use a consistent name for temporary directory. 2016-10-20 Jan-Oliver Wagner * tools/greenbone-nvt-sync.in: Drop the ancient convenience pinning to rsync protocol version 29 to circumvent a problem with rsync 3.0.3. 2016-10-20 Jan-Oliver Wagner * tools/greenbone-nvt-sync.in: Use the package version instead of a self-maintained one. 2016-10-20 Jan-Oliver Wagner * tools/greenbone-nvt-sync.in: Update URL about general information about GSF. 2016-10-20 Timo Pollmeier * tools/greenbone-nvt-sync.in: Add command line arguments --rsync, --wget and --curl to select download method. (is_feed_current, do_sync_community_feed, sync_nvts, do_help): Add cases for new command line arguments. 2016-10-19 Timo Pollmeier * tools/greenbone-nvt-sync.in (is_feed_current): Skip check if rsync is not available. (do_curl_community_feed): Output "curl failed" error if the archive file does not exist after running curl. 2016-10-13 Hani Benhabiles * src/openvassd.c (loading_handler_stop): Call terminate_process(). Handles a race condition where the scanner tries to terminate the loading handler process before the later has set the signal handler. 2016-10-13 Timo Pollmeier * tools/greenbone-nvt-sync.in (do_wget_community_feed): Log error and exit on failure. (do_curl_community_feed): Add missing definition of TMP_NVT. Log error and exit on failure. 2016-10-11 Hani Benhabiles * src/pluginscheduler.c (plugin_next_unrun_dependency): Add parameter to check for infinite recursive calls caused by dependency cycles. (plugins_scheduler_next): Adjust plugin_next_unrun_dependency() function call. 2016-10-10 Hani Benhabiles * CMakeLists.txt: Add -D_FILE_OFFSET_BITS=64 -DLARGEFILE_SOURCE=1. Needed due to the include in r26353. Patch by Michael Wiegand. 2016-10-07 Hani Benhabiles * src/openvassd.c (main): Add --gnupg-home option. Call set_gpghome() accordingly. 2016-10-05 Timo Pollmeier * tools/greenbone-nvt-sync.in (setup_temp_access_key) (cleanup_temp_access_key): New functions. (is_feed_current, sync_nvts): Use a temporary copy of the access key with restrictive file access permissions if necessary. 2016-09-30 Jan-Oliver Wagner * tools/greenbone-nvt-sync.in: Removed accidently placed check for root. This is only relevant for scap/cert feed syncs, not for nvt. 2016-09-27 Timo Pollmeier * tools/greenbone-nvt-sync.in: Increase version number. 2016-09-27 Timo Pollmeier Allow greenbone-nvt-sync to fall back to community feed if no access key is available. * tools/greenbone-nvt-sync.in: Add check if an access key is available and use community feed as fallback. (log_info, log_notice, log_warning): New functions. (is_feed_current): Fall back to community feed if no access key is available. (do_wget_community_feed, do_curl_community_feed) (do_rsync_community_feed, do_sync_community_feed): New functions. (sync_feed): Fall back to community feed if no access key is available. (do_self_test): Do not fail if access key is missing. Check rsync availablilty only in mode using access key. 2016-09-27 Hani Benhabiles * src/attack.c (attack_host): Send a "Host dead" host detail when the host is dead. 2016-09-26 Timo Pollmeier * src/CMakeLists.txt: Add add_definitions for SCANNER_NVT_TIMEOUT to have it defined in the C code. 2016-09-20 Hani Benhabiles * src/openvassd.c (main): Don't flush the kb when --cfg-specs is provided. 2016-09-16 Hani Benhabiles Remove support for OTP over TCP sockets. * src/comm.c (is_client_present), src/hosts.c (hosts_read_client), src/ntp.c (ntp_read_prefs): Remove handling of otp over tcp. * src/openvassd.c (loading_client_handle, loading_handler_start) (scanner_thread, main_loop): Remove handling of otp over tcp. (init_ssl_ctx, init_network): Remove function. (main): Remove --listen --port --gnutls-priorities and --dh-params cli parameters. * doc/openvassd.8.in: Update documentation. 2016-09-09 Hani Benhabiles * src/hosts.c (forward): Don't end sending loop when nsend() returns 0. 2016-09-05 Hani Benhabiles * src/attack.c (launch_plugin), src/pluginlaunch.c (update_running_processes): Log plugin name alongside of the oid. 2016-08-31 Jan-Oliver Wagner * src/ntp.c: Remove unneeded includes. 2016-08-29 Jan-Oliver Wagner * src/attack.c: Removed an unneeded include. 2016-08-23 Hani Benhabiles * CMakeLists.txt, src/CMakeLists.txt, tools/greenbone-nvt-sync.in (OPENVAS_PID_DIR): Rename to OPENVAS_RUN_DIR. * src/openvassd.c (main): Default to listening on OPENVAS_PID_DIR/openvassd.sock unix socket. 2016-08-22 Hani Benhabiles * src/openvassd.c (init_unix_network): Set the default socket file mode to 660. 2016-08-22 Hani Benhabiles * src/openvassd.c (main): Add --listen-mode option. (init_unix_network): Add parameter for socket file mode. 2016-08-22 Hani Benhabiles * src/openvassd.c (main): Add --listen-group option. (init_unix_network): Add parameter for socket group. 2016-08-19 Hani Benhabiles * src/openvassd.c (main): Add --listen-owner option. (init_unix_network): Add parameter for socket owner. 2016-08-18 Matthew Mundell * tools/greenbone-nvt-sync.in: Expect proxy auth file in OPENVAS_SYSCONF_DIR. Patch by Sven Haardiek. 2016-08-17 Hani Benhabiles * src/openvassd.c (scanner_thread): Adjust serving process title in unix socket case. 2016-08-15 Hani Benhabiles * src/comm.c (is_client_present), src/hosts.c (hosts_read_client): Check socket type with fd_is_stream() instead of unix_socket_path variable. 2016-08-12 Hani Benhabiles * src/comm.c (is_client_present): Don't call openvas_get_socket_from_connection() in unix socket case as it is not an openvas stream socket. * src/hosts.c (forward): Don't define buf as static variable. 2016-08-12 Hani Benhabiles * src/hosts.c (hosts_read_client): Don't call openvas_get_socket_from_connection() in unix socket case as it is not an openvas stream socket. * src/openvassd.c (unix_socket_path): Remove static modifier. 2016-08-09 Hani Benhabiles * src/openvassd.c (start_daemon_mode, loading_client_handle) (scanner_thread, init_ssl_ctx): Adjust for unix socket case. (init_unix_network): New function. (init_openvassd): Don't call init_network. (main): Add --unix-socket option. Adjust initialization functions calls accordingly. 2016-07-28 Matthew Mundell * src/sighand.c (sighand_segv): Raise signal again, to enable core dumps. 2016-07-15 Hani Benhabiles * src/comm.c (send_plug_info): Don't send nvt summary. 2016-06-23 Jan-Oliver Wagner * CMakeLists.txt: Increase required cmake version from 2.6 to 2.8 because 2.8 is the minimum version we are sure it works with. * INSTALL: Update accordingly. 2016-06-23 Hani Benhabiles * src/attack.c (nvti_category_is_safe): New function. 2016-06-22 Jan-Oliver Wagner * src/pluginload.c (plugins_reload_from_dir): Drop code path for glib<2.28 since we require now at least 2.32. 2016-06-22 Jan-Oliver Wagner * CMakeLists.txt, INSTALL: Imcrease dependency for glib from 2.16 to 2.32 in order to allow the use of newer API elements. Also, prior to 2.32 there is subject to the (disputed) CVE-2012-0039. 2016-06-21 Jan-Oliver Wagner * CMakeLists.txt, INSTALL: Increase dependency for openvas-libraries from version 8.1.0 to 9.0.0. 8.1 existed only during beta phase and there will be no 8.1 release. 2016-06-09 Matthew Mundell * src/sighand.c (make_em_die): Correct typo. 2016-06-09 Matthew Mundell * src/sighand.c (print_trace): Handle write return correctly, as it may only write part of the string. 2016-05-09 Hani Benhabiles * src/sighand.c (print_trace): Add loop around write() call to handle signal interrupts. Don't return on error. 2016-05-09 Hani Benhabiles * src/log.c (log_get_fd): New function. * src/log.h: Add new function prototype. * src/sighand.c (print_trace, sighand_segv): Make function async-signal-safe. 2016-06-08 Henri Doreau * src/pluginscheduler.c (plugins_scheduler_init): Renamed `l' into `plist' as the former is a terrible variable name. * src/attack.c (launch_plugin), src/pluginscheduler.c (enable_plugin_and_dependencies, plugins_scheduler_enable) (plugins_scheduler_fill, plugins_scheduler_init) (plugins_scheduler_count_active): Replaced binary constants by gboolean for clarity. * src/pluginscheduler.h (LAUNCH_DISABLED, LAUNCH_RUN): Removed. 2015-10-22 Henri Doreau * src/comm.c, src/nasl_plugins.c, src/pluginscheduler.h: remove obsolete comment. 2016-06-08 Benoît Allard * tools/greenbone-nvt-sync.in: Fix shell mistakes in order of redirects 2016-05-27 Hani Benhabiles * src/pluginscheduler.c (hash_fill_deps): Fix memory leak. 2016-05-27 Hani Benhabiles * src/nasl_plugins.c (nasl_plugin_launch): Use arg_free() instead of arg_free_all(). 2016-05-26 Hani Benhabiles * src/attack.c (attack_start): Fix memory leak. * src/nasl_plugins.c (nasl_plugin_launch): Fix memory leak. 2016-05-03 Benoît Allard * tools/openvas-manage-certs.in: Add the correct EKU when generating certificates. 2016-04-26 Sven Haardiek * CMakeLists.txt: Make it possible to change OPENVAS_NVT_DIR 2016-04-18 Michael Wiegand * CMakeLists.txt: Simplify CPACK_SOURCE_IGNORE_FILES by ignoring the entire build directory. 2016-04-14 Jan-Oliver Wagner Post release version bump. * CMakeLists.txt: Set version to 5.1+beta4. 2016-04-14 Jan-Oliver Wagner Preparing the openvas-scanner 5.1+beta3 release. * CHANGES: Updated. 2016-03-30 Hani Benhabiles * src/openvassd.c (openvassd_defaults): Add timeout_retry preference. * doc/openvassd.8.in: Update documentation. 2016-03-17 Timo Pollmeier * src/processes.c (create_process): Remove RATS annotation. 2016-03-17 Timo Pollmeier * src/CMakeLists.txt: Replace splint, rats and flawfinder targets with a cppcheck one. 2016-03-07 Hani Benhabiles * src/openvassd.c (openvassd_defaults): Add scanner_plugins_timeout preference. * src/pluginlaunch.c (plugin_launch): Use scanner_plugins_timeout as the default value for scanner plugins. * CMakeLists.txt: Add SCANNER_NVT_TIMEOUT variable. * doc/openvassd.8.in: Update documentation. 2016-01-21 Michael Wiegand * src/openvassd.c (main): Ensure terminating GOptionEntry is fully initialized as well. 2016-01-13 Sven Haardiek * tools/greenbone-nvt-sync.in: Split ipv6:port correctly (supplement to r24114) 2016-01-13 Sven Haardiek * tools/greenbone-nvt-sync.in: Use gos-state-manager instead of the ezcli.state, split ipv6:port correctly 2016-01-11 Michael Wiegand Make a better distinction between hardening flags for compiling and for linking to avoid using flags in a context where they make no sense. * CMakeLists.txt: Separate linker hardening flags from compiler hardening flags. * src/CMakeLists.txt: Use linker hardening flags when linking. 2016-01-04 Hani Benhabiles * src/attack.c, src/openvassd.c, src/pluginload.h, src/plugs_req.h: Fix kb includes. 2015-12-17 Hani Benhabiles * src/comm.c (send_plug_info): Fix segfault when an NVT has no name. 2015-12-01 Michael Wiegand * tools/openvas-manage-certs.in: Remove check of install destinations since this is now done in install_cert. (set_up_directories): New function for setting up directories for certificates and private keys. (install_cert): Check if install destinations exist and create them if necessary. 2015-12-01 Michael Wiegand * tools/openvas-manage-certs.in: Make sure CERTS_EXIST is initialized before check. 2015-10-27 Michael Wiegand * tools/openvas-manage-certs.in (set_defaults): Discard stderr of hostname call. 2015-10-26 Hani Benhabiles * src/openvassd.c (init_openvassd): Remove options parameter. Add scanner_port and config_file parameters. Adjust accordingly. (main): Remove options hashtable, adjust function calls accordingly. 2015-10-21 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 5.1+beta3. 2015-10-21 Michael Wiegand Preparing the openvas-scanner 5.1+beta2 release. * CHANGES: Updated. 2015-10-21 Jan-Oliver Wagner * CHANGES: Updated. 2015-10-06 Hani Benhabiles * src/openvassd.c (init_openvassd): Check if IPv6 support is enabled when setting default listening address. 2015-09-21 Michael Wiegand Extend functionality provided by openvas-manage-certs while simplifying internal script work flow. * tools/openvas-manage-certs.in: Expose CSR generation functionality. Add support for skipping CA (re-)generation in auto mode. Unify functions for generating CSRs and self-signed certificates and for installing certificates and keys. Move CA installation up in sequence to simplify signing new certificates with a new CA in a single step. Streamline prefix setting. * doc/example-openvas-manage-certs.conf.in: Removed obsoleted settings. * doc/openvas-manage-certs.1: Updated documentation. 2015-09-08 Michael Wiegand Simplify project version setting. Use SVN version at build time in binary instead of SVN version at configuration time. Make SVN revision retrieval work with SVN >= 1.7. * CMakeLists.txt: Set project version independently of CPack configuration. Make switching between beta and stable version schemes easier. Use version string with possible SVN revision suffix for the CPack package version, but skip SVN revision suffix for OPENVASSD_VERSION since we do not care about the revision at configuration time. Improve SVN checkout detection to work with SVN >= 1.7 as well. * src/CMakeLists.txt: Determine build time SVN revision if the build type is "Debug" and SVN information is available. * src/openvassd.c: Include SVN revision in version information if it is available. * getsvn.cmake: New. CMake script to write SVN revision to a header file if SVN information is available. 2015-08-28 Jan-Oliver Wagner * tools/greenbone-nvt-sync.in, tools/openvas-nvt-sync.in: Replace any tabs by spaces. 2015-08-27 Hani Benhabiles * src/openvassd.c (reload_openvassd, init_openvassd): Remove prefs_init() call. 2015-08-27 Hani Benhabiles * src/attack.c (launch_plugin): Use nvti_category_is_safe(). 2015-08-26 Hani Benhabiles * src/openvassd.c (scanner_thread): Use sockaddr_as_str(). 2015-08-25 Hani Benhabiles * src/openvassd.c (scanner_thread): Adjust process title for IPv4-mapped IPv6 address case. 2015-08-21 Michael Wiegand * INSTALL: Note that "certtool" is now need for certificate generation. 2015-08-21 Michael Wiegand Retire openvas-mkcert and openvas-mkcert-client now that their replacement openvas-manage-certs is ready. * CMakeLists.txt: Remove generation and installation of openvas-mkcert and openvas-mkcert-client. Remove generated scripts from CPACK_SOURCE_IGNORE_FILES. Remove installation of corresponding man pages. * COPYING: Updated. * doc/openvassd.8.in: Change "See Also" from openvas-mkcert to openvas-manage-certs. * doc/openvas-mkcert-client.1: Removed. * doc/openvas-mkcert.8: Removed. * tools/openvas-mkcert-client.in: Removed. * tools/openvas-mkcert.in: Removed. 2015-08-21 Michael Wiegand * CMakeLists.txt: Add openvas-manage-certs to CPACK_SOURCE_IGNORE_FILES since it is a generated file. 2015-08-10 Michael Wiegand Add support for setting appropriate usage constraints for server and client certificates and set constraints in automatic mode. * doc/openvas-manage-certs.1: Update documentation. * tools/openvas-manage-certs.in: Add support for setting key usage constraints compliant to RFC 5280. Set constraints correctly when in automatic mode. Reorder install process in automatic mode to ensure the certificates end up in the correct location. 2015-08-07 Michael Wiegand * INSTALL: Updated to describe usage of openvas-manage-certs instead of openvas-mkcert. 2015-08-07 Michael Wiegand Add a man page for openvas-manage-certs. * doc/openvas-manage-certs.1: New. Man page roughly based on "-h" help from the script with some additional notes about its purpose. * CMakeLists.txt: Install man page for openvas-manage-certs as well. 2015-08-05 Hani Benhabiles * CMakeLists.txt: Add -Wextra compiler flag. * src/comm.c (comm_loading, send_plug_info), src/nasl_plugins.c (prefs_add_nvti), src/ntp.c (ntp_recv_file), src/utils.c (auth_send), src/pluginload.c (plugins_reload_from_dir): Fix signedness issues. * src/pluginlaunch.c (wait_for_children): Remove unused parameter. (pluginlaunch_wait, pluginlauch_wait_for_free_process) (next_free_process): Adjust wait_for_children() call. 2015-08-03 Hani Benhabiles * src/openvassd.c (loading_handler_start): Don't set SIGTERM handler, as it is done already. 2015-08-03 Hani Benhabiles * src/openvassd.c (init_network): Take listen address as string, adjust to support both IPv6 and IPv4. Refactor code accordingly. (init_openvassd): Default listen address to ::. Adjust init_network() call. (main): Adjust init_openvassd() call, clean code. 2015-08-03 Michael Wiegand * src/openvassd.c (init_ssl_ctx): Remove obsolete warnings. The variables ca_file, cert_file and key_file are always non-NULL now and the warning was a reference to a feature of openvas-mkcert which has been removed in r10047. 2015-07-31 Michael Wiegand Improve openvas-manage-certs script. The script is now able to set up a certificate infrastructure for an OpenVAS installation, create additional certificates, verify the installation and perform other certificate related tasks while being highly configurable at run time through environment variables or a configuration file. * tools/openvas-manage-certs.in: Renamed from tools/openvas-manage-certs.sh since file is now generated by CMake. Drop ".sh" suffix. Extend functionality and configurablity as described above. * tools/openvas-manage-certs.sh: Renamed to tools/openvas-manage-certs.in. * doc/example-openvas-manage-certs.conf.in: New. CMake template for example configuration file for openvas-manage-certs. * CMakeLists.txt: Generate and install both openvas-manage-certs and the example configuration file. 2015-07-30 Sven Haardiek * CMakeLists.txt: Change non release version style to fit better to debian 2015-07-17 Michael Wiegand * CMakeLists.txt: Install openvas-mkcert-client to "bin" instead of "sbin" to be FHS compliant. Ensure man page for openvas-mkcert-client is installed. Based on patch provided by Michal Ambroz. 2015-07-17 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 5.1+beta2. 2015-07-17 Michael Wiegand Preparing the openvas-scanner 5.1+beta1 release. * CHANGES: Updated. * INSTALL: Note that Debian Jessie is now the reference system. 2015-07-15 Hani Benhabiles * src/pluginlaunch.c (pluginlaunch_init): Add hostname argument. (update_running_processes): Correctly set hostname in plugin timeout error message. * src/pluginlauch.h: Modify function prototype. * src/attack.c (attack_host): Adjust function call. 2015-07-10 Michael Wiegand * src/comm.c, src/log.c, src/nasl_plugins.c: Fix documentation issues found with Doxygen. 2015-07-10 Michael Wiegand * doc/Doxyfile.in, doc/Doxyfile_full.in: Harmonized settings with Doxygen configurations of other OpenVAS modules. 2015-07-10 Michael Wiegand * doc/Doxyfile.in, doc/Doxyfile_full.in: Updated Doxygen configuration files with Doxygen 1.8.8. 2015-07-08 Hani Benhabiles * src/processes.c (init_child_signal_handlers): Ignore SIGPIPE instead of terminating process. 2015-06-25 Hani Benhabiles * src/pluginscheduler.c (hash_add): Remove nvti parameter. (plugins_scheduler_fill): Don't get the full nvti. Get category from nvticache. 2015-06-18 Hani Benhabiles * src/comm.c (send_plug_info, comm_send_pluginlist), src/pluginscheduler.c (plugins_scheduler_fill): Adjust to use nvticache_get_names() and nvticache_get_by_name_full() in order to reduce number of KB queries. 2015-06-17 Hani Benhabiles * src/hosts.c (hosts_new): Check if scan is stopped. (hosts_stop_all): Set global_scan_stop for this process too. * src/attack.c (attack_network): Don't start new host scans when scan is stopped. 2015-06-15 Hani Benhabiles * src/pluginscheduler.c (plugins_new): Remove function. (plugins_scheduler_enable, plugins_scheduler_fill): New functions. (plugins_scheduler_init): Adjust to use new functions. 2015-06-15 Hani Benhabiles * src/pluginlaunch.c (struct running): Remove launch_status element. (plugin_launch): Don't set process' launch_status. 2015-06-15 Hani Benhabiles Don't store global_plugins arglist in memory. Only keep oid and enabled in scheduler_plugin. Reduces scanning processes memory footprint by ~3MB each. * src/pluginscheduler.h: Add and remove prototypes. (scheduler_plugin): Add oid and enabled elements. Remove arglist element. * src/attack.c (global_plugins): Remove variable. (launch_plugin): Adjust for struct scheduler_plugin change. (plugins_new): Remove function. (attack_network): Adjust plugins_scheduler_init() call. * src/pluginscheduler.c (plugins_scheduler_count_active): New function. (plugins_scheduler_free): Fix off-by-one. (plugins_scheduler_next, enable_plugin_and_dependencies, hash_fill_deps) (scheduler_rm_running_ports, scheduler_mark_running_ports, hash_add): Adjust to use scheduler_plugin's oid and enabled instead of arglist. (struct hash): Remove name element. (plugins_scheduler_init): Take plugins list as string. Free plugins arglist after usage. Adjust for struct scheduler_plugin change. (plugins_new): New function, moved from src/attack.c. * src/plugs_req.c (requirements_plugin, mandatory_requirements_met) (nvticache_get_required_udp_ports, requirements_common_ports), src/pluginlaunch.c (process_internal_message, plugin_launch) (update_running_processes, read_running_processes): Use scheduler_plugin's oid and enabled instead of arglist. * src/nasl_plugins.c (nasl_plugin_launch): Don't take plugin argument, allocate one. * src/utils.c (get_active_plugins_number): Remove function. * src/utils.h, src/pluginload.h: Remove and adjust prototypes. 2015-06-11 Hani Benhabiles Don't create plugins list on start-up and reloading. Reduce main process memory footprint by ~10MB and start-up and reload time from ~35s to ~8s. * src/attack.c (attack_host): Use global_plugins directly. (plugins_new): New function. (attack_network): Use new function, set global_plugins. * src/comm.c (qsort_cmp, _get_plug_by_oid, get_plug_by_oid) (comm_setup_plugins): Remove unused functions. * src/comm.h: Remove function prototype. * src/nasl_plugins.c (nasl_plugin_add): Don't create plugins list. (nasl_plugin_launch): Improve code style. * src/ntp.c (ntp_long_attack): Don't setup plugins list. * src/openvassd.c (reload_openvassd, main): Adjust for global_plugins removal. (init_plugins): Remove function. * src/pluginload.c (plugins_reload_from_dir, plugins_init): Return int instead of plugin. (plugin_unlink, plugin_free, plugins_free): Remove function. * src/pluginload.h: Adjust and remove prototypes. 2015-06-11 Hani Benhabiles * src/nasl_plugins.c (prefs_add_nvti): New function. (nasl_plugin_add): Return boolean value instead of arglist. Adjust to use prefs_add_nvti() instead of plug_create_from_nvti_and_prefs(). * src/pluginload.c (plugins_reload_from_dir): Adjust handling nasl_plugin_add() return value. * src/pluginload.h: Modify prototype. 2015-06-11 Hani Benhabiles * src/nasl_plugins.c (nasl_thread_args): Add soc element. (nasl_plugin_launch): Take soc as function argument instead of using SOCKET. * src/attack.c (attack_network): Improve code style * src/pluginlaunch.c (plugin_launch): Adjust nasl_plugin_launch() call. Don't set socket in plugin arglist. * src/pluginload.c (plugin_set_socket, plugin_get_socket): Remove functions. * src/pluginload.h: Remove and adjust functions prototypes. 2015-06-10 Hani Benhabiles * src/attack.c (attack_start): Don't set plugins socket. * src/pluginlaunch.c (plugin_launch): Get upstream socket from global_socket. * src/pluginload.c (plugins_set_socket): Remove function. * src/pluginload.h: Remove prototype. 2015-06-09 Hani Benhabiles * src/comm.c (comm_setup_plugins): Constify list argument, don't modify string in place. Improve code style. * src/comm.h: Adjust prototype. * src/ntp.c (ntp_long_attack): Adjust comm_setup_plugins() call. 2015-06-04 Hani Benhabiles * src/comm.c (comm_send_nvt_info), src/otp.c (otp_get_client_request): Remove PLUGIN_INFO handling. * src/ntp.c (ntp_parse_input): Remove CREQ_PLUGIN_INFO handling. * src/otp.h (client_request_t): Remove CREQ_PLUGIN_INFO element. 2015-06-04 Benoît Allard * src/comm.c (send_plug_info): Prevent a null pointer dereference if copyright is NULL. 2015-06-04 Hani Benhabiles * src/comm.c (send_plug_info): Take oid instead of arglist as argument. (plugin_send_infos): Remove function. (comm_send_pluginlist): Use nvticache_get_oids() instead of global_plugins. (comm_send_nvt_info): Call send_plug_info(). * src/comm.h: Add and remove functions prototypes. * src/ntp.c (ntp_parse_input): Call send_plug_info(). 2015-06-03 Sven Haardiek * CMakeLists.txt: Enable preprocessor defition for OPENVAS_PID_DIR 2015-06-02 Hani Benhabiles * src/openvassd.c (remove_pidfile): New function. (loading_handler_start): Handle SIGTERM with remove_pidfile(). (check_termination): Remove pidfile before exiting. 2015-05-22 Benoît Allard * src/attack.c, src/openvassd.c: Fix some style issues spotted by cppcheck (scope too wide for some variables). 2015-05-20 Hani Benhabiles * src/attack.c (attack_start), src/nasl_plugins.c (nasl_thread): Remove useless socket duplicate to hardcoded value of 4. 2015-05-19 Jan-Oliver Wagner * INSTALL: Move redis prior to openvassd start. 2015-05-11 Hani Benhabiles * src/attack.c (attack_start): Don't send HOST_END when scan was stopped. 2015-05-08 Hani Benhabiles * src/log.c (log_init): Don't duplicate log file descriptor to fixed 3 value. Fixes closing of a file descriptor with GnuTLS 3.3.8-9. 2015-05-06 Hani Benhabiles * src/openvassd.c (loading_handler_start): Save the socket's flags correctly, and properly use it with O_NONBLOCK. 2015-05-04 Hani Benhabiles * src/openvassd.c (loading_handler_start): Set back the global socket's flags after loading end. 2015-04-28 Michael Wiegand * src/pluginload.c (plugins_reload_from_dir): Ensure openvas-scanner builds with GLib =< 2.28 by wrapping g_slist_free_full () in an ifdef and falling back to g_slist_foreach () / g_slist_free () when using older GLib versions. Based on patch suggested by Miguel Angel Cabrera Moya. 2015-04-27 Hani Benhabiles * src/openvassd.c (loading_handler_start): Set global socket as nonblocking. Periodically check that parent is still alive. (reload_openvassd, main): Check loading_handler_start() return value. Reported by Miguel Angel Cabrera. 2015-04-20 Hani Benhabiles * src/pluginlaunch.c (plugin_launch): Correctly set the plugin's timeout when none is provided in the nvt. Issue reported by Kent Fritz. 2015-04-10 Hani Benhabiles Remove num_deps, dependencies and ports from struct hash and use nvticache. Reduces memory usage by scanning processes by ~1.5M. * src/pluginscheduler.c (struct hash): Remove dependencies, num_deps and ports elements. (hash_link_destroy, hash_add): Adjust for removed elements. (hash_fill_deps): Get dependencies from nvticache. (scheduler_mark_running_ports, scheduler_rm_running_ports): Get required_ports from nvticache. 2015-04-09 Hani Benhabiles Use nvticache instead of duplicating nvt info in scheduler_plugin. Reduces memory usage by scanning processes by ~7-8M. * src/pluginscheduler.h (struct scheduler_plugin): Remove category, timeout, required_ports, required_udp_ports, required_keys, mandatory_keys, excluded_keys elements. * src/pluginscheduler.c (plugins_scheduler_init, hash_link_destroy): Adjust for scheduler_plugin change. (plugins_scheduler_next): Get category from nvticache. * src/attack.c (launch_plugin): Get category from nvticache. * src/pluginlaunch.c (plugin_launch): Get category and timeout from cache. * src/plugs_req.c (get_closed_ports, get_closed_udp_ports) (kb_missing_keyname_of_namelist, kb_present_keyname_of_namelist): Adjust to get comma separated list as argument. (requirements_common_ports, mandatory_requirements_met) (requirements_plugin): Get needed plugin info from nvticache. 2015-04-07 Jan-Oliver Wagner * CMakeLists.txt, src/CMakeLists.txt: Removed dependency to libopenvas_omp which is not required for the OpenVAS Scanner. 2015-04-07 Jan-Oliver Wagner * CMakeLists.txt, INSTALL: Raised required version of libopenvas_* from 8.0.0 to 8.1.0. 2015-04-07 Hani Benhabiles * src/pluginscheduler.c (hash_add, _hash_get): Use plugin oid directly. (hash_fill_deps): Adjust to call nvticache_get_oid() instead of nvticache_get_filename(). 2015-04-07 Hani Benhabiles * src/openvassd.c (main): Call flush_all_kbs() earlier to not flush nvti cache. (scanner_thread): Call nvticache_reset(); * src/pluginload.c (plugins_init): Adjust nvticache_init() call. * src/pluginscheduler.c (hash_add): Take nvti as argument. (_hash_get, hash_fill_deps): Free nvticache_get_filename() return value. (enable_plugin_and_dependence, plugins_scheduler_init): Use oid instead of file name. Adjust hash_add() call. * src/attack.c (attack_start), src/nasl_plugins.c (nasl_thread): Call nvticache_reset(). 2015-04-03 Hani Benhabiles * src/attack.c (launch_plugin), src/pluginlaunch.c (update_running_processes, read_running_processes): Improve code style. 2015-04-02 Hani Benhabiles * src/attack.c (attack_network): Set the host's fqdn as reverse lookup of the ip when available. 2015-04-01 Hani Benhabiles * src/attack.c (attack_init_hostinfos_vhosts, attack_init_hostinfos): Remove functions. (launch_plugin, init_host_kb, attack_host): Adjust for hostinfos change from arglist to struct host_info. (attack_start): Call addr6_as_str() and host_info_init() adequately. * src/nasl_plugins.c (nasl_plugin_launch, nasl_thread), src/pluginlaunch.c (plugin_launch): Adjust for hostinfos as struct host_info. * src/pluginlaunch.h, src/pluginload.h: Adjust functions prototypes. 2015-04-01 Jan-Oliver Wagner Post branch version bump. * CMakeLists.txt: Set to version to 5.1.0 and beta status. 2015-04-01 Jan-Oliver Wagner Post release version bump. * CMakeLists.txt: Set version to 5.0.2. 2015-04-01 Jan-Oliver Wagner Preparing the openvas-scanner 5.0.1 release. * CHANGES: Updated. 2015-03-31 Hani Benhabiles * src/attack.c (attack_init_hostinfos_vhosts, attack_init_hostinfos) (attack_start, attack_network), src/nasl_plugins.c (nasl_plugin_add) (nasl_plugin_launch, nasl_thread), src/ntp.c (files_add_translation) (files_add_size_translation), src/openvassd.c (scanner_thread) (main_loop), src/pluginload.c (plugin_set_socket), src/plugs_req.c (requirements_common_ports), src/utils.c (list2arglist): Adjust arg_add_value() and arg_set_value() calls. 2015-03-30 Hani Benhabiles * src/openvassd.c (scanner_thread): Use getpeername() to get socket's client address. (main_loop): Don't set family and client_address in globals. 2015-03-30 Hani Benhabiles * src/comm.c (send_plug_info): Improve code style and remove useless extra allocation. 2015-03-27 Hani Benhabiles * src/attack.c (init_host_kb, attack_host, attack_start) (attack_network), src/comm.c (comm_wait_order), src/nasl_plugins.c (nasl_thread), src/ntp.c (ntp_parse_input, ntp_recv_file), src/openvassd.c (handle_client, scanner_thread) , src/pluginload.c (plugin_get_socket): Use arg_get_value_int(). 2015-03-27 Hani Benhabiles * src/comm.c (is_client_present): New function. (comm_terminate): Wait for client to acknowledge termination. * src/openvassd.c (handle_client): Remove ntp_keep_communication_alive preference handling loop. * src/utils.c, src/utils.h (is_client_present): Remove function. 2015-03-27 Hani Benhabiles * src/attack.c (comm_send_status): Take socket instead of globals as argument. (init_host_kb): Don't set unused CURRENTLY_TESTED_HOST globals value. (attack_host): Adjust function call. 2015-03-27 Hani Benhabiles * src/attack.c (error_message_to_client, report_kb_failure) (apply_source_iface_preference, check_kb_access): Take socket as argument, instead of globals arglist. (init_host_kb, attack_network): Adjust functions calls. (attack_start): Don't set unused confirm value. * src/ntp.c (ntp_long_attack): Take socket as argument. (ntp_parse_input): Adjust function call. * src/otp.h: Remove unused function header. * src/pluginlaunch.c (running): Remove unused globals element. (plugin_launch): Don't set globals element. * src/utils.c (auth_send): Remove unused confirm parameter. (send_printf): Adjust function call. (auth_printf): Remove unused function. * src/utils.h: Remove function prototype. 2015-03-27 Hani Benhabiles * src/comm.c (comm_terminate, send_plug_info, plugin_send_infos) (comm_send_pluginlist, comm_send_preference, comm_setup_plugins) (comm_send_nvt_infos): Take socket as argument, instead of globals arglist. Call send_printf() instead of auth_printf() and adjust functions calls. * src/comm.h: Adjust and remove functions prototypes. * src/ntp.c (ntp_parse_input, ntp_read_prefs, __ntp_timestamp_scan) (ntp_timestamp_host_scan_starts, ntp_timestamp_host_scan_ends) (__ntp_timestamp_scan_host): Take socket as argument, instead of globals arglist. Adjust functions calls. * src/ntp.h: Adjust functions prototypes. * src/openvassd.c (handle_client): Don't set plugins entry in globals. Adjust functions calls. * src/attack.c (attack_host, attack_start, attack_network): Get plugins arglist from global_plugins, instead of globals. Adjust functions calls. * src/utils.c (send_printf): New function. * src/utils.h: Add function prototype. 2015-03-26 Hani Benhabiles * src/comm.c (comm_send_nvt_info): Use recv_line() instead of removed auth_gets(). * src/utils.c (auth_send, auth_printf): New functions, moved from libraries and adjusted. * src/utils.h: Add function prototype. 2015-03-26 Hani Benhabiles * src/comm.c (comm_wait_order): Handle ntp_parse_input () return value correctly. Return value instead of exitting. * src/comm.h: Adjust function prototype. * src/ntp.c (ntp_parse_input): Handle empty input. 2015-03-26 Hani Benhabiles * src/utils.c (is_client_present): Reset errno as it will be tested for after select() call. Check for select() failure. 2015-03-25 Hani Benhabiles * src/attack.c (check_scan_stop): Remove function. (launch_plugin): Remove check_scan_stop() call. (handle_scan_stop_signal): New function. (attack_network): Set SIGUSR1 signal handler. * src/hosts.c (hosts_stop_host): Send SIGUSR1 signal to host, instead of sending INTERNAL_COMM_CTRL_STOP via the communication socket. (hosts_read_data): Set hosts to next only when h is first host in list. * src/pluginlaunch.c (process_mgr_sighand_term): Remove function. (pluginlaunch_init): Remove SIGTERM handler. 2015-03-20 Hani Benhabiles * src/hosts.c (hosts_stop_all): Stop the right host. 2015-03-19 Hani Benhabiles * src/hosts.c (hosts_read_data): Set hosts to next value before calling host_rm(). 2015-03-16 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 5.0.1. 2015-03-16 Michael Wiegand Preparing the openvas-scanner 5.0.0 release. * CHANGES: Updated. * CMakeLists.txt: Switch version scheme. Exclude generated files from source package. 2015-03-16 Michael Wiegand * tools/openvas-nvt-sync.in: Support for migration of unsigned files to the "private/" subdirectory has been removed as it was obsolete since the retirement of OpenVAS-5. 2015-03-03 Hani Benhabiles * src/ntp.c, src/attack.c: Remove inused includes. 2015-03-02 Hani Benhabiles * src/ntp.c: Remove useless include. 2015-03-02 Hani Benhabiles * src/attack.c (is_pattern, pattern_matches) (fill_host_kb_ssh_credentials): Remove unused functions. (init_host_kb): Don't call fill_host_kb_ssh_credentials(). * src/ntp.c (build_global_host_sshlogins_map) (build_global_sshlogin_info_map): Remove functions. (ntp_recv_file): Don't call removed functions. 2015-02-27 Hani Benhabiles * src/openvassd.c (reload_flag, loading_stop): Rename to reload_signal and loading_stop_signal. (termination_signal): New variable. (set_reload_flag, sighand_loading_stop_signal): Rename to handle_reload_signal and handle_loading_stop_signal for consistency. (handle_termination_signal, check_termination, init_signal_handlers): New functions. (loading_handler_start, reload_openvassd): Adjust for function and variables renames. (check_and_reload): Rename to check_reload. (main_loop): Handle termination signal asynchronously. (init_openvassd): Don't set signal handlers. (main): Set signal handlers, after loading plugins. * src/processes.c (create_process): Call init_child_signal_handlers. (pr_sigterm): Remove unused function. (init_child_signal_handlers): New function. * src/sighand.c (sighandler): Remove function. * src/sighand.h: Remove function prototype. 2015-02-26 Jan-Oliver Wagner * src/openvassd.c: Removed accidently committed debug code. 2015-02-26 Jan-Oliver Wagner * src/openvassd.c (main): Updated year to 2015. 2015-02-26 Hani Benhabiles * src/openvassd.c (reload): Make variable volatile and rename to reload_flag. (sighup): Rename to set_reload_flag(). (reload_openvassd, check_and_reload, init_openvassd): Adjust for renamings. Don't set superfluous signal handlers. * src/pluginlaunch.c (pluginlaunch_init, pluginlaunch_stop), src/nasl_plugins (nasl_thread), src/processes.c (create_process): Remove superfluous signal handlers setting. * src/sighand.c (sighandler): Adjust to remove unused signals for handler. 2015-02-26 Hani Benhabiles * src/hosts.c (sigchld_handler): Remove function. (hosts_init): Don't set SIGCHLD signal handler, as this is already handled by hosts_read_data(). 2015-02-25 Hani Benhabiles * src/attack.c (attack_network): Check if scan is stopped with scan_is_stopped() instead of stop_required global value. * src/hosts.c (host_rm): Remove hosts argument. (hosts_stop_host): Take host struct as argument. Don't call host_rm() as host scan processes may send data to the parent before exiting. (hosts_stop_all): Adjust to not change hosts global variable value. (hosts_read_data): Adjust for host_rm() change. * src/hosts.h: Remove useless prototype. * src/ntp.c (ntp_parse_input): Don't set stop_required globals value. 2015-02-24 Benoît Allard * doc/openvassd.8.in: Fix typo in man page 2015-02-23 Hani Benhabiles * src/attack.c (attack_host): Update scan status only when scan is still running. 2015-02-05 Henri Doreau * src/attack.c (attack_start): Reduce stack-located buffers to required size. 2015-02-05 Henri Doreau * src/attack.c (attack_start_args, attack_start, attack_network): Code cleanup. Do not bother duplicating target FQDN into a structure field. Use the heap allocated pointer returned by openvas_host_value_str() instead. 2015-02-05 Henri Doreau * CMakeLists.txt, src/CMakeLists.txt: Link against libomp to satisfy dependency chain. 2015-02-17 Hani Benhabiles * src/attack.c (free_uploaded_file): Remove function. (apply_hosts_preferences): Use g_hash_table_destroy() directly. 2015-02-11 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 5.0+beta7. 2015-02-11 Michael Wiegand Preparing the openvas-scanner 5.0+beta6 release. * CHANGES: Updated. 2015-02-09 Hani Benhabiles * src/attack.c (comm_send_status): New function, moved from libraries. (attack_host): Update host scanning status, when finished or terminated. 2015-01-19 Michael Wiegand * CMakeLists.txt: Check if pkg-config was found. Abort and log a fatal error if it is not found. 2015-01-19 Michael Wiegand Add check for required libgcrypt. It was already expected to be present (see usage of libgcrypt-config), but never checked for. * CMakeLists.txt: Try to find libgcrypt before calling libgcrypt-config. Raise SEND_ERROR if the library can not be found. Remove now obsolete TODO. * INSTALL: Note libgcrypt as prerequisite. Remove mention of gnutls since it is only an indirect dependency via openvas-libraries. 2015-01-19 Michael Wiegand Simplify handling of library flags in CMakeLists.txt files, thereby removing the need for clumsy workarounds. * CMakeLists.txt: Remove redundant queries of library flags which were already retrieved by CMake. Remove unnecessary aggregation of flags. * src/CMakeLists.txt: Set include directories with include_directories instead of target properties. Remove quotes in target_link_libraries so that CMake lists get expanded correctly. 2015-01-12 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 5.0+beta6. 2015-01-12 Michael Wiegand Preparing the openvas-scanner 5.0+beta5 release. * CHANGES: Updated. 2014-12-16 Jan-Oliver Wagner * src/utils.c (is_scanner_only_pref): Added "kb_location". 2014-12-11 Hani Benhabiles * src/pluginscheduler.c (plugins_scheduler_init): Adjust enable_plugin_and_dependencies() call to use the full nvt filename. 2014-12-08 Jan-Oliver Wagner * src/openvassd.c: Removed unneeded include's. 2014-12-08 Michael Wiegand * tools/greenbone-nvt-sync.in: Remove stray "=" introduced with last commit. 2014-12-08 Michael Wiegand Generate greenbone-nvt-sync during build as well so that information available at build time is used and does not have to be gathered at runtime. * CMakeLists.txt: Add tools/greenbone-nvt-sync to the list of files to be generated and ignore generated file when packaging source tar ball. Install generated file from build directory. * tools/greenbone-nvt-sync.in: New. Renamed from greenbone-nvt-sync. Use CMake variables instead of runtime checks. Simplify variables derived from CMake variables. * tools/greenbone-nvt-sync: Moved to greenbone-nvt-sync.in. 2014-12-06 Jan-Oliver Wagner * src/openvassd.c (main): Updated/improved version info. 2014-11-24 Hani Benhabiles * CMakeLists.txt, src/CMakeLists.txt: Remove check for and linking against libgnutls and libpcap. This is already done adequately in libraries. * src/openvassd.c: Remove useless includes. 2014-11-21 Hani Benhabiles * src/nasl_plugins.c (nasl_plugin_add): Remove nvti_set_src() call. 2014-11-21 Hani Benhabiles * src/attack.c (launch_plugin): Remove cur_plug and num_plugs arguments. Don't send scan status. (attack_host): Send scan status after launching plugin. 2014-11-20 Jan-Oliver Wagner Post release version bump. * CMakeLists.txt: Set version to 5.0+beta5. 2014-11-20 Jan-Oliver Wagner Preparing the openvas-scanner 5.0+beta4 release. * CHANGES: Updated. 2014-11-20 Hani Benhabiles * src/attack.c (launch_plugin): Adjust comm_send_status() call. 2014-11-19 Jan-Oliver Wagner * src/attack.c (launch_plugin): Don't duplicate the result of nvticache_get_src anymore because it now already returns a copy. 2014-11-17 Hani Benhabiles * src/attack.c (check_scan_stop): Exit currently running plugins processes when scan stop is received. 2014-11-17 Hani Benhabiles * CMakeLists.txt: Check for and link against libopenvas_nasl, libopenvas_base and libopenvas_misc libraries instead of the whole libopenvas package. 2014-11-16 Jan-Oliver Wagner * src/nasl_plugins.c (nasl_plugin_add): Adjust call of exec_nasl_script by providing the oid. (nasl_thread_args): Extend struct by element "oid". (nasl_plugin_launch): Add parameter "oid" and use it for struct nasl_thread_args. (nasl_thread): Adjust call of exec_nasl_script providing the oid. * src/pluginload.h: Adjust proto for nasl_plugin_launch accordingly. * src/pluginlaunch.c (plugin_launch): Adjust call of nasl_plugin_launch by providing NULL as oid. 2014-11-16 Jan-Oliver Wagner * src/comm.c (send_plug_info): It is guaranteed that a NVTI has a OID, therefore simpify the code. Also remove some uneeded setting of variables as they are never used. 2014-11-16 Jan-Oliver Wagner Remove any use of the "OID" arglist element of a plugin arglist structure. * src/attack.c (launch_plugin): The plugins' arglist name is the OID, so use this instead of aglist element "OID". * src/pluginlaunch.c (process_internal_msg, update_running_processes, read_running_processes, plugin_launch): The plugins' arglist name is the OID, so use this instead of aglist element "OID". * src/comm.c (send_plug_info, plugin_send_infos, qsort_cmp, _get_plug_by_oid): The plugins' arglist name is the OID, so use this instead of aglist element "OID". * src/pluginscheduler.c (hash_add, enable_plugin_and_dependencies, plugins_scheduler_init): The plugins' arglist name is the OID, so use this instead of aglist element "OID". 2014-11-14 Hani Benhabiles * src/openvassd.c (reload_openvassd, main): Exit on plugins reload failure. * src/pluginload.c (plugins_reload_from_dir): Stop loading plugins after encountering 20 erroneous plugins. 2014-11-13 Jan-Oliver Wagner * src/nasl_plugins.c (nasl_plugin_add): Instead of the filename, use the OID as "name" of the plugin arglist structure. * src/pluginscheduler.c (hash_add): Create the cache based on the filename which now means to retrieve it first. (_hash_get): Get the filename for comparison. (hash_fill_deps): Since now the name of the arglist is the oid, simplify the calls to get the filename based on an OID. 2014-11-12 Hani Benhabiles * src/attack.c (scan_is_stopped, check_scan_stop): New functions. (launch_plugin): Only launch ACT_END plugins in stopped scan case. * src/hosts.c (hosts_stop_host): Don't kill scan hosts processes. Send internal control message instead. (hosts_read_client): Adjust ntp_parse_input() return value check. * src/ntp.c (ntp_parse_input): Don't return NTP_STOP_WHOLE_TEST on scan stop. * src/ntp.h: Remove unused NTP_STOP_WHOLE_TEST define. 2014-11-12 Jan-Oliver Wagner * src/attack.c (launch_plugin): Use nvticache_get_filename() to get the filename of a NVT instead of using the "name" element of the plugin arglist. * src/pluginlaunch.c (update_running_processes, read_running_processes): Use nvticache_get_filename() to get the filename of a NVT instead of using the "name" element of the plugin arglist. * src/pluginscheduler.c (hash_fill_deps, enable_plugin_and_dependencies): Use nvticache_get_filename() to get the filename of a NVT instead of using the "name" element of the plugin arglist. 2014-11-11 Hani Benhabiles * src/ntp.c (ntp_long_attack, ntp_recv_file): Fix memory leaks. 2014-11-11 Benoît Allard * CMakeLists.txt: define _DEFAULT_SOURCE to silent a warning with glibc >= 2.20. See https://sourceware.org/glibc/wiki/Release/2.20#Packaging_Changes 2014-11-10 Jan-Oliver Wagner * src/log.c (log_vwrite): Fix indention. 2014-11-09 Jan-Oliver Wagner Final step of switching to global preference store. * src/nasl_plugins.c (nasl_plugin_add): Adjust calls of plug_create_from_nvti_and_prefs which does not need the preferences as argument anymore. Do not add a "preferences" element to the plugins arglist. (nasl_plugin_launch): Drop argument "preferences". Do not add a "preferences" element to the plugins arglist. * src/pluginload.c (plugin_unlink): Do not set the "preferences" element to the plugins arglist. * src/pluginload.h: Adjust proto of nasl_plugin_launch. * src/pluginlaunch.c (plugin_launch): Adjust call of changed nasl_plugin_launch, now without preferences. * src/openvassd.c (handle_client): Use prefs_get instead of directly using arglist. (main_loop): Do not add the "preferences" arglist to the globals arglist anbymore. (init_openvassd): Do not set the "preferences" arglist in the options. * src/ntp.c: Fixed a comment. 2014-11-06 Hani Benhabiles * src/openvassd.c (reload_openvassd): Free the nvti cache before reloading the plugins. 2014-11-05 Jan-Oliver Wagner * src/plugs_req.c (get_closed_ports, get_closed_udp_ports): Adjust to new proto of kb_get_port_state_proto. 2014-11-05 Jan-Oliver Wagner Move preferences handling from scanner to libraries because we need to access it from some modules there directly while at the same time getting rid of storing preferences pointer in the arglists. * src/preferences.c, src/preferences.h: Removed. * src/CMakeLists.txt: Removed handling of module preferences. * src/pluginlaunch.c, src/pluginload.c, src/utils.c, src/plugs_req.c, src/comm.c, src/nasl_plugins.c, src/ntp.c, src/openvassd.c, src/attack.c: Adjust include to new prefs.h. * COPYING: Remove module preferences. 2014-11-03 Jan-Oliver Wagner * src/preferences.c (struct openvassd_option, openvassd_defaults): Removed. Moved to openvassd.c. (prefs_init): Removed handling of options. Moved handling of config into prefs_config(). (prefs_config): New. The config file settings from prefs_init. * src/preferences.h: Adapt protos accordingly. * src/openvassd.c (struct openvassd_option, openvassd_defaults): New. Moved here from preferences.c. (reload_openvassd, init_openvassd): Adapt to split of prefs_init and prefs_config and set the options in its own. 2014-11-03 Jan-Oliver Wagner * src/preferences.c (preferences_set): Removed unneeded function. * src/preferences.h: Removed proto accordingly. 2014-11-02 Jan-Oliver Wagner * src/pluginlaunch.c (plugin_launch): Get global preferences directly and therefore drop the argument "preferences". * src/pluginlaunch.h: Adjust proto accordingly. * src/pluginload.c (plugins_reload_from_dir): Adapt to new proto of nasl_plugin_add. * src/pluginload.h: Adjust proto accodingly. * src/plugs_req.c (get_closed_ports, get_closed_udp_ports): Get global preferences directly and therefore drop the argument "preferences". (requirements_plugin): Adapt to changed protos and therefore drop the argument "preferences". * src/nasl_plugins.c (nasl_plugin_add): Get global preferences directly and therefore drop the argument "preferences". * src/openvassd.c (set_globals_from_preferences): Don't set the preferences because it is not changing anything. Therefore drop the argument "prefs". (reload_openvassd): Adjust the call of set_globals_from_preferences. * src/attack.c (launch_plugin): Adjust to new protos. (iface_authorized): Drop unneeded argument "preferences". (apply_source_iface_preference): Adjust to new proto and therefore drop argument "preferences". (attack_network): Adjust to new protos. 