From scm-commit at wald.intevation.org  Wed Oct  1 11:25:49 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Wed,  1 Oct 2008 11:25:49 +0200 (CEST)
Subject: [Openvas-commits] r1476 - in trunk/openvas-plugins: . scripts
Message-ID: <20081001092549.32C9E40786@pyrosoma.intevation.org>

Author: chandra
Date: 2008-10-01 11:25:47 +0200 (Wed, 01 Oct 2008)
New Revision: 1476

Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/ssh_get_info.nasl
Log:
Changed the script_name

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2008-09-30 13:29:51 UTC (rev 1475)
+++ trunk/openvas-plugins/ChangeLog	2008-10-01 09:25:47 UTC (rev 1476)
@@ -1,3 +1,7 @@
+2008-10-01 Chandrashekhar B <bchandra at secpod.com>
+	* scripts/ssh_get_info.nasl:
+	  Changed the name as it conflicts with gather-package-list.nasl
+
 2008-09-30 Chandrashekhar B <bchandra at secpod.com>
 	* scripts/gb_ms08-033.nasl,
 	  scripts/gb_ms08-030.nasl:

Modified: trunk/openvas-plugins/scripts/ssh_get_info.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ssh_get_info.nasl	2008-09-30 13:29:51 UTC (rev 1475)
+++ trunk/openvas-plugins/scripts/ssh_get_info.nasl	2008-10-01 09:25:47 UTC (rev 1476)
@@ -20,7 +20,7 @@
  script_id(50281);
  script_version("$");
  
- name["english"] = "Determine OS and list of installed packages via SSH login";
+ name["english"] = "Gather list of installed packages via SSH login";
  script_name(english:name["english"]);
  
  desc["english"] = "


From scm-commit at wald.intevation.org  Wed Oct  1 11:47:53 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Wed,  1 Oct 2008 11:47:53 +0200 (CEST)
Subject: [Openvas-commits] r1477 - trunk/openvas-plugins/scripts
Message-ID: <20081001094753.0B4BA40785@pyrosoma.intevation.org>

Author: chandra
Date: 2008-10-01 11:47:52 +0200 (Wed, 01 Oct 2008)
New Revision: 1477

Modified:
   trunk/openvas-plugins/scripts/gb_ms08-033.nasl
Log:
Resolved a regex issue

Modified: trunk/openvas-plugins/scripts/gb_ms08-033.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ms08-033.nasl	2008-10-01 09:25:47 UTC (rev 1476)
+++ trunk/openvas-plugins/scripts/gb_ms08-033.nasl	2008-10-01 09:47:52 UTC (rev 1477)
@@ -196,6 +196,11 @@
              string:fileVer)){
       security_hole(0);
     }
+    # Grep Quartz.dll version < 6.5.2600.1316
+    else if(egrep(pattern:"^6\.05\.2600\.(0?[0-9]?[0-9]?[0-9]|1([0-2][0-9]" +
+                       "[0-9]|3(0[0-9]|1[0-5])))$", string:fileVer)){
+      security_hole(0);
+    }
   }
   exit(0);
 }


From scm-commit at wald.intevation.org  Wed Oct  1 16:07:21 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Wed,  1 Oct 2008 16:07:21 +0200 (CEST)
Subject: [Openvas-commits] r1478 - in trunk/openvas-server: . doc
Message-ID: <20081001140721.D127C4078D@pyrosoma.intevation.org>

Author: mwiegand
Date: 2008-10-01 16:07:21 +0200 (Wed, 01 Oct 2008)
New Revision: 1478

Removed:
   trunk/openvas-server/doc/otp_specification_10.txt
Modified:
   trunk/openvas-server/ChangeLog
   trunk/openvas-server/MANIFEST
Log:
* doc/otp_specification_10.txt: Removed; the specification for OTP has
been updated and moved to the OpenVAS compendium.

* MANIFEST: Updated.


Modified: trunk/openvas-server/ChangeLog
===================================================================
--- trunk/openvas-server/ChangeLog	2008-10-01 09:47:52 UTC (rev 1477)
+++ trunk/openvas-server/ChangeLog	2008-10-01 14:07:21 UTC (rev 1478)
@@ -1,3 +1,10 @@
+2008-10-01  Michael Wiegand <michael.wiegand at intevation.de>
+
+	* doc/otp_specification_10.txt: Removed; the specification for OTP has
+	been updated and moved to the OpenVAS compendium.
+
+	* MANIFEST: Updated.
+
 2008-09-25  Michael Wiegand <michael.wiegand at intevation.de>
 
 	Post release version bump.

Modified: trunk/openvas-server/MANIFEST
===================================================================
--- trunk/openvas-server/MANIFEST	2008-10-01 09:47:52 UTC (rev 1477)
+++ trunk/openvas-server/MANIFEST	2008-10-01 14:07:21 UTC (rev 1478)
@@ -17,7 +17,6 @@
 doc/openvas-mkcert-client.1
 doc/openvas-mkrand.1
 doc/openvas-rmuser.8
-doc/otp_specification_10.txt
 doc/session_saving.txt
 doc/TODO.txt
 include/config.h

Deleted: trunk/openvas-server/doc/otp_specification_10.txt
===================================================================
--- trunk/openvas-server/doc/otp_specification_10.txt	2008-10-01 09:47:52 UTC (rev 1477)
+++ trunk/openvas-server/doc/otp_specification_10.txt	2008-10-01 14:07:21 UTC (rev 1478)
@@ -1,674 +0,0 @@
-  OpenVAS Transport Protocol Specification 1.0
-
-  Authors:
-    Michael Wiegand <michael.wiegand at intevation.de>
-    Jan-Oliver Wagner <jan-oliver.wagner at intevation.de>
-
-ABOUT THIS DOCUMENT
-  This document describes OTP, the protocol used for communication between the
-  server and client modules of the Open Vulnerability Assessment System
-  (OpenVAS).
-
-STATUS
-  This document is currently a draft; it does not describe the complete protocol
-  yet but is still close to the Nessus Transport Protocol, version 1.2.
-
-  Apart from this the documentation itself is not complete yet.
-
-INTRODUCTION
-  The OpenVAS project is a fork of the Nessus project. Because of this, the
-  initial protocol used for client-server communication was the Nessus
-  Transport Protocol (NTP). In order to address the shortcomings of NTP and to
-  facilitate further improvements in the OpenVAS modules it became necessary to
-  make changes to the protocol. Since NTP was specified by the Nessus project
-  and changes to NTP by the Nessus project are to be expected, a decision was
-  made to switch to a new protocol to avoid collisions with future protocol
-  specifications by the Nessus project and to avoid confusion with other
-  well-established protocols.
-
-GENERAL CONSIDERATIONS
-  The initial specification of the OpenVAS Transport Protocol (OTP) is very
-  close to the NTP implementation in the last versions available under the GNU
-  General Public License (GPL).
-
-CHANGES
-  This section describes the changes between NTP 1.2 and OTP 1.0.
-
-  Plug-in upload:
-  Section 10 of the NTP Extensions describes the ATTACHED_PLUGIN message type.
-  Using this message type, it was possible for a client to upload a plug-in to a
-  server. Due to security considerations described in the OpenVAS change request
-  #4 [1], this message type has been removed from the protocol.
-
-  Version information:
-  The undocumented NESSUS_VERSION message type has been replaced with the
-  OPENVAS_VERSION message type. When an OPENVAS_VERSION message is issued by the
-  client, the server is expected to respond with a message containing the
-  current server version.
-
-  New message types:
-  In addition to the existing message types HOLE, INFO and NOTE two new message
-  types have been added to the protocol: DEBUG and LOG. Their purpose is to give
-  clients more control about the verbosity of the messages they receive from the
-  server.
-
-  Detached scans:
-  This functionality has been dropped due to design decisions.
-  This means the following commands have been removed
-  from the protocol: DETACHED_SESSIONS_LIST and DETACHED_STOP.
-  The following preferences have been removed from the protocol as
-  well: detached_scan, continuous_scan, delay_between_scan_loops,
-  detached_scan_email_address.
-
-  Plugin order information:
-  The server command PLUGINS_ORDER was defined for NTP 1.2 but not
-  implemented in the server. This command has been removed from the protocol.
-
-  Starting a scan:
-  NTP offered two ways of starting a scan, NEW_ATTACK and LONG_ATTACK.
-  The latter allowed arbitray long list of targets while the first
-  was limited to 4000 bytes. The OpenVAS-Client (and so did NessusClient)
-  used only LONG_ATTACK anyway.
-
-  Protocol extensions:
-  These protocol extensions have been made standard of the OTP
-  protocol: "timestamps", "dependencies", "plugins_version",
-  "plugins_cve_id", "plugins_bugtraq_id" and "plugins_xrefs".
-
-GENERAL ASPECTS OF PROTOCOL
-
-  The OTP protocol is text-based, human readable and line-oriented.
-
-  Each line is made of fields separated by "<|>. The first fields indicates
-  whether it is a command send by client or by server ("CLIENT" vs. "SERVER").
-
-PROTOCOL INITIALIZER AND PROTOCOL FEATURES
-
-    Description:
-
-      The client start the protocol with a initializer of
-      the protocol version followed by parameters switching
-      on various features. Available protocol features are:
-
-        md5_caching        (server will use the MD5 caching feature)
-
-    Syntax:
-
-      < OTP/1.0 >< protocol_feature1 protocol_feature2 ... >
-      User : user_name
-      Password : user_password
-
-PROTOCOL COMMANDS
-
-  ATTACHED_FILE
-
-    Description:
-
-      This command corresponds to the plugin preferences
-      type "file". It follows the command PREFERENCES
-      to upload the specified files from client to server.
-
-    Syntax:
-
-      CLIENT <|> ATTACHED_FILE
-      name: file_name
-      content: octet/stream
-      bytes: file_length
-      file_content
-
-      where
-        file_name:    the path and name of the file.
-                      It is a identifier to reference the file
-                      in the plugin preferences.
-        file_length:  the number of bytes that will follow after the newline
-        file_content: the actual file as byte stream.
-
-  COMPLETE_LIST
-
-    Description:
-
-      This command can be used by the client in case the protocol
-      feature "md5_caching" was selected by the client.
-
-      It usually follows the PLUGINS_MD5 commands of the server
-      in case the server side md5sum is not equal to the md5sum
-      of the client side cached NVTs. Alternatively, the client
-      can use the command SEND_PLUGINS_MD5.
-
-      The server will answer with command PLUGIN_LIST.
-
-    Syntax:
-
-      CLIENT <|> COMPLETE_LIST <|> CLIENT
-
-  ERROR
-
-    Description:
-
-      In case of problems the server sends an error message with this
-      command. In case of unrecoverable problems, the server will then
-      close connection with BYE command.
-
-    Syntax:
-
-      SERVER <|> ERROR <|> error description <|> SERVER
-
-  FINISHED
-
-    Description:
-
-      The server will send this information each time when a scan
-      of a single host is finished.
-      This will only be done if requested by the client via setting
-      the prefences option "ntp_opt_show_end".
-
-    Syntax:
-
-      SERVER <|> FINISHED <|> host <|> SERVER
-
-  GO ON
-
-    Description:
-
-      This command can be used by the client in case the protocol
-      feature "md5_caching" was selected by the client.
-
-      It usually follows the PLUGINS_MD5 commands of the server
-      in case the server side md5sum is equal to the md5sum
-      of the client side cached NVTs.
-
-      The server will answer with command PREFERENCES and
-      communication will continue as it would have been without
-      md5_caching feature.
-
-    Syntax:
-
-      CLIENT <|> GO ON <|> CLIENT
-
-  HOLE
-
-    Description:
-
-      With this command the server reports a identified
-      problem of class "security hole".
-      The "general" version is applied if no port relates to the hole.
-
-    Syntax:
-
-    SERVER <|> HOLE <|> host <|> service_name (port_number/protocol_type) <|> description <|> oid <|> SERVER
-
-    SERVER <|> HOLE <|> host <|> general <|> description <|> oid <|> SERVER
-
-    where
-      host: the target system
-      service_name: the name of the service (like in /etc/services)
-      port_number: the port number the problem relates to.
-      protocol_type: "tcp" or "udp".
-      description: the problem description where newlines have been
-                   replaced by semicolons.
-      oid: the OID of the NVT that identified the problem.
-
-  INFO
-
-    Description:
-
-      With this command the server reports a identified
-      problem of class "security info".
-      The "general" version is applied if no port relates to the info.
-
-    Syntax:
-
-    SERVER <|> INFO <|> host <|> service_name (port_number/protocol_type) <|> description <|> oid <|> SERVER
-
-    SERVER <|> INFO <|> host <|> general <|> description <|> oid <|> SERVER
-
-    where
-      host: the target system
-      service_name: the name of the service (like in /etc/services)
-      port_number: the port number the problem relates to.
-      protocol_type: "tcp" or "udp".
-      description: the problem description where newlines have been
-                   replaced by semicolons.
-      oid: the OID of the NVT that identified the problem.
-
-  LONG_ATTACK
-
-    Description:
-
-      With this command the client requests the server to attack target
-      system(s) "hosts". "hosts" is one or many (comma-separated) IP or FQDN.
-
-      "length" is the number of bytes of "hosts". In case this does not match,
-      the server will close connection.
-
-      Before the client sends LONG_ATTACK, the commands PREFERENCES and
-      RULES should be applied.
-
-    Syntax:
-
-      CLIENT <|> LONG_ATTACK
-      length
-      hosts
-
-  NOTE
-
-    Description:
-
-      With this command the server reports a identified
-      problem of class "security note".
-      The "general" version is applied if no port relates to the note.
-
-    Syntax:
-
-    SERVER <|> NOTE <|> host <|> service_name (port_number/protocol_type) <|> description <|> oid <|> SERVER
-
-    SERVER <|> NOTE <|> host <|> general <|> description <|> oid <|> SERVER
-
-    where
-      host: the target system
-      service_name: the name of the service (like in /etc/services)
-      port_number: the port number the problem relates to
-      protocol_type: "tcp" or "udp".
-      description: the problem description where newlines have been
-                   replaced by semicolons.
-      oid: the OID of the NVT that identified the problem.
-
-  OPENVAS_VERSION
-
-    Description:
-
-      With this command the client asks the server to send
-      its version.
-
-      The server will answer as shown in the syntax.
-
-    Syntax:
-
-      CLIENT <|> OPENVAS_VERSION <|> CLIENT
-
-      SERVER <|> OPENVAS_VERSION <|> version <|> SERVER
-
-  PLUGINS_DEPENDENCIES
-
-    Description:
-
-      The PLUGINS_DEPENDENCIES messages are send after the RULES messages.
-
-    Syntax:
-
-      SERVER <|> PLUGINS_DEPENDENCIES
-      plugin_1_name <|> dependency1 <|> dependency2 <|> ... <|>
-      plugin_2_name <|> dependency1 <|> dependency2 <|> ... <|>
-      ...
-      <|> SERVER
-
-  PLUGINS_MD5
-
-    Description:
-
-      Attention: This command occurs in two ways.
-
-      1. This command replaces PLUGIN_LIST command in case the protocol
-         feature "md5_caching" was selected by the client.
-
-         "md5sum" is the MD5 sum over all NVTs.
-
-      2. This command follows the SEND_PLUGINS_MD5 command of the client
-         and delivers the md5sums for each NVT.
-
-    Syntax:
-
-      1.
-      SERVER <|> PLUGINS_MD5 <|> md5sum <|> SERVER
-
-      2.
-      SERVER <|> PLUGINS_MD5
-      nvt_name1 <|> md5sum1
-      nvt_name2 <|> md5sum2
-      ...
-      <|> SERVER
-
-  PLUGIN_INFO
-
-    Description:
-
-      This command is issued by the client to request
-      information of the NVT specified by its oid.
-
-    Syntax:
-
-      CLIENT <|> PLUGIN_INFO <|> oid <|> CLIENT
-
-      The server answers with this line (analogous to PLUGIN_LIST command):
-
-      oid <|> name <|> category <|> copyright <|> description <|> summary <|> family <|> plugin_version <|> cve_id <|> bugtraq_id <|> xrefs
-
-      In case no plugin with OID=oid is found, the server will not answer at all.
-
-  PLUGIN_LIST
-
-    Description:
-
-      With this command the server sends detailed information about
-      the available NVTs.
-
-      The server will send PREFERENCES and RULES right after this command.
-
-      The client might request individual NVT information via PLUGIN_INFO
-      command.
-
-    Syntax:
-
-      SERVER <|> PLUGIN_LIST <|>
-      oid <|> name <|> category <|> copyright <|> description <|> summary <|> family <|> plugin_version <|> cve_id <|> bugtraq_id <|> xrefs
-      oid <|> name <|> category <|> copyright <|> description <|> summary <|> family <|> plugin_version <|> cve_id <|> bugtraq_id <|> xrefs
-      ...
-      <|> SERVER
-
-  PORT
-
-    Description:
-
-      With this command the server reports on open port
-      "port_number" on target system "host".
-
-    Syntax:
-
-      SERVER <|> PORT <|> host <|> port_number <|> SERVER
-
-  PREFERENCES
-
-    Description:
-
-      With this command the values for the preferences are
-      communicated. The server uses the commands to inform
-      about defaults, the client uses the command to send
-      the user selections. The server answers with PREFERENCES_ERROR.
-
-      Note that besides some general preferences, the syntax definition
-      describes also per-NVT preferences and its special way of applying these.
-
-      Available preferences:
-      ntp_save_sessions:
-        If set to "yes", the server will support server-side saving of
-        scan sessions and these commands will be available: SESSIONS_LIST,
-        SESSION_DELETE and SESSION_RESTORE.
-      save_session:
-        If set to yes, the server will save the scan as a session.
-      save_empty_sessions:
-        Only considered if save_session is set to "yes".
-        If set to "yes" even emtpy scans will be saved a session.
-      max_threads:
-      test_file:
-      ping_hosts:
-      reverse_lookup:
-      outside_firewall:
-      host_expansion:
-      port_range:
-      max_hosts:
-      save_knowledge_base:
-        Activates KB saving when set to "yes"
-      only_test_hosts_whose_kb_we_have:
-        Only scans host for which the KB is filled when set to "yes"
-      only_test_hosts_whose_kb_we_dont_have:
-        Only scans host for which the KB is empty when set to "yes"
-      kb_restore:
-        Restore the KB contents for tested hosts when when set to "yes".
-      kb_dont_replay_scanners:
-        Don't run scanners in case in case kb_restore is set to "yes"
-        and there is contents in the KB when set to "yes".
-      kb_dont_replay_info_gathering:
-        Don't run gatherers in case in case kb_restore is set to "yes"
-        and there is contents in the KB when set to "yes".
-      kb_dont_replay_attacks:
-        Don't run attack scripts in case in case kb_restore is set to "yes"
-        and there is contents in the KB when set to "yes".
-      kb_dont_replay_denials:
-        Don't run DoS attack scripts in case in case kb_restore is set to "yes"
-        and there is contents in the KB when set to "yes".
-      kb_max_age:
-        This sets the maximum age (in seconds) of a KB until
-        it gets disregarded.
-      timeout.<nvt_id> = <timeout>
-        Set the timeout <timeout> for NVT <nvt_id>. Timeout of "-1"
-        means no specific timeout.
-
-      Only sent by CLIENT:
-      plugin_set:                   empty means all NVTs
-      ntp_opt_show_end:             Tell server to send FINISHED messages
-      ntp_keep_communication_alive: Tell server to keep the connection even
-                                    after a scan was finished.
-      ntp_short_status:             Tell server send shorter STATUS message in
-                                    order to save band width.
-
-    Syntax:
-
-      SERVER <|> PREFERENCES <|>
-      pref_name <|> value
-      pref_name <|> value
-      pref_name <|> value
-      ...
-      <|> SERVER
-
-      CLIENT <|> PREFERENCES <|>
-      pref_name <|> value
-      pref_name <|> value
-      pref_name <|> value
-      ...
-      <|> CLIENT
-
-      For preference of individual NVTs these lines can occur inside the list:
-
-      nvt_name[pref_type]:pref_name <|> value
-
-      where
-        nvt_name:  This references the NVT for which the preferences are set
-        pref_type: Defines the variable type of the preference which ultimately
-                   determines the widget type in the client GUI.
-        pref_name: This references the Preference and at the same time is used as
-                   the visible string for the user in the GUI.
-        value:     The default value for this preference when sent by SERVER,
-                   the user selected value if send by CLIENT
-
-      and pref_type is one of these:
-        checkbox: value is "yes" or "no"
-        entry:    value is a text string
-        password: value is a text string but should not be shown in GUI or
-                  in cleartext in local files
-        radio:    value is a list of semicolon-separated options when sent by SERVER
-                  and only the user-selected option name when sent by CLIENT
-        file:     value is "<none>" when sent by SERVER and a file path when sent
-                  by CLIENT. The client has to submit the file under the very same
-                  path name using the command ATTACHED_FILE.
-
-
-  PREFERENCES_ERRORS
-
-    Description:
-
-      With this command the server reports problems with the
-      parameters set by the client. It follows immediately
-      the PREFERENCES command of the client.
-
-      Each "pref_name" occuring in this list was not accepted
-      by the server. The server will apply "default_value" instead.
-
-      In case no "pref_name" is reported with this command,
-      all preferences where accepted.
-
-    Syntax:
-
-      SERVER <|> PREFERENCES_ERRORS
-      pref_name <|> default_value
-      pref_name <|> default_value
-      pref_name <|> default_value
-      ...
-      <|> SERVER
-
-  RULES
-
-    Description:
-
-      Rules define restrictions for target systems.
-      Client-side rules self-restrict target host patterns,
-      server-side rules are just for information to the client.
-      These rule sets are independent of each other.
-
-    Syntax:
-
-      SERVER <|> RULES <|>
-      rule_1;
-      rule_2;
-      rule_3;
-      ...
-      <|> SERVER
-
-      CLIENT <|> RULES <|>
-      rule_1;
-      rule_2;
-      rule_3;
-      ...
-      <|> CLIENT
-
-  SEND_PLUGINS_MD5
-
-    Description:
-
-      This command can be used by the client in case the protocol
-      feature "md5_caching" was selected by the client.
-
-      It usually follows the PLUGINS_MD5 commands of the server
-      in case the server side md5sum is not equal to the md5sum
-      of the client side cached NVTs. Alternatively, the client
-      can use the command COMPLETE_LIST.
-
-      The server will answer with command PLUGINS_MD5.
-
-    Syntax:
-
-      CLIENT <|> SEND_PLUGINS_MD5 <|> CLIENT
-
-  SESSIONS_LIST
-
-    Description:
-
-      The CLIENT request with this command the list of sessions
-      stored on the server side for the logged in user.
-
-      The SERVER will answer with the same command and provide
-      the list of sessions. The session names are derived from
-      time stamps. The hosts are the targets applied for the
-      respective session. The hosts are just there to help identify
-      the sessions. It is cut after 4000 bytes of length.
-
-    Syntax:
-
-      CLIENT <|> SESSIONS_LIST <|> CLIENT
-
-      SERVER <|> SESSIONS_LIST
-      session_name1 hosts1
-      session_name2 hosts2
-      ...
-      <|> SERVER
-
-  SESSION_DELETE
-
-    Description:
-
-      With this command the client deletes the session identified
-      with "session_name" from the server-side storage.
-      The server will not answer in case of success, else
-      it will answer with an ERROR command.
-
-    Syntax:
-
-      CLIENT <|> SESSION_DELETE <|> session_name <|> CLIENT
-
-
-  SESSION_RESTORE
-
-    Description:
-
-      With this command the client tells the server to pick up
-      again the session identified with "session_name".
-      The server will act as if a LONG_ATTACK command has issued
-      and will send all results that were collected so far for this
-      session immediately (and naturally rapidley) and then
-      continue the scan where it stopped.
-
-    Syntax:
-
-      CLIENT <|> SESSION_RESTORE <|> session_name <|> CLIENT
-
-
-  STATUS
-
-    Description:
-
-      With this command, the server informs the client about
-      the progress of the scan for target system "host".
-      "attack_state" is either "portscan" or "attack" (or just
-      "p" and "a" in case the client has set preferences
-      option "ntp_short_status").
-      "current" is the currently processed port and "max"
-      the last port number to be tested.
-
-    Syntax:
-
-      SERVER <|> STATUS <|> host <|> attack_state <|> current/max <|> SERVER
-
-      In case the client has set "ntp_short_status":
-
-      SERVER <|> STATUS <|> attack_state:host:current:max <|> SERVER
-
-
-  STOP_ATTACK
-
-    Description:
-
-      With this command, the client tells the server to stop
-      scanning target "host".
-
-    Syntax:
-
-      CLIENT <|> STOP_ATTACK <|> host <|> CLIENT
-
-  STOP_WHOLE_TEST
-
-    Description:
-
-      With this command the client tells to stop
-      the currently running test.
-
-    Syntax:
-
-      CLIENT <|> STOP_WHOLE_TEST <|> CLIENT
-
-  TIME
-
-    Description:
-
-      The TIME messages are sent by the server to inform
-      about the duration of scanning a host and of the whole scan.
-
-    Syntax:
-
-      After completion of scanning a target host the server sends:
-
-      SERVER <|> TIME <|> HOST_START <|> host <|> time_string <|> SERVER
-      SERVER <|> TIME <|> HOST_END <|> host <|> time_string <|> SERVER
-
-      or, in case STOP_ATTACK was issued by the client:
-
-      SERVER <|> TIME <|> HOST_START <|> host <|> time_string <|> SERVER
-      SERVER <|> TIME <|> HOST_INTERRUPTED <|> host <|> time_string <|> SERVER
-
-      After completion of the whole scan the server sends:
-
-      SERVER <|> TIME <|> SCAN_START <|> time_string <|> SERVER
-      SERVER <|> TIME <|> SCAN_END <|> time_string  <|> SERVER
-
-      where time_string is of the form "Wed Jun 30 21:49:08 1993".
-
-REFERENCES
-  [1] http://www.openvas.org/openvas-cr-4.html


From scm-commit at wald.intevation.org  Wed Oct  1 16:12:13 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Wed,  1 Oct 2008 16:12:13 +0200 (CEST)
Subject: [Openvas-commits] r1479 - in trunk/openvas-server: . openvasd
Message-ID: <20081001141213.CB89040786@pyrosoma.intevation.org>

Author: mwiegand
Date: 2008-10-01 16:12:13 +0200 (Wed, 01 Oct 2008)
New Revision: 1479

Modified:
   trunk/openvas-server/ChangeLog
   trunk/openvas-server/openvasd/oval_plugins.c
Log:
* openvasd/oval_plugins.c: Changed to set OIDs exclusively; setting IDs
as a workaround for NTP is no longer required.


Modified: trunk/openvas-server/ChangeLog
===================================================================
--- trunk/openvas-server/ChangeLog	2008-10-01 14:07:21 UTC (rev 1478)
+++ trunk/openvas-server/ChangeLog	2008-10-01 14:12:13 UTC (rev 1479)
@@ -1,5 +1,10 @@
 2008-10-01  Michael Wiegand <michael.wiegand at intevation.de>
 
+	* openvasd/oval_plugins.c: Changed to set OIDs exclusively; setting IDs
+	as a workaround for NTP is no longer required.
+
+2008-10-01  Michael Wiegand <michael.wiegand at intevation.de>
+
 	* doc/otp_specification_10.txt: Removed; the specification for OTP has
 	been updated and moved to the OpenVAS compendium.
 

Modified: trunk/openvas-server/openvasd/oval_plugins.c
===================================================================
--- trunk/openvas-server/openvasd/oval_plugins.c	2008-10-01 14:07:21 UTC (rev 1478)
+++ trunk/openvas-server/openvasd/oval_plugins.c	2008-10-01 14:12:13 UTC (rev 1479)
@@ -187,12 +187,7 @@
 
     args = emalloc(sizeof(struct arglist));
 
-    // NOTE: Due to the way OIDs/IDs are assigned right now, this does lead to
-    // an incorrect OID being set and reported to the client. This is due to
-    // restrictions in NTP and will likely change once the switch to OTP is
-    // complete.
     plug_set_oid(args, oid);
-    plug_set_id(args, (int)id); // <- Overwrites OID with Legacy OID
 
     plug_set_version(args, version);
     plug_set_name(args, title, NULL);


From scm-commit at wald.intevation.org  Wed Oct  1 17:01:17 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Wed,  1 Oct 2008 17:01:17 +0200 (CEST)
Subject: [Openvas-commits] r1480 - in trunk/openvas-plugins: . scripts
Message-ID: <20081001150117.BFE2640752@pyrosoma.intevation.org>

Author: chandra
Date: 2008-10-01 17:01:16 +0200 (Wed, 01 Oct 2008)
New Revision: 1480

Added:
   trunk/openvas-plugins/scripts/gb_adobe_prdts_code_exec_vuln_win.nasl
   trunk/openvas-plugins/scripts/gb_openoffice_rtl_allocatememory_bof_vuln_lin.nasl
   trunk/openvas-plugins/scripts/gb_openoffice_rtl_allocatememory_bof_vuln_win.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2008-10-01 14:12:13 UTC (rev 1479)
+++ trunk/openvas-plugins/ChangeLog	2008-10-01 15:01:16 UTC (rev 1480)
@@ -1,4 +1,10 @@
 2008-10-01 Chandrashekhar B <bchandra at secpod.com>
+	* scripts/gb_adobe_prdts_code_exec_vuln_win.nasl,
+	  scripts/gb_openoffice_rtl_allocatememory_bof_vuln_lin.nasl,
+	  scripts/gb_openoffice_rtl_allocatememory_bof_vuln_win.nasl:
+	  Added new plugins
+
+2008-10-01 Chandrashekhar B <bchandra at secpod.com>
 	* scripts/ssh_get_info.nasl:
 	  Changed the name as it conflicts with gather-package-list.nasl
 

Added: trunk/openvas-plugins/scripts/gb_adobe_prdts_code_exec_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_prdts_code_exec_vuln_win.nasl	2008-10-01 14:12:13 UTC (rev 1479)
+++ trunk/openvas-plugins/scripts/gb_adobe_prdts_code_exec_vuln_win.nasl	2008-10-01 15:01:16 UTC (rev 1480)
@@ -0,0 +1,114 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_adobe_prdts_code_exec_vuln_win.nasl 298 2008-10-01 13:17:18Z oct $
+#
+# Adobe Reader/Acrobat JavaScript Method Handling Vulnerability
+#
+# Authors:
+# Veerendra GG <veerendragg at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800106);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2008-2641");
+  script_bugtraq_id(29908);
+  script_xref(name:"CB-A", value:"08-0105");
+  script_name(english:"Adobe Reader/Acrobat JavaScript Method Handling Vulnerability");
+  desc["english"] = "
+
+  Overview : This host has Adobe Reader/Acrobat installed, which is/are prone
+  to Remote Code Execution Vulnerabilities.
+
+  Vulnerability Insight:
+  The flaw is caused due to an input validation error in a JavaScript method,
+  which could allow attackers to execute arbitrary code by tricking a user
+  into opening a specially crafted PDF document.
+
+  Impact:
+  Successful exploitation allows remote attackers to execute arbitrary code
+  or an attacker could take complete control of an affected system or cause
+  a denial of service condition.
+
+  Impact Level: System
+
+  Affected Software/OS:
+  Adobe Reader version 7.0.9 and prior - Windows(All)
+  Adobe Reader versions 8.0 through 8.1.2 - Windows(All)
+  Adobe Acrobat Professional version 7.0.9 and prior - Windows(All)
+  Adobe Acrobat Professional versions 8.0 through 8.1.2 - Windows(All)
+
+  Fix:
+  Apply Security Update mentioned in the advisory from the below link,
+  http://www.adobe.com/support/security/bulletins/apsb08-15.html
+
+  References:
+  http://secunia.com/advisories/30832
+  http://www.frsirt.com/english/advisories/2008/1906/products
+  http://www.adobe.com/support/security/bulletins/apsb08-15.html
+
+  CVSS Score:
+    CVSS Base Score     : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 6.9
+  Risk factor: High";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of Adobe Reader/Acrobat");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+  script_family(english:"Denial of Service");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_keys("SMB/WindowsVersion");
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+  exit(0);
+}
+
+if(!registry_key_exists(key:"SOFTWARE\Adobe")){
+  exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+keys = registry_enum_keys(key:key);
+
+foreach item (keys)
+{
+  adobeName = registry_get_sz(item:"DisplayName", key:key +item);
+
+  if("Adobe Reader" >< adobeName || "Adobe Acrobat" >< adobeName)
+  {
+    adobeVer = registry_get_sz(item:"DisplayVersion", key:key + item);
+    if(!adobeVer){
+      exit(0);
+    }
+
+    if(adobeVer =~ "^(7\.0(\.[0-9])?|(8\.0(\..*)?|8\.1(\.[0-2])?))$")
+    {
+      security_hole(0);
+      exit(0);
+    }
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_adobe_prdts_code_exec_vuln_win.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_openoffice_rtl_allocatememory_bof_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_openoffice_rtl_allocatememory_bof_vuln_lin.nasl	2008-10-01 14:12:13 UTC (rev 1479)
+++ trunk/openvas-plugins/scripts/gb_openoffice_rtl_allocatememory_bof_vuln_lin.nasl	2008-10-01 15:01:16 UTC (rev 1480)
@@ -0,0 +1,103 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_openoffice_rtl_allocateMemory_bof_vuln_lin.nasl 0295 2008-10-01 11:35:10:16Z oct $
+#
+# OpenOffice rtl_allocateMemory Heap Based BOF Vulnerability (Linux)
+#
+# Authors:      Chandan S <schandan at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800010);
+  script_version("$Revision: 1.1 $");
+  script_cve_id("CVE-2008-2152");
+  script_bugtraq_id(29622);
+  script_xref(name:"CB-A", value:"08-0095");
+  script_name(english:"OpenOffice rtl_allocateMemory Heap Based BOF Vulnerability (Linux)");
+  desc["english"] = "
+
+  Overview : The host has OpenOffice installed which is prone to heap based
+  buffer overflow vulnerability.
+
+  Vulnerability Insight:
+  The flaw is in alloc_global.c file in which rtl_allocateMemory function
+  rounding up allocation requests to be aligned on a 8 byte boundary without
+  checking the rounding results in an integer overflow condition.
+
+  Impact:
+  Exploitation will result in buffer overflows via a specially crafted document
+  and allow remote unprivileged user who provides a OpenOffice.org document that
+  is opened by a local user to execute arbitrary commands on the system with the
+  privileges of the user running OpenOffice.org.
+
+  Impact Level : System
+
+  Affected Software/OS:
+  OpenOffice.org 2.x on Linux (Any).
+
+  Fix : Upgrade to OpenOffice 2.4.1
+  http://download.openoffice.org/index.html
+
+  References:
+  http://secunia.com/advisories/30599
+  http://www.openoffice.org/security/cves/CVE-2008-2152.html
+  http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=714
+
+  CVSS Score:
+    CVSS Base Score     : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 6.9
+  Risk factor : High";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of OpenOffice");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+  script_family(english:"Misc.");
+  script_dependencies("gather-package-list.nasl");
+  script_require_keys("ssh/login/uname");
+  exit(0);
+}
+
+
+if("Linux" >!< get_kb_item("ssh/login/uname")){
+  exit(0);
+}
+
+release = get_kb_item("ssh/login/release");
+foreach item (get_kb_list("ssh/*/rpms"))
+{
+  # Exit if advisory based local check is available as they perform complete
+  # rpm package comparision.
+  # FixMe: Advisory local check is yet to be released for Fedora
+  if((release =~ "FC(7|8|9)") && (item =~ "(O|o)pen(O|o)ffice.*")){
+    report = string("Fedora advisory based local check is available to " +
+                    "verify if the package is\nup-to-date as per the vendor " +
+                    "advisory.\nPlease run the Fedora Local Checks to confirm.");
+    security_note(data:report);
+    exit(0);
+  }
+
+  if(egrep(pattern:"^(O|o)pen(O|o)ffice.*?~([01]\..*|2\.([0-3][^0-9]" +
+                   "|4(\.0)?[^.0-9]))", string:item))
+  {
+     security_hole(0);
+     exit(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_openoffice_rtl_allocatememory_bof_vuln_lin.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_openoffice_rtl_allocatememory_bof_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_openoffice_rtl_allocatememory_bof_vuln_win.nasl	2008-10-01 14:12:13 UTC (rev 1479)
+++ trunk/openvas-plugins/scripts/gb_openoffice_rtl_allocatememory_bof_vuln_win.nasl	2008-10-01 15:01:16 UTC (rev 1480)
@@ -0,0 +1,99 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_openoffice_rtl_allocateMemory_bof_vuln_win.nasl 0295 2008-10-01 10:23:16Z oct $
+#
+# OpenOffice rtl_allocateMemory Heap Based BOF Vulnerability
+#
+# Authors:      Chandan S <schandan at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800009);
+  script_version("$Revision: 1.1 $");
+  script_cve_id("CVE-2008-2152");
+  script_bugtraq_id(29622);
+  script_xref(name:"CB-A", value:"08-0095");
+  script_name(english:"OpenOffice rtl_allocateMemory Heap Based BOF Vulnerability");
+  desc["english"] = "
+
+  Overview: The host has OpenOffice installed which is prone to heap based
+  buffer overflow vulnerability.
+
+  Vulnerability Insight:
+  The flaw is in alloc_global.c file in which rtl_allocateMemory function
+  rounding up allocation requests to be aligned on a 8 byte boundary without
+  checking the rounding results, in an integer overflow condition.
+
+  Impact:
+  Exploitation will result in buffer overflows via a specially crafted document
+  and allow remote unprivileged user who provides a OpenOffice.org document that
+  is opened by a local user to execute arbitrary commands on the system with the
+  privileges of the user running OpenOffice.org.
+
+  Impact Level: System
+
+  Affected Software/OS:
+  OpenOffice.org 2.x on Windows (Any).
+
+  Fix : Upgrade to OpenOffice 2.4.1
+  http://download.openoffice.org/index.html
+
+  References:
+  http://secunia.com/advisories/30599
+  http://www.openoffice.org/security/cves/CVE-2008-2152.html
+  http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=714
+
+  CVSS Score:
+    CVSS Base Score     : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 6.9
+  Risk factor : High";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of OpenOffice");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+  script_family(english:"Misc.");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_keys("SMB/WindowsVersion");
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+  exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+keys = registry_enum_keys(key);
+foreach item (keys)
+{
+  if("OpenOffice.org" >< registry_get_sz(key:key + item, item:"DisplayName"))
+  {
+    if((egrep(pattern:"^([01]\..*|2\.([0-3](\..*)?|4(\.([0-8]?[0-9]?" +
+                      "[0-9]?[0-9]|9[0-2][0-9][0-9]|930[0-9]))?))$",
+              string:registry_get_sz(key:key + item, item:"DisplayVersion")))){
+      security_hole(0);
+    }
+    exit(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_openoffice_rtl_allocatememory_bof_vuln_win.nasl
___________________________________________________________________
Name: svn:executable
   + *


From scm-commit at wald.intevation.org  Thu Oct  2 08:09:56 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Thu,  2 Oct 2008 08:09:56 +0200 (CEST)
Subject: [Openvas-commits] r1481 - trunk/doc/website
Message-ID: <20081002060956.2002940752@pyrosoma.intevation.org>

Author: kost
Date: 2008-10-02 08:09:55 +0200 (Thu, 02 Oct 2008)
New Revision: 1481

Modified:
   trunk/doc/website/integrated-tools.htm4
Log:
Seems like I need to change again Nessus->Nmap



Modified: trunk/doc/website/integrated-tools.htm4
===================================================================
--- trunk/doc/website/integrated-tools.htm4	2008-10-01 15:01:16 UTC (rev 1480)
+++ trunk/doc/website/integrated-tools.htm4	2008-10-02 06:09:55 UTC (rev 1481)
@@ -61,7 +61,7 @@
 
 <p>
 Status (20080925): NMAP integration is inherited from Nessus through nmap.nasl plugin and used as portscanner plugin. Note that using nmap.nasl to directly scan high number of hosts is not recommended. If you're having large number of hosts to scan and want to use nmap, run nmap first on the hosts and then import them using nmap.nasl importer function. You can read explanation <a href="http://www.nessus.org/documentation/index.php?doc=nmap-usage">here</a>. <br />
-Future (20080925): NMAP has capabilities of scripting called <a href="http://nmap.org/book/nse.html">Nessus Scripting Engine (NSE)</a> which can also check for vulnerabilities. We're working on integrating nse scripts as plugins in OpenVAS. 
+Future (20080925): NMAP has capabilities of scripting called <a href="http://nmap.org/book/nse.html">Nmap Scripting Engine (NSE)</a> which can also check for vulnerabilities. We're working on integrating nse scripts as plugins in OpenVAS. 
 </p>
 
 <h3>ike-scan</h3>


From scm-commit at wald.intevation.org  Thu Oct  2 14:48:32 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Thu,  2 Oct 2008 14:48:32 +0200 (CEST)
Subject: [Openvas-commits] r1482 - trunk/doc/website
Message-ID: <20081002124832.815B640795@pyrosoma.intevation.org>

Author: mwiegand
Date: 2008-10-02 14:48:32 +0200 (Thu, 02 Oct 2008)
New Revision: 1482

Modified:
   trunk/doc/website/template_header.m4
Log:
Updated link for -compendium 1.0-rc1.


