Hello community, here is the log from the commit of package openvas-scanner for openSUSE:Factory checked in at Mon May 2 09:19:54 CEST 2011.
-------- --- openvas-scanner/openvas-scanner.changes 2011-02-23 19:52:26.000000000 +0100 +++ /mounts/work_src_done/STABLE/openvas-scanner/openvas-scanner.changes 2011-04-11 20:07:18.000000000 +0200 @@ -1,0 +2,13 @@ +Mon Apr 11 17:25:46 UTC 2011 - [email protected] + +- Updated to 3.2.3 + * Fixed: Three potential resource leaks. + * Fixed: Generation of code documentation. + * Updated: Feed synchronization scripts. + * Changed: The openvas-nvt-sync script will now perform the initial feed + synchronization via HTTP instead of rsync. + * Changed: The openvas-nvt-sync script will now default to synchronize into the + NVT directory used by the OpenVAS Scanner instead of the one defined at + compile time. + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- openvas-scanner-3.2.2.tar.gz New: ---- openvas-scanner-3.2.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openvas-scanner.spec ++++++ --- /var/tmp/diff_new_pack.l38kE7/_old 2011-05-02 09:19:22.000000000 +0200 +++ /var/tmp/diff_new_pack.l38kE7/_new 2011-05-02 09:19:22.000000000 +0200 @@ -19,7 +19,7 @@ Name: openvas-scanner -Version: 3.2.2 +Version: 3.2.3 Release: 1 License: GPLv2 Group: Productivity/Networking/Security ++++++ debian.changelog ++++++ --- /var/tmp/diff_new_pack.l38kE7/_old 2011-05-02 09:19:22.000000000 +0200 +++ /var/tmp/diff_new_pack.l38kE7/_new 2011-05-02 09:19:22.000000000 +0200 @@ -1,3 +1,17 @@ +openvas-scanner (3.2.3-1) UNRELEASED; urgency=low + + * New upstream release + - Fixed: Three potential resource leaks. + - Fixed: Generation of code documentation. + - Updated: Feed synchronization scripts. + - Changed: The openvas-nvt-sync script will now perform the initial feed + synchronization via HTTP instead of rsync. + - Changed: The openvas-nvt-sync script will now default to synchronize into the + NVT directory used by the OpenVAS Scanner instead of the one defined at + compile time. + + -- Stephan Kleine <[email protected]> Mon, 11 Apr 2011 19:26:36 +0200 + openvas-scanner (3.2.2-1) UNRELEASED; urgency=low * New upstream release ++++++ openvas-scanner-3.2.2.tar.gz -> openvas-scanner-3.2.3.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvas-scanner-3.2.2/CHANGES new/openvas-scanner-3.2.3/CHANGES --- old/openvas-scanner-3.2.2/CHANGES 2011-02-21 10:40:34.000000000 +0100 +++ new/openvas-scanner-3.2.3/CHANGES 2011-04-11 09:29:40.000000000 +0200 @@ -1,3 +1,26 @@ +openvas-scanner 3.2.3 (2011-04-11) + +This is the third maintenance release of the openvas-scanner 3.2 module for the +Open Vulnerability Assessment System release 4 (OpenVAS-4). + +This release features a number of minor improvements to the build process and to +the synchronization scripts. It also close three potential resource leaks +discovered by Henri Doreau. + +Many thanks to everyone who has contributed to this release: +Henri Doreau and Michael Wiegand. + +Main changes compared to 3.2.2: +* Fixed: Three potential resource leaks. +* Fixed: Generation of code documentation. +* Updated: Feed synchronization scripts. +* Changed: The openvas-nvt-sync script will now perform the initial feed + synchronization via HTTP instead of rsync. +* Changed: The openvas-nvt-sync script will now default to synchronize into the + NVT directory used by the OpenVAS Scanner instead of the one defined at + compile time. + + openvas-scanner 3.2.2 (2011-02-21) This is the second maintenance release of the openvas-scanner 3.2 module for the diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvas-scanner-3.2.2/CMakeLists.txt new/openvas-scanner-3.2.3/CMakeLists.txt --- old/openvas-scanner-3.2.2/CMakeLists.txt 2011-02-21 10:40:34.000000000 +0100 +++ new/openvas-scanner-3.2.3/CMakeLists.txt 2011-04-11 09:29:40.000000000 +0200 @@ -79,7 +79,7 @@ set (CPACK_TOPLEVEL_TAG "") set (CPACK_PACKAGE_VERSION_MAJOR "3") set (CPACK_PACKAGE_VERSION_MINOR "2") -set (CPACK_PACKAGE_VERSION_PATCH "2${SVN_REVISION}") +set (CPACK_PACKAGE_VERSION_PATCH "3${SVN_REVISION}") set (CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}") set (CPACK_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") set (CPACK_SOURCE_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") @@ -270,6 +270,9 @@ install (DIRECTORY DESTINATION ${OPENVAS_NVT_DIR}) install (DIRECTORY DESTINATION ${OPENVAS_CACHE_DIR}) +install (DIRECTORY + DESTINATION ${OPENVAS_SYSCONF_DIR}/gnupg + DIRECTORY_PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE) ## Tests diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvas-scanner-3.2.2/ChangeLog new/openvas-scanner-3.2.3/ChangeLog --- old/openvas-scanner-3.2.2/ChangeLog 2011-02-21 10:40:34.000000000 +0100 +++ new/openvas-scanner-3.2.3/ChangeLog 2011-04-11 09:29:40.000000000 +0200 @@ -1,3 +1,102 @@ +2011-04-11 Michael Wiegand <[email protected]> + + Preparing the openvas-scanner 3.2.3 release. + + * CHANGES: Updated. + +2011-04-08 Michael Wiegand <[email protected]> + + * tools/openvas-nvt-sync.in: Use feed.openvas.org instead of + rsync.openvas.org in the feed URL. + +2011-04-08 Michael Wiegand <[email protected]> + + * tools/openvas-nvt-sync.in: Ensure openvas-nvt-sync syncs into the + NVT directory configured in the scanner by default. Remove obsolete + comment. + +2011-03-31 Michael Wiegand <[email protected]> + + * tools/openvas-nvt-sync.in: Do not use rsync as the default when no + feed is present, i.e. we are doing the initial sync. Use http (wget or + curl) instead. + +2011-03-29 Michael Wiegand <[email protected]> + + * tools/greenbone-nvt-sync: Enable BatchMode in ssh during rsync. + +2011-03-28 Michael Wiegand <[email protected]> + + * tools/greenbone-nvt-sync: Add support for specifying an arbitrary + port for synchronization. + +2011-03-28 Michael Wiegand <[email protected]> + + * tools/greenbone-nvt-sync: Add support for reading configuration from + $sysconfdir/openvas/greenbone-nvt-sync.conf. + +2011-03-28 Michael Wiegand <[email protected]> + + * tools/greenbone-nvt-sync: Add support for reading feed information + from the plugin_feed_info.inc. Rename FEED_PROVIDER to FEED_VENDOR for + consistency. + +2011-03-28 Michael Wiegand <[email protected]> + + * tools/openvas-nvt-sync.in: Make indentation consistent, flush + trailing spaces. + +2011-03-25 Michael Wiegand <[email protected]> + + * tools/openvas-nvt-sync.in: Add support for reading feed information + from the plugin_feed_info.inc. Rename FEED_PROVIDER to FEED_VENDOR + for consistency. + +2011-03-16 Henri Doreau <[email protected]> + + * src/locks.c (file_lock): fixed coding style mismatch from previous + commit. + +2011-03-16 Henri Doreau <[email protected]> + + * src/locks.c (file_lock, file_locked): Close file descriptors before + return. + + * src/save_kb.c (save_kb_load_kb): Close stream before return. + +2011-03-10 Michael Wiegand <[email protected]> + + * tools/greenbone-nvt-sync: Fix conditionals so that they are + evaluated as intended. + +2011-03-07 Michael Wiegand <[email protected]> + + * tools/openvas-nvt-sync.in: Removed last bashism from + openvas-nvt-sync a second time: Drop SIG prefix when referring to + signal as it is a bashism as well. + +2011-03-04 Michael Wiegand <[email protected]> + + * CMakeLists.txt: Ensure that a "gnupg" directory is created in the + OpenVAS configuration directory with the correct permissions as a + preparation for signature verifications. + +2011-03-02 Michael Wiegand <[email protected]> + + Enable the generation of code documentation. Spotted by Michael Meyer. + + * doc/CMakeLists.txt: New. Add to enable the generation of code + documentation. + + * doc/Doxyfile.in, doc/Doxyfile_full.in: Fix value of INPUT to match + the current paths. + +2011-02-21 Michael Wiegand <[email protected]> + + Post release version bump. + + * CMakeLists.txt: Set to version to 3.2.3. + 2011-02-21 Michael Wiegand <[email protected]> Preparing the openvas-scanner 3.2.2 release. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvas-scanner-3.2.2/doc/CMakeLists.txt new/openvas-scanner-3.2.3/doc/CMakeLists.txt --- old/openvas-scanner-3.2.2/doc/CMakeLists.