2014-11-02 Jan-Oliver Wagner * src/pluginload.c (plugins_reload_from_dir): Dropped argument "prefrences" because prefrences_get() is used directly. (plugins_init): Dropped argument "preferences" because it is not needed anymore to call plugins_reload_from_dir. * src/pluginload.h: Adjust protos accordingly. * src/plugs_req.c (requirements_plugin): Use prefs_get instead of arglist. * src/preferences.h: Add missing include of glib. * src/openvassd.c (reload_openvassd, init_plugins): Adapt to new proto of plugins_init. 2014-11-01 Jan-Oliver Wagner * src/preferences.c (preferences_init): Renamed to prefs_init(). (prefs_init): Set the default options directly. (prefrences_dump): Renamed to prefs_dump. (preferences_plugin_timeout): Renamed to prefs_nvt_timeout and avoid arg_list calls. * src/preferences.h: Adjust protos accordingly. * src/pluginlaunch.c (plugin_launch): Adjust to new function for timeout preference. * src/openvassd.c (reload_openvassd, init_openvassd): Adjust to new call of prefs_init. (main): Adjust to prefs_dump call. 2014-10-31 Jan-Oliver Wagner * src/openvassd.c (init_ssl_ctx): Replaced calls of preferences_get_string() by prefs_get(). * src/attack.c (apply_hosts_preferences): Replaced calls of preferences_get_string() by prefs_get(). And dropped the now unneeded parameter for preferences. (apply_source_iface_preference, attack_network): Replaced calls of preferences_get_string() by prefs_get(). * src/preferences.c (preferences_get_string): Removed now unneeded function. * src/preferences.h: Removed proto accordingly. 2014-10-31 Jan-Oliver Wagner * src/preferences.c (preferences_optimize_test): Removed meanwhile unneeded function. 2014-10-31 Jan-Oliver Wagner * src/attack.c (apply_hosts_preferences, attack_network): Replaced calls of preferences_get_bool() by prefs_get_bool() * src/preferences.c (preferences_get_bool): Removed now unneeded function. * src/preferences.h: Removed proto accordingly. 2014-10-30 Hani Benhabiles * src/pluginload.c (plugins_reload_from_dir): Call prefs_get(). 2014-10-30 Hani Benhabiles * src/attack.c (pattern_matches, fill_host_kb_ssh_credentials), src/ntp.c (ntp_long_attack), src/pluginlaunch.c (next_free_process), src/pluginload.c (plugins_reload_from_dir, plugin_unlink), src/pluginscheduler.c (scheduler_rm_running_ports): Use log_write instead of printf() and fprintf(). * src/comm.c, src/utils.c: Remove useless include. 2014-10-29 Jan-Oliver Wagner Replacing several explicit functions to get a boolean value from the preferences. Those functions used to cache the value which is not done anymore. The relevance of this caching is unclear and if really needed the place where it is relevant should take appropriate measures. * src/preferences.c (prefs_get_bool): New. Get a boolean expression of a preference value via a key. (preferences_log_whole_attack, preferences_log_plugins_at_load, preferences_plugins_timeout, preferences_benice, preferences_drop_privileges, preferences_safe_checks_enabled, preferences_nasl_no_signature_check, preferences_reset_cache): Removed. * src/preferences.h: Updated proto list accordingly. * src/pluginlaunch.c (update_running_processes): Use prefs_get_bool() instead of explicit function. Removed loop across processes that collected the preference about log_whole_attack. Since it is a single preference, the loop is pointless. (plugin_launch): Use prefs_get_bool() instead of explicit function. * src/pluginload.c (plugins_reload_from_dir): Use prefs_get_bool() instead of explicit function. * src/nasl_plugins.c (nasl_plugin_add): Use prefs_get_bool() instead of explicit function. (nasl_thread_args, nasl_thread): Dropped now-unneeded element "preferences". (nasl_plugin_launch): Don't set the removed element anymore. * src/openvassd.c (handle_client): Don't reset the preferences cache anymore as this is not needed anymore. (scanner_thread): Don't set the removed element anymore. * src/attack.c (launch_plugin): Don't set the removed element anymore. 2014-10-29 Jan-Oliver Wagner * src/pluginload.c (plugins_reload_from_dir, plugins_init): Use prefs_get() instead of arglist. * src/openvassd.c (start_daemon_mode, set_globals_from_preferences, reload_openvassd, init_openvassd): Use prefs_get() instead of arglist. * src/attack.c (attack_start, attack_network): Use prefs_get() instead of arglist. 2014-10-27 Jan-Oliver Wagner * src/utils.c, src/preferences.c, src/utils.h, src/preferences.h, src/pluginlaunch.c, src/pluginload.c, src/pluginlaunch.h, src/hosts.c, src/pluginload.h, src/hosts.h: Made any method without parameter explicitly use "void" to inticate this and help compiler to identify wrong usage. * src/comm.h: Dropped proto for non-existent function "client_handler". 2014-10-27 Hani Benhabiles * src/ntp.c (ntp_recv_file): Log error with log_write(). 2014-10-27 Jan-Oliver Wagner * src/ntp.c (ntp_long_attack): Use prefs_set() instead of arglist handling. 2014-10-27 Jan-Oliver Wagner * src/utils.c (get_max_hosts_number, get_max_checks_number): Use prefs_get() instead of arglist. Also drop parameter as it is not needed anymore. * src/utils.h: Adjust protos accordingly. * src/attack.c (attack_network): Adjust calls to above API change. * src/pluginlaunch.c (pluginlaunch_init): Adjust calls to above API change. 2014-10-26 Jan-Oliver Wagner * src/ntp.c (ntp_read_prefs): Increase size of buffer for preferences to allow for upto 69K NVTs. 2014-10-26 Jan-Oliver Wagner * src/preferences.c (prefs_set): Change behaviour to always take care for memory allocation for both, key and value. * src/ntp.c (ntp_long_attack): Free the target after prefs_set. (ntp_read_prefs): Use prefs_set() instead of doing it on arglist level. 2014-10-26 Jan-Oliver Wagner * src/ntp.c (ntp_long_attack): Use prefs_set instead of doing it on arglist level. * src/preferences.c (prefs_set): New. * src/preferences.h: Add proto accordingly. * src/attack.c (attack_network): Use prefs_get() instead of arglist. 2014-10-26 Jan-Oliver Wagner First step of using preferences via API instead of via arglists. * src/preferences.c (prefs_get): New. Get a preference value via a key. (preferences_kb_location): Removed. This should be used via prefs_get now. * src/preferences.h: Adjust protos accordingly. * src/openvassd.c (flush_all_kbs): Use prefs_get() to directly get a preference. This allows to drop the function parameter as well. (main): Use prefs_get() to directly get a prefernce. * src/attack.c (report_kb_failure, init_host_kb, check_kb_access, attack_network): Use prefs_get() to directly get a preference. 2014-10-26 Jan-Oliver Wagner First step for switching from preferences stored in a "globals" arglist to a specific global module. * src/comm.c (comm_send_preferences): Use preferences_get() instead of searching though globals arglist. * src/ntp.c (ntp_long_attack, ntp_read_prefs): Use preferences_get() instead of searching though globals arglist. * src/openvassd.c (handle_client, scanner_thread): Use preferences_get() instead of searching though globals arglist. * src/pluginlaunch.c (update_running_processes, pluginlaunch_init): Use preferences_get() instead of searching though globals arglist. (pluginlaunch_init): Drop argument "globals" because now it is not used anymore. * src/pluginlaunch.h: Adjust proto accordingly. * src/attack.c (report_kb_failure, launch_plugin, init_host_kb, attack_start, check_kb_access, attack_network): Use preferences_get() instead of searching though globals arglist. (attack_host): Adjust to new proto of pluginlaunch_init(). * src/pluginscheduler.c: Drop unneeded include. 2014-10-24 Jan-Oliver Wagner Move preference dump function into preferences module as it is of general use. * src/preferences.c (preferences_dump): New. Dump the preferences to stdout. * src/preferences.h: Add proto accordingly. * src/openvassd.c (dump_cfg_specs): Removed. (main): Use preferences_dump instead of dump_cfg_specs. 2014-10-24 Jan-Oliver Wagner Move the global preferences variable from openvassd to module preferences. * src/openvassd.c (global_preferences): Removed this global variable. (start_daemon_mode): Instead of directly using global_preferences, use the new function preferences_get(). (set_globals_from_preferences): Instead freeing and setting the new preferences, just call preferences_set(). (reload_openvassd, init_ssl_ctx, main_loop, main): Instead of using the global variable, use preferences_get(). * src/preferences.c (global_prefs): New. (preferences_init): Changed to use the global variable instead. (preferences_get): New. Return the global variable. (preferences_set): New. Replace global variable with new content. * src/preferences.h: Adjust protos accordingly. 2014-10-24 Jan-Oliver Wagner * src/preferences.c (preferences_init): Instead of pointer-pointer parameter simply return the result. * src/preferences.h: Adjust proto accordingly. * src/openvassd.c (reload_openvassd, init_openvassd): Adjust call of preferences_init to new API. 2014-10-24 Hani Benhabiles * src/attack.c (launch_plugin): Pass the full nvt path to plugin_launch(). 2014-10-24 Jan-Oliver Wagner * src/preferences.c (preferences_init): Dropped the return value because it is never used anywhere. * src/preferences.h: Adjust proto accordingly. 2014-10-22 Jan-Oliver Wagner * src/nasl_plugins.c (nasl_plugin_add): Removed redundant setting of the OID. This saves considerable amount of memory per process. 2014-10-22 Jan-Oliver Wagner Dropped superfluous log lines. The log will also without this line provide the information about the updating. This makes the log cleaner to read. * tools/greenbone-nvt-sync (update_openvassd, update_openvasmd): Remove log info about start of update. 2014-10-22 Hani Benhabiles * src/sighand.c (print_trace): New function. (sighand_segv): Log backtrace when a process segfaults. 2014-10-21 Jan-Oliver Wagner * src/attack.c (fill_host_kb_ssh_credentials): Print debug info when DEBUG is defined instead of printing debug info if NDEBUG is not defined. This avoids noise by default. 2014-10-21 Henri Doreau * src/comm.c (send_plug_info): Replaced g_malloc0() + snprintf() by g_strdup_printf(). 2014-10-14 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 5.0+beta4. 2014-10-14 Michael Wiegand Preparing the openvas-scanner 5.0+beta3 release. * CHANGES: Updated. 2014-10-13 Jan-Oliver Wagner * src/ntp.c: Fix include for hash_table_file for new location. 2014-10-10 Hani Benhabiles * src/nasl_plugins.c (nasl_plugin_add): Free the nvti struct returned by nvticache_get() as it is not kept in the cache memory anymore. 2014-10-09 Hani Benhabiles * src/attack.c (attack_start): Fix memory leak. * src/nasl_plugins.c (nasl_thread): Don't set NASL_EXEC_DONT_CLEANUP mode. 2014-10-09 Jan-Oliver Wagner * src/pluginlaunch.c (process_internal_msg): In case of unexpected death, don't just report the PID which is mostly useless. Add the OID as well now. 2014-10-08 Hani Benhabiles * src/attack.c (launch_plugin): Remove useless memory allocations and clean code. * src/pluginlaunch.c (process_internal_msg): Code style fix. Don't make variables static. 2014-10-08 Hani Benhabiles * src/comm.c (send_plug_info), src/pluginscheduler.c (hash_add) (plugins_scheduler_init): Call nvticache_get_by_oid_full() instead of nvticache_get_by_oid(). 2014-10-07 Hani Benhabiles * src/attack.c (launch_plugin), src/comm.c (send_plug_info), src/nasl_plugins.c (nasl_plugin_add), src/pluginload.c (plugins_reload_from_dir), src/pluginscheduler.c (hash_add) (plugins_scheduler_init): Adjust for nvticache API changes. 2014-10-07 Hani Benhabiles * src/nasl_plugins.c (nasl_plugin_add): Adjust for nvticache_get() changes as the returned nvti object is unnecessarily not cloned. 2014-09-22 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 5.0+beta3. 2014-09-22 Michael Wiegand Preparing the openvas-scanner 5.0+beta2 release. * CHANGES: Updated. 2014-09-22 Michael Wiegand * INSTALL: Remove libhiredis from the list of prerequisites since it is actually required by openvas-libraries and handled there. 2014-09-19 Jan-Oliver Wagner Replace last old internal calls for memory management by respective glib functions. * src/ntp.c (ntp_long_attack): Replaced emalloc() by g_malloc0() and efree() by g_free(). (ntp_read_prefs): Replaced emalloc() by g_malloc0(), efree() by g_free() and estrdup() by g_strdup(). (ntp_recv_file): Replaced estrdup() by g_strdup(). * src/openvassd.c (main_loop): Replaced emalloc() by g_malloc0(). * src/attack.c (attack_init_hostinfos_vhosts, attack_init_hostinfos): Replaced emalloc() by g_malloc0() and estrdup() by g_strdup(). (attack_start): Replaced estrdup() by g_strdup(). (attack_network): Replaced free() by g_free(). 2014-09-19 Jan-Oliver Wagner Replace more old internal calls for memory management by respective glib functions. * src/pluginlaunch.c (process_internal_msg): Replace efree() by g_free() and set buffer to NULL. * src/comm.c (send_plug_info): Replaced estrdup() by g_strdup(), emalloc() by g_malloc0() and efree by g_free(). (comm_setup_plugins): Replaced emalloc() by g_malloc0() and efree() by g_free(). * src/utils.c (list2arglist): Avoid calling efree(). Replace emalloc() by g_malloc0(). 2014-09-19 Jan-Oliver Wagner Replace old internal calls for memory management by respective glib functions. * src/pluginload.c (plugins_init): Replace emalloc() by g_malloc0(). * src/hosts.c (forward): Replace efree() by g_free() and take care the pointer is set to NULL because it is a static variable. (host_rm): Replace efree() by g_free(). (hosts_new): Replace emalloc() by g_malloc0() and estrdup() by g_strdup(). * src/nasl_plugins.c (nasl_plugin_add): Replace emalloc() by g_malloc0(). * src/plugs_req.c (requirements_common_ports): Replace emalloc() by g_malloc0(). * src/preferences.c (preferences_init): Replace emalloc() by g_malloc0(). (preferences_process): Replace estrdup() by estrdup(). (preferences_plugin_timeout): Replace efree() by g_free(). 2014-09-12 Henri Doreau Make the redis socket actually configurable. * src/attack.c (scanner_kb_path): Moved to preferences.c and renamed. (error_message_to_client, init_host_kb, apply_source_iface_preference) (attack_network): Updated calls to use the new preferences_kb_location() function. * src/openvassd.c (flush_all_kbs): Don't use default KB location but the configured one, if present. (main): Updated call accordingly. * src/preferences.c (openvassd_defaults): Define "kb_location" with the other scanner options. (preferences_kb_location): Return the KB path, read option from "preferences" arglist instead of globals as previously done by scanner_kb_path(). * src/preferences.h (preferences_kb_location): Expose preferences_kb_location() prototype. 2014-09-11 Jan-Oliver Wagner Remove element "name" from list struct because it is never used. * src/pluginscheduler.c (struct list): Removed element "name". (plugins_scheduler_init): Don't set element "name". 2014-09-11 Jan-Oliver Wagner * src/pluginscheduler.c (struct watch_list): Removed, because it is not used. 2014-09-11 Jan-Oliver Wagner Use glib memory management instead of own one. * src/pluginscheduler.c (hash_init): Replaced call of emalloc by g_malloc0. Dropped the additional single extra byte which was allocated and made no sense. (hash_link_destroy, hash_destroy, scheduler_rm_running_ports, plugins_scheduler_next, plugins_scheduler_free): Replace efree by g_free. (hash_add, hash_fill_deps, scheduler_mark_running_ports): Replaced emalloc by g_malloc0. (plugins_scheduler_init): Replace efree by g_free and emalloc by g_malloc0. 2014-09-11 Hani Benhabiles * src/attack.c (launch_plugin): Do not implicitly launch ACT_SETTINGS plugins. See r14214. 2014-09-09 Hani Benhabiles * src/comm.c (send_plug_info), src/hosts.c (forward, hosts_set_pid), src/ntp.c (ntp_read_prefs), src/openvassd.c (init_ssl_ctx, init_network) (set_daemon_mode): Use proper log_write() function instead of printing to stderr fd which might be closed. 2014-09-09 Hani Benhabiles * src/nasl_plugins.c (nasl_plugin_add): Use log_write() instead of printf() and fprintf(). 2014-09-03 Michael Wiegand * doc/CMakeLists.txt: Use appropriate text for second paragraph of the license notice. 2014-09-03 Michael Wiegand Make license of CMakeLists.txt files consistent. * doc/CMakeLists.txt: Change license from LGPLv2+ to GPLv2+. 2014-08-29 Michael Wiegand * CMakeLists.txt, src/CMakeLists.txt, src/otp.c, src/otp.h, tools/greenbone-nvt-sync: Ensure the GPLv2+ license notice uses the paragraph suggested by the Free Software Foundation. 2014-08-28 Hani Benhabiles * src/pluginschedule.c (plugins_scheduler_init): Check for null function argument earlier, otherwise we may crash due to null pointer dereference. * src/ntp.c (ntp_timestamp_host_scan_interrupted): Remove unused function. * src/ntp.h: Remove function prototype. 2014-08-27 Jan-Oliver Wagner * src/attack.c (attack_start): Removed setting of non_simult_ports in case the preferences is missing. It is not a good idea to set some arbitrary default right here instead of keeping this in a single place, the preferences defaults. 2014-08-27 Jan-Oliver Wagner * src/pluginscheduler.c: Removed TODO about cache as this is not relevant anymore. (struct plist): Changed fixed size of name into a pointer. (scheduler_mark_running_ports): Use g_strdup instead of strncpy for the name. (scheduler_rm_running_ports): Free the name now that it is a pointer. 2014-08-27 Jan-Oliver Wagner * src/pluginscheduler.c (plugins_scheduler_init): Do NULL check before calling g_strsplit to silence assertion messages. 2014-08-27 Jan-Oliver Wagner Get rid of last occurances of str2arglist. * src/pluginscheduler.c (struct hash): Change type of ports and dependencies from char to gchar. (hash_link_destroy): Simplify the removal of the strings arrays by using gstrfreev. (hash_add): Get the dependencies and required ports as string arrays directly via g_strsplit instead of first converting strings to arglists and then converting these to string arrays. 2014-08-27 Jan-Oliver Wagner Get rid of more arglist uses in the scheduler plugins. * src/pluginscheduler.h (struct scheduler_plugin): Switch from arglist to string array for required_ports and required_udp_ports. * src/pluginscheduler.c (hash_link_destroy): Use g_strfreev instead of arg_free_all for required_ports and required_udp_ports. (plugins_scheduler_init): Don't create a arglist anymore for required_ports and required_udp_ports. Instead, create a NULL terminated string array. * src/plugs_req.c (get_closed_ports, get_closed_udp_ports): Changed type of parameter "ports" from arglist to string array. (requirements_common_ports): Changed handling of ports from arglist to string array. (requirements_plugin): Changed type of internal variables from arglist to string array. 2014-08-25 Jan-Oliver Wagner Get rid of some arglist uses in the scheduler plugins. * src/pluginscheduler.h (struct scheduler_plugin): Switch from arglist to string array for required_keys, mandatory_keys, excluded_keys. * src/pluginscheduler.c (hash_link_destroy): Use g_strfreev instead of arg_free_all for required_keys, mandatory_keys, excluded_keys. (plugins_scheduler_init): Don't create a arglist anymore for required_keys, mandatory_keys, excluded_keys. Instead, create a NULL terminated string array. * src/plugs_req.c (key_missing, key_present): Removed. (kb_missing_keyname_of_namelist): A replacement for key_missing() but now based on string array instead of arglist. (kb_present_keyname_of_namelist): A replacement for key_present() but now based on string array instead of arglist. (mandatory_requirements_met, requirements_plugin): Use new replacement functions. 2014-08-25 Jan-Oliver Wagner * src/pluginscheduler.c (plugins_scheduler_init): Moved nvticache retrieval out of the plugins loop as there is only one cache and thus only needs to be retrieved once. 2014-08-24 Jan-Oliver Wagner * src/processes.c (process_son): Removed this global variable as it is never used. (create_process): Removed setting process_son to some value, as it will never be read. 2014-08-21 Jan-Oliver Wagner Post release version bump. * CMakeLists.txt: 5.0+beta2 2014-08-21 Jan-Oliver Wagner Preparing the openvas-scanner 5.0+beta1 release. * CHANGES: Updated. 2014-08-13 Hani Benhabiles Remove unused STOP_ATTACK and OPENVASSD_VERSION otp commands. * src/ntp.c (ntp_parse_input): Don't handle removed request types. * src/otp.c (otp_get_client_request): Don't handle unused STOP_ATTACK and OPENVASSD_VERSION otp commands. (otp_server_openvas_version): Delete function. * src/otp.h: Remove CREQ_OPENVASSD_VERSION and CREQ_STOP_ATTACK request types. Remove deleted function prototype. 2014-08-13 Hani Benhabiles Remove scan pausing feature. * src/attack.c (pause_whole_test): Remove global variable. (attack_handle_sigusr1, attack_handle_sigusr2): Remove functions. (attack_host): Remove pausing check and handling. (attack_start): Don't register SIGUSR1 and SIGUSR2. * src/hosts.c (hosts_pause_all, hosts_resume_all): Delete functions. * src/hosts.h: Remove deleted function prototypes. * src/ntp.c (ntp_parse_input): Remove CREQ_PAUSE_WHOLE_TEST and CREQ_RESUME_WHOLE_TEST cases handling. * src/ntp.h: Remove NTP_PAUSE_WHOLE_TEST and NTP_RESUME_WHOLE_TEST definitions. * src/otp.c (otp_get_client_request): Remove PAUSE_WHOLE_TEST and RESUME_WHOLE_TEST client commands handling. * src/otp.h (client_request_t): Remove CREQ_PAUSE_WHOLE_TEST and CREQ_RESUME_WHOLE_TEST requests types. 2014-08-06 Henri Doreau * src/pluginscheduler.c (plugin_next_unrun_dependencie) (plugins_scheduler_next): Replaced all occurences of "dependencie" by "dependency". 2014-08-06 Henri Doreau Properly declare scheduling-related structures. * src/pluginscheduler.h (plugins_scheduler_t): Consistently define as a struct plugins_scheduler *, regardless what macro has been set earlier. (struct watch_list, struct hash, struct list, struct plist): Removed from the header. (struct plugins_scheduler_struct): Renamed (!!) and removed from this header. * src/pluginscheduler.c (struct watch_list, struct hash, struct list) (struct plist, struct plugins_scheduler): Moved declarations to this file. Fixed a couple comments. * pluginlaunch.c (plugin_launch): Removed unused parameter sched. * pluginlaunch.h (plugin_launch): Updated header accordingly. * src/attack.c (launch_plugin): Removed unused parameter sched. The "typedef void *" witchcraft which this commit removes was hiding a type error here (erroneous extra indirection). Updated the plugin_launch statement accordingly. (attack_host): Updated the launch_plugin statement accordingly. 2014-08-06 Henri Doreau * src/pluginscheduler.c (plugin_get_running_state) (plugin_set_running_state): Useless accessors, removed. (plugin_next_unrun_dependencie, plugins_scheduler_next): Replaced calls to the removed functions by regular accesses to the plugin::running_state field. * src/pluginscheduler.h (plugin_set_running_state): Updated header accordingly. * src/attack.c (launch_plugin): Replaced plugin_set_running_state calls by regular assignments. * src/pluginlaunch.c (process_mgr_sighand_term) (update_running_processes, pluginlaunch_stop, plugin_launch): Replaced plugin_set_running_state calls by regular assignments. 2014-08-04 Henri Doreau * src/attack.c (launch_plugin): Fixed a badly formatted log message. 2014-08-02 Henri Doreau Cleanup of the legacy logging infrastructure. * src/log.c (log_vwrite): Updated documentation. Use variadic versions of printf and syslog in reduce caller's code complexity. Assume that log messages are not LF-terminated. (log_write): Updated documentation. * src/attack.c (report_kb_failure, launch_plugin, attack_start) (apply_hosts_preferences, apply_source_iface_preference) (attack_network): Removed line feed at the end of log messages. * src/comm.c (comm_init, comm_loading, send_plug_info, comm_wait_order) (comm_setup_plugins): Removed line feed at the end of log messages. * src/nasl_plugins.c (nasl_thread): Removed line feed at the end of log messages. * src/ntp.c (ntp_parse_input, ntp_read_prefs): Removed line feed at the end of log messages. * src/openvassd.c (start_daemon_mode, reload_openvassd, init_ssl_ctx) (main_loop, init_network): Removed line feed at the end of log messages. * src/pluginlaunch.c (process_internal_msg, update_running_processes) (next_free_process, read_running_processes, pluginlaunch_init): Removed line feed at the end of log messages. * src/pluginload.c (plugins_reload_from_dir): Removed line feed at the end of log messages. * src/pluginscheduler.c (hash_fill_deps): Removed line feed at the end of log messages. * src/processes.c (create_process): Removed line feed at the end of log messages. * src/sighand.c (sighandler, sighand_segv): Removed line feed at the end of log messages. * src/utils.c (get_max_hosts_number, get_max_checks_number) is_client_present): Removed line feed at the end of log messages. 2014-07-31 Matthew Mundell * src/preferences.c (openvassd_defaults): Add unscanned_closed_udp. 2014-07-21 Michael Wiegand * INSTALL: Improve style of redis section. * doc/redis_config.txt: Fix typo. 2014-07-18 Michael Wiegand * tools/openvas-manage-certs.sh: Add support for GnuTLS "--sec-param" parameter and use it if the key size is not explicitly set. 2014-07-18 Michael Wiegand * tools/openvas-manage-certs.sh: Redirect both stdout and stderr of certtool invocation to log file since certtool sometimes prints error messages to stdout. 2014-07-17 Jan-Oliver Wagner * tools/greenbone-nvt-sync: Added handling of "--help". 2014-07-17 Michael Wiegand * tools/openvas-manage-certs.sh: Check exit status of certtool and exit early if things went wrong. 2014-07-17 Michael Wiegand * tools/openvas-manage-certs.sh: Add missing comment. Only remove generation directory if the files were already copied somewhere else. 2014-07-17 Michael Wiegand * tools/openvas-manage-certs.sh: Add support for setting key size and signing algorithm. Document new settings in help. Actually append to log. 2014-07-16 Jan-Oliver Wagner * tools/openvas-manage-certs.sh: Make cleanup depend on Debug mode. 2014-07-16 Michael Wiegand * tools/openvas-manage-certs.sh: Initial revision of new certificate management script. 2014-07-15 Hani Benhabiles * src/nasl_plugins.c (nasl_thread_args): New struct. (nasl_thread): Take a nasl_thread_args pointer as function argument. (nasl_plugin_launch): Adjust function call accordingly. 2014-07-11 Hani Benhabiles * src/attack.c (attack_start): Don't attempt to randomly close all possibly open file descriptors. Close parent_socket. * src/nasl_plugins.c (nasl_thread): Reset kb link as this function is called in forked process. Don't attempt to close all possibly open file descriptors. (scanner_thread): Add socket fd to globals. 2014-07-10 Hani Benhabiles * src/attack.c (attack_start_args): Add parent_socket element. (attack_start): Close unused sockets. Update code style. (attack_network): Set attack arguments accordingly. * src/nasl_plugins.c (nasl_thread): Close old socket file descriptor after duplicating it. 2014-07-10 Hani Benhabiles * src/pluginlaunch.c (struct running): Remove useless kb, name and sched elements. (update_running_processes, read_running_processes, plugin_launch): Update for running structure's changes. (pluginlaunch_child_cleanup): New function. * src/pluginlaunch.h: Add function prototype. * src/nasl_plugins.c (nasl_thread): Cleanup plugin launcher leftovers. 2014-07-09 Hani Benhabiles * src/hosts.c (struct host): Remove useless psoc element. (host_rm, hosts_set_pid): Adjust for host structure change. (hosts_new): Take host socket as a function argument instead of creating an unnamed socket pair. Adjust return value accordingly. * src/attack.c (attack_network): Adjust for hosts_new() function change. Close socket for child process after the fork. 2014-07-07 Hani Benhabiles * src/openvassd.c (check_client, get_x509_dname): Remove functions. (scanner_thread): Remove useless dname checking as user-management is not part of the scanner anymore. * tools/openvas-mkcert-client.in: Don't generate dname file. * doc/openvassd.8.in: Update documentation. 2014-07-02 Henri Doreau * src/openvassd (main): Removed clumsy and unneeded string duplication. 2014-07-02 Henri Doreau * src/openvassd.c (global_options): Change type to GHashTable. (arg_replace_value): Removed unused function. (main_loop, init_plugins, init_openvassd, main): Update operations on global_options and function prototypes accordingly. 2014-07-02 Henri Doreau * src/openvassd.c (global_options): Renamed variable for consistency. (global_iana_socket, global_plugins, global_preferences, global_options) (reload, loading_stop, ovas_scanner_ctx ): Mark as static and removed superfluous initializations. 2014-07-01 Hani Benhabiles * src/openvassd.c (gcrypt_init): New function. (main): Initialize libgcrypt. * CMakeLists.txt (GCRYPT_LDFLAGS, GCRYPT_CFLAGS): New variables. * src/CMakeLists.txt: Link against libgcrypt. 2014-06-26 Hani Benhabiles * src/hosts.c (forward), src/pluginlaunch.c (process_internal_msg): Fix memory leaks. 2014-06-25 Hani Benhabiles * tools/openvas-mkcert.in, tools/openvas-mkcert-client.in: Sign certificates with SHA-256 instead of SHA1. 2014-06-11 Jan-Oliver Wagner * src/openvassd.c (main): Better term for help info: "filename" instead of "rcfile" which was misleading. 2014-06-06 Michael Wiegand * tools/greenbone-nvt-sync (init_sync): Ensure FEED_CURRENT is initialized. (do_sync): Remove superfluous and potentially confusing log messages. A synchronization may or may not take place in do_sync. If it takes place, sync_nvts will log more accurate messages anyway. 2014-06-05 Henri Doreau * src/openvassd.c (main): Replaced kb_flush() by flush_all_kbs(). (flush_all_kbs): new function. Initialize a KB handle and flush all entries. 2014-06-05 Hani Benhabiles * src/openvassd.c (main): Flush all keyspaces in KB on start-up. This is done in order to not get stuck with left-overs from older scanner instances that were abruptly terminated during scans. 2014-06-02 Hani Benhabiles * tools/openvas-mkcert-client.in, tools/openvas-mkcert.in: Default to 4096 bits RSA keys instead of 1024. 2014-05-30 Jan-Oliver Wagner * tools/greenbone-nvt-sync: Fixed URL of feed home. 2014-05-27 Hani Benhabiles * src/attack.c (init_host_kb): Add "Hostname" and "Host-IP" KB entries for the host's name and IP address values. 2014-05-22 Jan-Oliver Wagner * doc/redis_config.txt: Added some more notes on using redis-cli. 2014-05-21 Henri Doreau * src/attack.c (KB_PATH_DEFAULT): Use definition from openvas-libraries. 2014-05-14 Hani Benhabiles * doc/openassd.8.in: Fix typo. 2014-05-08 Jan-Oliver Wagner * doc/redis_config.txt: Added a secion how to use redis-cli for analysis and debugging purposes. 2014-05-02 Hani Benhabiles * src/attack.c (fill_host_kb_ssh_credentials): Don't fill publickey ssh kb entry. 2014-05-02 Henri Doreau * COPYING: Updated according to recent changes. 2014-04-29 Jan-Oliver Wagner * doc/example_redis_2_4.conf.in, doc/example_redis_2_6.conf.in: New. * INSTALL: Updated step 5 about redis to mention the above new examples. Also increased version of required openvas-libraries to 8.0.0. * CMakeLists.txt: Configure and install the two new example files. 2014-04-24 Henri Doreau * doc/redis_config.txt: Added information about how to configure redis to serve KBs. 2014-04-23 Henri Doreau * src/pluginlaunch.c (process_internal_msg): Remove dead code. 2014-04-23 Jan-Oliver Wagner * CMakeLists.txt: Increase dependency to openvas-libraries from 7.0.0 to 8.0.0. 2014-04-23 Jan-Oliver Wagner Post branch version bump. * CMakeLists.txt: Set to version to 5.0.0 and beta status. 2014-04-23 Henri Doreau Use the new KB interface exposed by openvas-libraries. Updated documentation to describe how to setup and configure a redis backend. * INSTALL: Added information about supported versions of redis and how to set it up for OpenVAS scanner. * src/save_kb.c, src/save_kb.c src/piic.c, src/piic.h, src/locks.c, src/locks.h: Removed unused files. * src/CMakeLists.txt: Updated accordingly. * src/plugs_req.c (key_missing, key_present): Updated to make use of the new KB interface and types. * src/pluginlaunch.c (process_internal_msg): Ignore obsolete KB update messages. * src/openvassd.c (scanner_thread): Define and expose a KB handle for network scan, delete it eventually if needed. * src/attack.h (attack_network): The function now takes an optional pointer to a network KB. Updated prototype accordingly. * src/attack.c (KB_PATH_DEFAULT, scanner_kb_path, network_scan_status) (kb_duplicate): new. (launch_plugin): Removed save_kb_* statements which aren't needed anymore. (check_kb_access, report_kb_failure): Introduced two functions to check if the scanner can reach the KB and report potential errors to the manager. (init_host_kb): Use the new KB initialization method. Propagate errors on failure. Removed save_kb_* statements which aren't needed anymore. (attack_host): Use the new KB interface. Propagate errors on failure. Eventually delete host KB. (attack_start): Receive, initialize and forward net KB handle if needed. reset KB link on fork. 2014-04-23 Benoît Allard Post release version bump. * CMakeLists.txt: 4.0.2 2014-04-23 Benoît Allard Prepare for 4.0.1 release. * CHANGES: Updated 2014-04-14 Hani Benhabiles * CMakeLists.txt, src/CMakeLists.txt: Remove useless linking against libdl, libgpgme and libgcrypt. 2014-04-11 Hani Benhabiles * src/comm.c (comm_init): Adjust version buffers comparing size. 2014-04-10 Jan-Oliver Wagner * src/comm.c (comm_init): Remove "beta" from OTP identifier. 2014-04-10 Jan-Oliver Wagner Post release version bump. * CMakeLists.txt: Set version to 4.0.1. 2014-04-10 Jan-Oliver Wagner Preparing the openvas-scanner 4.0.0 release. * CHANGES: Updated. * CMakeLists.txt: Set version to 4.0.0. 2014-04-07 Jan-Oliver Wagner * README: Slightly re-phrased to include mentioning of the VM. * COPYING: Replaced fixed date by general term to simplify maintenance. 2014-04-04 Michael Wiegand Removed obsolete nasl_server_pid variable. * src/openvassd.c: Remove global variable nasl_server_pid. * src/sighand.c: Remove declaration of extern nasl_server_pid. (make_em_die): Remove handling of nasl_server_pid. 2014-04-04 Michael Wiegand Drop handling of "bpf_server" in openvas-scanner. The function in libraries always returned 0. * src/openvassd.c (main): Do not call bpf_server since it always returned 0. Remove global variable bpf_server_pid. Remove now superfluous include. * src/sighand.c: Remove declaration of extern bpf_server_pid. (make_em_die): Remove handling of bpf_server_pid. 2014-04-04 Hani Benhabiles * src/openvassd.c (get_x509_dname): Adjust for ovas_get_tlssession_from_connection() prototype change. 2014-04-02 Hani Benhabiles * src/openvassd.c (init_ssl_ctx): Use log_write() instead of fprintf() for log message. 2014-03-31 Hani Benhabiles * src/openvassd.c (init_ssl_ctx): Adjust ovas_scanner_new() call. 2014-03-28 Hani Benhabiles Add --dh-params command-line option. * src/openvassd.c (init_ssl_ctx): Add dhparams function argument. Adjust ovas_scanner_context_new() call. (main): Add --dh-params cli option. Adjust init_ssl_ctx() call. * doc/openvassd.8.in: Update documentation. 2014-03-26 Benoît Allard Post release version bump. * CMakeLists.txt: 4.0+beta10 2014-03-26 Benoît Allard Preparing the openvas-scanner 4.0+beta9 release. * CHANGES: Update 2014-03-23 Jan-Oliver Wagner * src/nasl_plugin.c (nasl_plugin_add): Removed extra signature check during cache build. It was only done to retrieve fingerprints. The subsequent exec_nasl_script will drop the NVT anyway if signature is not OK. This decreases the initial build time of the cache by around 80%. 2014-03-23 Jan-Oliver Wagner Drop sending of signature keys to the client. These information are not used on OpenVAS Manager side. The original idea of knowledge about NVT signer has turned out to be of little value because feeds are typically not aggregated from different sources but rather provided from a single source. * src/comm.c (send_plug_info): Do not send the signature keys any more. 2014-03-21 Hani Benhabiles Add --gnutls-priorities option for the scanner. * src/openvassd.c (loading_client_handle, scanner_thread): Adjust ovas_context_attach() calls. (init_ssl_ctx): Add priority parameter. (main): Add --gnutls-priority option, defaulting to normal. Adjust init_ssl_ctx() call. * doc/openvassd.8.in: Update for the new option. 2014-03-20 Hani Benhabiles * src/openvassd.c (loading_client_handle, scanner_thread): Adjust ovas_scanner_context_attach call. (ssl_ver_to_encaps): Delete function. (init_ssl_ctx): Always create ovas_scanner_ctx with OPENVAS_ENCAPS_TLScustom. 2014-03-19 Hani Benhabiles Report current and total number of loading plugins to clients when scanner is still loading. * src/comm.c (comm_loading): Send current and total loading values with SCANNER_LOADING otp command. * src/openvassd.c: Delete include of removed file. (loading_handler_start, loading_handler_stop): Initialize and destroy loading plugins shared memory. * src/pluginload.c (init_loading_shm, destroy_loading_shm) (current_loading_plugins, total_loading_plugins) (set_current_loading_plugins, set_total_loading_plugins): New functions. (plugins_reload_from_dir): Update number of currently and total loading plugins in the shared memory to be seen by other processes. * src/pluginload.h: Add function prototypes. 2014-03-18 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 4.0+beta9. 2014-03-18 Michael Wiegand Preparing the openvas-scanner 4.0+beta8 release. * CHANGES: Updated. 2014-03-18 Hani Benhabiles * src/openvassd.c (main): In only cache mode, refresh the plugins cache early, without listening on the network and skipping other unused initializations. 2014-03-17 Hani Benhabiles * src/openvassd.c (sighand_loading_stop): New function. (loading_handler_start): Add SIGTERM handler for loading handler child process. This ensures the loading handler isn't abruptly terminated by the parent while responding to a client. 2014-03-17 Jan-Oliver Wagner * tools/greenbone-nvt-sync (update_openvassd, update_openvasmd): Add PID to log and unify log message in error case. 2014-03-17 Jan-Oliver Wagner Removed outdated and unmaintained documentation remains. * doc/kb_entries.txt: Removed. This is an outdated list and unmaintained since ages. The NVTs as such are the primary source on what KB entries are set. * doc/nsr_file_format.txt: Removed. Outdated and unmaintained. * doc/nbe_file_format.txt: Removed. Outdated and unmaintained. 2014-03-17 Hani Benhabiles * src/comm.c (comm_loading): Receive all lines sent by client before closing the connection. 2014-03-17 Hani Benhabiles Handle OTP version 2.0 only. Handle NVT_INFO OTP client command. * src/comm.c (comm_init): Only handle OTP version 2.0. Return 0 on success. * src/ntp.c (ntp_parse_input): Handle NVT_INFO client request. Remove useless code. * src/openvassd.c (handle_client): Remove protocol_version argument and related code. (scanner_thread): Adjust comm_init() and handle_client() calls. * src/otp.c (otp_get_client_request): Handle CREQ_NVT_INFO case. * src/otp.h (client_request_t): Add CREQ_NVT_INFO value. 2014-03-15 Jan-Oliver Wagner Resolve need for misc/otp.h. * src/comm.c (comm_loading): Use the keyword "SCANNER_LOADING" directly. (comm_init): Use a integer directly for the OTP version. * src/openvassd.c (handle_client): Use a integer directly for OTP version. 2014-03-15 Jan-Oliver Wagner Rename module npt_11 to just ntp. * src/ntp_11.h, src/ntp.h: Renamed ntp_11.h to ntp.h. * src/ntp_11.c, src/ntp.c: Renamed ntp_11.c to ntp.c and adjust include accordingly. * src/utils.c, src/openvassd.c, src/hosts.c, src/comm.c, src/attack.c: Adjust include accordingly. * COPYING, src/CMakeLists.txt: Adjust module name accordingly. 2014-03-15 Jan-Oliver Wagner Drop the version indicator for NTP (actually is OTP) as this does not make sense code-wise. * src/ntp_11.h, src/ntp_11.c, src/comm.c, src/hosts.c, src/openvassd.c, src/attack.c: Replaced any "ntp_11_" and "ntp_1x" name by just "ntp_". 2014-03-15 Jan-Oliver Wagner Rename module opt_1_0 to just otp. * src/otp_1_0.h, src/otp.h: Renamed otp_1_0.h to otp.h. * src/otp_1_0.c, src/otp.c: Renamed otp_1_0.c to otp.c and adjust include accordingly. * src/ntp_11.c: Adjust include accordingly. * COPYING, src/CMakeLists.txt: Adjust module name accordingly. 2014-03-14 Jan-Oliver Wagner Drop the version indicator for OTP as this does not make sense code-wise. * src/otp_1_0.h, src/otp_1_0.c, src/ntp_11.c: Replaced any "otp_1_0_" name by just "otp_". 2014-03-14 Hani Benhabiles Remove sending of PLUGINS_DEPENDENCIES sending upon client connect with protocol version 2.0. * src/ntp_11.c (qsort_cmp, _find_plugin, find_plugin) (ntp_1x_send_dependencies): Delete unused functions. * src/openvassd.c (handle_client): Do not send plugin dependencies in protocol version 2.0 case. * src/ntp_11.h: Remove deleted function prototype. 2014-03-14 Hani Benhabiles * src/openvassd.c (loading_handler_start): Set the sigterm signal callback to default for the forked child. (loading_handler_stop): Wait for the terminated child process. 2014-03-12 Hani Benhabiles Start the loading handler process when scanner is reloaded too. * src/openvassd.c (loading_client_handle, loading_handler_start) (loading_handler_stop): Move definitions up. (reload_openvassd): Start loading handler before reloading config and plugins and stop it after finishing. 2014-03-12 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 4.0+beta8. 2014-03-12 Michael Wiegand Preparing the openvas-scanner 4.0+beta7 release. * CHANGES: Updated. 2014-03-12 Jan-Oliver Wagner Removed OTP command "CERTIFICATES". It was used by the old GTK client to retrieve the signing keys for NVT feed content. The core idea at that time was that we have feed content with mixed author signing keys. This turned out to not get into practice. In case it is needed eventually it could be added anew based on future OSP protocol. * src/otp_1_0.c (otp_1_0_get_client_request): Removed processing of command CERTIFICATES. (otp_1_0_server_send_certificates): Removed. * src/ntp_11.c (ntp_11_parse_input): Removed processing of CREQ_CERTIFICATES. * src/otp_1_0.h: Removed enum element CREQ_CERTIFICATES. 2014-03-11 Hani Benhabiles * src/comm.c (comm_init): Return -1 instead of exit() on error. (comm_loading): New function. * src/comm.h: Add function header. * src/openvassd.c (restart): Rename to reload. (scanner_thread): Check comm_init return value accordingly. (check_and_reload): New function. (main_loop): Call new function. Improve code structure and remove duplication. (loading_client_handle, loading_handler_start, loading_handler_stop): New functions. (main): Call loading handlers. * src/pluginload.c (plugins_reload_from_dir): Style fix. * src/sighand.c (sighand_chld): Add pid argument. Only wait for the specified child process. This fixes catching a SIGCHLD signal from gpgme when checking a plugin's fingerprint and waiting for the loading handler process. 2014-03-10 Hani Benhabiles * src/openvassd.c (get_x509_dname, handle_client): New functions. (scanner_thread): Move code to new functions. Improve code style and structure and remove useless and duplicate parts. (main_loop): Don't call init_ssl_ctx(). Reduce variable scope. (set_daemon_mode): New function. (main): Call init_ssl_ctx() and set_daemon_mode() and restructure code adequately. * src/ntp_11.c: Remove DEBUG_SSL definition as never used. 2014-03-10 Hani Benhabiles * src/openvassd.c: Remove unneeded defines and prototypes redeclarations. (scanner_thread): Remove useless code. (init_ssl_ctx, ssl_ver_to_encaps): New functions. (main_loop): Move code to new functions. Fix style and remove unneeded code accordingly. 2014-03-07 Hani Benhabiles * src/openvassd.c (plugins_reload): Remove function. (plugins_init): Call plugins_reload_from_dir() directly. 2014-03-07 Hani Benhabiles * src/openvassd.c (main_loop): Change asciiaddr and old_addr into statically allocated buffers. Remove unused code related to libwrap support. 2014-03-06 Hani Benhabiles * src/attack.c: Include misc/openvas_proctitle.h instead of misc/proctitle.h. (attack_host): Call proctitle_set instead of setproctitle. * src/nasl_plugins.c: Include misc/openvas_proctitle.h instead of misc/proctitle.h. (nasl_thread): Call proctitle_set instead of setproctitle. * src/openvassd.c: Include misc/openvas_proctitle.h instead of misc/proctitle.h. (scanner_thread, main_loop): Call proctitle_set instead of setproctitle. (main): Call proctitle_init instead of initsetproctitle. 2014-03-06 Benoît Allard * doc/openvassd.8.in, doc/openvas-mkcert.8: Fix typos reported by lintian. 2014-03-06 Hani Benhabiles * src/pluginload.c (calculate_eta): New function (plugins_reload_from_dir): Remove useless progress printing to stdout as process is now in background. Add an estimation of remaining time to reload plugins to the process title. (plugins_init, plugins_reload): Remove progress function argument. (spin_progress): Remove function. * src/pluginload.h: Adjust functions prototypes. * src/openavssd.c (reload_openvassd, init_openvassd, main): Adjust function calls. (init_plugins): Remove progress function argument. * doc/openvassd.8.in: Remove progress option documentation. 2014-03-05 Hani Benhabiles * src/attack.c (launch_plugin): Fix possible null pointer dereference. 2014-03-05 Hani Benhabiles * src/openvassd.c (main_loop): Fix use after free issue. Code style fix. 2014-03-05 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 4.0+beta7. 2014-03-05 Michael Wiegand Preparing the openvas-scanner 4.0+beta6 release. * CHANGES: Updated. 2014-03-04 Henri Doreau * src/attack.c (attack_host.c): Replaced a select() statement by an equivalent sleep() for readability. 2014-03-04 Henri Doreau * src/attack.c (init_host_kb, attack_start, attack_host): Minor style fixes. 2014-03-03 Hani Benhabiles * src/openvassd.c (set_globals_from_preferences): Remove plugins function argument. Don't set global plugins value. (reload_openvassd): Reset global plugins value. (init_plugins): New function. (init_openvassd): Fix function documentation. Remove progress function argument. Don't initialize plugins. Adjust function call. (main): Initalizae plugins before calling main_loop, and after forking background process in daemon mode. 2014-03-03 Hani Benhabiles * src/openvassd.c (init_openvassd): Defer initializing plugins after init_network call. 2014-02-28 Hani Benhabiles * src/pluginload.c (plugins_reload_from_dir): Update scanner process title to show plugins reloading progress. 2014-02-25 Hani Benhabiles * src/attack.c (launch_plugin, attack_start): Reduce variables scopes. * src/comm.c (send_plug_info): Remove useless variable initialization. * src/hosts.c (forward, hosts_read_client): Reduce variables scopes. * src/locks.c (file_lock): Reduce variable scope. * src/log.c (log_init): Remove useless checks. Directly use setlinebuf. * src/nasl_plugins.c (nasl_thread): Reduce variables scopes. Remove setting of rlimit values as it is dead code. Remove useless variable initialization. * src/ntp_11.c (ntp_11_read_prefs): Reduce variables scopes. * src/openvassd.c (start_daemon_mode): Remove dead code. Call setlinebuf directly. (check_client, main_loop, main): Reduce variables scopes. Style fix. * src/pluginlaunch.c (wait_for_children): Style update. * src/pluginload.c (plugins_load_from_dir): Reduce variables scopes. * src/pluginscheduler.c (hash_add, hash_fill_deps) (enable_plugin_and_dependencies): Reduce variables scopes. Style fix. * src/save_kb.c (save_kb_entry_present_already, save_kb_rm_entry_value) (save_kb_new): Reduce variables scopes. * src/sighand.c (sighandler, sighand_segv): Close log before exiting. 2014-02-20 Henri Doreau * src/attack.c (attack_network): Fixed memory leak. 2014-02-18 Hani Benhabiles * src/attack.c (attack_init_hostinfos, attack_init_hostinfos_vhosts): Fix fqdn arg string length. (attack_network): Set adequate attack args fqdn value for all host types as the api handles it. 2014-02-16 Jan-Oliver Wagner Post release version bump. * CMakeLists.txt: Set version to 4.0+beta6. 2014-02-16 Jan-Oliver Wagner * CHANGES: Updated. 2014-02-12 Jan-Oliver Wagner * src/sighand.h: Removed "extern" declaration for any protos. This is of no use. 2014-02-12 Jan-Oliver Wagner * src/sighand.h: Removed protos for sighand_pipe, sighand_alarm_plugin, sighand_term, sighand_int, sighand_kill, sighand_sigusr1, sighand_io. These are not defined anywhere nor used. 2014-02-12 Hani Benhabiles Remove dead code and fix memory leaks. Found using cppchecker. * src/openvassd.c (set_globals_from_preferences): Call plugins_free instead of arg_free, fixing memory leaks. * src/CMakeLists.txt: Don't build parser.c * src/parser.c, src/parser.h: Remove unused files. * COPYING: Remove parser.c and parser.h details. * src/processes.c (sighand_process_term): Remove unused function. * src/sighand.c, src/sighand.h (sighand_alarm): Remove unused function. * src/utils.c, src/utils.h (hosts_arglist_to_string): Remove unused function. 