commit openvas-manager for openSUSE:Factory
Hello community,
here is the log from the commit of package openvas-manager for openSUSE:Factory
checked in at 2013-11-13 09:45:03
Comparing /work/SRC/openSUSE:Factory/openvas-manager (Old)
and /work/SRC/openSUSE:Factory/.openvas-manager.new (New)
Package is openvas-manager
Changes:
--- /work/SRC/openSUSE:Factory/openvas-manager/openvas-manager.changes
2013-11-04 15:42:28.0 +0100
+++ /work/SRC/openSUSE:Factory/.openvas-manager.new/openvas-manager.changes
2013-11-13 09:45:04.0 +0100
@@ -1,0 +2,6 @@
+Tue Nov 12 10:44:56 UTC 2013 - johann.l...@wanadoo.fr
+
+- Update in 4.0.4
+ * Security fix for handling the authentication state in OMP.
+
+---
Old:
openvas-manager-4.0.3.tar.gz
New:
openvas-manager-4.0.4.tar.gz
Other differences:
--
++ openvas-manager.spec ++
--- /var/tmp/diff_new_pack.jdvMoi/_old 2013-11-13 09:45:05.0 +0100
+++ /var/tmp/diff_new_pack.jdvMoi/_new 2013-11-13 09:45:05.0 +0100
@@ -17,7 +17,7 @@
Name: openvas-manager
-Version:4.0.3
+Version:4.0.4
Release:5.1
Url:http://www.openvas.org
Source0:%{name}-%{version}.tar.gz
++ openvas-manager-4.0.3.tar.gz - openvas-manager-4.0.4.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openvas-manager-4.0.3/CHANGES
new/openvas-manager-4.0.4/CHANGES
--- old/openvas-manager-4.0.3/CHANGES 2013-10-21 21:56:16.0 +0200
+++ new/openvas-manager-4.0.4/CHANGES 2013-11-08 15:41:30.0 +0100
@@ -1,3 +1,28 @@
+openvas-manager 4.0.4 (2013-11-08)
+
+This is the fourth maintenance release of the openvas-manager 4.0 module for
the
+Open Vulnerability Assessment System release 6 (OpenVAS-6). The OpenVAS Manager
+is the central management service between the actual security scanner and
+various user clients.
+
+This is a security release addressing a serious security bug and it is highly
+recommended to update any installation of OpenVAS Manager 4.0 with this
+release.
+
+A software bug in OpenVAS Manager allowed an attacker to bypass the OMP
+authentication procedure. The attack vector was remotely available in case
+OpenVAS Manager was listening on a public network interface. In case of
+successful attack, the attacker gained partial rights to execute OMP commands.
+The bypass authentication was, however, incomplete and several OMP commands
+failed to execute properly.
+
+Many thanks to everyone who has contributed to this release:
+Matthew Mundell.
+
+Main changes since 4.0.3:
+* Security fix for handling the authentication state in OMP.
+
+
openvas-manager 4.0.3 (2013-10-21)
This is the third maintenance release of the openvas-manager 4.0 module for the
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openvas-manager-4.0.3/CMakeLists.txt
new/openvas-manager-4.0.4/CMakeLists.txt
--- old/openvas-manager-4.0.3/CMakeLists.txt2013-10-20 19:43:31.0
+0200
+++ new/openvas-manager-4.0.4/CMakeLists.txt2013-11-08 15:41:30.0
+0100
@@ -79,7 +79,7 @@
set (CPACK_PACKAGE_VERSION_MINOR 0)
# Use this scheme for stable releases:
-set (CPACK_PACKAGE_VERSION_PATCH 3${SVN_REVISION})
+set (CPACK_PACKAGE_VERSION_PATCH 4${SVN_REVISION})
set (CPACK_PACKAGE_VERSION
${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH})
# Use this scheme for +betaN and +rcN releases:
#set (CPACK_PACKAGE_VERSION_PATCH +beta1${SVN_REVISION})
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openvas-manager-4.0.3/ChangeLog
new/openvas-manager-4.0.4/ChangeLog
--- old/openvas-manager-4.0.3/ChangeLog 2013-10-21 21:57:07.0 +0200
+++ new/openvas-manager-4.0.4/ChangeLog 2013-11-08 15:41:30.0 +0100
@@ -1,3 +1,21 @@
+2013-11-08 Michael Wiegand michael.wieg...@greenbone.net
+
+ Preparing the openvas-manager 4.0.4 release.
+
+ * CHANGES: Updated.