Modified: trunk/doc/website/template_header.m4
===================================================================
--- trunk/doc/website/template_header.m4	2008-10-02 06:09:55 UTC (rev 1481)
+++ trunk/doc/website/template_header.m4	2008-10-02 12:48:32 UTC (rev 1482)
@@ -147,9 +147,9 @@
 
      <p>
      Documentation:<br>
-     <a href="http://wald.intevation.org/frs/?group_id=29&amp;release_id=197">OpenVAS Compendium 0.2.0</a>
+     <a href="http://wald.intevation.org/frs/?group_id=29&amp;release_id=207">OpenVAS Compendium 1.0-rc1</a>
      </p>
-     
+
      <p>
      OpenVAS 2.0 BETA:<br>
      <a href="http://wald.intevation.org/frs/?group_id=29&amp;release_id=203">openvas-libraries&nbsp;2.0-beta1</a><br>


From scm-commit at wald.intevation.org  Fri Oct  3 15:12:56 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Fri,  3 Oct 2008 15:12:56 +0200 (CEST)
Subject: [Openvas-commits] r1483 - in trunk/openvas-plugins: . scripts
Message-ID: <20081003131256.B5D4640746@pyrosoma.intevation.org>

Author: chandra
Date: 2008-10-03 15:12:54 +0200 (Fri, 03 Oct 2008)
New Revision: 1483

Added:
   trunk/openvas-plugins/scripts/secpod_phpmyadmin_detect_900129.nasl
   trunk/openvas-plugins/scripts/secpod_phpmyadmin_remote_command_exe_vuln_900130.nasl
   trunk/openvas-plugins/scripts/secpod_phpmyadmin_xss_vuln_900134.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/gb_ms08-033.nasl
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2008-10-02 12:48:32 UTC (rev 1482)
+++ trunk/openvas-plugins/ChangeLog	2008-10-03 13:12:54 UTC (rev 1483)
@@ -1,3 +1,12 @@
+2008-10-03 Chandrashekhar B <bchandra at secpod.com>
+	* scripts/secpod_phpmyadmin_detect_900129.nasl,
+	  scripts/secpod_phpmyadmin_remote_command_exe_vuln_900130.nasl,
+	  scripts/secpod_phpmyadmin_xss_vuln_900134.nasl:
+	  Added new plugins
+
+	 * scripts/gb_ms08-033.nasl:
+	 Updated the regex
+
 2008-10-01 Chandrashekhar B <bchandra at secpod.com>
 	* scripts/gb_adobe_prdts_code_exec_vuln_win.nasl,
 	  scripts/gb_openoffice_rtl_allocatememory_bof_vuln_lin.nasl,

Modified: trunk/openvas-plugins/scripts/gb_ms08-033.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ms08-033.nasl	2008-10-02 12:48:32 UTC (rev 1482)
+++ trunk/openvas-plugins/scripts/gb_ms08-033.nasl	2008-10-03 13:12:54 UTC (rev 1483)
@@ -192,7 +192,7 @@
   else if(egrep(pattern:"^4\.09", string:directXver))
   {
     # Grep Quartz.dll version < 6.5.1.909
-    if(egrep(pattern:"^6\.05\.01\.0?([0-8]?[0-9]?[0-9]|90[0-8])$",
+    if(egrep(pattern:"^6\.05\.0?1\.0?([0-8]?[0-9]?[0-9]|90[0-8])$",
              string:fileVer)){
       security_hole(0);
     }

Added: trunk/openvas-plugins/scripts/secpod_phpmyadmin_detect_900129.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_phpmyadmin_detect_900129.nasl	2008-10-02 12:48:32 UTC (rev 1482)
+++ trunk/openvas-plugins/scripts/secpod_phpmyadmin_detect_900129.nasl	2008-10-03 13:12:54 UTC (rev 1483)
@@ -0,0 +1,72 @@
+##############################################################################
+#
+#  phpMyAdmin Version Detection 
+#
+#  Copyright: SecPod
+#
+#  Date Written: 2008/09/23
+#
+#  Revision: 1.1
+#
+#  Log: ssharath
+#  Issue #0252
+#  ------------------------------------------------------------------------
+#  This program was written by SecPod and is licensed under the GNU GPL 
+#  license. Please refer to the below link for details,
+#  http://www.gnu.org/licenses/gpl.html
+#  This header contains information regarding licensing terms under the GPL, 
+#  and information regarding obtaining source code from the Author. 
+#  Consequently, pursuant to section 3(c) of the GPL, you must accompany the 
+#  information found in this header with any distribution you make of this 
+#  Program.
+#  ------------------------------------------------------------------------
+##############################################################################
+
+if(description)
+{
+ script_id(900129);
+ script_copyright(english:"Copyright (C) 2008 SecPod");
+ script_version("Revision: 1.1 ");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"General");
+ script_name(english:"phpMyAdmin Version Detection");
+ script_summary(english:"Set File Version of phpMyAdmin in KB");
+ desc["english"] = "
+ Overview : This script finds the phpMyAdmin installed version and 
+ saves the version in KB.
+ 
+ Risk factor : Informational";
+
+ script_description(english:desc["english"]);
+ script_dependencies("http_version.nasl");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+
+ include("http_func.inc");
+ include("http_keepalive.inc");
+
+ port = get_http_port(default:80);
+ if(!port){
+        exit(0);
+ }
+
+ foreach dir (make_list("/phpmyadmin", cgi_dirs()))
+ {
+        sndReq = http_get(item:string(dir, "/index.php"), port:port);
+        rcvRes = http_keepalive_send_recv(port:port, data:sndReq);
+        if(rcvRes == NULL){
+                exit(0);
+        }
+
+        if(egrep(pattern:"^HTTP/.* 200 OK", string:rcvRes))
+        {
+                phpmaVer = egrep(pattern:"phpMyAdmin [0-9.]+", string:rcvRes);
+                phpmaVer = eregmatch(pattern:"[0-9.]+", string:phpmaVer);
+                if(phpmaVer != NULL){
+                         set_kb_item(name:"www/"+ port + "/phpMyAdmin",
+                                      value:phpmaVer[0] + " under " + dir);
+                }
+        }
+ }

Added: trunk/openvas-plugins/scripts/secpod_phpmyadmin_remote_command_exe_vuln_900130.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_phpmyadmin_remote_command_exe_vuln_900130.nasl	2008-10-02 12:48:32 UTC (rev 1482)
+++ trunk/openvas-plugins/scripts/secpod_phpmyadmin_remote_command_exe_vuln_900130.nasl	2008-10-03 13:12:54 UTC (rev 1483)
@@ -0,0 +1,77 @@
+##############################################################################
+#
+#  phpMyAdmin 'server_databases.php' Remote Command Execution Vulnerability
+#
+#  Copyright: SecPod
+#
+#  Date Written: 2008/09/17
+#
+#  Revision: 1.1
+#
+#  Log: ssharath
+#  Issue #0252
+#  ------------------------------------------------------------------------
+#  This program was written by SecPod and is licensed under the GNU GPL 
+#  license. Please refer to the below link for details,
+#  http://www.gnu.org/licenses/gpl.html
+#  This header contains information regarding licensing terms under the GPL, 
+#  and information regarding obtaining source code from the Author. 
+#  Consequently, pursuant to section 3(c) of the GPL, you must accompany the 
+#  information found in this header with any distribution you make of this 
+#  Program.
+#  ------------------------------------------------------------------------
+##############################################################################
+
+
+if(description)
+{
+ script_id(900130);
+ script_bugtraq_id(31188);
+ script_copyright(english:"Copyright (C) 2008 SecPod");
+ script_version("Revision: 1.1 ");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"CGI abuses");
+ script_name(english:"phpMyAdmin 'server_databases.php' Remote Command Execution Vulnerability");
+ script_summary(english:"Check for vulnerable version of phpMyAdmin");
+ desc["english"] = "
+ Overview : phpMyAdmin is prone to Remote Command Execution vulnerability.
+
+ Vulnerability Insight :
+
+        This issue is caused by, sort_by parameter in server_databases.php
+        which is not properly sanitised before being used.
+
+        Impact : Successful exploitation allows execution of arbitrary 
+        commands, and possibly compromise the affected application.
+
+ Impact Level : Application
+
+ Affected Software/OS :
+        phpMyAdmin versions prior to 2.11.9.1 on all platform
+ 
+ Fix : Upgrade to phpMyAdmin 2.11.9.1 or newer
+ http://www.phpmyadmin.net/home_page/downloads.php#2.11.9.1
+
+ References :
+ http://comments.gmane.org/gmane.comp.security.oss.general/947?set_lines=100000
+ http://fd.the-wildcat.de/pma_e36a091q11.php
+ http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-7
+ http://www.securityfocus.com/bid/31188/exploit
+
+ CVSS Score :
+        CVSS Base Score     : 6.0 (AV:N/AC:M/Au:SI/C:P/I:P/A:P)
+        CVSS Temporal Score : 4.7 
+ Risk factor : Medium";
+
+ script_description(english:desc["english"]);
+ script_dependencies("secpod_phpmyadmin_detect_900129.nasl");
+ exit(0);
+}
+
+
+ include("http_func.inc");
+ 
+ if(egrep(pattern:"^([01]\..*|2\.(([0-9]|10)(\..*)|11\.([0-8](\..*)?|9\.0)))",
+                   string:get_kb_item("www/" + port + "/phpMyAdmin"))){
+        security_hole(0);
+ }

Added: trunk/openvas-plugins/scripts/secpod_phpmyadmin_xss_vuln_900134.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_phpmyadmin_xss_vuln_900134.nasl	2008-10-02 12:48:32 UTC (rev 1482)
+++ trunk/openvas-plugins/scripts/secpod_phpmyadmin_xss_vuln_900134.nasl	2008-10-03 13:12:54 UTC (rev 1483)
@@ -0,0 +1,82 @@
+##############################################################################
+#
+#  phpMyAdmin Cross-Site Scripting Vulnerability
+#
+#  Copyright: SecPod
+#
+#  Date Written: 2008/09/24
+#
+#  Revision: 1.1
+#
+#  Log: ssharath
+#  Issue #0282
+#  ------------------------------------------------------------------------
+#  This program was written by SecPod and is licensed under the GNU GPL 
+#  license. Please refer to the below link for details,
+#  http://www.gnu.org/licenses/gpl.html
+#  This header contains information regarding licensing terms under the GPL, 
+#  and information regarding obtaining source code from the Author. 
+#  Consequently, pursuant to section 3(c) of the GPL, you must accompany the 
+#  information found in this header with any distribution you make of this 
+#  Program.
+#  ------------------------------------------------------------------------
+##############################################################################
+
+
+if(description)
+{
+ script_id(900134);
+ script_bugtraq_id(31327);
+ script_copyright(english:"Copyright (C) 2008 SecPod");
+ script_version("Revision: 1.1 ");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"CGI abuses : XSS");
+ script_name(english:"phpMyAdmin Cross-Site Scripting Vulnerability");
+ script_summary(english:"Check for vulnerable version of phpMyAdmin");
+ desc["english"] = "
+ Overview : The host is running phpMyAdmin, which is prone to Cross-Site 
+ Scripting Vulnerability.
+
+ Vulnerability Insight :
+
+        Error exists in the PMA_escapeJsString() function in js_escape.lib.php
+        file, which fails to sufficiently sanitize user-supplied data.
+
+        Impact : Execution of arbitrary HTML and script code will allow attackers
+        to steal cookie-based authentication credentials and to launch other
+        attacks.
+
+ Impact Level : Application
+
+ Affected Software/OS :
+        phpMyAdmin versions prior to 2.11.9.2 on all platform
+ 
+ Fix : Update to version 2.11.9.2
+ http://www.phpmyadmin.net/home_page/downloads.php
+
+ *****
+ NOTE : Ignore this warning, if above mentioned Update is applied already.
+ *****
+
+ References :
+ http://www.phpmyadmin.net/home_page/downloads.php?relnotes=1
+ http://secunia.com/advisories/31974/
+ http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-8
+
+ CVSS Score :
+        CVSS Base Score     : 7.9 (AV:N/AC:M/Au:SI/C:C/I:C/A:N)
+        CVSS Temporal Score : 5.9
+ Risk factor : High";
+
+ script_description(english:desc["english"]);
+ script_dependencies("secpod_phpmyadmin_detect_900129.nasl");
+ exit(0);
+}
+
+
+ include("http_func.inc");
+ 
+ if(egrep(pattern:"^2\.(([0-9]|10)(\..*)|11(\.[0-8](\..*)?|\.9(\.[01])))",
+                  string:get_kb_item("www/" + port + "/phpMyAdmin"))){
+        security_hole(port:port);
+ }


From scm-commit at wald.intevation.org  Fri Oct  3 23:16:58 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Fri,  3 Oct 2008 23:16:58 +0200 (CEST)
Subject: [Openvas-commits] r1484 - in trunk/openvas-plugins: . scripts
Message-ID: <20081003211658.E562040746@pyrosoma.intevation.org>

Author: reinke
Date: 2008-10-03 23:16:57 +0200 (Fri, 03 Oct 2008)
New Revision: 1484

Added:
   trunk/openvas-plugins/scripts/freebsd_bitlbee.nasl
   trunk/openvas-plugins/scripts/freebsd_lighttpd5.nasl
   trunk/openvas-plugins/scripts/freebsd_mplayer9.nasl
   trunk/openvas-plugins/scripts/freebsd_mysql-client0.nasl
   trunk/openvas-plugins/scripts/freebsdsa_nd6.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
Log:
New scripts added

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2008-10-03 13:12:54 UTC (rev 1483)
+++ trunk/openvas-plugins/ChangeLog	2008-10-03 21:16:57 UTC (rev 1484)
@@ -1,3 +1,8 @@
+2008-10-03  Thomas Reinke <reinke at securityspace.com>
+	* script/freebsd_lighttpd5.nasl script/freebsd_mplayer9.nasl
+	  script/freebsd_mysql-client0.nasl script/freebsdsa_nd6.nasl
+	  Added new plugins
+
 2008-10-03 Chandrashekhar B <bchandra at secpod.com>
 	* scripts/secpod_phpmyadmin_detect_900129.nasl,
 	  scripts/secpod_phpmyadmin_remote_command_exe_vuln_900130.nasl,

Added: trunk/openvas-plugins/scripts/freebsd_bitlbee.nasl
===================================================================
--- trunk/openvas-plugins/scripts/freebsd_bitlbee.nasl	2008-10-03 13:12:54 UTC (rev 1483)
+++ trunk/openvas-plugins/scripts/freebsd_bitlbee.nasl	2008-10-03 21:16:57 UTC (rev 1484)
@@ -0,0 +1,92 @@
+#
+#VID 24ec781b-8c11-11dd-9923-0016d325a0ed
+# OpenVAS Vulnerability Test
+# $
+# Description: Auto generated from VID 24ec781b-8c11-11dd-9923-0016d325a0ed
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisories, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(61680);
+ script_cve_id("CVE-2008-3920", "CVE-2008-3969");
+ script_version ("$");
+ name["english"] = "FreeBSD Ports: bitlbee";
+ script_name(english:name["english"]);
+
+ desc["english"] = "
+The remote host is missing an update to the system
+as announced in the referenced advisory.
+
+The following package is affected: bitlbee
+
+CVE-2008-3920
+Unspecified vulnerability in BitlBee before 1.2.2 allows remote
+attackers to 'recreate' and 'hijack' existing accounts via unspecified
+vectors.
+CVE-2008-3969
+Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow
+remote attackers to 'overwrite' and 'hijack' existing accounts via
+unknown vectors.  NOTE: this issue exists because of an incomplete fix
+for CVE-2008-3920.
+
+Solution:
+Update your system with the appropriate patches or
+software upgrades.
+
+http://secunia.com/advisories/31633/
+http://www.vuxml.org/freebsd/24ec781b-8c11-11dd-9923-0016d325a0ed.html
+
+Risk factor : High";
+
+ script_description(english:desc["english"]);
+
+ summary["english"] = "FreeBSD Ports: bitlbee";
+ script_summary(english:summary["english"]);
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com");
+ family["english"] = "FreeBSD Local Security Checks";
+ script_family(english:family["english"]);
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/freebsdrel");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-bsd.inc");
+vuln = 0;
+bver = portver(pkg:"bitlbee");
+if(!isnull(bver) && revcomp(a:bver, b:"1.2.3")<0) {
+    security_note(0, data:"Package bitlbee version " + bver + " is installed which is known to be vulnerable.");
+    vuln = 1;
+}
+
+if(vuln) {
+    security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/freebsd_lighttpd5.nasl
===================================================================
--- trunk/openvas-plugins/scripts/freebsd_lighttpd5.nasl	2008-10-03 13:12:54 UTC (rev 1483)
+++ trunk/openvas-plugins/scripts/freebsd_lighttpd5.nasl	2008-10-03 21:16:57 UTC (rev 1484)
@@ -0,0 +1,84 @@
+#
+#VID fb911e31-8ceb-11dd-bb29-000c6e274733
+# OpenVAS Vulnerability Test
+# $
+# Description: Auto generated from VID fb911e31-8ceb-11dd-bb29-000c6e274733
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisories, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(61701);
+ script_bugtraq_id(31434);
+ script_version ("$");
+ name["english"] = "FreeBSD Ports: lighttpd";
+ script_name(english:name["english"]);
+
+ desc["english"] = "
+The remote host is missing an update to the system
+as announced in the referenced advisory.
+
+The following package is affected: lighttpd
+
+Solution:
+Update your system with the appropriate patches or
+software upgrades.
+
+http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt
+http://www.lighttpd.net/security/lighttpd_sa_2008_06.txt
+http://www.lighttpd.net/security/lighttpd_sa_2008_07.txt
+http://www.vuxml.org/freebsd/fb911e31-8ceb-11dd-bb29-000c6e274733.html
+
+Risk factor : High";
+
+ script_description(english:desc["english"]);
+
+ summary["english"] = "FreeBSD Ports: lighttpd";
+ script_summary(english:summary["english"]);
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com");
+ family["english"] = "FreeBSD Local Security Checks";
+ script_family(english:family["english"]);
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/freebsdrel");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-bsd.inc");
+vuln = 0;
+bver = portver(pkg:"lighttpd");
+if(!isnull(bver) && revcomp(a:bver, b:"1.4.19_3")<0) {
+    security_note(0, data:"Package lighttpd version " + bver + " is installed which is known to be vulnerable.");
+    vuln = 1;
+}
+
+if(vuln) {
+    security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/freebsd_mplayer9.nasl
===================================================================
--- trunk/openvas-plugins/scripts/freebsd_mplayer9.nasl	2008-10-03 13:12:54 UTC (rev 1483)
+++ trunk/openvas-plugins/scripts/freebsd_mplayer9.nasl	2008-10-03 21:16:57 UTC (rev 1484)
@@ -0,0 +1,119 @@
+#
+#VID 724e6f93-8f2a-11dd-821f-001cc0377035
+# OpenVAS Vulnerability Test
+# $
+# Description: Auto generated from VID 724e6f93-8f2a-11dd-821f-001cc0377035
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisories, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(61700);
+ script_cve_id("CVE-2008-3827");
+ script_version ("$");
+ name["english"] = "mplayer -- multiple integer overflows";
+ script_name(english:name["english"]);
+
+ desc["english"] = "
+The remote host is missing an update to the system
+as announced in the referenced advisory.
+
+The following packages are affected:
+   mplayer
+   mplayer-esound
+   mplayer-gtk
+   mplayer-gtk2
+   mplayer-gtk-esound
+   mplayer-gtk2-esound
+
+CVE-2008-3827
+Multiple integer underflows in MPlayer 1.0_rc2 and earlier allow
+remote attackers to cause a denial of service (process termination)
+and possibly execute arbitrary code via a crafted video file that
+causes the stream_read function to read or write arbitrary memory.
+
+Solution:
+Update your system with the appropriate patches or
+software upgrades.
+
+http://www.ocert.org/advisories/ocert-2008-013.html
+http://www.vuxml.org/freebsd/724e6f93-8f2a-11dd-821f-001cc0377035.html
+
+Risk factor : High";
+
+ script_description(english:desc["english"]);
+
+ summary["english"] = "mplayer -- multiple integer overflows";
+ script_summary(english:summary["english"]);
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com");
+ family["english"] = "FreeBSD Local Security Checks";
+ script_family(english:family["english"]);
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/freebsdrel");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-bsd.inc");
+vuln = 0;
+bver = portver(pkg:"mplayer");
+if(!isnull(bver) && revcomp(a:bver, b:"0.99.11_7")<0) {
+    security_note(0, data:"Package mplayer version " + bver + " is installed which is known to be vulnerable.");
+    vuln = 1;
+}
+bver = portver(pkg:"mplayer-esound");
+if(!isnull(bver) && revcomp(a:bver, b:"0.99.11_7")<0) {
+    security_note(0, data:"Package mplayer-esound version " + bver + " is installed which is known to be vulnerable.");
+    vuln = 1;
+}
+bver = portver(pkg:"mplayer-gtk");
+if(!isnull(bver) && revcomp(a:bver, b:"0.99.11_7")<0) {
+    security_note(0, data:"Package mplayer-gtk version " + bver + " is installed which is known to be vulnerable.");
+    vuln = 1;
+}
+bver = portver(pkg:"mplayer-gtk2");
+if(!isnull(bver) && revcomp(a:bver, b:"0.99.11_7")<0) {
+    security_note(0, data:"Package mplayer-gtk2 version " + bver + " is installed which is known to be vulnerable.");
+    vuln = 1;
+}
+bver = portver(pkg:"mplayer-gtk-esound");
+if(!isnull(bver) && revcomp(a:bver, b:"0.99.11_7")<0) {
+    security_note(0, data:"Package mplayer-gtk-esound version " + bver + " is installed which is known to be vulnerable.");
+    vuln = 1;
+}
+bver = portver(pkg:"mplayer-gtk2-esound");
+if(!isnull(bver) && revcomp(a:bver, b:"0.99.11_7")<0) {
+    security_note(0, data:"Package mplayer-gtk2-esound version " + bver + " is installed which is known to be vulnerable.");
+    vuln = 1;
+}
+
+if(vuln) {
+    security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/freebsd_mysql-client0.nasl
===================================================================
--- trunk/openvas-plugins/scripts/freebsd_mysql-client0.nasl	2008-10-03 13:12:54 UTC (rev 1483)
+++ trunk/openvas-plugins/scripts/freebsd_mysql-client0.nasl	2008-10-03 21:16:57 UTC (rev 1484)
@@ -0,0 +1,82 @@
+#
+#VID 4775c807-8f30-11dd-821f-001cc0377035
+# OpenVAS Vulnerability Test
+# $
+# Description: Auto generated from VID 4775c807-8f30-11dd-821f-001cc0377035
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisories, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(61699);
+ script_bugtraq_id(31486);
+ script_version ("$");
+ name["english"] = "FreeBSD Ports: mysql-client";
+ script_name(english:name["english"]);
+
+ desc["english"] = "
+The remote host is missing an update to the system
+as announced in the referenced advisory.
+
+The following package is affected: mysql-client
+
+Solution:
+Update your system with the appropriate patches or
+software upgrades.
+
+http://www.henlich.de/it-security/mysql-command-line-client-html-injection-vulnerability/
+http://www.vuxml.org/freebsd/4775c807-8f30-11dd-821f-001cc0377035.html
+
+Risk factor : High";
+
+ script_description(english:desc["english"]);
+
+ summary["english"] = "FreeBSD Ports: mysql-client";
+ script_summary(english:summary["english"]);
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com");
+ family["english"] = "FreeBSD Local Security Checks";
+ script_family(english:family["english"]);
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/freebsdrel");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-bsd.inc");
+vuln = 0;
+bver = portver(pkg:"mysql-client");
+if(!isnull(bver) && revcomp(a:bver, b:"0")>0) {
+    security_note(0, data:"Package mysql-client version " + bver + " is installed which is known to be vulnerable.");
+    vuln = 1;
+}
+
+if(vuln) {
+    security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/freebsdsa_nd6.nasl
===================================================================
--- trunk/openvas-plugins/scripts/freebsdsa_nd6.nasl	2008-10-03 13:12:54 UTC (rev 1483)
+++ trunk/openvas-plugins/scripts/freebsdsa_nd6.nasl	2008-10-03 21:16:57 UTC (rev 1484)
@@ -0,0 +1,90 @@
+#
+#ADV FreeBSD-SA-08:10.nd6.asc
+# OpenVAS Vulnerability Test
+# $
+# Description: Auto generated from ADV FreeBSD-SA-08:10.nd6.asc
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisories, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(61702);
+ script_cve_id("CVE-2008-2476");
+ script_version ("$");
+ name["english"] = "FreeBSD Security Advisory (FreeBSD-SA-08:10.nd6.asc)";
+ script_name(english:name["english"]);
+
+ desc["english"] = "
+The remote host is missing an update to the system
+as announced in the referenced advisory FreeBSD-SA-08:10.nd6.asc
+
+IPv6 nodes use the Neighbor Discovery protocol to determine the link-layer
+address of other nodes, find routers, and maintain reachability information.
+The Neighbor Discovery protocol uses Neighbor Solicitation (ICMPv6 type 135)
+to query target nodes for their link-layer addresses.
+
+IPv6 routers may allow on-link IPv6 nodes to create and update the
+router's neighbor cache and forwarding information.  A malicious IPv6 node
+sharing a common router but on a different physical segment from another
+node may be able to spoof Neighbor Discovery messages, allowing it to update
+router information for the victim node.
+
+Solution:
+Upgrade your system to the appropriate stable release
+or security branch dated after the correction date
+
+https://secure1.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-08:10.nd6.asc
+Risk factor : High";
+
+ script_description(english:desc["english"]);
+
+ summary["english"] = "FreeBSD Security Advisory (FreeBSD-SA-08:10.nd6.asc)";
+ script_summary(english:summary["english"]);
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com");
+ family["english"] = "FreeBSD Local Security Checks";
+ script_family(english:family["english"]);
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/freebsdpatchlevel");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-bsd.inc");
+vuln = 0;
+if(patchlevelcmp(rel:"7.0", patchlevel:"5")<0) {
+    vuln = 1;
+}
+if(patchlevelcmp(rel:"6.3", patchlevel:"5")<0) {
+    vuln = 1;
+}
+
+if(vuln) {
+    security_hole(0);
+}


From scm-commit at wald.intevation.org  Sat Oct  4 09:54:26 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Sat,  4 Oct 2008 09:54:26 +0200 (CEST)
Subject: [Openvas-commits] r1485 - in trunk/openvas-plugins: . scripts
Message-ID: <20081004075426.6255540744@pyrosoma.intevation.org>

Author: chandra
Date: 2008-10-04 09:54:24 +0200 (Sat, 04 Oct 2008)
New Revision: 1485

Added:
   trunk/openvas-plugins/scripts/gb_adobe_prdts_code_exec_vuln_lin.nasl
   trunk/openvas-plugins/scripts/gb_adobe_prdts_detect_lin.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2008-10-03 21:16:57 UTC (rev 1484)
+++ trunk/openvas-plugins/ChangeLog	2008-10-04 07:54:24 UTC (rev 1485)
@@ -1,6 +1,11 @@
+2008-10-04 Chandrashekhar B <bchandra at secpod.com>
+	* scripts/gb_adobe_prdts_code_exec_vuln_lin.nasl,
+	  scripts/gb_adobe_prdts_detect_lin.nasl:
+	  Added new plugins
+
 2008-10-03  Thomas Reinke <reinke at securityspace.com>
-	* script/freebsd_lighttpd5.nasl script/freebsd_mplayer9.nasl
-	  script/freebsd_mysql-client0.nasl script/freebsdsa_nd6.nasl
+	* script/freebsd_lighttpd5.nasl script/freebsd_mplayer9.nasl,
+	  script/freebsd_mysql-client0.nasl script/freebsdsa_nd6.nasl:
 	  Added new plugins
 
 2008-10-03 Chandrashekhar B <bchandra at secpod.com>

Added: trunk/openvas-plugins/scripts/gb_adobe_prdts_code_exec_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_prdts_code_exec_vuln_lin.nasl	2008-10-03 21:16:57 UTC (rev 1484)
+++ trunk/openvas-plugins/scripts/gb_adobe_prdts_code_exec_vuln_lin.nasl	2008-10-04 07:54:24 UTC (rev 1485)
@@ -0,0 +1,87 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_adobe_prdts_code_exec_vuln_lin.nasl 298 2008-10-03 16:37:37Z oct $
+#
+# Adobe Reader/Acrobat JavaScript Method Handling Vulnerability (Linux)
+#
+# Authors:
+# Veerendra GG <veerendragg at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800107);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2008-2641");
+  script_bugtraq_id(29908);
+  script_xref(name:"CB-A", value:"08-0105");
+  script_name(english:"Adobe Reader/Acrobat JavaScript Method Handling Vulnerability (Linux)");
+  desc["english"] = "
+
+  Overview : This host has Adobe Reader/Acrobat installed, which is/are prone
+  to Remote Code Execution Vulnerabilities.
+
+  Vulnerability Insight:
+  The flaw is caused due to an input validation error in a JavaScript method,
+  which could allow attackers to execute arbitrary code by tricking a user
+  into opening a specially crafted PDF document.
+
+  Impact:
+  Successful exploitation allows remote attackers to execute arbitrary code
+  or an attacker could take complete control of an affected system or cause
+  a denial of service condition.
+
+  Impact Level: System
+
+  Affected Software/OS:
+  Adobe Reader version 7.0.9 and prior - Linux(All)
+  Adobe Reader versions 8.0 through 8.1.2 - Linux(All)
+
+  Fix:
+  Apply Security Update mentioned in the advisory from the below link,
+  http://www.adobe.com/support/security/bulletins/apsb08-15.html
+
+  References:
+  http://xforce.iss.net/xforce/xfdb/43307
+  http://www.frsirt.com/english/advisories/2008/1906/products
+  http://www.adobe.com/support/security/bulletins/apsb08-15.html
+
+  CVSS Score:
+    CVSS Base Score     : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 6.9
+  Risk factor: High";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of Adobe Reader/Acrobat");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+  script_family(english:"Denial of Service");
+  script_dependencies("gb_adobe_prdts_detect_lin.nasl");
+  exit(0);
+}
+
+
+adobeVer = get_kb_item("Adobe/Reader/Linux/Ver");
+if(!adobeVer){
+  exit(0);
+}
+
+if(adobeVer =~ "^(7\.0(\.[0-9])?|(8\.0(\..*)?|8\.1(\.[0-2])?))$"){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_adobe_prdts_code_exec_vuln_lin.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_adobe_prdts_detect_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_prdts_detect_lin.nasl	2008-10-03 21:16:57 UTC (rev 1484)
+++ trunk/openvas-plugins/scripts/gb_adobe_prdts_detect_lin.nasl	2008-10-04 07:54:24 UTC (rev 1485)
@@ -0,0 +1,112 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_adobe_prdts_detect_lin.nasl 0301 2008-10-03 11:21:44Z sep $
+#
+# VMware products version detection (Linux)
+#
+# Authors:
+# Veerendra GG <veerendragg at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800108);
+  script_version("$Revision: 1.0 $");
+  script_name(english:"Adobe products version detection (Linux)");
+  desc["english"] ="
+  Overview : This script retrieves all Adobe Products version and saves
+  those in KB.
+
+  Risk factor : Informational";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Get/Set the versions of Adobe Products");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+  script_family(english:"General");
+  script_dependencies("gather-package-list.nasl");
+  script_require_keys("ssh/login/uname");
+  exit(0);
+}
+
+
+include("ssh_func.inc");
+
+if("Linux" >!< get_kb_item("ssh/login/uname")){
+  exit(0);
+}
+
+rpmLists = get_kb_list("ssh/*/rpms");
+foreach rpm (rpmLists)
+{
+  if("AdobeReader" >< rpm)
+  {
+    adobeVer = egrep(pattern:"AdobeReader.*$", string:rpm);
+    adobeVer = chomp(adobeVer);
+    adobeVer = ereg_replace(pattern:"AdobeReader_[a-z]+~([.0-9]*).*",
+                            string:adobeVer, replace:"\1");
+    if(adobeVer =~ "^[0-9](\.|[0-9]).*"){
+        set_kb_item(name:"Adobe/Reader/Linux/Ver", value:adobeVer);
+    }
+    exit(0);
+  }
+}
+
+sock = ssh_login_or_reuse_connection();
+if(!sock){
+       exit(0);
+}
+
+# If not RPM.
+acroPath = ssh_cmd(socket:sock, cmd:"locate -ir .*Reader/AcroVersion$",
+                   timeout:120);
+
+# If thorough test is on
+if("Reader/AcroVersion" >!< acroPath &&
+   "yes" >< get_kb_item("global_settings/thorough_tests"))
+{
+  cmd = "find / -maxdepth 7 -mindepth 3 -xdev -type f -path" +
+            " '*Reader/AcroVersion' -print";
+  acroPath = ssh_cmd(socket:sock, cmd:cmd, timeout:120);
+}
+
+if("Reader/AcroVersion" >!< acroPath)
+{
+  ssh_close_connection();
+  exit(0);
+}
+
+acroPath = split(acroPath);
+foreach path (acroPath)
+{
+  if(ssh_cmd(socket:sock, cmd:"test -f " + chomp(path) + " && echo $?",
+             timeout:120))
+  {
+    adobeVer = ssh_cmd(socket:sock, cmd:"cat " + chomp(path), timeout:120);
+    adobeVer = chomp(adobeVer);
+    adobeVer = ereg_replace(pattern:"([.0-9]*).*", string:adobeVer, replace:"\1");
+    if(adobeVer)
+    {
+      set_kb_item(name:"Adobe/Reader/Linux/Ver", value:adobeVer);
+      ssh_close_connection();
+      exit(0);
+    }
+  }
+}
+ssh_close_connection();


Property changes on: trunk/openvas-plugins/scripts/gb_adobe_prdts_detect_lin.nasl
___________________________________________________________________
Name: svn:executable
   + *


From scm-commit at wald.intevation.org  Sun Oct  5 12:04:09 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Sun,  5 Oct 2008 12:04:09 +0200 (CEST)
Subject: [Openvas-commits] r1486 - in trunk/openvas-libnasl: . nasl
Message-ID: <20081005100409.21C294073A@pyrosoma.intevation.org>

Author: timb
Date: 2008-10-05 12:04:08 +0200 (Sun, 05 Oct 2008)
New Revision: 1486

Modified:
   trunk/openvas-libnasl/ChangeLog
   trunk/openvas-libnasl/nasl/nasl_cmd_exec.c
Log:
Fixed potential symlink attacks against fread, fwrite and file_open NASL functions


Modified: trunk/openvas-libnasl/ChangeLog
===================================================================
--- trunk/openvas-libnasl/ChangeLog	2008-10-04 07:54:24 UTC (rev 1485)
+++ trunk/openvas-libnasl/ChangeLog	2008-10-05 10:04:08 UTC (rev 1486)
@@ -1,3 +1,8 @@
+2008-10-05  Tim Brown <timb at nth-dimension.org.uk>
+
+	* nasl/nasl_cmd_exec.c: Fixed potential symlink attacks against fread,
+	fwrite and file_open NASL functions.
+
 2008-09-24  Michael Wiegand <michael.wiegand at intevation.de>
 
 	Post release version bump.