2014-02-05 Jan-Oliver Wagner * src/attack.c (attack_network): Removed outdated docstring element. 2014-02-05 Jan-Oliver Wagner * src/comm.c (comm_terminate): Removed commented-out code fragements. It hangs around since at least 9 years. (comm_init, comm_wait_order): Write log message when exiting. 2014-02-05 Jan-Oliver Wagner * src/attack.c (attack_network): Changed return type from int to void because it is always returned success anyway (problems are reported as errors which is sufficient). * src/attack.h: Adjust proto accordingly. 2014-02-05 Jan-Oliver Wagner * src/attack.c (scanner_thread): Don't exit early out of otp communication. The attack_network method does never return anything else than 0 anyway. 2014-02-05 Jan-Oliver Wagner There is no reason why the OTP communication should be interrupted in cases where a scan can not be executed (due to whatever reason). It is far better continue OTP communication for two reasons: One the one hand this way the status of a task can be set to "Error" instead of "Stopped". * src/attack.c (attack_network): In case no target hosts were provided issue an error message and return with OK which prevents bailing out of otp. In case the interface was not authorized an error message and return with OK which prevents bailing out of otp. 2014-02-05 Hani Benhabiles * src/plugs_req.c (get_closed_udp_ports): Call kb_get_port_state_proto() only for valid port numbers. 2014-02-04 Hani Benhabiles * src/attack.c: Include base/openvas_networking.h. Remove getpts extern declaration. (attack_network): Validate port_range with validate_port_range() and send an error message to client upon failure. 2014-01-29 Jan-Oliver Wagner * src/nasl_plugins.c (nasl_plugin_launch): Removed computation of timeout. It is a dead assignment anyway. The timeout computation actually happens in pluginlaunch.c(plugin_launch) in the same way. 2014-01-29 Jan-Oliver Wagner * src/utils.c (list2args): Removed dead initial assignment of t. That variable is anyway initialized in the while-loop. 2014-01-29 Jan-Oliver Wagner * INSTALL: Add section about CLang and added some notes on SIGHUP and pid file. 2014-01-27 Hani Benhabiles * src/pluginscheduler.c (enable_plugin_and_dependencies): Return directly when plugin was already enabled. 2014-01-27 Michael Wiegand * tools/greenbone-nvt-sync: Add "--omit-dir-times" to rsync options to improve compatibility in situations where it is not possible to set directory modification times. 2014-01-27 Michael Wiegand * tools/greenbone-nvt-sync: Factor out remaining rsync options, using long options to improve readability. Ensure RSYNC_VERBOSE setting is honored. 2014-01-21 Michael Meyer * tools/greenbone-nvt-sync: Typo fixed. 2014-01-20 Hani Benhabiles * src/pluginscheduler.c (enable_plugin_and_dependencies): Add hash table argument to detect circular dependencies in recursive calls. (plugins_scheduler_init): Adjut enable_plugin_and_dependencies call accordingly. 2014-01-15 Jan-Oliver Wagner * src/plugs_req.c, src/plugs_req.h, src/attack.c: Improved code formatting. 2014-01-15 Jan-Oliver Wagner * src/pluginlaunch.h: Removed unneeded proto for nasl_plugin_launch. 2014-01-15 Jan-Oliver Wagner * src/pluginload.c (plugins_reload_from_dir): Improved code formatting. 2014-01-10 Jan-Oliver Wagner * src/nasl_plugins.c, src/plugs_req.c, src/plugs_req.h, src/attack.c, src/save_kb.c, src/save_kb.h, src/pluginlaunch.c, src/pluginlaunch.h, src/pluginload.h: Use new typedef kb_t. 2014-01-10 Benoit Allard Post release version bump. * CMakeLists.txt: Set version to 4.0+beta5. 2014-01-10 Benoit Allard * CHANGES: Set release date for openvas-scanner-4.0+beta4 to 2014-01-10 2014-01-10 Hani Benhabiles * src/openvassd.c (restart_scanner): Ignore SIGHUP signals while reloading. Rename function to reload_scanner. Adjust log messages. (sighup): Move function definition up. Remove log writing call. (main_loop): Adjust scanner reloading title. 2014-01-10 Jan-Oliver Wagner * tools/greenbone-nvt-sync: Renamed --synconly to sync-only to match OpenVAS style. 2014-01-09 Jan-Oliver Wagner * tools/greenbone-nvt-sync: New option --synconly that will prevent updating of scanner and manager. (restart_openvassd): Renamed to update_openvassd and changed the restart directive of start-stop-daemon to the new SIGHUP mechanism. (update_openvasmd): Consistent wording with update_openvassd. (do_sync): Fix bug for refresh-only mode: Even the current-test should not be executed. 2014-01-09 Jan-Oliver Wagner * CHANGES: Updated. But set no date yet. 2014-01-09 Matthew Mundell Remove --quiet option, making the NVT load messages depend on new option --progress instead. Match the messages to the Manager style. * doc/openvassd.8.in: Replace --quiet with --progress. * src/openvassd.c (orig_argv): Remove. (init_openvassd): Replace quiet arg with progress arg. (main): Remove orig_argv processing. I can't find anything that uses this variable. Replace --quiet with --progress. * src/pluginload.c (plugins_init): Replace quiet arg with progress arg. (spin_progress): New function. (plugins_reload_from_dir): Replace quiet arg with progress arg. Use "NVT" instead of "plugin" in progress messages. Make the messages look more like the Manager ones. Add load percent next to the total. 2014-01-09 Hani Benhabiles * src/openvassd.c: Remove useless include. 2014-01-07 Henri Doreau * src/pluginscheduler.c (plugin_next_unrun_dependencie): Removed unused variable 'counter'. Fixed unsafe use of 'flags'. Fixed and reduced indentation. Fixed braces(!). 2014-01-07 Henri Doreau * src/pluginscheduler.c (hash_get_deps_ptr): Removed useless code. 2014-01-06 Jan-Oliver Wagner Preparing the openvas-scanner 4.0+beta4 release. * CHANGES: Updated. But set no date yet. 2014-01-06 Jan-Oliver Wagner * doc/openvas-nvt-sync.8, INSTALL: Mention the new SIGHUP behaviour. 2014-01-07 Henri Doreau * src/pluginscheduler.c (hash_get_deps_ptr): Removed useless code. 2013-12-31 Hani Benhabiles * src/openvassd.c (set_globals_from_preferences): Also set the global_plugins values. (restart_openvassd): Reload the nvt plugins. Adjust set_globals_from_preferences accordingly. (main_loop): Set the process title before and after the reset of the plugins and the config. (init_openvassd): Adjust set_globals_from_preferences call. Remove nvticache creation code. * src/pluginload.c: Include base/nvticache.h (plugins_init): Create nvti_cache and set preferences accordingly. 2013-12-31 Hani Benhabiles * src/openvassd.c (set_globals_from_preferences): New function. (restart_openvassd): Reload the configuration file (sighup): Update log message. (init_openvassd): Change code to call set_globals_from_preferences. (main): Don't set global_preferences variable. * src/preferences.c (preferences_process): Set the config_file arg to the provided filename value. 2013-12-30 Hani Benhabiles * src/comm.c (comm_send_preferences): Check the preference via is_scanner_only_pref instead of using a list of hard-coded values. * src/ntp_11.c (is_scanner_only_pref): Adjust sys values matching. Move function to src/utils.h * src/utils.h: Add is_scanner_only_pref prototype. 2013-12-13 Hani Benhabiles * src/comm.c (comm_send_preferences): Remove server_info preferences as they have no use for the manager. Do not send scanner-side only preferences which are prefixed with sys_. 2013-12-11 Jan-Oliver Wagner * INSTALL: Drop step 1.2 about rules file and make an extended version of 1.1 to item 2, adapting subsequent enumeration. * doc/openvassd.rules: Removed. rules are now configured via openvassd.conf. 2013-12-10 Jan-Oliver Wagner * src/pluginload.h (plugin_init_t, plugin_run_t) Removed these typedefs since they are not used anymore. 2013-12-10 Jan-Oliver Wagner * COPYING: Remove module, added missing one and fixed a license. 2013-12-10 Hani Benhabiles * src/attack.c (launch_plugin): Adjust plugin_launch function call. * src/nasl_plugins.c (nasl_plugin_init): Remove unused function. (nasl_plugin_class): Remove unused structure. * src/pluginlaunch.c (plugin_launch): Remove launcher argument as only nasl_plugin_launch is used now. * src/pluginlaunch.h: Add and adjust function prototypes adequately. * src/pluginload.c (plugin_classes): Remove unused variable. (init_plugin_classes): Delete unused function. (collect_nvts): Don't iterate over plugin classes as only .nasl plugins are supported. (plugins_reload_from_dir): Remove init_plugin_classes call. Don't iterate over plugins classes as only .nasl plugins are supported. * src/pluginload.h: Add function prototype and remove pl_class_s struct. Delete externs. 2013-12-10 Hani Benhabiles * src/oval_plugins.c: Delete file. * src/CMakeLists.txt: Don't build deleted file. * src/pluginload.c (init_plugin_classes): Remove oval plugin class from plugins classes list. 2013-11-21 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 4.0+beta4. 2013-11-21 Michael Wiegand Preparing the openvas-scanner 4.0+beta3 release. * CHANGES: Updated. 2013-11-19 Jan-Oliver Wagner * doc/openvassd.8.in: Removed section "THE RULE SET FORMAT" and "THE RULES DATABASE" because the old rules schema and formats has been replaced by a new scheme that is simplified and completely handled via scanner preferences and openvassd config file. Also removed description of config preference "rules" which is not handled anymore. 2013-11-19 Jan-Oliver Wagner * doc/openvassd.8.in: Removed reference to openvas(1) because there is no such man page. 2013-11-14 Hani Benhabiles * src/attack.c (host_authorized): Add addr parameter. Adjust calls to openvas_host_in_hosts. (attack_network): Adjust calls to host_authorized. * doc/openvassd.8.in: Update documentation for host access behavior with hostnames. 2013-11-14 Hani Benhabiles * src/ntp_11.c (is_scanner_only_pref): New function to check for scanner-only prefrences. (ntp_11_read_prefs): Use new fuction. 2013-11-13 Hani Benhabiles * src/attack.c (iface_authorized): Check access with sys_ifaces_allow and sys_ifaces_deny preferences and return value accordingly. (apply_source_iface_preference): Handle iface_authoried return value. (attack_network): Also apply hosts access control with sys_hosts_allow and sys_hosts_deny preferences. * src/ntp_11.c (ntp_11_read_prefs): Add sys_hosts_allow, sys_hosts_deny, sys_ifaces_allow and sys_ifaces_deny as scanner-side only preferences. * doc/openvassd.8: Update documentation for the new scanner-side preferences. 2013-11-12 Hani Benhabiles * src/openvassd.c (main_loop): Duplicate asciiaddr into old_addr. 2013-11-12 Hani Benhabiles * src/attack.c (attack_network), src/openvassd.c (main_loop): Fix some memory leaks. 2013-11-12 Hani Benhabiles * src/attack.c (attack_network): Return error for erroneous source interface value too and not just when access to it is denied. 2013-11-11 Hani Benhabiles * CMakeLists.txt, src/CMakeLists.txt: Adjust for removal of old rules system. * src/attack.c: Don't include rules.h (attack_networks): Remove rules checking. * src/comm.c: Don't include rules.h (comm_send_rules): Delete function. (comm_send_preferences): Remove check for rules preference. * src/ntp_11.c: Don't include rules.h (ntp_11_rules): Delete function. (ntp_11_parse_input): Don't handle CREQ_RULES case. (ntp_11_read_prefs): Remove rules special case checking. * src/openvassd.c: Don't include rules.h. Remove global_rules. (scanner_thread, main_loop, main): Remove rules handling. (init_openvassd): Don't initialize rules. * src/otp_1_0.c (otp_1_0_get_client_request): Don't handle RULES command. (client_request_t): Remove CREQ_RULES. (openvassd_defaults): Remove rules default. * src/rules.h, src/rules.c: Delete files. * COPYING: Remove rules license. 2013-11-08 Hani Benhabiles * doc/openvassd.8.in: Add documentation for hosts_allow and hosts_deny. * src/attack.c (host_authorized): New function. (attack_network): Use host_authorized to determine host access. Use adequate error messages to client and log entries when access is denied instead of using E002 error of OTP. 2013-11-08 Hani Benhabiles * src/attack.c (apply_source_iface_preference): Return value for success or error, accordingly. (attack_network): Handle apply_source_iface_preference return value. * doc/openvassd.8.in: Update source_iface documentation. 2013-11-05 Hani Benhabiles * src/pluginlaunch.c (update_running_processes): Fix array out of bounds that caused segfault under rare situations. 2013-11-05 Hani Benhabiles * src/attack.c (iface_authorized): Remove unneeded log writes. 2013-11-05 Hani Benhabiles * doc/openvassd.8.in: Update documentation. * src/attack.c (apply_hosts_preferences): Log the hosts_ordering method used. (str_in_comma_list): New function. (iface_whitelisted): Rename to iface_authorized. Accordingly check for ifaces_allow and ifaces_deny preferences instead. (apply_source_iface_preference): Adjust iface_authorized call. 2013-10-31 Hani Benhabiles * doc/openvassd.8.in: Update documentation for ifaces_whitelist scanner preferences. 2013-10-31 Hani Benhabiles * attack.c (iface_whitelisted): New function. (apply_source_iface_preference): Check if interface name is authorized in ifaces_whitelist before using it as a source interface. 2013-10-31 Hani Benhabiles * attack.c (error_message_to_client): New function. (apply_source_iface_preference): Push error message to client when there is an error with the specified source interface. (attack_network): Adjust apply_source_iface_preference call. Use error_message_to_client to push error message for host unresolved name. 2013-10-29 Hani Benhabiles * openvassd.8.in: Update command-line documentation. 2013-10-29 Hani Benhabiles * src/oval_plugins.c (text, oval_plugin_add): Don't set nvti description. 2013-10-21 Michael Wiegand * tools/greenbone-nvt-sync: Add support for determining if the installed feed is current and only sync feed when it is not. 2013-10-21 Michael Wiegand * tools/greenbone-nvt-sync: Use "logger" command for logging. Remove superfluous and verbose output to stderr. Make rsync parameters easier to manage. Ensure rsync uses maximum compression. Use rsync "--perms --chmod" functionality to ensure correct NVT permissions. 2013-10-18 Hani Benhabiles * src/attack.c (apply_source_iface_preference): New function. (attack_network): Apply source_iface scanner preference. * src/openvassd.c (convert_ip_addresses): Remove unused function. (main): Remove src-ip option handling. * doc/openvassd.8.in: Update man page. 2013-10-17 Hani Benhabiles * src/attack.c (apply_hosts_preferences): New function. (attack_network): Call apply_hosts_preferences instead of checking and applying hosts related preferences. 2013-10-14 Hani Benhabiles * src/comm.c (send_plug_info): Don't send plugin description. 2013-10-04 Hani Benhabiles * src/attack.c (attack_start_args): Remove hostname member. Add fqdn member. (attack_init_hostinfos_vhosts, attack_init_hostinfos): Add fqdn parameter. Set FQDN host info. (attack_start): Stringify host ip instead of using args hostname. Adjust attack init function calls. Rename hostname variable. (attack_network): Use openvas_host to get the fqdn in attack start args. 2013-10-04 Hani Benhabiles * src/attack.c (attack_network): Always use the string representation of IPv4 and IPv6 addresses when a hostname is provided. 2013-10-03 Hani Benhabiles * src/attack.c (attack_network): Send error message to manager when a hostname is unresolvable. 2013-09-30 Hani Benhabiles * src/preferences.c (openvassd_defaults): Remove unused reverse_lookup value. 2013-09-29 Jan-Oliver Wagner * src/comm.c (send_plug_info): Remove unused variable "t". 2013-09-29 Jan-Oliver Wagner * src/comm.c (send_plug_info): Always send NODESC for description instead of sending it only if the NVTI is a newstyle one. Also remove the ignoring of the NVTI in case no description is present because this is automatically void now. 2013-09-26 Hani Benhabiles Post release version bump. * CMakeLists.txt: Set version to 4.0+beta3. 2013-09-26 Hani Benhabiles Preparing the openvas-scanner 4.0+beta2 release. * CHANGES: Updated. 2013-09-18 Hani Benhabiles * src/attack.c (attack_network): Adjust openvas_hosts_exclude call. 2013-09-12 Hani Benhabiles Add support for reversed hosts_ordering. * src/attack.c (attack_network): Call openvas_hosts_reverse when ordering value is reversed. Update comment. 2013-09-12 Hani Benhabiles Add support for reverse_lookup_unify scanner preference. * src/attack.c (attack_network): Check for reverse_lookup_unify. Update other preferences logging style and comments. 2013-09-11 Jan-Oliver Wagner * src/attack.c: (attack_start): Remove again the sending of FINISHED. It confuses the clients, they don't need this extra message. * src/ntp_11.c (ntp_11_parse_input): Don't send FINISHED upon STOP_ATTACK, HOST_INTERRUPTED is sufficient for the time being. (ntp_11_show_end): Removed. * src/ntp_11.h: Removed proto accordingly. 2013-09-11 Hani Benhabiles Add support for reverse_lookup_only scanner preference. * src/attack.c (attack_network): Check for reverse_lookup_only preference adequately. Fix log message style. 2013-09-10 Jan-Oliver Wagner * src/preferences.c: Removed all now-unneeded includes. (preferences_get_checks_read_timeout): Removed. It is an unused function. (preferences_reset_cache): Don't call removed function anymore. (inited): Removed unused macro. * src/preferences.h: Removed proto accordingly. 2013-09-10 Hani Benhabiles Add support for exclude_hosts scanner preference. * src/attack.c (attack_network): Call openvas_hosts_exclude when exclude_hosts value is provided. 2013-09-10 Jan-Oliver Wagner * src/preferences.c (preferences_autoload_dependencies): Removed. (preferences_reset_cache): Don't reset "autoload_dependencies" anymore. Caching is not relevant for this preference anyway, it is called once per attack. * src/preferences.h: Remove proto accordingly. * src/attack.c (attack_network): Replace the explicit call for autoload_dependencies preference by generic bool check. In case of an error, apply a default that is sensible in this context. 2013-09-10 Jan-Oliver Wagner * src/preferences.h: Remove yet another two forgotten protos. 2013-09-10 Jan-Oliver Wagner * src/preferences.h: Remove forgotten proto. 2013-09-10 Jan-Oliver Wagner * src/preferences.c (preferences_save_session): Removed. It is an unused function. (preferences_reset_cache): Don't call removed function anymore. 2013-09-10 Jan-Oliver Wagner * src/preferences.h: Remove forgotten proto of recent commit. 2013-09-10 Jan-Oliver Wagner * src/preferences.c (preferences_save_empty_sessions): Removed. It is an unused function. (preferences_reset_cache): Don't call removed function anymore. 2013-09-10 Jan-Oliver Wagner Removing support for Scanner preference "ntp_opt_show_end" and instead show the end always. * src/attack.c (attack_start): Show protocol end message (FINISHED) always. It is send already always when stopping a scan. * src/preferences.c (preferences_ntp_show_end): Removed. (preferences_reset_cache): Don't reset "ntp_show_end" anymore. 2013-09-10 Jan-Oliver Wagner * src/preferences.c (preferences_use_mac_addr): Removed. (preferences_reset_cache): Don't reset "use_mac_addr" anymore. Caching is not relevant for this preference anyway, it is called once per host. * src/preferences.h: Remove proto accordingly. * src/attack.c (attack_network): Replace the explicit call for use_mac_addr preference by generic bool check. In case of an error, apply a default that is sensible in this context. 2013-09-10 Jan-Oliver Wagner * src/preferences.c (preferences_report_killed_plugins): Removed. It is an unused function. (preferences_reset_cache): Don't call removed function anymore. * src/preferences.h: Removed proto accordingly. 2013-09-10 Jan-Oliver Wagner * src/preferences.c (preferences_network_scan): Removed. (preferences_get_bool): New. Generically check for "yes"/"no" settings. (preferences_reset_cache): Don't reset "network_scan" anymore. Caching was not relevant for this preference anyway, it is called once per scan. * src/preferences.h: Add/remove protos accordingly. * src/attack.c (attack_network): Replace the explicit call for network_scan preference by generic bool check. In case of an error, apply a default that is sensible in this context. 2013-09-09 Hani Benhabiles Add support for hosts_ordering scanner preferences. * src/attack.c (attack_network): Check for hosts_ordering preference, and shuffle hosts list when value is random. Fix coding style. 2013-09-07 Jan-Oliver Wagner Removing remains of the scanner preference "slice_network_addresses" which was dropped with dropping the old host gatherer code. New methods to iterate over target hosts will be implemented based on the new code base. To not mix up with old prerefences, new names will be used for this. * src/preferences.c (openvassd_defaults): Removed "slice_network_addresses" (preferences_get_slice_network_addresses): Removed. * src/preferences.h: Removed proto accordingly. 2013-09-05 Hani Benhabiles Replace hg module usage with base/openvas_hosts API. This also removes the scanner preference "host_expansion" which in a magical way extends the list of hosts to be scanned. It is strictly not the task of a scanner to extend the given scope of scan targets based on unforseeable circumstances. Such intelligence is to be solved via the vulnerability management, not via the vulnerability scanning. * src/attack.c: Remove hg/host_gatherer.h and hg/hg_utils.h includes. Include base/openvas_hosts.h (attack_start_args): Remove unused hg_globals element. (attack_init_hostinfos_vhosts, attack_init_hostinfos, attack_network): Remove hg module functions usage. Replace with openvas_hosts functions calls. Remove unused code. * src/openvassd.c: Remove unneeded include. * src/preferences.c: Remove hg/host_gatherer.h include and unused preferences_get_host_expansion function. * src/preferences.h: Remove function header. 2013-09-03 Hani Benhabiles Clean code, remove unused function parameters. * src/hosts.c (hosts_stop_host, hosts_read_data): Remove unused globals parameter. (hosts_stop_all, hosts_read): Adjust function calls. * src/hosts.h: Adjust hosts_stop_host prototype. * src/ntp_11.c (ntp_11_parse_output): Adjust hosts_stop_host call. 2013-08-22 Hani Benhabiles Clean code, remove unused function parameters. * src/attack.c (launch_plugin): Adjust plugin_set_running_state, save_kb_restore_backup, save_kb_backup and save_kb_exists function call accordingly. (attack_network): Adjust get_max_hosts_number and get_max_checks_number function calls. * src/hosts.c (forward, forward_all, host_rm): Remove unused globals parameter. * src/nasl_plugins.c (nasl_plugin_init): Remove unused prefs and nasl parameters. (nasl_thread): Adjust preferences_drop_privileges function call. * src/ntp_11.c (ntp_11_long_attack): Remove unused orig parameter. * src/oval_plugins.c (oval_plugin_init): Remove unused prefs and args parameters. * src/pluginlaunch.c (process_mgr_sighand_term) (update_running_processes, pluginlaunch_init, pluginlaunch_stop) (plugin_launch): Adjust plugin_set_running_state and get_max_checks_number function calls. * src/pluginload.c (init_plugin_classes): Remove unused preferences parameter. (plugins_reload_from_dir): Adjust init_plugin_classes function call. * src/pluginload.h (pl_class_s): Adjust pl_init function prototype. * src/pluginscheduler.c (plugin_set_running_state) (plugin_next_unrun_dependencie, plugins_scheduler_next): Remove unused parameters. Adjust function calls. * src/pluginscheduler.h: Adjust headers accordingly. * src/preferences.c (preferences_drop_privileges): Remove unused parameter. * src/preferences.h: Adjust headers accordingly. * src/save_kb.c (kb_dirname, kb_fname, save_kb_entry_present_already) (save_kb_rm_entry_value, save_kb_rm_entry, save_kb_close) (save_kb_exists, save_kb_restore_backup, save_kb_backup) (save_kb_load_kb): Remove unused parameters. Adjust functions calls. * src/save_kb.h: Adjust headers accordingly. * src/utils.c (get_max_hosts_number, get_max_checks_number): Remove unused parameters. * src/utils.h: Adjust headers accordingly. 2013-08-14 Jan-Oliver Wagner * INSTALL: Updated reference system from Debian 6 to 7 and removed mentioning of GSD. 2013-07-25 Matthew Mundell * INSTALL: Reorder PKG_CONFIG_PATH export, in case another openvas installation is already in existing PKG_CONFIG_PATH. 2013-07-12 Michael Wiegand * tools/greenbone-nvt-sync: Simplify test and remove unnecessary stat call. 2013-07-01 Jan-Oliver Wagner * src/oval_plugins.c: Replaced any occurance of post_note by post_error or post_alarm respectively. 2013-07-01 Michael Wiegand * src/attack.c (pattern_matches, fill_host_kb_ssh_credentials): Hide debug output behind NDEBUG ndefines so it does not show up when built with the "Release" build type. 2013-06-26 Michael Wiegand * CMakeLists.txt: Make SVN revision in version string available again for out-of-source build. 2013-06-21 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 4.0+beta2. 2013-06-21 Michael Wiegand Preparing the openvas-scanner 4.0+beta1 release. * CHANGES: Updated. 2013-06-20 Michael Wiegand Adjust version identification string for protocol version switch. * src/openvassd.c (scanner_thread): Adjust version identifiers. Handle 2.0 like 1.0 and 2.1 like 1.1. * src/comm.c (comm_init): Replace 1.x with 2.xbeta1. 2013-06-11 Jan-Oliver Wagner * src/openvassd.c (check_client): New. Former check_user from users.c. * src/users.c, src/users.h: Removed. * src/CMakeLists.txt: Removed handling of users.c. * COPYING: Removed module users. 2013-06-11 Jan-Oliver Wagner * src/ntp_11.c (ntp_11_rules): Renamed variable user_rules to client_rules which is more suitable. 2013-06-11 Jan-Oliver Wagner Move users_add_rule() from users.c to rules.c as rules_add_client_rule() which is far more suitable. * src/users.c (users_add_rule): Removed. * src/users.h: Remove proto accordingly. * src/rules.c (rules_add_client_rule): New. * src/rules.h: Add proto accordingly. * src/ntp_11.c (ntp_11_rules): Rename function call accordingly. 2013-06-11 Jan-Oliver Wagner * src/auth.c, src/auth.h: Removed. This layer is not required anymore. * src/attack.c, src/comm.c, src/ntp_11.c, src/openvassd.c, src/sighand.c src/utils.c: Remove include of auth.h. * src/CMakeLists.txt: Remove handling of module auth.c. * COPYING: Remove module auth. 2013-06-11 Matthew Mundell * src/openvassd.c (scanner_thread): Skip username/password part of OTP. Patch by Jan-Oliver Wagner. 2013-05-31 Jan-Oliver Wagner * src/users.c (check_user): The file name is static, so don't use a variable anymore. * src/auth.c (auth_check_user): Ignore username and password, only dname is of interest. Therfore simplify code. 2013-05-31 Michael Wiegand Mark results of code analysis based on a number of valgrind runs. * src/pluginlaunch.c (process_internal_msg): Add TODO regarding possible memleak. * src/pluginscheduler.c (plugins_scheduler_init): Add TODO regarding possible memleak. 2013-05-30 Jan-Oliver Wagner * src/users.c (check_user): Remove any handling of the user name, it isn't required anyway. Removed the parameter "user". * src/users.h: Removed now unused macro OPENVAS_MAX_USERNAME_LEN. Adjusted proto accordingly. * src/auth.c (auth_check_user): Adjust call of check_user. 2013-05-29 Michael Wiegand * tools/openvas-nvt-sync.in: Add support for determining if the installed feed is current and only sync feed when it is not. Note that this only works with rsync. 2013-05-28 Jan-Oliver Wagner * doc/openvassd.8.in: Remove now-outdated parts about organization of users directory. 2013-05-28 Jan-Oliver Wagner * src/hosts.c: Removed unnecessary include. 2013-05-28 Jan-Oliver Wagner * INSTALL, CMakeLists.txt: Increase dependency to openvas-libraries from 6.0.0 to 7.0.0. 2013-05-28 Jan-Oliver Wagner * src/attack.c (launch_plugin, attack_network): Remove handling of username which is not relevant anymore because we have only one user. (attack_user_name): Removed. It is not used anymore now. * src/openvassd.c (scanner_tread): Removed handling of username. (main): Don't read environment variable OPENVASUSER and use it to set the user in global arglist. This seems to make no sense at all here even for old times. * src/ntp_11.c (ntp_11_parse_input, ntp_11_rules): Removed handling of username. * src/rules.c (rules_add): Don't have parameter username anymore because it is not used anyway. * src/rules.h: Adjust header accordingly. * src/auth.c (auth_check_user): Don't store the username anymore into the globals arglist. 2013-05-28 Jan-Oliver Wagner * src/save_kb.c (save_kb_new, save_kb_load_kb, save_kb_write): Remove handling of username, because "kbs" is not user-specific anymore. 2013-05-23 Jan-Oliver Wagner Removing "users" directory. Any remaining file-based data are now located directly in the OpenVAS state directory. * tools/openvas-mkcert-client.in: Changed paramters: -n does need anymore a user name. Internally "om" is used statically. No user directory is created or considered anymore. The file "dname" is now created directly in the state directory. * src/save_kb.c (kb_dirname): Moved location of OPENVAS_USERS_DIR/$user/kbs/ to OPENVAS_STATE_DIR/kbs/ * src/users.c (user_home): Removed. (check_user): Moved location of OPENVAS_USERS_DIR/$user/auth/dname to OPENVAS_STATE_DIR/dname. * src/users.h: Removed proto accordingly. * CMakeLists.txt, src/CMakeLists.txt: Removed handling of OPENVAS_USERS_DIR. 2013-05-16 Jan-Oliver Wagner * src/openvassd.c (scanner_thread): Remove useless rules variable. 2013-05-16 Jan-Oliver Wagner * src/openvassd.c (scanner_thread): Permissions will never occur during authentication anymore because we do not have server-side user permissions. Therefore drop the code for setting the permissions. 2013-05-15 Jan-Oliver Wagner * src/auth.c (auth_check_user): Use a simple success value instead of a faked rules object. * src/auth.h: Adapt proto accordingly. * src/openvassd.c (scanner_thread): Adjust call of auth_check_user accordingly. * src/users.h: Remove now unused BAD_LOGIN_ATTEMPT. * src/rules.h: Add includes to cover what is used here. 2013-05-15 Jan-Oliver Wagner * src/users.c (check_user): Better naming for internal variable and swap logic of testing. 2013-05-15 Jan-Oliver Wagner * src/users.c (check_user): Use a simple success value instead of a faked rules object. * src/users.h: Adapt proto accordingly. * src/auth.c (auth_check_user): Use new call of check_user. 2013-05-15 Jan-Oliver Wagner * src/users.c (check_user): Remove code path to check password. Removed parameter "password". (MD5_DIGEST_LENGTH): Remove this makro as not needed anymore. * src/users.h: Adjust proto accordingly. * src/auth.c (auth_check_user): Call check_user without password and removed any password management. But still keep the protocol part for reading the Password. 2013-05-14 Michael Wiegand * src/openvassd.c (main): Free GOptionContext after use. 2013-05-14 Jan-Oliver Wagner * CMakeLists.txt: Move the location of "openvassd.rules" from DATA (share/) directory to SYSCONF (etc/) directory. * doc/openvassd.rules: New. Sample and default file for openvassd.rules. * INSTALL: Added optinal items 1.1 and 1.2 about openvassd.conf and openvassd.rules. 2013-05-13 Jan-Oliver Wagner * src/rules.c (rules_init): Don't call rules_new anymore. The result wasn't used anyway and creating the file when it is not there is wrong behaviour anyway. That file needs to be carefully configured by the administrator of the OpenVAS Scanner installation. (rules_new): Removed. It is now unused. 2013-05-13 Jan-Oliver Wagner * src/users.c (check_user): Don't read the rules file of the user anymore and don't make it mandatory that at least an empty file "username/auth/rules" exists. Therefore now returns always a empty rules structure. (users_read_rules): Removed. This was used only by the code removed above. 2013-05-13 Jan-Oliver Wagner * tools/openvas-mkcert-client.in: Removed creation of rules file during user creation. The user created with this script is only used for controling via OpenVAS Manager. The rules of actual users are now managed by OpenVAS Manager and stored in that database. 2013-05-07 Michael Wiegand * CMakeLists.txt: Remove creation of GnuPG homedir here since openvas-libraries already takes care of this. 2013-04-11 Michael Wiegand * INSTALL: Note increased GnuTLS dependency. 2013-04-05 Matthew Mundell * src/log.c (log_init): Print fail messages about log file to stderr, so that tools wanting to parse "openvassd -s" output can separate out the the actual settings. 2013-04-05 Jan-Oliver Wagner Remove scanner preference "silent_dependencies". This setting advised the scanner to hold back results of those NVTs that were not explicitely selected but were only executed because they appeared as dependencies of selected ones. It is removed because it is actually task of the user or the controlling unit of the scanner (OpenVAS Manager) to filter whatever is of interest. The actual scan result should better remain complete inside the result databse. Dropping for example detection details makes a report less clear. Another aspect is, that use of this preference is too error-prone because users too easily combine a selection of NVT with this preference and accidently switch of results they actually would have expected (leading to False Negatives). So, for comprehensibility and consistency a scan result should always be complete. It is not the task of a scanner to drop any information. This patch may require some adjustments or improved ways of handling results in the Scanner clients. This change will change default behaviour of scan configurations that were setting silent_dependencies to yes. * src/pluginscheduler.c (enable_plugin_and_dependencies): Removed parameter "silent" and its handling. (plugins_scheduler_init): Call enable_plugin_and_dependencies without "silent" parameter. Also remove parameter "silent_dependencies". * src/pluginscheduler.h: Adjust proto accordingly. * src/attack.c (attack_network): Adjust call of plugins_scheduler_init accordingly. * src/preferences.c (openvassd_defaults): Removed "silent_dependencies". (preferences_silent_dependencies): Removed. (preferences_reset_cache): Removed handling of silent_dependencies. * src/preferences.h: Removed proto accordingly. * src/pluginlaunch.c (process_internal_msg): Don't consider LAUNCH_SILENT anymore. * src/pluginscheduler.h: Remove LAUNCH_SILENT. 2013-03-28 Hani Benhabiles * src/attack.c (attack_host): Adjust setproctitle call argument to start with "openvassd:". * src/openvassd.c (scanner_thread, main_loop): Adjust setproctitle call argument to start with "openvassd:". * src/nasl_plugins.c (nasl_thread): Adjust setproctitle call argument to start with "openvassd:". * src/oval_plugins.c (oval_thread): Adjust setproctitle call argument to start with "openvassd:". 2013-03-24 Hani Benhabiles * src/utils.c (version_check, is_symlink, check_symlink) (is_socket_connected, set_linger): Remove unused functions. * src/utils.h: Remove unused headers and declarations accordingly. 2013-03-21 Jan-Oliver Wagner Removing the shell scripts to add and to remove a user. This is the first part of moving the user management into OpenVAS Manager module. The Scanner should eventually only be accessed with certificates. For the time being, OpenVAS Administrator can manager traditional user accounts for the Scanner. * tools/openvas-adduser.in, tools/openvas-rmuser.in: Removed. * doc/openvas-adduser.8, doc/openvas-rmuser.8: Removed. * COPYING: Removed entries accordingly. * CMakeLists.txt: Removed handling of the two scritps. * doc/openvassd.8.in: Removed references to the documentation for the two scripts. * tools/openvas-mkcert-client.in: Removed reference to openvas-adduser documentation. 2013-03-20 Jan-Oliver Wagner * po/openvas-scripts-de.po, po/Makefile, po/README, po/: Removed. The i18n support for scripts has not proven and the scripts will undergo a major change anyway. 2013-03-20 Jan-Oliver Wagner * INSTALL: Removed notes on OpenVAS-Client which is not compatible anymore with the OTP changes. 2013-03-15 Jan-Oliver Wagner * CMakeLists.txt: Increased dependency to gnutls from 2.2 to 2.8. 2013-03-14 Hani Benhabiles * src/comm.c (is_valid_feed_version): New function. (nvt_feed_version): Test fgets() return value correctly. (comm_send_nvt_info): Validate feed version before sending it. 2013-03-14 Hani Benhabiles * src/comm.c (nvt_feed_version): New function. (comm_send_nvt_info): Send nvt feed version instead of DUMMY value. 2013-03-06 Jan-Oliver Wagner Reverting parts of the previous patch because under certain conditions (network_scan_status == busy) the kb_saving is still needed. * src/save_kb.c: Removed unneeded include. (save_kb): Re-added a simplified version. * src/save_kb.h: Re-added proto accordingly. * src/piic.c (kb_parse): Re-added handling for case "save_kb". * src/attack.c (attack_network, launch_plugin, init_host_kb): Re-adding, partly simplified, handling for case "save_kb", in other words for network scan situations. 2013-03-05 Jan-Oliver Wagner Third part of removing kb-saving feature. This completes the removal of the user-driven kb saving. * src/preferences.c (openvassd_defaults): Removed "kb_max_age". * src/save_kb.c (save_kb_max_age): Removed. (save_kb_load_kb): Apply the default 864000 for max_age directly (the old default, 10 days). * src/save_kb.h: Removed proto accordingly. 2013-03-05 Jan-Oliver Wagner Second part of removing kb-saving feature. This removes the scanner configs for advising to save kb. Thus no kb files are stored anymore under users/$user/kbs/ during a non-network scan. Network scans will still save KBs. * src/preferences.c (openvassd_defaults): Removed "save_knowledge_base", "kb_restore", "only_test_hosts_whose_kb_we_dont_have" and "only_test_hosts_whose_kb_we_have". * src/save_kb.c (save_kb, save_kb_pref_untested_hosts_only, save_kb_pref_tested_hosts_only, save_kb_pref_restore): Removed. * src/save_kb.h: Removed protos accordingly. * src/attack.c (attack_network, launch_plugin, init_host_kb): Removed handling for case "save_kb". * src/piic.c (kb_parse): Removed handling for case "save_kb". 2013-03-05 Hani Benhabiles * src/comm.c (plugin_is_newstyle): Remove function. Now part of plugutils.c in libraries. 2013-04-05 Matthew Mundell * src/nasl_plugins.c (plugin_is_newstyle): Check tag in case it is NULL. Also move &&'s to front of line for consistency. 2013-03-04 Jan-Oliver Wagner First part of removing kb-saving feature. This removes the scanner configs for selecting which NVT categories should be replayed. Now all will be replayed regardless of the category. However, this is temporary. * src/preferences.c (openvassd_defaults): Removed "kb_dont_replay_scanners", "kb_dont_replay_denials", "kb_dont_replay_info_gathering", "kb_dont_replay_attacks". * src/save_kb.c (save_kb_replay_check): Removed. * src/save_kb.h: Removed proto accordingly. * src/attack.c (launch_plugin): In case of using save_kb, any NVT will be replayed now. 2013-03-03 Hani Benhabiles * src/comm.c (send_plug_info): Send NOSUMMARY instead of whole summary when script tag summary is present. (plug_is_newstyle): Rename to plugin_is_newstyle. 2013-03-02 Hani Benhabiles * src/comm.c (plug_is_newstyle): New function to check if plugin has all newly added tags (summary, affected, insight, detection, impact, solution). (send_plug_info): Send NODESC instead of whole description when plugin has all new style tags. 2013-03-01 Jan-Oliver Wagner * src/openvassd.c (main): Don't initialize services (openvas_init_svc) anymore. It is not needed anymore because removed from openvas-libraries (see there for rationale). 2013-03-01 Jan-Oliver Wagner The port_range "default" is not allowed anymore. It is now mandatory that the client sends an explicit one. Ratonale: "default" is an intransparent behaviour from user perspective. * src/preferences.c (openvassd_option openvassd_defaults): Removed port_range from the default settings. * src/attack.c (attack_network): Check port_range directly as found in preferences. Don't assume "1-15000" in absense of port_range and don't consider port_range == "-1" as something valid. 2013-03-01 Timo Pollmeier * tools/greenbone-nvt-sync (RSYNC_DELETE): Remove quotes causing exclude of private directory to be ignored. 2013-02-28 Jan-Oliver Wagner * src/comm.c (comm_send_nvti_info): Renamed OTP command "PLUGINS_MD5" to "NVT_INFO" which is more apropriate as no MD5 is handled at all anymore. The parameter is kept as static text "DUMMY". 2013-02-28 Jan-Oliver Wagner * src/comm.c (comm_send_md5_plugins): Renamed to comm_send_nvt_info. * src/comm.h: Updated proto accordingly. * src/openvassd.c (scanner_thread): Renamed call accordingly. 2013-02-28 Jan-Oliver Wagner Remove handling of MD5 for NVTs from OTP. Those checksums have no meaning to the client because the client can not verify them as it has no access to the actual NVT files. So, the MD5 could serve as version/change indicator at best, but that is already redundant with the revisioning in the tags. The MD5 checksums could be used to determine which plugins are changed since last contact (provided the client stores them) in order to use PLUGIN_INFO for getting the changed ones instead of downloading all. In practice it has shown that it is simpler to just download all always. This removes the command SEND_PLUGINS_MD5 from OTP. * src/comm.c (comm_send_md5_plugins): Remove md5 computations and rather just send "DUMMY" as md5 value for command PLUGINS_MD5 for the time being. Removed answering on SEND_PLUGINS_MD5. * src/plugs_hash.c, src/plugs_hash.h: Removed. * COPYING: Removed module plugs_hash. * src/CMakeLists.txt: Removed handling of plugs_hash. * src/nasl_plugins.c: Removed include of plugs_hash.h, 2013-02-27 Timo Pollmeier * tools/greenbone-nvt-sync: Update version number. 2013-02-27 Timo Pollmeier * tools/greenbone-nvt-sync: Add PRIVATE_SUBDIR and private directory functionality to RSYNC_DELETE. 2013-02-27 Jan-Oliver Wagner Post branch version bump. * CMakeLists.txt: Set to version to 4.0.0 and beta status. 2013-02-22 Michael Wiegand * src/openvassd.c (main): Update year in copyright notice. 2013-02-20 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 3.4+beta3. 2013-02-20 Michael Wiegand Move "-Werror" flag to the "Debug" build type. * CMakeLists.txt: Move "-Werror" from CMAKE_C_FLAGS to CMAKE_C_FLAGS_DEBUG to keep it out of the "Release" build type. 2013-02-20 Michael Wiegand * CHANGES: Updated. 2013-02-18 Jan-Oliver Wagner Preparing the openvas-scanner 3.4+beta2 release. * CHANGES: Updated. 2013-02-11 Hani Benhabiles * src/comm.c (send_plug_info): Refactor code to remove fixed size of string regrouping nvt elements and calculate size dynamically. Rename variables to be more readable. 2013-02-11 Hani Benhabiles * src/comm.c (send_plug_info): Escape new lines in script tags when sending plugin information. 2013-02-07 Timo Pollmeier * tools/openvas-nvt-sync.in: Will now delete scripts not part of the feed like greenbone-nvt-sync when using rsync, except for a private directory. These scripts should be migrated by calling the sync script with option --migrate-to-private. (): Add new command line option --migrate-to-private. (IFS0, NEWLINE, PRIVATE_SUBDIR, OPENVAS_KEY_ID, RSYNC_DELETE, CMD_GPG): New variables. (do_help): Add new option and variable PRIVATE_SUBDIR. Change indentation. (chk_system_tools): Add warning if GPG is not found. (do_rsync): Add RSYNC_DELETE to delete files not part of the feed and prompt for migration if no private directory is found. (do_migrate_to_private): New function to migrate files without an OpenVAS signature to a private subdirectory. (check_signature): New helper function to check if a file has an OpenVAS signature. (move_file): New helper function to move files. 2013-02-06 Jan-Oliver Wagner * tools/greenbone-nvt-sync: Extended license from GPLv2 to GPLv2+. Removed special exception for .nes binaries. These will from now on be deleted. 2013-01-25 Matthew Mundell * src/nasl_plugins.c (nasl_plugin_add): Revert second plugin_args if block that I wrongly merged with the first one, and that Jan subsequently removed. plugin_args is assigned within the first if block, so it is valid to recheck it for the second block. 2013-01-24 Jan-Oliver Wagner * src/nasl_plugins.c (nasl_plugin_add): Removed (leftover?) error message and too early exit. The error message and exit was executed always when a new NVT (not in cache) is parsed. 2013-01-24 Werner Koch Improve bug tracking by directing diagnostics to the log file. * src/openvassd.c: Include openvas_logging.h. (init_openvassd): Add arg DONT_FORK and call setup_legacy_log_handler. (main): Pass DONT_FORK to init_openvassd. * src/log.c (log_write): Factor most code out to .. (log_vwrite): new function. * src/log.h: Add prototype for log_vwrite. * src/pluginload.c (plugins_reload_from_dir): fflush stdout to not mess up output to stderr. 2013-01-22 Matthew Mundell * src/nasl_plugins.c (nasl_plugin_add): Remove NULL initialisation of nvti which is actually initialised lower down, as this gives the wrong impression of how the variable will be used. Remove free of nvti before plugins_args block. Enable free of nvti after plugin_args block and remove note about crash -- free'ing twice leads to crashes. Free nvti in plugin_arg block now that the free before plugin_arg block is gone. Free nvti in plugin_arg block before reassigning to it, otherwise the memory will leak. Remove free that follows this reassignment because the nvti is freed after the plugin block. Merge duplicate plugin_args block into first one, because having two is just confusing. 2013-01-11 Jan-Oliver Wagner * src/ntp_11.c: Resolved some overlong lines. 2013-01-11 Jan-Oliver Wagner * src/attack.c (launch_plugin): Retrieve src of nvti directly. * src/plugs_hash.c (plugins_send_md5): Retrieve src of nvti directly. 2013-01-11 Jan-Oliver Wagner * src/attack.c (launch_plugin): Fix wrong reference. name was truncated in rare cases. 2013-01-07 Michael Wiegand * tools/greenbone-nvt-sync: Add support for proxy authentication. Patch submitted by Christian Schmidt. 2013-01-06 Jan-Oliver Wagner Third part towards clean separation of NVTI into the NVTI Cache: Copyies are returned, so these need to be free'd. * src/nasl_plugins.c (nasl_plugin_add, nasl_plugin_launch): Free the nvti object once it is not needed anymore. * src/ntp_11.c (_find_plugin): Free the nvti object once it is not needed anymore. (ntp_1x_send_dependencies): The filename needs to be free'd because it was strdup'ed before. Free the nvti object once it is note needed anymore. * src/attack.c (launch_plugin): We need the oid later on and have many exits, so better store it locally without need to free it. Free the nvti. * src/plugs_hash.c (plugins_send_md5): Free the nvti object. * src/oval_plugins.c (oval_plugin_add): Free the nvti object. * src/comm.c (send_plug_info): Free the nvti object. * src/pluginscheduler.c (hash_add): Free the nvti object. (plugins_scheduler_init): Added safety heck for missing OID. 2013-01-06 Jan-Oliver Wagner Second part towards clean separation of NVTI into the NVTI Cache: All remaining access to NVTI object via "NVTI" is replaced by access via OID. The only exception is the parsing code for the description block where the OID is not necessarily known at the beginning and therefore can not be relied on. * src/nasl_plugins.c (nasl_plugin_add): Remove the NVTI object after we added it for parsing the NASL file. (nasl_plugin_add): Use OID instead of NVTI. (nasl_plugin_launch): Use OID instead of NVTI. Fix setting of "name" and "preferences". * src/ntp_11.c (_find_plugin, ntp_1x_send_dependencies): Use OID instead of NVTI. * src/attack.c (launch_plugin): Use OID instead of NVTI. * src/pluginlaunch.c (plugin_launch): Use OID instead of NVTI. * src/plugs_hash.c (plugins_send_md5): Use OID instead of NVTI. * src/comm.c (send_plug_info): Use OID instead of NVTI. * src/pluginscheduler.c (hash_add, plugins_scheduler_init): Use OID instead of NVTI. 2013-01-06 Jan-Oliver Wagner First part towards clean separation of NVTI into the NVTI Cache: Plugin arg_list are provided with explicit OID element. And whereever only the OID is required, it is directly retrieved instead via NVTI. * src/pluginlaunch.c (update_running_processes): Use OID element directly instead of NVTI. * src/comm.c (plugin_send_infos, _get_plug_by_oid): Use OID element directly instead of NVTI. 2013-01-04 Jan-Oliver Wagner * src/pluginscheduler.c (plugins_scheduler_init): Fixed a memleak. 