commit openvas-manager for openSUSE:Factory
Hello community, here is the log from the commit of package openvas-manager for openSUSE:Factory checked in at 2013-11-13 09:45:03 Comparing /work/SRC/openSUSE:Factory/openvas-manager (Old) and /work/SRC/openSUSE:Factory/.openvas-manager.new (New) Package is openvas-manager Changes: --- /work/SRC/openSUSE:Factory/openvas-manager/openvas-manager.changes 2013-11-04 15:42:28.0 +0100 +++ /work/SRC/openSUSE:Factory/.openvas-manager.new/openvas-manager.changes 2013-11-13 09:45:04.0 +0100 @@ -1,0 +2,6 @@ +Tue Nov 12 10:44:56 UTC 2013 - johann.l...@wanadoo.fr + +- Update in 4.0.4 + * Security fix for handling the authentication state in OMP. + +--- Old: openvas-manager-4.0.3.tar.gz New: openvas-manager-4.0.4.tar.gz Other differences: -- ++ openvas-manager.spec ++ --- /var/tmp/diff_new_pack.jdvMoi/_old 2013-11-13 09:45:05.0 +0100 +++ /var/tmp/diff_new_pack.jdvMoi/_new 2013-11-13 09:45:05.0 +0100 @@ -17,7 +17,7 @@ Name: openvas-manager -Version:4.0.3 +Version:4.0.4 Release:5.1 Url:http://www.openvas.org Source0:%{name}-%{version}.tar.gz ++ openvas-manager-4.0.3.tar.gz - openvas-manager-4.0.4.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvas-manager-4.0.3/CHANGES new/openvas-manager-4.0.4/CHANGES --- old/openvas-manager-4.0.3/CHANGES 2013-10-21 21:56:16.0 +0200 +++ new/openvas-manager-4.0.4/CHANGES 2013-11-08 15:41:30.0 +0100 @@ -1,3 +1,28 @@ +openvas-manager 4.0.4 (2013-11-08) + +This is the fourth maintenance release of the openvas-manager 4.0 module for the +Open Vulnerability Assessment System release 6 (OpenVAS-6). The OpenVAS Manager +is the central management service between the actual security scanner and +various user clients. + +This is a security release addressing a serious security bug and it is highly +recommended to update any installation of OpenVAS Manager 4.0 with this +release. + +A software bug in OpenVAS Manager allowed an attacker to bypass the OMP +authentication procedure. The attack vector was remotely available in case +OpenVAS Manager was listening on a public network interface. In case of +successful attack, the attacker gained partial rights to execute OMP commands. +The bypass authentication was, however, incomplete and several OMP commands +failed to execute properly. + +Many thanks to everyone who has contributed to this release: +Matthew Mundell. + +Main changes since 4.0.3: +* Security fix for handling the authentication state in OMP. + + openvas-manager 4.0.3 (2013-10-21) This is the third maintenance release of the openvas-manager 4.0 module for the diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvas-manager-4.0.3/CMakeLists.txt new/openvas-manager-4.0.4/CMakeLists.txt --- old/openvas-manager-4.0.3/CMakeLists.txt2013-10-20 19:43:31.0 +0200 +++ new/openvas-manager-4.0.4/CMakeLists.txt2013-11-08 15:41:30.0 +0100 @@ -79,7 +79,7 @@ set (CPACK_PACKAGE_VERSION_MINOR 0) # Use this scheme for stable releases: -set (CPACK_PACKAGE_VERSION_PATCH 3${SVN_REVISION}) +set (CPACK_PACKAGE_VERSION_PATCH 4${SVN_REVISION}) set (CPACK_PACKAGE_VERSION ${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}) # Use this scheme for +betaN and +rcN releases: #set (CPACK_PACKAGE_VERSION_PATCH +beta1${SVN_REVISION}) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvas-manager-4.0.3/ChangeLog new/openvas-manager-4.0.4/ChangeLog --- old/openvas-manager-4.0.3/ChangeLog 2013-10-21 21:57:07.0 +0200 +++ new/openvas-manager-4.0.4/ChangeLog 2013-11-08 15:41:30.0 +0100 @@ -1,3 +1,21 @@ +2013-11-08 Michael Wiegand michael.wieg...@greenbone.net + + Preparing the openvas-manager 4.0.4 release. + + * CHANGES: Updated. + +2013-11-08 Michael Wiegand michael.wieg...@greenbone.net + + * src/omp.c (omp_xml_handle_end_element): In GET_VERSION use correct + state in condition, otherwise the user is always considered + authenticated after GET_VERSION. Patch by Matthew Mundell. + +2013-10-21 Jan-Oliver Wagner jan-oliver.wag...@greenbone.net + + Post release version bump. + + * CMakeLists.txt: Update version number to 4.0.4. + 2013-10-21 Jan-Oliver Wagner jan-oliver.wag...@greenbone.net Preparing the openvas-manager 4.0.3 release. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvas-manager-4.0.3/src/omp.c