+
+2013-11-08 Michael Wiegand michael.wieg...@greenbone.net
+
+ * src/omp.c (omp_xml_handle_end_element): In GET_VERSION use correct
+ state in condition, otherwise the user is always considered
+ authenticated after GET_VERSION. Patch by Matthew Mundell.
+
+2013-10-21 Jan-Oliver Wagner jan-oliver.wag...@greenbone.net
+
+ Post release version bump.
+
+ * CMakeLists.txt: Update version number to 4.0.4.
+
2013-10-21 Jan-Oliver Wagner jan-oliver.wag...@greenbone.net
Preparing the openvas-manager 4.0.3 release.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openvas-manager-4.0.3/src/omp.c
commit openvas-manager for openSUSE:Factory
Hello community,
here is the log from the commit of package openvas-manager for openSUSE:Factory
checked in at 2013-11-04 15:42:26
Comparing /work/SRC/openSUSE:Factory/openvas-manager (Old)
and /work/SRC/openSUSE:Factory/.openvas-manager.new (New)
Package is openvas-manager
Changes:
--- /work/SRC/openSUSE:Factory/openvas-manager/openvas-manager.changes
2013-09-17 16:25:45.0 +0200
+++ /work/SRC/openSUSE:Factory/.openvas-manager.new/openvas-manager.changes
2013-11-04 15:42:28.0 +0100
@@ -1,0 +2,25 @@
+Fri Oct 25 13:02:13 UTC 2013 - johann.l...@wanadoo.fr
+
+- Update in 4.0.3
+ * Bugfix for DB-Migration from v55 to v56 for port lists.
+ * In GET_REPORT_FORMATS send TRUST and ACTIVE in details case too. Details
cases
+should always include everything from the simple case.
+ * In case of problems with SCAP or CERT database, Manager will still start
up.
+ * Delete orphaned results and clear report counts cache if needed. This
+could significantly reduce size of the database.
+ * Delete results of report from results table always upon deleting a report.
+ * Overrides XML: Output threat element not only when details flag is set.
+ * Make Manager more robust on absent Scanner when deleting a task.
+ * Add timezone element for schedules.
+ * Bug fixes for numerical sorting (CVSS values).
+ * Bug fix for LSC credentials that had whitesapces in their name.
+ * Bugfix for database backup to consider all of the journal files.
+ * Add log for successful creation in CREATE_NOTE and CREATE_OVERRIDE.
+ * Update NBE report format plugin to improve compatibility with third
+party tools.
+ * For creation of Credentials. encrypt the random password and not the
+unrelated given_password.
+ * Performance improvements.
+ * Various little bugfixes.
+
+---
Old:
openvas-manager-4.0.2.tar.gz
New:
openvas-manager-4.0.3.tar.gz
Other differences:
--
++ openvas-manager.spec ++
--- /var/tmp/diff_new_pack.GTBB0Z/_old 2013-11-04 15:42:29.0 +0100
+++ /var/tmp/diff_new_pack.GTBB0Z/_new 2013-11-04 15:42:29.0 +0100
@@ -17,7 +17,7 @@
Name: openvas-manager
-Version:4.0.2
+Version:4.0.3
Release:5.1
Url:http://www.openvas.org
Source0:%{name}-%{version}.tar.gz
++ openvas-manager-4.0.2.tar.gz - openvas-manager-4.0.3.tar.gz ++
5063 lines of diff (skipped)
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit openvas-manager for openSUSE:Factory
Hello community,
here is the log from the commit of package openvas-manager for openSUSE:Factory
checked in at Mon Sep 5 16:43:00 CEST 2011.