2012-11-09 Michael Wiegand * doc/CMakeLists.txt: Remove configuration no longer necessary for out-of-source builds. 2012-10-26 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 3.4+beta2. 2012-10-26 Michael Wiegand Preparing the openvas-scanner 3.4+beta1 release. * CHANGES: Updated. 2012-10-26 Michael Wiegand * CMakeLists.txt: Update CPACK_SOURCE_IGNORE_FILES. 2012-10-26 Michael Wiegand * INSTALL: Update instructions to use out-of-source building, remove outdated information. 2012-10-26 Michael Wiegand Update "doc" and "doc-full" targets for out-of-source builds. * doc/CMakeLists.txt: Update commands and targets to work with out-of-source builds. * doc/Doxyfile.in: Updated to work with out-of-source builds. * doc/Doxyfile_full.in: Harmonized with Doxyfile.in. 2012-10-25 Jan-Oliver Wagner * src/pluginscheduler.c (hash_link_destroy): Closed memleak. 2012-10-25 Jan-Oliver Wagner * src/pluginscheduler.c (hash_add): Closed memleak. Thanks to Felix Wolfsteller for spotting. 2012-10-23 Jan-Oliver Wagner * INSTALL: Updated for upcoming release. 2012-10-23 Jan-Oliver Wagner * CHANGES: Prepared for soon release of first 3.4 beta. 2012-10-08 Jan-Oliver Wagner * src/pluginscheduler.c (plugins_scheduler_init): Removed the cleverness feature to enable ACT_SETTINGS that were explicitely disabled. This behaviour is too clever for its own good. This means that clients can not rely on this behaviour anymore and must select the NVTs with corresponding care from now on. 2012-10-01 Michael Wiegand * src/openvassd.c (main): Add command line switch to exit once the NVT cache has been initialized or updated. 2012-09-10 Thomas reinke * src/comm.c (send_plug_info): Fixed SIGSEGV coredump that would occur if no family specified in a nasl script (would core dump if client connected and requested complete nasl test list) 2012-09-07 Jan-Oliver Wagner * src/ntp_11.c (ntp_1x_send_dependencies): Use str2arglist directly instead of plug_get_deps. * src/pluginscheduler.c (hash_add, plugins_scheduler_init): Use str2arglist directly instead of plug_get_*. 2012-07-19 Michael Meyer * src/openvassd.c: store.h was deleted in r13728. So don't include it. 2012-07-19 Matthew Mundell Add new OTP version 1.1 which is like 1.0 but sends less info to the client initially. Patch by Jan-Oliver Wagner. * src/comm.c (comm_init): Add OTP/1.1 case. * src/openvassd.c (scanner_thread): Skip sending some of the init info for OTP > 1.0. 2012-07-18 Jan-Oliver Wagner * src/openvassd.c (deny_severity, allow_severity): Removed. Global vars are never used. 2012-07-16 Jan-Oliver Wagner Removed built-in logfile rotation. It is not a good idea to try to circumvent system enviroment technology for logrotate. * src/log.c (MAX_LOG_SIZE_MEGS, rotate_log_file): Removed. (log_init): Removed call of rotate_log_file). 2012-07-13 Jan-Oliver Wagner * src/comm.c (comm_send_preferences): Removed deprectated prefs sind 3.0. 2012-07-12 Jan-Oliver Wagner * src/nasl_plugins.c, src/oval_plugins.c: Replace calls of store_load_plugin by subsequent calls of nvticache_get and plug_create_from_nvti_and_prefs. 2012-07-12 Jan-Oliver Wagner Use nvticache API instead of store_* API in a first step. Now it is mandatory that a cache directory really exists. * src/nasl_plugins.c (nasl_plugin_add): Replace use of store_ API by nvticache API. * src/oval_plugins.c (oval_plugin_add): Replace use of store_ API by nvticache API. * src/openvassd.c (init_openvassd): Replaced init via store_ by direct nvtichache calls. Make it mandatory that a cache directory exists. Fallback of nvi directory not used anymore. * CMakeLists.txt: Increase dependency to openvas-libaries to 6.0.0. 2012-07-10 Jan-Oliver Wagner Post branch version bump. * CMakeLists.txt: Set to version to 3.4.0 and beta status. 2012-04-24 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 3.3.2. 2012-04-24 Michael Wiegand Preparing the openvas-scanner 3.3.1 release. * CHANGES: Updated. 2012-04-24 Michael Wiegand Clean up CMake infrastructure and ensure that compilation with modern gccs works. * CMakeLists.txt: Retrieve GnuTLS flags via pkg-config. Remove setting of OPENVAS_LIB_INSTALL_DIR and OPENVAS_HEADER_INSTALL_DIR as they are retrieved via pkg-config now. * src/CMakeLists.txt: Remove handling of now superfluous OPENVAS_LIB_INSTALL_DIR and OPENVAS_HEADER_INSTALL_DIR. Set link libraries via target_link_libraries and not via LINK_FLAGS since this breaks compilation with more modern gccs. Take more libraries from pkg-config output instead of hardcoding them. 2012-04-20 Michael Wiegand * tools/greenbone-nvt-sync: Move check for ENABLED further down to allow options like --identify to work. 2012-04-20 Michael Wiegand * tools/greenbone-nvt-sync: Add switch to refresh scanner cache and manager database without requiring network access. 2012-04-13 Michael Wiegand * tools/greenbone-nvt-sync: Add switch to disable the sync script. 2012-04-04 Michael Wiegand * tools/greenbone-nvt-sync: Add ssh options to disable strict host key checking. Patch suggested by Lukas Grunwald. 2012-03-28 Jan-Oliver Wagner * CMakeLists.txt, INSTALL: Set dependency for glib and gnutls to minimum of what openvas-libraries requires. 2012-03-27 Jan-Oliver Wagner * CMakeLists.txt: Fixed svn revisioning. 2012-03-25 Jan-Oliver Wagner Post release version bump. * CMakeLists.txt: Set version to 3.3.1 2012-03-25 Jan-Oliver Wagner Preparing the openvas-scanner 3.3.0 release. * CHANGES: Updated. * CMakeLists.txt: Version bump to 3.3.0. 2012-03-11 Jan-Oliver Wagner Post release version bump. * CMakeLists.txt: Set version to 3.3+rc2. 2012-03-11 Jan-Oliver Wagner Preparing the openvas-scanner 3.3+rc1 release. * CHANGES: Updated. * CMakeLists.txt: Version bump to 3.3+rc1. 2012-03-05 Matthew Mundell * src/pluginlaunch.c (update_running_processes): Send an ERRMSG to the client when terminating a process. 2012-01-27 Henri Doreau * src/ntp_11.c (ntp_11_parse_input): Delete stop_required arglist entry instead of setting its value to zero when resuming a scan. 2012-01-27 Henri Doreau * src/ntp_11.c (ntp_11_parse_input): Reset stop_required variable on scan resume. 2012-01-27 Henri Doreau * src/ntp_11.c (ntp_11_parse_input), src/attack.c (attack_network): Don't start the second scan phase when network scan is enabled and user requests "stop" during the first phase. 2012-01-25 Henri Doreau * src/attack.c (launch_plugin): Ignore script_mandatory_keys requirements during network-wide scanning phase. 2011-12-28 Jan-Oliver Wagner * INSTALL: Re-arranged text a bit and added some Debian 6 info. 2011-11-25 Michael Wiegand * src/preferences.c (openvassd_defaults): Add reverse_lookup to the list of default scanner options with default value "no". 2011-11-23 Michael Wiegand * tools/greenbone-nvt-sync: Quote variables in tests to ensure strings containing spaces are handled correctly. 2011-11-10 Michael Wiegand * CMakeLists.txt: Adjust source locations in install command to enable installation from an out-of-source build. 2011-10-10 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 3.3+beta3. 2011-10-10 Michael Wiegand Preparing the openvas-scanner 3.3+beta2 release. * CHANGES: Updated. * INSTALL: Note dependency on openvas-libraries >= 5.0+beta2. 2011-10-10 Michael Wiegand * tools/greenbone-nvt-sync: Use awk instead of read since the "-d" option is not available in all shells. 2011-10-04 Matthew Mundell * ChangeLog: Describe UTC relation to Manager in last entry. 2011-10-04 Matthew Mundell * src/openvassd.c (main): Enforce UTC. When using Scanner with Manager either the Scanner must have been using UTC already, or the Manager must migrate the existing data (r11730) before using this Scanner version. 2011-09-12 Michael Wiegand * src/oval_plugins.c (ovaldi_launch): Tighten security for ovaldi launch: Ensure file names are not easily guessable, drop privileges early and place files in a randomly named temporary directory after privileges have been dropped. Improve cleanup after ovaldi launch. 2011-08-12 Michael Wiegand * tools/greenbone-nvt-sync: Update VERSION. 2011-08-12 Michael Wiegand * tools/greenbone-nvt-sync: Add support for syncport setting. 2011-08-12 Michael Wiegand * tools/greenbone-nvt-sync: Switch Manager DB rebuild to signal based mechanism. 2011-07-13 Matthew Mundell * ChangeLog: Always close the parentheses on the line they are opened on, as this is much easier to parse. 2011-07-12 Jan-Oliver Wagner * src/oval_plugins.c: Fixed rationale for a include. 2011-07-12 Jan-Oliver Wagner * src/oval_plugins.c (oval_plugin_add): Replace call of plug_set_nvti by direct retrieval from arglist structure. 2011-07-10 Jan-Oliver Wagner * src/nasl_plugins.c (nasl_plugin_add, nasl_plugin_launch): Replace use of plug_get*() by direct call of nvti_*() where nvti elements are concerned. * src/plugs_hash.c (plugins_send_md5): Replace use of plug_get*() by direct call of nvti_*() where nvti elements are concerned. * src/comm.c (send_plug_info, plugin_send_infos, qsort_cmp) (_get_plug_by_oid): Replace use of plug_get*() by direct call of nvti_*() where nvti elements are concerned. * src/pluginscheduler.c (plugins_scheduler_init): Replace use of plug_get*() by direct call of nvti_*() where nvti elements are concerned. Except where lists are handled. * src/ntp_11.c (_find_plugin, ntp_1x_send_dependencies): Replace use of plug_get*() by direct call of nvti_*() where nvti elements are concerned. Except where lists are handled. * src/pluginlaunch.c (plugin_launch): Replace use of plug_get*() by direct call of nvti_*() where nvti elements are concerned. 2011-06-28 Jan-Oliver Wagner * src/attack.c (launch_plugin): Replace use of plug_get*() by direct call of nvti_*() where nvti elements are concerned. 2011-06-21 Michael Wiegand Post release version bump. * CMakeLists.txt: Set version to 3.3+beta2. 2011-06-21 Michael Wiegand Preparing the openvas-scanner 3.3+beta1 release. * CHANGES: Updated. * INSTALL: Note dependency on openvas-libraries >= 5.0+beta1. * CMakeLists.txt: Updated. 2011-06-08 Michael Wiegand * src/preferences.c (openvassd_defaults): Add report_host_details to the list of default scanner options with default value "yes". 2011-06-08 Henri Doreau * src/preferences.c (openvassd_defaults, preference_reset_cache): Added nework_scan to the list of default scanner options. 2011-06-06 Michael Wiegand * src/ntp_11.c (ntp_1x_send_dependencies): Revert last commit as it removed a used variable. 2011-06-05 Stephan Kleine * src/ntp_11.c: remove unused variable to fix compilation wih GCC 4.6. 2011-06-01 Matthew Mundell Close some leaks. Based on patch from Michael Wiegand. * src/oval_plugins.c (start_element, text, oval_plugin_add): Always free memory that is allocated by glib functions. Take into account that the nvti_set_* functions duplicate the given memory. (ovaldi_launch): Add leak todos. 2011-05-31 Jan-Oliver Wagner * src/pluginlaunch.c: Added missing include of internal_com.h. 2011-05-31 Jan-Oliver Wagner Removing last remains of the unused shared sockets implementation according to Change Request #53. * doc/CMakeLists.txt, src/CMakeLists.txt: Removed handling of shared_socket.c. * src/pluginlaunch.c (process_internal_msg): Removed action upon message INTERNAL_COMM_MSG_SHARED_SOCKET which is never issued anyway. (process_mgr_sighand_term, update_running_processes, pluginlaunch_stop): Removed call of shared_socket_cleanup_process because there is nothing to clean up anyway. * src/shared_socket.c, src/shared_socket.h: Removed. * COPYING: Removed entry for shared_socket.*. 2011-05-31 Jan-Oliver Wagner * src/nasl_plugins.c, src/ntp_11.c, src/piic.c, src/pluginlaunch.c, src/oval_plugins.c: Added include for internal_com.h. * src/shared_socket.c, src/hosts.c: Replaced include of plugutils.h by internal_com.h. 2011-05-31 Jan-Oliver Wagner * doc/openvas-nvt-sync.8: Fixed author of the re-written script. * COPYING: Fixed typo. 2011-05-31 Matthew Mundell Deal with GCC 4.6 warnings. Thanks to Stephan Kleine for original patch. * src/attack.c (attack_network): Remove stray variables. * src/nasl_plugins.c (nasl_thread): Check nice return. * src/openvassd.c (scanner_thread): Check nice return. * src/oval_plugins.c (oval_plugin_add): Set NVT description correctly in overlength case. * src/preferences.c (preferences_drop_privileges): Remove variable previously used for trace message. * src/shared_socket.c (openvassd_shared_socket_register): Check internal_recv return. * src/sighand.c (let_em_die): Remove return variable, as the waitpid may fail in legitimate cases. 2011-05-31 Henri Doreau Do not force execution of ACT_INIT scripts anymore. This allows ACT_INIT scripts to register information iff they are selected by the user. ACT_SETTINGS scripts are still automatically selected though. * src/attack.c (launch_plugin), src/pluginscheduler.c (plugins_scheduler_init): Disable autoselection of ACT_INIT plugins. 2011-05-30 Michael Wiegand Post branch version bump. * CMakeLists.txt: Set to version to 3.3.0. 2011-04-18 Matthew Mundell * tools/openvas-nvt-sync.in: Put the mktemp template last, otherwise Ubuntu 9.10 gives an error. (do_sync): Correct typo. 2011-04-18 Henri Doreau * src/ntp_11.c (ntp_1x_send_dependencies): fixed memory leak reported by Valgrind. 2011-04-18 Henri Doreau * src/pluginload.c (collect_nvts): fixed memory leak reported by Valgrind. 2011-04-11 Michael Wiegand Post release version bump. * CMakeLists.txt: Set to version to 3.2.4. 2011-04-11 Michael Wiegand Preparing the openvas-scanner 3.2.3 release. * CHANGES: Updated. 2011-04-08 Michael Wiegand * tools/openvas-nvt-sync.in: Use feed.openvas.org instead of rsync.openvas.org in the feed URL. 2011-04-08 Michael Wiegand * tools/openvas-nvt-sync.in: Ensure openvas-nvt-sync syncs into the NVT directory configured in the scanner by default. Remove obsolete comment. 2011-03-31 Michael Wiegand * tools/openvas-nvt-sync.in: Do not use rsync as the default when no feed is present, i.e. we are doing the initial sync. Use http (wget or curl) instead. 2011-03-29 Michael Wiegand * tools/greenbone-nvt-sync: Enable BatchMode in ssh during rsync. 2011-03-28 Michael Wiegand * tools/greenbone-nvt-sync: Add support for specifying an arbitrary port for synchronization. 2011-03-28 Michael Wiegand * tools/greenbone-nvt-sync: Add support for reading configuration from $sysconfdir/openvas/greenbone-nvt-sync.conf. 2011-03-28 Michael Wiegand * tools/greenbone-nvt-sync: Add support for reading feed information from the plugin_feed_info.inc. Rename FEED_PROVIDER to FEED_VENDOR for consistency. 2011-03-28 Michael Wiegand * tools/openvas-nvt-sync.in: Make indentation consistent, flush trailing spaces. 2011-03-25 Michael Wiegand * tools/openvas-nvt-sync.in: Add support for reading feed information from the plugin_feed_info.inc. Rename FEED_PROVIDER to FEED_VENDOR for consistency. 2011-03-16 Henri Doreau * src/locks.c (file_lock): fixed coding style mismatch from previous commit. 2011-03-16 Henri Doreau * src/locks.c (file_lock, file_locked): Close file descriptors before return. * src/save_kb.c (save_kb_load_kb): Close stream before return. 2011-03-10 Michael Wiegand * tools/greenbone-nvt-sync: Fix conditionals so that they are evaluated as intended. 2011-03-07 Michael Wiegand * tools/openvas-nvt-sync.in: Removed last bashism from openvas-nvt-sync a second time: Drop SIG prefix when referring to signal as it is a bashism as well. 2011-03-04 Michael Wiegand * CMakeLists.txt: Ensure that a "gnupg" directory is created in the OpenVAS configuration directory with the correct permissions as a preparation for signature verifications. 2011-03-02 Michael Wiegand Enable the generation of code documentation. Spotted by Michael Meyer. * doc/CMakeLists.txt: New. Add to enable the generation of code documentation. * doc/Doxyfile.in, doc/Doxyfile_full.in: Fix value of INPUT to match the current paths. 2011-02-21 Michael Wiegand Post release version bump. * CMakeLists.txt: Set to version to 3.2.3. 2011-02-21 Michael Wiegand Preparing the openvas-scanner 3.2.2 release. * CHANGES: Updated. 2011-02-17 Michael Wiegand * tools/greenbone-nvt-sync: Log feed name, version and NVT count before and after each sync. 2011-02-17 Michael Wiegand * tools/openvas-nvt-sync.in: Remove last bashism from openvas-nvt-sync: Refer to signals by name, not by number. 2011-02-17 Michael Wiegand * src/preferences.h: Remove unimplemented function declaration for preferences_get_delay_between_tests. 2011-02-16 Michael Wiegand Post release version bump. * CMakeLists.txt: Set to version to 3.2.2. 2011-02-16 Michael Wiegand Preparing the openvas-scanner 3.2.1 release. * CHANGES: Updated. 2011-02-16 Michael Wiegand * src/preferences.c: Add default value for the preference "unscanned_closed". 2011-02-15 Michael Wiegand * tools/greenbone-nvt-sync: Remove redundant rsync flag. Spotted by Lukas Grunwald. 2011-02-14 Michael Wiegand * tools/greenbone-nvt-sync: Clean up bashisms, make checks for command availability more reliable. 2011-02-11 Michael Wiegand * tools/greenbone-nvt-sync: Improve behaviour when no init scripts are available. 2011-02-09 Michael Wiegand * CMakeLists.txt: Ensure OPENVAS_CACHE_DIR and OPENVAS_NVT_DIR are created on install. 2011-02-09 Michael Wiegand * CMakeLists.txt: Eliminate trailing whitespace in flags as it leads to trouble. Replace use of deprecated exec_program with execute_process. 2011-02-08 Michael Wiegand * CMakeLists.txt: Ensure openvassd is installed with the correct permissions. 2011-02-07 Michael Wiegand * CMakeLists.txt, src/CMakeLists.txt: Move handling of configuration and installation to top level CMakeLists.txt. 2011-02-07 Michael Wiegand * doc/openvassd.8.in: Fix typo, remove outdated information. 2011-02-04 Michael Wiegand Post release version bump. * CMakeLists.txt: Set to version to 3.2.1. 2011-02-04 Michael Wiegand Preparing the openvas-scanner 3.2.0 release. * CMakeLists.txt: Updated. 2011-02-03 Stephan Kleine * src/CMakeLists.txt: explicitly link against gcrypt 2011-02-03 Jan-Oliver Wagner * CHANGES: Updated for upcoming 3.2.0 release. 2011-02-03 Jan-Oliver Wagner * CMakeLists.txt: Added missing man page install directive. 2011-02-02 Michael Wiegand * CMakeLists.txt: Install man pages into the correct directory according to the FHS. 2011-02-02 Michael Wiegand Move installation of openvas-services file from openvas-scanner to openvas-libraries since the only function using it resides in openvas-libraries. * openvas-services: Removed. Is now openvas-libraries/openvas-services. * CMakeLists.txt: Remove handling of openvas-services. 2011-02-02 Michael Wiegand * CMakeLists.txt: Removed superfluous check for openvas_base. 2011-02-01 Michael Wiegand Switch openvas-scanner to pkg-config. * CMakeLists.txt: Move checks for openvas-libraries, glib and gnutls to pkg-config. * INSTALL: Update requirements and installation instructions. * src/CMakeLists.txt: Replace calls to libopenvas-config with the appropriate pkg-config calls. 2011-01-31 Michael Wiegand * src/preferences.c: Fixed glib include. (preferences_process): Remove own parsing of settings file and use the functionality provided by openvas-libraries instead. 2011-01-28 Jan-Oliver Wagner * tools/openvas-adduser.in: Removed checking code for openvassd config as it is handled differently now. 2011-01-27 Michael Wiegand * tools/greenbone-nvt-sync: Check whether the access key has a size greater than zero instead of just testing for existence during self test. 2011-01-27 Michael Wiegand * tools/greenbone-nvt-sync: Check whether credentials were read correctly before attempting to synchronize. 2011-01-25 Michael Wiegand * tools/greenbone-nvt-sync: Removed superfluous check for openvassd.conf. 2011-01-24 Jan-Oliver Wagner * src/openvassd.c (main): Unhide "--cfg-specs" from --help and provide a short description. 2011-01-20 Jan-Oliver Wagner Post-release version bump. * CMakeLists.txt: Set to 3.2+rc3. 2011-01-20 Jan-Oliver Wagner Preparing the openvas-scanner 3.2+rc2 release. * CMakeLists.txt: Added some files to ignore for CPack. * CHANGES: Updated. 2011-01-20 Jan-Oliver Wagner * doc/HTTP_authentication.txt: Removed. There is no new or helpful information in there. * src/COPYING: Removed. Since we maintain a explicit list in COPYING, we don't need that file anymore. 2011-01-20 Jan-Oliver Wagner * tools/openvas-mkcert.in: Added switch "-f" to force overwriting existing certificates. Added a stop-mechanism with respective note in case the certificate files already exist. * doc/openvas-mkcert.8: Added info about "-f" switch. 2011-01-20 Jan-Oliver Wagner * tools/openvas-mkcert.in: Removed test of openvassd as it is not necessary anymore. Remove client part as it is completly commented out anyway. * doc/openvas-mkcert.8: Updated. 2011-01-20 Michael Wiegand * tools/openvas-mkcert.in: Remove handling of openvassd.conf from openvas-mkcert since the default locations of the keys and certificates are already known to the scanner. 2011-01-20 Michael Wiegand * src/openvassd.c (main): Remove hidden command line option "--gen-config" since it has become meaningless now. 2011-01-20 Michael Wiegand Add default values for settings to the code to remove the dependence on a separate openvassd.conf settings file. * src/preferences.c: Add list of standard settings. (preferences_process): Initialize with standard settings and process settings file afterwards. (preferences_new): Removed. Default settings are kept internally now. 2011-01-19 Jan-Oliver Wagner * src/openvassd.c (main): Removed useless check for port as always a sensible is set. 2011-01-19 Jan-Oliver Wagner * src/openvassd.c (main): Removed command line option "--dump-cfg" as it returns no valueable information. * doc/openvassd.8.in: Updated accordingly. Updated date and improved titel and description. Added "-f" in synopsis. Extended authors section to explain some more background. 2011-01-19 Jan-Oliver Wagner * doc/openvassd.8.in: New default port is 9391. 2011-01-19 Jan-Oliver Wagner * src/openvassd.c (init_openvassd, main): Renamed any variables "iana_port" to "scanner_port". These are only used in this module. (main): Set default port to 9391. 2011-01-19 Matthew Mundell * src/CMakeLists.txt: Add SYSCONFDIR to definitions. * src/openvassd.c (main): Return SYSCONFDIR instead of OPENVAS_SYSCONF_DIR for -y, to match the pre-cmake behaviour. 2011-01-19 Michael Wiegand * src/preferences.c (preferences_new): Add preferences for vhost scanning to initial configuration file. 2011-01-19 Jan-Oliver Wagner * CMakeLists.txt: Reverted wrongly changed patch version. * INSTALL: Updated for OpenVAS-4. 2011-01-18 Jan-Oliver Wagner * src/openvassd.c: Removed code path for not HAVE_SETSID. Removed code patch for HAVE_ADDR2ASCII and HAVE_INET_NETA. 2011-01-17 Jan-Oliver Wagner * src/nasl_plugins.c, src/attack.c, src/save_kb.c, src/pluginlaunch.c, src/oval_plugins.c, src/comm.c, src/pluginscheduler.c: Change include patch for nvt_categories.h. * .root-dir: Removed. This as a woraround file for the old build environment. 2011-01-14 Jan-Oliver Wagner Removing framework for binary plugins as they are gone now. * src/nes_plugins.c: Removed. * src/CMakeLists.txt: Removed handling of module nes_plugins. * src/pluginload.c (init_plugin_classes): Removed nes_plugin_class from the class list. * src/pluginload.h (nes_plugin_class): Removed. * COPYING: Removed cnvt entries, renamed "openvassd/" to "src/" and added missing entry for openvas-rmuser.in. 2011-01-14 Jan-Oliver Wagner * cnvts/find_service/find_service.c, cnvts/find_service/Makefile, cnvts/find_service/, cnvts/make_world, cnvts/openvas_tcp_scanner/openvas_tcp_scanner.c, cnvts/openvas_tcp_scanner/Makefile, cnvts/openvas_tcp_scanner/, cnvts/install_plug, cnvts/synscan/synscan.c, cnvts/synscan/Makefile, cnvts/synscan/, cnvts/: Removed. The binary NVTs have been turned into built-in NVTs and the source code is now part of nasl module of openvas-libries. 2011-01-14 Jan-Oliver Wagner * doc/TODO.txt: Removed. It was hopeless out of date from the pre-OpenVAS times. 2011-01-14 Jan-Oliver Wagner * doc/openvas-nvt-sync.8: Added feed name. Removed reference to openvas-client. * doc/greenbone-nvt-sync.8: New. First raw version of a man page for completeness reason. * COPYING: Removed a doubled entry. 2011-01-14 Jan-Oliver Wagner * INSTALL: Updated and harmonized with INSTALL of openvas-manager. 2011-01-13 Jan-Oliver Wagner * doc/openvassd.8.in: Consolidated variable replacement of cmake processing. * CMakeLists.txt: Added configuration of openvassd.8 and added installation of all the man pages. 2011-01-13 Jan-Oliver Wagner * CMakeLists.txt: Install openvas-services. 2011-01-13 Jan-Oliver Wagner * tools/openvas-mkcert-client.in, tools/openvas-nvt-sync.in, tools/openvas-mkcert.in, tools/openvas-rmuser.in: Consolidated variable replacement of cmake processing. * CMakeLists.txt: Added configuration and installation of the remaining shell scripts from tools/ directory. Using @ONLY for the configuration. * tools/openvas-adduser.in: Reverted prompt variable setting change now that we use @ONLY. 2011-01-13 Matthew Mundell * ChangeLog: Remove trailing tab. Format old entries properly. 2011-01-13 Jan-Oliver Wagner * src/CMakeLists.txt: Added -ldl for linking. Spotted by Stefan Schwarz. 2011-01-12 Jan-Oliver Wagner * tools/openvas-adduser.in: Consolidated variable replacement of cmake processing. * CMakeLists.txt: Added configuring and installing of script openvas-adduser. 2011-01-12 Jan-Oliver Wagner * src/otp_1_0.c: Renamed makro OPENVAS_VERSION to OPENVASSD_VERSION. * src/preferences.c: Renamed OPENVASSD_PLUGINS to OPENVAS_NVT_DIR, OPENVASSD_CACHE to OPENVAS_CACHE_DIR, PLUGIN_TIMEOUT to NVT_TIMEOUT. * src/users.c: Replaced OPENVASSD_LOGINS by OPENVAS_USERS_DIR. * src/oval_plugins.c: Replaced OPENVAS_FULL_VERSION by OPENVASSD_VERSION. * src/openvassd.c: Added definition of OPENVAS_IANA_OTP_PORT, OPENVASSD_CONNECT_RATE and OPENVASSD_CONNECT_BLOCKER. These were previously in config.h. Replaced OPENVAS_FULL_VERSION by OPENVASSD_VERSION, OPENVASSD_CONFDIR by OPENVAS_SYSCONF_DIR. * src/comm.c: Replaced OPENVAS_VERSION by OPENVASSD_VERSION. * CMakeLists.txt: New. The master cmake control file. * src/CMakeLists.txt: New. The control file for building the actual scanner. 2011-01-11 Jan-Oliver Wagner * src/nasl_plugins.c, src/otp_1_0.c, src/preferences.c, src/ntp_11.c, src/attack.c, src/shared_socket.c, src/nes_plugins.c, src/pluginlaunch.c, src/users.c, src/oval_plugins.c, src/openvassd.c, src/log.c, src/rules.c, src/comm.c: Remove include of config.h and corevers.h. The variables will now be passed directly via cmake. * VERSION.in: Replaced version number by respective variable passed by cmake. 2011-01-11 Jan-Oliver Wagner * VERSION, VERSION.in: Renamed VERSION to VERSION.in. * doc/Doxyfile.in, doc/Doxyfile_full.in: Replaced project number by respective variable passed by cmake. 2011-01-11 Jan-Oliver Wagner * doc/Doxyfile, doc/Doxyfile.in: Renamed Doxyfile to Doyfile.in. * doc/Doxyfile_full, doc/Doxyfile_full.in: Renamed Doxyfile_full to Docyfile_fill.in. 2011-01-11 Jan-Oliver Wagner * src/OBJ/, src/OBJ/.createdir: Removed. Not needed anymore in a cmake build environment. 2011-01-11 Jan-Oliver Wagner * src/, openvassd/: Renamed openvassd to src in order to be consistent with other OpenVAS modules. 2011-01-11 Jan-Oliver Wagner First step of migrating from autotools to cmake. * configure, configure.in, config.guess, ltmain.sh, config.sub, aclocal.m4, install-sh: Removed. This is mostly stuff of the autotools environment. * include/config.h.in, include/corevers.h.in, include/: Removed. These include files contain makros that will be directly passed to the compiler with the cmake environment. * openvas.tmpl.in, Makefile, openvassd/Makefile: Removed. This is the Makefile-part. The cmake environment will build Makefiles directly. * MANIFEST: Removed. Cmake brings its own packaging scheme. 2011-01-10 Michael Wiegand * INSTALL: Fixed typo. 2011-01-08 Jan-Oliver Wagner * include/config.h.in: Removed various unsed defines. 2011-01-05 Jan-Oliver Wagner * cnvts/find_service/find_service.c: Made several functions static that were forgotten somehow. Remove a K&R style declaration. 2011-01-05 Jan-Oliver Wagner * configure.in: Removed more of the pthread handling. * configure: Updated. 2011-01-05 Jan-Oliver Wagner Removing OVS_COMPILER, OVS_OS_NAME and OVS_OS_VERSION. These do not deliver real value. Removing them simplifies build process. * include/corevers.h.in (OVS_COMPILER, OVS_OS_NAME, OVS_OS_VERSION): Removed. * configure.in: Removed handling of OVS_COMPILER, OVS_OS_NAME, OVS_OS_VERSION. * openvassd/openvassd.c (main): Don't print Compiler version, operating system and version on --dumpg-cfg. * openvassd/comm.c (comm_send_preferences): Don't send server_info_os and server_info_os_version anymore for "SERVER <|> PREFERENCES". 2011-01-05 Jan-Oliver Wagner * openvassd/oval_plugins.c (ovaldi_launch): Replaced PROGNAME by its static string "OpenVAS". * include/corevers.h.in: Removed PROGNAME. 2011-01-05 Jan-Oliver Wagner Remove unused and broken elements of trying to abstract different threading models. Adding thread-support should be done cleanly from ground up anew, if at all. * configure.in, openvas.tmpl.in, include/config.h.in: Removed PTHREAD handling. * openvassd/nasl_plugins.c: Remove include of threadcompat.h. (nasl_plugin_launch): module now is an int. * openvassd/attack.c: Remove include of threadcompat.h. (attack_network): pid now is an int. * openvassd/shared_socket.c: Remove include of threadcompat.h (struct shared_fd): current_users and creator now are int. (openvassd_shared_socket_register, openvassd_shared_socket_acquire, openvassd_shared_socket_release, openvassd_shared_socket_destroy, shared_socket_process): Parameter pid is not an int. (shared_socket_cleanup_process): Parameter process is not an int. * openvassd/shared_socket.h: Adjusted protos accordingly. * openvassd/nes_plugins.c: Remove include of threadcompat.h. (ext_library_t, LOAD_FUNCTION, LIB_LAST_ERROR, CLOSE_LIBRARY): Copied here from threadcompat.h. (nes_plugin_launch): module is now an int. * openvassd/pluginlaunch.c: Remove include of threadcompat.h. (struct running): pid now is an int. (process_mgr_sighand_term): Replaced _EXIT() by _exit(). * openvassd/openvassd.c (scanner_thread, main): Removed code paths for USE_PTHREADS as this is not supported anymore anyway. * openvassd/comm.c (comm_send_preferences): Remove conditional USE_FORK_THREADS as we always use forks. * include/threadcompat.h: Removed. * MANIFEST: Updated. 2011-01-05 Jan-Oliver Wagner * include/includes.h: Removed. * MANIFEST: Updated. 2011-01-05 Jan-Oliver Wagner * openvassd/openvassd.c: Replaced use of includes.h by respective direct includes. Replaced occurences of EXIT() by exit() and DO_EXIT() by exit(). 2011-01-04 Jan-Oliver Wagner * openvassd/sighand.c: Replaced use of includes.h by respective direct includes. (let_em_die): We assume we have always waitpid() available and don't try to fall back to wait4() or wait3(). (openvas_signal): Assume we always have sa_restorer. (sighandler, sighand_segv): Always use _exit() and don't try to fall back to exit(). Replace call of _EXIT() by exit(). * openvassd/shared_socket.c: Replaced use of includes.h by respective direct includes. 2011-01-04 Jan-Oliver Wagner * openvassd/plugs_req.c: Replaced use of includes.h by respective direct includes. * openvassd/piic.c: Replaced use of includes.h by respective direct includes. * openvassd/processes.c: Replaced use of includes.h by respective direct includes. Replaced occurences of EXIT() by exit() and _EXIT() by _exit(). * openvassd/attack.c: Replaced use of includes.h by respective direct includes. Replaced occurences of EXIT() by exit(). 2011-01-03 Jan-Oliver Wagner * openvassd/oval_plugins.c: Replaced use of includes.h by respective direct includes. (oval_plugin_launch): Replaced ntthread_t by int as it was handled as int already anyway. * openvassd/nes_plugins.c: Replaced use of includes.h by respective direct includes. * openvassd/nasl_plugins.c: Replaced use of includes.h by respective direct includes. 2011-01-03 Jan-Oliver Wagner * openvassd/save_kb.c (diff_scan, diff_scan_enable): Removed as these functions are never used and differntial computation do not belong to the Scanner anyway. * openvassd/save_kb.h: Removed protos accordingly. 2011-01-03 Jan-Oliver Wagner * openvassd/pluginlaunch.c: Replaced use of includes.h by respective direct includes. * openvassd/pluginload.c: Replaced use of includes.h by respective direct includes. * openvassd/plugs_hash.c: Replaced use of includes.h by respective direct includes. 2011-01-03 Jan-Oliver Wagner * openvassd/ntp_11.c: Replaced use of includes.h by respective direct includes. Replaced occurences of EXIT() by exit(). * openvassd/save_kb.c: Replaced use of includes.h by respective direct includes. 2011-01-03 Jan-Oliver Wagner * openvassd/preferences.c: Replaced use of includes.h by respective direct includes. Replaced occurences of DO_EXIT() by exit(). 2011-01-03 Jan-Oliver Wagner * openvassd/utils.c: Replaced use of includes.h by respective direct includes. Replaced occurences of EXIT() by exit(). 2011-01-03 Jan-Oliver Wagner * openvassd/otp_1_0.c: Remove use of includes.h as it was not necessary. 2011-01-03 Jan-Oliver Wagner * openvassd/hosts.c: Replaced use of includes.h by respective direct includes. 2011-01-03 Jan-Oliver Wagner * openvassd/users.c: Replaced use of includes.h by respective direct includes. Replaced occurences of EXIT() by exit(). 2011-01-03 Jan-Oliver Wagner * openvassd/auth.c: Replaced use of includes.h by respective direct includes. Replaced occurences of EXIT() by exit(). 2011-01-03 Jan-Oliver Wagner * openvassd/locks.c: Replaced use of includes.h by respective direct includes. 2011-01-03 Jan-Oliver Wagner * openvassd/log.c: Replaced use of includes.h by respective direct includes. 2011-01-03 Jan-Oliver Wagner * openvassd/rules.c: Replaced use of includes.h by respective direct includes. Replaced occurences of EXIT() by exit(). 2011-01-03 Jan-Oliver Wagner * openvassd/comm.c: Removed uselsess defines of FALSE and TRUE. 2011-01-03 Jan-Oliver Wagner * openvassd/comm.c: Replaced use of includes.h by respective direct includes. Replaced occurences of EXIT() by exit(). 2011-01-03 Jan-Oliver Wagner * openvassd/parser.c: Removed TODO as it refers to openvas-client which is not relevant anymore in this case. 2011-01-03 Jan-Oliver Wagner * openvassd/parser.c: Replaced use of includes.h by respective direct includes. 2011-01-03 Jan-Oliver Wagner * openvassd/pluginscheduler.c (scheduler_plugin_score, scheduler_plugin_best_score): Removed functions that were disabled and marked as broken anyway. 2011-01-03 Jan-Oliver Wagner * openvassd/pluginscheduler.c: Replaced use of includes.h by respective direct includes. 2010-12-30 Jan-Oliver Wagner * cnvts/find_service/find_service.c: Made several functions static. These are not needed externally. 2010-12-30 Jan-Oliver Wagner * cnvts/find_service/find_service.c, cnvts/openvas_tcp_scanner/openvas_tcp_scanner.c: Replaced use of includes.h by respective direct includes. * cnvts/synscan/synscan.c: Replaced use of includes.h by respective direct includes. Also removed inclusion of the openvastcp.h which is only relevant for absence of netinet. * cnvts/synscan/openvastcp.h, cnvts/synscan/openvasicmp.h, cnvts/synscan/openvasip.h, cnvts/synscan/openvasudp.h, cnvts/synscan/openvasraw.h: Removed. We assume we have have netinet. * MANIFEST: Updated. 2010-12-30 Jan-Oliver Wagner * include/config.h.in: Remove long obsolete DEFAULT_PORT. 2010-12-30 Jan-Oliver Wagner * openvassd/openvassd.c (main): Adapted --version output to comply with GNU Coding Standards (http://www.gnu.org/prep/standards/standards.html#g_t_002d_002dversion) 2010-12-29 Jan-Oliver Wagner * openvassd/openvassd.c (main): Improved description text. 2010-12-28 Michael Wiegand Split README and INSTALL documentation to be consistent with other modules and to conform to the GNU Coding Standards recommendations. * README: Moved content regarding installation and configuration to new INSTALL file. * INSTALL: New file containing installation and configuration hints. * MANIFEST: Updated to include INSTALL. 2010-12-20 Michael Wiegand * openvassd/ntp_11.c (ntp_11_parse_input): Fix calls to hosts_pause_all and hosts_resume_all to match their prototypes. Discovered by Stephan Kleine. 2010-12-20 Michael Wiegand Post-release version bump. * VERSION: Set to 3.2.0.rc2.SVN. * doc/Doxyfile, doc/Doxyfile_full: Increased PROJECT_NUMBER accordingly. 2010-12-20 Michael Wiegand Preparing the openvas-scanner 3.2+rc1 release. * VERSION: Set to 3.2.0.rc1. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. * CHANGES: Updated. 2010-12-20 Michael Wiegand * README: Updated. 2010-12-17 Michael Wiegand * openvassd/openvassd.c (main): Default to listening on IPv4 consistently if no other address is given instead of depending on whether the system has IPv6 capabilities or not. 2010-12-16 Michael Wiegand Address compiler warnings discovered with hardening flags on gcc 4.4. Make hardening flags default. * cnvts/openvas_tcp_scanner/openvas_tcp_scanner.c (read_sysctl_maxsysfd): Check return value of fscanf. * configure.in: Add hardening flags to default flags. * configure: Regenerated. * openvassd/locks.c (file_lock, file_locked): Check return values of calls to write and read. * openvassd/nasl_plugins.c (nasl_thread): Catch result of call to nice. Added todo for checking the return value. * openvassd/nes_plugins.c (nes_thread): Catch result of call to nice. Added todo for checking the return value. * openvassd/openvassd.c (scanner_thread): Catch result of call to nice. Added todo for checking the return value. * openvassd/save_kb.c (save_kb_load_kb): Check return value of call to fgets. 2010-12-10 Michael Wiegand Stop logging debug messages during the handling of shared sockets unless DEBUG is defined. * openvassd/shared_socket.c (openvassd_shared_socket_register, openvassd_shared_socket_acquire, openvassd_shared_socket_release, shared_socket_cleanup_process): Stop shared_socket.c from being too verbose by wrapping debugging output in an #ifdef DEBUG. * openvassd/pluginlaunch.c (read_running_processes): Only log debug message if DEBUG is defined. 2010-12-06 Michael Wiegand Post-release version bump. * VERSION: Set to 3.2.0.beta3.SVN. * doc/Doxyfile, doc/Doxyfile_full: Increased PROJECT_NUMBER accordingly. 2010-12-06 Michael Wiegand Preparing the openvas-scanner 3.2+beta2 release. * VERSION: Set to 3.2.0.beta2. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. * CHANGES: Updated. 2010-12-03 Michael Wiegand * openvassd/attack.c (init_host_kb): Initialize host_network_results as suggested by Matthew Mundell. 2010-12-02 Matthew Mundell Adjust the restriction on client side rules: instead of always refusing to add any client side reject rules, accept any client side rules but only when the user is already allowed to scan all hosts. * openvassd/ntp_11.c (ntp_11_rules): Forbid client side rules when there are any server side rules besides for "default accept". * openvassd/rules.c (rules_add): Allow addition of accept rules when username is given. 2010-11-19 Michael Wiegand Addressed 64 bit compiler warnings. * cnvts/find_service/find_service.c (mark_unknown_svc, plugin_do_run): Use GSIZE_TO_POINTER consistently instead casts to (void *). * openvassd/openvassd.c (scanner_thread): Use size_t for sizeof return value. 2010-11-18 Michael Wiegand * cnvts/openvas_tcp_scanner/openvas_tcp_scanner.c: Added include for openvas/misc/services.h. (std_port): Removed now superfluous declaration of openvas_get_svc_name. 2010-11-18 Michael Wiegand Post-release version bump. * VERSION: Set to 3.2.0.beta2.SVN. * doc/Doxyfile, doc/Doxyfile_full: Increased PROJECT_NUMBER accordingly. 2010-11-18 Michael Wiegand Preparing the openvas-scanner 3.2+beta1 release. * VERSION: Set to 3.2.0.beta1. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. * CHANGES: Updated. * configure.in: Set required openvas-libraries version to 4.0.0. * configure: Regenerated. * openvassd/openvassd.c (main): Display OPENVAS_FULL_VERSION instead of OPENVAS_VERSION in -V and -d. 2010-11-10 Jan-Oliver Wagner Replace plugin_ calls by using nvti directly. * openvassd/oval_plugins.c (oval_plugin_t): Removed because this struct is not required anymore (the nvti carries all of it). (current_plugin): now a nvti_t instead of oval_plugin_t. (start_element, text, oval_plugin_add): Handle nvti object now. Replace plugin_ calls by repsective nvti_ functions. 2010-11-10 Michael Wiegand * openvassd/attack.c (attack_network): Remove stray log message. Don't try to add target to the arglist if they are not set. 2010-11-09 Jan-Oliver Wagner * VERSION: Updated from 3.1.2.SVN to 3.2.0.SVN. * doc/Doxyfile, doc/Doxyfile_full: Increased PROJECT_NUMBER accordingly. 2010-11-09 Jan-Oliver Wagner * cnvts/find_service/find_service.c, cnvts/openvas_tcp_scanner/openvas_tcp_scanner.c, cnvts/synscan/synscan.c, openvassd/nasl_plugins.c, openvassd/comm.h, openvassd/utils.c, openvassd/otp_1_0.c, openvassd/plugs_req.c, openvassd/preferences.c, openvassd/ntp_11.c, openvassd/utils.h, openvassd/plugs_req.h, openvassd/attack.c, openvassd/ntp_11.h, openvassd/save_kb.c, openvassd/shared_socket.c, openvassd/save_kb.h, openvassd/piic.c, openvassd/nes_plugins.c, openvassd/pluginlaunch.c, openvassd/plugs_hash.c, openvassd/pluginload.c, openvassd/hosts.c, openvassd/auth.c, openvassd/users.c, openvassd/oval_plugins.c, openvassd/openvassd.c, openvassd/pluginload.h, openvassd/users.h, openvassd/locks.c, openvassd/rules.c, openvassd/comm.c, openvassd/parser.c, openvassd/pluginscheduler.c: Adjusted include paths for header files of libopenvas_misc. 2010-11-09 Michael Wiegand Added support for network level scans as described in OpenVAS Change Request #49 (see http://www.openvas.org/openvas-cr-49.html). * openvassd/preferences.c (preferences_network_scan): New function to return the value of the network_scan preference as int. * openvassd/preferences.h: Updated. * openvassd/pluginscheduler.c (plugins_scheduler_init): Changed function to accept an only_network switch. Remove NVTs in ACT_GATHER_INFO and up from the schedule if only_network is set. * openvassd/pluginscheduler.h: Updated. * openvassd/save_kb.c (save_kb): Ensure the KB is saved during a network level scan so we can us it later. * openvassd/attack.c (launch_plugin): Write to the network KB if we are scanning on the network level. (init_host_kb): If we are in the network scan phase, return a new network KB. If we have completed the network scan, get the relevant items from the network KB and use them in the host KB. (attack_host): Close the correct KB when an attack has finished. (attack_start): Check preferences to see if a network level scan has been requested and make the necessary preparations if this is the case. 2010-10-29 Michael Wiegand Post-release version bump. * VERSION: Set to 3.1.2.SVN. * doc/Doxyfile, doc/Doxyfile_full: Increased PROJECT_NUMBER accordingly. 2010-10-29 Michael Wiegand Preparing the openvas-scanner 3.1.1 release. * VERSION: Set to 3.1.1. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. * CHANGES: Updated. 2010-10-29 Michael Wiegand * doc/openvas-mkrand.1: Removed obsolete man page. 2010-10-25 Jan-Oliver Wagner * ssl/, ssl/openvas-mkrand.c, ssl/Makefile: Removed. * MANIFEST, COPYING: Removed file entries accordingly. * Makefile: Removed handling of ssl mkrand module. * tools/openvas-mkcert.in: Exit with error when no suitable random source is found. 2010-09-29 Michael Wiegand * doc/openvassd.8.in: Fixed typos as suggested by Trent W. Buck. 2010-09-05 Thomas Reinke * Removed FIXME comment. Rational: The preferences, despite being static, cannot be overwritten by another client beginning another scan, because each client is handled by a separate, forked, task, each with its own copy of memory. 2010-08-12 Jan-Oliver Wagner * MANIFEST: Updated. 2010-08-12 Jan-Oliver Wagner * COPYING: New. A summary of the licenses for each file. 2010-08-12 Jan-Oliver Wagner * COPYING.GPLv2: New. Former COPYING. * COPYING: Removed. Renamed to COPYING.GPLv2. 2010-08-12 Jan-Oliver Wagner * cnvts/synscan/synscan.c: Added missing header with license and copyright. This file originates from the -plugins module and includes GPLv2 headers. It was and is linking GPLed nasl. So, the conservative assumption is GPLv2 (without the "or any later version" clause). 2010-08-12 Michael Meyer * tools/openvas-mkcert-client.in: Bugfix (line 461: [: too many arguments). 2010-08-04 Felix Wolfsteller * tools/README, tools/README_TOOLS: Moved, such that doxygen will include the correct README in the main page. * MANIFEST: Updated entry. 2010-07-26 Felix Wolfsteller * openvassd/preferences.c: Resolved K&R function declarations. (preferences_get_string): Minor doc added. 2010-07-14 Michael Wiegand Post-release version bump. * VERSION: Set to 3.1.1.SVN. * doc/Doxyfile, doc/Doxyfile_full: Increased PROJECT_NUMBER accordingly. 2010-07-14 Michael Wiegand Preparing the openvas-scanner 3.1.0 release. * VERSION: Set to 3.1.0. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. * CHANGES: Updated. 2010-07-05 Michael Wiegand * openvassd/openvassd.c (main): Remove superfluous libnasl version from --dump-cfg output. 2010-07-02 Michael Wiegand * openvassd/pluginscheduler.c (hash_fill_deps): Remove overly verbose log message when looking for dependencies. 2010-07-01 Michael Wiegand Post-release version bump. * VERSION: Set to 3.1.0.rc4.SVN. * doc/Doxyfile, doc/Doxyfile_full: Increased PROJECT_NUMBER accordingly. 2010-07-01 Michael Wiegand Preparing the openvas-scanner 3.1.0.rc3 release. * VERSION: Set to 3.1.0.rc3. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. * CHANGES: Updated. 2010-06-30 Michael Wiegand * openvassd/users.c (check_user): Finally remove legacy support for passwords stored in plaintext. 2010-06-28 Michael Wiegand Post-release version bump. * VERSION: Set to 3.1.0.rc3.SVN. * doc/Doxyfile, doc/Doxyfile_full: Increased PROJECT_NUMBER accordingly. 2010-06-28 Michael Wiegand Preparing the openvas-scanner 3.1.0.rc2 release. * VERSION: Set to 3.1.0.rc2. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. * CHANGES: Updated. 2010-06-25 Michael Wiegand * openvassd/nasl_plugins.c (nasl_plugin_add): Check the modification time of the file before trying to cache a NASL script and fix it if it is greater than the current system time. Resolves the "unable to load plugins from the future" issue. 2010-06-25 Michael Wiegand * openvassd/attack.c (attack_init_hostinfos_vhosts): New. Initializes a hostinfos arglist with vhost values as well. (init_host_kb): Added vhosts parameter to function; now puts vhosts in the initial KB for this host if they are supplied. (attack_host): Hand hostinfos to init_host_kb. (attack_start): Put vhosts in hostinfos if both vhosts and vhosts_ip are set and if vhosts_ip matches the IP we are supposed to scan. 2010-06-22 Michael Wiegand * openvassd/preferences.c (preferences_drop_privileges): Removed stray debug message. 2010-06-22 Michael Wiegand * openvassd/nes_plugins.c (nes_thread): Attempt to drop privileges before executing the NES script. 2010-06-22 Michael Wiegand * openvassd/nasl_plugins.c (nasl_thread): Attempt to drop privileges before executing the NASL script. 2010-06-22 Michael Wiegand * openvassd/preferences.c (preferences_new): Add default value and comment for new preference "drop_privileges". (preferences_drop_privileges): New. Handles the new preference "drop_privileges". * openvassd/preferences.h: Updated. 2010-06-22 Michael Wiegand * openvassd/oval_plugins.c (drop_privileges): Renamed function to oval_drop_privileges to avoid namespace collision with function provided by openvas-libraries. 2010-06-14 Michael Wiegand * tools/greenbone-nvt-sync: Redirect error messages to stderr or log instead of writing them to stdout. Add --verbose flag. Add --nvt-dir flag. Check for openvassd binary in selftest. Reworked flow and command line parsing. * tools/openvas-nvt-sync.in: Make selftest work. Add --nvt-dir flag. Reworked flow and command line parsing. 2010-06-01 Michael Wiegand * tools/openvas-mkcert-client.in: Create the openvas users directory if installing the new user is requested and the directory does not exist. 2010-05-27 Felix Wolfsteller * openvassd/ntp_11.c (files_add_translation): Adressed compiler warning, made content parameter not const (a reference is put in the hashtable, data might get manipulated or freed from somewhere else). 2010-05-20 Michael Wiegand * openvassd/ntp_11.c (files_add_size_translation): Removed stray debug message. 2010-05-19 Michael Wiegand Post-release version bump. * VERSION: Set to 3.1.0.rc2.SVN. * doc/Doxyfile, doc/Doxyfile_full: Increased PROJECT_NUMBER accordingly. 2010-05-19 Michael Wiegand Preparing the openvas-scanner 3.1.0.rc1 release. * VERSION: Set to 3.1.0.rc1. