There is an alternative inc, secpod_reg.inc as a replacement to smb_hotfixes.inc. We will address the below plugins by adding secpod_reg.inc.
smb_nt_ms04-026.nasl smb_nt_ms02-051.nasl smb_nt_ms02-025.nasl smb_nt_ms02-016.nasl smb_nt_ms02-018.nasl The rest of the plugins can be invalidated. Thanks!! Chandan S Message: 1 Date: Tue, 21 Apr 2009 08:45:04 +0200 From: Michael Wiegand <[email protected]> Subject: [Openvas-plugins] openvas-plugins Debian Package To: Jan Wagner <[email protected]> Cc: OpenVAS Debian Distribution List <[email protected]>, OpenVAS Plugins List <[email protected]> Message-ID: <[email protected]> Content-Type: text/plain; charset="iso-8859-15" * Jan Wagner [20. Apr 2009]: >> > > What do I need to do to make the buildds love openvas-server again? >> > > > > I did all the needed steps. :) > Thank you! :) >>> > > > and openvas-plugins aren't in Debian et al. >>> >> > > >> > > What would be your suggestion for getting it into Debian? Strip out all >> > > offending plugins or strip all non-C plugins? >> > > > > Hmm .... I would suggest to drop all non-dfsg plugins and then let the users > > decide, if/what/when they update the plugins from your feed. I guess there > > is > > fancy script, which can do that. :) > Using Javier's audit script, there are only two non-free plugins remaining. Is this a complete list or are there other scripts Debian might object to? The two scripts are: apache_username.nasl smb_hotfixes.inc Both are (C) Tenable without any licensing information. apache_username.nasl is somewhat old (CVE-2001-1013) but should be trivial to rewrite from scratch if needed. It was included in the Nessus GPL Feed, so I will adjust the license to GPL if there are no objections. smb_hotfixes.inc is included by eight other plugins: smb_nt_ms04-026.nasl smb_nt_ms02-051.nasl smb_nt_ms02-025.nasl smb_nt_ms02-016.nasl spybot_detection.nasl patchlink_detection.nasl smb_virii.nasl smb_suspicious_files.nasl At least the last four are currently broken anyway, since they include the nonexistant smb_func.inc as well. AFAICT, smb_hotfixes.inc was not part of the Nessus GPL Feed, can anyone clarify where it came from? I'm not sure if the functionality provided by smb_hotfixes.inc is really needed and how much work this would be. I'm crossposting this to openvas-plugins in hope of some answers. I would not mind removing smb_hotfixes.inc and dependent plugins from the Debian package if the damage is (as it seems) minimal. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-plugins/attachments/20090421/48ae51f1/attachment-0001.pgp ------------------------------ Message: 2 Date: Tue, 21 Apr 2009 08:55:46 +0200 From: Jan Wagner <[email protected]> Subject: Re: [Openvas-plugins] openvas-plugins Debian Package To: OpenVAS Debian Distribution List <[email protected]> Cc: OpenVAS Plugins List <[email protected]> Message-ID: <[email protected]> Content-Type: text/plain; charset="iso-8859-15" Hi Michael, On Tuesday 21 April 2009, Michael Wiegand wrote: > > * Jan Wagner [20. Apr 2009]: > >>> > > > What do I need to do to make the buildds love openvas-server again? >>> >> > > >> > > I did all the needed steps. :) >> > > > > Thank you! :) > your're welcome. :) >> > > Hmm .... I would suggest to drop all non-dfsg plugins and then let the >> > > users decide, if/what/when they update the plugins from your feed. I >> > > guess there is fancy script, which can do that. :) >> > > > > Using Javier's audit script, there are only two non-free plugins > > remaining. Is this a complete list or are there other scripts Debian > > might object to? > There are guidelines, which have all software needs to be conform to, called DFSG[1]. With kind regards, Jan. [1] http://www.debian.org/social_contract#guidelines -- Never write mail to <[email protected]>, you have been warned! -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GIT d-- s+: a- C+++ UL++++ P+ L+++ E- W+++ N+++ o++ K++ w--- O M V- PS PE Y++ PGP++ t-- 5 X R tv- b+ DI- D++ G++ e++ h-- r+++ y+++ ------END GEEK CODE BLOCK------ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part. Url : http://lists.wald.intevation.org/pipermail/openvas-plugins/attachments/20090421/78769717/attachment-0001.pgp ------------------------------ [email protected] wrote: > Send Openvas-plugins mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Openvas-plugins digest..." > > > Today's Topics: > > 1. openvas-plugins Debian Package (Michael Wiegand) > 2. Re: openvas-plugins Debian Package (Jan Wagner) > 3. Re: html page truncated with nasl request (Michael Meyer) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Tue, 21 Apr 2009 08:45:04 +0200 > From: Michael Wiegand <[email protected]> > Subject: [Openvas-plugins] openvas-plugins Debian Package > To: Jan Wagner <[email protected]> > Cc: OpenVAS Debian Distribution List > <[email protected]>, OpenVAS Plugins List > <[email protected]> > Message-ID: <[email protected]> > Content-Type: text/plain; charset="iso-8859-15" > > * Jan Wagner [20. Apr 2009]: > >>> What do I need to do to make the buildds love openvas-server again? >>> >> I did all the needed steps. :) >> > > Thank you! :) > > >>>> and openvas-plugins aren't in Debian et al. >>>> >>> What would be your suggestion for getting it into Debian? Strip out all >>> offending plugins or strip all non-C plugins? >>> >> Hmm .... I would suggest to drop all non-dfsg plugins and then let the users >> decide, if/what/when they update the plugins from your feed. I guess there is >> fancy script, which can do that. :) >> > > Using Javier's audit script, there are only two non-free plugins > remaining. Is this a complete list or are there other scripts Debian > might object to? > > The two scripts are: > apache_username.nasl > smb_hotfixes.inc > > Both are (C) Tenable without any licensing information. > > apache_username.nasl is somewhat old (CVE-2001-1013) but should be > trivial to rewrite from scratch if needed. It was included in the Nessus > GPL Feed, so I will adjust the license to GPL if there are no > objections. > > smb_hotfixes.inc is included by eight other plugins: > > smb_nt_ms04-026.nasl > smb_nt_ms02-051.nasl > smb_nt_ms02-025.nasl > smb_nt_ms02-016.nasl > spybot_detection.nasl > patchlink_detection.nasl > smb_virii.nasl > smb_suspicious_files.nasl > > At least the last four are currently broken anyway, since they include > the nonexistant smb_func.inc as well. > > AFAICT, smb_hotfixes.inc was not part of the Nessus GPL Feed, can anyone > clarify where it came from? I'm not sure if the functionality provided > by smb_hotfixes.inc is really needed and how much work this would be. > I'm crossposting this to openvas-plugins in hope of some answers. > > I would not mind removing smb_hotfixes.inc and dependent plugins from > the Debian package if the damage is (as it seems) minimal. > > Regards, > > Michael > > _______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