commit openvas-manager for openSUSE:Factory
Hello community, here is the log from the commit of package openvas-manager for openSUSE:Factory checked in at 2013-11-04 15:42:26 Comparing /work/SRC/openSUSE:Factory/openvas-manager (Old) and /work/SRC/openSUSE:Factory/.openvas-manager.new (New) Package is openvas-manager Changes: --- /work/SRC/openSUSE:Factory/openvas-manager/openvas-manager.changes 2013-09-17 16:25:45.0 +0200 +++ /work/SRC/openSUSE:Factory/.openvas-manager.new/openvas-manager.changes 2013-11-04 15:42:28.0 +0100 @@ -1,0 +2,25 @@ +Fri Oct 25 13:02:13 UTC 2013 - johann.l...@wanadoo.fr + +- Update in 4.0.3 + * Bugfix for DB-Migration from v55 to v56 for port lists. + * In GET_REPORT_FORMATS send TRUST and ACTIVE in details case too. Details cases +should always include everything from the simple case. + * In case of problems with SCAP or CERT database, Manager will still start up. + * Delete orphaned results and clear report counts cache if needed. This +could significantly reduce size of the database. + * Delete results of report from results table always upon deleting a report. + * Overrides XML: Output threat element not only when details flag is set. + * Make Manager more robust on absent Scanner when deleting a task. + * Add timezone element for schedules. + * Bug fixes for numerical sorting (CVSS values). + * Bug fix for LSC credentials that had whitesapces in their name. + * Bugfix for database backup to consider all of the journal files. + * Add log for successful creation in CREATE_NOTE and CREATE_OVERRIDE. + * Update NBE report format plugin to improve compatibility with third +party tools. + * For creation of Credentials. encrypt the random password and not the +unrelated given_password. + * Performance improvements. + * Various little bugfixes. + +--- Old: openvas-manager-4.0.2.tar.gz New: openvas-manager-4.0.3.tar.gz Other differences: -- ++ openvas-manager.spec ++ --- /var/tmp/diff_new_pack.GTBB0Z/_old 2013-11-04 15:42:29.0 +0100 +++ /var/tmp/diff_new_pack.GTBB0Z/_new 2013-11-04 15:42:29.0 +0100 @@ -17,7 +17,7 @@ Name: openvas-manager -Version:4.0.2 +Version:4.0.3 Release:5.1 Url:http://www.openvas.org Source0:%{name}-%{version}.tar.gz ++ openvas-manager-4.0.2.tar.gz - openvas-manager-4.0.3.tar.gz ++ 5063 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit openvas-manager for openSUSE:Factory
Hello community, here is the log from the commit of package openvas-manager for openSUSE:Factory checked in at Mon Sep 5 16:43:00 CEST 2011. --- openvas-manager/openvas-manager.changes 2011-05-31 19:45:06.0 +0200 +++ openvas-manager/openvas-manager.changes 2011-09-04 18:57:48.0 +0200 @@ -1,0 +2,5 @@ +Sun Sep 4 16:57:29 UTC 2011 - crrodrig...