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. * CHANGES: Updated. 2010-05-19 Felix Wolfsteller * README: Added hint that openvas-scanner is an evolution of openvas-server. Corrected dependency statement. 2010-05-17 Michael Wiegand Adding risk_factor tags to CNVTs. * cnvts/find_service/find_service.c (plugin_init): Set risk_factor. * cnvts/openvas_tcp_scanner/openvas_tcp_scanner.c (plugin_init): Set risk_factor. * cnvts/synscan/synscan.c (plugin_init): Set risk_factor. 2010-05-11 Michael Wiegand Changed preference file infrastructure to handle file uploads stored in memory instead of on disk. Part of OpenVAS Change Request #47 (http://www.openvas.org/openvas-cr-47.html). * openvassd/utils.c (temp_file_name): Removed, function was obsoleted by the implementation of CR #47 and used nowhere else. * openvassd/utils.h: Updated. * openvassd/ntp_11.c (files_add_translation): This function now stores the contents of the uploaded file instead of the server side file name. Updated comments and variable names as well to reflect the change. (files_add_size_translation): New. Stores the size of the uploaded file so that it is available later to NASL functions. (build_global_host_sshlogins_map): Updated to read the mapping from a buffer instead of from a file. (build_global_sshlogin_info_map): Updated to read the mapping from a buffer instead of from a file. (ntp_11_recv_file): Read uploaded file into memory instead of writing it to a file. * openvassd/attack.c (fill_host_kb_ssh_credentials): Get credentials directly from memory instead of from a file. (unlink_name_mapped_file): Removed. Replaced by free_uploaded_file. (free_uploaded_file): New. 2010-04-28 Jan-Oliver Wagner Removed the CNVT "ssl_cipher" which is being replaced by the NASL implementation "secpod_ssl_ciphers.nasl". * cnvts/ssl_ciphers/, cnvts/ssl_ciphers/ssl_ciphers.c, cnvts/ssl_ciphers/Makefile: Removed. * MANIFEST: Updated. 2010-04-19 Michael Wiegand * tools/openvas-mkcert-client.in: Added switch to automatically install generated certificates for use with the openvas-manager. 2010-04-13 Michael Wiegand * tools/greenbone-nvt-sync: Increase VERSION to reflect the changes made yesterday. 2010-04-13 Geoff Galitz * openvassd/attack.c: changed SSH-DEBUG message to not include references directly to LSC checks. This is to avoid confusion between credentials debugging and LSC troubleshooting. 2010-04-12 Michael Wiegand * tools/greenbone-nvt-sync: Removed unnecessary and misleading message when the log file could not be accessed. Changed behaviour to log to stderr instead of stdout when logging to a file is not possible. 2010-04-08 Matthew Mundell File missing from 2010-03-11 commit. * openvassd/hosts.c (hosts_pause_all, hosts_resume_all): New functions. Send pause and resume signal to host process. (hosts_read_client): Pause or resume if client gave associated command. 2010-04-06 Michael Wiegand * tools/openvas-nvt-sync.in: Split showing of description in two separate case for interactive and API use to make description in GSA look better. 2010-04-06 Michael Wiegand * tools/greenbone-nvt-sync: Added support for retrieving the version of the NVT collection. Removed support for 2.0 infrastructures, tidied up parameter handling and function definitions, added check for subscription file to self test. 2010-03-11 Matthew Mundell Add soft pausing of scans. Implementation of Change Request #45: OpenVAS-Scanner: add pausing of scans, http://www.openvas.org/openvas-cr-44.html. * openvassd/otp_1_0.h (client_request_t): Add CREQ_PAUSE_WHOLE_TEST and CREQ_RESUME_WHOLE_TEST. * openvassd/otp_1_0.c (otp_1_0_get_client_request): Add PAUSE_WHOLE_TEST and RESUME_WHOLE_TEST commands. * openvassd/ntp_11.h (NTP_PAUSE_WHOLE_TEST, NTP_RESUME_WHOLE_TEST): New defines. * openvassd/ntp_11.c (ntp_11_parse_input): Add CREQ_PAUSE_WHOLE_TEST and CREQ_RESUME_WHOLE_TEST handling. * openvassd/attack.c (pause_whole_test): New variable. (attack_handle_sigusr1, attack_handle_sigusr2): New functions. Set and clear pause_whole_test. (attack_host): Check pause_whole_test between plugins and pause if set. (attack_start): Set attack_handle_sigusr1 and attack_handle_sigusr2 as SIGUSR1 and SIGUSR2 handlers. * openvassd/hosts.c (hosts_pause_all, hosts_resume_all): New functions. Send pause and resume signal to host process. (hosts_read_client): Pause or resume if client gave associated command. * openvassd/hosts.h: Add headers accordingly. 2010-04-01 Michael Wiegand * tools/openvas-nvt-sync.in: Added support for retrieving the version of the NVT collection. 2010-03-31 Matthew Mundell * openvassd/nasl_plugins.c, openvassd/utils.c, openvassd/plugs_req.c, openvassd/preferences.c, openvassd/ntp_11.c, openvassd/attack.c, openvassd/save_kb.c, openvassd/shared_socket.c, openvassd/pluginlaunch.c, openvassd/oval_plugins.c, openvassd/parser.c: Flush trailing whitespace. 2010-03-30 Matthew Mundell * openvassd/comm.h, openvassd/utils.c, openvassd/parser.h, openvassd/otp_1_0.c, openvassd/plugs_req.c, openvassd/preferences.c, openvassd/ntp_11.c, openvassd/pluginscheduler.h, openvassd/utils.h, openvassd/processes.c, openvassd/otp_1_0.h, openvassd/plugs_req.h, openvassd/preferences.h, openvassd/ntp_11.h, openvassd/attack.c, openvassd/save_kb.c, openvassd/processes.h, openvassd/sighand.c, openvassd/shared_socket.c, openvassd/save_kb.h, openvassd/sighand.h, openvassd/shared_socket.h, openvassd/piic.c, openvassd/nes_plugins.c, openvassd/pluginlaunch.c, openvassd/piic.h, openvassd/plugs_hash.c, openvassd/pluginload.c, openvassd/pluginlaunch.h, openvassd/hosts.c, openvassd/auth.c, openvassd/users.c, openvassd/oval_plugins.c, openvassd/openvassd.c, openvassd/plugs_hash.h, openvassd/pluginload.h, openvassd/hosts.h, openvassd/auth.h, openvassd/users.h, openvassd/locks.c, openvassd/locks.h, openvassd/log.c, openvassd/log.h, openvassd/rules.c, openvassd/comm.c, openvassd/parser.c, openvassd/pluginscheduler.c, openvassd/nasl_plugins.c, openvassd/rules.h: Format according to coding style. Command was 'indent --no-tabs --ignore-newlines -l 80 *.c *.h'. 2010-03-23 Jan-Oliver Wagner Removed the superfuous handling of the bin/ directory. This handling only added confusion, no benefit. * bin/.create, bin/: Removed. * cnvts/find_service/Makefile, cnvts/openvas_tcp_scanner/Makefile, cnvts/ssl_ciphers/Makefile, cnvts/synscan/Makefile: Keep .nes file in the respective directory. * cnvts/install_plug: Remove copying of .nes to a "bin/" directory. * Makefile: Removed handling of bin/ directory. 2010-03-23 Michael Meyer * tools/openvas-nvt-sync.in: Added "-t" to mktemp. 2010-03-23 Michael Meyer * tools/openvas-nvt-sync.in: Bugfix in "mktemp" (too few X's in template). 2010-03-23 Jan-Oliver Wagner * VERSION: Set to 3.1.0.SVN. * doc/Doxyfile, doc/Doxyfile_full: Increased PROJECT_NUMBER accordingly. 2010-03-23 Jan-Oliver Wagner * doc/session_saving.txt: Removed. * MANIFEST: Updated. 2010-03-22 Jan-Oliver Wagner This is the second patch to remove the "Session Saving" feature. This corresponds to Change Request #46, http://www.openvas.org/openvas-cr-46.html This patch removes the conditional code paths for "ENABLE_SAVE_TESTS" which are not used anyway since the first patch. * openvassd/comm.c (comm_send_preferences): Don't send "ntp_save_sessions" as preference anymore. * openvassd/ntp_11.c: Removed inclusion of save_tests.h (it was not ifdef-protected). (extract_session_key_from_session_msg, ntp_11_delete_session, ntp_11_restore_session, ntp_11_list_sessions): Removed. (ntp_11_parse_input): Removed handling of Session Saving commands LIST, DELETE and RESTORE. * openvassd/openvassd.c (scanner_thread): Remove handling of RESTORE-SESSION. * openvassd/preferences.h: Removed protos for preferences_save_session and preferences_save_empty_sessions. * openvassd/attack.c, openvassd/utils.c, openvassd/hosts.c: Removed inclusion of save_tests.h (it was not ifdef-protected). * openvassd/save_tests.c, openvassd/save_tests.h: Removed. * openvassd/Makefile: Removedhandling of module"save_tests". * openvassd/save_kb.c: Removed a TODO entry concerning save_tests.c. * MANIFEST: Updated. 2010-03-22 Jan-Oliver Wagner This is the first patch to remove the "Session Saving" feature. This corresponds to Change Request #46, http://www.openvas.org/openvas-cr-46.html Deactivating feature "ENABLE_SAVE_TESTS". Some code paths were not covered by this conditional and thus were cleaned up manually. * include/config.h.in: Removed macro ENABLE_SAVE_TESTS and thus deactivated this feature. * openvassd/attack.c (attack_network): Removed handling of "restoring" and "save_session". * openvassd/hosts.c (forward, host_rm): Removed call of deactivated function. This also allows to remove the retrieval and use of the preferences structure. * openvassd/otp_1_0.h (client_request_t): Remove the CREQ_SESSION* items. * openvassd/otp_1_0.c (otp_1_0_get_client_request): Remove identification and handling of OTP commands "SESSIONS_LIST", "SESSION_DELETE", "SESSION_RESTORE". 2010-03-22 Jan-Oliver Wagner Post-release version bump. * VERSION: Set to 3.0.3.SVN. * doc/Doxyfile, doc/Doxyfile_full: Increased PROJECT_NUMBER accordingly. 2010-03-22 Jan-Oliver Wagner Preparing the openvas-scanner 3.0.2 release. * VERSION: Set to 3.0.2. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. * CHANGES: Updated. 2010-03-22 Javier Fernandez-Sanguino * tools/openvas-nvt-sync.in: Use mktemp when TMPDIR is undefined to prevent using /tmp directly. Since filenames created by the script are predictable using /tmp could lead to a race condition and an attack to the user running the script (typically root, since it needs to change /usr or /var). 2010-03-22 Javier Fernandez-Sanguino * Makefile: Make_world does not clean, remove the binary files in bin/ manually. 2010-03-19 Jan-Oliver Wagner * tools/greenbone-nvt-sync: New. * Makefile: Added handling for additional sync method. * MANIFEST: Updated. 2010-03-13 Jan-Oliver Wagner * configure: Updated. 2010-03-13 Jan-Oliver Wagner * openvas-nvt-sync.in, tools/openvas-nvt-sync.in: Moved to tools/. * configure.in, Makefile, MANIFEST: Adapted accordingly. 2010-03-12 Jan-Oliver Wagner * openvas-mkcert-client.in, tools/openvas-mkcert-client.in: Moved to tools/. * configure.in, Makefile, MANIFEST: Adapted accordingly. 2010-03-12 Jan-Oliver Wagner * openvas-mkcert.in, tools/openvas-mkcert.in: Moved to tools/. * configure.in, Makefile, MANIFEST: Adapted accordingly. 2010-03-12 Jan-Oliver Wagner * Makefile: Removed removal of non-existing openvas-install-cert. 2010-03-12 Jan-Oliver Wagner * openvas-rmuser.in, tools/openvas-rmuser.in: Moved to tools/. * configure.in, Makefile, MANIFEST: Adapted accordingly. 2010-03-12 Jan-Oliver Wagner * openvas-adduser.in, tools/openvas-adduser.in: Moved to tools/. * configure.in, Makefile, MANIFEST: Adapted accordingly. 2010-03-12 Michael Wiegand * openvas-adduser.in: Convert dname to GnuTLS format. 2010-03-12 Jan-Oliver Wagner Adding a tools directory where to collect assisting scripts. * tools/, tools/README: New. * MANIFEST: Updated. 2010-03-12 Jan-Oliver Wagner * openvassd/save_kb.c, openvassd/preferences.h, include/config.h.in: Removed conditional "ENABLE_SAVE_KB". This is not an experimental feature anymore. It has become an intergral part of the scanner since a long time and is a valuable feature for debugging purposes. 2010-03-11 Michael Wiegand * openvas-mkcert-client.in: Cleaned up bashisms in dname conversion. 2010-03-10 Michael Wiegand * openvas-mkcert-client.in: Cleaned and reworked script for generating OpenVAS client certificates. Now works with current openvas-scanner and allows to create certificates non-interactively. 2010-03-09 Michael Meyer * cnvts/find_service/find_service.c: Re-enabled "mark_unknown_svc()". This function was removed in Rev 38. Nobody knows why. This function is very important for find_service*.nasl (and a few others) because they all based upon "Services/unknown" which are stored in KB by mark_unknown_svc(). 2010-03-01 Stephan Kleine * cnvts/ssl_ciphers/ssl_ciphers.c: Changed return type of report_cat from int to void to fix a no-return-in-nonvoid-function error. 2010-02-22 Felix Wolfsteller * openvassd/ntp_11.c (files_add_translation): Corrected parameter documentation. 2010-02-12 Michael Wiegand * openvassd/nasl_plugins.c: Removed obsolete reference from comment. 2010-02-11 Michael Wiegand * openvas-nvt-sync.in: Removed superfluous outputs which broke the compatibility with openvas-administrator. 2010-02-09 Felix Wolfsteller * openvas-adduser.in: exit 0 if successfull, exit 1 if no input to user name/login is given. 2010-02-09 Felix Wolfsteller * openvas-adduser.in: Cosmetics. 2010-02-04 Michael Wiegand * openvassd/plugs_hash.c: Removed superfluous include of users.h. 2010-02-04 Michael Wiegand * openvassd/pluginload.c: Removed superfluous include of users.h. 2010-01-26 Michael Wiegand Post-release version bump. * VERSION: Set to 3.0.2.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2010-01-26 Michael Wiegand Preparing the openvas-scanner 3.0.1 release. * VERSION: Set to 3.0.1. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. * CHANGES: Updated. 2010-01-26 Felix Wolfsteller * openvas-nvt-sync.in: Flush trailing whitespaces, minor reformatting for more consistency. 2010-01-26 Vlatko Kosturjak * openvas-nvt-sync.in: quick merge of old script which had support for OpenVAS administrator and new script. In short, best of both worlds (scripts). 2010-01-26 Vlatko Kosturjak * openvas-nvt-sync.in: completely new version of openvas-nvt-sync, it passed quite a while on mailing list and nobody reported any serious bug (except cosmetic changes which can be contributed now to SVN). 2010-01-22 Felix Wolfsteller Added code for a very basic standalone synscanner based on the cnvt to ease debugging (e.g. IPv6 might not yet work). * cnvts/synscan/synscan.c: Remove undef of DEBUG macro. [DEBUG] (openbpf): Be very verbose. (scan): Instead of accessing values in arglists, accept these values as parameters, slighty more verbose ifdef DEBUG. (plugin_run): Find and pass new parameters for scan(). [STANDALONE] (main): New. Main for the standalone synscanner. 2010-01-22 Felix Wolfsteller * cnvts/synscan/synscan.c: More cosmetics and debug output (conditional on DEBUG macro). 2010-01-22 Felix Wolfsteller * cnvts/openvas_tcp_scanner/openvas_tcp_scanner.c, openvassd/hosts.c: Flush trailing white spaces, minor other cosmetic changes. * openvassd/attack.c, openvassd/attack.h: Cosmetics, docs. 2010-01-22 Jan-Oliver Wagner * cnvts/synscan/synscan.c (rawsocket): Fixed typos in error strings. 2010-01-22 Matthew Mundell * openvassd/users.c [DEBUG_RULES]: Print with log_write. (users_add_rule): Set the rule family. * openvassd/rules.c [DEBUG_RULES]: Print with log_write. (rules_dump): Add ip4 or ip6 on front of line. * openvassd/openvassd.c (scanner_thread) [DEBUG_RULES]: Print with log_write. 2010-01-21 Matthew Mundell * openvassd/openvassd.c (scanner_thread): Format more consistently. 2010-01-21 Matthew Mundell * openvassd/users.c, openvassd/rules.c, openvassd/openvassd.c: Flush trailing whitespace. 2010-01-20 Michael Wiegand Improved error handling in certificate authentication. * openvassd/openvassd.c (scanner_thread): Added improved error detection and handling as suggested by Stefan Bühler. 2010-01-19 Felix Wolfsteller * cnvts/synscan/synscan.c: Cosmetics, doc. 2010-01-18 Michael Wiegand Re-enabling certificate authentication. * openvassd/openvassd.c (scanner_thread): Added code for retrieving the X.509 DName from a session certificate so that the DName can be passed to auth_check_user(). Based on code suggested by Roman Imankulov. 2010-01-12 Felix Wolfsteller * cnvts/synscan/synscan.c: Reformatting, added svn revision keyword property. 2009-12-18 Michael Wiegand Post-release version bump. * VERSION: Set to 3.0.1.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2009-12-18 Michael Wiegand Preparing the openvas-scanner 3.0.0 release. * VERSION: Set to 3.0.0. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. * CHANGES: Updated. 2009-12-17 Michael Wiegand * openvassd/preferences.c (preferences_new): Added group name so the openvassd.conf complies with the key file specification (see http://freedesktop.org/Standards/desktop-entry-spec). 2009-12-09 Felix Wolfsteller * openvassd/ntp_11.c: Cosmetics. * openvassd/utils.c (temp_file_name): Reformatted. 2009-12-07 Michael Wiegand Post-release version bump. * VERSION: Set to 3.0.0.rc2.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2009-12-07 Michael Wiegand Preparing the openvas-scanner 3.0.0-rc1 release. * VERSION: Set to 3.0.0.rc1. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. * CHANGES: Updated. 2009-12-04 Jan-Oliver Wagner * openvas-nvt-sync.in: Added URL of feed home page. 2009-12-03 Chandrashekhar B * cnvts/openvas_tcp_scanner/openvas_tcp_scanner.c, cnvts/synscan/synscan.c: Fixed compiler warnings. 2009-12-03 Michael Wiegand * openvas-nvt-sync.in: Added support for upcoming synchronization script API. 2009-12-02 Michael Wiegand Made logging less verbose by wrapping a number of debugging messages in an #ifdef DEBUG. * openvassd/auth.c (auth_check_user): Only log successful logins when DEBUG is defined. * openvassd/comm.c (comm_init): Only log the protocol version requested by the client when DEBUG is defined. * openvassd/openvassd.c (main_loop): Only log debug messages about the connection when DEBUG is defined. 2009-11-30 Chandrashekhar B * cnvts/synscan/synscan.c (rawsocket): IPv6 enabling. (extractack): IPv6 enabling. (extractsport): IPv6 enabling. (issynack): IPv6 enabling. (scan): IPv6 enabling. (sendpacket): IPv6 enabling. (v6_openbpf): Added new. (v6_extracttcp): Added new. (mktcpv6): Added new. (v6_sendpacket): Added new. Coding by Srinivas NL and Chandrashekhar B. 2009-11-25 Chandrashekhar B * cnvts/openvas_tcp_scanner/openvas_tcp_scanner.c: Fixed a possible overflow. 2009-11-25 Felix Wolfsteller * openvassd/attack.c, openvassd/plugs_req.c, openvassd/preferences.c, openvassd/processes.c, openvassd/processes.h, openvassd/sighand.c, openvassd/users.c, openvassd/auth.c: Minor cosmetics. openvassd/attack.c (attack_init_hostinfos): Removed not used local variable. 2009-11-23 Michael Wiegand Post-release version bump. * VERSION: Set to 3.0.0.beta7.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2009-11-23 Michael Wiegand Preparing the openvas-scanner 3.0.0-beta6 release. * VERSION: Set to 3.0.0.beta6. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. * CHANGES: Updated. 2009-11-23 Felix Wolfsteller Added check for pcap to configure. Thanks to Stephan Kleine for spotting this issue. Closes bug #1192 (http://bugs.openvas.org/1192). * configure.in: Added check for pcap. * configure: Regenerated. 2009-11-23 Chandrashekhar B * openvassd/attack.c (attack_init_hostinfos): Call hg_get_name_from_ip() with the correct IP argument. Host name was resolving to a wrong random looking address. Fixed by Srinivas NL . 2009-11-15 Jan-Oliver Wagner * openvas-rmuser.in: Removed unused variables openvassd_users, openvassd, mandir, infodir, oldincludedir, includedir. * include/config.h.in (OPENVASSD_USERS): Removed macro. * openvassd/preferences.c (preferences_new): Removed creation of entry "users". * openvassd/comm.c (comm_send_preferences): Marked "users" as deprectated and added a more general TODO for similar cases. 2009-11-14 Srinivas NL * openvassd/openvassd.c (convert_ip_addresses): Modified to handle both ipv4 and ipv6 addresses. It will parse values of -S option and return either a list of ipv4 or ipv6 addresses. * openvassd/openvassd.c (main): Calls convert_ip_addresses twice passing values of -S option to get lists of ipv4 and ipv6 addresses. 2009-11-13 Felix Wolfsteller * openvassd/pluginlaunch.c: Cosmetics and added TODO (and howto) about sending log messages in case of killing NVTs due to timeout. 2009-11-10 Felix Wolfsteller Resolved typos lead to by Ryan Schmidt. * include/threadcompat.h: Replaced "recommand" by "recommend", added todo about duplicate code. 2009-11-10 Chandrashekhar B * openvassd/attack.c (attack_network): Use new functions from pcap to get MAC address and check whether target belongs to localnet. Coding by Srinivasa NL . 2009-11-10 Felix Wolfsteller * openvassd/utils.c (temp_file_name): Doc, added comment about toctou race condition and why its not totally straight-forward to replace by glib functions. 2009-11-09 Michael Meyer * cnvts/find_service/find_service.c: Removed HAVE_SSL remains. 2009-10-26 Michael Wiegand Post-release version bump. * VERSION: Set to 3.0.0.beta6.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2009-10-26 Michael Wiegand Preparing the openvas-scanner 3.0.0-beta5 release. * VERSION: Set to 3.0.0.beta5. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. * CHANGES: Updated. 2009-10-26 Michael Meyer * cnvts/openvas_tcp_scanner/openvas_tcp_scanner.c, cnvts/synscan/synscan.c: Added dependency ping_host.nasl. 2009-10-23 Jan-Oliver Wagner * openvassd/openvassd.c: Add missing include. 2009-10-21 Jan-Oliver Wagner * openvassd/openvassd.c (restart_openvassd, main): Use new pidfile management. * openvassd/sighand.c (sighandler): Use new pidfile management. * openvassd/utils.c (create_pid_file, delete_pid_file): Removed. * openvassd/utils.h: Removed protos accordingly. 2009-10-20 Jan-Oliver Wagner * openvassd/comm.c: replace ntp.h by otp.h. 2009-10-20 Jan-Oliver Wagner Removing remains of old ntp_caps. * openvassd/utils.c (plugins_set_ntp_caps): Removed. * openvassd/utils.h: Removed proto accordingly. * openvassd/openvassd.c (scanner_thread): Removed call to set global ntp_caps. Removed call of plugins_set_ntp_caps which initalized the plugins with the gobal ntp_caps. * openvassd/comm.c (comm_init): changed return value from ntp_caps to just int, specifiying the protocol version. * openvassd/comm.h: Adjusted proto accordingly. * openvassd/attack.c, openvassd/utils.c, openvassd/ntp_11.c: Removed unnecessary include of ntp.h. 2009-10-19 Michael Wiegand Post-release version bump. * VERSION: Set to 3.0.0.beta5.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2009-10-19 Michael Wiegand Preparing the openvas-scanner 3.0.0-beta4 release. * VERSION: Set to 3.0.0.beta4. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. * CHANGES: Updated. 2009-10-14 Srinivas NL * cnvts/synscan/synscan.c: Temporary fix to remove compilation warning. Will be fixed properly once pcap is modified to handle ipv6 2009-10-14 Felix Wolfsteller * openvassd/openvassd.c, openvassd/attack.c: Corrected includes. 2009-10-14 Jan-Oliver Wagner * openvassd/openvassd.c (scanner_thread): Add NULL initialization to get rid of compiler warning. 2009-10-13 Jan-Oliver Wagner * openvassd/plugs_hash.c (plugins_send_md5_byid): Renamed to plugins_send_md5. This removes the unnecessary layer. Now always send by oid. 2009-10-13 Jan-Oliver Wagner * openvassd/plugs_hash.c (plugins_send_md5_byname): Removed. This function is not used anyway. It uses names to identify NVTs which are not required to be unique. Instead, OID is used. 2009-10-13 Jan-Oliver Wagner * openvassd/openvassd.c: Added missing include. Resolves compiler warning. 2009-10-13 Jan-Oliver Wagner * openvassd/attack.c: Added missing include. Resolves compiler warning. 2009-10-13 Jan-Oliver Wagner * openvassd/openvassd.c (scanner_thread): Removed handling of SSL version being set to "none". This does not make sense to handle. If none is specified, now the scanner will fall back to its default as done before for any unknown SSL identifier. 2009-10-13 Matthew Mundell * openvassd/comm.c: Replace category name list with ACT_STRING_LIST_ALL. 2009-10-13 Matthew Mundell * openvassd/comm.c, ChangeLog: Flush trailing whitespace. 2009-10-12 Michael Wiegand * openvassd/openvassd.c (main): Made command line options more consistent with other modules and coding standards. Short option for --version is now -V (was -v). 2009-10-09 Jan-Oliver Wagner * openvas-mkcert-client.in, openvas-mkcert.in: Changed Paris to Berlin for the default. 2009-10-08 Michael Wiegand * openvassd/otp_1_0.c (otp_1_0_server_send_certificates): Added todo for segfault on nonexistent public key. 2009-10-06 Tim Brown * openvassd/utils.c: Fixed memory leak, typos and resource leak. Also added todo for TOCTOU race condition on temp_file_name() (details sent to openvas-devel@). 2009-10-06 Michael Wiegand Post-release version bump. * VERSION: Set to 3.0.0.beta4.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2009-10-06 Michael Wiegand Preparing the openvas-scanner 3.0.0-beta3 release. * VERSION: Set to 3.0.0.beta3 * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. * CHANGES: Updated. 2009-10-05 Felix Wolfsteller Removed dependence on libopenvas.h. * cnvts/find_service/find_service.c: Added includes and defines that previously were in libopenvas.h. * openvassd/pluginload.h: Added function typedefs that were previously in libopenvas.h. * openvassd/nes_plugins.c, openvassd/openvassd.c, openvassd/oval_plugins.c, openvassd/utils.c: Removed libopenvas-include, added missing includes. 2009-10-05 Felix Wolfsteller * cnvts/synscan/synscan.c, openvassd/save_tests.c, openvassd/nasl_plugins.c: Added missing includes. 2009-10-05 Felix Wolfsteller * openvassd/plugs_hash.c, openvassd/oval_plugins.c: Added includes. * ChangeLog: Corrected. 2009-10-05 Felix Wolfsteller Towards removal of libopenvas.h. * openvassd/attack.c (attack_network): Removed unused variable. * cnvts/find_service/find_service.c, cnvts/openvas_tcp_scanner.c, cnvts/synscan/synscan.c, openvassd/save_kb.c, openvassd/save_tests.c: Cleaned up/added includes. * include/includes.h: Removed include of libopenvas.h and ntp.h. * openvassd/openvassd.c, openvassd/oval_plugins.c, openvassd/utils.c: Added include of libopenvas.h where not yet resolved. * openvassd/plugs_req.c: Added include. (requirements_common_ports): Corrected typo from last commit. 2009-10-05 Felix Wolfsteller * openvassd/pluginscheduler.c, openvassd/plugs_req.c, openvassd/save_kb.c, openvassd/save_tests.c, openvassd/utils.c, openvassd/piic.c: Cosmetics, doc, todos added. * ChangeLog: corrected with last entry. 2009-10-05 Felix Wolfsteller Towards removal of libopenvas.h. * openvassd/utils.h, openvassd/users.c, openvassd/users.h, openvassd/shared_socket.c, openvassd/save_kb.h, openvassd/rules.c, openvassd/preferences.c, openvassd/plugs_req.h,, openvassd/plugs_hash.c, openvassd/pluginscheduler.h, openvassd/pluginload.h, openvassd/pluginload.c, openvassd/pluginlaunch.c, openvassd/parser.c, openvassd/ntp_11.h, openvassd/ntp_11.c, openvassd/nes_plugins.c, openvassd/nasl_plugins.c, openvassd/locks.c, openvassd/hosts.c, openvassd/comm.h, openvassd/comm.c, cnvts/ssl_ciphers/ssl_ciphers.c: Added/cleaned up includes. 2009-09-28 Jan-Oliver Wagner Post-release version bump. * VERSION: Set to 3.0.0.beta3.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2009-09-28 Jan-Oliver Wagner Last minute fix. * CHANGES: Fix a broken sentence. 2009-09-28 Jan-Oliver Wagner Preparing the openvas-scanner 3.0.0-beta2 release. * VERSION: Set to 3.0.0.beta2 * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. * CHANGES: Updated. 2009-09-25 Felix Wolfsteller Remove usages of harglist from scanner. * include/includes.h, openvassd/openvassd.c: Removed include of harglists.h * openvassd/attack.c (fill_host_kb_ssh_credentials) (attack_network): Use GHashTable instead of harglist. (unlink_name_mapped_file): New, used as callback in a g_hash_table_foreach. * openvassd/ntp_11.c (files_add_translation): Use GHashTable instead of harglist. 2009-09-25 Felix Wolfsteller * openvassd/comm.c, openvassd/nasl_plugins.c, openvassd/otp_1_0.c, openvassd/oval_plugins.c, openvassd/pluginload.c: Adjusted includes (openvas-libraries/nasl headers get installed to openvas/nasl now.) 2009-09-25 Felix Wolfsteller * openvassd/ntp_11.c (files_add_translation): Reformatted. * openvassd/attack.c: Minor cosmetics. 2009-09-25 Felix Wolfsteller * openvassd/ntp_11.c: Cosmetics, replaced K&R function decls. 2009-09-25 Felix Wolfsteller * openvassd/openvassd.c: Adjusted includes (openvas-libraries/nasl headers get installed to openvas/nasl now.) 2009-09-25 Felix Wolfsteller * openvassd/attack.c, openvassd/openvassd.c, openvassd/preferences.c: Adjusted includes (openvas-libraries/hg headers get installed to openvas/hg now.) 2009-09-25 Felix Wolfsteller * openvassd/attack.c (attack_network): Replaced harglist by GHashTable. * openvassd/save_tests.c (save_tests_playback, save_tests_setup_playback): Replaced harglst by GHashTable. * openvassd/save_tests.h (save_tests_playback): Changed signature, take GHashTable instead of harglst. 2009-09-25 Felix Wolfsteller * openvassd/otp_1_0.c: Minor cosmetics. 2009-09-25 Felix Wolfsteller * openvassd/otp_1_0.c: Adjusted includes. (otp_1_0_server_send_certificates): Switch from openvas-libraries/base/openvas_certificate to openvas-libraries/base/certificate. 2009-09-24 Jan-Oliver Wagner * configure.in: Consider recent name change from libopenvasmisc to libopenvas_misc. Also, libnasl is not separate anymore. * openvas.tmpl.in: Removed LIBNASL specific elements. * configure: Updated. 2009-09-23 Jan-Oliver Wagner Post-release version bump. * VERSION: Set to 3.0.0.beta2.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2009-09-23 Jan-Oliver Wagner Preparing the openvas-scanner 3.0.0-beta1 release. * VERSION: Set to 3.0.0.beta1 * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. * CHANGES: Updated. 2009-09-23 Jan-Oliver Wagner * MANIFEST: Added missing file. 2009-09-23 Felix Wolfsteller * openvassd/openvasd.c: (re)moved. * openvassd/openvassd.c: Moved from openvassd/openvasd.c. * openvasd/Makefile, MANIFEST: Adjusted. * openvassd/attack.c, openvassd/parser.c, openvassd/pluginlaunch.c, openvassd/processes.c: Adjusted comments. * doc/Doxyfile, doc/Doxyfile_full: Adjusted paths. * doc/session_saving.txt, doc/openvas-mkcert-client.1: Adjusted 2009-09-23 Felix Wolfsteller Moved folder openvasd to openvassd. * openvasd, openvassd: Moved folder from openvasd to openvassd. * Makefile, MANIFEST: Adjusted paths. 2009-09-23 Felix Wolfsteller * doc/openvassd.8.in: Replaced nessus by openvas. * configure.in: Corrected check for pthreads_enabled. * configure: Regenerated. 2009-09-22 Jan-Oliver Wagner * packaging/fedora/openvas-server-1.0.0-1.fc8.openvas.spec, packaging/fedora/openvas-server-1.0.0-Makefile.diff, packaging/fedora/, packaging/opensuse/openvas-server-1.0.0-1.suse102.openvas.spec, packaging/opensuse/openvas-server-1.0.0-Makefile.diff, packaging/opensuse/, packaging/debian/, packaging/: Removed. These files for packagig are very outdated. The packaging is now managed separately. * MANIFEST: Updated. 2009-09-22 Jan-Oliver Wagner * openvasd/openvasd.c, openvasd/otp_1_0.c, openvasd/otp_1_0.h, openvasd/oval_plugins.c: Copyright transfer from Intevation to Greenbone. 2009-09-22 Jan-Oliver Wagner * doc/TODO.txt: Added contents of toplevel TODO file. * TODO: Removed. * configure.in: Upgraded required openvas-libraries version to 3.0.0. Upgraded required glib from 2.6 to 2.12. * configure: Updated. * MANIFEST: Updated. 2009-09-22 Felix Wolfsteller * configure.in: Removed seconf reference to openvassd-config. * configure: Regenerated. * ChangeLog: Fixed identity theft. 2009-09-22 Felix Wolfsteller * configure.in: Removed reference to openvassd-config. * configure: Regenerated. 2009-09-22 Jan-Oliver Wagner * Makefile: Don't install openvassd-config anymore. * openvassd-config.in: Removed. This is not necessary anymore because openvas-plugins does not need it and the sysconfdir is provided by the scanner via command line option. * MANIFEST: Updated. 2009-09-22 Jan-Oliver Wagner * cnvts/find_service/find_service.c (plugin_do_run): Adapted to API change (nessus_get_socket_from_connection -> openvas_get_socket_from_connection). 2009-09-22 Felix Wolfsteller * Makefile: Renamed openvas-server to openvas-scanner. * openvasd/Makefile: Renamed openvasd to openvassd. * include/corevers.h.in: Adjusted to cover openvasd/openvassd change. * configure: Regenerated. 2009-09-22 Jan-Oliver Wagner * doc/openvas-nvt-sync.8: New. man page for the sync script. Written and contributed by Javier Fernández-Sanguino Peña. * doc/openvassd-config.1: Removed. The corresponding is not part of this package anymore. * doc/kb_saving.txt: Removed. This information is part of the regular documentation since a long time. * Makefile: Don't install openvassd-config.8 anymore. Install openvas-nvt-sync.8. * doc/TODO.txt: Cleaned a little bit. * MANIFEST: Updated. 2009-09-21 Felix Wolfsteller * configure.in, openvasd/save_tests.c, openvasd/pluginlaunch.c, openvasd/shared_socket.c, openvasd/users.c: Replaced occurances of openvasd by openvassd. 2009-09-21 Felix Wolfsteller * openvasd-config.in, openvassd-config.in: Moved file. * doc/openvasd.8.in, doc/openvassd.8,in: Moved. * doc/openvasd-config.1, doc/openvassd-config.1: Moved. * doc/kb_saving.txt, doc/openvas-mkrand.1, doc/openvas-rmuser.8, doc/nsr_file_format.txt, doc/nbe_file_format.txt, doc/openvas-mkcert.8, doc/openvas-adduser.8, doc/openvassd.8.in: Replaced occurances of openvasd by openvassd. 2009-09-21 Felix Wolfsteller First steps of renaming openvasd to openvassd, openvas-server to openvas-scanner. * configure.in, Makefile, openvas-adduser.in, openvasd-config.in, openvas-mkcert-client.in, openvas-mkcert.in, openvas-nvt-sync.in, openvas-rmuser.in, openvas.tmpl.in, README, doc/Doxyfile, doc/Doxyfile_full, doc/kb_saving.txt, doc/openvasd.8.in, doc/openvas-mkcert.8, doc/openvas-mkrand.1, session_saving.txt: Renamed openvasd to openvassd, server to scanner. * openvasd/auth.c, openvasd/comm.c, openvasd/log.c, openvasd/openvasd.c openvasd/pluginscheduler.c, openvasd/preferences.c, openvasd/rules.c, openvasd/save_tests.c, openvasd/shared_socket.c, openvasd/users.c, openvasd/utils.c, cnvts/synscan/synscan.c, include/config.h.in: Renamed openvasd to openvassd in source, comments and output. 2009-09-21 Jan-Oliver Wagner * openvasd/utils.h, openvasd/users.h, openvasd/sighand.h, openvasd/processes.h, openvasd/preferences.h, openvasd/plugs_hash.h, openvasd/pluginload.h, openvasd/piic.h, openvasd/parser.h, openvasd/openvasd.c, openvasd/ntp_11.h, openvasd/log.h, openvasd/locks.h, openvasd/comm.h, openvasd/auth.h, openvasd/attack.h, cnvts/ssl_ciphers/ssl_ciphers.c, cnvts/find_service/find_service.c: Replaced "NESSUS" by "OPENVAS". * cnvts/openvas_tcp_scanner/openvas_tcp_scanner.c: Adjusted API calls due to name change nessus to openvas. 2009-09-18 Felix Wolfsteller * MANIFEST: Updated as filenames were changed. 2009-09-18 Felix Wolfsteller * cnvt/synscan/openvasicmp.h, cnvt/synscan/openvasip.h, cnvt/synscan/openvasraw.h, cnvt/synscan/openvastcp.h, cnvt/synscan/openvasudp.h: Adjusted include guards and includes to new filenames, added todos (code duplicate in openvas-libraries/nasl). 2009-09-18 Felix Wolfsteller First part of renaming files (nessus->openvas) in the synscan c-nvt. * cnvt/synscan/nessusicmp.h, cnvt/synscan/nessusip.h, cnvt/synscan/nessusraw.h, cnvt/synscan/nessustcp.h, cnvt/synscan/nessusudp.h, cnvt/synscan/openvasicmp.h, cnvt/synscan/openvasip.h, cnvt/synscan/openvasraw.h, cnvt/synscan/openvastcp.h, cnvt/synscan/openvasudp.h: Moved. * cnvt/synscan/synscan.c: Adjusted include. 2009-09-17 Chandrashekhar B These changes support kernels that might not have ipv6 module loaded. Coding by Srinivasa NL . * openvasd/openvasd.c (main): Initialize "ai" with saddr or s6addr to wild card address depending on ipv6 availablilty. (main_loop): wait for ipv4 only client or ipv4/ipv6 client depending on what address the server is bound to. 2009-09-16 Jan-Oliver Wagner * openvasd/sighand.h, openvasd/processes.c, openvasd/openvasd.c, openvasd/attack.c, openvasd/comm.c, openvasd/sighand.c, openvasd/utils.c, openvasd/hosts.c, openvasd/pluginlaunch.c, openvasd/save_kb.c, openvasd/parser.c: Replaced "nessus" by "openvas" in function names. 2009-09-16 Michael Wiegand * openvas-mkcert.in: Replace usage of MD5 as certificate signature algorithm with SHA1. 2009-09-15 Jan-Oliver Wagner * openvas-adduser.in, openvas-mkcert-client.in, openvas-mkcert.in, openvas-rmuser.in: Renamed text domain from nessus-scripts to openvas-scripts. 2009-09-14 Felix Wolfsteller * doc/openvasd.8.in: Removed sections about non-implemented options, updated links to project information (removing the link a former existing mailing list overview page). 2009-09-14 Felix Wolfsteller Changed default behavior: openvasd now by default runs in background. New option -f (--foreground) has to be specified to keep it in foreground. * openvasd/openvasd.c (main): Changed default behavior, openvasd now backgrounds by default. * doc/openvasd.8.in: Document change in manpage. 2009-09-14 Felix Wolfsteller * openvasd/openvasd.c: Cosmetics. * openvasd/openvasd.c (init_network): Print error message to stderr and not only to log if socket acquiration failed. 2009-09-14 Felix Wolfsteller * openvasd/save_tests.c: Added TODOS, removed K&R headers, documentation , further cosmetics. 2009-09-11 Jan-Oliver Wagner Adapt Scanner to changes in API of store. * openvasd/openvasd.c (init_openvasd): Use new API of store_init. * openvasd/nasl_plugins.c (nasl_plugin_add): Use new API of store_load_plugin. * openvasd/nes_plugins.c (nes_plugin_add): Use new API of store_load_plugin. * openvasd/oval_plugins.c (oval_plugin_add): Use new API of store_load_plugin. 2009-09-10 Felix Wolfsteller * openvasd/save_tests.c (save_tests_write_data): Minor reformatting, added todo about possible mem leak, documentation. * openvasd/save_tests.c (save_tests_playback): Reformatted. 2009-09-10 Felix Wolfsteller * doc/Doxyfile, doc/Doxyfile_full: Added alias to generate todo list from both lower and uppercase @TODOs. 2009-09-08 Felix Wolfsteller Fixed broken build and reduced code base by: Replacing/merged pluginschedulers name cache by arglists ones. Note that the latter is considerably smaller and might thus lead to more collisions and decreased performance, but improves maintainability and memory imprint. * openvasd/pluginscheduler.c (struct name_cache, cache_init, cache_get_name, cache_add_name, cache_inc, cache_dec): Removed, are linked with openvas-libraries. * openvasd/pluginscheduler.c (HASH_MAX): Decreased to value found in openvas-libraries/misc/arglists.c. * openvasd/pluginscheduler.c (mkhash): Replaced by implementation found in openvas-libraries/misc/arglists.c . * openvasd/pluginscheduler.c: include arglists.h, added TODO. 2009-09-04 Jan-Oliver Wagner * doc/openvasd.8.in: Removed note on "admin_user": This functionality does not exist anymore. 2009-09-04 Jan-Oliver Wagner * openvasd/openvad.c (main_loop): Adjusted call API for SSL initialization. 2009-09-01 Felix Wolfsteller * configure: Regenerated. 2009-08-31 Felix Wolfsteller * configure.in, openvasd/Makefile: Removed libnasl dependence (is pulled in via libraries). 2009-08-31 Jan-Oliver Wagner * openvasd/preferences.c (preferences_new): Fixed typo. 2009-08-27 Chandrashekhar B Some more changes to move openvasd server to support ipv6 and a bug fix in checking rules. Coding by Srinivasa NL . * openvasd/attack.c (struct attack_start_args, attack_init_hostinfos, attack_start, attack_network): Added support for ipv6. Uses latest library function, hg_get_name_from_ip. * cnvts/openvas_tcp_scanner/openvas_tcp_scanner.c (banner_grab): Added support for ipv6. Open ipv4 or ipv6 socket depending on target type. * openvasd/rules.c (get_host_rules): Resolved a bug while assigning and comparing ip addresses. 2009-08-28 Tim Brown * openvasd/oval_plugins.c: Further format string fixes from Stephan Kleine. 2009-08-25 Michael Wiegand * openvasd/openvasd.c (main): Added commandline option to expose the system configuration directory value as set during configure. 2009-08-24 Jan-Oliver Wagner * TODO: Updated. Plugin upload is removed (CR#4). Cache needed for the time being. No need to migrate from arlist to harglist because the whole arglist is to be removed eventually (as discussed on OpenVAS DevCon2. Debian has been mostly redone anyway. 2009-08-24 Jan-Oliver Wagner Moved header files from include/ to the synscan C-NVT because this is the only one that uses these includes. * include/nessusicmp.h: Moved to cnvts/synscan/nessusicmp.h * include/nessusip.h: Moved to cnvts/synscan/nessusip.h * include/nessusudp.h: Moved to cnvts/synscan/nessusudp.h * include/nessusraw.h: Moved to cnvts/synscan/nessusraw.h * include/nessustcp.h: Moved to cnvts/synscan/nessustcp.h * MANIFEST: Updated. 2009-08-24 Jan-Oliver Wagner * Makefile: Don't install any header files anymore. The only code that was using these was in former openvas-plugins and is now part of openvas-server. 2009-08-20 Jan-Oliver Wagner * openvasd/openvasd.c (init_network): Changed API from "in_addr" to using "addrinfo". Added support for IPv6. (server_thread): Added support for IPv6. (main_loop): Added support for IPv6. (init_openvasd): Adapt structures (in_addr to addrinfo). (main): Added support for IPv6. 2009-08-20 Jan-Oliver Wagner * openvasd/Makefile: Added missing dependency for modules "users", "ntp_11" and "openvasd". * openvasd/users.c (users_add_rule): Adjust to new rules data, for the time being assuming only IPv4. * openvasd/ntp_11.c (ntp_11_rules): Adjust to new rules data, for the time being assuming only IPv4. 2009-08-20 Jan-Oliver Wagner Initializing implementation for IPv6 support. This corresponds to Change Request #27, http://www.openvas.org/openvas-cr-27.html Most work done by Srinivasa NL . * openvasd/rules.h: Added type "inaddrs_t" as union to hold either IPv6 or IPv4 address. (struct openvas_rules): Adapted to above and added family. Adpated protos according to new type. * openvasd/rules.c (rules_validateandgetipaddr, rules_ipv6addrmask): New. (rules_init_aux): Mostly rewritten to support IPv6 addresses. (rules_dup_aux, rules_dup): Removed. These functions are never used. (rules_set_client_ip): API changed (family added). Now supports IPv6. (rules_add): Added support of IPv6. (rules_dump): Added support of IPv6. (get_host_rules): Removed recursion decision. Added support of IPv6. * openvasd/attack.c (attack_network): Adapt to new API for considerung also IPv6 addesses when checking for access rules. 2009-08-10 Vlatko Kosturjak * cnvts/3com_hub/Makefile, cnvts/3com_hub/3com_hub.c: 2009-08-19 Tim Brown * openvas-adduser.in, openvas-rmuser.in: Fixed bashism. * openvas-mkcert.in, openvas-mkcert-client.in: Fixed bashism. 2009-08-19 Felix Wolfsteller * configure.in, configure: Raised the required versions of openvas-libnasl (2.0.2) and openvas-libraries (2.0.4) and regenerated configure. 2009-08-19 Felix Wolfsteller Backported from branches, revision 4581. * openvasd/attack.c (launch_plugin): Resolved case where uninitialized char* (error) reached fprintf. 2009-08-14 Felix Wolfsteller * openvasd/parser.c: Added TODO because of code duplication in client. Added TODO about possible code improvement. Reformatted, added documentation. Removed number of calls to strlen. 2009-08-14 Felix Wolfsteller * openvasd/attack.c, openvasd/comm.c, openvasd/hosts.c: Cosmetics. * openvasd/comm.c (qsort_cmp): Added TODO regarding sorting mechanisms (consolidate, improve function naming). * openvasd/hosts.c (struct host): Added TODO, as this struct could be stripped down and put in a list or hashtable. 2009-08-14 Felix Wolfsteller * openvasd/comm.h: Whitespace removal, corrected filename in comment. * ChangeLog: Minor reformatting. 2009-08-10 Vlatko Kosturjak * cnvts/3com_hub/Makefile, cnvts/3com_hub/3com_hub.c: removal of 3com_hub C plugin. Plugin did not work (return function at the beginning of plugin) and it is superseeded by scripts/remote-net-hub-3com.nasl 2009-08-05 Felix Wolfsteller * packaging/debian/watch, packaging/debian/changelog: Removed/moved to /openvas-packaging/openvas-server/debian/trunk. 2009-08-05 Felix Wolfsteller * packaging/debian, packaging/debian/openvas-server.dirs, packaging/debian/control, packaging/debian/openvas-server.init, packaging/debian/compat, packaging/debian/openvas-server.config, packaging/debian/openvas-server.install, packaging/debian/patches, packaging/debian/patches/12_openvas_nvt-sync-var.dpatch, packaging/debian/patches/10_bashism.dpatch, packaging/debian/patches/00list, packaging/debian/patches/11_openvas-nvt-sync.dpatch, packaging/debian/changelog, packaging/debian/rules, packaging/debian/openvas-server-dev.dirs, packaging/debian/openvas-server-dev.install, packaging/debian/openvas-server.postinst, packaging/debian/openvas-server.default, packaging/debian/openvas-server.postrm, packaging/debian/openvas-server.prerm, packaging/debian/openvasd.conf, packaging/debian/openvas-server.docs, packaging/debian/copyright, packaging/debian/openvas-server.templates, packaging/debian/po, packaging/debian/po/gl.po, packaging/debian/po/cs.po, packaging/debian/po/pt_BR.po, packaging/debian/po/es.po, packaging/debian/po/fr.po, packaging/debian/po/nl.po, packaging/debian/po/eu.po, packaging/debian/po/it.po, packaging/debian/po/POTFILES.in, packaging/debian/po/sk.po, packaging/debian/po/vi.po, packaging/debian/po/templates.pot, packaging/debian/po/pt.po, packaging/debian/po/ru.po, packaging/debian/po/de.po, packaging/debian/po/sv.po, packaging/debian/po/ja.po, packaging/debian/openvas-server.logrotate, packaging/debian/README.Debian: Removed. Was moved to /openvas-packaging/openvas-server/debian/trunk. 2009-08-03 Jan-Oliver Wagner * cnvts/ssl_ciphers/ssl_ciphers.c: Removed setting of french name. Also removed a commented-out alternative description. 2009-07-29 Jan-Oliver Wagner * openvasd/oval_plugins.c (oval_plugin_add): Setting a dependency and mandatory key for any OVAL file. This prevent OpenVAS to try to run OVAL files if no adequate ovaldi is present. 2009-07-28 Jan Wagner * packaging/debian/changelog, packaging/debian/control, packaging/debian/openvas-server.init, packaging/debian/patches, packaging/debian/patches/12_openvas_nvt-sync-var.dpatch, packaging/debian/patches/10_bashism.dpatch, packaging/debian/patches/00list, packaging/debian/patches/11_openvas-nvt-sync.dpatch, packaging/debian/rules, packaging/debian/openvas-server.postinst, packaging/debian/openvasd.conf, packaging/debian/copyright, packaging/debian/po/es.po, packaging/debian/po/it.po, packaging/debian/po/ja.po: - New upstream release - Bump Standards-Version to 3.8.2, no changes needed - removing absolute path calling rm in postinst, lintian fix. - add checkbashisms check for /usr/*bin/openvas-* and add devscripts as build-dep - add it.po, thanks to Vincenzo Campanella (Closes: #513361) - updates ja.po, thanks to Hideki Yamane (Closes: #538253) - add dpatch infrastructure - add 10_bashism.dpatch to get rid of bashism in upstream shell scripts, thanks to Raphael Geissert (Closes: #530156) - relicense packaging to GPL-3 - Minor changes to the Spanish translation, it was missing the review done in the debian-l10n-spanish mailing list by Noel David Torres. - Small fix in the error message in the init.d script when complaining that there is no ca_file defined. - New patch (11_openvas-nvt-sync.dpatch) to include upstream's openvas-nvt-sync that was previously in openvas-plugins package. This enables admins to update their OpenVAS plugins without the need for a separate plugin which, anyway, upstream is not going to provide see Change Request #32 (http://www.openvas.org/openvas-cr-32.html, "Discontinuing the tarball releases of openvas-plugins") (Closes: #534846, #532937) - Add 12_openvas_nvt-sync-var.dpatch to get the plugins into /var - Add the following packages to Recommends: as they are needed by some NASL script: # nmap - so the server can do portscans # smbclient - to retrieve information from "other" environments - Add the following packages to Suggests: as they are needed by some NASL script: # snmp - snmpwalk is used in the snmpwalk_portscan.nasl NASL script # pnscan - used by the pnscan.nasl NASL script # strobe - used by the portscan-strobe.nasl NASL script # ike-scan - used by the ike-scan.nasl NASL script - add debian/watch to detect when a new version is available at wald.intevation.org - Updated Spanish translation - Add Japanese translation, it is, however, out of date since the templates have changed (Closes: 520063) 2009-07-20 Jan-Oliver Wagner * openvasd/plugs_req.c (mandatory_requirements_met): Switched return code meaning. Now returns correctly. * openvasd/pluginscheduler.c (plugins_scheduler_init): Added handling for mandatory keys. 2009-07-19 Jan-Oliver Wagner Add handling for mandatory_keys. This is part of implementing Change Request #39, http://www.openvas.org/openvas-cr-39.html. * openvasd/pluginscheduler.h (struct scheduler_plugin): Added element for mandatory_keys. * openvasd/plugs_req.c (mandatory_requirements_met): New. Checks whether mandatory requirments (so far only KB keys). * openvasd/plugs_req.h: Added proto for mandatory_requirements_met. * openvasd/attack.c (launch_plugin): Take care the plugin in only launched if mandatory requirements are met. This esentially means regardless of flag optmize flag set. 2009-07-12 Felix Wolfsteller First part of fixing bug #779. Result of collaborative effort of Chandra, Thomas Reinke, Jan-Oliver Wagner, Michael Wiegand, Felix Wolfsteller. * openvasd/utils.c (common): Fixed. In a list comparison, after the first pass no further comparisons were done. Keeping pointer to start of list. 2009-06-29 Jan-Oliver Wagner * Makefile: Activate installation of C-NVTs. 2009-06-29 Jan-Oliver Wagner * cnvts/openvas_tcp_scanner/openvas_tcp_scanner.c (banner_grab, read_sysctl_maxsysfd): Resolved unused variables. (compute_min_max_cnx, read_sysctl_maxsysfd): Consider only if needed. (banner_grab): Resolving ambigious 'else'. Resolve 'parentheses around && within ||'. Resolve missing initialization. 