Modified: trunk/openvas-libnasl/nasl/nasl_cmd_exec.c
===================================================================
--- trunk/openvas-libnasl/nasl/nasl_cmd_exec.c	2008-10-04 07:54:24 UTC (rev 1485)
+++ trunk/openvas-libnasl/nasl/nasl_cmd_exec.c	2008-10-05 10:04:08 UTC (rev 1486)
@@ -233,7 +233,8 @@
 {
   tree_cell	*retc;
   char		*fname;
-  struct stat	st;
+  struct stat   lstat_info, fstat_info;
+  int		fd;
   char		*buf, *p;
   int		alen, len, n;
   FILE		*fp;
@@ -246,19 +247,41 @@
       nasl_perror(lexic, "fread: need one argument (file name)\n");
       return NULL;
     }
-  
-  if (stat(fname, &st) < 0)
-    {
-      nasl_perror(lexic, "fread: stat(%s): %s\n", fname, strerror(errno));
+
+  if (lstat(fname, &lstat_info) == -1) {
+    if (errno != ENOENT) {
+      nasl_perror(lexic, "fread: %s: %s\n", fname, strerror(errno));
       return NULL;
     }
-
-  fp = fopen(fname, "r");
-  if (fp == NULL)
-    {
+    fd = open(fname, O_RDONLY, 0600);
+    if (fd < 0) {
       nasl_perror(lexic, "fread: %s: %s\n", fname, strerror(errno));
       return NULL;
     }
+  } else {
+    fd = open(fname, O_RDONLY, 0600);
+    if (fd < 0) {
+      nasl_perror(lexic, "fread: %s: possible symlink attack!?! %s\n", fname, strerror(errno));
+      return NULL;
+    }
+    if (fstat(fd, &fstat_info) == -1) {
+        close(fd);
+        nasl_perror(lexic, "fread: %s: possible symlink attack!?! %s\n", fname, strerror(errno));
+        return NULL;
+    } else {
+      if (lstat_info.st_mode != fstat_info.st_mode || lstat_info.st_ino != fstat_info.st_ino || lstat_info.st_dev != fstat_info.st_dev) {
+        close(fd);
+        nasl_perror(lexic, "fread: %s: possible symlink attack!?!\n", fname);
+        return NULL;
+      }
+    }
+  }
+  fp = fdopen(fd, "r");
+  if(fp != FALSE) {
+    close(fp);
+    nasl_perror(lexic, "fread: %s: %s\n", fname, strerror(errno));
+    return NULL;
+  }
 
   alen = st.st_size + 1;
   buf = emalloc(alen);
@@ -338,6 +361,8 @@
 {
   tree_cell	*retc;
   char		*content, *fname;
+  struct stat   lstat_info, fstat_info;
+  int		fd;
   int		len, i, x;
   FILE		*fp;
 
@@ -356,12 +381,41 @@
     }
   len = get_var_size_by_name(lexic, "data");
   
-  fp = fopen(fname, "w");
-  if (fp == NULL)
-    {
+  if (lstat(fname, &lstat_info) == -1) {
+    if (errno != ENOENT) {
       nasl_perror(lexic, "fwrite: %s: %s\n", fname, strerror(errno));
       return NULL;
     }
+    fd = open(fname, O_WRONLY|O_CREAT, 0600);
+    if (fd < 0) {
+      nasl_perror(lexic, "fwrite: %s: %s\n", fname, strerror(errno));
+      return NULL;
+    }
+  } else {
+    fd = open(fname, O_WRONLY|O_CREAT, 0600);
+    if (fd < 0) {
+      nasl_perror(lexic, "fwrite: %s: possible symlink attack!?! %s\n", fname, strerror(errno));
+      return NULL;
+    }
+    if (fstat(fd, &fstat_info) == -1) {
+        close(fd);
+        nasl_perror(lexic, "fread: %s: possible symlink attack!?! %s\n", fname, strerror(errno));
+        return NULL;
+    } else {
+      if (lstat_info.st_mode != fstat_info.st_mode || lstat_info.st_ino != fstat_info.st_ino || lstat_info.st_dev != fstat_info.st_dev) {
+        close(fd);
+        nasl_perror(lexic, "fread: %s: possible symlink attack!?!\n", fname);
+        return NULL;
+      }
+    }
+  }
+  fp = fdopen(fd, "w");
+  if (fp != FALSE) {
+    close(fp);
+    nasl_perror(lexic, "fread: %s: %s\n", fname, strerror(errno));
+    return NULL;
+  }
+
   for (i = 0; i < len; )
     {
       x = fwrite(content + i, 1, len - i, fp);
@@ -445,6 +499,7 @@
 {
   tree_cell	*retc;
   char		*fname, *mode;
+  struct stat   lstat_info, fstat_info;
   int		fd; 
   int		imode = O_RDONLY;
 
@@ -475,12 +530,34 @@
    else if ( strcmp(mode, "a+") == 0 )
 	imode = O_RDWR|O_APPEND|O_CREAT;
 
-  fd = open(fname, imode, 0600);
-  if ( fd < 0 )
-    {
+  if (lstat(fname, &lstat_info) == -1) {
+    if (errno != ENOENT) {
       nasl_perror(lexic, "file_open: %s: %s\n", fname, strerror(errno));
       return NULL;
     }
+    fd = open(fname, imode, 0600);
+    if (fd < 0) {
+      nasl_perror(lexic, "file_open: %s: %s\n", fname, strerror(errno));
+      return NULL;
+    }
+  } else {
+    fd = open(fname, imode, 0600);
+    if (fd < 0) {
+      nasl_perror(lexic, "file_open: %s: possible symlink attack!?! %s\n", fname, strerror(errno));
+      return NULL;
+    }
+    if (fstat(fd, &fstat_info) == -1) {
+        close(fd);
+        nasl_perror(lexic, "fread: %s: possible symlink attack!?! %s\n", fname, strerror(errno));
+        return NULL;
+    } else {
+      if (lstat_info.st_mode != fstat_info.st_mode || lstat_info.st_ino != fstat_info.st_ino || lstat_info.st_dev != fstat_info.st_dev) {
+        close(fd);
+        nasl_perror(lexic, "fread: %s: possible symlink attack!?!\n", fname);
+        return NULL;
+      }
+    }
+  }
 
   retc = alloc_typed_cell(CONST_INT);
   retc->x.i_val = fd;


From scm-commit at wald.intevation.org  Mon Oct  6 13:07:15 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Mon,  6 Oct 2008 13:07:15 +0200 (CEST)
Subject: [Openvas-commits] r1487 - in trunk/openvas-plugins: . scripts
Message-ID: <20081006110715.E070B40739@pyrosoma.intevation.org>

Author: chandra
Date: 2008-10-06 13:07:14 +0200 (Mon, 06 Oct 2008)
New Revision: 1487

Added:
   trunk/openvas-plugins/scripts/gb_firefox_detect_win.nasl
   trunk/openvas-plugins/scripts/gb_firefox_mult_vuln_july08_win.nasl
   trunk/openvas-plugins/scripts/gb_seamonkey_detect_win.nasl
   trunk/openvas-plugins/scripts/gb_seamonkey_mult_vuln_july08_win.nasl
   trunk/openvas-plugins/scripts/gb_thunderbird_detect_win.nasl
   trunk/openvas-plugins/scripts/gb_thunderbird_mult_vuln_july08_win.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2008-10-05 10:04:08 UTC (rev 1486)
+++ trunk/openvas-plugins/ChangeLog	2008-10-06 11:07:14 UTC (rev 1487)
@@ -1,3 +1,12 @@
+2008-10-06 Chandrashekhar B <bchandra at secpod.com>
+	* scripts/gb_thunderbird_detect_win.nasl,
+	  scripts/gb_thunderbird_mult_vuln_july08_win.nasl,
+	  scripts/gb_firefox_detect_win.nasl,
+	  scripts/gb_firefox_mult_vuln_july08_win.nasl,
+	  scripts/gb_seamonkey_detect_win.nasl,
+	  scripts/gb_seamonkey_mult_vuln_july08_win.nasl:
+	  Added new plugins
+
 2008-10-04 Chandrashekhar B <bchandra at secpod.com>
 	* scripts/gb_adobe_prdts_code_exec_vuln_lin.nasl,
 	  scripts/gb_adobe_prdts_detect_lin.nasl:

Added: trunk/openvas-plugins/scripts/gb_firefox_detect_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_firefox_detect_win.nasl	2008-10-05 10:04:08 UTC (rev 1486)
+++ trunk/openvas-plugins/scripts/gb_firefox_detect_win.nasl	2008-10-06 11:07:14 UTC (rev 1487)
@@ -0,0 +1,143 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_firefox_detect_win.nasl 302 2008-10-03 16:07:35Z oct $
+#
+# Mozilla Firefox Version Detection (Windows)
+#
+# Authors:
+# Chandan S <schandan at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800014);
+  script_version("Revision: 1.0 ");
+  script_name(english:"Mozilla Firefox Version Detection (Windows)");
+  desc["english"] = "
+  Overview : This script finds the Mozilla Firefox installed version on Windows 
+  and save the version in KB.
+
+  Risk factor : Informational";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Set Version of Mozilla Firefox in KB");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+  script_family(english:"General");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_keys("SMB/WindowsVersion");
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+  exit(0);
+}
+
+# Check for Firefox browser
+foxVer = registry_get_sz(key:"SOFTWARE\Mozilla\Mozilla Firefox",
+                         item:"CurrentVersion");
+if(foxVer)
+{
+  # Check other than Firefox Version 1.5
+  if("1.5" >!< foxVer){
+     foxVer = eregmatch(pattern:"[0-9.]+", string:foxVer);
+     set_kb_item(name:"Firefox/Win/Ver", value:foxVer[0]);
+  }
+
+  # Detect Firefox Version 1.5.x series
+  if("1.5" >< foxVer)
+  {
+    exeFile  =  registry_get_sz(key:"SOFTWARE\Microsoft\Windows\Current" +
+                                    "Version\Uninstall\Mozilla Firefox (1.5)",
+                                item:"InstallLocation");
+    if(exeFile == NULL)
+    {
+      close(soc);
+      exit(0);
+    }
+
+    share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:exeFile);
+    file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1",
+                        string:exeFile + "\firefox.exe");
+
+    soc = open_sock_tcp(port);
+    if(!soc){
+      exit(0);
+    }
+
+    r = smb_session_request(soc:soc, remote:name);
+    if(!r){
+      close(soc);
+      exit(0);
+    }
+
+    prot = smb_neg_prot(soc:soc);
+    if(!prot){
+      close(soc);
+      exit(0);
+    }
+
+    r = smb_session_setup(soc:soc, login:login, password:pass, domain:domain,
+                          prot:prot);
+    if(!r){
+      close(soc);
+      exit(0);
+    }
+
+    uid = session_extract_uid(reply:r);
+    if(!uid){
+      close(soc);
+      exit(0);
+    }
+
+    r = smb_tconx(soc:soc, name:name, uid:uid, share:share);
+    tid = tconx_extract_tid(reply:r);
+    if(!tid){
+      close(soc);
+      exit(0);
+    }
+
+    fid = OpenAndX(socket:soc, uid:uid, tid:tid, file:file);
+    if(!fid){
+      close(soc);
+      exit(0);
+    }
+
+    fileVer = GetVersion(socket:soc, uid:uid, tid:tid, fid:fid, verstr:"prod",
+                         offset:260000);
+    close(soc);
+    if(fileVer){
+      set_kb_item(name:"Firefox/Win/Ver",value:fileVer);
+    }
+  }
+}
+else
+{
+  foxVer = registry_get_sz(key:"SOFTWARE\mozilla.org\Mozilla Firefox",
+                           item:"CurrentVersion");
+  if(foxVer)
+  {
+    foxVer = eregmatch(pattern:"[0-9.]+", string:foxVer);
+    set_kb_item(name:"Firefox/Win/Ver", value:foxVer[0]);
+  }
+}

Added: trunk/openvas-plugins/scripts/gb_firefox_mult_vuln_july08_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_firefox_mult_vuln_july08_win.nasl	2008-10-05 10:04:08 UTC (rev 1486)
+++ trunk/openvas-plugins/scripts/gb_firefox_mult_vuln_july08_win.nasl	2008-10-06 11:07:14 UTC (rev 1487)
@@ -0,0 +1,107 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_firefox_mult_vuln_july08_win.nasl 302 2008-10-03 12:37:36Z oct $
+#
+# Mozilla Firefox Multiple Vulnerability July-08 (Win)
+#
+# Authors:
+# Chandan S <schandan at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800011);
+  script_version("$Revision: 1.1 $");
+  script_cve_id("CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800", "CVE-2008-2801",
+                "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805", "CVE-2008-2806",
+                "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809", "CVE-2008-2810",
+                "CVE-2008-2811");
+  script_bugtraq_id(30038);
+  script_xref(name:"CB-A", value:"08-0109");
+  script_name(english:"Mozilla Firefox Multiple Vulnerability July-08 (Win)");
+  desc["english"] = "
+
+  Overview : The host is installed with Mozilla Firefox browser, that is prone
+  to multiple vulnerabilities.
+
+  Vulnerability Insight:
+  Issues in browser are due to,
+  - multiple errors in the layout and JavaScript engines that can corrupt
+    memory.
+  - error while handling unprivileged XUL documents that can be exploited to
+    load chrome scripts from a fastload file via <script> elements.
+  - error in mozIJSSubScriptLoader.LoadScript function can bypass
+    XPCNativeWrappers.
+  - error in block re-flow process, which can potentially lead to crash.
+  - error in processing file URLs contained within local directory listings.
+  - errors in the implementation of the Javascript same origin policy
+  - errors in the verification of signed JAR files.
+  - improper implementation of file upload forms result in uploading specially
+    crafted DOM Range and originalTarget elements.
+  - error in Java LiveConnect implementation.
+  - error in processing of Alt Names provided by peer.
+  - error in processing of windows URL shortcuts.
+
+  Impact:
+  Successful exploitation could result in remote arbitrary code execution,
+  spoofing attacks, sensitive information disclosure, and JavaScript code can
+  be executed with the privileges of JAR's signer.
+  
+  Impact Level: System
+
+  Affected Software/OS:
+  Firefox version prior to 2.0.0.15 on Windows.
+
+  Fix: Upgrade to Firefox version 2.0.0.15
+  http://www.mozilla.com/en-US/firefox/all-older.html
+
+  References :
+  http://www.mozilla.org/security/announce/2008/mfsa2008-21.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-22.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-23.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-24.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-25.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-27.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-28.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-29.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-30.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-31.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-32.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-33.html
+
+  CVSS Score:
+    CVSS Base Score     : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 6.9
+  Risk factor : High";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of Firefox");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+  script_family(english:"Misc.");
+  script_dependencies("gb_firefox_detect_win.nasl");
+  exit(0);
+}
+
+
+# Grep for firefox version < 2.0.0.15
+if(egrep(pattern:"^([01]\..*|2\.0(\.0\.(0?[0-9]|1[0-4]))?)$",
+         string:get_kb_item("Firefox/Win/Ver"))){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_firefox_mult_vuln_july08_win.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_seamonkey_detect_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_seamonkey_detect_win.nasl	2008-10-05 10:04:08 UTC (rev 1486)
+++ trunk/openvas-plugins/scripts/gb_seamonkey_detect_win.nasl	2008-10-06 11:07:14 UTC (rev 1487)
@@ -0,0 +1,63 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_seamonkey_detect_win.nasl 302 2008-10-03 14:07:35Z oct $
+#
+# Mozilla Seamonkey Version Detection (Windows)
+#
+# Authors:
+# Chandan S <schandan at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+
+if(description)
+{
+  script_id(800016);
+  script_version("Revision: 1.0 ");
+  script_name(english:"Mozilla SeaMonkey Version Detection (Windows)");
+  desc["english"] = "
+  Overview : This script finds the Mozilla SeaMonkey installed version on 
+  Windows and save the version in KB.
+
+  Risk factor : Informational";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Set Version of Mozilla SeaMonkey in KB");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2008 SecPod");
+  script_family(english:"General");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_keys("SMB/WindowsVersion");
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+  exit(0);
+}
+
+# Check for SeaMonkey version through Registry entry
+seaVer = registry_get_sz(key:"SOFTWARE\mozilla.org\SeaMonkey",
+                         item:"CurrentVersion");
+if(seaVer)
+{
+  seaVer = eregmatch(pattern:"[0-9.]+", string:seaVer);
+  set_kb_item(name:"Seamonkey/Win/Ver", value:seaVer[0]);
+}

Added: trunk/openvas-plugins/scripts/gb_seamonkey_mult_vuln_july08_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_seamonkey_mult_vuln_july08_win.nasl	2008-10-05 10:04:08 UTC (rev 1486)
+++ trunk/openvas-plugins/scripts/gb_seamonkey_mult_vuln_july08_win.nasl	2008-10-06 11:07:14 UTC (rev 1487)
@@ -0,0 +1,107 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_seamonkey_mult_vuln_july08_win.nasl 302 2008-10-03 17:07:35Z oct $
+#
+# Mozilla Seamonkey Multiple Vulnerability July-08 (Win)
+#
+# Authors:
+# Chandan S <schandan at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800013);
+  script_version("$Revision: 1.1 $");
+  script_cve_id("CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800", "CVE-2008-2801",
+                "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805", "CVE-2008-2806",
+                "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809", "CVE-2008-2810",
+                "CVE-2008-2811");
+  script_bugtraq_id(30038);
+  script_xref(name:"CB-A", value:"08-0109");
+  script_name(english:"Mozilla Seamonkey Multiple Vulnerability July-08 (Win)");
+  desc["english"] = "
+
+  Overview : The host is installed with Mozilla Seamonkey, that is prone to
+  multiple vulnerabilities.
+
+  Vulnerability Insight:
+  Issues are due to,
+  - multiple errors in the layout and JavaScript engines that can corrupt
+    memory.
+  - error while handling unprivileged XUL documents that can be exploited
+    to load chrome scripts from a fastload file via <script> elements.
+  - error in mozIJSSubScriptLoader.LoadScript function can bypass
+    XPCNativeWrappers.
+  - error in block re-flow process, which can potentially lead to crash.
+  - error in processing file URLs contained within local directory listings.
+  - errors in the implementation of the Javascript same origin policy
+  - errors in the verification of signed JAR files.
+  - improper implementation of file upload forms result in uploading specially
+    crafted DOM Range and originalTarget elements.
+  - error in Java LiveConnect implementation.
+  - error in processing of Alt Names provided by peer.
+  - error in processing of windows URL shortcuts.
+
+  Impact:
+  Successful exploitation could result in remote arbitrary code execution,
+  spoofing attacks, sensitive information disclosure, and JavaScript code can
+  execute with the privileges of JAR's signer.
+  
+  Impact Level: System
+
+  Affected Software/OS:
+  Seamonkey version prior to 1.1.10 on Windows.
+
+  Fix: Upgrade to Seamonkey version 1.1.10 or later
+  http://www.seamonkey-project.org/releases/
+
+  References:
+  http://www.mozilla.org/security/announce/2008/mfsa2008-21.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-22.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-23.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-24.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-25.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-27.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-28.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-29.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-30.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-31.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-32.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-33.html
+
+  CVSS Score:
+    CVSS Base Score     : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 6.9
+  Risk factor : High";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of Seamonkey");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+  script_family(english:"Misc.");
+  script_dependencies("gb_seamonkey_detect_win.nasl");
+  exit(0);
+}
+
+
+# Grep for seamonkey version < 1.1.10
+if(egrep(pattern:"^(0\..*|1\.0(\..*)?|1\.1(\.0?[0-9]))$",
+         string:get_kb_item("Seamonkey/Win/Ver"))){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_seamonkey_mult_vuln_july08_win.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_thunderbird_detect_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_thunderbird_detect_win.nasl	2008-10-05 10:04:08 UTC (rev 1486)
+++ trunk/openvas-plugins/scripts/gb_thunderbird_detect_win.nasl	2008-10-06 11:07:14 UTC (rev 1487)
@@ -0,0 +1,136 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_thunderbird_detect_win.nasl 302 2008-10-03 14:23:34Z oct $
+#
+# Mozilla Thunderbird Version Detection (Windows)
+#
+# Authors:
+# Chandan S <schandan at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+
+if(description)
+{
+  script_id(800015);
+  script_version("Revision: 1.0 ");
+  script_name(english:"Mozilla Thunderbird Version Detection (Windows)");
+  desc["english"] = "
+  Overview : This script retrieves Mozilla ThunderBird Version and
+  saves it in KB.
+
+  Risk factor : Informational";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Set Version of Mozilla Thunderbird in KB");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+  script_family(english:"General");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_keys("SMB/WindowsVersion");
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){ # Confirm it is Windows
+  exit(0);
+}
+
+# Get ThunderBird Version from Registry
+birdVer = registry_get_sz(item:"CurrentVersion", 
+                          key:"SOFTWARE\Mozilla\Mozilla Thunderbird");
+if(!birdVer){
+  exit(0);
+}
+
+if(!ereg(pattern:"1\.5[^.0-9]", string:birdVer))
+{
+  birdVer = eregmatch(pattern:"[0-9.]+", string:birdVer);
+  set_kb_item(name:"Thunderbird/Win/Ver",value:birdVer[0]);
+  exit(0);
+}
+
+# Special case for thunderbird 1.5 (Get the version from file)
+if("1.5" >< birdVer)
+{
+  filePath = registry_get_sz(item:"PathToExe",
+                             key:"SOFTWARE\Mozilla\Mozilla Thunderbird 1.5\bin");
+  if(!filePath){
+    exit(0);
+  }
+
+  share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:filePath);
+  file =  ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:filePath);
+
+  soc = open_sock_tcp(port);
+  if(!soc){
+    exit(0);
+  }
+
+  r = smb_session_request(soc:soc, remote:name);
+  if(!r){
+    close(soc);
+    exit(0);
+  }
+
+  prot = smb_neg_prot(soc:soc);
+  if(!prot){
+    close(soc);
+    exit(0);
+  }
+
+  r = smb_session_setup(soc:soc, login:login, password:pass, domain:domain, prot:prot);
+  if(!r){
+    close(soc);
+    exit(0);
+  }
+
+  uid = session_extract_uid(reply:r);
+  r = smb_tconx(soc:soc, name:name, uid:uid, share:share);
+  tid = tconx_extract_tid(reply:r);
+  if(!tid){
+    close(soc);
+    exit(0);
+  }
+
+  fid = OpenAndX(socket:soc, uid:uid, tid:tid, file:file);
+  if(!fid){
+    close(soc);
+    exit(0);
+  }
+
+  fileVer = GetVersion(socket:soc, uid:uid, tid:tid, fid:fid,
+                       offset:260000, verstr="prod");
+  close(soc);
+  if(fileVer){
+    set_kb_item(name:"Thunderbird/Win/Ver",value:fileVer);
+  }
+}
+else
+{
+  birdVer = registry_get_sz(item:"CurrentVersion", 
+                            key:"SOFTWARE\mozilla.org\Mozilla Thunderbird");
+  if(birdVer)
+  {
+    birdVer = eregmatch(pattern:"[0-9.]+", string:birdVer);
+    set_kb_item(name:"Thunderbird/Win/Ver",value:birdVer[0]);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_thunderbird_detect_win.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_thunderbird_mult_vuln_july08_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_thunderbird_mult_vuln_july08_win.nasl	2008-10-05 10:04:08 UTC (rev 1486)
+++ trunk/openvas-plugins/scripts/gb_thunderbird_mult_vuln_july08_win.nasl	2008-10-06 11:07:14 UTC (rev 1487)
@@ -0,0 +1,92 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_thunderbird_mult_vuln_july08_win.nasl 302 2008-10-03 15:23:34Z oct $
+#
+# Mozilla Thunderbird Multiple Vulnerability July-08 (Win)
+#
+# Authors:
+# Chandan S <schandan at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800012);
+  script_version("$Revision: 1.1 $");
+  script_cve_id("CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2802", "CVE-2008-2803",
+                "CVE-2008-2807", "CVE-2008-2809", "CVE-2008-2811");
+  script_bugtraq_id(30038);
+  script_xref(name:"CB-A", value:"08-0109");
+  script_name(english:"Mozilla Thunderbird Multiple Vulnerability July-08 (Win)");
+  desc["english"] = "
+
+  Overview : The host is installed with Mozilla Thunderbird, that
+  is prone to multiple vulnerabilities.
+
+  Vulnerability Insight:
+  The issues are due to,
+  - multiple errors in the layout and JavaScript engines that can corrupt
+    memory.
+  - error while handling unprivileged XUL documents that can be exploited to load
+    chrome scripts from a fastload file via <script> elements.
+  - error in mozIJSSubScriptLoader.LoadScript function that can bypass
+    XPCNativeWrappers.
+  - error in block re-flow process, which can potentially lead to crash.
+  - errors in the implementation of the Javascript same origin policy
+  - error in processing of Alt Names provided by peer.
+  - error in processing of windows URL shortcuts.
+
+  Impact: Successful exploitation could result in remote arbitrary code execution,
+  spoofing attacks, sensitive information disclosure, and can crash the browser.
+  
+  Impact Level : System
+
+  Affected Software/OS :
+  Thunderbird version prior to 2.0.0.16 on Windows.
+
+  Fix: Upgrade to Thunderbird version 2.0.0.16
+  http://www.mozilla.com/en-US/thunderbird/all-older.html
+
+  References :
+  http://www.mozilla.org/security/announce/2008/mfsa2008-21.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-24.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-25.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-29.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-31.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-33.html
+
+  CVSS Score:
+    CVSS Base Score     : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 6.9
+  Risk factor : High";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of Thunderbird");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+  script_family(english:"Misc.");
+  script_dependencies("gb_thunderbird_detect_win.nasl");
+  exit(0);
+}
+
+
+# Grep for thunderbird version < 2.0.0.16
+if(egrep(pattern:"^([01]\..*|2\.0(\.0\.(0?[0-9]|1[0-5]))?)$",
+         string:get_kb_item("Thunderbird/Win/Ver"))){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_thunderbird_mult_vuln_july08_win.nasl
___________________________________________________________________
Name: svn:executable
   + *


From scm-commit at wald.intevation.org  Mon Oct  6 15:28:10 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Mon,  6 Oct 2008 15:28:10 +0200 (CEST)
Subject: [Openvas-commits] r1488 - in trunk/openvas-client: . nessus
Message-ID: <20081006132810.71E9E4073A@pyrosoma.intevation.org>

Author: mwiegand
Date: 2008-10-06 15:28:08 +0200 (Mon, 06 Oct 2008)
New Revision: 1488

Modified:
   trunk/openvas-client/ChangeLog
   trunk/openvas-client/nessus/context.c
Log:
* nessus/context.c (context_collect_recurse): Corrected string that
prevented OpenVAS from loading the correct context.


Modified: trunk/openvas-client/ChangeLog
===================================================================
--- trunk/openvas-client/ChangeLog	2008-10-06 11:07:14 UTC (rev 1487)
+++ trunk/openvas-client/ChangeLog	2008-10-06 13:28:08 UTC (rev 1488)
@@ -1,3 +1,8 @@
+2008-10-06  Michael Wiegand <michael.wiegand at intevation.de>
+
+	* nessus/context.c (context_collect_recurse): Corrected string that
+	prevented OpenVAS from loading the correct context.
+
 2008-09-29  Michael Wiegand <michael.wiegand at intevation.de>
 
 	* po/Makefile: Updated to support French and Croatian translation.

Modified: trunk/openvas-client/nessus/context.c
===================================================================
--- trunk/openvas-client/nessus/context.c	2008-10-06 11:07:14 UTC (rev 1487)
+++ trunk/openvas-client/nessus/context.c	2008-10-06 13:28:08 UTC (rev 1488)
@@ -257,7 +257,7 @@
 	if(!child->prefs && !child->children)
 	  context_remove_child(context, child);
       }
-      else if((!strcmp(file, "nessusrc") && context->type < CONTEXT_REPORT)
+      else if((!strcmp(file, "openvasrc") && context->type < CONTEXT_REPORT)
 	|| (!strcmp(file, "report.nbe") && context->type == CONTEXT_REPORT))
 	context_found = TRUE;
       g_free(path);


From scm-commit at wald.intevation.org  Tue Oct  7 14:21:24 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Tue,  7 Oct 2008 14:21:24 +0200 (CEST)
Subject: [Openvas-commits] r1489 - in trunk/openvas-plugins: . scripts
Message-ID: <20081007122124.0009140727@pyrosoma.intevation.org>

Author: chandra
Date: 2008-10-07 14:21:23 +0200 (Tue, 07 Oct 2008)
New Revision: 1489

Added:
   trunk/openvas-plugins/scripts/gb_firefox_detect_lin.nasl
   trunk/openvas-plugins/scripts/gb_firefox_mult_vuln_july08_lin.nasl
   trunk/openvas-plugins/scripts/gb_seamonkey_detect_lin.nasl
   trunk/openvas-plugins/scripts/gb_seamonkey_mult_vuln_july08_lin.nasl
   trunk/openvas-plugins/scripts/gb_thunderbird_detect_lin.nasl
   trunk/openvas-plugins/scripts/gb_thunderbird_mult_vuln_july08_lin.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2008-10-06 13:28:08 UTC (rev 1488)
+++ trunk/openvas-plugins/ChangeLog	2008-10-07 12:21:23 UTC (rev 1489)
@@ -1,3 +1,12 @@
+2008-10-07 Chandrashekhar B <bchandra at secpod.com>
+	* scripts/gb_thunderbird_mult_vuln_july08_lin.nasl,
+	  scripts/gb_seamonkey_mult_vuln_july08_lin.nasl,
+	  scripts/gb_firefox_detect_lin.nasl,
+	  scripts/gb_thunderbird_detect_lin.nasl,
+	  scripts/gb_firefox_mult_vuln_july08_lin.nasl,
+	  scripts/gb_seamonkey_detect_lin.nasl:
+	  Added new plugins
+
 2008-10-06 Chandrashekhar B <bchandra at secpod.com>
 	* scripts/gb_thunderbird_detect_win.nasl,
 	  scripts/gb_thunderbird_mult_vuln_july08_win.nasl,

Added: trunk/openvas-plugins/scripts/gb_firefox_detect_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_firefox_detect_lin.nasl	2008-10-06 13:28:08 UTC (rev 1488)
+++ trunk/openvas-plugins/scripts/gb_firefox_detect_lin.nasl	2008-10-07 12:21:23 UTC (rev 1489)
@@ -0,0 +1,88 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_firefox_detect_lin.nasl 302 2008-10-06 15:57:11Z oct $
+#
+# Mozilla Firefox Version Detection (Linux)
+#
+# Authors:
+# Chandan S <schandan at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+
+if(description)
+{
+  script_id(800017);
+  script_version("Revision: 1.1 ");
+  script_name(english:"Mozilla Firefox Version Detection (Linux)");
+  desc["english"] = "
+  Overview : This script finds the Mozilla Firefox installed version on Linux
+  and save the version in KB.
+
+  Risk factor : Informational";
+
+  script_description(english:desc["english"]);
+  script_family(english:"General");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+  script_summary(english:"Set File Version of Mozilla Firefox in KB");
+  exit(0);
+}
+
+
+include("ssh_func.inc");
+
+sock = ssh_login_or_reuse_connection();
+if(!sock){
+  exit(0);
+}
+
+foxName = ssh_cmd(socket:sock, cmd:"firefox -v", timeout:120);
+if(foxName =~ "firefox.* not found")
+{
+  foxName = ssh_cmd(socket:sock, cmd:"locate -ir firefox$", timeout:120);
+  if("firefox" >< foxName)
+  {
+    foxName = split(foxName);
+    for(i = 0; i < max_index(foxName); i++)
+      path = path + chomp(foxName[i]) + " -v;";
+
+    foxName = ssh_cmd(socket:sock, cmd:path, timeout:120);
+  }
+  else
+  {
+    # Search for Firefox thoroughly (slow).
+    if("yes" >< get_kb_item("global_settings/thorough_tests"))
+    {
+      command = "find / -mount -maxdepth 5 -mindepth 1 -type f -name " +
+                "'firefox' -exec '{}' '-v' ';'";
+      foxName = ssh_cmd(socket:sock, cmd:command, timeout:500);
+    }
+  }
+}
+
+# Firefox is branded as Iceweasel in Debian
+if(foxName =~ "Firefox|Iceweasel")
+{
+  foxName = egrep(pattern:"Mozilla.*Copyright.*mozilla\.org", string:foxName);
+  foxName = chomp(foxName);
+  foxVer = eregmatch(pattern:"[.0-9]+", string:foxName);
+  set_kb_item(name:"Firefox/Linux/Ver", value:foxVer[0]);
+}
+
+ssh_close_connection();

Added: trunk/openvas-plugins/scripts/gb_firefox_mult_vuln_july08_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_firefox_mult_vuln_july08_lin.nasl	2008-10-06 13:28:08 UTC (rev 1488)
+++ trunk/openvas-plugins/scripts/gb_firefox_mult_vuln_july08_lin.nasl	2008-10-07 12:21:23 UTC (rev 1489)
@@ -0,0 +1,107 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_firefox_mult_vuln_july08_lin.nasl 302 2008-10-03 20:58:15Z oct $
+#
+# Mozilla Firefox Multiple Vulnerability July-08 (Linux)
+#
+# Authors:
+# Chandan S <schandan at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800020);
+  script_version("$Revision: 1.1 $");
+  script_cve_id("CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800", "CVE-2008-2801",
+                "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805", "CVE-2008-2806",
+                "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809", "CVE-2008-2810",
+                "CVE-2008-2811");
+  script_bugtraq_id(30038);
+  script_xref(name:"CB-A", value:"08-0109");
+  script_name(english:"Mozilla Firefox Multiple Vulnerability July-08 (Linux)");
+  desc["english"] = "
+
+  Overview: The host is installed with Mozilla Firefox browser, that is prone
+  to multiple vulnerabilities.
+
+  Vulnerability Insight:
+  Issues in browser are due to,
+  - multiple errors in the layout and JavaScript engines that can corrupt
+    memory.
+  - error while handling unprivileged XUL documents that can be exploited to
+    load chrome scripts from a fastload file via <script> elements.
+  - error in mozIJSSubScriptLoader.LoadScript function can bypass
+    XPCNativeWrappers.
+  - error in block re-flow process, which can potentially lead to crash.
+  - error in processing file URLs contained within local directory listings.
+  - errors in the implementation of the Javascript same origin policy
+  - errors in the verification of signed JAR files.
+  - improper implementation of file upload forms result in uploading specially
+    crafted DOM Range and originalTarget elements.
+  - error in Java LiveConnect implementation.
+  - error in processing of Alt Names provided by peer.
+  - error in processing of windows URL shortcuts.
+
+  Impact:
+  Successful exploitation could result in remote arbitrary code execution,
+  spoofing attacks, sensitive information disclosure, and JavaScript code can
+  be executed with the privileges of JAR's signer.
+
+  Impact Level: System
+
+  Affected Software/OS:
+  Firefox version prior to 2.0.0.15 on Linux.
+
+  Fix: Upgrade to Firefox version 2.0.0.15
+  http://www.mozilla.com/en-US/firefox/all-older.html
+
+  References :
+  http://www.mozilla.org/security/announce/2008/mfsa2008-21.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-22.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-23.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-24.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-25.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-27.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-28.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-29.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-30.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-31.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-32.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-33.html
+
+  CVSS Score:
+    CVSS Base Score     : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 6.9
+  Risk factor : High";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of Firefox");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+  script_family(english:"Misc.");
+  script_dependencies("gb_firefox_detect_lin.nasl");
+  exit(0);
+}
+
+
+# Grep for firefox version < 2.0.0.15
+if(egrep(pattern:"^([01]\..*|2\.0(\.0\.(0?[0-9]|1[0-4]))?)$",
+         string:get_kb_item("Firefox/Linux/Ver"))){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_firefox_mult_vuln_july08_lin.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_seamonkey_detect_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_seamonkey_detect_lin.nasl	2008-10-06 13:28:08 UTC (rev 1488)
+++ trunk/openvas-plugins/scripts/gb_seamonkey_detect_lin.nasl	2008-10-07 12:21:23 UTC (rev 1489)
@@ -0,0 +1,92 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_seamonkey_detect_lin.nasl 302 2008-10-06 18:59:15Z oct $
+#
+# Mozilla Seamonkey Version Detection (Linux)
+#
+# Authors:
+# Chandan S <schandan at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+
+if(description)
+{
+  script_id(800019);
+  script_version("Revision: 1.1 ");
+  script_name(english:"Mozilla SeaMonkey Version Detection (Linux)");
+  desc["english"] = "
+  Overview : This script finds the Mozilla SeaMonkey installed version on
+  Linux and saves the version in KB.
+
+  Risk factor : Informational";
+
+  script_description(english:desc["english"]);
+  script_family(english:"General");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+  script_summary(english:"Set File Version of Mozilla SeaMonkey in KB");
+  exit(0);
+}
+
+
+include("ssh_func.inc");
+
+sock = ssh_login_or_reuse_connection();
+if(!sock){
+  exit(0);
+}
+
+seaName = ssh_cmd(socket:sock, cmd:"seamonkey -v", timeout:120);
+if(seaName =~ "seamonkey.* not found"){
+  seaName = ssh_cmd(socket:sock, cmd:"iceape -v", timeout:120);
+}
+
+if(seaName =~ "iceape.* not found")
+{
+  seaName = ssh_cmd(socket:sock, cmd:"locate -ir seamonkey$", timeout:120);
+  if("seamonkey" >< seaName)
+  {
+    seaName = split(seaName);
+    for(i = 0; i < max_index(seaName); i++)
+      path = path + chomp(seaName[i]) + " -v;";
+
+    seaName = ssh_cmd(socket:sock, cmd:path, timeout:120);
+  }
+  else
+  {
+    # Check for Seamonkey thoroughly (slow).
+    if("yes" >< get_kb_item("global_settings/thorough_tests"))
+    {
+      command = "find / -mount -maxdepth 5 -mindepth 1 -type f -name " +
+                "'seamonkey' -exec '{}' '-v' ';'";
+      seaName = ssh_cmd(socket:sock, cmd:command, timeout:500);
+    }
+  }
+}
+
+# Seamonkey is branded as Iceape in Debian
+if(seaName =~ "Seamonkey|Iceape")
+{
+  seaName = egrep(pattern:"(SeaMonkey|Iceape).*Copyright.*mozilla\.org", string:seaName);
+  seaName = chomp(seaName);
+  seaVer = eregmatch(pattern:"[.0-9]+", string:seaName);
+  set_kb_item(name:"Seamonkey/Linux/Ver", value:seaVer[0]);
+}
+
+ssh_close_connection();

Added: trunk/openvas-plugins/scripts/gb_seamonkey_mult_vuln_july08_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_seamonkey_mult_vuln_july08_lin.nasl	2008-10-06 13:28:08 UTC (rev 1488)
+++ trunk/openvas-plugins/scripts/gb_seamonkey_mult_vuln_july08_lin.nasl	2008-10-07 12:21:23 UTC (rev 1489)
@@ -0,0 +1,107 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_seamonkey_mult_vuln_july08_lin.nasl 302 2008-10-03 21:03:20Z oct $
+#
+# Mozilla Seamonkey Multiple Vulnerability July-08 (Linux)
+#
+# Authors:
+# Chandan S <schandan at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800022);
+  script_version("$Revision: 1.1 $");
+  script_cve_id("CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800", "CVE-2008-2801",
+                "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805", "CVE-2008-2806",
+                "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809", "CVE-2008-2810",
+                "CVE-2008-2811");
+  script_bugtraq_id(30038);
+  script_xref(name:"CB-A", value:"08-0109");
+  script_name(english:"Mozilla Seamonkey Multiple Vulnerability July-08 (Linux)");
+  desc["english"] = "
+
+  Overview : The host is installed with Mozilla Seamonkey, that is prone
+  to multiple vulnerabilities.
+
+  Vulnerability Insight:
+  Issues are due to,
+  - multiple errors in the layout and JavaScript engines that can corrupt
+    memory.
+  - error while handling unprivileged XUL documents that can be exploited
+    to load chrome scripts from a fastload file via <script> elements.
+  - error in mozIJSSubScriptLoader.LoadScript function can bypass
+    XPCNativeWrappers.
+  - error in block re-flow process, which can potentially lead to crash.
+  - error in processing file URLs contained within local directory listings.
+  - errors in the implementation of the Javascript same origin policy
+  - errors in the verification of signed JAR files.
+  - improper implementation of file upload forms result in uploading specially
+    crafted DOM Range and originalTarget elements.
+  - error in Java LiveConnect implementation.
+  - error in processing of Alt Names provided by peer.
+  - error in processing of windows URL shortcuts.
+
+  Impact:
+  Successful exploitation could result in remote arbitrary code execution,
+  spoofing attacks, sensitive information disclosure, and JavaScript code
+  can execute with the privileges of JAR's signer.
+
+  Impact Level: System
+
+  Affected Software/OS:
+  Seamonkey version prior to 1.1.10 on Linux.
+
+  Fix: Upgrade to Seamonkey version 1.1.10 or later
+  http://www.seamonkey-project.org/releases/
+
+  References:
+  http://www.mozilla.org/security/announce/2008/mfsa2008-21.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-22.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-23.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-24.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-25.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-27.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-28.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-29.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-30.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-31.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-32.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-33.html
+
+  CVSS Score:
+    CVSS Base Score     : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 6.9
+  Risk factor : High";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of Seamonkey");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+  script_family(english:"Misc.");
+  script_dependencies("gb_seamonkey_detect_lin.nasl");
+  exit(0);
+}
+
+
+# Grep for seamonkey version < 1.1.10
+if(egrep(pattern:"^(0\..*|1\.0(\..*)?|1\.1(\.0?[0-9])?)$",
+         string:get_kb_item("Seamonkey/Linux/Ver"))){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_seamonkey_mult_vuln_july08_lin.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_thunderbird_detect_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_thunderbird_detect_lin.nasl	2008-10-06 13:28:08 UTC (rev 1488)
+++ trunk/openvas-plugins/scripts/gb_thunderbird_detect_lin.nasl	2008-10-07 12:21:23 UTC (rev 1489)
@@ -0,0 +1,88 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_thunderbird_detect_lin.nasl 302 2008-10-06 18:10:37Z oct $
+#
+# Mozilla Thunderbird Version Detection (Linux)
+#
+# Authors:
+# Chandan S <schandan at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+
+if(description)
+{
+  script_id(800018);
+  script_version("Revision: 1.1 ");
+  script_name(english:"Mozilla Thunderbird Version Detection (Linux)");
+  desc["english"] = "
+  Overview : This script retrieves Mozilla ThunderBird Version and
+  saves it in KB.
+
+  Risk factor : Informational";
+
+  script_description(english:desc["english"]);
+  script_family(english:"General");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+  script_summary(english:"Set Version of Mozilla Thunderbird in KB");
+  exit(0);
+}
+
+
+include("ssh_func.inc");
+
+sock = ssh_login_or_reuse_connection();
+if(!sock){
+  exit(0);
+}
+
+birdName = ssh_cmd(socket:sock, cmd:"thunderbird -v", timeout:120);
+if(birdName =~ "thunderbird.* not found")
+{
+  birdName = ssh_cmd(socket:sock, cmd:"locate -ir thunderbird$", timeout:120);
+  if("thunderbird" >< birdName)
+  {
+    birdName = split(birdName);
+    for(i = 0; i < max_index(birdName); i++)
+      path = path + chomp(birdName[i]) + " -v;";
+
+    birdName = ssh_cmd(socket:sock, cmd:path, timeout:120);
+  }
+  else
+  {
+    # Search for Thunderbird thoroughly (slow).
+    if("yes" >< get_kb_item("global_settings/thorough_tests"))
+    {
+      command = "find / -mount -maxdepth 5 -mindepth 1 -type f -name " +
+                "'thunderbird' -exec '{}' '-v' ';'";
+      birdName = ssh_cmd(socket:sock, cmd:command, timeout:500);
+    }
+  }
+}
+
+# Thunderbird is branded as Icedove in Debian
+if(birdName =~ "Thunderbird|Icedove")
+{
+  birdName = egrep(pattern:"Thunderbird.*Copyright.*mozilla\.org", string:birdName);
+  birdName = chomp(birdName);
+  birdVer = eregmatch(pattern:"[.0-9]+", string:birdName);
+  set_kb_item(name:"Thunderbird/Linux/Ver", value:birdVer[0]);
+}
+
+ssh_close_connection();