--- openvas-manager/openvas-manager.changes 2011-05-31 19:45:06.0
+0200
+++ openvas-manager/openvas-manager.changes 2011-09-04 18:57:48.0
+0200
@@ -1,0 +2,5 @@
+Sun Sep 4 16:57:29 UTC 2011 - crrodrig...@opensuse.org
+
+- Fix build with no-add-needed
+
+---
calling whatdependson for head-i586
New:
ovas-man-add-needed.patch
Other differences:
--
++ openvas-manager.spec ++
--- /var/tmp/diff_new_pack.aBWilO/_old 2011-09-05 16:42:02.0 +0200
+++ /var/tmp/diff_new_pack.aBWilO/_new 2011-09-05 16:42:02.0 +0200
@@ -20,7 +20,7 @@
Name: openvas-manager
Version:2.0.4
-Release:1
+Release:2
License:GPLv2+
Group: Productivity/Networking/Security
Url:http://www.openvas.org
@@ -32,7 +32,7 @@
Source5:openvasmd.init.mandriva
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-%if 0%{?fedora_version} || 0%{?scientificlinux_version}
+%if 0%{?fedora_version} || 0%{?scientificlinux_version} || 0%{?centos_version}
BuildRequires: sqlite-devel
%endif
@@ -54,6 +54,7 @@
BuildRequires: pkgconfig
Requires: logrotate
Summary:Manager Module of OpenVAS
+Patch: ovas-man-add-needed.patch
%description
The OpenVAS-Manager is a layer between OpenVAS-Scanner and various client
@@ -64,6 +65,7 @@
%prep
%setup -q
+%patch
%build
%if 0%{?mandriva_version}
@@ -95,7 +97,7 @@
%__install -Dm 0644 %{_sourcedir}/debian.openvas-manager.default
%{buildroot}%{_var}/adm/fillup-templates/sysconfig.openvas-manager
%endif
-%if 0%{?fedora_version} || 0%{?scientificlinux_version}
+%if 0%{?fedora_version} || 0%{?scientificlinux_version} || 0%{?centos_version}
%__install -Dm 0755 %{_sourcedir}/openvasmd.init.fedora
%{buildroot}%{_initrddir}/openvas-manager
%__install -Dm 0644 %{_sourcedir}/debian.openvas-manager.default
%{buildroot}%{_sysconfdir}/sysconfig/openvas-manager
%endif
@@ -121,7 +123,7 @@
%_post_service openvas-manager
%endif
-%if 0%{?fedora_version} || 0%{?scientificlinux_version}
+%if 0%{?fedora_version} || 0%{?scientificlinux_version} || 0%{?centos_version}
# only rpm -i (not rpm {-U|-F})
if [ $1 = 1 ]; then
/sbin/chkconfig --add openvas-manager
@@ -137,7 +139,7 @@
%_preun_service openvas-manager
%endif
-%if 0%{?fedora_version} || 0%{?scientificlinux_version}
+%if 0%{?fedora_version} || 0%{?scientificlinux_version} || 0%{?centos_version}
# only rpm -e (not rpm {-U|-F})
if [ $1 = 0 ]; then
/sbin/service openvas-manager stop /dev/null 21 || :
@@ -151,7 +153,7 @@
%insserv_cleanup
%endif
-%if 0%{?fedora_version} || 0%{?scientificlinux_version}
+%if 0%{?fedora_version} || 0%{?scientificlinux_version} || 0%{?centos_version}
# only rpm {-U|-F} (not rpm -e)
if [ $1 = 1 ]; then
/sbin/service openvas-manager condrestart
++ ovas-man-add-needed.patch ++
--- src/CMakeLists.txt.orig
+++ src/CMakeLists.txt
@@ -54,7 +54,7 @@ set_target_properties (otp PROPERTIES CO
## Program
add_executable (openvasmd openvasmd.c oxpd.c ompd.c otpd.c)
-target_link_libraries (openvasmd ovas-mngr-comm omp otp manage)
+target_link_libraries (openvasmd openvas_base openvas_misc ovas-mngr-comm omp
otp manage gnutls)
set_target_properties (openvasmd PROPERTIES LINKER_LANGUAGE C)
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit openvas-manager for openSUSE:Factory
Hello community,
here is the log from the commit of package openvas-manager for openSUSE:Factory
checked in at Mon Jun 6 13:36:04 CEST 2011.
--- openvas-manager/openvas-manager.changes 2011-04-22 13:26:13.0
+0200
+++ /mounts/work_src_done/STABLE/openvas-manager/openvas-manager.changes
2011-05-31 19:45:06.0 +0200
@@ -1,0 +2,16 @@
+Tue May 31 17:16:16 UTC 2011 - bitshuff...@opensuse.org
+
+- Updated to 2.0.4
+ * Compiler warnings from gcc 4.6 discovered by Stephan Kleine were addressed.
+ * The mail addresses supplied for an email escalator are now used in the
correct
+order.
+ * Privilege dropping is now done directly and not via the shell.
+ * A bug which caused the Manager to fail to start when launched without a
+database has been fixed.
+ * A race condition which caused empty reports from the slave when running in
+master-slave mode under certain conditions has been fixed.
+ * A bug which caused the timestamp of the scan end not to be written to the
+Manager database when running a task with an escalator under certain
+conditions has been fixed.