2009-06-29 Jan-Oliver Wagner * cnvts/find_service/find_service.c(plugin_do_run): Resolved ambigious 'else' and signedness warning. 2009-06-29 Jan-Oliver Wagner * cnvts/synscan/synscan.c (extracttcp, extractsport, issynack, find_rtt, sendpacket, scan, plugin_run): Removed unused variable(s). 2009-06-29 Michael Wiegand Re-enabled compilation of legacy C-based plugins. Done in accordance with CR #32: "Discontinuing the tarball releases of openvas-plugins" (http://www.openvas.org/openvas-cr-32.html). This included adding libtool support to openvas-server. * configure.in: Make configure libtool-aware. * configure: Regenerated. * ltmain.sh: Added libtool support script. * Makefile: Enabled compilation of CNVTs. * aclocal.m4: Regenerated to add libtool support. * openvas.tmpl.in: Define libtool location to expose it to the CNVT Makefiles. * cnvts/3com_hub/Makefile: Fixed to integrate into openvas-server build environment in order to re-enable compilation. * cnvts/find_service/Makefile: Fixed to integrate into openvas-server build environment in order to re-enable compilation. * cnvts/openvas_tcp_scanner/Makefile: Fixed to integrate into openvas-server build environment in order to re-enable compilation. * cnvts/ssl_ciphers/Makefile: Fixed to integrate into openvas-server build environment in order to re-enable compilation. * cnvts/synscan/Makefile: Fixed to integrate into openvas-server build environment in order to re-enable compilation. 2009-06-29 Michael Wiegand * cnvts/synscan/synscan.c (plugin_init): Adapted calls of plug_set_* functions to API change. 2009-06-29 Michael Wiegand * cnvts/openvas_tcp_scanner/openvas_tcp_scanner.c (plugin_init): Adapted calls of plug_set_* functions to API change. 2009-06-29 Michael Wiegand * cnvts/find_service/find_service.c: Removed obsolete French defines. (plugin_init): Adapted calls of plug_set_* functions to API change. 2009-06-27 Jan-Oliver Wagner * configure.in: Removed handling of language setting. * configure: updated. 2009-06-27 Jan-Oliver Wagner * openvasd/oval_plugin.c (oval_plugin_add): Adapated calls of plug_set_* functions to API change. 2009-06-26 Jan-Oliver Wagner * openvasd/openvasd.c (init_openvasd): Don't use the deprecated method store_init_sys. 2009-06-26 Jan-Oliver Wagner * openvasd/preferences.c (preferences_new): Removed creation of parameter "language". * openvasd/nasl_plugins.c (nasl_plugin_add): Removed handling of language. * include/config.h.in, configure.in: Removed handling of OPENVASD_LANGUAGE. 2009-06-23 Jan-Oliver Wagner * openvasd/comm.c (send_plug_info): Fixed a bug regarding missing desc. Removed unnecessary NULL setting. 2009-06-23 Michael Wiegand * openvasd/oval_plugins.c: Making sure the copyright and summary is correctly set for OVAL plugins. (start_element, text, end_element): Add support for parsing "rights" element. (oval_plugin_add): Set copyright and summary when adding OVAL plugins to the cache. 2009-06-23 Jan-Oliver Wagner * openvasd/comm.c (send_plug_info): Fixed a bug regarding setting a placeholder name. Also improved error reporting to inform about as many problems as possible already during the first run. 2009-06-23 Michael Wiegand * openvasd/oval_plugins.c (ovaldi_launch): Make sure collected_objects element is only created if objects have been collected. 2009-06-22 Jan-Oliver Wagner * openvasd/comm.c (send_plug_info): More verbose error reports about inconsistent data to allow easier debugging. 2009-06-19 Jan-Oliver Wagner * Makefile: Add targets for handling the cnvts and hook them in except for all- and install-target - since the c-nvts do not build yet. 2009-06-19 Jan-Oliver Wagner Move the remaining C-NVTs from openvas-plugins module here. This is part of Change Request #32 (http://www.openvas.org/openvas-cr-32.html, "Discontinuing the tarball releases of openvas-plugins") * cnvts/3com_hub/3com_hub.c, cnvts/3com_hub/Makefile, cnvts/find_service/find_service.c, cnvts/find_service/Makefile, cnvts/install_plug, cnvts/make_world, cnvts/openvas_tcp_scanner/Makefile, cnvts/openvas_tcp_scanner/openvas_tcp_scanner.c, cnvts/ssl_ciphers/Makefile, cnvts/ssl_ciphers/ssl_ciphers.c, cnvts/synscan/Makefile, cnvts/synscan/synscan.c: New. Copied over from openvas-plugins/plugins/ * MANIFEST: Updated 2009-06-10 Jan-Oliver Wagner Move the sync-script for the OpenVAS NVT Feed from openvas-plugins module here. This is part of Change Request #32 (http://www.openvas.org/openvas-cr-32.html, "Discontinuing the tarball releases of openvas-plugins") * openvas-nvt-sync.in: New. Moved here from openvas-plugins module. * configure.in, Makefile: Added handling for openvas-nvt-sync. * configure: Updatd. * MANIFEST: Updated. 2009-06-03 Michael Wiegand Post branch version bump. * VERSION: Set to 2.1.0.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2009-06-03 Michael Wiegand Post release version bump. * VERSION: Set to 2.0.3.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. 2009-06-03 Michael Wiegand Preparing the openvas-server 2.0.2 release. * VERSION: Set to 2.0.2. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. * CHANGES: Updated. 2009-05-18 Michael Wiegand * packaging/debian/openvas-server.init (check_certs): Fixed error message when there is no ca_file setting in the openvasd.conf. 2009-05-11 Michael Wiegand * openvasd/plugs_hash.c (plugins_hash): Remove obsolete variable declaration for "uhome". 2009-05-11 Michael Wiegand Implementing the first part of Change Request #31: Remove support for plaintext password storage (http://www.openvas.org/openvas-cr-31.html). * openvasd/users.c (check_user): openvasd will now display a warning message on both stderr and the logfile when it encounters a password stored in plaintext. * openvas-adduser.in: Adding users without a working md5 algorithm is no longer possible. Added an exit 1 in case no algorithm is found, removed now obsolete reference to plaintext storage when storing credentials. * doc/openvas-adduser.8: Updated, removed obsolete parts. 2009-05-05 Jan Wagner * packaging/debian/changelog: reengineered Michaels changes :P 2009-04-27 Michael Wiegand * openvasd/plugs_hash.c (plugins_hash): Remove handling of obsolete "plugins" directory in the user_home directory. 2009-04-20 Michael Wiegand * openvas-adduser.in: Stop openvas-adduser from creating the now obsolete "plugins" directory for new users. 2009-04-20 Michael Wiegand * packaging/debian/openvas-server.dirs: Added var/cache/openvas to the list of directories to be created. 2009-04-20 Michael Wiegand * packaging/debian/control, packaging/debian/compat: Adjusting debhelper dependency and compatibility level to be consistent with the other modules and to allow Debian Etch packages to be built. 2009-04-17 Michael Wiegand Updated Debian packaging files. * packaging/debian/openvas-server.dirs: Added etc/openvas/gnupg to the list of directories to be created. * packaging/debian/control: Updated build dependencies. Added dependency to openssl since it is need by the Debian post-inst script. * packaging/debian/openvas-server.install: Added usr/bin/openvasd-config to the list of files of to be installed. It was formerly installed with openvas-server-dev but is needed by some third party tools. * packaging/debian/openvas-server-dev.install: Removed usr/bin/openvasd-config from the list of files to be installed (see above). * packaging/debian/openvas-server.default: Changed the default to make openvasd listen on external interfaces as well. * packaging/debian/openvasd.conf: Updated with new preferences for the 2.0.x series and fixed wrong entry for dumpfile. 2009-04-09 Michael Wiegand * MANIFEST: Added missing ChangeLog. 2009-04-09 Felix Wolfsteller Reformatting and doc in comm module. * openvasd/comm.c: Reformatting, doc. 2009-04-09 Felix Wolfsteller Renamed variables starting with 'g_', as it suggest GLib ownership. * openvasd/openvasd.c, openvasd/utils.c: Renamed variables starting with 'g_'. 2009-04-08 Felix Wolfsteller Reformatting in pluginlaunch module. * openvasd/pluginlaunch.c: Reformatting. 2009-04-08 Michael Wiegand * openvasd/nasl_plugins.c (nasl_plugin_add): Added carriage return and newline to message to improve readability. 2009-04-07 Felix Wolfsteller Print message to stderr when a nasl script could not be cached. This happens in cases where exit() is called prior to the description. As a consequence of that non-happening description parse, the nvt might not be visible to the client. * openvasd/nasl_plugins.c (nasl_plugin_add): Be loud when a script could not be added to the cache. 2009-04-06 Felix Wolfsteller * openvasd/nasl_plugins.c: Minor reformatting, doc. 2009-04-02 Felix Wolfsteller Removed build-breaking debug code. * openvasd/openvasd.c: Removed build-breaking debug code. 2009-04-01 Felix Wolfsteller Cosmetics, reformatting, doc in nasl_plugins module. * openvasd/nasl_plugins.c: Cosmetics, doc, reformatting. 2009-04-01 Felix Wolfsteller Added todos and fixmes in openvasd module, reformatting, doc. * openvasd/openvasd.c: Cosmetics, doc, reformatting, todos and fixmes. 2009-03-20 Michael Wiegand * openvasd/pluginscheduler.c (hash_fill_deps): Improved searching for dependencies: If plugin some_path/x.nasl has a dependency on y.nasl which can not be found, hash_fill_deps will now make attempt to find the dependency in some_path/y.nasl. 2009-03-18 Michael Wiegand * openvasd/oval_plugins.c (ovaldi_launch): Added initial support for FDCC checks in the form of support for creating user_items and sid_items based on data collected via WMI; note that this is just an early proof of concept and contains a number of hacks. oval_plugins.c now uses the GString functionality provided by glib to construct the collected_objects and system_data elements to account for relations between child elements of those elements. Furthermore, oval_plugins.c will now attempt to remove stale result files before running ovaldi to prevent the reporting of incorrect results when ovaldi failed to construct a result file. 2008-03-05 Vlatko Kosturjak * configure, configure.in: Removal of PCAP_TIMEOUT_IGNORED which is not used any more in the source 2009-03-05 Felix Wolfsteller Increased the required openvas-libraries version (2.0.2), for updated ssh_login datastructure. * configure.in: Increased required openvas-libraries version to 2.0.2. 2009-03-02 Michael Wiegand * openvasd/oval_plugins.c: Code cleanup. Renamed child_setup to drop_privileges to make the function intention more clear. Removed superfluous result variable. 2009-03-02 Michael Wiegand * openvasd/oval_plugins.c: Beautification commit, no code changes. Made indentation consistent with the coding style, added documentation. 2009-02-27 Felix Wolfsteller Support for per-host password based local checks. Yet ignored because ssh_func.inc will always try the key-based method. NOTE: You need the latest version of openvas-libraries to compile and the latest Client + the ssh_authorization.nasl that was sent to openvas-devel to test. * openvasd/attack.c (fill_host_kb_ssh_credentials): Set password in kb if specified. 2009-02-25 Felix Wolfsteller * openvasd/save_kb.c (kb_dirname): use GLibs build_filename (code was already accidentially commited in last commit but not accessible) and return gchar instead of manual path construction and char*. * openvasd/save_kb.c (kb_fname): respect new return type of kb_dirname, free by g_free, corrected comment. 2009-02-25 Felix Wolfsteller More Reformatting and documentation for save_kb module, enabled doc generation for ENABLE_SAVE_KB guarded code parts. * openvasd/save_kb.c: Documentation and reformatting works. * doc/Doxyfile, doc/Doxyfile_full: Use a PREDEFINE for ENABLE_SAVE_KB to generate more documentation. 2009-02-25 Michael Wiegand Added support for parsing multiple results per OVAL result file, made call to ovaldi compatible to ovaldi 5.5.x. * oval_plugins.c (start_element, end_element): Added support for multiple results. (ovaldi_launch): Added support for communicating multiple results to client. Improved result string handling. Free memory we no longer need. 2009-02-24 Michael Wiegand Added support for parsing multiple definitions per OVAL file, made XML parsing more robust. Please note that the usefulness of this change is limited at the moment, since support for multiple results and updated ovaldi support is not yet present in the code, but expected to arrive shortly. * oval_plugins.c (start_element, text, end_element): Made XML parsing more stateful and robust. (text): Fix to remove superflous whitespaces in definition titles. (ovaldi_launch): Temporarily included dummy values in OVAL system_info element for testing. 2009-02-19 Felix Wolfsteller Set default value for Silent Dependencies to 'No'. Naive users otherwise might miss some security issues due to suppression of messages coming from the server through NVTs that other NVTs just depend on. * openvasd/preferences.d: Set default value for silent_dependencies to 'no'. 2009-02-19 Felix Wolfsteller * openvasd/preferences.d: Documentation and minor formatting. Added a FIXME about possible conflict with a new scan overiding preference values of running scans. 2009-02-17 Michael Wiegand * openvasd/preferences.c (preferences_new): Fixed minor spelling errors in comments of newly created preferences files. 2009-02-17 Michael Wiegand Post release version bump. * VERSION: Set to 2.0.2.SVN. * doc/Doxyfile, doc/Doxyfile_full: Set PROJECT_NUMBER to 2.0.2.SVN. 2009-02-17 Michael Wiegand Preparing the openvas-server 2.0.1 release. * CHANGES: Updated. * README: Extended instructions for server setup. * ChangeLog: Tidied. * VERSION: Set to 2.0.1. * doc/Doxyfile, doc/Doxyfile_full: Set PROJECT_NUMBER to 2.0.1. 2009-02-17 Felix Wolfsteller Minor documentation added / transformed into agreed format. K&R function declarations replaced. * openvasd/nasl_plugins.c, openvasd/utils.c, openvasd/utils.h, openvasd/shared_socket.c, openvasd/oval_plugins.c, openvasd/pluginload.h : Replaced some K&R function declarations, reformatted or added minor documentation blocks. * ChangeLog: Fixed misleading and wrong entry of last commit. 2009-02-17 Felix Wolfsteller * openvasd/preferences.c (preferences_plugin_timeout): Use g_strdup_printf instead of malloc + printf. 2009-02-17 Felix Wolfsteller * openvasd/preferences.c: Partly reformatted and doc * openvasd/preferences.c (preferences_plugin_timeout): (fully) reformatted + doc. 2009-02-13 Felix Wolfsteller * openvasd/openvasd.c: In mainpage doc, corrected section name. 2009-02-13 Felix Wolfsteller * openvasd/openvasd.c: Added mainpage directive for code documentation. Included README and LICENSE files in the mainpage. 2009-02-13 Felix Wolfsteller Replaced outdated INSTALL by slightly more verbose README. * INSTALL: Removed. Information was few and outdated. Superseded by README. * README: New. Contains installation and set-up instructions. * MANIFEST: Updated (-INSTALL +README). 2009-02-13 Felix Wolfsteller Format and doc in openvasd module. * openvasd/openvasd.c: Transformed function headers, replaced static var from middle of file to beginning of file, transformed comments. 2009-02-13 Michael Wiegand * openvasd/pluginload.c (plugins_reload_from_dir): Don't try to split include_folders if there is no such preference. 2009-02-13 Jan-Oliver Wagner * openvasd/pluginscheduler.c (hash_fill_deps): Improved warning message to avoid misinterpretation. * openvasd/shared_socket.c (shared_socket_process): Improved documentation. * openvasd/pluginlaunch.c (read_running_processes): Write a log entry in case of process_internal_msg fails. * Makefile: Renamed old target "doc" to "man" to avoid having two targets "doc". 2009-02-12 Jan-Oliver Wagner * doc/Doxyfile, doc/Doxyfile_full: New. Directives for creation of doxygen source code documentation. * Makefile: Added targets "doc" and "doc-full". * MANIFEST: Updated. 2009-02-12 Felix Wolfsteller Repaired resolution of Default or pattern- defined logins per host, printf Debug- messages. * openvasd/attack.c (fill_host_kb_ssh_credentials): Check if login is registered under keys before resolution, debug messages. * openvasd/attack.c (pattern_matches): printf debug messages. 2009-02-12 Felix Wolfsteller Resolved bug when per-target ssh login information was already added in an arglist, has to be set be become replaced. * openvasd/ntp_11.c (build_global_sshlogin_info_map, build_global_host_sshlogins_map): If value alread found in arglist replace it. 2009-02-10 Michael Wiegand * openvasd/pluginload.c (plugins_reload_from_dir): Add support for multiple, colon-separated include_folders in the preferences. 2009-02-10 Tim Brown * packaging/debian/control, packaging/debian/changelog, packaging/debian/openvas-server.templates, packaging/debian/po/gl.po, packaging/debian/po/cs.po, packaging/debian/po/pt_BR.po, packaging/debian/po/es.po, packaging/debian/po/fr.po, packaging/debian/po/eu.po, packaging/debian/po/nl.po, packaging/debian/po/sk.po, packaging/debian/po/vi.po, packaging/debian/po/templates.pot, packaging/debian/po/pt.po, packaging/debian/po/ru.po, packaging/debian/po/sv.po, packaging/debian/po/de.po: Updated following translation efforts by debian-l10n-english team as part of the Smith review project. 2009-02-09 Felix Wolfsteller Documentation and reformatting of shared_socket module. * openvasd/shared_socket.c: Donated return types in function declarations an own line, removed whitespaces, minor documentation. * openvasd/shared_socket.c (openvasd_shared_socket_acquire): Reformatted. 2009-02-06 Jan-Oliver Wagner * openvasd/preferences.c (preferences_new): Added default for config parameter "include_folders". It is set to the plugins_folder to be compatible by default with older version of openvasd. * openvasd/pluginload.c: Added include for nasl.h. (plugins_reload_from_dir): Initialize include paths. 2009-02-05 Felix Wolfsteller Basic support for glob-style pattern definitions within the hostname --> sshlogin mapping. (CR #20, http://www.openvas.org/openvas-cr-20.html) * openvasd/attack.c (is_pattern): New, copied from clients nvt_pref_sshlogin, TRUE if string contains '*' or '?'. * openvasd/attack.c (pattern_matches): New, GHashTable- find- predicate. * openvasd/attack.c (fill_host_kb_ssh_credentials): Now tries if any pattern matches the hostname before falling back to Default login. 2009-02-05 Felix Wolfsteller Refactoring and documentation in attack.c. Minor formatting changes. In preparation of pattern definitions for hostname --> sshlogin mapping. (CR #20, http://www.openvas.org/openvas-cr-20.html) * openvasd/attack.c (attack_init_hostinfos): Documented. * openvasd/attack.c (fill_host_kb_ssh_credentials): New, extracted from init_host_kb. * openvasd/attack.c (init_host_kb): Adjusted to call new method fill_host_kb_ssh_credentials. * openvasd/attack.c (attack_host): Minor formatting changes. 2009-02-02 Felix Wolfsteller Cosmetics in the rules module. * openvasd/rules.h: Documentation and formatting of rules struct. * openvasd/rules.c (rules_get_fname): Removed unneeded forward decl. Documentation, K&R func decl. replaced. * openvasd/rules.c (get_host_rules): K&R func decl. replaced., indentation. * openvasd/rules.c (rules_free): K&R func decl. replaced. 2009-01-27 Jan-Oliver Wagner * openvasd/pluginload.c (collect_nvts): Fixed a bug: Now subdir paths are correctly assembled and stored. 2009-01-27 Jan-Oliver Wagner Introduce a new collection method for NVTs in the plugins folder. Now, it is recursed into subdirectories. As a side effect, the counting of NVTs is ow fixed: The correct total number of NVTs is shown during cache-building. * openvasd/pluginload.c (collect_nvts): Collects all files in a directory and recurses into subdirectories. (plugins_reload_from_dir): Use collect_nvts() instead of doing it on its own with glibc API. Also use g_str_has_suffix() for determining the plugin type instead of doing it on its own with glibc string commands. 2009-01-27 Felix Wolfsteller Fixed SSH key file insertion into per-target knowledge- base. Scripts require the actually file content, not only the path. * openvasd/attack.c (init_host_kb): Does not set filename but file- contents in the knowledge base. 2009-01-27 Michael Wiegand * openvasd/oval_plugins.c (oval_plugin_add): Add missing path to cache file. 2009-01-25 Jan-Oliver Wagner * openvasd/pluginload.c (plugins_reload_from_dir): Instead of homebrew "struct files", now uses glibs' GSList. (struct files, MAXFILES, files_init, files_add, files_walk, files_close): Removed. 2009-01-25 Jan-Oliver Wagner * openvasd/openvasd.c (server_thread): Removed calling of plugins_reload_user. Per-user plugins are not a feature anymore. * openvasd/pluginload.c (plugins_reload_user): Removed. This function was a remainder from the plugin-upload feature which has been removed. * openvasd/pluginload.h: Removed proto accordingly. 2009-01-23 Felix Wolfsteller When the knowledge base for a host is initialized, look up the "Default" value for an ssh-account if no specific found. * openvasd/attack.c (init_host_kb): Looks up the account- name for the "Default" host, if none for hostname was found. 2009-01-23 Jan-Oliver Wagner Removing unused and unneeded module "dirutils.c". * openvasd/dirutils.c: Removed. * openvasd/Makefile: Removed handling for dirutils. * MANIFEST: Updated. 2009-01-23 Jan-Oliver Wagner Implement feature to allow to specify a specific directory for the .desc cache files. Defaults to /var/cache/openvas. No write access should be allowed to /lib/openvas/plugins eventually. However, compatibility is kept with older versions of openvasd.conf: In the absense of cache_folder definition in openvasd.conf, the old style is applied. It is highly recommended to specific "cache_folder" in openvasd.conf and remove old cache ("plugins_folder"/.desc). This change was derived from patches from Stjepan Gros. * openvasd/preferences.c (preferences_new): Added "cache_folder" with default. * configure.in, openvas.tmpl.in: add handling of OPENVASD_CACHE. * Makefile: Create configure cache dir during install * configure: updated. 2009-01-23 Jan-Oliver Wagner * openvasd/openvasd.c (init_openvasd): First try "cache_folder" preference for cache folder. Fall back to old folder (plugins_folder/.desc). 2009-01-22 Jan-Oliver Wagner * openvasd/nasl_plugins.c (nasl_plugin_add, nasl_thread): Use exec_nasl_script instead of execute_nasl_script. Subsequently, remove any handling of the unneeded cache_dir. 2009-01-22 Jan-Oliver Wagner * configure.in: Upgraded dependency for openvas-libraries and openvas-libnasl both to 2.0.1 2009-01-20 Felix Wolfsteller When the knowledge base for a host is initialized, look up any ssh credentials information (that should be accessible if a nvt with a PREF_SSH_CREDENTIALS preference was available to the client and the user did specify the information). * openvasd/attack.c (init_host_kb): Comment added, empty newline removed. Looks up the hostname and user-defined login- account for the current host. Then adds "Secret/SSH/*" entries with this information to the knowledge base of the current host. 2009-01-20 Felix Wolfsteller * openvasd/ntp_11.c (files_add_translation): Commented, replaced K&R function declaration. 2009-01-20 Felix Wolfsteller Parses the files that the client might sent if a plugin with a 'special' preference (PREF_SSH_CREDENTIALS) requested it. !Note that you need a recent openvas-libraries install to be able to compile! * openvasd/ntp_11.c (build_global_host_sshlogins_map): New. Parses the .host_logins file sent by the client and stores the mapping of user-defined login-account names to hostnames in the global arglist for later (per-host) lookup. * openvasd/ntp_11.c (build_global_sshlogin_info_map): New. Parses the .logins file sent by the client and stores the mapping of user-defined login-account names to openvas_ssh_login structs for later lookup and extraction of per-host login information. * openvasd/ntp_11.c (ntp_11_recv_file): Commented, calls the new methods accordingly if a file with the appropriate name has been received. 2009-01-20 Michael Wiegand * openvas-adduser.in, openvas-mkcert.in, openvas-mkcert-client.in, openvas-rmuser.in: Make gettext usage more robust; previous versions expected gettext.sh to be in /usr/bin which is not always the case. This resolves bug #860 (http://bugs.openvas.org/). 2009-01-19 Michael Wiegand * openvasd-config.in: Added support for retrieving the sbindir of an OpenVAS installation. 2009-01-19 Michael Wiegand * Makefile: Fixed permissions for openvas/gnupg directory. 2009-01-16 Felix Wolfsteller Cosmetics (reformatted ntp_11_recv_file, docs). * openvasd/ntp_11.c (ntp_11_recv_file): Reformatted. * openvasd/ntp_11.c: Tiny doc improvements. 2009-01-15 Michael Wiegand * openvasd-config.in: Added support for retrieving the sysconfdir and libdir of an OpenVAS installation. 2009-01-12 Jan-Oliver Wagner * openvasd/openvasd.c (main): Removed exit-upon-nonroot, because there is no reason why only root should start the server. It works well except for those operation where root privileges are needed. In cases where privileges are not sufficient, the log file will contain respective notes. * openvas-mkcert.in, openvas-adduser.in: Don't have it mandatory to be root. 2009-01-12 Felix Wolfsteller Cosmetics (reformatted ntp_11_recv_file, docs). * openvasd/ntp_11.c (ntp_11_recv_file): Reformatted. * openvasd/ntp_11.c: Reformatted. 2009-01-12 Felix Wolfsteller Refactoring attack method. * openvasd/attack.c (launch_plugin): Changed int to gboolean parameter, doc. * openvasd/attack.c (init_host_kb): New method, extracted from attack_host, comments, documentation. * openvasd/attack.c (attack_host): Changed new_kb to be gboolean, extracted init_host_kb function. 2009-01-07 Felix Wolfsteller * openvasd/attack.c (attack_host): Removed local unused variable kb_restored. 2009-01-07 Felix Wolfsteller * openvasd/attack.c (attack_host, attack_start): Reformatted. * openvasd/attack.c (attack_network): Remoded local unused variable return_code, added comment. 2009-01-07 Felix Wolfsteller Comment style transformed to JavaDoc style, duplicate code found and TODOs added. * openvasd/save_kb.c: Transformed comments to JavaDoc style, minor improvements, added note about code duplicates in save_tests.c. * openvasd/save_tests.c: Added note about code duplicate in save_kb.c. 2009-01-05 Felix Wolfsteller * openvasd/attack.c (attack_network, launch_plugin) : Replaced tabs by spaces, repaired indentation & newlines, ready for refactoring. 2009-01-02 Jan-Oliver Wagner * openvasd/openvasd.c (server_thread): Removed initialization of user-specific store (which happened after the fork) and lead to create of directory ".desc" in the /var/lib/openvas/users/USER/plugins. This code are remains of the unsecure feature of plugin upload. Apart from this, the OpenVAS Server should eventually not be responisble anymore for user-specific data storage. 2009-01-02 Michael Wiegand * include/config.h.in, openvasd/openvasd.c: Changed OPENVASD_IANA_OTP_PORT to OPENVAS_IANA_OTP_PORT. 2009-01-02 Michael Wiegand Modified openvasd to use the freshly allocated IANA port 9390 instead of the Nessus port 1241. * include/config.h.in: Removed NESIANA_PORT define, added OPENVASD_IANA_OTP_PORT define. Updated IANA URL. * openvasd/openvasd.c: Changed to use OPENVASD_IANA_OTP_PORT, fixed references to port 1241 in comment. * doc/openvasd.8.in: Mention that the default port is now 9390. * openvas-services: Added otp on port 9390 to the list of known services. * packaging/debian/openvas-server.default: Changed Debian defaults to 9390. * packaging/debian/README.Debian: Mention that the default port in 9390. 2009-01-02 Michael Wiegand * ltmain.sh: Removed since libtool is not used in the build process. * Makefile: Removed obsolete references to libtool. 2008-12-30 Felix Wolfsteller * openvasd/attack.c: Replaced K&R header, added comment to attack_host. 2008-12-30 Felix Wolfsteller * openvasd/attack.c: Replaced K&R header, added comment to attack_host. 2008-12-30 Felix Wolfsteller * openvasd/attack.c: Transformed comments to Javadoc style. 2008-12-29 Felix Wolfsteller * openvasd/otp_1_0.c: Applied patch from Hanno Böck to remove unwanted gpgme.h include. * openvasd/otp_1_0.c (client_request_t otp_1_0_get_client_request): Documented, removed K&R header. * openvasd/otp_1_0.c (otp_1_0_server_openvas_version): Double starred comment. 2008-12-26 Joey Schulze * packaging/debian/copyright: Added Martin Bagge as new translator * packaging/debian/changelog: Import changelog from 1.0.2-5 2008-12-23 Michael Wiegand * packaging/debian/po/sv.po: Updated Swedish translation as suggested by Martin Bagge. 2008-12-20 Tim Brown * openvas.tmpl.in, ssl/Makefile: Honour LDFLAGS. 2008-12-18 Tim Brown * openvas.tmpl.in: Honour CFLAGS. 2008-12-17 Michael Wiegand Post release version bump. * VERSION: Set to 2.0.1.SVN. 2008-12-17 Michael Wiegand Preparing the openvas-server 2.0.0 release. * CHANGES: Updated. * VERSION: Set to 2.0.0. 2008-12-16 Michael Wiegand Updated build environment to use an up-to-date libtool version. * config.guess, config.sub, ltmain.sh, configure: Regenerated. 2008-12-15 Jan-Oliver Wagner * openvasd/openvasd.c (init_openvasd): Removed code path for condition ENABLE_PLUGIN_SERVER which was never true and thus never executed. 2008-12-13 Joey Schulze * packaging/debian/changelog: Added changelog entry from the recently uploaded Debian package * packaging/debian/po/de.po, packaging/debian/po/cs.po, packaging/debian/po/es.po, packaging/debian/po/fr.po, packaging/debian/po/gl.po, packaging/debian/po/nl.po, packaging/debian/po/pt.po, packaging/debian/po/pt_BR.po, packaging/debian/po/sv.po, packaging/debian/po/templates.pot: Updated PO files after debconf-updatepo and adjusting new fuzzy translations * doc/openvasd.8.in: Fix broken comment * packaging/debian/openvas-server.prerm: Add switch to make script fail in case of errors * packaging/debian/openvas-server.postinst: Switch shell to bash to be compliant with bashisms * packaging/debian/copyright: Reworked copyright file 2008-12-05 Michael Wiegand Post release version bump. * VERSION: Set to 2.0.0.rc2.SVN. 2008-12-05 Michael Wiegand Preparing the openvas-server 2.0-rc1 release. * CHANGES: Updated. * VERSION: Set to 2.0.0.rc1. 2008-12-05 Michael Wiegand * openvasd/processes.c (create_process): Ignore warning about srand48 not being random enough; it is random enough for our purposes. * openvasd/pluginload.c (files_init, files_close): Ignore warnings about srand not being random enough; see above. 2008-12-05 Michael Wiegand * openvasd/comm.c (send_plug_info): Fixed insufficient memory allocation which could have caused a buffer overflow when trying to assemble the plugin_info string for NVTs with long CVEs, BIDs, XRefs and Tags. Made memory allocation more transparent. Ignore strcat warnings since enough memory is allocated beforehand now. Ignore snprintf warning since systems able to compile and run will most likely not use libc4.[45], where snprintf usage is a potential security issue. 2008-12-03 Michael Wiegand Implementing CR #22 (New script_tag Command, http://www.openvas.org/openvas-cr-22.html). * openvasd/comm.c (send_plug_info): Added support for sending NVT tags to client. 2008-12-02 Felix Wolfsteller * openvasd/comm.c : Repaired sending NOXREF, NOCVE, NOBID, NOSIGNKEY if none found (instead of empty string). 2008-12-02 Felix Wolfsteller * openvasd/comm.c : Comments added. 2008-11-28 Joey Schulze * packaging/debian/openvasd.conf: Disable signature check 2008-11-27 Joey Schulze * packaging/debian/openvas-server.postinst: Corrected server restart (init file was renamed from openvasd to openvas-server some revisions earlier) 2008-11-21 Joey Schulze Sync with Debian packaging as uploaded to ftp-master * packaging/debian/control: Adjust uploaders, add section for openvas-server and -dev * packaging/debian/changelog: Add changelog records for versions 1.0.2-1, 1.0.2-2 and 1.0.2-3 2008-11-19 Tim Brown * packaging/debian/changelog: Updated. * packaging/debian/control: Adjusted dependencies to use beta2 versions of the libraries. 2008-11-19 Joey Schulze * packaging/debian/openvas-server.install: Removed reference to openvas-check-signature.1 that was removed 2008-11-19 Michael Wiegand * packaging/debian/copyright: Added missing Intevation copyright. 2008-11-18 Michael Wiegand Fixing version requirements for glib as pointed out by atomicturtle. * configure.in: Updated glib requirements to >= 2.6.0 * configure: Regenerated. * aclocal.m4: Regenerated to update PKG_CHECK_MODULES. 2008-11-17 Felix Wolfsteller * openvasd/ntp_11.c: comment added. * openvasd/comm.c (comm_send_preferences): Comment, sending nasl_no_signature_check as server pref to client. 2008-11-14 Michael Wiegand Post release version bump. * VERSION: Set to 2.0.0.beta3.SVN. 2008-11-14 Michael Wiegand Preparing the 2.0-beta2 release. * VERSION: Set to 2.0.0.beta2. * MANIFEST: Updated. * CHANGES: Updated. 2008-11-14 Michael Wiegand * openvas.tmpl.in, openvas-adduser.in, openvas-mkcert-client.in, openvas-rmuser.in: Added datarootdir to remove configure warning and to be compatible with autoconf 2.60 (see http://www.gnu.org/software/libtool/manual/autoconf/Changed-Directory-Variables.html). 2008-11-14 Michael Wiegand Applying patch provided by Stjepan Gros to update Makefile target and to improve code readability. * openvasd/openvasd.c (init_openvasd): Minor reformattings. * openvasd/Makefile: Remove openvasd-config when distclean target is invoked. 2008-11-14 Michael Wiegand Applying patch provided by Stjepan Gros to eliminate compiler warnings. * openvasd/oval_plugins.c (oval_plugin_add, ovaldi_launch): Minor reformattings, changes to eliminate compiler warnings. * openvasd/otp_1_0.c (otp_1_0_server_send_certificates): Casting to eliminate compiler warning. 2008-11-14 Michael Wiegand * openvasd/oval_plugins.c (ovaldi_launch): Re-added G_SPAWN_SEARCH_PATH flag to g_spawn_sync call since it was lost in rev 1703. 2008-11-13 Felix Wolfsteller * openvasd/otp_1_0.c (otp_1_0_server_send_certificates) : closed mem leak. 2008-11-12 Michael Wiegand Applying patch provided by Stjepan Gros to improve 64-bit cleanliness. * openvasd/nasl_plugins.c, openvasd/ntp_11.c, openvasd/attack.c, openvasd/save_kb.c, openvasd/openvasd.c, openvasd/nes_plugins.c, openvasd/pluginload.c, openvasd/save_tests.c, openvasd/comm.c, openvasd/pluginscheduler.c: 32/64-bit cleanups, introduced glib. 2008-11-12 Felix Wolfsteller Work on Change Request #17 (http://www.openvas.org/openvas-cr-17.html - "OTP: Make NVT signatures available to OpenVAS-Client"). Certificate information sending functionality improved. Sends real information, not dummystrings. ATTENTION: needs openvas-libnasl rev. 1702 to compile smoothly. * configure.in : Macros for gpgme public key support added. * include/config.h.in : undef _FILE_OFFSET_BITS for AC_SYS_LARGEFILE * configure : regenerated. * openvasd/otp_1_0.h : proto added. * openvasd/otp_1_0.c (otp_1_0_server_send_certificates) : nasl, glib includes. Does send real information, not dummystrings. * openvasd/ntp_11.c : removed interpretation of a void return. * openvasd/oval_plugins.c : Includes ordered and missing ones added. * ChangeLog : shamefully changed typos with my own email adress. 2008-11-12 Michael Wiegand * configure.in: Added AC_PREREQ directive to tell autoconf to generate a 2.50-style configure script. * configure: Regenerated. 2008-11-12 Michael Wiegand * openvasd/oval_plugins.c: (child_setup) Implemented privilege dropping before calling ovaldi. (ovaldi_launch) Improved parsing of RPM package list. 2008-11-10 Michael Wiegand * configure.in: Include version requirements in glib error string as pointed out by Jon Bebeau. * configure: Regenerated. 2008-11-10 Michael Wiegand Removed openvas-check-signature since signature verification can now be done with existing third-party tools like gnupg. Additionally, openvas-check-signature was the last executable to depend on the local copies of getopt which is no longer provided by openvas-libraries. * openvasd/openvas-check-signature.c: Removed. * openvasd/Makefile: Removed handling of openvas-check-signature. * include/config.h.in: Removed obsolete getopt defines. * doc/openvas-check-signature.1: Removed documentation of openvas-check-signature. * MANIFEST: Updated. * Makefile: Updated. 2008-11-07 Felix Wolfsteller * openvasd/nasl_plugins: Removed printfs. * openvasd/otp_1_0.c (otp_1_0_server_send_certificates): Extended dummy string, slightly better error msg. * oopenvasd/oval_plugins.c (oval_plugin_add): Check certificates, add fingerprint string. * oopenvasd/oval_plugins.c (oval_plugin_launch): TODO added to avoid execution of unsigned plugins, if server preference is set. 2008-11-06 Felix Wolfsteller * openvasd/otp_1_0.c (otp_1_0_server_send_certificates): Fixed bug (wrong type released) that caused definite server crash. 2008-11-06 Michael Wiegand * openvasd/oval_plugins.c (ovaldi_launch): Added G_SPAWN_SEARCH_PATH flag to g_spawn_sync call. 2008-11-05 Michael Wiegand * openvasd/attack.c (launch_plugin): Use OIDs instead of IDs when logging information about NVT execution to KB. 2008-11-05 Felix Wolfsteller Work on Change Request #17 (http://www.openvas.org/openvas-cr-17.html - "OTP: Make NVT signatures available to OpenVAS-Client"). Replaced sending of dummy certificate key oids by "real" fingerprints. Sends dummy certificate information. * openvasd/nasl_plugins.c (nasl_plugin_add): Replaced the dummy string for certificate fingerprints by real value from store / certificate file, corrected behaviour for missing signature files. * openvasd/otp_1_0.c: Added gpgme dependency and a dummy strings for the cerrtificate sending. * openvasd/comm.d (send_plug_info): increased size of buffer to send pl. 2008-11-04 Michael Wiegand * configure.in: Updated version requirements for -libraries and -libnasl. 2008-10-31 Felix Wolfsteller Steps to an implementation of Change Request #17 (http://www.openvas.org/openvas-cr-17.html - "Make NVT signatures available to OpenVAS-Client"). Uses the new field "sign_key_ids" of plugin-structures and the .desc store. Until soon, just a dummy- string will be used and eventually transmitted by the server. IMPORTANT: Breaks compatibility and renders old server .desc- cache files useless. You will need an openvas-libraries revision >= 1654 in order to compile and a client of revision >= 1654 in order to work with the server. There might be problems with transmitting OVAL plugins to the client. * openvasd/nasl_plugins.c (nasl_plugin_add) : Set a dummy key_ids- string, improved readability (a bit). * openvasd/pluginload.c: Typo in comment fixed. * openvasd/oval_plugins.c: Stated a FIXME and removed unreachable NULL return. * openvasd/otp_1_0.h: Added CREQ_CERTIFICATES symbol. * openvasd/otp_1_0.c (otp_1_0_get_client_request, otp_1_0_server_send_certificates): Added CREQ_CERTIFICATES parsing and a method stub to send the certificates. * openvasd/otp_1_0.c (ntp_11_parse_input): Handling of CREQ_CERTIFICATES added. * openvasd/comm.c (send_plug_info): Sends the additional key_ids field. * openvasd/comm.c (comm_setup_plugins): Comment and use of symbol instead of numeral. 2008-10-31 Felix Wolfsteller * openvasd/nasl_plugins.c (nasl_plugin_add): Replaced obsolete ID check by OID check (might have excluded id-less scripts), added comment. 2008-10-17 Felix Wolfsteller * openvasd/nsp.h: Removed. Contained include guard and gpl only. * Manifest: Updated (removed openvasd/nsp.h). 2008-10-12 Tim Brown * configure: Refreshed auto* (aclocal && autoconf) as ./configure was barfing. * configure, configure.in: GLIB needs to be quoted when we pass it to PKG_CHECK_MODULES in configure.in, otherwise m4 tries to expand it. * Makefile: Now makes $localstatedir/openvas/private/CA * packaging/debian/changelog: Updated. * packaging/debian/copyright: Updated with details of translators. * packaging/debian/rules: Cleaned up. * packaging/debian/README.Debian: Updated. * packaging/debian/control: Updated standards version. Adjusted dependencies to use libopenvas2-dev and libopenvasnasl2-dev. * packaging/debian/openvas-server.default: Changed defaults so that it listens on 1241 on 127.0.0.1 by default. * doc/openvasd-config.1: Added to keep lintian quiet. * packaging/debian/openvas-server-dev.dirs, openvas-server-dev.install, Makefile: Updated. 2008-10-01 Michael Wiegand * openvasd/oval_plugins.c: Changed to set OIDs exclusively; setting IDs as a workaround for NTP is no longer required. 2008-10-01 Michael Wiegand * doc/otp_specification_10.txt: Removed; the specification for OTP has been updated and moved to the OpenVAS compendium. * MANIFEST: Updated. 2008-09-25 Michael Wiegand Post release version bump. * VERSION: Set to 2.0.0.beta2.SVN 2008-09-25 Michael Wiegand Doing the 2.0-beta1 release. * VERSION: Set to 2.0.0.beta1 * CHANGES: Updated. 2008-09-25 Michael Wiegand * openvasd/oval_plugins.c (ovaldi_launch), openvasd/dirutils.c (init_directories): Changed unsafe uses of sprintf to use snprintf with the correct buffer sizes. 2008-09-25 Michael Wiegand * MANIFEST: Updated. 2008-09-25 Michael Wiegand * openvasd/oval_plugins.c: Added notice regarding running ovaldi with reduced privileges. 2008-09-23 Jan-Oliver Wagner * openvasd/comm.c (comm_init): Removed setting of scan_ids and pubkey_auth. 2008-09-23 Jan-Oliver Wagner * openvasd/openvasd.c (server_thread): Removed conditional for ntp_11, because this is standard for otp. * openvasd/comm.c (comm_init): Removed setting of ntp_11. (comm_wait_order): Removed conditional for ntp_11, because this is standard for otp. * openvasd/Makefile: Removed module ntp_10. * openvasd/ntp_10.h, openvasd/ntp_10.c: Removed. The only method defined there is not needed anymore since no ntp_10 fallback does make sense with otp. 2008-09-22 Jan-Oliver Wagner * openvasd/ntp_11.c (ntp_11_parse_input): Replaced call of ntp_11_prefs() by calling ntp_11_read_prefs() for PREFERENCES command. ntp_11_prefs does nothing relevant except calling ntp_11_read_prefs. (ntp_11_prefs): Removed. It only handled escape_crlf which is fixed to true for OTP. * openvasd/attack.c (attack_network): Removed retrieval of ntp_caps as these are not used here anyway. * openvasd/comm.c (comm_init): Removed any consideration of ntpcaps element "plugins_xrefs", "timestamps" and "ciphered". 2008-09-19 Michael Wiegand * openvasd/ntp_11.c (ntp_11_prefs, ntp_11_send_prefs_errors): Removed support for PREFERENCES ERROR message type as it was never properly implemented and is now obsolete. * openvasd/comm.c (plugin_send_infos): Tidied up plugin search code, fixed possible bug where an plugin would have not been found if it was the last plugin in the list. 2008-09-17 Michael Wiegand Changed communication protocol to use OTP exclusively now. Removed the last instances of dynamic protocol extension selection. * openvasd/openvasd.c (server_thread): Ignore obsolete capabilities fast_login (gone from client) and md5_caching (default now). * openvasd/comm.c: (extract_extensions) Removed. Protocol features are no longer supported. (comm_init) Removed handling of NTP 1.0, 1.1 and 1.2 and added handling of OTP 1.0. Moved remaining default options from extract_extensions to comm_init. Changed log message to be more descriptive. 2008-09-16 Michael Wiegand Optimized plugin selection with OIDs. Selection is now considerably faster. * openvasd/comm.c: (qsort_cmp) Comparator now compares OIDs instead of IDs. (_get_plug_by_id) Removed. (_get_plug_by_oid) Adapted from _get_plug_by_id to use OIDs. (get_plug_by_id) Removed. (get_plug_by_oid) Adapted from get_plug_by_id to use OIDs. (comm_setup_plugins) Re-enabled plugin sorting. 2008-09-15 Michael Wiegand Fixes to re-enable plugin loading after the OID changes. Please note that the selection of the plugins chosen by the user at the start of a new scan is _very_ slow at the moment since the plugin retrieval function is not yet optimized. * openvasd/nasl_plugins.c (nasl_plugin_launch): Call preferences_plugin_timeout with OID instead of ID. * openvasd/plugs_hash.c (plugins_send_md5_byid): Send OID instead of ID when sending MD5 hashes for plugin. (plugins_send_md5): Removed handling of obsolete md5_by_name capability. * openvasd/comm.c: Added new get_plug_by_oid function to retrieve plugins based on OID. Note that this makes plugin selection _very_ slow at the moment since the ID based optimized retrieval could no longer be used. (comm_setup_plugins) Changed to parse and use OIDs instead of IDs. 2008-09-11 Javier Fernandez-Sanguino * po/README: Typo fix. 2008-09-10 Michael Wiegand Make the plugin timeout settings use OID instead of ID. * openvasd/preferences.c (preferences_plugin_timeout): Changed to use OIDs. * openvasd/preferences.h: Adjusted function declaration. * openvasd/pluginlaunch.c (plugin_launch): Call preferences_plugin_timeout with OID instead of ID. 2008-09-05 Jan-Oliver Wagner Make the command PLUGIN_LIST send OIDs instead of old IDs. Make the PLUGIN_INFO command be interpreted with OIDs instead of IDs. * openvasd/comm.c (send_plug_info): Changed behaviour that in case there is no OID, the plugin is not sent and instead a log message is issued. Previously the ID "1" was applied. Send OID instead of old ID. (plugin_send_infos): Now takes char * oid as second parameter instead of int id. * openvasd/comm.h: Changed proto for plugin_send_infos accordingly. * openvasd/ntp_11.c (ntp_11_parse_input): Call plugin_send_infos with its new API. 2008-09-09 Michael Wiegand Adding preliminary support for OVAL definitions. Second step for change request #13 (Integrating the OVAL interpreter ovaldi into OpenVAS Server) (http://www.openvas.org/openvas-cr-13.html) * openvasd/oval_plugins.c: First usable proof-of-concept integration of OVAL definitions into OpenVAS. 2008-09-08 Michael Wiegand * openvasd/comm.c (extract_extensions): Removed superfluous else that broke compilation. 2008-09-05 Jan-Oliver Wagner Making protocol extension "timestamps" standard. * openvasd/ntp_11.c (__ntp_1x_timestamp_scan, __ntp_1x_timestamp_scan_host): Removed conditional for timestamps. * openvasd/comm.c (extract_extensions): Removed conditional for "timestamps", it is standard now. * doc/otp_specification_10.txt: Updated to described that protocol extension "timestamps" has been made standard. 2008-09-02 Michael Wiegand * openvas-services: Fixed changes from rev 83 that caused the server to not report the appropriate port for the service when an open port 1241 was detected. 2008-09-01 Jan-Oliver Wagner Making protocol extension "plugins_version", "plugins_cve_id", "plugins_bugtraq_id" and "plugins_xrefs" standard. * openvasd/comm.c (extract_extensions): Removed handling of "plugins_version" "plugins_cve_id", "plugins_bugtraq_id" and "plugins_xrefs" extension. (send_plug_info): Always send NVT version, CVE ID, Bugtraq ID and cross references. * doc/otp_specification_10.txt: Updated to described that protocol extension "plugins_version", "plugins_cve_id", plugins_bugtraq_id" and "plugins_xrefs" have been made standard. 2008-09-01 Jan-Oliver Wagner Making protocol extension "dependencies" standard. * openvasd/comm.c (extract_extensions): Removed handling of "dependencies" extension. * openvasd/openvasd.c (server_thread): Always send dependencies. * doc/otp_specification_10.txt: Updated to described that protocol extension dependencies has been made standard. 2008-08-31 Jan-Oliver Wagner Remove NEW_ATTACK command. * openvasd/ntp_11.c (ntp_11_new_attack): Removed. * openvasd/otp_1_0.c (otp_1_0_get_client_request): Removed NEW_ATTACK handling. * openvasd/otp_1_0.h: Removed CREQ_NEW_ATTACK. 2008-08-31 Jan-Oliver Wagner * openvasd/otp_1_0.c (otp_1_0_get_client_request): New method. * openvasd/otp_1_0.h: Added proto for otp_1_0_get_client_request and added client_request_t. * openvasd/ntp_11.c (ntp_11_parse_input): Reorganized parsing into a switch-case design. This simplified the code and several memory leaks were eliminated. 