@opensuse.org + +- Fix build with no-add-needed + +--- calling whatdependson for head-i586 New: ovas-man-add-needed.patch Other differences: -- ++ openvas-manager.spec ++ --- /var/tmp/diff_new_pack.aBWilO/_old 2011-09-05 16:42:02.0 +0200 +++ /var/tmp/diff_new_pack.aBWilO/_new 2011-09-05 16:42:02.0 +0200 @@ -20,7 +20,7 @@ Name: openvas-manager Version:2.0.4 -Release:1 +Release:2 License:GPLv2+ Group: Productivity/Networking/Security Url:http://www.openvas.org @@ -32,7 +32,7 @@ Source5:openvasmd.init.mandriva BuildRoot: %{_tmppath}/%{name}-%{version}-build -%if 0%{?fedora_version} || 0%{?scientificlinux_version} +%if 0%{?fedora_version} || 0%{?scientificlinux_version} || 0%{?centos_version} BuildRequires: sqlite-devel %endif @@ -54,6 +54,7 @@ BuildRequires: pkgconfig Requires: logrotate Summary:Manager Module of OpenVAS +Patch: ovas-man-add-needed.patch %description The OpenVAS-Manager is a layer between OpenVAS-Scanner and various client @@ -64,6 +65,7 @@ %prep %setup -q +%patch %build %if 0%{?mandriva_version} @@ -95,7 +97,7 @@ %__install -Dm 0644 %{_sourcedir}/debian.openvas-manager.default %{buildroot}%{_var}/adm/fillup-templates/sysconfig.openvas-manager %endif -%if 0%{?fedora_version} || 0%{?scientificlinux_version} +%if 0%{?fedora_version} || 0%{?scientificlinux_version} || 0%{?centos_version} %__install -Dm 0755 %{_sourcedir}/openvasmd.init.fedora %{buildroot}%{_initrddir}/openvas-manager %__install -Dm 0644 %{_sourcedir}/debian.openvas-manager.default %{buildroot}%{_sysconfdir}/sysconfig/openvas-manager %endif @@ -121,7 +123,7 @@ %_post_service openvas-manager %endif -%if 0%{?fedora_version} || 0%{?scientificlinux_version} +%if 0%{?fedora_version} || 0%{?scientificlinux_version} || 0%{?centos_version} # only rpm -i (not rpm {-U|-F}) if [ $1 = 1 ]; then /sbin/chkconfig --add openvas-manager @@ -137,7 +139,7 @@ %_preun_service openvas-manager %endif -%if 0%{?fedora_version} || 0%{?scientificlinux_version} +%if 0%{?fedora_version} || 0%{?scientificlinux_version} || 0%{?centos_version} # only rpm -e (not rpm {-U|-F}) if [ $1 = 0 ]; then /sbin/service openvas-manager stop /dev/null 21 || : @@ -151,7 +153,7 @@ %insserv_cleanup %endif -%if 0%{?fedora_version} || 0%{?scientificlinux_version} +%if 0%{?fedora_version} || 0%{?scientificlinux_version} || 0%{?centos_version} # only rpm {-U|-F} (not rpm -e) if [ $1 = 1 ]; then /sbin/service openvas-manager condrestart ++ ovas-man-add-needed.patch ++ --- src/CMakeLists.txt.orig +++ src/CMakeLists.txt @@ -54,7 +54,7 @@ set_target_properties (otp PROPERTIES CO ## Program add_executable (openvasmd openvasmd.c oxpd.c ompd.c otpd.c) -target_link_libraries (openvasmd ovas-mngr-comm omp otp manage) +target_link_libraries (openvasmd openvas_base openvas_misc ovas-mngr-comm omp otp manage gnutls) set_target_properties (openvasmd PROPERTIES LINKER_LANGUAGE C) Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit openvas-manager for openSUSE:Factory
Hello community, here is the log from the commit of package openvas-manager for openSUSE:Factory checked in at Mon Jun 6 13:36:04 CEST 2011. --- openvas-manager/openvas-manager.changes 2011-04-22 13:26:13.0 +0200 +++ /mounts/work_src_done/STABLE/openvas-manager/openvas-manager.changes 2011-05-31 19:45:06.0 +0200 @@ -1,0 +2,16 @@ +Tue May 31 17:16:16 UTC 2011 - bitshuff...@opensuse.org + +- Updated to 2.0.4 + * Compiler warnings from gcc 4.6 discovered by Stephan Kleine were addressed. + * The mail addresses supplied for an email escalator are now used in the correct +order. + * Privilege dropping is now done directly and not via the shell. + * A bug which caused the Manager to fail to start when launched without a +database has been fixed. + * A race condition which caused empty reports from the slave when running in +master-slave mode under certain conditions has been fixed. + * A bug which caused the timestamp of the scan end not to be written to the +Manager database when running a task with an escalator under certain +conditions has been fixed. + +--- calling whatdependson for head-i586 Old: debian.series openvas-manager-2.0.3-install.patch openvas-manager-2.0.3.tar.gz New: openvas-manager-2.0.4.tar.gz Other differences: -- ++ openvas-manager.spec ++ --- /var/tmp/diff_new_pack.yCnJWS/_old 2011-06-06 13:35:43.0 +0200 +++ /var/tmp/diff_new_pack.yCnJWS/_new 2011-06-06 13:35:43.0 +0200 @@ -19,7 +19,7 @@ Name: openvas-manager -Version:2.0.3 +Version:2.0.4 Release:1 License:GPLv2+ Group: Productivity/Networking/Security @@ -30,7 +30,6 @@ Source3:openvasmd.init.suse Source4:openvasmd.init.fedora Source5:openvasmd.init.mandriva -Patch0: openvas-manager-2.0.3-install.