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/openvas-scanner-3.2.3/doc/CMakeLists.txt 2011-04-11 09:29:40.000000000 +0200 @@ -0,0 +1,62 @@ +# OpenVAS +# $Id$ +# Description: CMakefile for the OpenVAS Scanner documentation +# +# Authors: +# Matthew Mundell <[email protected]> +# Michael Wiegand <[email protected]> +# +# Copyright: +# Copyright (C) 2011 Greenbone Networks GmbH +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Library General Public +# License as published by the Free Software Foundation; either +# version 2 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Library General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + +## build + +set_directory_properties (PROPERTIES CLEAN_NO_CUSTOM true) +set_directory_properties (PROPERTIES ADDITIONAL_MAKE_CLEAN_FILES ".built-html;.built-html_full") + +include (FindDoxygen) + +if (NOT DOXYGEN_EXECUTABLE) + message (STATUS "WARNING: Doxygen is required to build the HTML docs.") +else (NOT DOXYGEN_EXECUTABLE) + set (DOC_FILES + ../src/attack.c ../src/auth.c ../src/comm.c ../src/hosts.c + ../src/locks.c ../src/log.c ../src/nasl_plugins.c ../src/ntp_11.c + ../src/openvassd.c ../src/otp_1_0.c ../src/oval_plugins.c ../src/parser.c + ../src/piic.c ../src/pluginlaunch.c ../src/pluginload.c + ../src/pluginscheduler.c ../src/plugs_hash.c ../src/plugs_req.c + ../src/preferences.c ../src/processes.c ../src/rules.c ../src/save_kb.c + ../src/shared_socket.c ../src/sighand.c ../src/users.c ../src/utils.c + ../README ../INSTALL) + + add_custom_target (doc COMMENT "Building documentation..." + DEPENDS Doxyfile .built-html) + + add_custom_target (doc-full COMMENT "Building documentation..." + DEPENDS Doxyfile_full .built-html_full) +endif (NOT DOXYGEN_EXECUTABLE) + +add_custom_command (OUTPUT .built-html + COMMAND sh + ARGS -c \"cd .. && ${DOXYGEN_EXECUTABLE} doc/Doxyfile && touch doc/.built-html\;\" + DEPENDS Doxyfile ${DOC_FILES}) + +add_custom_command (OUTPUT .built-html_full + COMMAND sh + ARGS -c \"cd .. && ${DOXYGEN_EXECUTABLE} doc/Doxyfile_full && touch doc/.built-html_full\;\" + DEPENDS Doxyfile_full ${DOC_FILES}) + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvas-scanner-3.2.2/doc/Doxyfile.in new/openvas-scanner-3.2.3/doc/Doxyfile.in --- old/openvas-scanner-3.2.2/doc/Doxyfile.in 2011-02-21 10:40:34.000000000 +0100 +++ new/openvas-scanner-3.2.3/doc/Doxyfile.in 2011-04-11 09:29:40.000000000 +0200 @@ -459,7 +459,7 @@ # directories like "/usr/src/myproject". Separate the files or directories # with spaces. -INPUT = openvassd include +INPUT = src # If the value of the INPUT tag contains directories, you can use the # FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvas-scanner-3.2.2/doc/Doxyfile_full.in new/openvas-scanner-3.2.3/doc/Doxyfile_full.in --- old/openvas-scanner-3.2.2/doc/Doxyfile_full.in 2011-02-21 10:40:34.000000000 +0100 +++ new/openvas-scanner-3.2.3/doc/Doxyfile_full.in 2011-04-11 09:29:40.000000000 +0200 @@ -459,7 +459,7 @@ # directories like "/usr/src/myproject". Separate the files or directories # with spaces. -INPUT = openvassd include +INPUT = src # If the value of the INPUT tag contains directories, you can use the # FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvas-scanner-3.2.2/src/locks.c new/openvas-scanner-3.2.3/src/locks.c --- old/openvas-scanner-3.2.2/src/locks.c 2011-02-21 10:40:34.000000000 +0100 +++ new/openvas-scanner-3.2.3/src/locks.c 2011-04-11 09:29:40.000000000 +0200 @@ -1,5 +1,5 @@ /* OpenVAS -* $Id: locks.c 9864 2011-01-03 19:48:27Z jan $ +* $Id: locks.c 10561 2011-03-16 09:58:33Z hdoreau $ * Description: Deals with file locking. * * Authors: - Renaud Deraison <[email protected]> (Original pre-fork develoment) @@ -77,7 +77,10 @@ bzero (buf, sizeof (buf)); snprintf (buf, sizeof (buf), "%d", getpid ()); if (write (fd, buf, strlen (buf)) < 0) - return -1; + { + close (fd); + return -1; + } close (fd); return 0; } @@ -120,6 +123,7 @@ log_write ("Could not determine if the file %s is locked: Failed to read %s\n", name, lock); efree (&lock); + close (fd); return 0; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvas-scanner-3.2.2/src/save_kb.c new/openvas-scanner-3.2.3/src/save_kb.c --- old/openvas-scanner-3.2.2/src/save_kb.c 2011-02-21 10:40:34.000000000 +0100 +++ new/openvas-scanner-3.2.3/src/save_kb.c 2011-04-11 09:29:40.000000000 +0200 @@ -1,5 +1,5 @@ /* OpenVAS -* $Id: save_kb.c 9983 2011-01-17 17:46:44Z jan $ +* $Id: save_kb.c 10560 2011-03-16 08:56:04Z hdoreau $ * Description: Saves the currently used knowledge base. * * Authors: - Renaud Deraison <[email protected]> (Original pre-fork develoment) @@ -647,6 +647,7 @@ log_write ("user %s : Could not read %s - kb won't be restored for %s\n", (char *) arg_get_value (globals, "user"), fname, hostname); efree (&fname); + fclose (f); return NULL; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvas-scanner-3.2.2/tools/greenbone-nvt-sync new/openvas-scanner-3.2.3/tools/greenbone-nvt-sync --- old/openvas-scanner-3.2.2/tools/greenbone-nvt-sync 2011-02-21 10:40:34.000000000 +0100 +++ new/openvas-scanner-3.2.3/tools/greenbone-nvt-sync 2011-04-11 09:29:40.000000000 +0200 @@ -49,9 +49,6 @@ # Script and feed information which will be made available to user through # command line options and automated tools. SCRIPT_NAME="greenbone-nvt-sync" -FEED_NAME="Greenbone Security Feed" -FEED_PROVIDER="Greenbone Networks GmbH" -FEED_HOME="http://www.greenbone.net/solutions/gbn_feed.html"; RESTRICTED=1 # Result of selftest () is stored here. If it is not 0, the selftest has failed @@ -61,13 +58,16 @@ # Verbosity flag for rsync. "-q" means a quiet rsync, "-v" a verbose rsync. RSYNC_VERBOSE="-q" +# Port to use for synchronization. Default value is 24. +PORT=24 + if [ ! -w $LOGDIR ] then NOLOG=1 fi log_write(){ - if [ -n $NOLOG ] + if [ -n "$NOLOG" ] then echo "LOG: [`date -R`] $1" > /dev/stderr else @@ -107,6 +107,8 @@ sysconfdir=`$SCANNER_BINARY --sysconfdir` + [ -r $sysconfdir/openvas/greenbone-nvt-sync.conf ] && . $sysconfdir/openvas/greenbone-nvt-sync.conf + if [ -z $NVT_DIR ] then NVT_DIR=`$SCANNER_BINARY -s | grep plugins_folder | sed 's/plugins\_folder\ *=\ *//'` @@ -127,16 +129,36 @@ exit 1 fi fi + + INFOFILE="$NVT_DIR/plugin_feed_info.inc" + if [ -r $INFOFILE ] ; then + FEED_VERSION=`grep PLUGIN_SET $INFOFILE | sed -e 's/[^0-9]//g'` + FEED_NAME=`awk -F\" '/PLUGIN_FEED/ { print $2 }' $INFOFILE` + FEED_VENDOR=`awk -F\" '/FEED_VENDOR/ { print $2 }' $INFOFILE` + FEED_HOME=`awk -F\" '/FEED_HOME/ { print $2 }' $INFOFILE` + FEED_PRESENT=1 + else + FEED_PRESENT=0 + fi + + if [ -z "$FEED_NAME" ] ; then + FEED_NAME="Greenbone Security Feed" + fi + + if [ -z "$FEED_VENDOR" ] ; then + FEED_VENDOR="Greenbone Networks GmbH" + fi + + if [ -z "$FEED_HOME" ] ; then + FEED_HOME="http://www.greenbone.net/solutions/gbn_feed.html"; + fi } sync_nvts(){ log_write "Synchronizing NVTs from the Greenbone Security Feed into $NVT_DIR..." - VERSIONFILE="$NVT_DIR/plugin_feed_info.inc" - if [ -r $VERSIONFILE ] ; then - FEEDVERSION=`grep PLUGIN_SET $VERSIONFILE | sed -e 's/[^0-9]//g'` - FEEDNAME=`grep PLUGIN_FEED $VERSIONFILE | awk -F\" '{print $(NF-1)}'` + if [ $FEED_PRESENT -eq 1 ] ; then FEEDCOUNT=`grep -E "nasl$|inc$" $NVT_DIR/md5sums | wc -l` - log_write "Current status: Using $FEEDNAME at version $FEEDVERSION ($FEEDCOUNT NVTs)" + log_write "Current status: Using $FEED_NAME at version $FEED_VERSION ($FEEDCOUNT NVTs)" else log_write "Current status: No feed installed." fi @@ -170,9 +192,9 @@ fi if [ "$gsmproxy" = "proxy_feed" ] || [ -z $gsmproxy ] then - rsync -e "ssh -p 24 -i $sysconfdir/openvas/gsf-access-key" -ltrP $RSYNC_VERBOSE --protocol=29 $RSYNC_DELETE $feeduser $NVT_DIR + rsync -e "ssh -o \"BatchMode=yes\" -p $PORT -i $sysconfdir/openvas/gsf-access-key" -ltrP $RSYNC_VERBOSE --protocol=29 $RSYNC_DELETE $feeduser $NVT_DIR else - rsync -e "ssh -o \"ProxyCommand corkscrew $gsmproxy %h %p\" -p 24 -i $sysconfdir/openvas/gsf-access-key" -ltrP $RSYNC_VERBOSE --protocol=29 $RSYNC_DELETE $feeduser $NVT_DIR + rsync -e "ssh -o \"BatchMode=yes\" -o \"ProxyCommand corkscrew $gsmproxy %h %p\" -p $PORT -i $sysconfdir/openvas/gsf-access-key" -ltrP $RSYNC_VERBOSE --protocol=29 $RSYNC_DELETE $feeduser $NVT_DIR fi if [ $? -ne 0 ] ; then stderr_write "== greenbone-nvt-sync $VERSION ================================================" @@ -189,7 +211,7 @@ fi eval "cd \"$NVT_DIR\" ; md5sum -c --status \"$NVT_DIR/md5sums\"" if [ $? -ne 0 ] ; then - if [ -n $retried ] + if [ -n "$retried" ] then stderr_write "== greenbone-nvt-sync $VERSION ================================================" stderr_write "The feed integrity check failed two times in a row. This may indicate a serious" @@ -217,11 +239,10 @@ fi done log_write "Synchronization with the Greenbone Security Feed successful." - if [ -r $VERSIONFILE ] ; then - FEEDVERSION=`grep PLUGIN_SET $VERSIONFILE | sed -e 's/[^0-9]//g'` - FEEDNAME=`grep PLUGIN_FEED $VERSIONFILE | awk -F\" '{print $(NF-1)}'` + init_sync + if [ $FEED_PRESENT -eq 1 ] ; then FEEDCOUNT=`grep -E "nasl$|inc$" $NVT_DIR/md5sums | wc -l` - log_write "Current status: Using $FEEDNAME at version $FEEDVERSION ($FEEDCOUNT NVTs)" + log_write "Current status: Using $FEED_NAME at version $FEED_VERSION ($FEEDCOUNT NVTs)" else log_write "Current status: No feed installed." fi @@ -240,7 +261,7 @@ } update_openvasmd (){ - if [ -n $NOINIT ] ; then + if [ -n "$NOINIT" ] ; then return fi log_write "Updating OpenVAS Manager" @@ -307,8 +328,11 @@ do_describe () { + if [ -z $NVT_DIR ] ; then + init_sync + fi echo "This script synchronizes an NVT collection with the '$FEED_NAME'." - echo "The '$FEED_NAME' is provided by '$FEED_PROVIDER'." + echo "The '$FEED_NAME' is provided by '$FEED_VENDOR'." echo "Online information about this feed: '$FEED_HOME'." } @@ -316,12 +340,10 @@ if [ -z $NVT_DIR ] ; then init_sync fi - VERSIONFILE="$NVT_DIR/plugin_feed_info.inc" - if [ -r $VERSIONFILE ] ; then - FEEDVERSION=`grep PLUGIN_SET $VERSIONFILE | sed -e 's/[^0-9]//g'` - echo $FEEDVERSION + if [ $FEED_PRESENT -eq 1 ] ; then + echo $FEED_VERSION else - stderr_write "The file containing the feed version ($VERSIONFILE) could not be found." + stderr_write "The file containing the feed version could not be found." exit 1 fi } @@ -343,6 +365,7 @@ exit 0 ;; --identify) + init_sync echo "NVTSYNC|$SCRIPT_NAME|$VERSION|$FEED_NAME|$RESTRICTED|NVTSYNC" exit 0 ;; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvas-scanner-3.2.2/tools/openvas-nvt-sync.in new/openvas-scanner-3.2.3/tools/openvas-nvt-sync.in --- old/openvas-scanner-3.2.2/tools/openvas-nvt-sync.in 2011-02-21 10:40:34.000000000 +0100 +++ new/openvas-scanner-3.2.3/tools/openvas-nvt-sync.in 2011-04-11 09:29:40.000000000 +0200 @@ -12,7 +12,7 @@ # Vlatko Kosturjak <[email protected]> # Michael Wiegand <[email protected]> # -# Script is complete rewrite of original sync script by +# Script is complete rewrite of original sync script by # Lukas Grunwald <[email protected]> # Jan-Oliver Wagner <[email protected]> # @@ -32,66 +32,89 @@ # if you need to debug script # set -x -# these locations should be correct if standard ./configure had -# been applied. - # configure NVT_DIR where we will sync NVTs if [ -z "$NVT_DIR" ]; then - NVT_DIR="@OPENVAS_NVT_DIR@" + OPENVASSD=`which openvassd` + if [ -z "$OPENVASSD" ] ; then + echo "[e] Error: openvassd is not in the path, could not determine NVT directory." + exit 1 + else + NVT_DIR=`openvassd -s | awk -F" = " '/^plugins_folder/ { print $2 }'` + fi +fi + +# Script and feed information which will be made available to user through +# command line options and automated tools. +SCRIPT_NAME="openvas-nvt-sync" +VERSION=@OPENVASSD_VERSION@ +RESTRICTED=0 + +INFOFILE="$NVT_DIR/plugin_feed_info.inc" +if [ -r $INFOFILE ] ; then + FEED_VERSION=`grep PLUGIN_SET $INFOFILE | sed -e 's/[^0-9]//g'` + FEED_NAME=`grep PLUGIN_FEED $INFOFILE | sed 's/PLUGIN_FEED\s*\=\s*\"\([^"]\+\)\";/\1/'` + FEED_VENDOR=`grep FEED_VENDOR $INFOFILE | sed 's/FEED_VENDOR\s*\=\s*\"\([^"]\+\)\";/\1/'` + FEED_HOME=`grep FEED_HOME $INFOFILE | sed 's/FEED_HOME\s*\=\s*\"\([^"]\+\)\";/\1/'` + FEED_PRESENT=1 +else + FEED_PRESENT=0 +fi + +if [ -z "$FEED_NAME" ] ; then + FEED_NAME="OpenVAS NVT Feed" +fi + +if [ -z "$FEED_VENDOR" ] ; then + FEED_VENDOR="The OpenVAS Project" +fi + +if [ -z "$FEED_HOME" ] ; then + FEED_HOME="http://www.openvas.org/openvas-nvt-feed.html"; fi # The URL of the plugin feed if [ -z "$OV_RSYNC_FEED" ]; then - OV_RSYNC_FEED=rsync://rsync.openvas.org:/nvt-feed - # An alternative syntax which might work if the above doesn't: - # [email protected]::nvt-feed + OV_RSYNC_FEED=rsync://feed.openvas.org:/nvt-feed + # An alternative syntax which might work if the above doesn't: + # [email protected]::nvt-feed fi if [ -z "$OV_HTTP_FEED" ]; then - OV_HTTP_FEED=http://www.openvas.org/openvas-nvt-feed-current.tar.bz2 + OV_HTTP_FEED=http://www.openvas.org/openvas-nvt-feed-current.tar.bz2 fi if [ -z "$TMPDIR" ]; then - SYNC_TMP_DIR=/tmp -# If we have mktemp, create a temporary dir (safer) - if [ -n "`which mktemp`" ]; then - SYNC_TMP_DIR=`mktemp -d openvas-nvt-sync.XXXXXXXXXX -t` || { echo "ERROR: Cannot create temporary directory for file download" >&2; exit 1 ; } - trap "rm -rf $SYNC_TMP_DIR" EXIT SIGHUP SIGINT SIGTRAP SIGTERM - fi + SYNC_TMP_DIR=/tmp + # If we have mktemp, create a temporary dir (safer) + if [ -n "`which mktemp`" ]; then + SYNC_TMP_DIR=`mktemp -d openvas-nvt-sync.XXXXXXXXXX -t` || { echo "ERROR: Cannot create temporary directory for file download" >&2; exit 1 ; } + trap "rm -rf $SYNC_TMP_DIR" EXIT HUP INT TRAP TERM + fi else - SYNC_TMP_DIR="$TMPDIR" + SYNC_TMP_DIR="$TMPDIR" fi -# Script and feed information which will be made available to user through -# command line options and automated tools. -SCRIPT_NAME="openvas-nvt-sync" -VERSION=@OPENVASSD_VERSION@ -FEED_NAME="OpenVAS NVT Feed" -FEED_PROVIDER="The OpenVAS Project" -FEED_HOME="http://www.openvas.org/openvas-nvt-feed.html"; -RESTRICTED=0 - do_help () { - echo "$0: Sync NVTs using different protocols" - echo " --rsync sync with rsync (default)" - echo " --wget sync with wget" - echo " --curl sync with curl" - echo " --check just checksum check" - echo "OpenVAS administrator functions:" - echo " --selftest perform self-test" - echo " --identify display information" - echo " --version display version" - echo " --describe display current feed info" - echo " --nvt-dir <dir> directory of the NVT collection" - echo "" - echo "Environment variables:" - echo "NVT_DIR where to extract plugins (absolute path)" - echo "OV_RSYNC_FEED URL of rsync feed" - echo "OV_HTTP_FEED URL of http feed" - echo "TMPDIR temporary directory used to download the files" - echo "Note that you can use standard ones as well (e.g. http_proxy) for wget/curl" - echo "" - exit 0 + echo "$0: Sync NVTs using different protocols" + echo " --rsync sync with rsync (default)" + echo " --wget sync with wget" + echo " --curl sync with curl" + echo " --check just checksum check" + echo "OpenVAS administrator functions:" + echo " --selftest perform self-test" + echo " --identify display information" + echo " --version display version" + echo " --describe display current feed info" + echo " --nvt-dir <dir> directory of the NVT collection" + echo "" + echo "Environment variables:" + echo "NVT_DIR where to extract plugins (absolute path)" + echo "OV_RSYNC_FEED URL of rsync feed" + echo "OV_HTTP_FEED URL of http feed" + echo "TMPDIR temporary directory used to download the files" + echo "Note that you can use standard ones as well (e.g. http_proxy) for wget/curl" + echo "" + exit 0 } CMD_RSYNC=`which rsync` @@ -101,141 +124,143 @@ TMP_NVT="$SYNC_TMP_DIR/openvas-feed-`date +%F`-$$.tar.bz2" chk_system_tools () { - echo "[i] Searching for required system tools (look for warnings)..." + echo "[i] Searching for required system tools (look for warnings)..." - if [ -z "$CMD_MD5SUM" ]; then - SELFTEST_FAIL=1 - echo "[w] Warning: MD5SUM not found"; - fi + if [ -z "$CMD_MD5SUM" ]; then + SELFTEST_FAIL=1 + echo "[w] Warning: MD5SUM not found"; + fi - if [ -z "$CMD_RSYNC" ]; then - echo "[w] Warning: RSYNC not found"; - fi + if [ -z "$CMD_RSYNC" ]; then + echo "[w] Warning: RSYNC not found"; + fi - if [ -z "$CMD_WGET" ]; then - echo "[w] Warning: wget not found"; - fi + if [ -z "$CMD_WGET" ]; then + echo "[w] Warning: wget not found"; + fi - if [ -z "$CMD_CURL" ]; then - echo "[w] Warning: curl not found"; - fi + if [ -z "$CMD_CURL" ]; then + echo "[w] Warning: curl not found"; + fi - if [ -z "$CMD_RSYNC" -a -z "$CMD_WGET" -a -z "$CMD_CURL" ]; then - SELFTEST_FAIL=1 - fi + if [ -z "$CMD_RSYNC" -a -z "$CMD_WGET" -a -z "$CMD_CURL" ]; then + SELFTEST_FAIL=1 + fi - echo "[i] If you did not get any warnings, that means you have all tools required" + echo "[i] If you did not get any warnings, that means you have all tools required" - echo "[i] Note that it is recommended to have md5sum and one of the following: rsync, wget or curl." + echo "[i] Note that it is recommended to have md5sum and one of the following: rsync, wget or curl." } do_rsync () { - if [ -z "$CMD_RSYNC" ]; then - echo "[w] rsync not found!" - else - echo "[i] Using rsync: $CMD_RSYNC" - echo "[i] Configured NVT rsync feed: $OV_RSYNC_FEED" - mkdir -p "$NVT_DIR" - eval "$CMD_RSYNC -ltvrP \"$OV_RSYNC_FEED\" \"$NVT_DIR\"" - if [ $? -ne 0 ] ; then - echo "Error: rsync failed. Your NVT collection might be broken now." - exit 1 - fi - fi + if [ -z "$CMD_RSYNC" ]; then + echo "[w] rsync not found!" + else + echo "[i] Using rsync: $CMD_RSYNC" + echo "[i] Configured NVT rsync feed: $OV_RSYNC_FEED" + mkdir -p "$NVT_DIR" + eval "$CMD_RSYNC -ltvrP \"$OV_RSYNC_FEED\" \"$NVT_DIR\"" + if [ $? -ne 0 ] ; then + echo "Error: rsync failed. Your NVT collection might be broken now." + exit 1 + fi + fi } do_wget () { - if [ -z "$CMD_WGET" ]; then - echo "[w] GNU wget not found!" - else - echo "[i] Using GNU wget: $CMD_WGET" - echo "[i] Configured NVT http feed: $OV_HTTP_FEED" - echo "[i] Downloading to: $TMP_NVT" - mkdir -p "$NVT_DIR" \ - && wget "$OV_HTTP_FEED" -O $TMP_NVT \ - && cd "$NVT_DIR" \ - && tar xvjf $TMP_NVT \ - && rm -f $TMP_NVT \ - && echo "[i] Download complete" - fi + if [ -z "$CMD_WGET" ]; then + echo "[w] GNU wget not found!" + else + echo "[i] Using GNU wget: $CMD_WGET" + echo "[i] Configured NVT http feed: $OV_HTTP_FEED" + echo "[i] Downloading to: $TMP_NVT" + mkdir -p "$NVT_DIR" \ + && wget "$OV_HTTP_FEED" -O $TMP_NVT \ + && cd "$NVT_DIR" \ + && tar xvjf $TMP_NVT \ + && rm -f $TMP_NVT \ + && echo "[i] Download complete" + fi } do_curl () { - if [ -z "$CMD_CURL" ]; then - echo "[w] curl not found!" - else - echo "[i] Using curl: $CMD_CURL" - echo "[i] Configured NVT http feed: $OV_HTTP_FEED" - echo "[i] Downloading to: $TMP_NVT" - mkdir -p "$NVT_DIR" \ - && curl "$OV_HTTP_FEED" -o $TMP_NVT \ - && cd "$NVT_DIR" \ - && tar xvjf $TMP_NVT \ - && rm -f $TMP_NVT \ - && echo "[i] Download complete" - fi + if [ -z "$CMD_CURL" ]; then + echo "[w] curl not found!" + else + echo "[i] Using curl: $CMD_CURL" + echo "[i] Configured NVT http feed: $OV_HTTP_FEED" + echo "[i] Downloading to: $TMP_NVT" + mkdir -p "$NVT_DIR" \ + && curl "$OV_HTTP_FEED" -o $TMP_NVT \ + && cd "$NVT_DIR" \ + && tar xvjf $TMP_NVT \ + && rm -f $TMP_NVT \ + && echo "[i] Download complete" + fi } do_check_md5 () { - if [ -z "CMD_MD5SUM" ]; then - echo "[w] md5sum utility not found, cannot check NVT checksums! You've been warned!" - else - echo -n "[i] Checking dir: " - eval "cd \"$NVT_DIR\"" - if [ $? -ne 0 ] ; then - echo "not ok" - echo "Check your NVT dir for existence and permissions!" - exit 1 - else - echo "ok" - fi - echo -n "[i] Checking MD5 checksum: " - eval "cd \"$NVT_DIR\" ; $CMD_MD5SUM -c --status \"$NVT_DIR/md5sums\"" - if [ $? -ne 0 ] ; then - echo "not ok" - echo "Error: md5sums not correct. Your NVT collection might be broken now." - echo "Please try this for details: cd \"$NVT_DIR\" ; $CMD_MD5SUM -c \"$NVT_DIR/md5sums\" | less" - exit 1 - fi - echo "ok" - fi + if [ -z "CMD_MD5SUM" ]; then + echo "[w] md5sum utility not found, cannot check NVT checksums! You've been warned!" + else + echo -n "[i] Checking dir: " + eval "cd \"$NVT_DIR\"" + if [ $? -ne 0 ] ; then + echo "not ok" + echo "Check your NVT dir for existence and permissions!" + exit 1 + else + echo "ok" + fi + echo -n "[i] Checking MD5 checksum: " + eval "cd \"$NVT_DIR\" ; $CMD_MD5SUM -c --status \"$NVT_DIR/md5sums\"" + if [ $? -ne 0 ] ; then + echo "not ok" + echo "Error: md5sums not correct. Your NVT collection might be broken now." + echo "Please try this for details: cd \"$NVT_DIR\" ; $CMD_MD5SUM -c \"$NVT_DIR/md5sums\" | less" + exit 1 + fi + echo "ok" + fi } do_self_test () { - chk_system_tools + chk_system_tools } do_describe () { echo "This script synchronizes an NVT collection with the '$FEED_NAME'." - echo "The '$FEED_NAME' is provided by '$FEED_PROVIDER'." + echo "The '$FEED_NAME' is provided by '$FEED_VENDOR'." echo "Online information about this feed: '$FEED_HOME'." } do_feedversion () { - VERSIONFILE="$NVT_DIR/plugin_feed_info.inc" - if [ -r $VERSIONFILE ] ; then - FEEDVERSION=`grep PLUGIN_SET $VERSIONFILE | sed -e 's/[^0-9]//g'` - echo $FEEDVERSION + if [ $FEED_PRESENT -eq 1 ] ; then + echo $FEED_VERSION fi } show_intro () { echo "[i] This script synchronizes an NVT collection with the '$FEED_NAME'." - echo "[i] The '$FEED_NAME' is provided by '$FEED_PROVIDER'." + echo "[i] The '$FEED_NAME' is provided by '$FEED_VENDOR'." echo "[i] Online information about this feed: '$FEED_HOME'." echo "[i] NVT dir: $NVT_DIR" } do_sync () { - if [ -z "$CMD_RSYNC" ]; then - echo "[w] rsync not found!" - if [ -z "$CMD_WGET"]; then + if [ -z "$CMD_RSYNC" ] || [ $FEED_PRESENT -eq 0 ] ; then + if [ $FEED_PRESENT -eq 0 ] ; then + echo "[i] rsync not is recommended for the initial sync. Falling back on http." + else + echo "[w] rsync not found!" + fi + if [ -z "$CMD_WGET" ]; then echo "[w] GNU wget not found!" - if [ -z "$CMD_CURL"]; then + if [ -z "$CMD_CURL" ]; then echo "[w] curl not found!" - echo -n "[e] no utility available in PATH environment variable to download plugins" + echo -n "[e] no utility available in PATH environment variable to download plugins" exit 1 else echo "[i] Will use curl" @@ -252,59 +277,59 @@ } if [ -n "$1" ]; then - while test $# -gt 0; do - case "$1" in - --help) - do_help - exit 0 - ;; - --rsync) - do_rsync - do_check_md5 - exit 0 - ;; - --wget) - do_wget - do_check_md5 - exit 0 - ;; - --curl) - do_curl - do_check_md5 - exit 0 - ;; - --check) - do_check_md5 - exit 0 - ;; - --version) - echo $VERSION - exit 0 - ;; - --identify) - echo "NVTSYNC|$SCRIPT_NAME|$VERSION|$FEED_NAME|$RESTRICTED|NVTSYNC" - exit 0 - ;; - --selftest) - SELFTEST_FAIL=0 - do_self_test - exit $SELFTEST_FAIL - ;; - --describe) - do_describe - exit 0 - ;; - --feedversion) - do_feedversion - exit 0 - ;; - --nvt-dir) - NVT_DIR="$2" - shift - ;; - esac - shift - done + while test $# -gt 0; do + case "$1" in + --help) + do_help + exit 0 + ;; + --rsync) + do_rsync + do_check_md5 + exit 0 + ;; + --wget) + do_wget + do_check_md5 + exit 0 + ;; + --curl) + do_curl + do_check_md5 + exit 0 + ;; + --check) + do_check_md5 + exit 0 + ;; + --version) + echo $VERSION + exit 0 + ;; + --identify) + echo "NVTSYNC|$SCRIPT_NAME|$VERSION|$FEED_NAME|$RESTRICTED|NVTSYNC" + exit 0 + ;; + --selftest) + SELFTEST_FAIL=0 + do_self_test + exit $SELFTEST_FAIL + ;; + --describe) + do_describe + exit 0 + ;; + --feedversion) + do_feedversion + exit 0 + ;; + --nvt-dir) + NVT_DIR="$2" + shift + ;; + esac + shift + done fi show_intro ++++++ openvas-scanner.dsc ++++++ --- /var/tmp/diff_new_pack.l38kE7/_old 2011-05-02 09:19:22.000000000 +0200 +++ /var/tmp/diff_new_pack.l38kE7/_new 2011-05-02 09:19:22.000000000 +0200 @@ -2,13 +2,13 @@ Source: openvas-scanner Binary: openvas-scanner Architecture: any -Version: 3.2.2-1 +Version: 3.2.3-1 Maintainer: Stephan Kleine <[email protected]> Homepage: http://www.openvas.org/ Standards-Version: 3.8.0 Build-Depends: debhelper (>= 6), devscripts, dpatch, cmake, hardening-wrapper, libopenvas4-dev, libwrap0-dev, pkg-config, po-debconf Files: - 776ce4e1000137c9aec7863372c8c876 373800 openvas-scanner-3.2.2.orig.tar.gz - 131e6720b0526ade9405eade0d9150ac 56625 openvas-scanner-3.2.2.diff.gz + 776ce4e1000137c9aec7863372c8c876 373800 openvas-scanner-3.2.3.orig.tar.gz + 131e6720b0526ade9405eade0d9150ac 56625 openvas-scanner-3.2.3.diff.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