+
+---
calling whatdependson for head-i586
Old:
debian.series
openvas-manager-2.0.3-install.patch
openvas-manager-2.0.3.tar.gz
New:
openvas-manager-2.0.4.tar.gz
Other differences:
--
++ openvas-manager.spec ++
--- /var/tmp/diff_new_pack.yCnJWS/_old 2011-06-06 13:35:43.0 +0200
+++ /var/tmp/diff_new_pack.yCnJWS/_new 2011-06-06 13:35:43.0 +0200
@@ -19,7 +19,7 @@
Name: openvas-manager
-Version:2.0.3
+Version:2.0.4
Release:1
License:GPLv2+
Group: Productivity/Networking/Security
@@ -30,7 +30,6 @@
Source3:openvasmd.init.suse
Source4:openvasmd.init.fedora
Source5:openvasmd.init.mandriva
-Patch0: openvas-manager-2.0.3-install.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if 0%{?fedora_version} || 0%{?scientificlinux_version}
@@ -65,7 +64,6 @@
%prep
%setup -q
-%patch0
%build
%if 0%{?mandriva_version}
++ debian.changelog ++
--- /var/tmp/diff_new_pack.yCnJWS/_old 2011-06-06 13:35:43.0 +0200
+++ /var/tmp/diff_new_pack.yCnJWS/_new 2011-06-06 13:35:43.0 +0200
@@ -1,3 +1,20 @@
+openvas-manager (2.0.4-1) UNRELEASED; urgency=low
+
+ * New upstream release.
+- Compiler warnings from gcc 4.6 discovered by Stephan Kleine were
addressed.
+- The mail addresses supplied for an email escalator are now used in the
correct
+ order.
+- Privilege dropping is now done directly and not via the shell.
+- A bug which caused the Manager to fail to start when launched without a
+ database has been fixed.
+- A race condition which caused empty reports from the slave when running
in
+ master-slave mode under certain conditions has been fixed.
+- A bug which caused the timestamp of the scan end not to be written to the
+ Manager database when running a task with an escalator under certain
+ conditions has been fixed.
+
+ -- Stephan Kleine bitshuff...@opensuse.org Tue, 31 May 2011 19:18:27 +0200
+
openvas-manager (2.0.3-1) UNRELEASED; urgency=low
* New upstream release.
++ openvas-manager-2.0.3.tar.gz - openvas-manager-2.0.4.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openvas-manager-2.0.3/CHANGES
new/openvas-manager-2.0.4/CHANGES
--- old/openvas-manager-2.0.3/CHANGES 2011-04-15 15:30:03.0 +0200
+++ new/openvas-manager-2.0.4/CHANGES 2011-05-30 15:59:05.0 +0200
@@ -1,3 +1,30 @@
+openvas-manager 2.0.4 (2011-05-30)
+
+This is the fourth maintenance release of the openvas-manager 2.0 module for
the
+Open Vulnerability Assessment System release 4 (OpenVAS-4). The OpenVAS Manager
+is the central management service between the actual security scanner and
+various user clients.
+
+This release fixes a number of issues discovered after the release of
+openvas-manager 2.0.3.
+
+Many thanks to everyone who has contributed to this release:
+Stephan Kleine, Matthew Mundell and Michael Wiegand.
+
+Main changes since 2.0.3:
+* Compiler warnings from gcc 4.6 discovered by Stephan Kleine were addressed.
+* The mail addresses supplied for an email escalator are now used in the
correct
+ order.
+* Privilege dropping is now done directly and not via the shell.
+* A bug which caused the Manager to fail to start when launched without a
+ database has been fixed.
+* A race condition which caused empty reports from the slave when running in
+ master-slave mode under certain conditions has been fixed.
+* A bug which caused the timestamp of the scan end not to be written to the
+ Manager database when running a task with an escalator under certain
+
commit openvas-manager for openSUSE:Factory
Hello community,
here is the log from the commit of package openvas-manager for openSUSE:Factory
checked in at Mon May 2 14:20:53 CEST 2011.
--- openvas-manager/openvas-manager.changes 2011-03-03 01:57:28.0
+0100
+++ /mounts/work_src_done/STABLE/openvas-manager/openvas-manager.changes
2011-04-22 13:26:13.0 +0200
@@ -1,0 +2,9 @@
+Fri Apr 22 10:12:32 UTC 2011 - bitshuff...@opensuse.org
+
+- Updated to 2.0.3
+ * Enforces strict permissions on sensitive OpenVAS Manager files.
+ * Drop privileges before executing report format plugins if running with
+elevated privileges.
+ * Ensures report formats are trusted before executing them.