Property changes on: trunk/openvas-plugins/scripts/gb_thunderbird_detect_lin.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_thunderbird_mult_vuln_july08_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_thunderbird_mult_vuln_july08_lin.nasl	2008-10-06 13:28:08 UTC (rev 1488)
+++ trunk/openvas-plugins/scripts/gb_thunderbird_mult_vuln_july08_lin.nasl	2008-10-07 12:21:23 UTC (rev 1489)
@@ -0,0 +1,92 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_thunderbird_mult_vuln_july08_lin.nasl 302 2008-10-03 21:00:50Z oct $
+#
+# Mozilla Thunderbird Multiple Vulnerability July-08 (Linux)
+#
+# Authors:
+# Chandan S <schandan at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800021);
+  script_version("$Revision: 1.1 $");
+  script_cve_id("CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2802", "CVE-2008-2803",
+                "CVE-2008-2807", "CVE-2008-2809", "CVE-2008-2811");
+  script_bugtraq_id(30038);
+  script_xref(name:"CB-A", value:"08-0109");
+  script_name(english:"Mozilla Thunderbird Multiple Vulnerability July-08 (Linux)");
+  desc["english"] = "
+
+  Overview : The host is installed with Mozilla Thunderbird, that is prone
+  to multiple vulnerabilities.
+
+  Vulnerability Insight:
+  The issues are due to,
+  - multiple errors in the layout and JavaScript engines that can corrupt
+    memory.
+  - error while handling unprivileged XUL documents that can be exploited
+    to load chrome scripts from a fastload file via <script> elements.
+  - error in mozIJSSubScriptLoader.LoadScript function that can bypass
+    XPCNativeWrappers.
+  - error in block re-flow process, which can potentially lead to crash.
+  - errors in the implementation of the Javascript same origin policy
+  - error in processing of Alt Names provided by peer.
+  - error in processing of windows URL shortcuts.
+
+  Impact: Successful exploitation could result in remote arbitrary code execution,
+  spoofing attacks, sensitive information disclosure, and can crash the browser.
+
+  Impact Level: System
+
+  Affected Software/OS:
+  Thunderbird version prior to 2.0.0.16 on Linux.
+
+  Fix: Upgrade to Thunderbird version 2.0.0.16
+  http://www.mozilla.com/en-US/thunderbird/all-older.html
+
+  References :
+  http://www.mozilla.org/security/announce/2008/mfsa2008-21.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-24.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-25.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-29.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-31.html
+  http://www.mozilla.org/security/announce/2008/mfsa2008-33.html
+
+  CVSS Score:
+    CVSS Base Score     : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 6.9
+  Risk factor : High";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of Thunderbird");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+  script_family(english:"Misc.");
+  script_dependencies("gb_thunderbird_detect_lin.nasl");
+  exit(0);
+}
+
+
+# Grep for thunderbird version < 2.0.0.16
+if(egrep(pattern:"^([01]\..*|2\.0(\.0\.(0?[0-9]|1[0-5]))?)$",
+         string:get_kb_item("Thunderbird/Linux/Ver"))){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_thunderbird_mult_vuln_july08_lin.nasl
___________________________________________________________________
Name: svn:executable
   + *


From scm-commit at wald.intevation.org  Tue Oct  7 15:20:15 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Tue,  7 Oct 2008 15:20:15 +0200 (CEST)
Subject: [Openvas-commits] r1491 - in trunk/openvas-plugins: . scripts
Message-ID: <20081007132015.C64E240711@pyrosoma.intevation.org>

Author: chandra
Date: 2008-10-07 15:20:14 +0200 (Tue, 07 Oct 2008)
New Revision: 1491

Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/secpod_smb_func.inc
Log:
resolved an issue with fetching file version

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2008-10-07 12:39:34 UTC (rev 1490)
+++ trunk/openvas-plugins/ChangeLog	2008-10-07 13:20:14 UTC (rev 1491)
@@ -1,4 +1,9 @@
 2008-10-07 Chandrashekhar B <bchandra at secpod.com>
+	* scripts/secpod_smb_func.inc:
+	  Resolved an issue, was fetching unwanted numbers in certain 
+          file versions patterns
+
+2008-10-07 Chandrashekhar B <bchandra at secpod.com>
 	* scripts/gb_thunderbird_mult_vuln_july08_lin.nasl,
 	  scripts/gb_seamonkey_mult_vuln_july08_lin.nasl,
 	  scripts/gb_firefox_detect_lin.nasl,

Modified: trunk/openvas-plugins/scripts/secpod_smb_func.inc
===================================================================
--- trunk/openvas-plugins/scripts/secpod_smb_func.inc	2008-10-07 12:39:34 UTC (rev 1490)
+++ trunk/openvas-plugins/scripts/secpod_smb_func.inc	2008-10-07 13:20:14 UTC (rev 1491)
@@ -35,87 +35,94 @@
 function GetVersion(socket, uid, tid, fid, offset, verstr, debug)
 {
 
-        local_var fsize, data, i, offset, tmp, version, ver, vers, len, retVal;
+  local_var fsize, data, i, offset, tmp, version, ver, vers, len, retVal;
 
-        pattern = "FileVersion";
-        if(verstr == "prod"){
-        	pattern = "ProductVersion";
-        }
+  pattern = "F?i?l?e?V?e?r?s?i?o?n";
+  if(verstr == "prod"){
+    pattern = "P?r?o?d?u?c?t?V?e?r?s?i?o?n";
+  }
 
-	else if(verstr){
-		pattern = verstr;
-	}
+  else if(verstr){
+   pattern = verstr;
+  }
 
-        patlen = strlen(pattern);
- 
-        fsize = smb_get_file_size(socket:socket, uid:uid, tid:tid, fid:fid);
+  patlen = strlen(pattern);
 
-        if(isnull(offset))
-        {
-                if(fsize < 180224){
+  fsize = smb_get_file_size(socket:socket, uid:uid, tid:tid, fid:fid);
+
+  if(isnull(offset))
+  {
+    if(fsize < 180224){
+      offset = 0;
+    }
+    else{
+      offset = fsize - 180224;
+    }
+  }
+
+  if(offset < 0){
+     offset = fsize + offset;
+  }
  
-                        offset = 0;
-                }
-                else{
-                        offset = fsize - 180224;
-                }
-        }
- 
-        if(offset < 0){
-                offset = fsize + offset;
-        }
- 
-        start = offset;
- 
-        if (start < 0 || start > fsize)
-        {
-               start = fsize/2;
-        }
+  start = offset;
 
-        offset = start;
-        chunk = 16384;
+  if(start < 0 || start > fsize){
+    start = fsize/2;
+  }
 
-        for(i = 0; offset < fsize; i++)
+  offset = start;
+  chunk = 16384;
+
+  for(i = 0; offset < fsize; i++)
+  {
+    tmp = ReadAndX(socket:socket, uid:uid, tid:tid, fid:fid, count:chunk, off:offset);
+    if(tmp)
+    {
+      if(pattern == "build"){
+        tmp = str_replace(find:raw_string(0), replace:"", string:tmp);
+      }
+      else
+        tmp = str_replace(find:raw_string(0), replace:"?", string:tmp);
+
+      data += tmp;
+      version = strstr(data, pattern);
+      if(version)
+      {
+        len = strlen(version);
+        for(i = patlen; i < len; i++)
         {
-                tmp = ReadAndX(socket:socket, uid:uid, tid:tid, fid:fid, count:chunk, off:offset);
-                if(tmp)
-                {
-                        tmp = str_replace(find:raw_string(0), replace:"", string:tmp);
-                        data += tmp;
-                        version = strstr(data, pattern);
-                        if(version)
-                        {
-                                len = strlen(version);
-                                for(i = patlen; i < len; i++)
-                                {
-                                        if((ord(version[i]) < ord("0") || ord(version[i]) > ord("9")) &&
-                                           (version[i] != "." && version[i] != "," && version[i] != " "))
-					{
-						if(ver[strlen(ver)-1] == ".")
-						{
-							vers = split(ver, sep:".", keep:0);
-							foreach item (vers){
-								retVal += string("." + item);
-							}
-							retVal -= string(".");
-							return(retVal);
-						}
-                                                return (ver);
-                                        }
-					else if(version[i] == "," || version[i] == "."){
-						ver += ".";
-					}
-                                        else if(version[i] == " "){
-					}
-					else{
-                                                ver += version[i];
-                                        }
-                                }
-                        }
-                        offset += chunk;
-                }
+          if((ord(version[i]) < ord("0") || ord(version[i]) > ord("9")) &&
+             (version[i] != "." && version[i] != "," && version[i] != " " &&
+              version[i] != "?"))
+          {
+            if(ver[strlen(ver)-1] == ".")
+            {
+              vers = split(ver, sep:".", keep:0);
+              foreach item (vers){
+                retVal += string("." + item);
+              }
+              retVal -= string(".");
+                return(retVal);
+            }
+            return (ver);
+          }
+          else if(version[i] == "," || version[i] == "."){
+            ver += ".";
+          }
+          else if(ver && version[i] == "?" && version[i+1] == "?"){
+            return (ver);
+          }
+          else if(version[i] == " "||version[i] == "?"){
+          }
+          else{
+            ver += version[i];
+          }
         }
-        return NULL;
+      }
+      offset += chunk;
+    }
+  }
+  return NULL;
 }
 
 
@@ -129,7 +136,7 @@
 
 
 ########################################################################
-# Enumerate registry vaules for a given key
+# Enumerate registry values for a given key
 # param:
 #	key: REGISTRY_KEY
 #
@@ -542,4 +549,3 @@
                            count:count, off:offset);
         return content;
 }
- 


From scm-commit at wald.intevation.org  Tue Oct  7 16:11:34 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Tue,  7 Oct 2008 16:11:34 +0200 (CEST)
Subject: [Openvas-commits] r1492 - in trunk/openvas-plugins: . scripts
Message-ID: <20081007141134.C27FF4070A@pyrosoma.intevation.org>

Author: chandra
Date: 2008-10-07 16:11:33 +0200 (Tue, 07 Oct 2008)
New Revision: 1492

Added:
   trunk/openvas-plugins/scripts/gb_ms08-046.nasl
   trunk/openvas-plugins/scripts/gb_php_detect.nasl
   trunk/openvas-plugins/scripts/gb_php_mult_vuln_aug08.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2008-10-07 13:20:14 UTC (rev 1491)
+++ trunk/openvas-plugins/ChangeLog	2008-10-07 14:11:33 UTC (rev 1492)
@@ -1,7 +1,13 @@
 2008-10-07 Chandrashekhar B <bchandra at secpod.com>
+	* scripts/gb_ms08-046.nasl,
+	  scripts/gb_php_detect.nasl,
+	  scripts/gb_php_mult_vuln_aug08.nasl:
+	  Added new plugins
+
+2008-10-07 Chandrashekhar B <bchandra at secpod.com>
 	* scripts/secpod_smb_func.inc:
 	  Resolved an issue, was fetching unwanted numbers in certain 
-          file versions patterns
+	  file versions patterns
 
 2008-10-07 Chandrashekhar B <bchandra at secpod.com>
 	* scripts/gb_thunderbird_mult_vuln_july08_lin.nasl,

Added: trunk/openvas-plugins/scripts/gb_ms08-046.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ms08-046.nasl	2008-10-07 13:20:14 UTC (rev 1491)
+++ trunk/openvas-plugins/scripts/gb_ms08-046.nasl	2008-10-07 14:11:33 UTC (rev 1492)
@@ -0,0 +1,205 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ms08-046.nasl 310 2008-10-04 12:15:05Z oct $
+#
+# Microsoft Windows Image Color Management System Code Execution Vulnerability (952954)
+#
+# Authors:
+# Chandan S <schandan at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+
+if(description)
+{
+  script_id(800023);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2008-2245");
+  script_bugtraq_id(30594);
+  script_name(english:"Microsoft Windows Image Color Management System Code Execution Vulnerability (952954)");
+  desc["english"] = "
+
+  Overview: This host has critical security update missing according to
+  Microsoft Bulletin MS08-046.
+
+  Vulnerability Insight:
+  The flaw is caused due to the way Microsoft Color Management System (MSCMS)
+  module of the Microsoft ICM component handles memory allocation.
+
+  Impact:
+  Successful exploitation could execute arbitrary code when a user opens a
+  specially crafted image file and can gain same user rights as the local
+  user. An attacker could then install programs; view, change, or delete
+  data, or create new accounts.
+
+  Impact Level: System
+
+  Affected Software/OS: Microsoft Windows 2K/XP/2003
+
+  Fix:
+  Run Windows Update and update the listed hotfixes or download and
+  update mentioned hotfixes in the advisory from the below link.
+  http://www.microsoft.com/technet/security/bulletin/ms08-049.mspx
+
+  References:
+  http://www.microsoft.com/technet/security/bulletin/ms08-046.mspx
+
+  CVSS Score:
+    CVSS Base Score     : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 6.9
+  Risk factor : High";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the vulnerable File Version");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+  script_family(english:"Windows");
+  script_dependencies("secpod_reg_enum.nasl");
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+if(hotfix_check_sp(xp:4, win2k:5, win2003:3) <= 0){
+  exit(0);
+}
+
+function get_version()
+{
+  dllPath = registry_get_sz(item:"Install Path",
+                           key:"SOFTWARE\Microsoft\COM3\Setup");
+  if(!dllPath){
+    exit(0);
+  }
+  dllPath += "\Mscms.dll";
+  share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:dllPath);
+  file =  ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:dllPath);
+
+  soc = open_sock_tcp(port);
+  if(!soc){
+    exit(0);
+  }
+
+  r = smb_session_request(soc:soc, remote:name);
+  if(!r)
+  {
+    close(soc);
+    exit(0);
+  }
+  prot = smb_neg_prot(soc:soc);
+  if(!prot)
+  {
+    close(soc);
+    exit(0);
+  }
+
+  r = smb_session_setup(soc:soc, login:login, password:pass,
+                        domain:domain, prot:prot);
+  if(!r)
+  {
+    close(soc);
+    exit(0);
+  }
+
+  uid = session_extract_uid(reply:r);
+
+  r = smb_tconx(soc:soc, name:name, uid:uid, share:share);
+  tid = tconx_extract_tid(reply:r);
+  if(!tid)
+  {
+    close(soc);
+    exit(0);
+  }
+
+  fid = OpenAndX(socket:soc, uid:uid, tid:tid, file:file);
+  if(!fid)
+  {
+    close(soc);
+    exit(0);
+  }
+
+  v = GetVersion(socket:soc, uid:uid, tid:tid, fid:fid, offset:60000,
+                 verstr:"prod");
+  close(soc);
+  return v;
+}
+
+# Check for MS08-046 Hotfix (952954)
+if(hotfix_missing(name:"952954") == 0){
+  exit(0);
+}
+
+fileVer = get_version();
+if(!fileVer){
+  exit(0);
+}
+
+if(hotfix_check_sp(win2k:5) > 0)
+{
+  # Check for version < 5.0.2195.7162
+  if(version_is_less(version:fileVer, test_version:"5.0.2195.7162")){
+    security_hole(0);
+  }
+  exit(0);
+}
+else if(hotfix_check_sp(xp:4) > 0)
+{
+  SP = get_kb_item("SMB/WinXP/ServicePack");
+  if("Service Pack 2" >< SP)
+  {
+    # < 5.1.2600.3396
+    if(version_is_less(version:fileVer, test_version:"5.1.2600.3396")){
+      security_hole(0);
+    }
+    exit(0);
+  }
+  else if("Service Pack 3" >< SP)
+  {
+    # Check for version < 5.1.2600.5627
+    if(version_is_less(version:fileVer, test_version:"5.1.2600.5627")){
+      security_hole(0);
+    }
+    exit(0);
+  }
+  security_hole(0);
+}
+else if(hotfix_check_sp(win2003:3) > 0)
+{
+  SP = get_kb_item("SMB/Win2003/ServicePack");
+  if("Service Pack 1" >< SP)
+  {
+    # Check for version < 5.2.3790.3163
+    if(version_is_less(version:fileVer, test_version:"5.2.3790.3163")){
+      security_hole(0);
+    }
+    exit(0);
+  }
+  else if("Service Pack 2" >< SP)
+  {
+    # Check for version < 5.2.3790.4320
+    if(version_is_less(version:fileVer, test_version:"5.2.3790.4320")){
+      security_hole(0);
+    }
+    exit(0);
+  }
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_ms08-046.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_php_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_php_detect.nasl	2008-10-07 13:20:14 UTC (rev 1491)
+++ trunk/openvas-plugins/scripts/gb_php_detect.nasl	2008-10-07 14:11:33 UTC (rev 1492)
@@ -0,0 +1,74 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_php_detect.nasl 311 2008-10-07 15:15:24Z oct $
+#
+# PHP Version Detection
+#
+# Authors:
+# Veerendra GG <veerendragg at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800109);
+  script_version("Revision: 1.0 ");
+  script_name(english:"PHP Version Detection");
+  desc["english"] = "
+  Overview : This script finds the installed PHP Version and saves the
+  version in KB.
+
+  Risk factor : Informational";
+
+  script_description(english:desc["english"]);
+  script_family(english:"General");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+  script_summary(english:"Set Version of PHP in KB");
+  script_dependencies("find_service.nes");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+
+port = get_http_port(default:80);
+if(!get_port_state(port)){
+  exit(0);
+}
+
+banner = get_http_banner(port:port);
+if("PHP" >!< banner){
+  exit(0);
+}
+
+# PHP can be installed as a stand-alone package, local checks
+# have to be separately written.
+
+phpInfo = egrep(pattern:"Server.*PHP.*", string:banner);
+if(!phpInfo){
+  phpInfo = egrep(pattern:"X.Powered.By.*PHP.*", string:banner);
+}
+
+phpVer = ereg_replace(pattern:".*PHP/([.0-9]*).*", string:phpInfo, replace:"\1");
+if(phpVer)
+{
+  set_kb_item(name:"PHP/Version", value:phpVer);
+  set_kb_item(name:"PHP/Port", value:port);
+}

Added: trunk/openvas-plugins/scripts/gb_php_mult_vuln_aug08.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_php_mult_vuln_aug08.nasl	2008-10-07 13:20:14 UTC (rev 1491)
+++ trunk/openvas-plugins/scripts/gb_php_mult_vuln_aug08.nasl	2008-10-07 14:11:33 UTC (rev 1492)
@@ -0,0 +1,107 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_php_mult_vuln_aug08.nasl 312 2008-10-07 16:43:56Z oct $
+#
+# Multiple Vulnerabilities in PHP August-08
+#
+# Authors:
+# Veerendra GG <veerendragg at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800110);
+  script_version("$Revision: 1.0 $");
+  script_bugtraq_id(29009, 27413, 27786);
+  script_cve_id("CVE-2008-2050", "CVE-2008-2051", "CVE-2007-4850",
+                "CVE-2008-0599", "CVE-2008-0674");
+  script_xref(name:"CB-A", value:"08-0118");
+  script_name(english:"Multiple Vulnerabilities in PHP August-08");
+  desc["english"] = "
+
+  Overview: The host is installed with PHP, that is prone to multiple
+  vulnerabilities.
+
+  Vulnerability Insight:
+  The flaws are caused by,
+  - an unspecified stack overflow error in FastCGI SAPI (fastcgi.c).
+  - an error during path translation in cgi_main.c.
+  - an error with an unknown impact/attack vectors.
+  - an unspecified error within the processing of incomplete multibyte
+    characters in escapeshellcmd() API function.
+  - error in curl/interface.c in the cURL library(libcurl), which could be
+    exploited by attackers to bypass safe_mode security restrictions.
+  - an error in PCRE. i.e buffer overflow error when handling a character class
+    containing a very large number of characters with codepoints greater than
+    255(UTF-8 mode).
+
+  Impact:
+  Successful exploitation could result in remote arbitrary code execution,
+  security restrictions bypass, access to restricted files, denial of service.
+
+  Impact Level: System
+
+  Affected Software/OS:
+  PHP version prior to 5.2.6
+
+  Fix:
+  Upgrade to PHP version 5.2.6 or above,
+  http://www.php.net/downloads.php
+
+  References:
+  http://pcre.org/changelog.txt
+  http://www.php.net/ChangeLog-5.php
+  http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176
+  http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178
+  http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0086
+
+  CVSS Score:
+    CVSS Base Score     : 9.0 (AV:N/AC:L/Au:NR/C:P/I:P/A:C)
+    CVSS Temporal Score : 7.0
+  Risk factor : High";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of PHP");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+  script_family(english:"Misc.");
+  script_dependencies("gb_php_detect.nasl");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+phpPort = get_kb_item("PHP/Port");
+if(!phpPort){
+  exit(0);
+}
+
+phpVer = get_kb_item("PHP/Version");
+if(!phpVer){
+  exit(0);
+}
+
+# Debian and Gentoo advisories are available. Once local checks
+# are written, we can exit from here.
+
+# Match PHP version < 5.2.6 
+if(version_is_less_equal(version:phpVer, test_version:"5.2.5")){
+  security_hole(phpPort);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_php_mult_vuln_aug08.nasl
___________________________________________________________________
Name: svn:executable
   + *


From scm-commit at wald.intevation.org  Wed Oct  8 12:48:18 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Wed,  8 Oct 2008 12:48:18 +0200 (CEST)
Subject: [Openvas-commits] r1493 - trunk/doc/website
Message-ID: <20081008104818.54F034070A@pyrosoma.intevation.org>

Author: mwiegand
Date: 2008-10-08 12:48:18 +0200 (Wed, 08 Oct 2008)
New Revision: 1493

Added:
   trunk/doc/website/openvas-cr-16.htm4
Modified:
   trunk/doc/website/openvas-crs.htm4
Log:
Added CR #16.


Added: trunk/doc/website/openvas-cr-16.htm4
===================================================================
--- trunk/doc/website/openvas-cr-16.htm4	2008-10-07 14:11:33 UTC (rev 1492)
+++ trunk/doc/website/openvas-cr-16.htm4	2008-10-08 10:48:18 UTC (rev 1493)
@@ -0,0 +1,82 @@
+m4_dnl -*-html-*-
+m4_include(`template.m4')
+
+m4_dnl OpenVAS
+m4_dnl $Id$
+m4_dnl Description: OpenVAS Change Request #16
+m4_dnl
+m4_dnl Authors:
+m4_dnl Jan-Oliver Wagner <jan-oliver.wagner at intevation.de>
+m4_dnl
+m4_dnl Copyright:
+m4_dnl Copyright (C) 2008 Intevation GmbH
+m4_dnl
+m4_dnl This program is free software; you can redistribute it and/or modify
+m4_dnl it under the terms of the GNU General Public License version 2,
+m4_dnl as published by the Free Software Foundation.
+m4_dnl
+m4_dnl This program is distributed in the hope that it will be useful,
+m4_dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
+m4_dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+m4_dnl GNU General Public License for more details.
+m4_dnl
+m4_dnl You should have received a copy of the GNU General Public License
+m4_dnl along with this program; if not, write to the Free Software
+m4_dnl Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+
+
+PAGE_START
+<h2>OpenVAS Change Request #16: OpenVAS-Client: Do not automatically enable new NVTs</h2>
+
+Status: In discusssion.
+
+<h3>Purpose</h3>
+
+<p>
+  To make the behavior of OpenVAS-Client more flexible and more useful for
+  scanning with fixed NVT sets.
+</p>
+
+<h3>References</h3>
+
+<p>
+  This change request originated from the OpenVAS roadmap.
+</p>
+
+<h3>Rationale</h3>
+
+<p>
+  The present version of OpenVAS-Client automatically enables new NVT; this
+  means that NVTs received from the server which are not yet in the NVT cache
+  will be enable and thus run when the next scan is executed.
+</p>
+
+<p>
+  This behavior might be useful in cases where all NVTs are enabled, but is
+  undesirable when only a specific subset of NVTs is enabled as new NVTs will be
+  added to the subset. A user wishing to keep scanning with only this subset
+  enabled has to manually disable all new NVTs after connecting to the server.
+</p>
+
+<h3>Effects</h3>
+
+<p>
+  This change will introduce a configurable setting in the client that controls
+  whether new NVTs should be automatically enabled or not.
+</p>
+
+
+<h3>Design and Implementation</h3>
+
+<p>
+  The configurable setting controlling this behavior will be implemented in the
+  plugin selection section of OpenVAS-Client and will be scope-specific.
+</p>
+
+
+<h3>History</h3>
+
+<ul>
+<li> 2008-10-08 Michael Wiegand &lt;michael.wiegand at intevation.de&gt;:<br>
+     Initial text.</li>
+</ul>

Modified: trunk/doc/website/openvas-crs.htm4
===================================================================
--- trunk/doc/website/openvas-crs.htm4	2008-10-07 14:11:33 UTC (rev 1492)
+++ trunk/doc/website/openvas-crs.htm4	2008-10-08 10:48:18 UTC (rev 1493)
@@ -59,6 +59,7 @@
 <li> <a href="openvas-cr-13.html">OpenVAS Change Request #13: Integrating the OVAL interpreter ovaldi into OpenVAS Server</a> (in progress)
 <li> <a href="openvas-cr-14.html">OpenVAS Change Request #14: OpenVAS-Client: Remove source code copy of gdchart and gd</a> (done)
 <li> <a href="openvas-cr-15.html">OpenVAS Change Request #15: OpenVAS Server: Remove features for detached scans</a> (in progress)
+<li> <a href="openvas-cr-16.html">OpenVAS Change Request #16: OpenVAS-Client: Do not automatically enable new NVTs</a> (in discussion)
 </ul>
 
 <h3>How to write a change request</h3>


From scm-commit at wald.intevation.org  Tue Oct  7 14:39:36 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Tue,  7 Oct 2008 14:39:36 +0200 (CEST)
Subject: [Openvas-commits] r1490 - trunk/openvas-compendium
Message-ID: <20081007123936.2E8D14070A@pyrosoma.intevation.org>

Author: mwiegand
Date: 2008-10-07 14:39:34 +0200 (Tue, 07 Oct 2008)
New Revision: 1490

Added:
   trunk/openvas-compendium/openvas-compendium.de.tex
Modified:
   trunk/openvas-compendium/ChangeLog
   trunk/openvas-compendium/openvas-compendium.tex
Log:
* openvas-compendium.de.tex: First partial translation of the OpenVAS
compendium into German. Most parts are still in English, this will
hopefully changed in the next few weeks.

* openvas-compendium.tex: Fixed several typos.


Modified: trunk/openvas-compendium/ChangeLog
===================================================================
--- trunk/openvas-compendium/ChangeLog	2008-10-07 12:21:23 UTC (rev 1489)
+++ trunk/openvas-compendium/ChangeLog	2008-10-07 12:39:34 UTC (rev 1490)
@@ -1,5 +1,13 @@
 2008-09-30  Michael Wiegand <michael.wiegand at intevation.de>
 
+	* openvas-compendium.de.tex: First partial translation of the OpenVAS
+	compendium into German. Most parts are still in English, this will
+	hopefully changed in the next few weeks.
+
+	* openvas-compendium.tex: Fixed several typos.
+
+2008-09-30  Michael Wiegand <michael.wiegand at intevation.de>
+
 	Post release version bump.
 