2008-08-30 Jan-Oliver Wagner Start the otp 1.0 module with a first simple method. * doc/otp_specification_10.txt: Added documentation of OPENVAS_VERSION command. * openvasd/otp_1_0.h, openvasd/otp_1_0.c: New. This module will implements OTP 1.0 and initially contains otp_1_0_server_openvas_version(). * openvasd/Makefile: Handle module otp_1_0. * openvasd/ntp_11.c (ntp_11_parse_input): Call otp_1_0_server_openvas_version() instead of sending text on its own. * MANIFEST: updated. 2008-08-29 Jan-Oliver Wagner * doc/kb_entries.txt: Removed those entries that could be integrated into openvas-compendium. Ordered the rest alpabetically and attached a big hint about the status of these information. 2008-08-29 Michael Wiegand Adding preliminary support for OVAL definitions. First step for change request #13 (Integrating the OVAL interpreter ovaldi into OpenVAS Server) (http://www.openvas.org/openvas-cr-13.html) * openvasd/oval_plugins.c: New. Supports a new class of plugins, namely vulnerability definitions in OVAL, the Open Vulnerability and Assessment Language. Only loading the definitions is supported as of this revision. * openvasd/Makefile: Updated. * openvasd/pluginload.c(init_plugin_classes): Added new oval_plugin_class. * openvasd/pluginload.h: Added new oval_plugin_class. * MANIFEST: Updated. 2008-08-28 Jan-Oliver Wagner Cleanup (flaten) doc directory. * doc/ntp/: Removed. It was empty now. * doc/otp/otp_specification_10.txt: Removed. Moved one directory level up. * doc/otp_specification_10.txt: Moved here from otp/ directory. * doc/otp/: Removed. It was empty now. 2008-08-28 Jan-Oliver Wagner First step of consolidating the protocol documentation finished. * doc/otp/otp_specification_10.txt: Extended and improved protocol documentation. * doc/ntp/plugin_prefs.txt, doc/ntp/ntp_extensions.txt, doc/ntp/README: Removed. All relevant information are now covered by otp_specification_10.txt. * MANIFEST: Updated. 2008-08-28 Jan-Oliver Wagner Continued consolidation of protocol documentation. * doc/otp/otp_specification_10.txt: Extended and improved protocol documentation. * doc/ntp/ntp_extensions.txt: Removed elements that are ported now covered by otp_specification_10.txt. 2008-08-27 Jan-Oliver Wagner Continued consolidation of protocol documentation. * doc/otp/otp_specification_10.txt: Extended and improved protocol documentation. * doc/ntp/ntp_extensions.txt: Removed elements that are ported now covered by otp_specification_10.txt. 2008-08-25 Michael Wiegand * openvasd/users.h: Corrected #define. 2008-08-25 Michael Wiegand * MANIFEST: Updated to include doc/openvas-mkcert-client.1. 2008-08-25 Michael Wiegand Fixes to path names used in server scripts. * openvas-mkcert-client.in: Corrected variable names. * configure.in: Changed OPENVASD_SHAREDSTATEDIR to use $localstatedir to avoid the use of the /com hierarchy. * configure: Updated. * openvas-mkcert.in: Retain proper definition of $localstatedir, removed duplicate "/lib/". 2008-08-22 Michael Wiegand * openvasd/pluginscheduler.c (hash_link_destroy): Fixed another instance of the memory management issue that resulted in a crash during scans. * openvas-adduser.in: Re-added missing prefix variables. 2008-08-22 Javier Fernandez-Sanguino * packaging/debian/README.Debian: Updated and fixed some content. 2008-08-22 Javier Fernandez-Sanguino * packaging/debian/README.Debian: Adjust the name of the init.d file. 2008-08-22 Javier Fernandez-Sanguino * packaging/debian/README.Debian: Rebranding and changes to reflect the changes in OpenVAS. 2008-08-22 Javier Fernandez-Sanguino * packaging/debian/README.Debian: Restore the notes for users. 2008-08-22 Javier Fernandez-Sanguino * Makefile: Proper use of OPENVASD_STATEDIR in the Makefile, since using localstatedir does not make sense when we already have a definition (that can be overriden by the user if needed). 2008-08-22 Javier Fernandez-Sanguino Added a manpage for openvas-mkcert-client similar to the one written for Nessus. * doc/openvas-mkcert-client.1: Added. * Makefile: Updated. 2008-08-22 Javier Fernandez-Sanguino * openvas-rmuser.in: Exit without error if no errors exist. 2008-08-22 Javier Fernandez-Sanguino * openvas-rmuser.in: Final fix for localstatedir definitions. 2008-08-22 Javier Fernandez-Sanguino * openvas-adduser.in: Retain proper definition of localstatedir, reverting the change in r150 and fixing properly the definition in the usage in the script. Changing $localstatedir to other thing different from @localstatedir@ is confusing and error prone! 2008-08-22 Javier Fernandez-Sanguino * openvas-adduser.in: Should use /var/lib/openvas instead of /var/openvas. 2008-08-22 Javier Fernandez-Sanguino * openvas-mkcert.in: Use the proper definitions to setup the location of the private and public CA keys. 2008-08-22 Javier Fernandez-Sanguino * openvas-mkcert-client.in: Have nessus-mkcert-client warn if the server certificates cannot be read (happens when you are not root). Based on patch included in Debian since nessus-core 2.2.3-1, in February 2002. 2008-08-22 Javier Fernandez-Sanguino * openvas-mkcert-client.in: Proper fix for the FHS issue, the "fix" introduced in release 150 actually made this script use /var/openvas/CA for some of the keys when it should be using /var/lib/openvas/CA instead (/var/openvas is not a FHS directory). This fix is based in the patch introduced in Debian for nessus-core (since, at least 1.2.6, 6 years ago). 2008-08-22 Javier Fernandez-Sanguino * openvasd/Makefile: Remove undefined variable. 2008-08-22 Javier Fernandez-Sanguino * packaging/debian/changelog, packaging/debian/control: Prepare for packaging of 1.0.1 version. 2008-08-22 Javier Fernandez-Sanguino * packaging/debian/po/cs.po, packaging/debian/po/de.po, packaging/debian/po/es.po, packaging/debian/po/fr.po, packaging/debian/po/gl.po, packaging/debian/po/nl.po packaging/debian/po/pt.po, packaging/debian/po/pt_BR.po, packaging/debian/po/sv.po: Manually update the debian po files (change 'nessus-mkcert' to 'openvas-mkcert') and unfuzzy the modified string in all languages. * packaging/debian/changelog: Updated. 2008-08-21 Michael Wiegand * openvasd/pluginscheduler.c (hash_add): Fixed a memory management issue that resulted in a crash during scans. 2008-08-11 Michael Wiegand First step for change request #9 (Make OpenVAS use (and depend on) glib) (http://www.openvas.org/openvas-cr-9.html) * openvasd/openvasd.c: Replaced getopt command line parsing with glib command line parsing. * openvasd/Makefile: Include Libs and Cflags for glib. * configure: Regenerated. * configure.in: Added check for glib, removed check for getopt. * openvas.tmpl.in: Added support for glib. * aclocal.m4: Added support for pkg-config. 2008-08-11 Jan-Oliver Wagner Continued consolidation of protocol documentation. * doc/ntp/ntp_white_paper_11.txt: Removed. It does not contain any information not covered by otp_specification_10.txt or defined elsewhere. * doc/otp/otp_specification_10.txt: Extended with various protocol command documentation. 2008-08-10 Jan-Oliver Wagner * doc/ntp/ntp_white_paper.txt: Removed. It does not contain any information not covered by otp_specification_10.txt. * doc/ntp/ntp_white_paper_11.txt: Removed those elements which are documented cleanly in otp_specification_10.txt * doc/otp/otp_specification_10.txt: Extended with various protocol command documentation. * MANIFEST: Updated. 2008-08-08 Jan-Oliver Wagner Started clean documentation of OTP. * doc/otp/otp_specification_10.txt: Extended with various protocol command documentation. * doc/ntp/ntp_extensions.txt, doc/ntp/ntp_white_paper.txt: Removed those elements which are documented cleanly in otp_specification_10.txt * openvasd/comm.c (plugin_send_infos): Added comment hinting at a potential bug. 2008-08-08 Jan-Oliver Wagner Patch for Change Request #15: http://www.openvas.org/openvas-cr-15.html (OpenVAS Server: Remove features for detached scans) * openvasd/ntp_11.c: Don't include detached.h anymore. (ntp_11_stop_detached_session, ntp_11_list_detached_sessions, extract_detached_session_key_from_session_msg): Removed. (ntp_11_parse_input): Removed handling of STOP_DETACHED and DETACHED_SESSIONS_LIST. (ntp_11_parse_input): Fixed anyway-misplaced ENABLE_SAVE_TESTS conditional. * openvasd/preferences.c (preferences_detached_scan, preferences_detached_scan_email, preferences_continuous_scan, preferences_delay_between_scans): Removed. (preferences_reset_cache): Removed initializing of detached params. * openvasd/preferences.h: Removed protos for preferences_detached_scan, preferences_detached_scan_email, preferences_delay_between_scans and preferences_continuous_scan. * openvasd/attack.c: Removed include for detached.h. (attack_network): Removed handling of "detached" and "continous". (attack_sigterm, arg_addset_value): Removed. * openvasd/hosts.c: Removed include for detached.h. (forward): Removed handling for detached scans. * Makefile: Don't handle detached module. * doc/ntp/ntp_extensions.txt: Removed documentation about the detached functionality. * openvasd/utils.c: Removed include for detached.h. It wasn't required anyway. * openvasd/comm.c: Removed include for detached.h. It wasn't required anyway. (comm_send_preferences): Don't send settings for ntp_detached_sessions anymore. * openvasd/detached.c, openvasd/detached.h: Removed. * MANIFEST: Updated. 2008-08-08 Jan-Oliver Wagner * VERSION: Set to 1.1.0.SVN to reflect that the 1.0 development has been branched and the development here lead to a next major release. 2008-08-07 Jan-Oliver Wagner Final step of Change Request #4, http://www.openvas.org/openvas-cr-4.html : Remove plugin upload feature * openvasd/pluginupload.c, openvasd/pluginupload.h: Removed. * openvasd/Makefile: Removed handling of module pluginupload. * openvasd/ntp_11.c: (ntp_11_parse_input): Removed command ATTACHED_PLUGIN from protocol. * doc/openvasd.8.in: Removed documentation of "plugin_upload". * doc/ntp/ntp_extensions.txt: Removed description of ATTACHED_PLUGIN. * MANIFEST: Updated. 2008-08-06 Jan-Oliver Wagner Branching of 1.0 series happened. The present file described trunk developments. 2008-07-31 Tim Brown * openvas-adduser.in: Now sets prefix, execprefix during build. 2008-07-07 Jan Wagner * packaging/debian/openvasd.conf,packaging/debian/changelog: removed traces of Nessus in favour of OpenVAS 2008-07-07 Michael Wiegand Removed outdated and obsolete file doc/README.INSTALL. * doc/README.INSTALL: Removed. * MANIFEST: Updated. 2008-07-03 Michael Wiegand Post release version bump. * VERSION: Set to 1.0.2.SVN 2008-07-03 Michael Wiegand Doing the 1.0.1 release. * VERSION: Set to 1.0.1. * CHANGES: Updated. 2008-07-03 Tim Brown * packaging/debian/control, packaging/debian/openvas-server.templates, packaging/debian/po/*: Fixed po files. * packaging/debian/openvas-server.init: Modified init info in openvas-server.init to include descriptions. * packaging/debian/changelog: Updated. 2008-07-03 Michael Wiegand * doc/otp/otp_specification_10.txt: Made OTP specification more specific regarding the removal of session handling. 2008-07-02 Michael Wiegand * configure.in: Raised minimum required version of openvas-libnasl from 0.9.1 to 1.0.1. * configure: Updated. 2008-07-02 Michael Wiegand * openvasd/openvasd.c (main): Updated version and copyright information to make them consistent with OpenVAS-Client. 2008-07-02 Jan Wagner Split off -dev package for Debian packaging. * packaging/debian/openvas-server-dev.dirs, packaging/debian/openvas-server.dirs, packaging/debian/openvas-server.docs: Added. * packaging/debian/dirs, packaging/debian/docs: Removed. * packaging/debian/changelog, packaging/debian/control, packaging/debian/rules: Added documentation and handling for -dev Package. 2008-07-01 Jan-Oliver Wagner * MANIFEST: Updated. * openvasd/detached.c (detached_new_session): Fixed wrong use of system call "open" (if O_CREAT is applied, the command needs specification of access flags). 2008-06-27 Jan-Oliver Wagner * openvasd-config.in: fix variable replacement problem. Original problem report and initial patch supplied by Ales Nosek. 2008-06-24 Michael Wiegand Added a first draft of the OTP specification. * doc/otp/: Added. * doc/otp/otp_specification_10.txt: Added. 2008-06-20 Jan-Oliver Wagner * openvasd/users.c (users_add_rule): Fixed overflow problem. Found by Ales Nosek. 2008-06-19 Tim Brown * packaging/debian/control: Minor updates to control file, fixed Section, Priority and Build-Depends directives. 2008-06-17 Jan-Oliver Wagner * doc/kb_saving.txt: Changed some history naming back from OpenVAS to Nessus (probably a search-replace mistake). Also removed a documentation URL to nessus.org where the page has been removed meanwhile. 2008-05-12 Jan-Oliver Wagner Second step for Change Request #4 (Remove plugin upload feature), http://www.openvas.org/openvas-cr-4.html * MANIFEST: Added packaging/debian * openvasd/pluginupload.c, openvasd/pluginupload.h: Added note about when this module can be removed. * openvasd/ntp_11.c (ntp_11_read_prefs): remove consideration of system preferences "admin_user", "plugin_upload" and "plugin_upload_suffixes". (ntp_11_parse_input): Remove undocumented protocol command "HUP_FATHER". * openvasd/preferences.c (preferences_new): Removed write defaults for these system preferences: "admin_user", "plugin_upload" and "plugin_upload_suffixes". (preferences_upload_enabled, preferences_upload_suffixes, preferences_user_is_admin): Removed. (preferences_reset_cache): Removed call of preferences_upload_enabled. * openvasd/preferences.h: Removed protos for preferences_user_is_admin, preferences_upload_enabled and preferences_upload_suffixes. * openvasd/comm.c (comm_send_preferences): No need of exception for "admin_user" any more. * openvasd/utils.c (get_max_hosts_number, get_max_checks_number): Removed allowance of overridung max_checks and max_hosts when being defined a admin user. * openvas-adduser.in: Removed the creation of the users plugins directory. Also removed any unused variable setttings via configure. 2008-05-11 Tim Brown * debian: Removed as it will be replaced with packaging/debian. * packaging/debian: New. Debian packaging files. * doc/unbsp.c: Removed as no longer used. 2008-05-08 Bernhard Herzog First step for Change Request #4 (Remove plugin upload feature), http://www.openvas.org/openvas-cr-4.html * openvasd/pluginupload.c (plugin_recv): Always discard the uploaded data and reject the plugin upload. This change removes support for plugin upload without changing the protocol (plugins_homedir): Removed. No longer used. 2008-05-06 Jan-Oliver Wagner * openvasd/ntp.h: Removed. The contents is now in "ntp.h" of the openvas-libraries module. * include/openvas-devel.h: Removed. The content was redundant anyway (error prone!) and now is only in ntp.h of module openvas-libraries. * include/includes.h: Instead of openvas-devel.h now include ntp.h. * configure.in: Raised minimum required version of openvas-libraries from 1.0.0 to 1.0.2. * Makefile: Don't install openvas-devel.h anymore. * MANIFEST: Updated. * configure: Updated. 2008-04-18 Jan-Oliver Wagner * packaging/fedora: New. Directory for Fedora RPM files. * packaging/fedora/openvas-server-1.0.0-1.fc8.openvas.spec, packaging/fedora/openvas-server-1.0.0-Makefile.diff: New. * MANIFEST: updated. 2008-04-16 Jan-Oliver Wagner * packaging: New. Directory for packaging files. * packaging/opensuse: New. Directory for OpenSUSE RPM files. * packaging/opensuse/openvas-server-1.0.0-1.suse102.openvas.spec, packaging/opensuse/openvas-server-1.0.0-Makefile.diff: New. 2008-04-16 Jan-Oliver Wagner * Makefile: Add missing DESTDIR for install targets. 2008-02-26 Tim Brown * openvasd/log.c, openvasd/preferences.c, doc/openvasd.8.in: Now supports syslog as per Nessus 2.3.1. * openvasd/log.c: Fixed possible NULL pointer exception. * openvasd/pluginload.c: Fixed typo in error message. * openvas-server/openvasd/comm.c: Removed unused variable. * openvas-server/openvasd/pluginscheduler.c: Fixed memory leaks as per Nessus 2.3.1. 2008-02-17 Tim Brown * openvasd/Makefile: Fixed bug preventing parallel builds under Gentoo. 2008-02-16 Laban Mwangi * openvasd/detached.c(detached_setup_mail_file): Fixing flawfinder l5 warnings. 2008-02-11 Jan-Oliver Wagner * CHANGES: Removed one item for 1.0.0 about gpgme, because it did not belong there. 2008-01-31 Jan-Oliver Wagner Post release version bump. * VERSION: Set to 1.0.1.SVN 2008-01-31 Jan-Oliver Wagner Doing the 1.0.0 release. * VERSION: Set to 1.0.0. * CHANGES: Updated. 2008-01-31 Jan-Oliver Wagner * UPGRADE_README: Removed. Nowadays such information are not relevant anymore. * MANIFEST: updated. 2008-01-31 Jan-Oliver Wagner * doc/stubheader.txt: Removed. The stub headers are mangaged centralized in the "doc" module of OpenVAS SVN. * TODO: Removed an ancient entry about a fetch script that isn't part of this module. * MANIFEST: updated. 2007-11-24 Jan-Oliver Wagner * openvasd/openvasd.c (main): Removed useless version check for libraries and nasl. 2007-11-07 Jan-Oliver Wagner Post release version bump. * VERSION: Set to 0.9.3.SVN 2007-11-07 Jan-Oliver Wagner Doing the 0.9.2 release. * VERSION: Set to 0.9.2. * CHANGES: Updated. 2007-11-06 Jan-Oliver Wagner * openvasd-config.in: Added header. * configure.in: Added header and fixed version setting as used for openvas-config. * include/corevers.h.in: Adapt parameter names according to changes in configure.in * configure: updated. 2007-11-05 Jan-Oliver Wagner * Makefile: Added creation of gnupg subdirectory under sysconfdir/openvas. 2007-10-26 Jan-Oliver Wagner * MANIFEST: updated. 2007-10-21 Jan-Oliver Wagner * README_SSL, doc/WARNING.En, doc/WARNING.Fr: Removed due to phrases that render the text files non-free. 2007-10-17 Jan-Oliver Wagner Post release version bump. * VERSION: Set to 0.9.2.SVN 2007-10-17 Jan-Oliver Wagner Doing the 0.9.1 release. * VERSION: Set to 0.9.1. * CHANGES: Updated. 2007-10-17 Jan-Oliver Wagner * configure.in, openvas.tmpl.in: Removed variable "nessus_lib". It wasn't used anyway. * configure: Updated. 2007-10-17 Jan-Oliver Wagner * configure.in: Added version checks for openvas-libraries and openvas-libnasl. * TODO: Removed wish for version checking. 2007-10-15 Jan-Oliver Wagner * TODO: Added some further items. 2007-10-09 Jan-Oliver Wagner * VERSION: upgraded to 0.9.0.SVN. 2007-10-09 Jan-Oliver Wagner * MANIFEST: updated. 2007-10-08 Bernhard Herzog * openvasd/hosts_gatherer.h: Removed. Use the one installed by openvas-libraries instead. * attack.c: #include and move the hosts_gatherer.h include because it now comes from outside of openvasd. * openvasd/openvasd.c, openvasd/preferences.c: Move the hosts_gatherer.h include because it now comes from outside of openvasd. 2007-09-20 Bernhard Herzog * openvasd/pluginload.c (init_plugin_classes) (plugins_reload_from_dir): Refactor the initialization of the plugin classes to from plugins_reload_from_dir into the new function init_plugin_classes 2007-07-27 Jan-Oliver Wagner Doing the 0.9.0 release. * VERSION: Set to 0.9.0. * CHANGES: Set release date to 2007-07-27. 2007-07-25 Jan-Oliver Wagner * openvasd/preferences.c (preferences_new): Defaulting nasl_no_signature_checks to yes, because the signatures are currently not present. 2007-07-21 Jan-Oliver Wagner * INSTALL: just slight correction and attached a warning that this is outdated. 2007-07-21 Jan-Oliver Wagner * MANIFEST: updated. 2007-07-20 Jan-Oliver Wagner Remove support for Unix Sockets for communication between client and server. Since SSL support is present, this is not needed anymore for security reasons. Considerable performance loss is not expected, only at first connection time it might be faster with unix sockets (which is not really for sure since the loopback device is also very fast). Also, the implementation is suboptimal anyway because it works as compile-time option. It is very easy to select between a unix domain socket and inet socket at runtime. * configure.in: Removed unix-socket handling. * configure: updated. * include/config.h.in, openvasd/sighand.c, openvasd/preferences.c, openvasd/openvasd.c, openvasd/ntp_11.c, openvasd/hosts.c: Removed any handling of unix sockets (this also removes any occurance of USE_AF_UNIX, OPENVAS_ON_SSL, AF_UNIX_PATH, USE_AF_INET, AD_UNIX) * openvasd/comm.c: Remove handling for non-SSL conncetions. 2007-07-20 Jan-Oliver Wagner * CHANGES: Updated with some notes. 2007-07-20 Jan-Oliver Wagner * openvasd/openvasd.c (main): Removed HAVE_SSL remains. * Makefile: Removed installation of "nessus-services". This module does not need to care about libdir (creation removed) * TODO: cleaned a bit. 2007-07-18 Bernhard Herzog * include/includes.h: Remove openssl includes 2007-07-18 Bernhard Herzog * openvasd/openvas-check-signature.c: Use GnuTLS instead of OpenSSL. See comments in the file for things that could be done better. (print_tls_error, map_file, hexdecode): New. Helper functions. (generate_signature, verify_signature): Use GnuTLS instead of OpenSSL. Also, both functions now have an additional parameter for the keyfile/certfile to use so that their filenames are no longer hard wired. (main): Add command line arguments to specifiy the key or certificat to use when signing or verifying. Pass those filenames to generate_signature and verify_signature. 2007-07-04 Bernhard Herzog * openvasd/plugs_hash.c (plugins_hash): Handle errors from gcry_md_open. plugins_hash may return NULL now. * openvasd/comm.c (comm_send_md5_plugins): Handle case where plugins_hash returns NULL. 2007-07-02 Bernhard Herzog * openvasd/plugs_hash.c (file_hash, plugins_hash): Use unsigned char (pointer/array) to hold the digest to avoid warnings about type mismatch. 2007-07-02 Bernhard Herzog * openvasd/md5.c, openvasd/md5.c: removed. no longer needed. * openvasd/Makefile: md5.c has been removed. * openvasd/comm.c: Do not included md5.h. it wasn't needed anyway 2007-07-02 Bernhard Herzog * openvasd/users.c remove includes of openssl headers. (check_user): Use libgcrypt to compute md5 sums. * openvasd/plugs_hash.c (md5sum_hex): New function to convert a binary md5 sum to hexadecimal. (file_hash, dir_plugins_hash, plugins_hash): Use libgcrypt to compute md5 sums. 2007-07-02 Bernhard Herzog * openvasd/openvasd.c: Use the libopenvas ssl abstraction instead of openssl. As a consequence the ssl_cipher_list config option is no longer supported. (ssl_mt, ssl_ctx): Removed. (ovas_server_ctx): Introduced instead of ssl_mt and ssl_ctx (server_thread): Use the libopenvas ssl abstraction instead of openssl. (verify_callback): removed. verification is done in libopenvas. (main_loop): Use the libopenvas ssl abstraction instead of openssl. 2007-07-02 Bernhard Herzog * openvasd/preferences.c: Always compile in preferences_get_string, i.e. do not depend on OPENVAS_ON_SSL being defined. 2007-06-22 Bernhard Herzog * include/config.h, include/corevers.h: Removed from SVN because they're automatically generated by the configure script 2007-05-25 Jan-Oliver Wagner * configure, include/config.h, include/corevers.h: Updated. 2007-05-25 Jan-Oliver Wagner * include/threadcompat.h: Fix names and description to reflect thread as subject. * include/includes.h: Replace libnessus.h by libopenvas.h. 2007-05-25 Jan-Oliver Wagner * include/ntcompat.h: Removed. Renamed to threadcompat.h because in fact it is about threads. * include/threadcompat.h: New. Previous ntcompat.h. * Makefile, MANIFEST, include/includes.h: Renamed ntcompat.h to threadcompat.h 2007-05-25 Jan-Oliver Wagner * include/ntcompat.h: Remove now useless emtpy defines for PlugExport, DllExport, DllImport and ExtFunc. Remove alias print_error for printf which was not used strictly anyway. * openvasd/log.c, openvasd/openvasd.c, openvasd/pluginload.c, openvasd/preferences.c: Replaced print_error by printf. 2007-05-25 Jan-Oliver Wagner * include/includes.h, include/openvas-devel.h, openvasd/sighand.c: Remove any consideration of NESSUSNT. * include/ntcompat.h: Remove any consideration of NESSUSNT and USE_NT_THREADS. * configure.in: Removed handlung for SSL presence, because it is now mandatory. 2007-05-23 Jan-Oliver Wagner * configure.in, openvas-adduser.in, openvas-rmuser.in, openvas-mkcert.in, openvas-mkcert-client.in: Remove Cygwin stuff. 2007-05-23 Jan-Oliver Wagner * configure: Updated. 2007-05-23 Jan-Oliver Wagner * configure.in, openvas.tmpl.in, openvasd/Makefile: Replace use of nessus-libraries and libnasl by openvas-libraries and openvas-libnasl. This includes name change of the respective variables for the respective config scripts. * VERSION: Set back to 0.9.0. OpenVAS wasn't that far yet. 2007-05-09 Jan-Oliver Wagner * openvasd-config.in, configure.in, Makefile: Removed DESTDIR. It looks pretty useless as it needs to be set in the shell. It was introduced in Nessus 1.3.1. * ChangeLog: New. Started ChangeLog file. openvas-scanner-5.1.3/INSTALL000066400000000000000000000144751334154455600157000ustar00rootroot00000000000000INSTALLATION INSTRUCTIONS FOR OPENVAS-SCANNER ============================================= Please note: The reference system used by most of the developers is Debian GNU/Linux 'Jessie' 8. The build might fail on any other systems. Also it is necessary to install dependent development packages. Prerequisites for openvas-scanner --------------------------------- Prerequisites: * cmake >= 2.8 * libopenvas_nasl, libopenvas_base, libopenvas_misc >= 9.0.3 * glib-2.0 >= 2.32 * libgcrypt * pkg-config * redis >= 2.4.0 Prerequisites for building documentation: * Doxygen * xmltoman (optional, for building man page) * sqlfairy (optional, for producing database diagram) Compiling openvas-scanner ------------------------- If you have installed required libraries to a non-standard location, remember to set the PKG_CONFIG_PATH environment variable to the location of you pkg-config files before configuring: $ export PKG_CONFIG_PATH=/your/location/lib/pkgconfig:$PKG_CONFIG_PATH Create a build directory and change into it with $ mkdir build $ cd build Then configure the build with $ cmake -DCMAKE_INSTALL_PREFIX=/path/to/your/installation .. or (if you want to use the default installation path /usr/local) $ cmake .. This only needs to be done once. Thereafter, the following commands are useful. $ make # build the scanner $ make doc # build the documentation $ make doc-full # build more developer-oriented documentation $ make install # install the build $ make rebuild_cache # rebuild the cmake cache Please note that you may have to execute "make install" as root, especially if you have specified a prefix for which your user does not have full permissions. To clean up the build environment, simply remove the contents of the "build" directory you created above. Setting up openvas-scanner -------------------------- Setting up an openvas-scanner requires the following steps: 1) (optional) You may decide to change the default scanner preferences by setting them in the file $prefix/etc/openvassd.conf. If that file does not exist (default), then the default settings are used. You can view them with "openvassd -s". The output of that command is a valid configuration file. The man page ("man openvassd") provides details about the available settings, among these opportunities to restrict access of scanner regarding scan targets and interfaces. 2) In order to run vulnerability scans, you will need a collection of Network Vulnerability Tests (NVTs) that can be run by openvas-scanner. Initially, your NVT collection will be empty. It is recommended that you synchronize with an NVT feed service before starting openvas-scanner for the first time. Simply execute the following command. It will retrieve over 50,000 NVTs. $ greenbone-nvt-sync This tool will use the Greenbone Security Feed in case a Greenbone subscription key is present. Else, the Community Feed will be used. Please note that you will need at least one of the following tools for a successful synchronization: * rsync * wget * curl NVT feeds are updated on a regular basis. Be sure to update your NVT collection regularly to detect the latest threats. 3) The scanner needs a running redis server to temporarily store information gathered on the scanned hosts. Redis 2.4 and newer is supported but 2.6 is recommended. See doc/redis_config.txt to see how to setup and run a redis server. Two examples are installed which you may use directly for a quick start: $ redis-server /share/doc/openvas-scanner/example_redis_2_4.conf or $ redis-server /share/doc/openvas-scanner/example_redis_2_6.conf or copy the example to another location, edit and use the copy instead. 4) You can launch openvas-scanner using the following command: $ openvassd Be aware that the first launch of openvas-scanner after the initial feed synchronization or after large feed updates will take longer than usual since the internal scanner cache has to be updated. Subsequent launches will be much quicker. Sending SIGHUP to the scanner main process will initiate a reload of the feed content and of the scanner preferences. This will not affect running scans. The NVT synchronisation routine will try to send the SIGHUP to the scanner on its own. This works only if the pid-file of scanner is found which is expected to be /var/run/openvas/openvassd.pid. Please note that although you can start openvassd as a user without elevated privileges, it is recommended that you start openvassd as root since a number of Network Vulnerability Tests (NVTs) require root privileges to perform certain operations like packet forgery. If you run openvassd as a user without permission to perform these operations, your scan results are likely to be incomplete. 5) Once the scanner has started, openvas-manager can act as a client and control the scanner. The actual user interfaces (for example GSA or CLI-OMP) will only interact with the manager, not the scanner. If you encounter problems, the files /var/log/openvas/openvassd.messages and /var/log/openvas/openvassd.dump may contain useful information. The exact location of these files may differ depending on your distribution and installation method. Please have these files ready when contacting the OpenVAS developers through the OpenVAS mailing list or the online chat or submitting bug reports at http://bugs.openvas.org/ as they may help to pinpoint the source of your issue. Static code analysis with the Clang Static Analyzer --------------------------------------------------- If you want to use the Clang Static Analyzer (http://clang-analyzer.llvm.org/) to do a static code analysis, you can do so by adding the following parameter when configuring the build: -DCMAKE_C_COMPILER=/usr/share/clang/scan-build/ccc-analyzer Note that the example above uses the default location of ccc-analyzer in Debian GNU/Linux and may be different in other environments. To have the analysis results aggregated into a set of HTML files, use the following command: $ scan-build make The tool will provide a hint on how to launch a web browser with the results. It is recommended to do this analysis in a separate, empty build directory and to empty the build directory before "scan-build" call. openvas-scanner-5.1.3/README000066400000000000000000000020451334154455600155150ustar00rootroot00000000000000openvas-scanner =============== This is the scanner module for the Open Vulnerability Assessment System (OpenVAS). For more information, please refer to the OpenVAS website available at http://www.openvas.org/. Please see the file COPYING for the license information. Please refer to the instructions provided in the file INSTALL if you want to install and configure openvas-scanner. If you are not familiar or comfortable with building from source code, we recommend that you use a install package or use a prepared virtual machine. Information regarding available binary packages and virtual machines is available from the download area of the OpenVAS website. Note that you will need the openvas-libraries modules to compile openvas-scanner. Further information about these modules is available from the OpenVAS website as well. If you have any question or suggestions, please feel free to use the mailing list and the IRC chat to contact the OpenVAS developers. Please use the OpenVAS bug tracker located at http://bugs.openvas.org/ to report bugs. openvas-scanner-5.1.3/VERSION.in000066400000000000000000000000271334154455600163100ustar00rootroot00000000000000@CPACK_PACKAGE_VERSION@openvas-scanner-5.1.3/doc/000077500000000000000000000000001334154455600154015ustar00rootroot00000000000000openvas-scanner-5.1.3/doc/CMakeLists.txt000066400000000000000000000036441334154455600201500ustar00rootroot00000000000000# OpenVAS # $Id$ # Description: CMakefile for the OpenVAS Scanner documentation # # Authors: # Matthew Mundell # Michael Wiegand # # Copyright: # Copyright (C) 2011 Greenbone Networks GmbH # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ## build include (FindDoxygen) if (NOT DOXYGEN_EXECUTABLE) message (STATUS "WARNING: Doxygen is required to build the HTML docs.") else (NOT DOXYGEN_EXECUTABLE) add_custom_target (doc COMMENT "Building documentation..." DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile ${CMAKE_CURRENT_BINARY_DIR}/.built-html) add_custom_command (OUTPUT .built-html COMMAND sh ARGS -c \"${DOXYGEN_EXECUTABLE} ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile && touch ${CMAKE_CURRENT_BINARY_DIR}/.built-html\;\" DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile) add_custom_target (doc-full COMMENT "Building documentation..." DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile_full ${CMAKE_CURRENT_BINARY_DIR}/.built-html_full) add_custom_command (OUTPUT .built-html_full COMMAND sh ARGS -c \"${DOXYGEN_EXECUTABLE} ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile_full && touch ${CMAKE_CURRENT_BINARY_DIR}/.built-html_full\;\" DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile_full) endif (NOT DOXYGEN_EXECUTABLE) openvas-scanner-5.1.3/doc/Doxyfile.in000066400000000000000000003107521334154455600175240ustar00rootroot00000000000000# Doxyfile 1.8.8 # This file describes the settings to be used by the documentation system # doxygen (www.doxygen.org) for a project. # # All text after a double hash (##) is considered a comment and is placed in # front of the TAG it is preceding. # # All text after a single hash (#) is considered a comment and will be ignored. # The format is: # TAG = value [value, ...] # For lists, items can also be appended using: # TAG += value [value, ...] # Values that contain spaces should be placed between quotes (\" \"). #--------------------------------------------------------------------------- # Project related configuration options #--------------------------------------------------------------------------- # This tag specifies the encoding used for all characters in the config file # that follow. The default is UTF-8 which is also the encoding used for all text # before the first occurrence of this tag. Doxygen uses libiconv (or the iconv # built into libc) for the transcoding. See http://www.gnu.org/software/libiconv # for the list of possible encodings. # The default value is: UTF-8. DOXYFILE_ENCODING = UTF-8 # The PROJECT_NAME tag is a single word (or a sequence of words surrounded by # double-quotes, unless you are using Doxywizard) that should identify the # project for which the documentation is generated. This name is used in the # title of most generated pages and in a few other places. # The default value is: My Project. PROJECT_NAME = "OpenVAS Scanner" # The PROJECT_NUMBER tag can be used to enter a project or revision number. This # could be handy for archiving the generated documentation or if some version # control system is used. PROJECT_NUMBER = @CPACK_PACKAGE_VERSION@ # Using the PROJECT_BRIEF tag one can provide an optional one line description # for a project that appears at the top of each page and should give viewer a # quick idea about the purpose of the project. Keep the description short. PROJECT_BRIEF = # With the PROJECT_LOGO tag one can specify an logo or icon that is included in # the documentation. The maximum height of the logo should not exceed 55 pixels # and the maximum width should not exceed 200 pixels. Doxygen will copy the logo # to the output directory. PROJECT_LOGO = # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) path # into which the generated documentation will be written. If a relative path is # entered, it will be relative to the location where doxygen was started. If # left blank the current directory will be used. OUTPUT_DIRECTORY = @CMAKE_BINARY_DIR@/doc/generated # If the CREATE_SUBDIRS tag is set to YES, then doxygen will create 4096 sub- # directories (in 2 levels) under the output directory of each output format and # will distribute the generated files over these directories. Enabling this # option can be useful when feeding doxygen a huge amount of source files, where # putting all generated files in the same directory would otherwise causes # performance problems for the file system. # The default value is: NO. CREATE_SUBDIRS = NO # If the ALLOW_UNICODE_NAMES tag is set to YES, doxygen will allow non-ASCII # characters to appear in the names of generated files. If set to NO, non-ASCII # characters will be escaped, for example _xE3_x81_x84 will be used for Unicode # U+3044. # The default value is: NO. ALLOW_UNICODE_NAMES = NO # The OUTPUT_LANGUAGE tag is used to specify the language in which all # documentation generated by doxygen is written. Doxygen will use this # information to generate all constant output in the proper language. # Possible values are: Afrikaans, Arabic, Armenian, Brazilian, Catalan, Chinese, # Chinese-Traditional, Croatian, Czech, Danish, Dutch, English (United States), # Esperanto, Farsi (Persian), Finnish, French, German, Greek, Hungarian, # Indonesian, Italian, Japanese, Japanese-en (Japanese with English messages), # Korean, Korean-en (Korean with English messages), Latvian, Lithuanian, # Macedonian, Norwegian, Persian (Farsi), Polish, Portuguese, Romanian, Russian, # Serbian, Serbian-Cyrillic, Slovak, Slovene, Spanish, Swedish, Turkish, # Ukrainian and Vietnamese. # The default value is: English. OUTPUT_LANGUAGE = English # If the BRIEF_MEMBER_DESC tag is set to YES doxygen will include brief member # descriptions after the members that are listed in the file and class # documentation (similar to Javadoc). Set to NO to disable this. # The default value is: YES. BRIEF_MEMBER_DESC = YES # If the REPEAT_BRIEF tag is set to YES doxygen will prepend the brief # description of a member or function before the detailed description # # Note: If both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the # brief descriptions will be completely suppressed. # The default value is: YES. REPEAT_BRIEF = YES # This tag implements a quasi-intelligent brief description abbreviator that is # used to form the text in various listings. Each string in this list, if found # as the leading text of the brief description, will be stripped from the text # and the result, after processing the whole list, is used as the annotated # text. Otherwise, the brief description is used as-is. If left blank, the # following values are used ($name is automatically replaced with the name of # the entity):The $name class, The $name widget, The $name file, is, provides, # specifies, contains, represents, a, an and the. ABBREVIATE_BRIEF = # If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then # doxygen will generate a detailed section even if there is only a brief # description. # The default value is: NO. ALWAYS_DETAILED_SEC = NO # If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all # inherited members of a class in the documentation of that class as if those # members were ordinary class members. Constructors, destructors and assignment # operators of the base classes will not be shown. # The default value is: NO. INLINE_INHERITED_MEMB = NO # If the FULL_PATH_NAMES tag is set to YES doxygen will prepend the full path # before files name in the file list and in the header files. If set to NO the # shortest path that makes the file name unique will be used # The default value is: YES. FULL_PATH_NAMES = YES # The STRIP_FROM_PATH tag can be used to strip a user-defined part of the path. # Stripping is only done if one of the specified strings matches the left-hand # part of the path. The tag can be used to show relative paths in the file list. # If left blank the directory from which doxygen is run is used as the path to # strip. # # Note that you can specify absolute paths here, but also relative paths, which # will be relative from the directory where doxygen is started. # This tag requires that the tag FULL_PATH_NAMES is set to YES. STRIP_FROM_PATH = @CMAKE_SOURCE_DIR@ # The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of the # path mentioned in the documentation of a class, which tells the reader which # header file to include in order to use a class. If left blank only the name of # the header file containing the class definition is used. Otherwise one should # specify the list of include paths that are normally passed to the compiler # using the -I flag. STRIP_FROM_INC_PATH = # If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter (but # less readable) file names. This can be useful is your file systems doesn't # support long names like on DOS, Mac, or CD-ROM. # The default value is: NO. SHORT_NAMES = NO # If the JAVADOC_AUTOBRIEF tag is set to YES then doxygen will interpret the # first line (until the first dot) of a Javadoc-style comment as the brief # description. If set to NO, the Javadoc-style will behave just like regular Qt- # style comments (thus requiring an explicit @brief command for a brief # description.) # The default value is: NO. JAVADOC_AUTOBRIEF = NO # If the QT_AUTOBRIEF tag is set to YES then doxygen will interpret the first # line (until the first dot) of a Qt-style comment as the brief description. If # set to NO, the Qt-style will behave just like regular Qt-style comments (thus # requiring an explicit \brief command for a brief description.) # The default value is: NO. QT_AUTOBRIEF = NO # The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make doxygen treat a # multi-line C++ special comment block (i.e. a block of //! or /// comments) as # a brief description. This used to be the default behavior. The new default is # to treat a multi-line C++ comment block as a detailed description. Set this # tag to YES if you prefer the old behavior instead. # # Note that setting this tag to YES also means that rational rose comments are # not recognized any more. # The default value is: NO. MULTILINE_CPP_IS_BRIEF = NO # If the INHERIT_DOCS tag is set to YES then an undocumented member inherits the # documentation from any documented member that it re-implements. # The default value is: YES. INHERIT_DOCS = YES # If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce a # new page for each member. If set to NO, the documentation of a member will be # part of the file/class/namespace that contains it. # The default value is: NO. SEPARATE_MEMBER_PAGES = NO # The TAB_SIZE tag can be used to set the number of spaces in a tab. Doxygen # uses this value to replace tabs by spaces in code fragments. # Minimum value: 1, maximum value: 16, default value: 4. TAB_SIZE = 2 # This tag can be used to specify a number of aliases that act as commands in # the documentation. An alias has the form: # name=value # For example adding # "sideeffect=@par Side Effects:\n" # will allow you to put the command \sideeffect (or @sideeffect) in the # documentation, which will result in a user-defined paragraph with heading # "Side Effects:". You can put \n's in the value part of an alias to insert # newlines. ALIASES = "TODO=\todo" # This tag can be used to specify a number of word-keyword mappings (TCL only). # A mapping has the form "name=value". For example adding "class=itcl::class" # will allow you to use the command class in the itcl::class meaning. TCL_SUBST = # Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C sources # only. Doxygen will then generate output that is more tailored for C. For # instance, some of the names that are used will be different. The list of all # members will be omitted, etc. # The default value is: NO. OPTIMIZE_OUTPUT_FOR_C = YES # Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java or # Python sources only. Doxygen will then generate output that is more tailored # for that language. For instance, namespaces will be presented as packages, # qualified scopes will look different, etc. # The default value is: NO. OPTIMIZE_OUTPUT_JAVA = NO # Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran # sources. Doxygen will then generate output that is tailored for Fortran. # The default value is: NO. OPTIMIZE_FOR_FORTRAN = NO # Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL # sources. Doxygen will then generate output that is tailored for VHDL. # The default value is: NO. OPTIMIZE_OUTPUT_VHDL = NO # Doxygen selects the parser to use depending on the extension of the files it # parses. With this tag you can assign which parser to use for a given # extension. Doxygen has a built-in mapping, but you can override or extend it # using this tag. The format is ext=language, where ext is a file extension, and # language is one of the parsers supported by doxygen: IDL, Java, Javascript, # C#, C, C++, D, PHP, Objective-C, Python, Fortran (fixed format Fortran: # FortranFixed, free formatted Fortran: FortranFree, unknown formatted Fortran: # Fortran. In the later case the parser tries to guess whether the code is fixed # or free formatted code, this is the default for Fortran type files), VHDL. For # instance to make doxygen treat .inc files as Fortran files (default is PHP), # and .f files as C (default is Fortran), use: inc=Fortran f=C. # # Note For files without extension you can use no_extension as a placeholder. # # Note that for custom extensions you also need to set FILE_PATTERNS otherwise # the files are not read by doxygen. EXTENSION_MAPPING = # If the MARKDOWN_SUPPORT tag is enabled then doxygen pre-processes all comments # according to the Markdown format, which allows for more readable # documentation. See http://daringfireball.net/projects/markdown/ for details. # The output of markdown processing is further processed by doxygen, so you can # mix doxygen, HTML, and XML commands with Markdown formatting. Disable only in # case of backward compatibilities issues. # The default value is: YES. MARKDOWN_SUPPORT = YES # When enabled doxygen tries to link words that correspond to documented # classes, or namespaces to their corresponding documentation. Such a link can # be prevented in individual cases by by putting a % sign in front of the word # or globally by setting AUTOLINK_SUPPORT to NO. # The default value is: YES. AUTOLINK_SUPPORT = YES # If you use STL classes (i.e. std::string, std::vector, etc.) but do not want # to include (a tag file for) the STL sources as input, then you should set this # tag to YES in order to let doxygen match functions declarations and # definitions whose arguments contain STL classes (e.g. func(std::string); # versus func(std::string) {}). This also make the inheritance and collaboration # diagrams that involve STL classes more complete and accurate. # The default value is: NO. BUILTIN_STL_SUPPORT = NO # If you use Microsoft's C++/CLI language, you should set this option to YES to # enable parsing support. # The default value is: NO. CPP_CLI_SUPPORT = NO # Set the SIP_SUPPORT tag to YES if your project consists of sip (see: # http://www.riverbankcomputing.co.uk/software/sip/intro) sources only. Doxygen # will parse them like normal C++ but will assume all classes use public instead # of private inheritance when no explicit protection keyword is present. # The default value is: NO. SIP_SUPPORT = NO # For Microsoft's IDL there are propget and propput attributes to indicate # getter and setter methods for a property. Setting this option to YES will make # doxygen to replace the get and set methods by a property in the documentation. # This will only work if the methods are indeed getting or setting a simple # type. If this is not the case, or you want to show the methods anyway, you # should set this option to NO. # The default value is: YES. IDL_PROPERTY_SUPPORT = YES # If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC # tag is set to YES, then doxygen will reuse the documentation of the first # member in the group (if any) for the other members of the group. By default # all members of a group must be documented explicitly. # The default value is: NO. DISTRIBUTE_GROUP_DOC = NO # Set the SUBGROUPING tag to YES to allow class member groups of the same type # (for instance a group of public functions) to be put as a subgroup of