+
+---
calling whatdependson for head-i586
Old:
openvas-manager-2.0.2.tar.gz
New:
debian.series
openvas-manager-2.0.3-install.patch
openvas-manager-2.0.3.tar.gz
Other differences:
--
++ openvas-manager.spec ++
--- /var/tmp/diff_new_pack.kzOMe9/_old 2011-05-02 14:18:36.0 +0200
+++ /var/tmp/diff_new_pack.kzOMe9/_new 2011-05-02 14:18:36.0 +0200
@@ -19,9 +19,9 @@
Name: openvas-manager
-Version:2.0.2
+Version:2.0.3
Release:1
-License:GNU GPL v2 or later
+License:GPLv2+
Group: Productivity/Networking/Security
Url:http://www.openvas.org
Source0:%{name}-%{version}.tar.gz
@@ -30,6 +30,7 @@
Source3:openvasmd.init.suse
Source4:openvasmd.init.fedora
Source5:openvasmd.init.mandriva
+Patch0: openvas-manager-2.0.3-install.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if 0%{?fedora_version} || 0%{?scientificlinux_version}
@@ -64,6 +65,7 @@
%prep
%setup -q
+%patch0
%build
%if 0%{?mandriva_version}
@@ -163,7 +165,6 @@
%doc CHANGES README
%config(noreplace) %{_sysconfdir}/logrotate.d/openvas-manager
%dir %{_sysconfdir}/openvas
-#config(noreplace) %{_sysconfdir}/openvas/openvasmd
%config(noreplace) %{_sysconfdir}/openvas/openvasmd_log.conf
%{_initrddir}/openvas-manager
%{_sbindir}/openvasmd
@@ -171,6 +172,7 @@
%{_datadir}/openvas/openvasmd
%dir %{_localstatedir}/lib/openvas
%{_localstatedir}/lib/openvas/mgr
+%{_localstatedir}/lib/openvas/openvasmd
%dir %{_localstatedir}/log/openvas
%ghost %{_localstatedir}/log/openvas/openvasmd.log
++ debian.changelog ++
--- /var/tmp/diff_new_pack.kzOMe9/_old 2011-05-02 14:18:36.0 +0200
+++ /var/tmp/diff_new_pack.kzOMe9/_new 2011-05-02 14:18:36.0 +0200
@@ -1,3 +1,13 @@
+openvas-manager (2.0.3-1) UNRELEASED; urgency=low
+
+ * New upstream release.
+- Enforces strict permissions on sensitive OpenVAS Manager files.
+- Drop privileges before executing report format plugins if running with
+ elevated privileges.
+- Ensures report formats are trusted before executing them.
+
+ -- Stephan Kleine bitshuff...@opensuse.org Fri, 22 Apr 2011 12:13:53 +0200
+
openvas-manager (2.0.2-1) UNRELEASED; urgency=low
* New upstream release.
++ debian.openvas-manager.dirs ++
--- /var/tmp/diff_new_pack.kzOMe9/_old 2011-05-02 14:18:36.0 +0200
+++ /var/tmp/diff_new_pack.kzOMe9/_new 2011-05-02 14:18:36.0 +0200
@@ -1 +1,3 @@
+var/lib/openvas/mgr
+var/lib/openvas/openvasmd/report_formats
var/log/openvas
++ debian.series ++
openvas-manager-2.0.3-install.patch -p0
++ openvas-manager-2.0.3-install.patch ++
Index: CMakeLists.txt
===
--- CMakeLists.txt.orig 2011-04-15 15:30:03.0 +0200
+++ CMakeLists.txt 2011-04-22 12:29:06.124935838 +0200
@@ -257,7 +257,7 @@ enable_testing ()
## Install
-install (CODE file (MAKE_DIRECTORY
${OPENVAS_STATE_DIR}/openvasmd/report_formats/))
+install (CODE FILE(MAKE_DIRECTORY
\$ENV{DESTDIR}${OPENVAS_STATE_DIR}/openvasmd/report_formats))
install (FILES ${CMAKE_BINARY_DIR}/src/openvasmd_log.conf
DESTINATION ${OPENVAS_SYSCONF_DIR})
++ openvas-manager-2.0.2.tar.gz - openvas-manager-2.0.3.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openvas-manager-2.0.2/CHANGES
new/openvas-manager-2.0.3/CHANGES
--- old/openvas-manager-2.0.2/CHANGES 2011-03-02 15:21:27.0 +0100
+++ new/openvas-manager-2.0.3/CHANGES 2011-04-15 15:30:03.0 +0200
@@ -1,3 +1,34 @@
+openvas-manager 2.0.3 (2011-04-15)
+
+This is the third maintenance release of the openvas-manager 2.0 module for the
+Open Vulnerability Assessment System release 4 (OpenVAS-4). The OpenVAS Manager
+is the central management service between the actual security scanner and
+various user clients.
+
+This release fixes a severe security issue discovered after the release of
+openvas-manager 2.0.2. By crafting a special report format plugin, and knowing