 	* VERSION: Set to 1.0.0.rc2.SVN

Added: trunk/openvas-compendium/openvas-compendium.de.tex
===================================================================
--- trunk/openvas-compendium/openvas-compendium.de.tex	2008-10-07 12:21:23 UTC (rev 1489)
+++ trunk/openvas-compendium/openvas-compendium.de.tex	2008-10-07 12:39:34 UTC (rev 1490)
@@ -0,0 +1,5141 @@
+% OpenVAS
+% $Id$
+% Description: The OpenVAS Compendium, German version
+% Note, that this a HyperLaTeX source and not plain LaTeX!
+%
+% Authors:
+% Jan-Oliver Wagner <jan-oliver.wagner at intevation.de>
+% Michael Wiegand <michael.wiegand at intevation.de>
+% Tim Brown <timb at nth-dimension.org.uk>
+%
+% Copyright:
+% Copyright (C) 2008 Intevation GmbH
+% Copyright (C) 2008 Tim Brown
+
+\documentclass[a4paper,11pt,twoside,titlepage,dvips]{scrbook}
+\usepackage{hyperlatex}
+\usepackage{a4wide}
+\usepackage{times}
+\usepackage[latin1]{inputenc}
+\usepackage[T1]{fontenc}
+\usepackage{ifpdf}
+\T\ifpdf\usepackage[pdftex]{graphicx}\else\usepackage{graphicx}\fi
+\W\usepackage{graphicx}
+\usepackage{alltt}
+\usepackage{moreverb}
+\usepackage{fancyhdr}
+%\W\usepackage{rhxpanel}
+\W\usepackage{sequential}
+\W\htmldirectory{./html}
+
+
+
+\newcommand{\IncludeImage}[2][]{\texorhtml{%
+\begin{center}%
+\ifpdf
+  \DeclareGraphicsExtensions{.png}
+  \includegraphics[#1]{#2.png}%
+\else
+  \DeclareGraphicsExtensions{.eps}
+  \includegraphics[#1]{#2}%
+\fi
+\end{center}%
+}{%
+\htmlimg{../#2.png}%
+}}
+
+% Hyperref should be among the last packages loaded
+\usepackage{hyperref}
+
+
+\newcommand{\compendiumversion}{0.3.0.SVN}
+\newcommand{\compendiumdate}{20080828}
+\newcommand{\compendiumauthor}[1]{\begin{small}(by {#1})\end{small}}
+\newcommand{\hyperurl}[1]{\htmlonly{\xml{p}\small
+\xlink{{#1}}{{#1}}\xml{br}}\texonly{\small{#1}}}
+
+% for a consistent appearance of key names
+\newcommand{\openvasd}{openvasd}
+\newcommand{\openvasnvtsync}{openvas-nvt-sync}
+
+\T\fancyhead{} % clear all fields
+\T\fancyhead[LO,RE]{OpenVAS Kompendium \compendiumversion\ \compendiumdate}
+\T\fancyhead[RO,LE]{\thepage}
+\T\fancyfoot[C]{\includegraphics[width=1cm]{images/openvas-logo}}
+
+
+% Title stuff
+\htmltitle{OpenVAS Kompendium}
+\title{
+\IncludeImage[width=10cm]{images/openvas-logo}
+\ \\
+OpenVAS Kompendium}
+
+\author{\htmlonly{\xml{p}\small
+\xlink{List of PDF Download Versions}{http://wald.intevation.org/frs/?group_id=29}\xml{br}
+%To \xlink{OpenVAS online Compendium}{openvas-compendium.html}\xml{br}
+To \xlink{OpenVAS Homepage}{http://www.openvas.org/}\xml{p}
+}%
+Eine Veröffentlichung des OpenVAS Projektes\\
+  \small Jan-Oliver Wagner, Michael Wiegand, Tim Brown, Carsten Koch Mauthe}
+\date{Version \compendiumversion\ vom \compendiumdate\ }
+
+
+\begin{document}
+\thispagestyle{empty}
+\pagestyle{fancy}
+\T\parindent0cm
+\T\parskip\medskipamount
+
+
+\maketitle
+
+\xname{imprint}
+\chapter*{Imprint}
+
+\noindent
+Copyright \copyright{} 2008 Intevation GmbH\\
+
+\IncludeImage[width=5cm]{images/cc-by-sa-logo}
+
+Diese Veröffentlichung steht unter der folgenden Lizenz:
+
+Creative Commons Namensnennung-Weitergabe unter gleichen Bedingungen 3.0
+Unported
+
+\hyperurl{http://creativecommons.org/licenses/by-sa/3.0/deed.de}
+
+%Special Thanks to:\\
+%XXX YYY for ZZZ (2008).\\
+
+\clearpage
+\xname{inhaltsverzeichnis}
+\tableofcontents
+\clearpage
+
+\xname{einfuehrung}
+\chapter{Einführung}
+\xname{ueber-dieses-kompendium}
+\section{Über dieses Kompendium}
+
+\compendiumauthor{Jan-Oliver Wagner}
+
+Dieses Kompendium wurde von Teilnehmern des OpenVAS Projektes zusammengestellt.
+Es soll auf verständliche Weise alle Aspekte des (Network Security Scanning)
+mit OpenVAS dokumentieren.
+
+Die Themen dieses Kompendiums reichen von Anleitungen zur Benutzung des
+OpenVAS-Clients über die Auswahl spezieller Tests und die Erstellung eigener
+(Vulnerability Tests) in NASL bis zu Details des internen Aufbaus des (Scan
+Servers).
+
+Das OpenVAS-Kompendium wird ständig verbessert und erweitert. Es kann
+vorkommen, dass einige Teile Ihnen nicht ausführlich genug erscheinen und
+andere Teile komplett fehlen.
+
+Zusätzliche Autoren sind herzlich eingeladen bei der Verbesserung und
+Erweiterung des Kompendiums zu helfen. Falls Ihnen einen Bereich auffällt,
+zu dem Sie Ihr Wissen und Ihre Erfahrungen beitragen möchten, koordinieren Sie
+Ihre Ergänzung bitte mit dem OpenVAS Team. Es ist sinnvoll, diese Koordinierung
+durchzuführen, \textit{bevor} Sie mit dem Schreiben beginnen; eventuell
+bearbeitet schon jemand den Bereich, den Sie sich ausgesucht haben.
+
+Die Formatierungssprache für dieses Dokument is \LaTeX mit
+Hyper\LaTeX-Erweiterungungen. Die Quellen für dieses Dokument sind in der
+OpenVAS Quellcodeverwaltung
+\footnote{\hyperurl{http://wald.intevation.org/projects/openvas}} als Modul
+``openvas-compendium'' verfügbar.
+
+\xname{ueber-das-openvas-projekt}
+\section{Über das OpenVAS-Projekt}
+
+\compendiumauthor{Michael Wiegand}
+
+Der Name ``OpenVAS'' steht für ``Open Vulnerability Assessment System'' (Open
+Vulnerability Assessment System). Dieses System stellt eine umfassende Sammlung
+von Werkzeugen für die Sicherheitsanalyse in Netzwerken zur Verfügung, bietet
+eine grafische Benutzungsoberfläche und bindet eine Vielzahl von weiteren
+Sicherheitsanwendungen ein. Das Herzstück des Systems bildet eine
+Serverkomponente, die eine Sammlung von NVTs (Network Vulnerability Tests)
+nutzt, um Sicherheitsprobleme in Netzwerksystem und -anwendungen aufzuspüren.
+
+Das Team der OpenVAS-Entwickler besteht sowohl aus verschiedenen Gruppen in
+Wirtschaft und Forschung als auch aus einzelnen Entwicklern. Die Mehrheit des
+Entwicklerteams hat langjährige Berufserfahrung im Bereich IT-Sicherheit
+und/oder Softwareentwicklung.
+
+Das OpenVAS-Projekt ist offen für neue Mitglieder. Formalisierte Prozesse an
+bestimmten Stellen sollen dabei helfen, sich durch die Teilnahme an diesen
+Prozessen (wie etwa Design, Entwicklung, Test) schnell in das Projekt
+hineinzufinden.
+
+Alle Bestandteile von OpenVAS sind Freie Software und unter der GNU General
+Public License (GPL) lizenziert.
+
+OpenVAS hat seine Wurzeln im leider proprietär gewordenen Nessus-Projekt; seit
+der Abspaltung (fork) von Nessus wird OpenVAS eigenständig weiterentwickelt.
+
+\xname{ueber-die-openvas-software}
+\section{Über die OpenVAS Software}
+
+\compendiumauthor{Michael Wiegand}
+
+\IncludeImage[width=10cm]{images/OpenVAS-Structure}
+
+Die OpenVAS Software besteht aus fünf Modulen, die vom OpenVAS-Projekt zur
+Verfügung gestellt und gewartet. Diese fünf Bestandteile sind:
+
+\begin{description}
+
+ \item[OpenVAS-Server:] Dieses Modul ist der Kern der OpenVAS Software. Es
+bietet die Möglichkeit, eine große Anzahl von Rechnern in kurzer Zeit zu
+testen. Scans werden immer von dem Rechner ausgehen, auf dem OpenVAS-Server
+läuft; aus diesem Grund muss dieser Rechner in der Lage sein, den oder die
+Zielrechner zu erreichen.
+
+Der Server benötigt drei weitere Module:
+
+\begin{description}
+
+ \item[OpenVAS-Libraries:] Dieses Modul enthält die von OpenVAS genutzten
+Bibliotheken.
+
+ \item[OpenVAS-LibNASL:] Die einzelnen Sicherheitstests (Network Vulnerability
+Tests oder NVTs) sind in der ``Nessus Attack Scripting Language'' (NASL)
+geschrieben. Durch dieses Modul kann OpenVAS-Server dieses Skripte lesen und
+ausführen.
+
+ \item[OpenVAS-Plugins:] Dieses Modul bietet eine Grundausstattung an NVTs.
+Bitte beachten Sie, dass der Updatezyklus dieses Moduls nicht dazu gedacht ist,
+die Verfügbarkeit aktueller NVTs sicherzustellen. Falls Sie aktuelle NVTs
+benötigen, sollten Sie einen NVT Feed abonnieren, wie in Abschnitt
+ \ref{sec:NVT feed} beschrieben.
+
+\end{description}
+
+ \item[OpenVAS-Client:] OpenVAS-Client steuert den OpenVAS Server, verarbeitet
+die Scanergebnisse und zeigt sie dem Benutzer an. OpenVAS-Client kann auf jedem
+Rechner laufen, der eine Verbindung zum OpenVAS Server aufbauen kann und kann
+eine Vielzahl von Servern steuern.
+
+\end{description}
+
+\clearpage
+
+\xname{planning-openvas-based-network-auditing}
+\chapter{Planning OpenVAS-based Network Auditing}
+\compendiumauthor{Jan-Oliver Wagner}
+
+\xname{consider-coverage-of-available-vulnerability-tests}
+\section{Consider Coverage of Available Vulnerability Tests}
+\label{sec:NVT feed}
+
+As one of the first tasks of planning security audits based
+on OpenVAS, you should compare your targets with the coverage
+of the currently available OpenVAS vulnerability tests.
+
+Please be aware that the OpenVAS server releases (actually the releases
+of its module ``openvas-plugins'') delivers a base set of tests.
+The update cycle of this base set is quite long compared to
+the occurrence of new vulnerabilities and respective NVTs.
+New or changed tests are promptly distributed via so-called ``feed services''.
+
+If you want to test your network against the latest threats, a successful
+outcome will depend on the quality of the feed service(s) you subscribed to.
+Although the set of
+tests provided by ``openvas-plugins'' will detect a large range of older,
+well-known vulnerabilities, it will most probably be outdated by the time you
+use it and will not be able to detect the most recent vulnerabilities. In order
+to stay up-to-date with the latest security threats, you will need a feed
+service that provides you with the most recent tests for these threats.
+
+The OpenVAS project maintains a feed of its own:
+
+  \hyperurl{http://www.openvas.org/openvas-nvt-feed.html}
+
+To evaluate your need for an up-to-date feed service, you should think about
+the following questions:
+
+\begin{itemize}
+\item To what extent do the available feeds and their maintained
+      families cover my audit target?
+\item In case you are planning a permanent auditing solution and not just a
+      single shot: How sustainable is the feed service organized?
+\item Does the feed deliver signatures on the NVTs with a trust level
+      for quality you are comfortable with?
+\end{itemize}
+
+\xname{auswahl-des-standortes-fuer-einen-scanserver}
+\section{Auswahl des Standortes für einen Scanserver}
+
+Wenn Sie den Einsatz von OpenVAS in Ihrem Netzwerk planen, hängt der ideale
+Standort Ihres Servers davon ab, welche Art von Zielrechnern Sie überprüfen
+möchten.
+
+
+\begin{itemize}
+\item Der Zielrechner ist öffentlich zugänglich:
+
+Eine Anzahl von NVTs sind darauf ausgelegt, den gleichen Ursprung wie
+verschiedene echte Angriffe zu haben: Ein entferntes Netzwerk. Falls Sie
+hauptsächlich an diesen Tests interessiert sind, können Sie einen beliebigen
+Standort außerhalb des Zielnetzwerks für Ihren OpenVAS Server auswählen.
+
+Wir raten Ihnen allerdings, vor einem Scan die Systemadministration des
+Zielsystems kontaktieren und sie darüber zu informieren, dass Sie einen Scan
+mit OpenVAS planen.
+Da OpenVAS auf dem Zielsystem aktiv nach Sicherheitslücken sucht, kann ein Scan
+unter gewissen Umständen wie ein Angriff auf das Zielsystem aussehen und so
+rechtliche oder technische Schritte von Seiten der Systemadministration des
+Zielsystems nach sich ziehen.
+
+\item Der Zielrechner befindet sich in einem abgeschlossenen Intranet:
+
+In diesem Fall sollten Sie Ihren Scan mit Ihrer Systemadministration
+koordinieren.
+
+Abhängig vom Aufbau Ihres Intranets müssen Sie eventuell evaluieren, wie Sie
+alle Zielrechner von Ihrem OpenVAS Server aus erreichen können. In manchen
+Fällen kann die Installation von mehreren Servern sinnvoll sein, um eine
+vollständige Abdeckung Ihres Netzwerks sicherzustellen.
+
+Falls Sie lokale Sicherheitstests (Local Security Checks, LSCs) nutzen möchten,
+müssen Sie die Zielrechner für einen Fernzugriff vorbereiten. Für Unix-basierte
+Systeme ist für die Ausführung von LSCs im Allgemeinen ein Zugriff per ssh
+nötig, bei Microsoft Windows-basierten Systemen geschieht dies über SMB
+Freigaben.
+\end{itemize}
+
+\xname{auswahl-der-ausstattung-eines-scanservers}
+\section{Auswahl der Ausstattung eines Scanservers}
+
+\xname{scanserver-hardware}
+\subsection{Hardware}
+
+OpenVAS stellt unter normalen Umständen keine herausragenden Anforderungen an
+die Leistungfähigkeit des Scanservers, ein handelsüblicher Server sollte in den
+meisten Fällen ausreichen.
+
+Die meisten Benutzer nutzen OpenVAS in einer IA32-Architektur. 64bit- und
+PowerPC-basierte Architekturen werden ebenfalls von OpenVAS unterstützt, werden
+aber nicht im gleichen Ausmaß getestet.
+
+\xname{scanserver-betriebssystem}
+\subsection{Betriebssystem}
+
+Für OpenVAS-Server werden ausschließlich Unix-basierte Betriebssysteme
+unterstützt. Von diesen Systemen sind Linux-basierte System am umfassendsten
+getestet. BSD-basierte Systeme werden ebenfalls unterstützt, aber nicht im
+gleichen Umfang getestet.
+
+Bei der Auswahl des Betriebssystems sollten Sie folgende Aspekte
+berücksichtigen:
+
+\begin{itemize}
+
+\item OpenVAS kann entweder aus dem Quelltext kompiliert werden oder aus
+vorbereiteten Binärpaketen installiert werden. Falls Sie die letztere Methode
+vorziehen, sollten Sie sich über die Verfügbarkeit von Binärpaketen für die
+verschiedenen Betriebssysteme und Distributionen informieren.
+
+\item Verschiedene Sicherheitswerkzeuge können in OpenVAS integriert werden.
+Falls Sie diese Werkzeuge nutzen möchten, sollten Sie sicherstellen, dass die
+Werkzeuge für das von Ihnen gewählte Betriebssystem verfügbar sind. Auch hier
+sind Binärpakete auf manchen Systemen besser verfügbar als auf anderen.
+
+\end{itemize}
+
+\clearpage
+
+\xname{openvas-server-installieren-und-konfigurieren}
+\chapter{OpenVAS-Server installieren und konfigurieren}
+\label{chap:Install-And-Configure-Server}
+
+\compendiumauthor{Tim Brown, Jan-Oliver Wagner and Michael Wiegand}
+\xname{binaerpakete-installieren-server}
+\section{Binärpakete installieren}
+
+Binärpakete für die verbreitetsten Linux-Distributionen und einige andere
+Unix-basierte Systeme sind über die OpenVAS-Website verfügbar.
+
+Bitte beachten Sie, das der Umfang der automatischen Vorkonfiguration bei der
+Installation des Paketes von der verwendeten Distribution und den bei dieser
+Distributionen für die Paketierung Verantwortlichen abhängt. Eine komplette
+Konfigurationsanleitung finden Sie im Abschnitt
+\ref{sec:Configuring OpenVAS-Server}.
+
+Falls keine (oder nicht alle) OpenVAS-Module für das Betriebssystem oder die
+Distribution Ihrer Wahl verfügbar sind, ist es auf den meisten Unix-basierten
+Systemen in der Regel möglich, OpenVAS selbst zu kompilieren (siehe Abschnitt
+\ref{sec:compiling-openvas-server-from-source}). Bei Bedarf können Sie gerne
+die bei dieser Distribution für die Paketierung Verantwortlichen darauf
+hinweisen, dass Sie an OpenVAS-Paketen interessiert sind und dass das OpenVAS
+Entwickler-Team neue Paketierungen nach Möglichkeit unterstützt.
+
+
+\xname{installation-debian-server}
+\subsection{Debian und Ubuntu}
+
+OpenVAS-Server wird zur Zeit in Debian und Ubuntu integriert. Das bedeutet,
+dass Sie OpenVAS-Server in Zukunft einfach mittels des \verb|apt-get|
+Mechanismus installieren können.
+
+Während der Integration in Debian und Ubuntu kann es vorkommen, dass noch nicht
+alle Teile von OpenVAS in den für diese Distributionen offiziellen Paketquellen
+verfügbar sind; eventuell sind die fehlenden Teile aber über andere
+Paketquellen verfügbar. Auf der OpenVAS-Website finden Sie aktuelle
+Informationen über die verfügbaren Pakete.
+
+\xname{installation-gentoo-server}
+\subsection{Gentoo}
+\label{sec:gentoo-server}
+
+OpenVAS Pakete für Gentoo sind über das ``Portage''-System verfügbar. In der
+Gentoo-Dokumentation und auf der OpenVAS-Website finden Sie nähere
+Informationen zur Installation dieser Pakete.
+
+\xname{installation-rpms-server}
+\subsection{OpenSUSE 10.2, 10.3, 11.0 (also Fedora 8, 9 and Mandriva 2007,
+2008)}
+
+Pakete für einige Versionen von OpenSUSE, Fedora, Mandriva und anderen
+RPM-basierten Distributionen sind in einer inoffiziellen Paketquelle unter
+\hyperurl{http://download.opensuse.org/repositories/home:/bitshuffler:/openvas/}
+verfügbar. In der Dokumentation Ihrer Distributionen finden Sie eine Anleitung
+zum Hinzufügen von Paketquellen und zum Installieren dieser Pakete.
+
+\xname{installation-freebsd-server}
+\subsection{FreeBSD}
+
+Die FreeBSD Ports- und Paketesammlung enthält Ports und Pakete für alle 
+OpenVAS-Module.
+
+Mit den folgenden Befehlen können Sie die FreeBSD Ports auf Ihrem FreeBSD
+System kompilieren und installieren:
+
+\begin{verbatim}
+cd /usr/ports/security/openvas-libraries/ && make install clean
+cd /usr/ports/security/openvas-libnasl/ && make install clean
+cd /usr/ports/security/openvas-server/ && make install clean
+cd /usr/ports/security/openvas-plugins/ && make install clean
+\end{verbatim}
+
+Falls Sie die Binärpakete vorziehen, so können Sie diese mit den folgenden
+Befehlen installieren:
+\begin{verbatim}
+pkg_add -r openvas-libraries
+pkg_add -r openvas-libnasl
+pkg_add -r openvas-server
+pkg_add -r openvas-plugins
+\end{verbatim}
+
+\xname{openvas-server-kompilieren}
+\section{OpenVAS-Server kompilieren}
+\label{sec:compiling-openvas-server-from-source}
+
+\xname{aktuelle-quelltext-release-server}
+\subsection{Aktuelles Quelltext-Release}
+
+Auf der OpenVAS-Website finden Sie den Link zum aktuellen Quelltext-Release.
+
+Bitte beachten Sie, dass zur Zeit zwei verschiedene Serien der OpenVAS-Modulen
+verfügbar sind; die stabile Serie 1.0 und die zukünftige Serie 2.0. Die
+Releases der Serie 2.0 sind zur Zeit in der Beta-Phase, also noch nicht
+abschließend getestet und bieten unter Umständen eingeschränkte Funktionalität.
+Sie sind herzlich dazu eingeladen, diese Versionen zu nutzen, falls Sie bei der
+Erprobung der in diesen Versionen enthaltenen neuen Funktionalität helfen
+möchten. Falls Sie OpenVAS in einer Produktivumgebung einsetzen wollen,
+sollten Sie auf die Releases der Serie 1.0 zurückgreifen bis die Serie 2.0 die
+Beta-Phase abgeschlossen hat.
+
+Laden Sie zunächst die vier Quelltextarchive mit der Endung ``.tar.gz''
+herunter und entpacken Sie sie mit dem Befehl
+\verb|tar -xzf openvas-MODUL-N.N.N.tar.gz|. Das Kompilieren des Quelltextes ist
+zur Zeit auf GNU/Linux-Systeme ausgerichtet, funktioniert aber eventuell in
+anderen Umgebungen.
+
+Sie müssen die Module in der folgenden Reihenfolge kompilieren und installieren:
+\begin{enumerate}
+\item openvas-libraries
+\item openvas-libnasl
+\item openvas-server
+\item openvas-plugins
+\end{enumerate}
+
+In der Datei \verb|INSTALL_README| im Verzeichnis "openvas-libraries"
+finden Sie eine Anleitung für die nächsten Schritte.
+
+Wiederholen Sie dies nun für die übrigen Module und lesen Sie die jeweiligen
+\verb|INSTALL|- und/oder \verb|README|-Dateien.
+
+\xname{aktueller-entwicklungsstand-server}
+\subsection{Aktueller Entwicklungsstand (direkt aus der Quelltextverwaltung)}
+
+Sie benötigen das Programm ``subversion'', um den aktuellen Entwicklungsstand
+herunterzuladen:
+
+\paragraph{Stabiler Zweig (1.0)}
+
+Achtung: Bedingt durch den aktuellen Entwicklungsstand wurden drei Module, die
+für die Ausführung von OpenVAS notwendig sind, von dem Haupt-Entwicklungsstrang
+abgezweigt, um die Verfügbarkeit eines stabilen, abwärtskompatiblen Zweiges zu
+gewährleisten. Das Modul ``openvas-plugins'' ist von dieser Verzweigung nicht
+betroffen und kann mit beiden Zweigen genutzt werden.
+
+\begin{verbatim}
+$ svn checkout
+https://svn.wald.intevation.org/svn/openvas/branches/openvas-libraries-1-0
+$ svn checkout
+https://svn.wald.intevation.org/svn/openvas/trunk/openvas-libnasl-1-0
+$ svn checkout
+https://svn.wald.intevation.org/svn/openvas/branches/openvas-server-1-0
+$ svn checkout https://svn.wald.intevation.org/svn/openvas/trunk/openvas-plugins
+\end{verbatim}
+
+\paragraph{Aktueller Entwicklungsstand}
+
+\begin{verbatim}
+$ svn checkout
+https://svn.wald.intevation.org/svn/openvas/trunk/openvas-libraries
+$ svn checkout https://svn.wald.intevation.org/svn/openvas/trunk/openvas-libnasl
+$ svn checkout https://svn.wald.intevation.org/svn/openvas/trunk/openvas-server
+$ svn checkout https://svn.wald.intevation.org/svn/openvas/trunk/openvas-plugins
+\end{verbatim}
+
+In der Datei \verb|INSTALL_README| im Verzeichnis "openvas-libraries"
+finden Sie eine Anleitung für die nächsten Schritte.
+
+Wiederholen Sie dies nun für die übrigen Module und lesen Sie die jeweiligen
+\verb|INSTALL|- und/oder \verb|README|-Dateien.
+
+Das Team der OpenVAS-Entwickler fühlt dazu verpflichtet, eine möglichst hohe
+Codequalität zu gewährleisten. Bitte beachten Sie trotzdem, dass Sie einen
+aktuellen Entwicklungsstand benutzen, der unvollständig und instabil sein
+könnte und nicht in Produktivumgebungen eingesetzt werden sollte.
+
+\xname{configuring-openvas-server}
+\section{Configuring OpenVAS-Server}
+\label{sec:Configuring OpenVAS-Server} 
+\compendiumauthor{Michael Wiegand}
+
+After installing OpenVAS-Server some additional steps are needed to get your
+OpenVAS installation up and running. This section provides with the information
+you need to generate a server certificate and add users to your installation.
+
+If you have installed OpenVAS from packages provided by your distribution, be
+aware that there might be differences between the instructions provided by this
+compendium and the steps necessary on your distribution. Please refer to the
+documentation provided by your distribution for additional information.
+
+Also note that you might need to installation additional software in you are
+planning on using the tools described in chapter \ref{chap:tools}.
+
+\xname{generating-a-server-certificate}
+\subsection{Generating a Server Certificate}
+
+For security reasons, communication between server and client is only possible
+through SSL encrypted connections. In order to establish an SSL encrypted
+connection, the server needs to have an SSL certificate. If the machine
+OpenVAS-Server is running on does not have a certificate, you will to generate
+one yourself.
+
+The easiest way to do this is through the \verb|openvas-mkcert|
+script provided by the OpenVAS-Server package. This will generate two
+certificates: one certificate for a local certificate authority (CA) and a
+second certificate for the OpenVAS server which is signed by the CA and is
+presented to connecting clients.
+
+However, in case you want or have to consider a X.509 Public Key Infrastructure (PKI),
+you may of course use a certificate signed by the respective CA, which is e.g. done
+by your trust center.
+
+\xname{adding-new-users}
+\subsection{Adding New Users}
+
+In order to use an OpenVAS server, a client needs to have a user account on the
+server. The OpenVAS-Server package provides the \verb|openvas-adduser| script
+to simplify creating user account. Using \verb|openvas-adduser|, you can specify
+whether the user should use a password or a certificate to authenticate himself
+and optionally restrict the access rights of the user.
+
+Restricted access rights can be useful to prevent users from scanning arbitrary
+hosts or networks. You can specify rules that restrict an user to certain hosts
+or subnets or even prevent him from scanning any host but his own.
+
+The correct syntax for user rules is:
+
+\verb#accept|deny ip/mask#
+
+and 
+
+\verb#default accept|deny#
+
+Where \verb#mask# is the CIDR netmask of the rule.
+
+The \verb#default# statement must be the last rule and defines the policy for
+the user.
+
+The following rule set will allow the user to test 192.168.1.0/24, 
+192.168.3.0/24 and 172.22.0.0/16, but nothing else:
+
+\begin{verbatim}
+accept 192.168.1.0/24
+accept 192.168.3.0/24
+accept 172.22.0.0/16
+default deny
+\end{verbatim}
+
+The following rule set will allow the user to test whatever he wants, 
+except the network 192.168.1.0/24:
+
+\begin{verbatim}
+deny 192.168.1.0/24
+default accept
+\end{verbatim}
+
+The keyword \verb#client_ip# is replaced at runtime by the IP address
+of the user. If you want to restrict the user to be able to scan only the system
+he is connecting from, you can use the following ruleset:
+
+\begin{verbatim}
+accept client_ip
+default deny
+\end{verbatim}
+
+\xname{advanced-configuration-server}
+\subsection{Advanced Configuration}
+
+If you need to make changes to the default OpenVAS-Server configuration, you can
+do so in the configuration file located at \verb#/etc/openvas/openvasd.conf#.
+
+The following settings can be configured through the openvasd.conf configuration
+file (note: the default values for your distribution may differ from the default
+values described here):
+
+\begin{description}
+ \item[plugins\_folder] This setting configures the path where the NVT scripts
+can be found. \textit{(default value: /lib/openvas/plugins)}
+ \item[max\_hosts] The maximum number of hosts that will be tested
+simultaneously. \textit{(default value: 30)}
+ \item[max\_checks] The maximum number of checks that will run simultaneously
+against a given host. \textit{(default value: 10)}
+ \item[be\_nice] Niceness. If set to 'yes', openvasd will renice itself to 10.
+\textit{(default value: no)}
+ \item[logfile] The file used to log activity. If this value is set to 'syslog',
+OpenVAS-Server will use syslogd for logging.
+\textit{(default value: /var/log/openvas/openvasd.messages)}
+ \item[log\_whole\_attack] This setting controls how detailed should be logged. If
+this option is set to 'no', only the start and end time of the scan is logged.
+If set to 'yes', OpenVAS-Server will log more information, including the time
+each plugin took to execute. Be aware that this may cause OpenVAS-Server to use 
+more hard disk space and to access the hard disk more often during the scan.
+\textit{(default value: no)}
+ \item[log\_plugins\_name\_at\_load] This setting controls whether the names of the
+plugins that are loaded by the server should be logged.
+\textit{(default value: no)}
+
+ \item[dumpfile] This option configures the name of the file that should be used
+for debugging output. If this option is set to '-', debugging output will be
+written to stdout. \textit{(default value: /var/log/openvas/openvasd.dump)}
+
+ \item[rules] The filename for the server rules file.
+\textit{(default value: /etc/openvas/openvasd.rules)}
+
+ \item[users] The filename for the user database.
+\textit{(default value: /etc/openvas/openvasd.users)}
+
+ \item[cgi\_path] The default CGI paths to check, separated by colons(':').
+\textit{(default value: /cgi-bin:/scripts)}
+
+ \item[port\_range] The range of ports that will be scanned by the port scanners.
+If this setting is set to 'default', OpenVAS-Server will scan the ports
+specified in the file found at \verb#/var/lib/openvas/openvas-services#.
+\textit{(default value: default)}
+
+ \item[optimize\_test] Security tests may request to be launched if and only if
+certain information gathered by other tests exists in the knowledge base, or if
+and only if a given port is open. If this option is set to 'yes', it will speed
+up the test, but may cause the OpenVAS server to miss some vulnerabilities.
+\textit{(default value: yes)}
+
+ \item[language] The language to use in plugin description. Currently the values
+'english' and 'french' are supported. \textit{(default value: english)}
+
+ \item[checks\_read\_timeout] The read timeout (in seconds) for the sockets used
+while scanning. \textit{(default value: 5)}
+
+ \item[non\_simult\_ports] This option can be used to specify a list of ports or
+services against which plugins should not be run simultaneously.
+\textit{(default value: 139, 445)}
+
+ \item[plugins\_timeout] The maximum lifetime of a plugin (in seconds).
+\textit{(default value: 320)}
+
+ \item[safe\_checks] Some security checks may harm the target server, by
+disabling the remote service temporarily or until a reboot. If this option, is
+set to 'yes', the OpenVAS server will rely on banners instead of actually
+performing a security check. This will result in a less reliable report, but you
+is less likely to disrupt functionality on the target system during a test.
+\textit{(default value: yes)}
+
+ \item[auto\_enable\_dependencies] If this option is set to 'yes', OpenVAS-Server
+will automatically enable plugins which are need by the plugins selected by the
+user. \textit{(default value: yes)}
+
+ \item[silent\_dependencies] If this option is set to 'yes', output from plugins
+which were enabled automatically will not be send to the client.
+\textit{(default value: yes)}
+
+ \item[use\_mac\_addr] Designate hosts by MAC address, not IP address; this can
+be useful in DHCP networks. \textit{(default value: no)}
+
+ \item[save\_knowledge\_base] This option controls whether the knowledge base
+created during the scan should be saved to disk. \textit{(default value: no)}
+
+ \item[kb\_restore] This setting controls whether the knowledge base should be
+restored for each test. \textit{(default value: no)}
+
+ \item[only\_test\_hosts\_whose\_kb\_we\_dont\_have] If this option is set to
+'yes', OpenVAS-Server will only test the hosts that are not yet in the knowledge
+base. This can be used to scan new hosts once if they appear in a subnet for the
+first time, for example. \textit{(default value: no)}
+
+ \item[only\_test\_hosts\_whose\_kb\_we\_have] If this option is set to 'yes',
+OpenVAS-Server will only test the hosts that are already in the knowledge
+base. This is useful for scanning only a set of host that are already known to 
+the server. \textit{(default value: no)}
+
+ \item[kb\_dont\_replay\_scanners] If this option is set to 'yes' and the option
+kb\_restore has been enabled, scanner plugins will not be launched if they have
+already been launched in the past. \textit{(default value: no)}
+
+ \item[kb\_dont\_replay\_info\_gathering] If this option is set to 'yes' and the
+option kb\_restore has been enabled, information gathering plugins will not be
+launched if they have already been launched in the past.
+\textit{(default value: no)}
+
+ \item[kb\_dont\_replay\_attacks] If this option is set to 'yes' and the option
+kb\_restore has been enabled, attack plugins will not be launched if they have
+already been launched in the past. \textit{(default value: no)}
+
+ \item[kb\_dont\_replay\_denials] If this option is set to 'yes' and the option
+kb\_restore has been enable, denial of service plugins will not be launched if
+they have already been launched in the past. \textit{(default value: no)}
+
+ \item[kb\_max\_age] This option sets the maximum age of the knowledge base (in
+seconds). \textit{(default value: 864000)}
+
+ \item[slice\_network\_addresses] If this option is set to 'yes', OpenVAS will
+not scan a network sequentially, (10.0.0.1, 10.0.0.2, 10.0.0.3) but will attempt
+to slice the workload throughout the whole network (i.e.: 10.0.0.1, 10.0.0.127,
+10.0.0.2, 10.0.0.128). \textit{(default value: no)}
+
+ \item[nasl\_no\_signature\_check] If this option is set to 'yes',
+OpenVAS-Server will not check the signatures of the NASL scripts and will run
+scripts even if they have no or no valid signature. Be aware that setting this
+option to 'yes' does pose a security risk. However, at the current stage of
+OpenVAS development, signatures are only available for a limited subset of
+tests. If this option is set to 'no', you will only be able to use a very
+limited number of plugins. For this reason, this option will default to 'yes'
+until an infrastructure for signature checking has been established. 
+\textit{(default value: yes)}
+\end{description}
+
+\xname{configuring-nvt-feeds}
+\section{Configuring NVT Feeds}
+
+\compendiumauthor{Jan-Oliver Wagner and Tim Brown}
+
+This section explains how NVT Feed Services work in general and how you can use
+a Feed Service to keep up-to-date with the latest NVTs.
+
+An OpenVAS NVT Feed Service provides a set of NVTs (i.e. ".nasl" and ".inc"
+files) which can be downloaded into your OpenVAS server installation.
+
+In fact, only changed and new NVTs will be downloaded along with their signature
+files (".asc") and an overall "md5sums". This synchronization process uses the
+RSYNC technology. The signatures are only relevant for you if you configure
+your OpenVAS server to execute only trusted NVTs.
+
+\xname{prerequisites-server}
+\subsection{Prerequisites}
+
+Apart from openvas-plugins (version 0.9.1 or higher), which contains the
+"openvas-nvt-sync" script, you need to have the standard \verb|rsync| and
+\verb|md5sum| tools available on the system where your OpenVAS server instance
+is running. If you installed OpenVAS from a binary package, the package
+management of your distribution should have taken care to meet these
+dependencies already.
+
+\xname{synchronizing-with-openvas-nvt-feed}
+\subsection{Performing a synchronization with an OpenVAS NVT Feed}
+
+To synchronize your NVT repository with an OpenVAS NVT Feed, you need to follow
+these steps:
+
+\begin{enumerate}
+ \item Check the configuration of the synchronization command:
+Usually you will find this shell script installed as
+\verb|/usr/sbin/openvas-nvt-sync|.
+
+You should verify that the variables "NVT\_DIR" and "FEED" are correct. This
+should be the case for NVT\_DIR if you did not deviate from the standard build
+and install routine. For FEED there is currently only the pre-configured one
+available anyway. So, just don't change it.
+
+\item Run the synchronization command:
+\begin{verbatim}
+           # openvas-nvt-sync
+\end{verbatim}
+
+It will connect to the currently only available NVT feed. At the end, it will
+verify the md5 checksums of all synchronized files. If any of them fails, an
+error is reported. In this case you should retry a couple of minutes later
+(reasons for failures could be network lags or that feed was updated at the same
+time.) If the problem occurs again, please report it to the OpenVAS discussion
+mailing list.
+
+\item Restart the OpenVAS server (openvasd):
+\begin{verbatim}
+           # kill -1 PID
+\end{verbatim}
+
+Where PID is the process ID of the main openvasd. You may see in the
+"openvas-nvt-sync" script how this should work ideally, but currently it does
+not work. You might consider using the "killall openvasd" command if you really
+know what this means.
+\end{enumerate}
+
+\xname{available-nvt-feed-services}
+\subsection{Available NVT Feed Services}
+
+For demonstration purposes, the OpenVAS project offers a simple NVT feed at
+rsync://rsync.openvas.org:/nvt-feed. It is pre-configured in the
+"openvas-nvt-sync" tool.
+
+However, the NVTs are signed with the OpenVAS Transfer Integrity certificate.
+
+\xname{automatically-updating-an-nvt-feed}
+\subsection{Automatically Updating an NVT Feed}
+
+\begin{itemize}
+\item Create a script called "openvas-update" and save it somewhere such as
+"/usr/local/bin":
+\begin{verbatim}
+	#!/bin/sh
+
+	temp=`tempfile`
+	openvas-nvt-sync 2>&1> $temp
+	if [ $? -ne  0 ]
+	then
+		cat $temp
+	fi
+	rm $temp
+	if [ -f /var/lib/run/openvasd.pid ]
+	then
+		pid=`cat /var/lib/run/openvasd.pid`
+		kill -1 $pid 2>/dev/null
+	fi
+\end{verbatim}
+
+\item Update your crontab to contain a line such as:
+\begin{verbatim}
+	25 4 * * *	root	/usr/local/bin/openvas-update
+\end{verbatim}
+\end{itemize}
+
+\xname{managing-nvt-signatures}
+\section{Managing NVT signatures}
+\compendiumauthor{Jan-Oliver Wagner}
+
+This section explains what you need to do to allow your OpenVAS-Server to
+execute only signed NVTs with a trust level you decide.
+
+Currently, some signed NVTs are available by using the command
+\verb#openvas-nvt-sync# which is included in openvas-plugins
+The signatures correspond to the certificate "OpenVAS Transfer Integrity"
+available on the OpenVAS website.
+
+\xname{what-is-a-signature}
+\subsection{What is a Signature?}
+
+A clever method is applied to compute a unique checksum for a file. If only a
+single character in the file changes, the checksum will change as well. This
+checksum is digitally signed in a way that you can test with a public
+certificate whether a certain key was used to create the signature. Such a key
+and certificate do always form a pair that is related to each other. If the
+signed file has been modified by a third party, the signature will be broken. In
+this case you should not trust the file.
+
+If the signature is not broken, the question remains if you trust the owner of
+the key. If you decided to do so (and there any many ways and supporting
+technologies to manage this), you can accept the file as trustworthy.
+
+\xname{the-signature-format}
+\subsection{The Signature Format}
+
+The signatures for OpenVAS NVTs and associated files (.nasl, .inc and .nes) are
+standard so-called "ASCII-armored detached OpenPGP signatures" created with
+GnuPG. This format features:
+
+\begin{itemize}
+ \item Multiple signer keys possible
+ \item Site administrators can decide which keys to trust
+ \item Signatures can be created and verified with widely available tools like
+GnuPG
+ \item detached signatures do not require changes to the signed file (like
+inline signatures would)
+\end{itemize}
+
+The name of the signature file is the name of the signed file with the added