that # type (e.g. under the Public Functions section). Set it to NO to prevent # subgrouping. Alternatively, this can be done per class using the # \nosubgrouping command. # The default value is: YES. SUBGROUPING = YES # When the INLINE_GROUPED_CLASSES tag is set to YES, classes, structs and unions # are shown inside the group in which they are included (e.g. using \ingroup) # instead of on a separate page (for HTML and Man pages) or section (for LaTeX # and RTF). # # Note that this feature does not work in combination with # SEPARATE_MEMBER_PAGES. # The default value is: NO. INLINE_GROUPED_CLASSES = NO # When the INLINE_SIMPLE_STRUCTS tag is set to YES, structs, classes, and unions # with only public data fields or simple typedef fields will be shown inline in # the documentation of the scope in which they are defined (i.e. file, # namespace, or group documentation), provided this scope is documented. If set # to NO, structs, classes, and unions are shown on a separate page (for HTML and # Man pages) or section (for LaTeX and RTF). # The default value is: NO. INLINE_SIMPLE_STRUCTS = NO # When TYPEDEF_HIDES_STRUCT tag is enabled, a typedef of a struct, union, or # enum is documented as struct, union, or enum with the name of the typedef. So # typedef struct TypeS {} TypeT, will appear in the documentation as a struct # with name TypeT. When disabled the typedef will appear as a member of a file, # namespace, or class. And the struct will be named TypeS. This can typically be # useful for C code in case the coding convention dictates that all compound # types are typedef'ed and only the typedef is referenced, never the tag name. # The default value is: NO. TYPEDEF_HIDES_STRUCT = NO # The size of the symbol lookup cache can be set using LOOKUP_CACHE_SIZE. This # cache is used to resolve symbols given their name and scope. Since this can be # an expensive process and often the same symbol appears multiple times in the # code, doxygen keeps a cache of pre-resolved symbols. If the cache is too small # doxygen will become slower. If the cache is too large, memory is wasted. The # cache size is given by this formula: 2^(16+LOOKUP_CACHE_SIZE). The valid range # is 0..9, the default is 0, corresponding to a cache size of 2^16=65536 # symbols. At the end of a run doxygen will report the cache usage and suggest # the optimal cache size from a speed point of view. # Minimum value: 0, maximum value: 9, default value: 0. LOOKUP_CACHE_SIZE = 0 #--------------------------------------------------------------------------- # Build related configuration options #--------------------------------------------------------------------------- # If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in # documentation are documented, even if no documentation was available. Private # class members and static file members will be hidden unless the # EXTRACT_PRIVATE respectively EXTRACT_STATIC tags are set to YES. # Note: This will also disable the warnings about undocumented members that are # normally produced when WARNINGS is set to YES. # The default value is: NO. EXTRACT_ALL = YES # If the EXTRACT_PRIVATE tag is set to YES all private members of a class will # be included in the documentation. # The default value is: NO. EXTRACT_PRIVATE = NO # If the EXTRACT_PACKAGE tag is set to YES all members with package or internal # scope will be included in the documentation. # The default value is: NO. EXTRACT_PACKAGE = NO # If the EXTRACT_STATIC tag is set to YES all static members of a file will be # included in the documentation. # The default value is: NO. EXTRACT_STATIC = NO # If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) defined # locally in source files will be included in the documentation. If set to NO # only classes defined in header files are included. Does not have any effect # for Java sources. # The default value is: YES. EXTRACT_LOCAL_CLASSES = YES # This flag is only useful for Objective-C code. When set to YES local methods, # which are defined in the implementation section but not in the interface are # included in the documentation. If set to NO only methods in the interface are # included. # The default value is: NO. EXTRACT_LOCAL_METHODS = NO # If this flag is set to YES, the members of anonymous namespaces will be # extracted and appear in the documentation as a namespace called # 'anonymous_namespace{file}', where file will be replaced with the base name of # the file that contains the anonymous namespace. By default anonymous namespace # are hidden. # The default value is: NO. EXTRACT_ANON_NSPACES = NO # If the HIDE_UNDOC_MEMBERS tag is set to YES, doxygen will hide all # undocumented members inside documented classes or files. If set to NO these # members will be included in the various overviews, but no documentation # section is generated. This option has no effect if EXTRACT_ALL is enabled. # The default value is: NO. HIDE_UNDOC_MEMBERS = NO # If the HIDE_UNDOC_CLASSES tag is set to YES, doxygen will hide all # undocumented classes that are normally visible in the class hierarchy. If set # to NO these classes will be included in the various overviews. This option has # no effect if EXTRACT_ALL is enabled. # The default value is: NO. HIDE_UNDOC_CLASSES = NO # If the HIDE_FRIEND_COMPOUNDS tag is set to YES, doxygen will hide all friend # (class|struct|union) declarations. If set to NO these declarations will be # included in the documentation. # The default value is: NO. HIDE_FRIEND_COMPOUNDS = NO # If the HIDE_IN_BODY_DOCS tag is set to YES, doxygen will hide any # documentation blocks found inside the body of a function. If set to NO these # blocks will be appended to the function's detailed documentation block. # The default value is: NO. HIDE_IN_BODY_DOCS = NO # The INTERNAL_DOCS tag determines if documentation that is typed after a # \internal command is included. If the tag is set to NO then the documentation # will be excluded. Set it to YES to include the internal documentation. # The default value is: NO. INTERNAL_DOCS = NO # If the CASE_SENSE_NAMES tag is set to NO then doxygen will only generate file # names in lower-case letters. If set to YES upper-case letters are also # allowed. This is useful if you have classes or files whose names only differ # in case and if your file system supports case sensitive file names. Windows # and Mac users are advised to set this option to NO. # The default value is: system dependent. CASE_SENSE_NAMES = YES # If the HIDE_SCOPE_NAMES tag is set to NO then doxygen will show members with # their full class and namespace scopes in the documentation. If set to YES the # scope will be hidden. # The default value is: NO. HIDE_SCOPE_NAMES = NO # If the SHOW_INCLUDE_FILES tag is set to YES then doxygen will put a list of # the files that are included by a file in the documentation of that file. # The default value is: YES. SHOW_INCLUDE_FILES = YES # If the SHOW_GROUPED_MEMB_INC tag is set to YES then Doxygen will add for each # grouped member an include statement to the documentation, telling the reader # which file to include in order to use the member. # The default value is: NO. SHOW_GROUPED_MEMB_INC = NO # If the FORCE_LOCAL_INCLUDES tag is set to YES then doxygen will list include # files with double quotes in the documentation rather than with sharp brackets. # The default value is: NO. FORCE_LOCAL_INCLUDES = NO # If the INLINE_INFO tag is set to YES then a tag [inline] is inserted in the # documentation for inline members. # The default value is: YES. INLINE_INFO = YES # If the SORT_MEMBER_DOCS tag is set to YES then doxygen will sort the # (detailed) documentation of file and class members alphabetically by member # name. If set to NO the members will appear in declaration order. # The default value is: YES. SORT_MEMBER_DOCS = YES # If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the brief # descriptions of file, namespace and class members alphabetically by member # name. If set to NO the members will appear in declaration order. Note that # this will also influence the order of the classes in the class list. # The default value is: NO. SORT_BRIEF_DOCS = NO # If the SORT_MEMBERS_CTORS_1ST tag is set to YES then doxygen will sort the # (brief and detailed) documentation of class members so that constructors and # destructors are listed first. If set to NO the constructors will appear in the # respective orders defined by SORT_BRIEF_DOCS and SORT_MEMBER_DOCS. # Note: If SORT_BRIEF_DOCS is set to NO this option is ignored for sorting brief # member documentation. # Note: If SORT_MEMBER_DOCS is set to NO this option is ignored for sorting # detailed member documentation. # The default value is: NO. SORT_MEMBERS_CTORS_1ST = NO # If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the hierarchy # of group names into alphabetical order. If set to NO the group names will # appear in their defined order. # The default value is: NO. SORT_GROUP_NAMES = NO # If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be sorted by # fully-qualified names, including namespaces. If set to NO, the class list will # be sorted only by class name, not including the namespace part. # Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES. # Note: This option applies only to the class list, not to the alphabetical # list. # The default value is: NO. SORT_BY_SCOPE_NAME = NO # If the STRICT_PROTO_MATCHING option is enabled and doxygen fails to do proper # type resolution of all parameters of a function it will reject a match between # the prototype and the implementation of a member function even if there is # only one candidate or it is obvious which candidate to choose by doing a # simple string match. By disabling STRICT_PROTO_MATCHING doxygen will still # accept a match between prototype and implementation in such cases. # The default value is: NO. STRICT_PROTO_MATCHING = NO # The GENERATE_TODOLIST tag can be used to enable ( YES) or disable ( NO) the # todo list. This list is created by putting \todo commands in the # documentation. # The default value is: YES. GENERATE_TODOLIST = YES # The GENERATE_TESTLIST tag can be used to enable ( YES) or disable ( NO) the # test list. This list is created by putting \test commands in the # documentation. # The default value is: YES. GENERATE_TESTLIST = YES # The GENERATE_BUGLIST tag can be used to enable ( YES) or disable ( NO) the bug # list. This list is created by putting \bug commands in the documentation. # The default value is: YES. GENERATE_BUGLIST = YES # The GENERATE_DEPRECATEDLIST tag can be used to enable ( YES) or disable ( NO) # the deprecated list. This list is created by putting \deprecated commands in # the documentation. # The default value is: YES. GENERATE_DEPRECATEDLIST= YES # The ENABLED_SECTIONS tag can be used to enable conditional documentation # sections, marked by \if ... \endif and \cond # ... \endcond blocks. ENABLED_SECTIONS = # The MAX_INITIALIZER_LINES tag determines the maximum number of lines that the # initial value of a variable or macro / define can have for it to appear in the # documentation. If the initializer consists of more lines than specified here # it will be hidden. Use a value of 0 to hide initializers completely. The # appearance of the value of individual variables and macros / defines can be # controlled using \showinitializer or \hideinitializer command in the # documentation regardless of this setting. # Minimum value: 0, maximum value: 10000, default value: 30. MAX_INITIALIZER_LINES = 30 # Set the SHOW_USED_FILES tag to NO to disable the list of files generated at # the bottom of the documentation of classes and structs. If set to YES the list # will mention the files that were used to generate the documentation. # The default value is: YES. SHOW_USED_FILES = YES # Set the SHOW_FILES tag to NO to disable the generation of the Files page. This # will remove the Files entry from the Quick Index and from the Folder Tree View # (if specified). # The default value is: YES. SHOW_FILES = YES # Set the SHOW_NAMESPACES tag to NO to disable the generation of the Namespaces # page. This will remove the Namespaces entry from the Quick Index and from the # Folder Tree View (if specified). # The default value is: YES. SHOW_NAMESPACES = YES # The FILE_VERSION_FILTER tag can be used to specify a program or script that # doxygen should invoke to get the current version for each file (typically from # the version control system). Doxygen will invoke the program by executing (via # popen()) the command command input-file, where command is the value of the # FILE_VERSION_FILTER tag, and input-file is the name of an input file provided # by doxygen. Whatever the program writes to standard output is used as the file # version. For an example see the documentation. FILE_VERSION_FILTER = # The LAYOUT_FILE tag can be used to specify a layout file which will be parsed # by doxygen. The layout file controls the global structure of the generated # output files in an output format independent way. To create the layout file # that represents doxygen's defaults, run doxygen with the -l option. You can # optionally specify a file name after the option, if omitted DoxygenLayout.xml # will be used as the name of the layout file. # # Note that if you run doxygen from a directory containing a file called # DoxygenLayout.xml, doxygen will parse it automatically even if the LAYOUT_FILE # tag is left empty. LAYOUT_FILE = # The CITE_BIB_FILES tag can be used to specify one or more bib files containing # the reference definitions. This must be a list of .bib files. The .bib # extension is automatically appended if omitted. This requires the bibtex tool # to be installed. See also http://en.wikipedia.org/wiki/BibTeX for more info. # For LaTeX the style of the bibliography can be controlled using # LATEX_BIB_STYLE. To use this feature you need bibtex and perl available in the # search path. See also \cite for info how to create references. CITE_BIB_FILES = #--------------------------------------------------------------------------- # Configuration options related to warning and progress messages #--------------------------------------------------------------------------- # The QUIET tag can be used to turn on/off the messages that are generated to # standard output by doxygen. If QUIET is set to YES this implies that the # messages are off. # The default value is: NO. QUIET = NO # The WARNINGS tag can be used to turn on/off the warning messages that are # generated to standard error ( stderr) by doxygen. If WARNINGS is set to YES # this implies that the warnings are on. # # Tip: Turn warnings on while writing the documentation. # The default value is: YES. WARNINGS = YES # If the WARN_IF_UNDOCUMENTED tag is set to YES, then doxygen will generate # warnings for undocumented members. If EXTRACT_ALL is set to YES then this flag # will automatically be disabled. # The default value is: YES. WARN_IF_UNDOCUMENTED = YES # If the WARN_IF_DOC_ERROR tag is set to YES, doxygen will generate warnings for # potential errors in the documentation, such as not documenting some parameters # in a documented function, or documenting parameters that don't exist or using # markup commands wrongly. # The default value is: YES. WARN_IF_DOC_ERROR = YES # This WARN_NO_PARAMDOC option can be enabled to get warnings for functions that # are documented, but have no documentation for their parameters or return # value. If set to NO doxygen will only warn about wrong or incomplete parameter # documentation, but not about the absence of documentation. # The default value is: NO. WARN_NO_PARAMDOC = YES # The WARN_FORMAT tag determines the format of the warning messages that doxygen # can produce. The string should contain the $file, $line, and $text tags, which # will be replaced by the file and line number from which the warning originated # and the warning text. Optionally the format may contain $version, which will # be replaced by the version of the file (if it could be obtained via # FILE_VERSION_FILTER) # The default value is: $file:$line: $text. WARN_FORMAT = "$file:$line: $text" # The WARN_LOGFILE tag can be used to specify a file to which warning and error # messages should be written. If left blank the output is written to standard # error (stderr). WARN_LOGFILE = #--------------------------------------------------------------------------- # Configuration options related to the input files #--------------------------------------------------------------------------- # The INPUT tag is used to specify the files and/or directories that contain # documented source files. You may enter file names like myfile.cpp or # directories like /usr/src/myproject. Separate the files or directories with # spaces. # Note: If this tag is empty the current directory is searched. INPUT = @CMAKE_SOURCE_DIR@/src # This tag can be used to specify the character encoding of the source files # that doxygen parses. Internally doxygen uses the UTF-8 encoding. Doxygen uses # libiconv (or the iconv built into libc) for the transcoding. See the libiconv # documentation (see: http://www.gnu.org/software/libiconv) for the list of # possible encodings. # The default value is: UTF-8. INPUT_ENCODING = UTF-8 # If the value of the INPUT tag contains directories, you can use the # FILE_PATTERNS tag to specify one or more wildcard patterns (like *.cpp and # *.h) to filter out the source-files in the directories. If left blank the # following patterns are tested:*.c, *.cc, *.cxx, *.cpp, *.c++, *.java, *.ii, # *.ixx, *.ipp, *.i++, *.inl, *.idl, *.ddl, *.odl, *.h, *.hh, *.hxx, *.hpp, # *.h++, *.cs, *.d, *.php, *.php4, *.php5, *.phtml, *.inc, *.m, *.markdown, # *.md, *.mm, *.dox, *.py, *.f90, *.f, *.for, *.tcl, *.vhd, *.vhdl, *.ucf, # *.qsf, *.as and *.js. FILE_PATTERNS = # The RECURSIVE tag can be used to specify whether or not subdirectories should # be searched for input files as well. # The default value is: NO. RECURSIVE = NO # The EXCLUDE tag can be used to specify files and/or directories that should be # excluded from the INPUT source files. This way you can easily exclude a # subdirectory from a directory tree whose root is specified with the INPUT tag. # # Note that relative paths are relative to the directory from which doxygen is # run. EXCLUDE = # The EXCLUDE_SYMLINKS tag can be used to select whether or not files or # directories that are symbolic links (a Unix file system feature) are excluded # from the input. # The default value is: NO. EXCLUDE_SYMLINKS = NO # If the value of the INPUT tag contains directories, you can use the # EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude # certain files from those directories. # # Note that the wildcards are matched against the file with absolute path, so to # exclude all test directories for example use the pattern */test/* EXCLUDE_PATTERNS = # The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names # (namespaces, classes, functions, etc.) that should be excluded from the # output. The symbol name can be a fully qualified name, a word, or if the # wildcard * is used, a substring. Examples: ANamespace, AClass, # AClass::ANamespace, ANamespace::*Test # # Note that the wildcards are matched against the file with absolute path, so to # exclude all test directories use the pattern */test/* EXCLUDE_SYMBOLS = # The EXAMPLE_PATH tag can be used to specify one or more files or directories # that contain example code fragments that are included (see the \include # command). EXAMPLE_PATH = @CMAKE_SOURCE_DIR@ \ @CMAKE_SOURCE_DIR@/doc # If the value of the EXAMPLE_PATH tag contains directories, you can use the # EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp and # *.h) to filter out the source-files in the directories. If left blank all # files are included. EXAMPLE_PATTERNS = # If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be # searched for input files to be used with the \include or \dontinclude commands # irrespective of the value of the RECURSIVE tag. # The default value is: NO. EXAMPLE_RECURSIVE = NO # The IMAGE_PATH tag can be used to specify one or more files or directories # that contain images that are to be included in the documentation (see the # \image command). IMAGE_PATH = # The INPUT_FILTER tag can be used to specify a program that doxygen should # invoke to filter for each input file. Doxygen will invoke the filter program # by executing (via popen()) the command: # # # # where is the value of the INPUT_FILTER tag, and is the # name of an input file. Doxygen will then use the output that the filter # program writes to standard output. If FILTER_PATTERNS is specified, this tag # will be ignored. # # Note that the filter must not add or remove lines; it is applied before the # code is scanned, but not when the output code is generated. If lines are added # or removed, the anchors will not be placed correctly. INPUT_FILTER = # The FILTER_PATTERNS tag can be used to specify filters on a per file pattern # basis. Doxygen will compare the file name with each pattern and apply the # filter if there is a match. The filters are a list of the form: pattern=filter # (like *.cpp=my_cpp_filter). See INPUT_FILTER for further information on how # filters are used. If the FILTER_PATTERNS tag is empty or if none of the # patterns match the file name, INPUT_FILTER is applied. FILTER_PATTERNS = # If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using # INPUT_FILTER ) will also be used to filter the input files that are used for # producing the source files to browse (i.e. when SOURCE_BROWSER is set to YES). # The default value is: NO. FILTER_SOURCE_FILES = NO # The FILTER_SOURCE_PATTERNS tag can be used to specify source filters per file # pattern. A pattern will override the setting for FILTER_PATTERN (if any) and # it is also possible to disable source filtering for a specific pattern using # *.ext= (so without naming a filter). # This tag requires that the tag FILTER_SOURCE_FILES is set to YES. FILTER_SOURCE_PATTERNS = # If the USE_MDFILE_AS_MAINPAGE tag refers to the name of a markdown file that # is part of the input, its contents will be placed on the main page # (index.html). This can be useful if you have a project on for instance GitHub # and want to reuse the introduction page also for the doxygen output. USE_MDFILE_AS_MAINPAGE = #--------------------------------------------------------------------------- # Configuration options related to source browsing #--------------------------------------------------------------------------- # If the SOURCE_BROWSER tag is set to YES then a list of source files will be # generated. Documented entities will be cross-referenced with these sources. # # Note: To get rid of all source code in the generated output, make sure that # also VERBATIM_HEADERS is set to NO. # The default value is: NO. SOURCE_BROWSER = NO # Setting the INLINE_SOURCES tag to YES will include the body of functions, # classes and enums directly into the documentation. # The default value is: NO. INLINE_SOURCES = NO # Setting the STRIP_CODE_COMMENTS tag to YES will instruct doxygen to hide any # special comment blocks from generated source code fragments. Normal C, C++ and # Fortran comments will always remain visible. # The default value is: YES. STRIP_CODE_COMMENTS = YES # If the REFERENCED_BY_RELATION tag is set to YES then for each documented # function all documented functions referencing it will be listed. # The default value is: NO. REFERENCED_BY_RELATION = NO # If the REFERENCES_RELATION tag is set to YES then for each documented function # all documented entities called/used by that function will be listed. # The default value is: NO. REFERENCES_RELATION = NO # If the REFERENCES_LINK_SOURCE tag is set to YES and SOURCE_BROWSER tag is set # to YES, then the hyperlinks from functions in REFERENCES_RELATION and # REFERENCED_BY_RELATION lists will link to the source code. Otherwise they will # link to the documentation. # The default value is: YES. REFERENCES_LINK_SOURCE = YES # If SOURCE_TOOLTIPS is enabled (the default) then hovering a hyperlink in the # source code will show a tooltip with additional information such as prototype, # brief description and links to the definition and documentation. Since this # will make the HTML file larger and loading of large files a bit slower, you # can opt to disable this feature. # The default value is: YES. # This tag requires that the tag SOURCE_BROWSER is set to YES. SOURCE_TOOLTIPS = YES # If the USE_HTAGS tag is set to YES then the references to source code will # point to the HTML generated by the htags(1) tool instead of doxygen built-in # source browser. The htags tool is part of GNU's global source tagging system # (see http://www.gnu.org/software/global/global.html). You will need version # 4.8.6 or higher. # # To use it do the following: # - Install the latest version of global # - Enable SOURCE_BROWSER and USE_HTAGS in the config file # - Make sure the INPUT points to the root of the source tree # - Run doxygen as normal # # Doxygen will invoke htags (and that will in turn invoke gtags), so these # tools must be available from the command line (i.e. in the search path). # # The result: instead of the source browser generated by doxygen, the links to # source code will now point to the output of htags. # The default value is: NO. # This tag requires that the tag SOURCE_BROWSER is set to YES. USE_HTAGS = NO # If the VERBATIM_HEADERS tag is set the YES then doxygen will generate a # verbatim copy of the header file for each class for which an include is # specified. Set to NO to disable this. # See also: Section \class. # The default value is: YES. VERBATIM_HEADERS = YES # If the CLANG_ASSISTED_PARSING tag is set to YES, then doxygen will use the # clang parser (see: http://clang.llvm.org/) for more accurate parsing at the # cost of reduced performance. This can be particularly helpful with template # rich C++ code for which doxygen's built-in parser lacks the necessary type # information. # Note: The availability of this option depends on whether or not doxygen was # compiled with the --with-libclang option. # The default value is: NO. CLANG_ASSISTED_PARSING = NO # If clang assisted parsing is enabled you can provide the compiler with command # line options that you would normally use when invoking the compiler. Note that # the include paths will already be set by doxygen for the files and directories # specified with INPUT and INCLUDE_PATH. # This tag requires that the tag CLANG_ASSISTED_PARSING is set to YES. CLANG_OPTIONS = #--------------------------------------------------------------------------- # Configuration options related to the alphabetical class index #--------------------------------------------------------------------------- # If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index of all # compounds will be generated. Enable this if the project contains a lot of # classes, structs, unions or interfaces. # The default value is: YES. ALPHABETICAL_INDEX = YES # The COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns in # which the alphabetical index list will be split. # Minimum value: 1, maximum value: 20, default value: 5. # This tag requires that the tag ALPHABETICAL_INDEX is set to YES. COLS_IN_ALPHA_INDEX = 5 # In case all classes in a project start with a common prefix, all classes will # be put under the same header in the alphabetical index. The IGNORE_PREFIX tag # can be used to specify a prefix (or a list of prefixes) that should be ignored # while generating the index headers. # This tag requires that the tag ALPHABETICAL_INDEX is set to YES. IGNORE_PREFIX = #--------------------------------------------------------------------------- # Configuration options related to the HTML output #--------------------------------------------------------------------------- # If the GENERATE_HTML tag is set to YES doxygen will generate HTML output # The default value is: YES. GENERATE_HTML = YES # The HTML_OUTPUT tag is used to specify where the HTML docs will be put. If a # relative path is entered the value of OUTPUT_DIRECTORY will be put in front of # it. # The default directory is: html. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_OUTPUT = html # The HTML_FILE_EXTENSION tag can be used to specify the file extension for each # generated HTML page (for example: .htm, .php, .asp). # The default value is: .html. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_FILE_EXTENSION = .html # The HTML_HEADER tag can be used to specify a user-defined HTML header file for # each generated HTML page. If the tag is left blank doxygen will generate a # standard header. # # To get valid HTML the header file that includes any scripts and style sheets # that doxygen needs, which is dependent on the configuration options used (e.g. # the setting GENERATE_TREEVIEW). It is highly recommended to start with a # default header using # doxygen -w html new_header.html new_footer.html new_stylesheet.css # YourConfigFile # and then modify the file new_header.html. See also section "Doxygen usage" # for information on how to generate the default header that doxygen normally # uses. # Note: The header is subject to change so you typically have to regenerate the # default header when upgrading to a newer version of doxygen. For a description # of the possible markers and block names see the documentation. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_HEADER = # The HTML_FOOTER tag can be used to specify a user-defined HTML footer for each # generated HTML page. If the tag is left blank doxygen will generate a standard # footer. See HTML_HEADER for more information on how to generate a default # footer and what special commands can be used inside the footer. See also # section "Doxygen usage" for information on how to generate the default footer # that doxygen normally uses. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_FOOTER = # The HTML_STYLESHEET tag can be used to specify a user-defined cascading style # sheet that is used by each HTML page. It can be used to fine-tune the look of # the HTML output. If left blank doxygen will generate a default style sheet. # See also section "Doxygen usage" for information on how to generate the style # sheet that doxygen normally uses. # Note: It is recommended to use HTML_EXTRA_STYLESHEET instead of this tag, as # it is more robust and this tag (HTML_STYLESHEET) will in the future become # obsolete. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_STYLESHEET = # The HTML_EXTRA_STYLESHEET tag can be used to specify additional user-defined # cascading style sheets that are included after the standard style sheets # created by doxygen. Using this option one can overrule certain style aspects. # This is preferred over using HTML_STYLESHEET since it does not replace the # standard style sheet and is therefor more robust against future updates. # Doxygen will copy the style sheet files to the output directory. # Note: The order of the extra stylesheet files is of importance (e.g. the last # stylesheet in the list overrules the setting of the previous ones in the # list). For an example see the documentation. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_EXTRA_STYLESHEET = # The HTML_EXTRA_FILES tag can be used to specify one or more extra images or # other source files which should be copied to the HTML output directory. Note # that these files will be copied to the base HTML output directory. Use the # $relpath^ marker in the HTML_HEADER and/or HTML_FOOTER files to load these # files. In the HTML_STYLESHEET file, use the file name only. Also note that the # files will be copied as-is; there are no commands or markers available. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_EXTRA_FILES = # The HTML_COLORSTYLE_HUE tag controls the color of the HTML output. Doxygen # will adjust the colors in the stylesheet and background images according to # this color. Hue is specified as an angle on a colorwheel, see # http://en.wikipedia.org/wiki/Hue for more information. For instance the value # 0 represents red, 60 is yellow, 120 is green, 180 is cyan, 240 is blue, 300 # purple, and 360 is red again. # Minimum value: 0, maximum value: 359, default value: 220. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_COLORSTYLE_HUE = 220 # The HTML_COLORSTYLE_SAT tag controls the purity (or saturation) of the colors # in the HTML output. For a value of 0 the output will use grayscales only. A # value of 255 will produce the most vivid colors. # Minimum value: 0, maximum value: 255, default value: 100. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_COLORSTYLE_SAT = 100 # The HTML_COLORSTYLE_GAMMA tag controls the gamma correction applied to the # luminance component of the colors in the HTML output. Values below 100 # gradually make the output lighter, whereas values above 100 make the output # darker. The value divided by 100 is the actual gamma applied, so 80 represents # a gamma of 0.8, The value 220 represents a gamma of 2.2, and 100 does not # change the gamma. # Minimum value: 40, maximum value: 240, default value: 80. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_COLORSTYLE_GAMMA = 80 # If the HTML_TIMESTAMP tag is set to YES then the footer of each generated HTML # page will contain the date and time when the page was generated. Setting this # to NO can help when comparing the output of multiple runs. # The default value is: YES. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_TIMESTAMP = YES # If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML # documentation will contain sections that can be hidden and shown after the # page has loaded. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_DYNAMIC_SECTIONS = NO # With HTML_INDEX_NUM_ENTRIES one can control the preferred number of entries # shown in the various tree structured indices initially; the user can expand # and collapse entries dynamically later on. Doxygen will expand the tree to # such a level that at most the specified number of entries are visible (unless # a fully collapsed tree already exceeds this amount). So setting the number of # entries 1 will produce a full collapsed tree by default. 0 is a special value # representing an infinite number of entries and will result in a full expanded # tree by default. # Minimum value: 0, maximum value: 9999, default value: 100. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_INDEX_NUM_ENTRIES = 100 # If the GENERATE_DOCSET tag is set to YES, additional index files will be # generated that can be used as input for Apple's Xcode 3 integrated development # environment (see: http://developer.apple.com/tools/xcode/), introduced with # OSX 10.5 (Leopard). To create a documentation set, doxygen will generate a # Makefile in the HTML output directory. Running make will produce the docset in # that directory and running make install will install the docset in # ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find it at # startup. See http://developer.apple.com/tools/creatingdocsetswithdoxygen.html # for more information. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. GENERATE_DOCSET = NO # This tag determines the name of the docset feed. A documentation feed provides # an umbrella under which multiple documentation sets from a single provider # (such as a company or product suite) can be grouped. # The default value is: Doxygen generated docs. # This tag requires that the tag GENERATE_DOCSET is set to YES. DOCSET_FEEDNAME = "Doxygen generated docs" # This tag specifies a string that should uniquely identify the documentation # set bundle. This should be a reverse domain-name style string, e.g. # com.mycompany.MyDocSet. Doxygen will append .docset to the name. # The default value is: org.doxygen.Project. # This tag requires that the tag GENERATE_DOCSET is set to YES. DOCSET_BUNDLE_ID = org.doxygen.Project # The DOCSET_PUBLISHER_ID tag specifies a string that should uniquely identify # the documentation publisher. This should be a reverse domain-name style # string, e.g. com.mycompany.MyDocSet.documentation. # The default value is: org.doxygen.Publisher. # This tag requires that the tag GENERATE_DOCSET is set to YES. DOCSET_PUBLISHER_ID = org.doxygen.Publisher # The DOCSET_PUBLISHER_NAME tag identifies the documentation publisher. # The default value is: Publisher. # This tag requires that the tag GENERATE_DOCSET is set to YES. DOCSET_PUBLISHER_NAME = Publisher # If the GENERATE_HTMLHELP tag is set to YES then doxygen generates three # additional HTML index files: index.hhp, index.hhc, and index.hhk. The # index.hhp is a project file that can be read by Microsoft's HTML Help Workshop # (see: http://www.microsoft.com/en-us/download/details.aspx?id=21138) on # Windows. # # The HTML Help Workshop contains a compiler that can convert all HTML output # generated by doxygen into a single compiled HTML file (.chm). Compiled HTML # files are now used as the Windows 98 help format, and will replace the old # Windows help format (.hlp) on all Windows platforms in the future. Compressed # HTML files also contain an index, a table of contents, and you can search for # words in the documentation. The HTML workshop also contains a viewer for # compressed HTML files. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. GENERATE_HTMLHELP = NO # The CHM_FILE tag can be used to specify the file name of the resulting .chm # file. You can add a path in front of the file if the result should not be # written to the html output directory. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. CHM_FILE = # The HHC_LOCATION tag can be used to specify the location (absolute path # including file name) of the HTML help compiler ( hhc.exe). If non-empty # doxygen will try to run the HTML help compiler on the generated index.hhp. # The file has to be specified with full path. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. HHC_LOCATION = # The GENERATE_CHI flag controls if a separate .chi index file is generated ( # YES) or that it should be included in the master .chm file ( NO). # The default value is: NO. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. GENERATE_CHI = NO # The CHM_INDEX_ENCODING is used to encode HtmlHelp index ( hhk), content ( hhc) # and project file content. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. CHM_INDEX_ENCODING = # The BINARY_TOC flag controls whether a binary table of contents is generated ( # YES) or a normal table of contents ( NO) in the .chm file. Furthermore it # enables the Previous and Next buttons. # The default value is: NO. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. BINARY_TOC = NO # The TOC_EXPAND flag can be set to YES to add extra items for group members to # the table of contents of the HTML help documentation and to the tree view. # The default value is: NO. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. TOC_EXPAND = NO # If the GENERATE_QHP tag is set to YES and both QHP_NAMESPACE and # QHP_VIRTUAL_FOLDER are set, an additional index file will be generated that # can be used as input for Qt's qhelpgenerator to generate a Qt Compressed Help # (.qch) of the generated HTML documentation. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. GENERATE_QHP = NO # If the QHG_LOCATION tag is specified, the QCH_FILE tag can be used to specify # the file name of the resulting .qch file. The path specified is relative to # the HTML output folder. # This tag requires that the tag GENERATE_QHP is set to YES. QCH_FILE = # The QHP_NAMESPACE tag specifies the namespace to use when generating Qt Help # Project output. For more information please see Qt Help Project / Namespace # (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#namespace). # The default value is: org.doxygen.Project. # This tag requires that the tag GENERATE_QHP is set to YES. QHP_NAMESPACE = org.doxygen.Project # The QHP_VIRTUAL_FOLDER tag specifies the namespace to use when generating Qt # Help Project output. For more information please see Qt Help Project / Virtual # Folders (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#virtual- # folders). # The default value is: doc. # This tag requires that the tag GENERATE_QHP is set to YES. QHP_VIRTUAL_FOLDER = doc # If the QHP_CUST_FILTER_NAME tag is set, it specifies the name of a custom # filter to add. For more information please see Qt Help Project / Custom # Filters (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#custom- # filters). # This tag requires that the tag GENERATE_QHP is set to YES. QHP_CUST_FILTER_NAME = # The QHP_CUST_FILTER_ATTRS tag specifies the list of the attributes of the # custom filter to add. For more information please see Qt Help Project / Custom # Filters (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#custom- # filters). # This tag requires that the tag GENERATE_QHP is set to YES. QHP_CUST_FILTER_ATTRS = # The QHP_SECT_FILTER_ATTRS tag specifies the list of the attributes this # project's filter section matches. Qt Help Project / Filter Attributes (see: # http://qt-project.org/doc/qt-4.8/qthelpproject.html#filter-attributes). # This tag requires that the tag GENERATE_QHP is set to YES. QHP_SECT_FILTER_ATTRS = # The QHG_LOCATION tag can be used to specify the location of Qt's # qhelpgenerator. If non-empty doxygen will try to run qhelpgenerator on the # generated .qhp file. # This tag requires that the tag GENERATE_QHP is set to YES. QHG_LOCATION = # If the GENERATE_ECLIPSEHELP tag is set to YES, additional index files will be # generated, together with the HTML files, they form an Eclipse help plugin. To # install this plugin and make it available under the help contents menu in # Eclipse, the contents of the directory containing the HTML and XML files needs # to be copied into the plugins directory of eclipse. The name of the directory # within the plugins directory should be the same as the ECLIPSE_DOC_ID value. # After copying Eclipse needs to be restarted before the help appears. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. GENERATE_ECLIPSEHELP = NO # A unique identifier for the Eclipse help plugin. When installing the plugin # the directory name containing the HTML and XML files should also have this # name. Each documentation set should have its own identifier. # The default value is: org.doxygen.Project. # This tag requires that the tag GENERATE_ECLIPSEHELP is set to YES. ECLIPSE_DOC_ID = org.doxygen.Project # If you want full control over the layout of the generated HTML pages it might # be necessary to disable the index and replace it with your own. The # DISABLE_INDEX tag can be used to turn on/off the condensed index (tabs) at top # of each HTML page. A value of NO enables the index and the value YES disables # it. Since the tabs in the index contain the same information as the navigation # tree, you can set this option to YES if you also set GENERATE_TREEVIEW to YES. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. DISABLE_INDEX = NO # The GENERATE_TREEVIEW tag is used to specify whether a tree-like index # structure should be generated to display hierarchical information. If the tag # value is set to YES, a side panel will be generated containing a tree-like # index structure (just like the one that is generated for HTML Help). For this # to work a browser that supports JavaScript, DHTML, CSS and frames is required # (i.e. any modern browser). Windows users are probably better off using the # HTML help feature. Via custom stylesheets (see HTML_EXTRA_STYLESHEET) one can # further fine-tune the look of the index. As an example, the default style # sheet generated by doxygen has an example that shows how to put an image at # the root of the tree instead of the PROJECT_NAME. Since the tree basically has # the same information as the tab index, you could consider setting # DISABLE_INDEX to YES when enabling this option. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. GENERATE_TREEVIEW = NO # The ENUM_VALUES_PER_LINE tag can be used to set the number of enum values that # doxygen will group on one line in the generated HTML documentation. # # Note that a value of 0 will completely suppress the enum values from appearing # in the overview section. # Minimum value: 0, maximum value: 20, default value: 4. # This tag requires that the tag GENERATE_HTML is set to YES. ENUM_VALUES_PER_LINE = 4 # If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be used # to set the initial width (in pixels) of the frame in which the tree is shown. # Minimum value: 0, maximum value: 1500, default value: 250. # This tag requires that the tag GENERATE_HTML is set to YES. TREEVIEW_WIDTH = 250 # When the EXT_LINKS_IN_WINDOW option is set to YES doxygen will open links to # external symbols imported via tag files in a separate window. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. EXT_LINKS_IN_WINDOW = NO # Use this tag to change the font size of LaTeX formulas included as images in # the HTML documentation. When you change the font size after a successful # doxygen run you need to manually remove any form_*.png images from the HTML # output directory to force them to be regenerated. # Minimum value: 8, maximum value: 50, default value: 10. # This tag requires that the tag GENERATE_HTML is set to YES. FORMULA_FONTSIZE = 10 # Use the FORMULA_TRANPARENT tag to determine whether or not the images # generated for formulas are transparent PNGs. Transparent PNGs are not # supported properly for IE 6.0, but are supported on all modern browsers. # # Note that when changing this option you need to delete any form_*.png files in # the HTML output directory before the changes have effect. # The default value is: YES. # This tag requires that the tag GENERATE_HTML is set to YES. FORMULA_TRANSPARENT = YES # Enable the USE_MATHJAX option to render LaTeX formulas using MathJax (see # http://www.mathjax.org) which uses client side Javascript for the rendering # instead of using prerendered bitmaps. Use this if you do not have LaTeX # installed or if you want to formulas look prettier in the HTML output. When # enabled you may also need to install MathJax separately and configure the path # to it using the MATHJAX_RELPATH option. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. USE_MATHJAX = NO # When MathJax is enabled you can set the default output format to be used for # the MathJax output. See the MathJax site (see: # http://docs.mathjax.org/en/latest/output.html) for more details. # Possible values are: HTML-CSS (which is slower, but has the best # compatibility), NativeMML (i.e. MathML) and SVG. # The default value is: HTML-CSS. # This tag requires that the tag USE_MATHJAX is set to YES. MATHJAX_FORMAT = HTML-CSS # When MathJax is enabled you need to specify the location relative to the HTML # output directory using the MATHJAX_RELPATH option. The destination directory # should contain the MathJax.js script. For instance, if the mathjax directory # is located at the same level as the HTML output directory, then # MATHJAX_RELPATH should be ../mathjax. The default value points to the MathJax # Content Delivery Network so you can quickly see the result without installing # MathJax. However, it is strongly recommended to install a local copy of # MathJax from http://www.mathjax.org before deployment. # The default value is: http://cdn.mathjax.org/mathjax/latest. # This tag requires that the tag USE_MATHJAX is set to YES. MATHJAX_RELPATH = http://cdn.mathjax.org/mathjax/latest # The MATHJAX_EXTENSIONS tag can be used to specify one or more MathJax # extension names that should be enabled during MathJax rendering. For example # MATHJAX_EXTENSIONS = TeX/AMSmath TeX/AMSsymbols # This tag requires that the tag USE_MATHJAX is set to YES. MATHJAX_EXTENSIONS = # The MATHJAX_CODEFILE tag can be used to specify a file with javascript pieces # of code that will be used on startup of the MathJax code. See the MathJax site # (see: http://docs.mathjax.org/en/latest/output.html) for more details. For an # example see the documentation. # This tag requires that the tag USE_MATHJAX is set to YES. MATHJAX_CODEFILE = # When the SEARCHENGINE tag is enabled doxygen will generate a search box for # the HTML output. The underlying search engine uses javascript and DHTML and # should work on any modern browser. Note that when using HTML help # (GENERATE_HTMLHELP), Qt help (GENERATE_QHP), or docsets (GENERATE_DOCSET) # there is already a search function so this one should typically be disabled. # For large projects the javascript based search engine can be slow, then # enabling SERVER_BASED_SEARCH may provide a better solution. It is possible to # search using the keyboard; to jump to the search box use + S # (what the is depends on the OS and browser, but it is typically # , /