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %if 0%{?fedora_version} || 0%{?scientificlinux_version} @@ -65,7 +64,6 @@ %prep %setup -q -%patch0 %build %if 0%{?mandriva_version} ++ debian.changelog ++ --- /var/tmp/diff_new_pack.yCnJWS/_old 2011-06-06 13:35:43.0 +0200 +++ /var/tmp/diff_new_pack.yCnJWS/_new 2011-06-06 13:35:43.0 +0200 @@ -1,3 +1,20 @@ +openvas-manager (2.0.4-1) UNRELEASED; urgency=low + + * New upstream release. +- Compiler warnings from gcc 4.6 discovered by Stephan Kleine were addressed. +- The mail addresses supplied for an email escalator are now used in the correct + order. +- Privilege dropping is now done directly and not via the shell. +- A bug which caused the Manager to fail to start when launched without a + database has been fixed. +- A race condition which caused empty reports from the slave when running in + master-slave mode under certain conditions has been fixed. +- A bug which caused the timestamp of the scan end not to be written to the + Manager database when running a task with an escalator under certain + conditions has been fixed. + + -- Stephan Kleine bitshuff...@opensuse.org Tue, 31 May 2011 19:18:27 +0200 + openvas-manager (2.0.3-1) UNRELEASED; urgency=low * New upstream release. ++ openvas-manager-2.0.3.tar.gz - openvas-manager-2.0.4.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvas-manager-2.0.3/CHANGES new/openvas-manager-2.0.4/CHANGES --- old/openvas-manager-2.0.3/CHANGES 2011-04-15 15:30:03.0 +0200 +++ new/openvas-manager-2.0.4/CHANGES 2011-05-30 15:59:05.0 +0200 @@ -1,3 +1,30 @@ +openvas-manager 2.0.4 (2011-05-30) + +This is the fourth maintenance release of the openvas-manager 2.0 module for the +Open Vulnerability Assessment System release 4 (OpenVAS-4). The OpenVAS Manager +is the central management service between the actual security scanner and +various user clients. + +This release fixes a number of issues discovered after the release of +openvas-manager 2.0.3. + +Many thanks to everyone who has contributed to this release: +Stephan Kleine, Matthew Mundell and Michael Wiegand. + +Main changes since 2.0.3: +* Compiler warnings from gcc 4.6 discovered by Stephan Kleine were addressed. +* The mail addresses supplied for an email escalator are now used in the correct + order. +* Privilege dropping is now done directly and not via the shell. +* A bug which caused the Manager to fail to start when launched without a + database has been fixed. +* A race condition which caused empty reports from the slave when running in + master-slave mode under certain conditions has been fixed. +* A bug which caused the timestamp of the scan end not to be written to the + Manager database when running a task with an escalator under certain +
commit openvas-manager for openSUSE:Factory
Hello community, here is the log from the commit of package openvas-manager for openSUSE:Factory checked in at Mon May 2 14:20:53 CEST 2011. --- openvas-manager/openvas-manager.changes 2011-03-03 01:57:28.0 +0100 +++ /mounts/work_src_done/STABLE/openvas-manager/openvas-manager.changes 2011-04-22 13:26:13.0 +0200 @@ -1,0 +2,9 @@ +Fri Apr 22 10:12:32 UTC 2011 - bitshuff...