+extension ".asc". That is, the name of the signature file for a file
+"myscript.nasl" is "myscript.nasl.asc".
+
+Please note the difference to Nessus: Nessus signatures were inline x509-based
+signatures. This concept does not consider multiple signatures. Please be aware
+that OpenVAS no longer supports Nessus signatures and will consider plugins
+unsigned even if the have a valid Nessus signature.
+
+\xname{the-signature-verification-process}
+\subsection{The Signature Verification Process}
+
+The signature verification of the OpenVAS server is activated by setting
+"nasl\_no\_signature\_check = no" in /etc/openvas/openvasd.conf.
+
+At start-up the openvas daemon (openvasd) checks all signatures for validity.
+Only fully trusted files are considered by the server and thus loaded and made
+available to OpenVAS client.
+
+The trust check uses a special list of certificates managed for the
+OpenVAS server. It is a standard GnuPG keyring located by default in
+/etc/openvas/gnupg.
+
+When OpenVAS verifies a signature it checks all signatures contained in the
+signature file and all signatures must be fully valid. This means that all of
+the following criteria must be fulfilled for all signatures:
+
+\begin{itemize}
+ \item The certificate must be present in the keyring.
+ \item The key must be fully valid.
+ \item The signature must be valid.
+\end{itemize}
+
+If any of the signatures does not meet all of these criteria, that file is
+considered untrustworthy and will not be executed at all. If all signatures meet
+the criteria, the script is trusted fully and may execute all functions. If no
+signature file exists, the script is not executed at all.
+
+Again, please note the difference to Nessus: For Nessus signatures, three levels
+were distinguished: no signature, a bad signature and a good signature. Plugins
+with no signature were still executed, but in a "restricted" mode where no
+functions that were regarded critical could be executed. OpenVAS explicitly only
+distinguishes between fully trusted and untrusted files.
+
+\xname{how-to-add-a-certificate}
+\subsection{How to Add a Certificate}
+
+To add a certificate to the OpenVAS Server keyring, use this command:
+
+\begin{verbatim}
+# gpg --homedir=/etc/openvas/gnupg --import certificate-file.asc
+\end{verbatim}
+
+See the OpenVAS website for available certificate files.
+
+\xname{how-to-set-trust}
+\subsection{How to Set Trust}
+
+To express trust into keys that signed NVTs (see "How to set trust" below) you
+need a signing key for your OpenVAS installation. You can use an existing key,
+or you can generate a new one:
+
+\begin{verbatim}
+# gpg --homedir=/etc/openvas/gnupg --gen-key
+\end{verbatim}
+
+This needs to be done only once for an OpenVAS-Server installation.
+
+For OpenVAS to trust a signature, the key used to create the signature has to be
+valid. A certificate corresponding to this key that was just imported has an
+unknown validity and thus is considered not valid.
+
+In order to trust a certificate for your purpose, you have to sign it. The
+recommended way is to use local signatures that remain only in the keyring of
+your OpenVAS Server installation.
+
+To sign a certificate you need to know its KEY\_ID. You can get it either
+from the OpenVAS website or via a "list-keys" command. Then you can locally
+sign:
+
+\begin{verbatim}
+# gpg --homedir=/etc/openvas/gnupg --list-keys
+
+# gpg --homedir=/etc/openvas/gnupg --lsign-key KEY_ID
+\end{verbatim}
+
+Before signing you should be absolutely sure that you are signing correct
+certificate. You may use its fingerprint and other methods to convince yourself.
+
+\xname{how-to-remove-a-certificate}
+\subsection{How to Remove a Certificate}
+
+\begin{verbatim}
+# gpg --homedir=/etc/openvas/gnupg --delete-keys KEY_ID
+\end{verbatim}
+
+\xname{manual-signature-verification}
+\subsection{Manual Signature Verification}
+
+In case you want to manually verify the validity of a .nasl file, you  can
+either run GnuPG:
+
+\begin{verbatim}
+$ gpg --homedir=/etc/openvas/gnupg gpg --verify script.nasl.asc script.nasl
+\end{verbatim}
+
+Or you can use the standalone nasl interpreter:
+\begin{verbatim}
+$ openvas-nasl -p script.nasl
+\end{verbatim}
+
+The -p Option means that the script is only parsed and not executed.
+
+To debug the signature verification done by the nasl interpreter, use the -T
+option to enable the trace mode. The signature verification will leave more
+detailed information about the verification and the signatures found in the
+trace file.
+\clearpage
+
+\xname{openvas-file-locations}
+\chapter{OpenVAS File Locations}
+\compendiumauthor{Michael Wiegand}
+
+The OpenVAS components will install files to different locations on your
+system during installation. This chapter aims to give you a rough idea of what
+will be installed where.
+
+Please note that the locations presented here refer to a standard installation
+from source with PREFIX=/usr/local.
+These locations may differ according to the choices made when
+configuring and compiling the individual components; if you installed OpenVAS
+from binary packages provided for your distribution, the package maintainers
+may have chosen different locations according to the distributions guidelines.
+
+Be aware that most of these directories will of course contain files additional
+to the ones described in the following sections; this chapter only points out
+which files will be placed by OpenVAS in certain locations.
+
+\xname{usr-local-bin}
+\section{Executables for users (PREFIX/bin)}
+
+This directory holds executables that are either relevant for
+the user or for the source code compilation procedure:
+
+\begin{itemize}
+\item \verb|libopenvas-config|: compile parameters for modules that use openvas-libraries
+\item \verb|openvas-libnasl-config|: compile parameters for modules that use openvas-libnasl
+\item \verb|openvasd-config|: compile parameters for modules that use openvas-server
+\item \verb|openvas-mkcert-client|: a tool for generating client certificates
+\item \verb|openvas-nasl|: a standalone NASL interpreter for users who want to test
+  a NASL skript for syntax errors.
+\item \verb|OpenVAS-Client|: The graphical user interface.
+% TODO: Is this worth mentioning or will it be removed anyway eventually?
+% \item \verb|openvas-mkrand|:
+\end{itemize}
+
+\xname{usr-local-etc-openvas}
+\section{Server configuration (PREFIX/etc/openvas)}
+
+This directory holds the system-wide configuration data for OpenVAS including
+the file for the access rules and the user database.
+
+\begin{itemize}
+\item \verb|openvasd.conf|: the main server configuration.
+\item \verb|openvasd.rules|: rules to restrict set of target systems for OpenVAS users.
+\item \verb|gnupg|: the keyring and trust levels for defining which NVTs are allowed for
+  execution
+\end{itemize}
+
+\xname{usr-local-include-openvas}
+\section{Compilation files (PREFIX/include/openvas)}
+
+This directory contains the C header files for OpenVAS. They are only
+relevant for compilation of OpenVAS on the respective system.
+
+\xname{usr-local-lib}
+\section{Libraries (PREFIX/lib}
+
+This directory holds the library files, static (.a) and dynamic (.so)
+of the OpenVAS components openvas-libraries and openvas-libnasl.
+
+\xname{usr-local-lib-openvas-plugins}
+\section{NVTs (PREFIX/lib/openvas/plugins)}
+
+This is the directory where all \verb|.nasl| and \verb|.inc| files are located.
+
+\xname{usr-local-sbin}
+\section{Executables for server (PREFIX/sbin)}
+
+This directory holds several executables useful for OpenVAS system administrators:
+
+\begin{itemize}
+\item \verb|openvasd|: The OpenVAS server itself.
+\item \verb|openvas-adduser|: Routine to add a OpenVAS user.
+\item \verb|openvas-mkcert|: Routine to create a server certificate.
+\item \verb|openvas-rmuser|: Routine to remove a OpenVAS user.
+\item \verb|openvas-check-signature|: Routine to check singatures on NVTs.
+\item \verb|openvas-nvt-sync|: Routine for synchronisation with NVT Feeds.
+\end{itemize}
+
+\xname{usr-local-share-man}
+\section{Manual pages for users (PREFIX/share/man)}
+
+This directory contains the standard unixoid manual pages for the individual executables
+relevant for OpenVAS users and for the source code compilation process.
+
+\xname{usr-local-man}
+\section{Manual pages for server (PREFIX/man)}
+
+This directory contains the standard unixoid manual pages for the individual executables
+relevant for OpenVAS administation.
+
+\xname{usr-local-var-lib-openvas}
+\section{Server installation specific data (PREFIX/var/lib/openvas)}
+
+This directory contains data which are specific for each OpenVAS installation:
+
+\begin{itemize}
+
+\item \verb|CA|: Public certitificates created for OpenVAS Server SSL connections.
+
+\item \verb|private/CA|: Corresponding private certificates.
+
+\item \verb|users/|: Files for each configured OpenVAS user.
+
+\item \verb|openvas-services|: List of known services with their port numbers.
+
+\item \verb|services.tcp|: TCP services.
+
+\item \verb|services.udp|: UDP services.
+
+\end{itemize}
+
+\xname{usr-local-var-log-openvas}
+\section{Log files (PREFIX/var/log/openvas)}
+
+This directory holds the log files of the OpenVAS-Server component:
+
+\begin{itemize}
+\item \verb|openvasd.dump|
+\item \verb|openvasd.messages|
+\end{itemize}
+
+
+\xname{usr-local-var-run}
+\section{Server process information (PREFIX/var/run)}
+
+This directory contains runtime data of a running OpenVAS system:
+
+\begin{itemize}
+\item \verb|openvasd.pid|: Process identifier file.
+\end{itemize}
+
+\xname{home-openvas}
+\section{User data (HOME/)}
+
+All user specific runtime data (managed by OpenVAS-Client) are located
+in the home directory of the user:
+
+\begin{itemize}
+\item \verb|.openvas/TTT/|: Directory with all files that relate to task ,,TTT''.
+
+\item \verb|.openvas/TTT/nessusrc|: [OpenVAS 1.0] Task-specific configuration.
+
+\item \verb|.openvas/TTT/openvasrc|: [OpenVAS 2.0] Task-specific configuration.
+
+\item \verb|.openvas/TTT/SSS/|: Directory with all files that relate to scope ,,SSS''
+  of task ,,TTT''.
+
+\item \verb|.openvas/TTT/SSS/nessusrc|: [OpenVAS 1.0] Scope-specific configuration.
+
+\item \verb|.openvas/TTT/SSS/openvasrc|: [OpenVAS 2.0] Scope-specific configuration.
+
+\item \verb|.openvas/TTT/SSS/RRR/|: Directory with all files that relate to report ,,RRR'' of scope ,,SSS''
+  of task ,,TTT''.
+
+\item \verb|.openvas/TTT/SSS/RRR/nessusrc|: [OpenVAS 1.0] Configuration that
+  was applied when creating this report ,,RRR''.
+
+\item \verb|.openvas/TTT/SSS/RRR/openvasrc|: [OpenVAS 2.0] Configuration that
+  was applied when creating this report ,,RRR''.
+
+\item \verb|.openvas/TTT/SSS/RRR/report.nbe|: The actual contents of report ,,RRR'' in a text format.
+
+\item \verb|.openvas/TTT/SSS/RRR/report.nbe.cnt|: Counter for security holes, warnings and hints collected
+  with this report (can be recalculated from report.nbe).
+
+\item \verb|.openvas/TTT/SSS/RRR/nessus_plugin_cache|: [OpenVAS 1.0] Cached NVT descriptions
+  that define the NVTs called to produce report ,,RRR''.
+
+\item \verb|.openvas/TTT/SSS/RRR/openvas_nvt_cache|: [OpenVAS 2.0] Cached NVT descriptions
+  that define the NVTs called to produce report ,,RRR''.
+
+\item \verb|.openvasrc|: Default configuration for OpenVAS-Client.
+
+\item \verb|.openvasrc.cert|: Certificates of OpenVAS Servers connected in the past
+  that were accepted by the user as correct.
+\end{itemize}
+
+
+\xname{installing-and-configuring-openvas-client}
+\chapter{Installing and Configuring OpenVAS-Client}
+\compendiumauthor{Tim Brown, Jan-Oliver Wagner and Michael Wiegand}
+
+\xname{installing-binary-packages-client}
+\section{Installing Binary Packages}
+
+Binary packages for the major linux distributions and some other platforms are
+available for download from the OpenVAS website or from services provided by
+third parties.
+
+\xname{installing-debian-client}
+\subsection{Debian "Sid" (unstable) and "Lenny" (testing)}
+
+OpenVAS-Client is an official Debian package for the distributions "unstable"
+("Sid) and "testing" ("Lenny"). You can find more information about the Debian
+packages on the OpenVAS-Client package pages for
+Sid\footnote{\hyperurl{http://packages.debian.org/sid/openvas-client}} and
+Lenny\footnote{\hyperurl{http://packages.debian.org/lenny/openvas-client}}.
+
+This means you can simply install OpenVAS-Client on Debian Sid or Debian
+Lenny with the following command:
+\begin{verbatim}
+# apt-get install openvas-client
+\end{verbatim}
+
+\xname{installing-etch-client}
+\subsection{Debian "Etch" 4.0 (stable)}
+
+OpenVAS-Client is not an official package for the Debian 4.0 release ("Etch").
+To enable you to easily run OpenVAS-Client on Debian Etch, the OpenVAS
+project provides backports for Etch. You can install OpenVAS-Client on
+Debian Etch by following these steps:
+
+Select the following resource and add the line
+to the file /etc/apt/sources.list on your system:
+\begin{verbatim}
+ deb http://apt.intevation.de/ etch openvas
+\end{verbatim}
+
+Then, update your package list and install OpenVAS-Client:
+
+\begin{verbatim}
+ # apt-get update
+ # apt-get install openvas-client
+\end{verbatim} 
+
+\xname{installing-ubuntu-client}
+\subsection{Ubuntu 8.10 "Intrepid Ibex"}
+
+OpenVAS-Client has been added to the upcoming Ubuntu 8.10 release
+("Intrepid Ibex") which is scheduled for release in October 2008. You can find
+more information about the Ubuntu
+package on the OpenVAS Client package page for Intrepid Ibex (at
+\hyperurl{http://packages.ubuntu.com/intrepid/openvas-client}).
+
+This means you can simply install OpenVAS-Client on Ubuntu 8.10 with the
+following command:
+
+\begin{verbatim}
+# apt-get install openvas-client
+\end{verbatim}
+
+Backported packages are also available for the Ubuntu 8.04 LTS release ("Hardy
+Heron"). To install OpenVAS-Client on Ubuntu 8.04 LTS, simply follow the
+instructions for Debian 4.0 "Etch" as described above.
+
+\xname{installing-gentoo-client}
+\subsection{Gentoo}
+
+Please see the installation description for OpenVAS-Server on Gentoo in
+section \ref{sec:gentoo-server}.
+
+\xname{installing-suse-client}
+\subsection{OpenSUSE 10.2}
+
+In the download area you will find the file
+openvas-client-N.N.N-M.suse102.openvas.i586.rpm where N.N.N stands for the
+version of OpenVAS-Client and M for the package release number.
+
+The corresponding source RPM files are named
+openvas-client-N.N.N-M.suse102.openvas.src.rpm.
+You will need these files only if you plan to rebuild the actual installation
+package.
+
+\xname{installing-fedora-client}
+\subsection{Fedora 8}
+
+In the download area you will find the file
+openvas-client-N.N.N-M.fc8.openvas.i586.rpm
+where N.N.N stands for the version of OpenVAS-Client and
+M for the package release number.
+
+The corresponding source RPM files are named
+openvas-client-N.N.N-M.fc8.openvas.src.rpm.
+You will need these files only if you plan to rebuild
+the actual installation package.
+
+\xname{installing-windows-client}
+\subsection{Windows XP SP2}
+
+In the download area you will find the file OpenVAS-Client-N.N.N-M-LL-setup.exe
+where N.N.N stands for the version of OpenVAS-Client, M for the package release
+number and LL for the language (e.g. en=English, de=German, sv=Swedish).
+
+\xname{installing-freebsd-client}
+\subsection{FreeBSD}
+
+The FreeBSD Ports and Packages Collection provides ports and packages for
+OpenVAS-Client.
+
+The following commands can be used to compile and install the FreeBSD port on
+your FreeBSD system:
+
+\begin{verbatim}
+cd /usr/ports/security/openvas-client/ && make install clean
+\end{verbatim}
+
+If you would rather use the binary package, you will want to use the following
+commands:
+\begin{verbatim}
+pkg_add -r openvas-client
+\end{verbatim}
+
+\xname{compiling-openvas-client-from-source}
+\section{Compiling OpenVAS-Client from Source Packages}
+
+\xname{latest-source-code-release-client}
+\subsection{Latest source code release}
+
+Be aware the there are currently two different series of OpenVAS available for
+download: the stable 1.0 series and the upcoming 2.0 series. The releases for
+the 2.0 series are currently designated as ``beta'', meaning that they are still
+in a testing phase and might not work as expected. You are more than welcome to
+use the releases for the 2.0 series if you want to take part in testing the new
+functionality provided by this versions; if you are planning on using OpenVAS in
+a production environment, we recommend that you use the releases of the 1.0
+series until the 2.0 series has been finalized.
+
+Download the ".tar.gz" source code archive from the download section of the
+OpenVAS website and unpack with "tar -xzf openvas-client-N.N.N.tar.gz".
+Compiling from source is currently geared towards GNU/Linux systems, but may
+work as well in other environments.
+
+Now read the README file inside the new directory for further instructions.
+
+\xname{most-current-state-client}
+\subsection{Most current state of development (directly from the source code
+management system)}
+
+You need subversion to retrieve the code:
+
+\paragraph{Stable 1.0 branch}
+
+\begin{verbatim}
+ $ svn checkout
+https://svn.wald.intevation.org/svn/openvas/branches/openvas-client-1-0
+\end{verbatim}
+
+\paragraph{Current state of development}
+
+\begin{verbatim}
+ $ svn checkout
+https://svn.wald.intevation.org/svn/openvas/trunk/openvas-client
+\end{verbatim}
+
+Change to the new directory and follow the instructions of the README file.
+
+Although the OpenVAS team is committed to maintaining a high code quality,
+please be aware that you are using a development state that may be incomplete
+and unstable and should not be used in production environments.
+
+\clearpage
+
+\xname{using-openvas-client}
+\chapter{Using OpenVAS-Client}
+\compendiumauthor{Jan-Oliver Wagner}
+
+Dieser Abschnitt beschreibt den grundlegenden Aufbau von OpenVAS-Client und
+bietet eine Anleitung für die Verwendung von OpenVAS-Client in der alltäglichen
+Benutzung. Zusätzlich wird auf in diesem Abschnitt auf die besonderen
+Eigenschaften des Systems eingegangen, die besonders für fortgeschrittene
+Benutzer von OpenVAS interessant sein könnten.
+
+Diese Dokumentation bezieht sich auf Version 2.0-beta1 von OpenVAS-Client. In
+neueren Versionen kann sich die Funktionalität geändert haben oder neue
+Funktionalität hinzugekommen sein. Falls Sie eine neuere Version nutzen, raten
+wir Ihnen, sich auf der OpenVAS Website über die Änderungen zu informieren und
+eine aktualisierte Version dieser Dokumentation herunterzuladen.
+
+\xname{das-hauptfenster}
+\section{Das Hauptfenster}
+\label{sec:MainWindow}
+
+Das Hauptfenster von OpenVAS-Client teilt sich in zwei Bereiche: Links
+bietet eine Baumstruktur eine Übersicht lokal gespeicherter Aufgaben, Bereiche
+und Berichte. Im rechten Bereich finden sich Karteikarten mit Kommentaren,
+Einstellungen und Berichte. Hier lassen sich Scans konfigurieren und
+kommentieren und Ergebnisse sichten. Beachten Sie, dass die Karte der
+Einstellungen selbst wieder eine Sammlung von Karten enthält.
+
+\IncludeImage[width=10cm]{images/mainwindow-en}
+
+Nach dem ersten Start von OpenVAS-Client enthält die Baumstruktur nur einen
+Eintrag: Globale Einstellungen. Dies sind die Voreinstellungen für
+OpenVAS-Client. Diese berücksichtigen keine bestimmte Auswahl an Plugins, dafür
+ist eine Verbindung zu einem OpenVAS Server notwendig. Sie müssen eine
+Verbindung zu einem Server aufbauen und dann die Einstellungen für eine Auswahl
+von Plugins angeben. Speichern Sie dann Ihre bevorzugten Voreinstellungen über
+den Menüpunkt "Globale Einstellungen speichern" des Menüs "Datei".
+
+\xname{aufgaben}
+\subsection{Aufgaben}
+
+Der Sinn von Aufgaben ist es, alle Aktionen eines Oberthemas zusammen zu fassen.
+Oberthemen sind z.B. "Test aller Rechner am Standort ABC" oder "Kunde XYZ GmbH".
+
+Einer Aufgabe kann ein Kommentar zugeordnet werden, der das Oberthema
+detaillierter beschreibt. Hier können auch weitere wichtige Informationen oder
+Hinweise angegeben werden: Etwa wann die nächste Serie von Scans durchgeführt
+werden soll oder auf welcher Vertragsgrundlage die Scans durchgeführt werden.
+
+Eine Aufgabe hat keine Optionen oder Berichte. Sie stellt nur eine Sammlung von
+Bereichen dar.
+
+Mögliche Aktionen bezüglich Aufgaben:
+
+\paragraph{Neu}
+
+Erzeugt eine neue Aufgabe mit dem Titel "unbenannte Aufgabe".
+
+\paragraph{Umbenennen}
+
+Der Titel einer Aufgabe kann entweder direkt in der Baumstruktur durch Anklicken
+des Titels oder durch Auswahl des entsprechenden Menü-Eintrags geändert werden.
+
+\paragraph{Löschen}
+
+Löschen einer Aufgabe bedeutet das Löschen aller zugehörigen Bereiche! Daher
+erfolgt eine Sicherheitsabfrage vor der eigentlichen Löschung.
+
+\xname{bereiche}
+\subsection{Bereiche}
+
+Ein Bereich kann als Teil-Aufgabe angesehen werden: Er bezeichnet einen
+bestimmten Sicherheits-Scan. Der Titel sollte aussagekräftig das Ziel des Scans
+beschreiben, z.B.: "Behutsamer Scan des produktiven Web-Servers", "Aggressiver
+Scan des Web-Server Test-Systems" oder "Alle Sun Workstations".
+
+Zu jedem Bereich kann ein Kommentar gespeichert werden, der die Bedeutung des
+Scans detaillierter beschreiben und sonstige hilfreiche Informationen enthalten
+kann.
+
+Ein Bereich umfasst auch einen vollständigen Satz an Einstellungen für den
+Sicherheits-Scan. Wenn ein neuer Bereich erstellt wird, werden zunächst die
+"Allgemeinen Einstellungen" kopiert. Die einzelnen Optionen werden weiter unten
+genauer beschrieben. Für jeden Bereich kann eine Verbindung zu einem OpenVAS
+Server aufgebaut werden. Anschließend kann die Auswahl von Plugins als Teil der
+Einstellungen durchgeführt werden. Ein Symbol rechts neben dem Titel zeigt die
+aktive Verbindung zu einem Nessus Server an. Sinn der Zuordnung eines Servers zu
+einem Bereich ist, dass jeder Server unterschiedliche Plugins anbieten kann. Mit
+dem Aufbau der Verbindung bezieht OpenVAS-Client eine Liste der verfügbaren
+Plugins.
+
+Ein Bereich kann außerdem eine Sammlung von Berichten umfassen. Jedes Mal, wenn
+ein Scan erfolgreich durchgeführt wurde, wird ein neuer Bericht angelegt.
+Zusätzlich können Bericht aus Dateien geladen werden.
+
+Bitte beachten Sie, dass Änderungen an einem Bereich werden immer und nur genau
+dann gespeichert werden, wenn ein Scan gestartet wird. Führen Sie beispielsweise
+Änderungen an der Plugin-Auswahl durch und schliessen dann OpenVAS-Client, ohne
+einen Scan durchzuführen, werden die Änderungen verworfen.
+
+Mögliche Aktionen bezüglich Bereiche:
+
+\paragraph{Ausführen}
+
+Die Konfiguration für den Bereich wird gespeichert und ein Sicherheits-Scan wird
+mit den aktuellen Einstellungen durch den verbundenen OpenVAS Server ausgeführt.
+
+\paragraph{Neu}
+
+Ein neuer Bereich mit dem Titel "unbenannter Bereich" wird als Teil der aktuell
+ausgewählten Aufgabe angelegt. Als Voreinstellung werden die allgemeinen
+Einstellungen kopiert. Beachten Sie hier, dass nur explizit gespeicherte Globale
+Einstellungen als Voreinstellungen verwendet werden. Änderungen, die nur im
+OpenVAS-Client vorliegen, haben keine Auswirkung auf einen neuen Bereich.
+
+\paragraph{Umbenennen}
+
+Der Titel eines Bereichs kann entweder direkt in der Baumstruktur durch
+Anklicken des Titels oder durch Auswahl des entsprechenden Menü-Eintrags
+geändert werden.
+
+\paragraph{Löschen}
+
+Löschen eines Bereichs bedeutet das Löschen aller zugehörigen Berichte! Daher
+erfolgt eine Sicherheitsabfrage vor der eigentlichen Löschung.
+
+\paragraph{Verschieben zu Aufgabe}
+
+Ein Bereich mit allen zugeordneten Berichten kann von einer Aufgabe zu einer
+anderen verschoben werden. Ein Untermenü enthält die Liste aller Aufgaben,
+aus diesen kann das Ziel ausgewählt werden.
+
+\paragraph{Öffnen}
+
+Ein Bereich kann geladen und der aktuellen Aufgabe zugeordnet werden. Mit diesem
+Schritt werden jedoch nur die Einstellungen für den Bereich geladen! Die
+Berichte liegen in eigenen Dateien vor, die separat importiert werden können.
+Die Aktionen Öffnen und Speichern (siehe unten) erlauben es, Einstellungen für
+einen bestimmten Bereich an andere weiterzugeben oder selbst Sicherungskopien
+anzulegen.
+
+\paragraph{Speichern als}
+
+Der aktuellen Bereich wird in eine Datei gespeichert (in der Struktur von
+openvasrc). Es werden nur die Einstellungen des Bereichs gespeichert, nicht die
+zugehörigen Berichte.
+
+\xname{berichte}
+\subsection{Berichte}
+\label{sec:Reports}
+
+Ein Bericht ist das Ergebnis eines Sicherheits-Scans. Er enthält die Ergebnisse
+der ausgeführten Plugins zusammen mit Informationen zu Subnetz, Zielrechner,
+Port und Schwere des festgestellten Sicherheitsproblems.
+
+In OpenVAS-Client besteht zusätzlich die Möglichkeit, für einen Bericht einen
+Kommentar anzugeben. Soweit verfügbar, werden auch die zum Scan gehörenden
+Einstellungen gespeichert. Diese zusätzlichen Informationen sind nicht Teil der
+Berichtsdateien und gehen daher verloren, wenn ein Bericht exportiert
+wird! Umgekehrt enthalten auch importierte Berichte keine Kommentare oder die
+zum Bericht gehörenden Einstellungen.
+
+Mögliche Aktionen bezüglich Berichte:
+
+\paragraph{Löschen}
+
+Löscht den aktuellen Bericht und zugehörige Kommentare und Einstellungen. Es
+erfolgt eine Sicherheits-Abfrage vor der Löschung.
+
+\paragraph{Import}
+
+Importiert einen Bericht aus einer Datei. Der Standard für Austauschformate ist
+NBE (Dateiendung ".nbe"). Über den Dateiauswahl-Dialog kann der gewünschte
+Bericht ausgewählt werden. Konnte der Bericht nicht importiert werden, so
+erfolgt eine Fehlermeldung. Sonst wird der Bericht dem aktuellen Bereich
+hinzugefügt. Beachten Sie, dass weder Kommentare noch Einstellungen aus einer
+NBE-Datei importiert werden.
+
+\paragraph{Export}
+
+Der aktuell ausgewählte Bericht kann exportiert werden. Entweder in einem
+Nessus-Austauschformat (NBE) oder in einem Format zur Weiterverarbeitung bzw.
+Darstellung der Ergebnisse (XML, HTML, HTML mit Diagrammen, \LaTeX, ASCII Text
+und PDF). Es wird empfohlen, das NBE-Format zu nutzen, wenn die Daten mit
+anderen ausgetauscht werden sollen und das PDF für einfache Berichte, die keiner
+weiteren Überarbeitung bedürfen. Die anderen Formate eignen sich zur
+Weiterverarbeitung der Ergebnisse bzw. zur Übernahme in eigene Dokumente.
+
+\paragraph{Drucken}
+
+Das Druck-Kommando erzeugt einen PDF-Bericht und startet einen auf dem System
+installierten PDF-Betrachter. Mittels dessen Druckfunktionen kann der
+Bericht dann gedruckt werden. Sollte trotz eines installierten Betrachters kein
+Programm gestartet werden, prüfen Sie bitte, ob sich die Installation in den
+aktuellen Suchpfaden befindet.
+
+\xname{authentifizierung-client}
+\section{Authentifizierung}
+
+OpenVAS-Client benötigt eine Verbindung zu einem OpenVAS Server, um von diesem
+die Liste der verfügbarer Plugins zu erhalten und über diesem einen
+Sicherheits-Scan durchzuführen.
+
+OpenVAS-Client kann verschiedene Verbindungen zu verschiedenen Servern
+gleichzeitig halten. Jedem Bereich ist eine eigene Verbindung zu einem Server
+zugeordnet. Zusätzlich kann für die allgemeinen Einstellungen ein Server
+verbunden sein, um die Voreinstellung für Plugin-Auswahl und -Parameter zu
+bestimmen. Beachten Sie hier, dass nur explizit gespeicherte Globale
+Einstellungen als Voreinstellung für neue Bereich verwendet werden.
+
+\IncludeImage[width=5cm]{images/authentication-dlg-en}
+
+Der Status der Verbindung zum Server wird durch ein Symbol neben dem Titel eines
+Bereichs oder den allgemeinen Einstellungen in der Baumstruktur dargestellt. Nur
+für Bereiche kann eine Verbindung zu Nessus Servern aufgebaut werden, nicht für
+Aufgaben oder Berichte.
+
+Weitere Informationen zum Verbindungsstatus zeigt die Status-Zeile am Fuß des
+Hauptfensters: Hier werden die tatsächlichen Verbindungsdaten angezeigt, z.B.
+"Verbindung: username at host.test.example".
+
+Der "Verbinden"-Dialog bietet verschiedene Einstellungsmöglichkeiten für den
+Aufbau einer Verbindung zu einem Nessus Server:
+
+\paragraph{Hostname}
+
+Der Domain-Name oder die IP-Adresse des Rechners, auf dem der OpenVAS Server
+läuft.
+
+\paragraph{Port}
+
+Der Port, an dem der OpenVAS Server auf Verbindungen wartet. OpenVAS
+nutzt momentan noch den von Nessus geerbten Port 1241, dieser Standardport
+wird sich aber in naher Zukunft ändern. Mit dem "Vorgabe"-Knopf können Sie
+diese Einstellung jederzeit auf den Standardport zurücksetzen.
+
+\paragraph{Login}
+
+Ihr Nutzername auf dem ausgewählten Hostrechner. Um einen bestimmten OpenVAS
+Server benutzen zu können, benötigen Sie ein Nutzerkonto für diesen Server. Der
+Administrator des Servers kann ein Konto für Sie einrichten.
+
+\paragraph{Passwort}
+
+Das Passwort für Ihr Nutzerkonto auf einem OpenVAS Server.
+
+\paragraph{SSL Optionen}
+
+\paragraph{Vertrauenswürdige CA:}
+
+Das Zertifikat benennt eine Certificate Authority (CA), der Sie vertrauen. Mit
+diesem Zertifikat überprüfen Sie, ob Sie sich mit einem vertrauenswürdigen
+Nessus Server verbinden. Die Überprüfung wird für die ``Paranoia Level'' 2 und 3
+durchgeführt, nicht jedoch für den Level 1. Der Paranoia Level kann manuell ein
+der Konfigurationsdatei .openvasrc eingestellt werden. Wenn Sie zum ersten Mal
+eine Verbindung zu einem OpenVAS Server aufbauen, werden Sie außerdem
+ausdrücklich nach dem gewünschten Paranoia Level gefragt.
+
+Der vorgegebene Pfad für die vertrauenswürdige CA der Dateiname der lokalen
+OpenVAS Server Installation. Wenn Sie also OpenVAS-Client und -Server auf dem
+gleichen Rechner laufen lassen oder beide das gleiche Dateisystem nutzen, so
+können Sie diese Vorgabe einfach benutzen.
+
+Wenn Sie sich mit einem entfernten OpenVAS Server verbinden, benötigen Sie eine
+Kopie des CA Zertifikats, die Sie an beliebiger Stelle in Ihrem
+Heimat-Verzeichnis ablegen können.
+
+\paragraph{Authentifizierung durch Zertifikate:}
+
+Wenn Sie diese Methode benutzen, benötigen Sie ein für Sie erstelltes
+Schlüssel/Zertifikat Paar. Dieses erstellt üblicherweise der Administrator des
+OpenVAS Servers mit den entsprechenden Skripten. Sie erhalten zwei Dateien:
+Ein Benutzer-Zertifikat und einen Benutzer-Schlüssel. Der Schlüssel kann mit
+einem Passwort versehen sein, dieses geben Sie dann bitte in das entsprechende
+Textfeld ein.
+
+\xname{scan-optionen}
+\section{Scan Optionen}
+
+Dieser Abschnitt erläutert die wichtigsten Konfigurationsoptionen für einen
+Sicherheits-Scan (auf der Karte "Optionen"). Speziellere Optionen (z.B.
+Zugriffsregel, von der Wissensbasis gelöste Scans) werden später im Kapitel über
+spezielle Funktionen erläutert
+
+\subsection{Allgemein}
+
+Diese Karte enthält alle allgemeinen Scan-Einstellungen, vergleichen Sie dazu
+auch den Screenshot des Hauptfensters im Abschnitt \ref{sec:MainWindow}.
+
+\paragraph{Port-Bereich}
+
+Die Auswahl der Ports, die durch den OpenVAS Server gescannt werden sollen. Es
+kann entweder ein Port-Bereich angegeben werden, wie etwa "1-8000", oder
+komplexe Mengen wie "21,23,25,1024-2048,6000". Die Auswahl "-1" bedeutet, keine
+Portscans durchzuführen, "default" bedeutet, die der OpenVAS Dienstedatei
+(openvas-services) angegebenen Ports zu scannen.
+
+\paragraph{Nicht gescannte Ports als geschlossen betrachten}
+
+Um Zeit zu sparen, können Sie dem OpenVAS Server vorgeben, TCP-Ports, die nicht
+gescannt wurden, als geschlossen zu betrachten. Die Überprüfung des Zielsystems
+ist damit unvollständig, aber die Scan-Zeit reduziert sich. Außerdem schickt der
+OpenVAS Server keine Pakete an Ports, die Sie nicht vorgegeben haben. Wenn diese
+Option nicht aktiviert ist, betrachtet der Nessus Server Ports, deren Status
+unbekannt ist, als offen.
+
+\paragraph{Anzahl Hosts, die zur gleichen Zeit getestet werden sollen}
+
+Geben Sie hier die maximale Anzahl an Hosts an, die durch den Server
+gleichzeitig gescannt werden sollen. Beachten Sie, dass der OpenVAS Server für
+einen Scan max\_hosts x max\_tests Prozesse startet!
+
+\paragraph{Anzahl Tests, die zur gleichen Zeit durchgeführt werden sollen}
+
+Geben Sie hier die maximale Anzahl an Tests an, die durch den Server
+gleichzeitig gegen jeden Host gestartet werden. Beachten Sie, dass der OpenVAS
+Server für einen Scan max\_hosts x max\_tests Prozesse startet!
+
+\paragraph{Pfad zu den CGIs}
+
+OpenVAS bietet die Möglichkeit, mehrere Pfade ("/cgi-bin", "/cgis", "/home-cgis"
+usw.) nach CGIs zu durchsuchen. Geben Sie die zu durchsuchenden Pfade durch
+Doppelpunkte getrennt an: Etwa "/cgi-bin:/cgi-aws:/~openvas/cgi".
+
+\paragraph{Vor Test rückwärtige DNS-Namensauflösung der IP}
+
+Ist diese Option eingeschaltet, so wird der OpenVAS Server eine DNS
+Rückwärts-Suche über die IP-Adresse durchführen (DNS reverse lookup) bevor die
+Tests durchgeführt werden. Dies kann die Durchführung der Tests insgesamt
+verlangsamen.
+
+\paragraph{Test optimieren}
+
+Sicherheits-Tests bitten unter Umständen den Nessus Server darum, nur dann
+gestartet zu werden, wenn bestimmte Informationen die durch andere Plugins
+gesammelt wurden, sich in der Wissen-Basis befinden oder nur wenn ein
+angegebener Port offen ist. Diese Option kann die Tests beschleunigen, kann aber
+dazu führen, dass der OpenVAS Server einige Lücken übersieht. Wer paranoid ist,
+schaltet diese Option aus.
+
+\paragraph{Sichere Prüfungen}
+
+Einige Sicherheitstests können dem Zielrechner Schaden zufügen, indem Dienste
+zeitweise oder bis zu einem Neustart dort nicht mehr zur Verfügung stehen. Wird
+diese Option eingeschaltet, so wird Nessus Server sich auf gesendete Banner
+verlassen und keine echten Tests durchführen. Die Ergebnisse sind dann
+entsprechend weniger zuverlässig, aber wenigstens wird dadurch kein möglicher
+Ausfall für Benutzer entstehen. Unter Sicherheitsaspekten ist es angeraten,
+diese Option auszuschalten. Aus der Sicht eines Administrators sollte sie
+angeschaltet bleiben.
+
+\paragraph{Bestimme Hosts anhand der MAC Adresse}
+
+Wird diese Option eingeschaltet, so werden die Ziele im lokalen Netzwerk anhand
+ihrer Ethernet MAC Adresse anstelle der IP-Adresse bestimmt. Dies ist
+insbesondere dann sinnvoll, wenn OpenVAS in einem DHCP-Netzwerk verwendet wird.
+Sind Sie sich unsicher, dann schalten Sie die Option ab.
+
+\paragraph{Portscanner}
+
+Die Liste verfügbarer Portscanner. Portscanner stellen eine besondere
+Kategorie von Plugins dar und werden daher getrennt von den anderen Plugins
+dargestellt. Die Liste ist nur gefüllt, wenn eine Verbindung zu einem OpenVAS
+Server hergestellt wurde. Sie können einen oder mehrere Scanner auswählen und
+durch Anklicken mehr Details zu einem ausgewählten Scanner abrufen.
+
+\xname{scan-optionen-nvts}
+\subsection{NVTs}
+
+Plugins werden auf dem OpenVAS Server gespeichert. Deshalb benötigen Sie eine
+Verbindung zu einem OpenVAS Server, um einen Auswahl zutreffen. Ansonsten wird
+eine leere Liste angezeigt.
+
+\IncludeImage[width=12cm]{images/mainwindow-plugins-en}
+
+Plugins werden unterschieden in verschiedene Familien, die als Ganzes durch
+entsprechende Checkboxen aktiviert oder deaktiviert werden können. Auch kann
+eine Familie aufgeklappt werden, so dass die zugehörigen Plugins aufgelistet
+werden und einzeln über die Check-Boxen aktiviert oder deaktiviert werden können
+um die Auswahl zu verfeinern.
+
+Die Spalte "Warnung" enthält ein Warnungs-Symbol für einige Plugins. Dieses
+Warnungs-Symbol bedeutet, dass das Plugin Dienste auf dem Zielsystem abschalten
+oder das gesamte System abschalten könnte. Sie sollten sehr vorsichtig sein,
+wenn Sie diese Option einschalten, da es nötig werden könnte, einige
+Dienste auf dem Zielsystem manuell neu zu starten.
+
+Unterhalb der Plugin-Liste wird die Gesamtzahl der vom Server geladenen Plugins
+angezeigt. Desweiteren auch die Gesamtzahl der ausgewählten Plugins und die
+Anzahl der durch einen Filter dargestellten Plugins.
+
+Die folgenden Aktionen sind möglich:
+
+\subparagraph{Alle einschalten}
+
+Schaltet alle Plugin-Kategorien ein.
+
+\subparagraph{Alle ausschalten}
+
+Schaltet alle Plugin-Kategorien aus.
+
+\subparagraph{Alles aufklappen}
+
+Klappt die Plugin-Liste soweit auf, dass sämtliche Plugins angezeigt werden.
+
+\subparagraph{Alles zusammenklappen}
+
+Es werden nur noch die Plugin Familien angezeigt.
+
+\subparagraph{Abhängigkeiten zur Laufzeit berücksichtigen}
+
+Wird diese Option aktiviert, dann wird der OpenVAS Server alle Plugins
+einschalten, die von den bereits selektierten abhängig sind.
+
+\subparagraph{Stille Abhängigkeiten}
+
+Wird diese Option aktiviert, dann wird der OpenVAS Server keinen Bericht für
+solche Plugins senden, die nicht explizit eingeschaltet wurden.
+
+\subparagraph{Filter}
+
+Der Filter-Dialog erlaubt die Auswahl von Plugins anhand bestimmter Muster.
+Beachten Sie, dass Sie die vorherige Plugin-Auswahl komplett löschen sobald Sie
+einen Filter aktivieren.
+
+\paragraph{Plugin Info-Dialog}
+
+Wenn Sie auf einen Plugintitel einen Doppelklick ausführen, öffnet sich ein
+Dialog, der weitere Informationen zum Plugin bietet. Die angezeigten
+Informationen sind im Plugin abgelegt.
+
+Folgende Aktionen sind im Info-Dialog möglich:
+
+\subparagraph{Setze Plugin Timeout}
+
+Sie können eine Timeout für das Plugin angeben.
+
+\subparagraph{Zeige Abhängigkeiten}
+
+Ein weiterer Dialog listet die Abhängigkeiten des Plugins. Hier wird auch
+der Status (eingeschaltet/ausgeschaltet) der Plugins angegeben, von denen das
+aktuelle Plugin abhängt.
+
+\xname{scan-optionen-zugangdaten}
+\subsection{Zugangsdaten}
+
+Einige der Plugins bieten die Möglichkeit zur Eingabe von Zugangsdaten für
+bestimmte Anwendungen wie z.B. Samba oder für Web-Sites (HTTP). Diese Plugins
+funktionieren völlig analog zu den Plugins, die unter "Voreinstellungen" eine
+Parametereingabe erlauben. Für eine bessere Übersicht ist die entsprechende
+Gruppe aber unter "Zugangsdaten" getrennt aufgeführt.
+
+\IncludeImage[width=10cm]{images/mainwindow-credentials-en}
+
+
+Plugin Voreinstellungen
+
+Einige Plugins können anhand von Parametern angepasst werden. Die Parameter
+aller konfigurierbaren Plugins werden auf dieser Karte zusammengefasst und
+können modifiziert werden.
+
+
+Nur eine vergleichsweise kleine Zahl von Plugins bietet die Möglichkeit einer
+Konfiguration.
+
+\xname{scan-optionen-zielauswahl}
+\subsection{Zielauswahl}
+
+\IncludeImage[width=12cm]{images/mainwindow-targetselection-en}
+
+\paragraph{Ziel(e)}
+
+Die ersten Hosts, die durch den OpenVAS Server überprüft werden sollen. Die
+weiteren Optionen erlauben es, den Kreis der zu testenden Systeme zu erweitern.
+Es können verschiedene Primärziele angegeben werden, indem sie als mit Komma (,)
+getrennte Liste angegeben werden, etwa "host1,host2".
+
+Eine besondere Syntax ist "file:/some/where/targetlist.txt": Die Liste der Ziele
+wird aus einer Datei gelesen.
+
+\paragraph{Lese aus Datei}
+
+Es kann über den Dateiauswahl-Dialog eine Textdatei angegeben werden, welche
+eine Liste der Ziele enthält. Diese Textdatei kann eine oder mehrere Zeilen mit
+Komma-separierten Listen von Hosts enthalten.
+
+\paragraph{Führe einen DNS Zonentransfer durch}
+
+Nessus Server wird AXFR Anfragen (Zonen-Transfer) an den Nameserver des Ziels
+richten und so eine Liste der Hosts der Ziel-Domäne ermitteln. Dann wird jeder
+einzelne Host getestet.
+
+\xname{scan-options-plugin-preferences}
+\subsection{Plugin Preferences}
+
+Some of the plugins allow to refine with specific parameters. All
+of the configurable plugins' parameters are collected on this page
+where the user may modify the default values.
+
+\IncludeImage[width=10cm]{images/mainwindow-pluginprefs-en}
+
+Only a comparably small number of plugins offer a configuration.
+
+\xname{scan-options-access-rules}
+\subsection{Access Rules}
+
+\xname{scan-options-knowledge-base}
+\subsection{Knowledge Base}
+
+The configuration section for the Knowledge Base (KB) allows you to control
+the management of the server-side scan results. Information retrieved by
+plugins is collected in a KB during a scan. This is done on a per-host basis,
+meaning there is one KB for every host scanned. The default is to discard the
+KB once all plugins have finished, but under certain circumstances it can be
+quite useful to tell the server to keep the KBs generated during the scan and
+use them again at a later time.
+
+\IncludeImage[width=10cm]{images/mainwindow-kbsaving-en}
+
+The following options are available to control KB handling:
+\begin{description}
+ \item[Enable KB saving] If you want the server to save the KB after the scan
+is done, you have to enable this option.
+
+ \item[Test all hosts] If this option is set, the server will not use the KB to
+determine which hosts should be scanned, but will rather scan all hosts
+supplied.
+
+ \item[Only test hosts that have been tested in the past] If KB saving is
+enabled, there is one KB saved on the server for every host the server has
+scanned in the past. This can be used to restrict the server to scan only hosts
+that have been scanned before. This might be useful if you want to keep an eye
+on a certain set of machines and their configuration. Be aware that this
+setting might cause you to miss new hosts on the network since the server
+will not scan them.
+
+ \item[Only test hosts that have never been tested in the past] Another way of
+using the existance of KBs is to exclude all hosts that have already been
+scanned. This way a scan will automatically discover hosts that have been added
+to the network since the last scan. Be aware that this setting cause hosts to
+be scanned only once (the first time they appear on the network), meaning you
+will not discover security issues that have recently developed or are only
+detected by new NVTs.
+
+ \item[Reuse the knowledge bases about the hosts for the tests] This setting
+controls if the server should restore the KB that was saved for this host during
+the last scan. The default behaviour is to create a new KB every time a host is
+scan and to replace an existing KB with the new results.
+
+ \item[Do not execute scanners that have already been executed] If the server
+has been instructed to reuse the existing KB, this will prevent scanning
+plugins from running if their results have already been recorded in the KB.
+
+ \item[Do not execute info gathering plugins that have already been executed] If
+the server has been instructed to reuse the existing KB, this will prevent
+information gathering plugins from running if their results have already been
+recorded in the KB.
+
+ \item[Do not execute attack plugins that have already been executed] If the
+server has been instructed to reuse the existing KB, this will prevent attack
+plugins from running if their results have already been recorded in the KB.
+
+ \item[Do not execute DoS plugins that have already been executed] If the server
+has been instructed to reuse the existing KB, this will prevent
+denial-of-service (DoS) plugins from running if their results have already been
+recorded in the KB.
+
+ \item[Max age of a saved KB] This setting controls the maximum age of the
+KB (in seconds). A KB older than this value is automatically discarded.
+\end{description}
+
+\xname{berichte-client}
+\section{Berichte}
+
+\xname{berichte-seite}
+\subsection{Berichte-Seite von OpenVAS-Client}
+
+Die Berichte-Seite enthält drei Elemente: Auf der linken Seite befindet sich
+eine Baumstruktur, welches es erlaubt über Host, Port und Schweregrad einzelne
+Scanergebnisse zu finden. Oberhalb dieser Baumstruktur ist eine Auswahl mit
+der man Baumstruktur umstellen kann. Auf der rechten Seite befindes sich das
+Textfeld mit den eigentlichen Scanergebnissen. Das gesamte Design unterstützt
+ein exploratives Verstehen der Scanergebnisse.
+
+\IncludeImage[width=13cm]{images/mainwindow-report-en}
+
+\xname{berichtformate}
+\subsection{Berichtformate}
+
+Die Scan-Ergebnisse können in verschiedene Formate exportiert werden.
+Grundsätzlich kann zwischen drei Formaten unterschieden werden:
+Austauschformate, bearbeitbare Dokumente und Read-only Dokumente. Der letzte Typ
+ist aktuell der PDF Report. Mit einem geeigneten Betrachter können Sie im
+Dokument anhand der eingebetteten Hyperlinks navigieren.
+
+Weitere Informationen zu den Formaten finden Sie im Abschnitt
+\ref{sec:Reports} über die Aktion "Report->Export".
+
+\xname{openvas-client-voreinstellungen}
+\section{OpenVAS-Client Voreinstellungen}
+
+OpenVAS-Client erlaubt es mittels Voreinstellungen das Verhalten der
+graphischen Benutzungsoberfläche anzupassen.
+
+\IncludeImage[width=10cm]{images/preferences-dlg-en}
+
+Folgende Einstellungen sind verfügbar:
+
+\subsection{Benutzerschnittstelle}
+
+\paragraph{Automatisches Aufklappen der Baumelemente}
+
+In der linksseitigen Baumansicht werden die Teilbäume für Aufgaben oder Bereiche
+jeweils automatisch aufgeklappt, wenn Sie sie anwählen und diese Voreinstellung
+eingeschaltet ist.
+
+Ist die Option nicht ausgewählt, so wird ein Teilbaum erst dann aufgeklappt,
+wenn Sie direkt auf das entsprechende Symbol klicken.
+
+\paragraph{Ordnen nach}
+
+Diese Einstellung regelt die Sortierung der Scanergebnisse im Berichtsfenster.
+Standardmäßig werden die Ergebnisse zuerst nach Rechner, dann nach dem Port und
+schließlich nach dem Schweregrad sortiert. Unter gewissen Umständen kann die
+zweite Sortierungsvariante -- die Sortierung nach der Portnummer -- für Sie
+sinnvoller sein; etwa wenn Sie sich einen Überblick verschaffen wollen, welche
+Rechner in Ihrem Netzwerk einen möglicherweise anfälligen Dienst anbieten.
+
+\subsection{Verbindung mit dem OpenVAS Server}
+
+\paragraph{Automatisch verbinden}
+
+Ist diese Option eingeschaltet, wird OpenVAS-Client versuchen eine Verbindung
+zum Server aufzubauen, sobald ein Bereich ausgeführt werden soll. Bei Verwendung
+von Benutzer-Zertifikaten ohne Passwort funktioniert dies unmittelbar. Für
+passwortgeschützte Benutzerzertifikate oder einfache passwortbasierte
+Anmeldung wird das Passwort im Speicher gehalten bis OpenVAS-Client beendet
+wird.
+
+\xname{plugin-zwischenspeicher-client}
+\section{Plugin Zwischenspeicher}
+
+\paragraph{Plugin Informationen bei Verbindungsaufbau zwischenspeichern}
+
+Ist dieses Option eingeschaltet, legt OpenVAS-Client für den entsprechenden
+Bereich einen Zwischenspeicher für die kompletten Plugin Informationen an. Das
+wirkt sich auf dreierlei Weise aus:
+
+Erstens kann der erneute Verbindungsaufbau zum OpenVAS Server bedeutend
+schneller sein, da Prüfsummen verwendet werden, um veränderte und neue Plugins
+zu identifizieren. Nur diese Änderungen werden dann heruntergeladen.
+
+Zweitens sind sämtliche Plugin Informationen auch dann in OpenVAS-Client
+verfügbar wenn man noch keine Verbindung zum OpenVAS Server aufgebaut hat.
+Sie können sich also ohne Server-Verbindung die Pluginauswahl und die Plugin
+Voreinstellungen anschauen oder ändern. Beachten Sie, dass sich die
+Pluginauswahl ggf. beim Verbingsaufbau ändern kann, beispielsweise wenn neue
+Plugins hinzugekommen sind oder gelöscht werden. Den Zwischenspeicher zu laden
+kann unter Umständen einige Sekunden dauern. Wollen Sie das vermeiden, dann
+schalten Sie die Option "Lade umgehend Plugin Zwischenspeicher für Bereiche"
+aus.
+
+Drittens der Nachteil eines Zwischenspeichers: Es werden pro Bereich einige
+MByte an Platz benötigt. Stellt dies ein Problem dar, sollten Sie diese Option
+abschalten. Wollen Sie bereits erzeugte Zwischenspeicher wieder entfernen, so
+suchen Sie nach den Datei \verb|openvas_nvt_cache| in Ihrem OpenVAS Verzeichnis
+"~/.openvas". Einfaches Löschen dieser Dateien reicht aus.
+
+\paragraph{Verwende Plugin Zwischenspeicher für Berichte}
+
+Falls Sie diese Option einschalten, wird OpenVAS-Client sämtliche Plugin
+Informationen allen neuen Scanberichten beilegen. Das erlaubt Ihnen die
+Pluginauswahl und die Plugin Voreinstellungen für einen Bericht in der
+grafischen Benutzeroberfläche anzuschauen. Dieser Zwischenspeicher dient also
+der Verbesserung der Transparenz, nicht der Performanz.
+
+Auch hier gibt es den Nachteil, dass pro Report mehrere MByte an Platz benötigt
+werden. Stellt dies ein Problem dar, sollten Sie diese Option abschalten. Wollen
+Sie bereits erzeugte Zwischenspeicher wieder entfernen, so suchen Sie nach den
+Datei \verb|openvas_nvt_cache| in Ihrem OpenVAS Verzeichnis "~/.openvas".
+Einfaches Löschen dieser Dateien reicht aus.
+
+\paragraph{Lade umgehend Plugin Zwischenspeicher für Bereiche}
+
+Falls Sie diese Option ausschalten, wird OpenVAS-Client den Zwischenspeicher für
+einen Bereich nicht automatisch laden, wenn Sie einen Bereich anwählen. Das
+bedeutet, dass Sie weder die Pluginauswahl noch die Plugin Einstellungen zu
+sehen bekommen, wenn Sie nicht mit dem OpenVAS Server verbunden sind. Diese
+Option schaltet also den zweiten Punkt von "Plugin Informationen bei
+Verbindungsaufbau zwischenspeichern" wieder ab, um möglicherweise störende
+längere Ladezeiten des Zwischenspeichers beim Anwählen eines Bereichs zu
+vermeiden.
+
+\xname{bericht-einstellungen}
+\subsection{Bericht}
+
+\paragraph{Füge Plugin Details in PDF-Bericht ein}
+
+Falls Sie diese Option einschaltenm wird OpenVAS-Client bei der Erstellung von
+PDF-Reports einen Anhang mit Details zu den Plugins anfügen, die die für
+diesen Bericht relevante Ergebnisse erzeugt haben. Diese Details
+sind innerhalb des PDF-Dokumentes verknüpft, so dass Sie leicht zu den
+gewünschten Informationen springen können.
+
+Bedenken Sie aber, dass das PDF-Dokument dadurch unter Umständen signifikant an
+Umfang gewinnen kann. Im Durchschnitt können Sie davon ausgehen, dass etwa zwei
+Plugin-Beschreibungen auf einer Seite stehen.
+
+\paragraph{Externe Verweise in HTML/PDF}
+
+Diese Einstellungen bestimmen die URL für die Verweise auf weitere Informationen
+zu OpenVAS Plugins, CVE/CAN und BugTraq ID in Berichten der Formate HTML und
+PDF. Die Voreinstellungen wie oben im Screenshot zu sehen werden empfohlen, da
+dort jeweils aktuelle Informationen vorhanden sind. Die Voreinstellungen erhält
+man zurück wenn man die entsprechenden Felder leer lässt.
+
+Für den Fall, dass Sie einen Nessus Report als Paket mit z.B. den Details zu
+CVE/CAN erstellen wollen um alles off-line lesenen zu können, könnten Sie diese
+Definition verwenden: ``mitre/\%s/\%s/\%s.html'' falls Sie eine
+Verzeichnisstruktur relativ zur Report-Datei haben mit mitre/CVE/yyyy/nnnn.html
+und mitre/CAN/yyyy/nnnn.html wobei yyyy da Jahr ist und nnnn die Nummer des
+Eintrages. Dann können alle Dateien in einem Paket zusammengefasst werden.
+
+Beachten Sie, dass die Zeichnketten die Sie hier definieren, in den Parameter
+``href'' der HTML-Verweise direkt eingetragen werden. Da Werkzeug ``htmldoc''
+wird verwendet um PDF Reports daraus herzustellen. Abhängig davon, welche
+Version mit welchen Eigenschaften Sie auf Ihrem System haben, kann die Art der
+erzeugten Verweise in der PDF-Datei variieren.
+
+\xname{client-sladinstaller}
+\subsection{Installing SLAD using SLADinstaller}
+
+If you are planning to use the Security Local Auditing Daemon (SLAD) with
+OpenVAS (as described in section \ref{sec:slad}), there is a convenient way to
+install SLAD on a local or remote machine. Using the ``SLAD install'' option in
+the file menu, you can launch the \verb|sladinstaller| binary from within
+OpenVAS-Client, which will the guide you through the installation process.
+
+Please note that the \verb|sladinstaller| binary needs to be available in your
+system path for you to be able to use this feature. More information on
+installing and using \verb|sladinstaller| is available in section
+\ref{sec:slad}.
+
+\clearpage
+
+\xname{performing-local-security-checks}
+\chapter{Performing Local Security Checks}
+\compendiumauthor{Jan-Oliver Wagner}
+\xname{debian-local-security-checks}
+\section{Debian Local Security Checks}
+
+This section explains how to run local security checks with OpenVAS. So far,
+this procedure has been tested only with Debian local security checks.
+
+\xname{prerequisites-dlsc}
+\subsection{Prerequisites}
+\label{sec:deb-lsc-prereqs}
+
+To perform local security checks, you need a working OpenVAS-Server
+installation. Information on setting up and configuring OpenVAS-Server is
+available in chapter \ref{chap:Install-And-Configure-Server} on page
+\pageref{chap:Install-And-Configure-Server}.
+
+\xname{create-users-for-local-security-checks}
+\subsection{Create users for local security checks}
+
+First, you need a key with certificate:
+
+\begin{verbatim}
+$ ssh-keygen -t rsa -f ~/.ssh/id_rsa_sshovas -C
+"OpenVAS-Local-Security-Checks-Key"
+$ openssl pkcs8 -topk8 -v2 des3 -in ~/.ssh/id_rsa_sshovas -out sshovas_rsa.p8
+\end{verbatim}
+
+Note: The comment (here: "OpenVAS-Local-Security-Checks-Key") must not
+contain spaces.
+Currently, you need a rsa pkcs8 key for OpenVAS local security checks.
+
+Now, for each target system:
+\begin{verbatim}
+# adduser --disabled-password sshovas
+Name: OpenVAS Local Security Checks
+# su - sshovas
+$ mkdir .ssh
+$ cp /some/path/id_rsa_sshovas.pub .ssh/authorized_keys
+$ chmod 500 .ssh
+$ chmod 400 .ssh/authorized_keys
+\end{verbatim}
+
+\xname{configure-the-local-security-checks-in-openvas-client}
+\subsection{Configure the local security checks in OpenVAS-Client}
+
+In Preferences, configure SSH Authorization: 
+\begin{verbatim}
+SSH login name: sshovas
+SSH private key: ~/.ssh/sshovas_rsa.p8
+SSH key passphrase: ********
+SSH public key: ssh/id_rsa_sshovas.pub
+\end{verbatim}
+
+Note: It is actually not necessary to submit the public key, but currently this
+is necessary due to a bug inherited from Nessus.
+
+Next, make sure you select at least these plugins:
+\begin{itemize}
+\item Debian Local Security Checks/*
+\item Misc/Determine List of installed packages via SSH login
+\item Service Detection/Services
+\item Settings/Global variable settings
+\item Settings/SSH Authorization
+\end {itemize}
+or ensure dependencies are resolved at runtime (see checkboxes) if you select
+only some local security checks.
+
+\xname{windows-local-security-checks}
+\section{Windows Local Security Checks}
+
+In order to provide - analogous to the Linux Local Security Check - a framework
+for checking and testing for Microsoft Windows vulnerabilities, a new
+Application Programming Interface (API) was introduced by the OpenVAS team.
+
+This API (for the Nessus Attack Scripting Language, NASL) allows to check and
+examine binary files (e.g. DLLs) as well Microsoft Windows meta-data on
+Microsoft Windows machines by accessing the complete file system using default
+Windows administrative shares.
+
+The functionality is similar to the Nessus Windows Local Security checks.
+However, the OpenVAS solution is using samba (smbclient) and does not
+re-implement the binary SMB protocol in NASL.
+
+The advantage of this smbclient integration is to act more flexible on protocol
+changes on the SAMBA/CEFIS protocol side.
+
+\xname{preparing-the-openvas-server-wlsc}
+\subsection{Preparing the OpenVAS Server}
+
+To install the WLSC, a few steps are required to be taken on the server that
+hosts and runs the actual scan daemon "openvasd".
+
+It depends on the operating system where you run the OpenVAS server, how the
+steps are carried out technically.
+
+\begin{enumerate}
+
+\item Install SAMBA (\hyperurl{http://www.samba.org})
+
+Installation packages should be readily available for your operating system.
+
+\item Make sure that the binary "smbclient" in is the installation/execution
+path.
+
+\item Check the permissions of openvasd and smbclient: smbclient must be
+executable with the permissions of openvasd.
+
+\end{enumerate}
+
+\xname{preparing-the-microsoft-windows-target}
+\subsection{Preparing the Microsoft Windows target}
+
+The WLSC implementation has been tested on the following Microsoft Windows
+Operating Systems:
+\begin{itemize}
+\item Windows NT 4.0
+\item Windows 2000
+\item Windows XP SP2
+\item Windows XP SP3
+\item Windows Vista
+\end{itemize}
+Probably the WLSC is also compatible with other Microsoft Operating Systems.
+Once the SMB Port of a Windows target is accessible, the Operating System (OS)
+and SAMBA Version could be detected immediately and will be reported. For deeper
+tests the following steps are required:
+
+You need the Windows credentials for an administrative user. Usually this is the
+user name (Default is "Administrator") and the correct password for this user.
+There is no default password, this has been defined before during the Windows
+installation process.
+
+These credentials are entered in the OpenVAS-Client GUI as SMB Credentials and
+are used on every host in the target list.
+
+If you plan to scan a whole Windows Domain, you can enter the
+Domain-Administrative user and password instead of the target host credentials.
+
+Make sure the Windows-(personal) Firewall is disabled for the OpenVAS Server
+host, or a correct rule for the Test-Network is entered.
+
+\paragraph{Additional Note for Windows XP}
+
+For Windows XP it is important that "Easy Filesharing" is switched off.
+To disable this, the Windows Click-Path is: Windows Explorer/Tools/Folder
+Options/View (see screenshot below).
+
+Without this setting, "smbclient" is not able to retrieve files from the Windows
+System shares (\verb!C$,D$...!).
+
+\IncludeImage[width=10cm]{images/wlsc-windows-en}
+
+\xname{executing-the-checks-via-openvas-client-wlsc}
+\subsection{Executing the checks via OpenVAS-Client}
+
+Using the OpenVAS-Client you specify the credentials and the target host
+information will be reported as illustrated by the following two screenshots:
+
+\IncludeImage[width=10cm]{images/wlsc-client-en}
+
+\IncludeImage[width=10cm]{images/wlsc-client-result-en}
+
+\clearpage
+
+\xname{using-integrated-tools}
+\chapter{Using Integrated Tools}
+\label{chap:tools}
+
+\xname{security-local-auditing-daemon}
+\section{Security Local Auditing Daemon (SLAD)}
+\compendiumauthor{Jan-Oliver Wagner}
+\xname{how-to-use-slad-with-openvas}
+\subsection{How to use Security Local Auditing Daemon (SLAD) with OpenVAS}
+\label{sec:slad}
+
+Homepage: \hyperurl{http://www.dn-systems.org/slad.shtml}
+
+This description is a quick guide how you get first results with SLAD via
+OpenVAS. For real production mode you should make yourself familiar with the
+details of SLAD and its integrated tools. There is also the SLAD developer's and
+administrator's guide as PDF file.
+
+\begin{enumerate}
+
+\item Download SLADinstaller from
+\hyperurl{http://www.dn-systems.org/boss/slad2/sladinstaller-1.1.tar.gz}
+
+\item You may want to apply this patch:
+\begin{verbatim}
+diff -r -u sladinstaller-1.1-orig/gtk.cpp sladinstaller-1.1-openvas/gtk.cpp
+--- sladinstaller-1.1-orig/gtk.cpp      2006-04-23 15:57:01.000000000 +0200
++++ sladinstaller-1.1-openvas/gtk.cpp   2008-04-30 15:59:07.452562817 +0200
+@@ -299,8 +299,8 @@
+        else
+          dir="~";
+}
+-    // and nessus directory
+-    dir+="/.nessus";
++    // and OpenVAS directory
++    dir+="/.openvas";
+     mkdir(dir.c_str(), 0700);
+
+     std::string ip_;
+\end{verbatim}
+
+\item Compile sladinstaller by just typing "make", which works at least on a
+Debian GNU/Linux "Etch" 4.0. There is a file "INSTALL" which might provide some
+helpful hints.
+
+\item Prepare SSH Authorization: It is required to use a SSH key created
+following the example for ssh-keygen and openssl in section
+\ref{sec:deb-lsc-prereqs} on page \pageref{sec:deb-lsc-prereqs} about local
+security checks. Especially take care you create a RSA .p8 key file. Reason:
+sladinstaller would else create a key that is not usable with OpenVAS due to the
+migration from OpenSSL to GNU/TLS.
+
+\item Make sure SLAD is not installed yet on your target system. Is so, remove
+it this way:
+\begin{verbatim}
+# /opt/slad/bin/slad-uninstall.sh
+\end{verbatim}
+
+\item Run sladinstaller and fill out the entries. Take care you apply the SSH
+key you've just created on your own and don't let sladinstaller create one for
+you. Hostname defines the target system.
+
+\item It might be necessary you have to adjust the sshd configuration of the
+target system allow sladinstaller to log in. Just follow the hints given by
+sladinstaller.
+
+\item Finally, you need to install the file "slad.inc" (which is specific to
+your SLAD version) for your OpenVAS Server. Assume, SLAD is installed on the
+same system as the OpenVAS Server. Then it would execute this: 
+\begin{verbatim}
+# cd /opt/slad/share/nessus_plugins/
+# /opt/slad/bin/sladd -s plugins | awk -f sladbuild.awk >
+/usr/local/openvas-production/lib/openvas/plugins/slad.inc
+\end{verbatim} 
+
+\item Finally, run OpenVAS-Client and configure your task to scan the target
+where you installed SLAD and fill out the "SLAD init" preferences and, if
+wished, adjust the "SLAD run" preferences. A first scan will schedule the tasks,
+the next scan will retrieve the results that were collected so far (lsof is
+fast, John-the-ripper could take very long).
+\end{enumerate}
+
+\xname{slad-plugins}
+\subsection{SLAD plugins}
+
+As shown above, the sladd is just a program to run other programs from inside a
+daemon and provide an unififed interface to their output. The current package of
+SLAD contains the following plugins:
+
+\subsubsection{chkrootkit}
+
+The chkrootkit package is a tool to locally check for signs of installed
+rootkits.
+
+\subsubsection{clamav}
+
+The clamav plugin provides a GPLed virus scanner for linux. The options include
+scanning with or without archive (.zip, .tar.gz, etc) scanning, and removing
+infected files or putting them into quarantine.
+
+\subsubsection{john}
+
+John the ripper is a fast password cracker. This tool is meant to find
+weak user passwords, which could compromise system security. It comes
+with three options:
+
+\begin{description}
+  \item[Fast crack mode:] In this mode, John only tries the usernames and
+derived  words against the hashed passwords.
+  \item[Dictionary mode:] In this mode all words from the installed dictionary
+are tried to attack the hashed passwords.
+  \item[Full crack mode:] This slowest mode tries all words from the dictionary,
+as well as rules generated variations of these, against the user's passwords 
+\end{description}
+
+\textbf{The "normal" version of John exposes cracked passwords in clear-text.
+This makes John difficult to operate with in a professional environment.
+Therefore, SLAD uses a John the Ripper version which has been patched. In this
+version cracked passwords are not exposed anymore, instead only the
+user-accounts with crackable passwords are identified.}
+
+\subsubsection{lsof}
+
+The unix system utility lsof simply shows a list of files currently open on the
+system and which program uses them. This can assist an administrator to find
+unusual activity on the system.
+
+\subsubsection{tiger}
+
+The tiger suite is a package to analyze the host's security. Out of the many
+checks the suite can perform four groups have been created. These are:
+
+\begin{description}
+\item[Users:] The users check covers accounts, checks for mail aliases, ftp
+login users and the like.
+\item[Permission:] This selection checks users and group access permissions on
+device nodes, logfiles and other important files and directories.
+\item[Config:] This script checks for weaknesses and mistakes in common system
+and application specific configuration files.
+\item[System:] The system check looks for open deleted files, processes that are
+waiting for incoming connections, and other ``unsual'' things.
+\item[Full system check:] This runs all of the above checks.
+\end{description}
+
+\subsubsection{tripwire}
+
+Tripwire is an open source file integrity checker. It initially stores hashes of
+system files in a database for comparison on subsequent runs. Modifications
+performed by a potential intruder can be easily spotted this way.
+
+The default installation of tripwire contains a rule set for Debian. For details
+on how to adapt these to a different operating system or distribution, see the
+SLAD 2 Developers and Administrators Guide.
+
+\subsubsection{Snort}
+
+Snort is a network intrusion detection and prevention system that provides real
+time traffic analysis and packet logging on IP networks. It is capable of
+detecting a large number of attacks such as buffer overflows, stealth port
+scans, CGI attacks, SMB probes or OS fingerprinting attempts by doing both
+protocol analysis and content checks. Once an attack has been detected Snort is
+also capable of counteracting them by dropping the according connections.  The
+SLAD plugin selects all relevant Snort messages from a MySQL Database and sends
+them to the management platform.
+
+\paragraph{Snort-Installation}
+
+To use the Snort plugin, Snort needs to be installed with MySQL support. This
+could be done with Debian by using the \verb|apt-get| tool.
+
+% ?
+Answer for the Configuration with mysql to use the snort-mysql database.
+For the Hostname use your MySQL-Server Host where the SLAD-Plugin collects to.
+In the most cases this is 127.0.0.1, but you can use any other host here.
+Then use the database you want to use for logging, in most cases this will 
+be "snort", you must install mysql first, and create the database via
+"mysql create snort" and set the permissions first. For further information 
+consult your mysql-manual.
+
+\begin{verbatim}
+# mysqladmin create snort
+# apt-get install mysql-server snort-mysql
+# zcat /usr/share/doc/snort-mysql/create_mysql.gz | mysql snort
+\end{verbatim}
+
+After you installed Snort, you need to change the local-plugin configuration.
+This could be found at "/opt/slad/plugins/snort/snortconfig".
+
+\begin{verbatim}
+#!/bin/sh
+SNORTDBPW="changeme"
+MYSQLHOST="localhost"
+MYSQLUSER="snort"
+MYSQLDB="snort"
+SID="0"
+\end{verbatim}
+
+You can test the configuration by fetching the local-events by running:
+
+\begin{verbatim}
+# ./getsnortevents.sh
+\end{verbatim}
+
+\subsubsection{LMSensors}
+
+This fetches the events from your hardware monitoring, (for example someone
+opening the chassis of the server) and your server mainboard. The management
+system supports hardware sensor logging. An alert will be shown describing the
+physical incident on the SLAD managed server. This features is supported from
+the most mid-range server boards like Intel BX440 and newer.
+
+\subsubsection{LogWatch}
+
+Logwatch extracts events from the system log, like the syslog files present at
+"/var/log".
+All important information like login users, SSH and PAM Sessions, etc. are
+filtered and aggregated and returned to the calling SLAD.
+Three different levels of detail are supported:
+
+\begin{description}
+% ?
+\item[--low] Returns logfile values in a low detail level highesT aggregation.
+
+\item[--medium] Returns logfile aggregation in a medium detail level.
+
+\item[--high] Full and lowest aggregation level of logfile-values.
+
+\end{description}
+
+\subsubsection{TrapWatch}
+
+TrapWatch is a special version of Logwatch and listens on SNMP hardware traps.
+The Simple Network Management Protocol (SNMP) is the most common protocol
+for managing all kinds of network devices and is implemented in almost all
+currently available network devices. An SNMP trap is a message sent out by
+a network device to report an incident such as loss of link, failed
+authentication attempts etc. TrapWatch catches these messages and puts them
+into the report. This can be useful to detect changes in the network, like
+machines being unplugged or added to the network.
+Support for Netscreen firewall traps, HP-Procure switches and Cisco hardware
+is installed out of the Box.
+If non-standard MIBs are used, it might necessary to configure TrapWatch
+accordingly.
+
+To enable TrapWatch, you need to install an SNMP trap handler that puts the
+TRAP results into a syslog file. If you use Debian you can use the ``SNMP Trap
+Format'' package:
+
+\begin{verbatim}
+# apt-get install snmptrapfmt
+\end{verbatim}
+
+After the service is installed, you will get all new traps from the box.
+% Box? Which box?
+SNMP traps need to be correctly configured in your network hardware. It is
+highly recommended to test your setup before the first use with SLAD.
+To test the SNMP-TrapWatch feature, you can call the TrapWatch subsystem
+manually via:
+
+\begin{verbatim}
+# /opt/slad/plugins/trapwatch/trapwatch.sh --high
+\end{verbatim}
+
+The result should look like the following:
+
+\begin{tiny}
+\begin{verbatim}
+I 08/18/06 12:28:27 ports: port C4 is now off-line
+I 08/18/06 12:28:30 ports: port C4 is now on-line
+I 08/18/06 12:28:32 ports: port C4 is now off-line
+I 08/18/06 12:28:49 ports: port B4 is now on-line
+I 08/18/06 12:29:10 ports: port B4 is now off-line
+2006-08-18 14:31:25 [Root]system-alert-00026: IPSec tunnel on int ethernet1 with
+tunnel ID 0x8 received a packet with a bad SPI.
+217.0.72.117->193.108.181.253/56, ESP, SPI 0x0, SEQ 0x45080218
+I 08/18/06 15:55:04 ports: port F1 is now off-line
+I 08/18/06 15:55:06 ports: port F1 is now on-line
+I 08/18/06 15:57:00 sntp: updated time by 4 seconds
+2006-08-18 18:04:53 [Root]system-critical-00436: Large ICMP packet! From
+210.51.16.51 to 193.108.181.6, proto 1 (zone Untrust int ethernet1). Occurred 1
+times.
+2006-08-18 18:05:33 [Root]system-critical-00436: Large ICMP packet! From
+210.51.16.51 to 193.108.181.6, proto 1 (zone Untrust int ethernet1). Occurred 1
+times.
+I 08/18/06 19:15:24 ports: port F1 is now off-line
+I 08/18/06 19:15:26 ports: port F1 is now on-line
+2006-08-18 18:34:09 [Root]system-critical-00438: FIN but no ACK bit! From
+83.76.204.46:56242 to 193.108.181.101:6346, proto TCP (zone Untrust int
+ethernet1). Occurred 2 times.
+\end{verbatim}
+\end{tiny}
+
+
+\xname{nikto}
+\section{Nikto}
+\compendiumauthor{Michael Wiegand}
+
+Nikto is an Open Source (GPL) web server scanner which performs comprehensive
+tests against web servers for multiple items, including over 3500 potentially
+dangerous files/CGIs, versions on over 900 servers, and version specific
+problems on over 250 servers. Scan items and plugins are frequently updated and
+can be automatically updated (if desired).
+
+OpenVAS is able to recognize an installed version of Nikto and can integrate
+the results of a Nikto scan in the scan results.
+
+\xname{prerequisites-nikto}
+\subsection{Prerequisites}
+
+In order to be able to perform a Nikto scan from within OpenVAS, the following
+requirements must be met:
+\begin{itemize}
+ \item There has to be a version of Nikto that can be found in the system path.
+The OpenVAS integration of Nikto is optimized for Nikto versions >= 2.0, but
+will probably work with older versions as well.
+ \item The OpenVAS plugin for Nikto integration (\textit{nikto.nasl}) needs to
+be present and enabled. You can find the plugin in the section \textit{CGI
+abuses} in the plugin section of your client.
+\end{itemize}
+
+\xname{starting-a-nikto-scan}
+\subsection{Starting a Nikto scan}
+
+If the Nikto plugin is present and enabled, it will be executed with your next
+scan. The results returned by Nikto will be available together with the rest of
+the scan results.
+
+\xname{understanding-nikto-results}
+\subsection{Understanding Nikto results}
+
+Some web servers are (intentionally or unintentionally) configured to respond
+to requests for non-existent with an HTTP status code other than 404. This can
+be used to direct these requests from human users to a page with helpful
+information (like a sitemap), but tends to confuse security assessment tools
+like Nikto checking whether possibly sensitive or dangerous content can be
+accessed on the target server.
+
+The Nikto plugin is able to recognize this condition in most web servers and
+will (in the default setting) refuse to launch Nikto under these circumstances.
+You can however force the Nikto plugin to launch Nikto by enabling the option
+\textit{Force scan even without 404s} in the plugin preferences.
+
+If you enable this option, please be aware that the results of the Nikto scan
+are likely to contain false positives; because of the web server configuration
+described above Nikto may be convinced that certain files exist on the web
+server, even though the server simply redirected these requests to a generic
+page.
+
+This is especially true for older versions of Nikto (< 2.0); but even with
+newer versions you may need to manually evaluate whether the threats reported
+by Nikto are real threats or simply the result of the web server configuration.
+
+\xname{ovaldi}
+\section{Ovaldi (OVAL support in OpenVAS)}
+\label{sec:ovaldi}
+
+\compendiumauthor{Michael Wiegand}
+
+The Open Vulnerability and Assessment Language (OVAL) is a standard that can be
+used -- among other things -- to describe known vulnerabilities and tests that
+can be used to assess whether a vulnerability is present on a target system.
+
+The OVAL community has created ovaldi, an open source reference implementation
+of an OVAL definition interpreter. Although ovaldi initially only supported
+checks of a local system, the OpenVAS project has created a patch that enables
+ovaldi to make use of the information collected by OpenVAS about remote systems.
+
+Starting from OpenVAS 2.0 beta, ovaldi support is present in OpenVAS. To enable
+ovaldi support, the use of ovaldi in the SVN revision 138 is recommended.
+Please refer to the OpenVAS website for the patch needed for ovaldi and
+up-to-date information regarding ovaldi integration. The latest information is
+available at \hyperurl{http://www.openvas.org/integrated-tools.html}.
+
+Using ovaldi, you will be able to access hundreds of additional security checks
+provided as definitions in the OVAL standard such as security announcements
+regarding the Red Hat Enterprise Linux distribution. Be aware that the ovaldi
+integration into OpenVAS only supports a limited subset of the tests available
+in OVAL. Support for OVAL tests will be extended as the ovaldi integration
+matures.
+
+Once you have successfully enabled support for OVAL plugins, the plugins will
+show up in the OpenVAS-Client in the ``OVAL definitions'' family. Most plugins