@opensuse.org + +- Updated to 2.0.3 + * Enforces strict permissions on sensitive OpenVAS Manager files. + * Drop privileges before executing report format plugins if running with +elevated privileges. + * Ensures report formats are trusted before executing them. + +--- calling whatdependson for head-i586 Old: openvas-manager-2.0.2.tar.gz New: debian.series openvas-manager-2.0.3-install.patch openvas-manager-2.0.3.tar.gz Other differences: -- ++ openvas-manager.spec ++ --- /var/tmp/diff_new_pack.kzOMe9/_old 2011-05-02 14:18:36.0 +0200 +++ /var/tmp/diff_new_pack.kzOMe9/_new 2011-05-02 14:18:36.0 +0200 @@ -19,9 +19,9 @@ Name: openvas-manager -Version:2.0.2 +Version:2.0.3 Release:1 -License:GNU GPL v2 or later +License:GPLv2+ Group: Productivity/Networking/Security Url:http://www.openvas.org Source0:%{name}-%{version}.tar.gz @@ -30,6 +30,7 @@ Source3:openvasmd.init.suse Source4:openvasmd.init.fedora Source5:openvasmd.init.mandriva +Patch0: openvas-manager-2.0.3-install.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %if 0%{?fedora_version} || 0%{?scientificlinux_version} @@ -64,6 +65,7 @@ %prep %setup -q +%patch0 %build %if 0%{?mandriva_version} @@ -163,7 +165,6 @@ %doc CHANGES README %config(noreplace) %{_sysconfdir}/logrotate.d/openvas-manager %dir %{_sysconfdir}/openvas -#config(noreplace) %{_sysconfdir}/openvas/openvasmd %config(noreplace) %{_sysconfdir}/openvas/openvasmd_log.conf %{_initrddir}/openvas-manager %{_sbindir}/openvasmd @@ -171,6 +172,7 @@ %{_datadir}/openvas/openvasmd %dir %{_localstatedir}/lib/openvas %{_localstatedir}/lib/openvas/mgr +%{_localstatedir}/lib/openvas/openvasmd %dir %{_localstatedir}/log/openvas %ghost %{_localstatedir}/log/openvas/openvasmd.log ++ debian.changelog ++ --- /var/tmp/diff_new_pack.kzOMe9/_old 2011-05-02 14:18:36.0 +0200 +++ /var/tmp/diff_new_pack.kzOMe9/_new 2011-05-02 14:18:36.0 +0200 @@ -1,3 +1,13 @@ +openvas-manager (2.0.3-1) UNRELEASED; urgency=low + + * New upstream release. +- Enforces strict permissions on sensitive OpenVAS Manager files. +- Drop privileges before executing report format plugins if running with + elevated privileges. +- Ensures report formats are trusted before executing them. + + -- Stephan Kleine bitshuff...@opensuse.org Fri, 22 Apr 2011 12:13:53 +0200 + openvas-manager (2.0.2-1) UNRELEASED; urgency=low * New upstream release. ++ debian.openvas-manager.dirs ++ --- /var/tmp/diff_new_pack.kzOMe9/_old 2011-05-02 14:18:36.0 +0200 +++ /var/tmp/diff_new_pack.kzOMe9/_new 2011-05-02 14:18:36.0 +0200 @@ -1 +1,3 @@ +var/lib/openvas/mgr +var/lib/openvas/openvasmd/report_formats var/log/openvas ++ debian.series ++ openvas-manager-2.0.3-install.patch -p0 ++ openvas-manager-2.0.3-install.patch ++ Index: CMakeLists.txt === --- CMakeLists.txt.orig 2011-04-15 15:30:03.0 +0200 +++ CMakeLists.txt 2011-04-22 12:29:06.124935838 +0200 @@ -257,7 +257,7 @@ enable_testing () ## Install -install (CODE file (MAKE_DIRECTORY ${OPENVAS_STATE_DIR}/openvasmd/report_formats/)) +install (CODE FILE(MAKE_DIRECTORY \$ENV{DESTDIR}${OPENVAS_STATE_DIR}/openvasmd/report_formats)) install (FILES ${CMAKE_BINARY_DIR}/src/openvasmd_log.conf DESTINATION ${OPENVAS_SYSCONF_DIR}) ++ openvas-manager-2.0.2.tar.gz - openvas-manager-2.0.3.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvas-manager-2.0.2/CHANGES new/openvas-manager-2.0.3/CHANGES --- old/openvas-manager-2.0.2/CHANGES 2011-03-02 15:21:27.0 +0100 +++ new/openvas-manager-2.0.3/CHANGES 2011-04-15 15:30:03.0 +0200 @@ -1,3 +1,34 @@ +openvas-manager 2.0.3 (2011-04-15) + +This is the third maintenance release of the openvas-manager 2.0 module for the +Open Vulnerability Assessment System release 4 (OpenVAS-4). The OpenVAS Manager +is the central management service between the actual security scanner and +various user clients. + +This release fixes a severe security issue discovered after the release of +openvas-manager 2.0.2. By crafting a special report format plugin, and knowing