+will return one of the following values: ``true'', ``false'' or ``unknown''.
+These values are defined as follows:
+\begin{description}
+ \item[true] The tests evaluated by ovaldi indicated that the vulnerability
+described in the definition is very likely to be present on the system.
+ \item[false] The tests evaluated by ovaldi indicated that the vulnerability
+described in the definition is not likely to be present on the system.
+ \item[unknown] The tests evaluated by ovaldi were inconclusive or ovaldi was
+unable to execute all tests required for this evaluation.
+\end{description}
+
+Note that a large number of tests will return ``unknown'' until extended OVAL
+support in OpenVAS has been established.
+
+The results of the OVAL definitions will be shown in the same way as the
+results for other plugins, allowing you to assess the results conveniently from
+within OpenVAS-Client.
+
+\IncludeImage[width=15cm]{images/ovaldi-results}
+
+You can find more information about the OVAL project and the OVAL language at
+\hyperurl{http://oval.mitre.org/}. The project page for ovaldi can be found at
+\hyperurl{http://sourceforge.net/projects/ovaldi/}.
+
+\clearpage
+
+\xname{developers-guide-for-nvts}
+\chapter{Developers Guide for Network Vulnerability Tests}
+
+The Network Vulnerability Tests (NVTs) used by OpenVAS to check for existing
+security issues on remote systems are written in the scripting language NASL.
+NASL (short for Nessus Attack Scripting Language) was originally designed for
+the Nessus security scanner by Renaud Deraison.
+
+The motivation behind NASL was to create a language enabling even users with
+limited programming experience to write vulnerability tests in a short amount
+of time and to allow users to easily add new vulnerability tests to their
+existing installation without having to worry about compatibility issues.
+
+The first version of NASL (also known as NASL1) was created in 1998 by Renaud
+Deraison. In 2002, Michel Arboi and Renaud Deraison developed an improved NASL
+parser which extended the range of built-in functions and operators. This
+improved version is generally refered to as NASL2.
+
+If not indicated otherwise, this compendium describes NASL2 as it is
+implemented in OpenVAS.
+
+The NASL syntax was inspired by C. Users with experience in C or related
+programming languages should be able to pick up the basics of NASL development
+in a relatively short amount of time.
+
+Starting from OpenVAS 2.0 beta, support has been added to OpenVAS for the Open
+Vulnerability and Assessment Language (OVAL) as documented in section
+\ref{sec:ovaldi}. This means that OpenVAS will also understand vulnerability
+tests specified in OVAL. Even though support for OVAL in OpenVAS is very
+limited at this time, you might want to consider OVAL as an alternative when
+writing NVTs. More information about OVAL can be found at
+\hyperurl{http://oval.mitre.org/language/about/index.html}.
+
+\xname{basic-structure-of-nasl-scripts}
+\section{Basic Structure of NASL Scripts}
+
+All NASL scripts have to contain a set of information about themselves by which
+they can be distinguished from other plugins and referenced by other tools like
+the client. This information is contained in the \verb|description| or
+\verb|register| section which is mandatory for all NASL scripts and is usually
+right at the beginning of any NASL script.
+
+A basic NASL script might start like this:
+\begin{verbatim}
+#
+# This is an example NASL script.
+#
+
+if(description)
+{
+ script_oid("1.3.6.1.4.1.25623.1.0.12345")
+ script_version ("1.2");
+ name["english"] = "Foo Bar 2.5 vulnerability";
+ script_name(english:name["english"]);
+
+ desc["english"] = "
+   This plugin checks for the vulnerability in the Foo Bar 2.5 server component
+   as described in CVE 2009-4321.
+
+   Risk factor : None";
+
+ script_description(english:desc["english"]);
+
+ summary["english"] = "Check for vulnerability in Foo Bar 2.5";
+ script_summary(english:summary["english"]);
+
+ script_copyright(english:"This script is under GPLv2+");
+
+ ...
+
+ exit(0);
+}
+
+...
+\end{verbatim}
+
+The plugin description has to be contained in the \verb|if (description)| block
+so the OpenVAS server can retrieve it. The first time it the server encounters a
+new plugin, it will be called with the global variable \verb|description| set
+to \verb|TRUE|. The information provided by the plugin will be cached in
+the \verb|.desc| subdirectory in the plugins directory. When the script is
+called during a scan, it will be called with \verb|description| set
+to \verb|FALSE|.
+
+For a complete list of NASL commands that can be used in the script
+description, please refer to the section \ref{sec:NASL-desc} of the NASL API
+documentation.
+
+\xname{basic-nasl-syntax}
+\section{Basic NASL Syntax}
+
+\xname{nasl-comments}
+\subsection{Comments}
+
+Comments in NASL start with the \verb|#| character. If a \verb|#| character is
+encountered, the remaining line is ignored by the NASL interpreter.
+
+Example:
+\begin{verbatim}
+ # This is a comment.
+ a = b + c; # This is a comment as well.
+\end{verbatim}
+
+\xname{nasl-variables-and-declarations}
+\subsection{Variables and Declarations}
+
+Variables are implicitly declared in NASL; this means that it is not necessary
+to declare any variables before use. You can however use the \verb|local_var|
+keyword to declare a variable as local to a certain function and avoid
+collisions with external variables. By default, NASL considers a variable to be
+local to the context in which it was declared; if you want to declare a
+variable as global, you can use the \verb|global_var| keyword.
+
+In contrast to C (and other languages), variable types do not have to be
+declared in advance; the NASL interpreter will use the appropriate type the
+first time the variable is assigned. Memory allocation is automatically handled
+by the interpreter as well.
+
+\xname{nasl-data-types}
+\subsection{Data Types}
+
+\begin{itemize}
+ \item Integers
+ \item Strings
+ \item Arrays
+ \item Booleans
+\end{itemize}
+
+\xname{nasl-numbers-and-strings}
+\subsection{Numbers and Strings}
+
+\xname{nasl-function-arguments}
+\subsection{Function Arguments}
+
+\xname{nasl-loops}
+\subsection{Loops}
+
+\begin{itemize}
+ \item for
+ \item foreach
+ \item while
+ \item repeat .. until
+ \item break
+ \item continue
+ \item return
+\end{itemize}
+
+\xname{nasl-user-defined-functions}
+\subsection{User-defined Functions}
+
+\xname{nasl-operators}
+\subsection{Operators}
+
+\begin{itemize}
+ \item =
+ \item \verb|[]|
+ \item +
+ \item -
+ \item *
+ \item /
+ \item \%
+ \item **
+ \item ++
+ \item +=
+ \item -=
+ \item *=
+ \item /=
+ \item \%=
+ \item <<=
+ \item >>=
+ \item >>>=
+ \item ><
+ \item >!<
+ \item =~
+ \item !~
+ \item ==
+ \item !=
+ \item >
+ \item >=
+ \item <
+ \item <=
+ \item !
+ \item \verb|&&|
+ \item ||
+ \item ~
+ \item \verb|&|
+ \item |
+ \item \verb|^|
+ \item <<
+ \item >>
+ \item >>>
+\end{itemize}
+
+\xname{nasl-operator-precedence}
+\subsubsection{Operator Precedence}
+
+\xname{nasl-api-documentation}
+\section{NASL API Documentation}
+
+\xname{nasl-pre-defined-constants}
+\subsection{Pre-defined Constants}
+
+\xname{nasl-built-in-functions}
+\subsection{Built-In Functions}
+
+\xname{nasl-socket-manipulation}
+\subsubsection{Socket Manipulation}
+
+\begin{itemize}
+ \item \verb!open_sock_tcp()!
+ \item \verb!open_sock_udp()!
+ \item \verb!open_priv_sock_tcp()!
+ \item \verb!open_priv_sock_udp()!
+ \item \verb!close()!
+ \item \verb!shutdown()!
+ \item \begin{verbatim}recv()\end{verbatim}
+ \item \begin{verbatim}recv_line()\end{verbatim}
+ \item \verb!send()!
+\end{itemize}
+
+\xname{nasl-network-operations}
+\subsubsection{Network Operations}
+
+\begin{itemize}
+ \item \verb!start_denial()!
+ \item \verb!end_denial()!
+ \item \verb!get_port_transport()!
+ \item \verb!get_source_port()!
+ \item \verb!get_tcp_port_state()!
+ \item \verb!get_udp_port_state()!
+ \item \verb!islocalhost()!
+ \item \verb!islocalnet()!
+ \item \verb!join_multicast_group()!
+ \item \verb!leave_multicast_group()!
+ \item \verb!scanner_add_port()!
+ \item \verb!scanner_get_port()!
+ \item \verb!this_host_name()!
+\end{itemize}
+
+\xname{nasl-ftp-operations}
+\subsubsection{FTP Operations}
+
+\begin{itemize}
+ \item \verb!ftp_log_in()!
+ \item \verb!ftp_get_pasv_port()!
+\end{itemize}
+
+\xname{nasl-http-operations}
+\subsubsection{HTTP Operations}
+
+\begin{itemize}
+ \item \verb!is_cgi_installed()!
+ \item \verb!http_get()!
+ \item \verb!http_head()!
+ \item \verb!http_post()!
+ \item \verb!cgibin()!
+ \item \verb!http_delete()!
+ \item \verb!http_close_socket()!
+ \item \verb!http_open_socket()!
+ \item \verb!http_recv_headers()!
+ \item \verb!http_put()!
+\end{itemize}
+
+\xname{nasl-packet-manipulation}
+\subsubsection{Packet Manipulation}
+
+\begin{itemize}
+ \item \verb!forge_ip_packet()!
+ \item \verb!get_ip_element()!
+ \item \verb!set_ip_elements()!
+ \item \verb!dump_ip_packet()!
+ \item \verb!forge_tcp_packet()!
+ \item \verb!set_tcp_elements()!
+ \item \verb!send_packet()!
+ \item \verb!pcap_next()!
+ \item \verb!get_tcp_element()!
+ \item \verb!forge_udp_packet()!
+ \item \verb!set_udp_elements()!
+ \item \verb!get_udp_elements()!
+ \item \verb!forge_icmp_packet()!
+ \item \verb!get_icmp_element()!
+ \item \verb!set_icmp_elements()!
+ \item \verb!forge_igmp_packet()!
+ \item \verb!dump_tcp_packet()!
+ \item \verb!dump_udp_packet()!
+\end{itemize}
+
+\xname{nasl-utilities}
+\subsubsection{Utilities}
+
+\begin{itemize}
+ \item \verb!this_host()!
+ \item \verb!get_host_name()!
+ \item \verb!get_host_ip()!
+ \item \verb!get_host_open_port()!
+ \item \verb!get_port_state()!
+ \item \verb!telnet_init()!
+ \item \verb!tcp_ping()!
+ \item \verb!getrpcport()!
+\end{itemize}
+
+\xname{nasl-string-manipulation}
+\subsubsection{String Manipulation}
+
+\begin{itemize}
+ \item \verb!ereg()!
+ \item \verb!ereg_replace()!
+ \item \verb!egrep()!
+ \item \verb!crap()!
+ \item \verb!string()!
+ \item \verb!strlen()!
+ \item \verb!raw_string()!
+ \item \verb!tolower()!
+ \item \verb!chomp()!
+ \item \verb!display()!
+ \item \verb!eregmatch()!
+ \item \verb!hex()!
+ \item \verb!hexstr()!
+ \item \verb!insstr()!
+ \item \verb!int()!
+ \item \verb!match()!
+ \item \verb!ord()!
+ \item \verb!str_replace()!
+ \item \verb!strcat()!
+ \item \verb!stridx()!
+ \item \verb!strstr()!
+ \item \verb!split()!
+ \item \verb!substr()!
+ \item \verb!toupper()!
+\end{itemize}
+
+\xname{nasl-knowledge-base}
+\subsubsection{Knowledge Base}
+
+\begin{itemize}
+ \item \verb!get_kb_item()!
+ \item \verb!set_kb_item()!
+ \item \verb!get_kb_list()!
+ \item \verb!replace_kb_item()!
+ \item \verb!replace_or_set_kb_item()!
+\end{itemize}
+
+\xname{nasl-plugin-description}
+\subsubsection{Plugin Description}
+
+\begin{itemize}
+ \item \verb!script_id()!
+ \item \verb!script_oid()!
+\compendiumauthor{Tim Brown}
+
+This function is intended to replace \verb!script_id!, the current method of
+uniquely
+identifying NASL scripts. The logic behind this is that \verb!script_id! has
+only a single
+global namespace. With plans by several organisations to develop and contribute
+plugin feeds it was deemed necessary to introduce a new namespace that could be
+shared between each organisation.
+
+The current proposed implementation of this function is as follows. Any plugin
+that
+contains a \verb!script_id! call will automatically be given an OID from the
+namespace
+allocated for legacy plugins. Moreover \verb!script_oid! can only be used on
+plugins
+that do not have a \verb!script_id! set. The OID namespace for legacy plugins
+has the
+prefix "1.3.6.1.4.1.25623.1.0". The OpenVAS OID namespace is currently
+administered
+by Tim Brown.
+
+Both the client and server as well as the libraries on which they depend are
+being
+updated to support this functionality. You can detect if it is supported by
+checking
+OPENVAS\_NASL\_LEVEL is greater than 2206.
+
+\verb!script_oid! should be called like so:
+
+\begin{verbatim}
+  ...
+  if(description)
+  {
+    if (OPENVAS_NASL_LEVEL >= 2206)
+    {
+      script_oid("1.3.6.1.4.1.25623.1.0.90010");
+    }
+    else
+    {
+      script_id(90010);
+    }
+  ...
+\end{verbatim}
+ \item \verb!script_version()!
+ \item \verb!script_name()!
+ \item \verb!script_description()!
+ \item \verb!script_summary()!
+ \item \verb!script_category()!
+ \item \verb!script_copyright()!
+ \item \verb!script_family()!
+ \item \verb!script_dependencies()!
+ \item \verb!script_cve_id()!
+ \item \verb!script_require_ports()!
+ \item \verb!script_require_keys()!
+ \item \verb!script_exclude_keys()!
+ \item \verb!scanner_status()!
+ \item \verb!script_get_preference()!
+ \item \verb!script_add_preference()!
+ \item \verb!script_bugtraq_id()!
+ \item \verb!script_dependencie()!
+ \item \verb!script_get_preference_file_content()!
+ \item \verb!script_get_preference_file_location()!
+ \item \verb!script_require_udp_ports()!
+ \item \verb!script_timeout()!
+\end{itemize}
+
+\xname{nasl-report-functions}
+\subsubsection{Report Functions}
+
+\begin{itemize}
+ \item \verb!security_warning()!
+ \item \verb!security_hole()!
+ \item \verb!security_info()!
+ \item \verb!security_note()!
+ \item \verb!log_message()!
+ \item \verb!debug_message()!
+\end{itemize}
+
+\xname{nasl-crypto-functions}
+\subsubsection{Crypto Functions}
+
+\begin{itemize}
+ \item \verb!HMAC_DSS()!
+ \item \verb!HMAC_MD2()!
+ \item \verb!HMAC_MD4()!
+ \item \verb!HMAC_MD5()!
+ \item \verb!HMAC_RIPEMD160()!
+ \item \verb!HMAC_SHA()!
+ \item \verb!HMAC_SHA1()!
+ \item \verb!MD2()!
+ \item \verb!MD4()!
+ \item \verb!MD5()!
+ \item \verb!RIPEMD160()!
+ \item \verb!SHA()!
+ \item \verb!SHA1()!
+\end{itemize}
+
+\xname{nasl-misc-functions}
+\subsubsection{Miscellaneous Functions}
+
+\begin{itemize}
+ \item \verb!cvsdate2unixtime()!
+ \item \verb!defined_func()!
+ \item \verb!dump_ctxt()!
+ \item \verb!func_has_arg()!
+ \item \verb!func_named_args()!
+ \item \verb!func_unnamed_args()!
+ \item \verb!gettimeofday()!
+ \item \verb!isnull()!
+ \item \verb!localtime()!
+ \item \verb!max_index()!
+ \item \verb!mktime()!
+ \item \verb!safe_checks()!
+ \item \verb!sleep()!
+ \item \verb!type_of()!
+ \item \verb!usleep()!
+ \item \verb!unixtime()!
+ \item \verb!make_list()!
+ \item \verb!make_array()!
+ \item \verb!get_preference()!
+\end{itemize}
+
+\xname{nasl-unsafe-functions}
+\subsubsection{``Unsafe'' Functions}
+
+\begin{itemize}
+ \item \verb!find_in_path()!
+ \item \verb!file_close()!
+ \item \verb!file_open()!
+ \item \verb!file_read()!
+ \item \verb!file_seek()!
+ \item \verb!file_stat()!
+ \item \verb!file_write()!
+ \item \verb!fread()!
+ \item \verb!fwrite()!
+ \item \verb!get_tmp_dir()!
+ \item \verb!unlink()!
+ \item \verb!pread()!
+\end{itemize}
+
+\xname{nasl-library-functions}
+\subsection{Functions from the NASL Library}
+
+Apart from the built-in functions provided by NASL itself it is also possible
+to use functions defined in ``include'' files. As a convention, these files
+have the extension ``.inc'' and reside in the plugin directory. Before you
+start writing functions for your own NASL scripts, you might want to check if
+the functionality is already available in the NASL Library. If you find
+yourself implementing a function that could be useful in other plugins as well,
+please consider adding it to the library.
+
+Quite a number of functions have been added to the NASL library already; the
+following list contains the names and declared functions of the files currently
+in the library. Keep in mind that this information is subject to change as
+plugins are added or updated.
+
+\begin{description}
+ \item[backport.inc] get\_backport\_banner(), get\_php\_version()
+ \item[debian\_package.inc] deb\_check(), deb\_str\_cmp(), deb\_ver\_cmp()
+ \item[default\_account.inc] check\_account(), \_check\_telnet(), recv\_until()
+ \item[dump.inc] dump(), hexdump(), isprint (), line2string ()
+ \item[ftp\_func.inc] ftp\_authenticate(), ftp\_close(), ftp\_pasv(),
+ftp\_recv\_data(), ftp\_recv\_line(), ftp\_recv\_listing(), ftp\_send\_cmd(),
+get\_ftp\_banner()
+ \item[global\_settings.inc] debug\_print(), log\_print()
+ \item[http\_func.inc] can\_host\_asp(), can\_host\_php(), cgi\_dirs(),
+check\_win\_dir\_trav(), do\_check\_win\_dir\_trav(), get\_http\_banner(),
+get\_http\_port(), headers\_split(), hex2dec(), \_\_hex\_value(), http\_40x(),
+http\_is\_dead(), http\_recv(), http\_recv\_body(), http\_recv\_headers2(),
+http\_recv\_length(), http\_send\_recv(), php\_ver\_match() 
+ \item[http\_keepalive.inc] check\_win\_dir\_trav\_ka(), enable\_keepalive(),
+get\_http\_page(), http\_keepalive\_check\_connection(),
+http\_keepalive\_enabled(), http\_keepalive\_recv\_body(),
+http\_keepalive\_send\_recv(), is\_cgi\_installed\_ka(), on\_exit()
+ \item[imap\_func.inc] get\_imap\_banner ()
+ \item[misc\_func.inc] add\_port\_in\_list(), base64(), base64\_code(),
+base64\_decode(), cvsdate2unixtime(), dec2hex(), get\_mysql\_version(),
+get\_rpc\_port(), get\_service\_banner\_line(), get\_unknown\_banner(),
+hex2raw(), known\_service(), pow2(), rand\_str(), register\_service(),
+replace\_or\_set\_kb\_item(), report\_service(), service\_is\_unknown(),
+set\_mysql\_version(), set\_unknown\_banner()
+ \item[netop.inc] ip\_dot2raw(), ip\_raw2dot(), netop\_banner\_items(),
+netop\_check\_and\_add\_banner(), netop\_each\_found(), netop\_kb\_derive(),
+netop\_log\_detected(), netop\_product\_ident(), netop\_spacepad(),
+netop\_zeropad()
+ \item[network\_func.inc] htonl(), htons(), ip\_checksum(), is\_private\_addr(),
+ms\_since\_midnight(), ntohl(), test\_udp\_port()
+ \item[nfs\_func.inc] cwd(), mount(), open(), padsz(), read(), readdir(),
+rpclong(), rpcpad(), str2long(), umount()
+ \item[nntp\_func.inc] nntp\_article(), nntp\_auth(), nntp\_connect(),
+nntp\_make\_id(), nntp\_post()
+ \item[pingpong.inc] udp\_ping\_pong()
+ \item[pkg-lib-deb.inc] isdpkgvuln()
+ \item[pop3\_func.inc] get\_pop3\_banner ()
+ \item[qpkg.inc] qpkg\_check(), qpkg\_cmp(), qpkg\_ver\_cmp()
+ \item[revisions-lib.inc] isdigit(), revcomp()
+ \item[slackware.inc] slack\_elt\_cmp(), slack\_ver\_cmp(), slackware\_check()
+ \item[slad\_ssh.inc] slad\_ssh\_login ()
+ \item[smbcl\_func.inc] bin\_dword(), bin\_word(), fileread(), GetPEFileVersion
+(), GetPEProductVersion (), get\_windir(), is\_domain(), PEVersion(),
+smbclientavail(), smbgetdir(), smbgetfile(), smbversion()
+ \item[smb\_hotfixes.inc] hotfix\_check\_dhcpserver\_installed(),
+hotfix\_check\_domain\_controler(), hotfix\_check\_excel\_version(),
+hotfix\_check\_exchange\_installed(), hotfix\_check\_iis\_installed(),
+hotfix\_check\_nt\_server(), hotfix\_check\_office\_version(),
+hotfix\_check\_outlook\_version(), hotfix\_check\_powerpoint\_version(),
+hotfix\_check\_sp(), hotfix\_check\_wins\_installed(),
+hotfix\_check\_word\_version(), hotfix\_check\_works\_installed(),
+hotfix\_data\_access\_version(), hotfix\_get\_commonfilesdir(),
+hotfix\_get\_programfilesdir(), hotfix\_get\_systemroot(), hotfix\_missing()
+ \item[smtp\_func.inc] get\_smtp\_banner(), smtp\_close(), smtp\_from\_header(),
+smtp\_open(), smtp\_recv\_banner(), smtp\_recv\_line(), smtp\_send\_port(),
+smtp\_send\_socket(), smtp\_to\_header()
+ \item[ssh\_func.inc] base64decode(), check\_pattern(), crypt(), decrypt(),
+derive\_keys(), dh\_gen\_key(), dh\_valid\_key(), get\_data\_size(),
+get\_ssh\_banner(), get\_ssh\_error(), get\_ssh\_server\_version(),
+get\_ssh\_supported\_authentication(), getstring(), init(), is\_sshd\_bugged(),
+kb\_ssh\_login(), kb\_ssh\_passphrase(), kb\_ssh\_password(),
+kb\_ssh\_privatekey(), kb\_ssh\_publickey(), kb\_ssh\_transport(),
+kex\_packet(), load\_array\_from\_kb(), load\_data\_from\_kb(),
+load\_intarray\_from\_kb(), load\_int\_from\_kb(), mac\_compute(), ntol(),
+packet\_payload(), putbignum(), putstring(), raw\_int32(), raw\_int8(),
+recv\_ssh\_packet(), register\_array\_in\_kb(), register\_data\_in\_kb(),
+register\_intarray\_in\_kb(), register\_int\_in\_kb(),
+reuse\_connection\_init(), send\_ssh\_packet(), set\_ssh\_error(),
+ssh\_close\_channel(), ssh\_close\_connection(), ssh\_cmd(), ssh\_cmd\_error(),
+ssh\_dss\_verify(), ssh\_exchange\_identification(), ssh\_hex2raw(),
+ssh\_kex2(), ssh\_login(), ssh\_login\_or\_reuse\_connection(),
+ssh\_open\_channel(), ssh\_recv(), ssh\_reuse\_connection(), ssh\_rsa\_verify(),
+ssh\_userauth2(), update\_window\_size()
+ \item[telnet\_func.inc] get\_telnet\_banner(), set\_telnet\_banner()
+ \item[tftp.inc] tftp\_get(), tftp\_put()
+ \item[ubuntu.inc] deb\_str\_cmp(), ubuntu\_check(), ubuntu\_ver\_cmp()
+ \item[uddi.inc] create\_uddi\_xml ()
+ \item[version\_func.inc] find\_bin(), get\_bin\_version(),
+get\_string\_version(), version\_is\_equal(), version\_is\_greater(),
+version\_is\_greater\_equal(), version\_is\_less(), version\_is\_less\_equal(),
+version\_test()
+\end{description}
+
+\xname{knowledge-base}
+\subsection{Knowledge Base}
+\label{sec:NASL-KB}
+
+In order to facilitate the exchange of information between different NVTs and to
+speed up the scanning process, information collected by plugins can be to stored
+in a Knowledge Base (KB). This enables plugins to built upon the results of
+other plugins and can help to avoid duplicate scans.
+
+Below is a list of known KB entries and the NASL/NES scripts that are known to
+set these entries. Keep in mind that this list is likely to be incomplete and
+subject to change.
+
+% #1: ID of KB entry
+% #2: Name of NVT where it is set
+% #3: Description
+\newcommand\kbdesc[3]{\item[#1] (#2): #3 }
+
+\begin{description}
+ \kbdesc{Amanda/running}{amanda\_detect.nasl}{1 = Amanda is running on the remote host}
+ \kbdesc{Amanda/version}{amanda\_version.nasl}{}
+ \kbdesc{Amap/*/FullBanner}{amap.nasl}{}
+ \kbdesc{Amap/*/PrintableBanner}{amap.nasl}{}
+ \kbdesc{Amap/*/Svc}{amap.nasl}{}
+ \kbdesc{bind/version}{bind\_version.nasl}{Version of the remote BIND server}
+ \kbdesc{cfengine/running}{cfengine\_detect.nasl}{}
+ \kbdesc{cheopsNG/password}{cheopsNG\_detect.nasl}{}
+ \kbdesc{cheopsNG/unprotected}{cheopsNG\_detect.nasl}{}
+ \kbdesc{CVE-2003-1011}{apple-sa-2004-08-09.nasl}{}
+ \kbdesc{ebola/banner/*}{find\_service2.nasl}{}
+ \kbdesc{fake\_identd/113}{w32\_spybot\_worm\_variant.nasl}{}
+ \kbdesc{fake\_identd/*}{slident.nasl, find\_service1.nasl, ident\_backdoor.nasl}{}
+ \kbdesc{FindService/tcp/*/get\_http}{doublecheck\_std\_services.nasl, apache\_SSL\_complain.nasl}{}
+ \kbdesc{FindService/tcp/*/help}{doublecheck\_std\_services.nasl, find\_service2.nasl, find\_service\_3digits.nasl}{}
+ \kbdesc{FindService/tcp/*/spontaneous}{find\_service\_3digits.nasl, doublecheck\_std\_services.nasl}{}
+ \kbdesc{fsp/banner/*}{fsp\_detection.nasl}{}
+
+ \kbdesc{ftp/backdoor}{ftp\_kibuv\_worm.nasl}{}
+ \kbdesc{ftp/fw1ftpd}{ftpserver\_detect\_type\_nd\_version.nasl}{1 = The remote server is FW/1 FTPd}
+ \kbdesc{ftp/login}{logins.nasl}{Login to use when connecting to ftp}
+ \kbdesc{ftp/msftpd}{ftpserver\_detect\_type\_nd\_version.nasl}{1 = The remote server is IIS FTPd}
+ \kbdesc{ftp/ncftpd}{ftpserver\_detect\_type\_nd\_version.nasl}{1 = The remote server is NcFTPd}
+ \kbdesc{ftp/password}{logins.nasl}{Password to use when connecting to ftp}
+ \kbdesc{ftp/*/AnyUser}{DDI\_FTP\_Any\_User\_Login.nasl}{}
+ \kbdesc{ftp/*/backdoor}{ftp\_kibuv\_worm.nasl}{}
+ \kbdesc{ftp/*/syst}{find\_service\_3digits.nasl}{}
+ \kbdesc{ftp/vxftpd}{ftpserver\_detect\_type\_nd\_version.nasl}{}
+ \kbdesc{ftp/writeable\_dir}{ftp\_writeable\_directories.nasl, logins.nasl, ftp\_write\_dirs.nes}{}
+ \kbdesc{ftp/wuftpd}{ftpserver\_detect\_type\_nd\_version.nasl}{}
+
+ \kbdesc{global\_settings/debug\_level}{global\_settings.nasl}{}
+ \kbdesc{global\_settings/experimental\_scripts}{global\_settings.nasl}{}
+ \kbdesc{global\_settings/http\_user\_agent}{global\_settings.nasl}{}
+ \kbdesc{global\_settings/log\_verbosity}{global\_settings.nasl}{}
+ \kbdesc{global\_settings/network\_type}{global\_settings.nasl}{}
+ \kbdesc{global\_settings/report\_paranoia}{global\_settings.nasl}{}
+ \kbdesc{global\_settings/report\_verbosity}{global\_settings.nasl}{}
+ \kbdesc{global\_settings/thorough\_tests}{global\_settings.nasl}{}
+ \kbdesc{Host/accept\_lsrr}{source\_routed.nasl}{}
+ \kbdesc{Host/dead}{3com\_nbx\_voip\_netset\_detection.nasl, blackice\_dos.nasl, dont\_scan\_printers.nasl, ftp\_w98\_devname\_dos.nasl, fw1\_udp\_DoS.nasl, http\_w98\_devname\_dos.nasl, jolt2.nasl, jolt.nasl, labrea.nasl, linux\_icmp\_sctp\_DoS.nasl, open\_all\_ports\_DoS.nasl, p-smash.nasl, spank.nasl, TLD\_wildcard.nasl, vxworks\_ftpdDOS.nasl}{1 = The remote host is dead}
+ \kbdesc{Host/Debian/dpkg-l}{ssh\_get\_info.nasl}{}
+ \kbdesc{Host/firewall}{securemote\_info\_leak.nasl, securemote.nasl}{(firewall name) The remote host is a firewall}
+ \kbdesc{Host/full\_scan}{amap.nasl, netstat\_portscan.nasl, nmap.nasl, snmpwalk\_portscan.nasl, openvas\_tcp\_scanner.nes, synscan.nes}{}
+ \kbdesc{Host/ident\_scanned}{ident\_process\_owner.nasl, netstat\_portscan.nasl, nmap.nasl}{}
+ \kbdesc{Host/num\_ports\_scanned}{openvas\_tcp\_scanner.nes, synscan.nes}{}
+ \kbdesc{Host/OS}{nmap.nasl, nmap\_wrapper.nes}{}
+ \kbdesc{Host/OS/ntp}{ntp\_open.nasl}{}
+ \kbdesc{Host/ping\_failed}{nmap.nasl, nmap\_wrapper.nes}{}
+ \kbdesc{Host/processor/ntp}{ntp\_open.nasl}{}
+ \kbdesc{Host/protocol\_scanned}{ip\_protocol\_scan.nasl}{}
+ \kbdesc{Host/scanned}{amap.nasl, netstat\_portscan.nasl, nmap.nasl, snmpwalk\_portscan.nasl,  nmap\_tcp\_connect.nes, nmap\_wrapper.nes, synscan.nes, openvas\_tcp\_scanner.nes}{1 = The remote host has been portscanned}
+ \kbdesc{Host/scanners/amap}{amap.nasl}{}
+ \kbdesc{Host/scanners/netstat}{netstat\_portscan.nasl}{}
+ \kbdesc{Host/scanners/nmap}{nmap.nasl}{}
+ \kbdesc{Host/scanners/openvas\_tcp\_scanner}{openvas\_tcp\_scanner.nes}{}
+ \kbdesc{Host/scanners/snmpwalk}{snmpwalk\_portscan.nasl}{}
+ \kbdesc{Host/scanners/synscan}{synscan.nes}{}
+ \kbdesc{Host/tcp\_reverse\_lsrr}{source\_routed.nasl}{}
+ \kbdesc{Host/tcp\_seq\_idx}{nmap.nasl}{}
+ \kbdesc{Host/tcp\_seq}{nmap.nasl,  nmap\_wrapper.nes}{}
+ \kbdesc{Host/udp\_scanned}{amap.nasl, netstat\_portscan.nasl, nmap.nasl, snmpwalk\_portscan.nasl,  nmap\_wrapper.nes}{}
+ \kbdesc{http/auth}{logins.nasl}{login to use when doing HTTP requests}
+ \kbdesc{http/login}{logins.nasl}{}
+ \kbdesc{http/password}{logins.nasl}{password to use when doing HTTP requests}
+ \kbdesc{Hydra/cisco-enable/*}{hydra\_cisco\_enable.nasl}{}
+ \kbdesc{Hydra/cisco/*}{hydra\_cisco.nasl}{}
+ \kbdesc{Hydra/cvs/*}{hydra\_cvs.nasl}{}
+ \kbdesc{Hydra/ftp/*}{hydra\_ftp.nasl}{}
+ \kbdesc{Hydra/http/*}{hydra\_http.nasl}{}
+ \kbdesc{Hydra/http-proxy/*}{hydra\_http\_proxy.nasl}{}
+ \kbdesc{Hydra/icq/*}{hydra\_icq.nasl}{}
+ \kbdesc{Hydra/imap/*}{hydra\_imap.nasl}{}
+ \kbdesc{Hydra/ldap/*}{hydra\_ldap.nasl}{}
+ \kbdesc{Hydra/mssql/*}{hydra\_mssql.nasl}{}
+ \kbdesc{Hydra/nntp/*}{hydra\_nntp.nasl}{}
+ \kbdesc{Hydra/pcnfs/*}{hydra\_pcnfs.nasl}{}
+ \kbdesc{Hydra/rexec/*}{hydra\_rexec.nasl}{}
+ \kbdesc{Hydra/sapr3/*}{hydra\_sapr3.nasl}{}
+ \kbdesc{Hydra/smtp-auth/*}{hydra\_smtp\_auth.nasl}{}
+ \kbdesc{Hydra/snmp/*}{hydra\_snmp.nasl}{}
+ \kbdesc{Hydra/socks5/*}{hydra\_socks5.nasl}{}
+ \kbdesc{Hydra/ssh2/*}{hydra\_ssh2.nasl}{}
+ \kbdesc{Hydra/telnet/*}{hydra\_telnet.nasl}{}
+ \kbdesc{Hydra/vnc/*}{hydra\_vnc.nasl}{}
+ \kbdesc{Ident/*/*}{nmap.nasl}{}
+ \kbdesc{Ident/tcp/*}{ident\_process\_owner.nasl, netstat\_portscan.nasl}{}
+ \kbdesc{iis/global.asa.download}{DDI\_GlobalASA\_Retrieval.nasl}{}
+ \kbdesc{imap/banner/*}{find\_service2.nasl}{}
+ \kbdesc{imap/login}{logins.nasl}{Imap login to use}
+ \kbdesc{imap/password}{logins.nasl}{Imap password to use}
+ \kbdesc{imap/*/Cyrus}{cyrus\_imap\_prelogin\_overflow.nasl}{}
+ \kbdesc{IPProtocol/*}{ip\_protocol\_scan.nasl}{}
+ \kbdesc{kazaa/username}{kazaa\_morpheus\_detect.nasl}{}
+ \kbdesc{mssql/SQLVersion}{mssql\_version.nasl}{}
+ \kbdesc{mssql/udp/1434}{mssql\_ping.nasl}{}
+ \kbdesc{MSSQL/UDP/Ping}{mssql\_ping.nasl}{}
+ \kbdesc{Nmap/*/svc}{nmap.nasl}{}
+ \kbdesc{Nmap/*/version}{nmap.nasl}{}
+ \kbdesc{nntp/local\_distrib}{nntp\_info.nasl}{}
+ \kbdesc{nntp/login}{logins.nasl}{}
+ \kbdesc{nntp/password}{logins.nasl}{}
+ \kbdesc{nntp/*/cancel}{nntp\_info.nasl}{}
+ \kbdesc{nntp/*/noauth}{nntp\_info.nasl}{}
+ \kbdesc{nntp/*/posted}{nntp\_info.nasl}{}
+ \kbdesc{nntp/*/posting}{nntp\_info.nasl}{}
+ \kbdesc{nntp/*/ready}{nntp\_info.nasl}{}
+ \kbdesc{nntp/*/supersed}{nntp\_info.nasl}{}
+ \kbdesc{nntp/x\_no\_archive}{nntp\_info.nasl}{}
+ \kbdesc{NTP/Running}{ntp\_open.nasl}{}
+ \kbdesc{oracle\_tnslsnr/*/version}{oracle\_tnslsnr\_version.nasl}{}
+ \kbdesc{pop2/login}{logins.nasl}{}
+ \kbdesc{pop2/password}{logins.nasl}{}
+ \kbdesc{pop3/login}{logins.nasl}{}
+ \kbdesc{pop3/password}{logins.nasl}{}
+ \kbdesc{/rip/*/broken\_source\_port}{rip\_detect.nasl}{}
+ \kbdesc{/rip/*/version}{rip\_detect.nasl}{}
+ \kbdesc{Secret/hydra/logins\_file}{hydra\_options.nasl}{}
+ \kbdesc{Secret/hydra/passwords\_file}{hydra\_options.nasl}{}
+ \kbdesc{Secret/SSH/login}{ssh\_authorization.nasl}{}
+ \kbdesc{Secret/SSH/passphrase}{ssh\_authorization.nasl}{}
+ \kbdesc{Secret/SSH/password}{ssh\_authorization.nasl}{}
+ \kbdesc{Secret/SSH/privatekey}{ssh\_authorization.nasl}{}
+ \kbdesc{Secret/SSH/publickey}{ssh\_authorization.nasl}{}
+ \kbdesc{Services/data\_protector/build}{hp\_data\_protector\_installed.nasl}{}
+ \kbdesc{Services/data\_protector/version}{hp\_data\_protector\_installed.nasl}{}
+ \kbdesc{Services/three\_digits}{find\_service.nes}{}
+ \kbdesc{Services/unknown}{find\_service.nes}{Port of unknown service(s)}
+ \kbdesc{Services/wrapped}{find\_service.nes}{}
+ \kbdesc{Services/www/*/broken}{http\_func.inc, no404.nasl}{}
+ \kbdesc{Services/www/*/embedded}{3com\_nbx\_voip\_netset\_detection.nasl, ciscoworks\_detect.nasl, clearswift\_mimesweeper\_smtp\_detect.nasl, cobalt\_web\_admin\_server.nasl, DDI\_Cabletron\_Web\_View.nasl, DDI\_F5\_Default\_Support.nasl, embedded\_web\_server\_detect.nasl, imss\_detect.nasl, interspect\_detect.nasl, intrushield\_console\_detect.nasl, iwss\_detect.nasl, linksys\_multiple\_vulns.nasl, raptor\_detect.nasl, securenet\_provider\_detect.nasl, sitescope\_management\_server.nasl, sun\_cobalt\_adaptive\_firewall\_detect.nasl, tmcm\_detect.nasl, websense\_detect.nasl, xedus\_detect.nasl}{}
+ \kbdesc{Services/www/*/kerio\_wrf}{kerio\_wrf\_management\_detection.nasl}{}
+ \kbdesc{Services/www/*/working}{http\_func.inc}{}
+ \kbdesc{Settings/disable\_cgi\_scanning}{global\_settings.nasl}{}
+ \kbdesc{Settings/ExperimentalScripts}{global\_settings.nasl}{}
+ \kbdesc{Settings/ThoroughTests}{global\_settings.nasl}{}
+ \kbdesc{sip/banner/5060}{sip\_detection.nasl}{}
+
+ \kbdesc{SMB/domain\_filled/0}{smb\_authorization.nasl}{}
+ \kbdesc{SMB/DOMAIN}{smbcl\_func.inc}{}
+ \kbdesc{SMB/dont\_send\_in\_cleartext}{logins.nasl}{}
+ \kbdesc{SMB/dont\_send\_ntlmv1}{logins.nasl}{}
+ \kbdesc{SMB/ERROR}{smbcl\_func.inc}{}
+ \kbdesc{SMB/FILEVERSION/*}{smbcl\_func.inc}{}
+ \kbdesc{SMB/login\_filled/0}{smb\_authorization.nasl}{}
+ \kbdesc{SMB/name}{netbios\_name\_get.nasl}{NetBIOS name of the remote host}
+ \kbdesc{SMB/OS}{smbcl\_func.inc}{}
+ \kbdesc{SMB/password\_filled/0}{smb\_authorization.nasl}{}
+ \kbdesc{SMB/PRODUCTVERSION/*}{smbcl\_func.inc}{}
+ \kbdesc{SMB/samba}{netbios\_name\_get.nasl}{1 = The remote SMB server is running Samba}
+ \kbdesc{SMB/SERVER}{smbcl\_func.inc}{}
+ \kbdesc{SMB/smbclient}{smbcl\_func.inc}{}
+ \kbdesc{SMB/transport}{cifs445.nasl}{}
+ \kbdesc{SMB/username}{netbios\_name\_get.nasl}{}
+ \kbdesc{SMB/WinXP/ServicePack}{smb\_reg\_service\_pack\_XP.nasl}{}
+ \kbdesc{SMB/workgroup}{netbios\_name\_get.nasl}{Name of the remote host workgroup/domain}
+
+ \kbdesc{SMTP/3comnbx}{smtpserver\_detect.nasl}{}
+ \kbdesc{SMTP/domino}{smtpscan.nasl, smtpserver\_detect.nasl}{}
+ \kbdesc{SMTP/exim}{smtpscan.nasl, smtpserver\_detect.nasl}{}
+ \kbdesc{SMTP/firewall-1}{smtpscan.nasl, smtpserver\_detect.nasl}{}
+ \kbdesc{SMTP/intermail}{smtpscan.nasl, smtpserver\_detect.nasl}{}
+ \kbdesc{SMTP/interscan}{smtpscan.nasl}{}
+ \kbdesc{SMTP/microsoft\_esmtp\_5}{smtpscan.nasl, smtpserver\_detect.nasl}{1 = The remote SMTP server is MS SMTP 5}
+ \kbdesc{smtp/*/broken}{check\_smtp\_helo.nasl}{}
+ \kbdesc{smtp/*/denied}{check\_smtp\_helo.nasl}{}
+ \kbdesc{smtp/*/helo}{check\_smtp\_helo.nasl}{}
+ \kbdesc{smtp/*/real\_banner}{smtpscan.nasl}{}
+ \kbdesc{smtp/*/temp\_denied}{check\_smtp\_helo.nasl}{}
+ \kbdesc{SMTP/postfix}{smtpscan.nasl, smtpserver\_detect.nasl}{1 = The remote SMTP server is Postfix}
+ \kbdesc{SMTP/postoffice}{smtpscan.nasl}{}
+ \kbdesc{SMTP/qmail}{smtpscan.nasl, smtpserver\_detect.nasl}{1 = The remote SMTP server is qmail}
+ \kbdesc{SMTP/sendmail}{smtpscan.nasl}{1 = The remote SMTP server is Sendmail}
+ \kbdesc{SMTP/sendmail}{smtpserver\_detect.nasl}{1 = The remote SMTP server is Sendmail}
+ \kbdesc{SMTP/snubby}{smtpserver\_detect.nasl}{}
+ \kbdesc{SMTP/wrapped}{check\_smtp\_helo.nasl}{1 = The remote sendmail is wrapped}
+ \kbdesc{SMTP/wrapped}{smtpserver\_detect.nasl}{1 = The remote sendmail is wrapped}
+ \kbdesc{SMTP/xmail}{smtpscan.nasl, smtpserver\_detect.nasl}{}
+ \kbdesc{SMTP/zmailer}{smtpserver\_detect.nasl}{}
+
+ \kbdesc{SNMP/community}{snmp\_default\_communities.nasl}{Name of a valid SNMP community}
+ \kbdesc{SNMP/port}{snmp\_default\_communities.nasl}{}
+ \kbdesc{SNMP/running}{snmp\_detect.nasl}{}
+ \kbdesc{socks/*/auth/*}{socks.nasl}{}
+ \kbdesc{SSH/banner/*}{ssh\_detect.nasl}{}
+ \kbdesc{ssh/login/freebsdpatchlevel}{gather-package-list.nasl, ssh\_get\_info.nasl}{}
+ \kbdesc{ssh/login/freebsdpkg}{gather-package-list.nasl, ssh\_get\_info.nasl}{}
+ \kbdesc{ssh/login/freebsdrel}{gather-package-list.nasl, ssh\_get\_info.nasl}{}
+ \kbdesc{ssh/login/gentoo}{gather-package-list.nasl, ssh\_get\_info.nasl}{}
+ \kbdesc{ssh/login/packages}{gather-package-list.nasl, ssh\_get\_info.nasl}{}
+ \kbdesc{ssh/login/pkg}{gather-package-list.nasl, ssh\_get\_info.nasl}{}
+ \kbdesc{ssh/login/release}{gather-package-list.nasl, ssh\_get\_info.nasl}{}
+ \kbdesc{ssh/login/rpms}{gather-package-list.nasl, ssh\_get\_info.nasl}{}
+ \kbdesc{ssh/login/slackpack}{gather-package-list.nasl, ssh\_get\_info.nasl}{}
+ \kbdesc{ssh/login/uname}{gather-package-list.nasl, ssh\_get\_info.nasl}{}
+ \kbdesc{SSH/supportedauth/*}{ssh\_detect.nasl}{}
+ \kbdesc{SSH/textbanner/*}{ssh\_detect.nasl}{}
+ \kbdesc{TCPScanner/NbPasses}{openvas\_tcp\_scanner.nes}{}
+ \kbdesc{TCPScanner/OpenPortsNb}{openvas\_tcp\_scanner.nes}{}
+ \kbdesc{TCPScanner/ClosedPortsNb}{openvas\_tcp\_scanner.nes}{}
+ \kbdesc{TCPScanner/FilteredPortsNb}{openvas\_tcp\_scanner.nes}{}
+ \kbdesc{TCPScanner/RSTRateLimit}{openvas\_tcp\_scanner.nes}{}
+ \kbdesc{tftp/get\_file}{tftp\_grab\_file.nes}{}
+ \kbdesc{tftp/backdoor}{tftpd\_backdoor.nasl}{}
+ \kbdesc{tftp/*/backdoor}{tftpd\_backdoor.nasl}{}
+ \kbdesc{tftp/*/filecontent/*}{tftpd\_dir\_trav.nasl}{}
+ \kbdesc{tftp/*/filename/*}{tftpd\_dir\_trav.nasl}{}
+ \kbdesc{tftp/*/get\_file}{tftpd\_dir\_trav.nasl}{}
+ \kbdesc{tftp/*/overflow}{tftpd\_overflow.nasl}{}
+ \kbdesc{tftp/*/smalloverflow}{tftpd\_small\_overflow.nasl}{}
+ \kbdesc{/tmp/cgibin}{DDI\_Directory\_Scanner.nasl}{}
+ \kbdesc{/tmp/http/auth/*}{http\_login.nasl}{}
+ \kbdesc{/tmp/hydra/empty\_password}{hydra\_options.nasl}{}
+ \kbdesc{/tmp/hydra/exit\_ASAP}{hydra\_options.nasl}{}
+ \kbdesc{/tmp/hydra/login\_password}{hydra\_options.nasl}{}
+ \kbdesc{/tmp/hydra/tasks}{hydra\_options.nasl}{}
+ \kbdesc{/tmp/hydra/timeout}{hydra\_options.nasl}{}
+ \kbdesc{/tmp/rpc/noportmap/*}{misc\_func.inc}{}
+ \kbdesc{/tmp/UnableToRun/14254}{nikto.nasl}{}
+ \kbdesc{/tmp/UnableToRun/14255}{nmap.nasl}{}
+ \kbdesc{/tmp/UnableToRun/14663}{amap.nasl}{}
+ \kbdesc{/tmp/UnableToRun/91984}{ldapsearch.nasl}{}
+ \kbdesc{Transport/SSL}{find\_service.nes}{}
+ \kbdesc{webmin/*/version}{webmin.nasl}{}
+ \kbdesc{www/abyss}{http\_version.nasl}{}
+ \kbdesc{www/akamaighost}{http\_version.nasl}{}
+ \kbdesc{www/alchemy}{http\_version.nasl}{}
+ \kbdesc{www/alibaba}{http\_version.nasl}{}
+ \kbdesc{www/allegro}{http\_version.nasl}{}
+ \kbdesc{www/anti-OpenVAS/*/rand-url}{anti\_nessus.nasl}{}
+ \kbdesc{www/anti-OpenVAS/*/user-agent}{anti\_nessus.nasl}{}
+ \kbdesc{www/anweb}{http\_version.nasl}{}
+ \kbdesc{www/aolserver}{http\_version.nasl}{}
+ \kbdesc{www/apache}{http\_version.nasl}{1 = The remote server is running Apache}
+ \kbdesc{www/appleshareip}{http\_version.nasl}{}
+ \kbdesc{www/badblue}{http\_version.nasl}{}
+ \kbdesc{www/banner/*}{apache\_SSL\_complain.nasl, http\_version.nasl}{}
+ \kbdesc{www/BitKeeper}{http\_version.nasl}{}
+ \kbdesc{www/buggy\_post\_crash}{monkeyweb\_post\_DoS.nasl}{}
+ \kbdesc{www/caudium}{http\_version.nasl}{}
+ \kbdesc{www/cern}{http\_version.nasl}{1 = The remote server is running CERN httpd}
+ \kbdesc{www/communigatepro}{http\_version.nasl}{}
+ \kbdesc{www/communique}{http\_version.nasl}{}
+ \kbdesc{www/compaq}{http\_version.nasl}{}
+ \kbdesc{www/cougar}{http\_version.nasl}{}
+ \kbdesc{www/cups}{http\_version.nasl}{}
+ \kbdesc{www/doc\_browseable}{doc\_browsable.nasl}{}
+ \kbdesc{www/domino}{http\_version.nasl}{1 = The remote server is running domino}
+ \kbdesc{www/domino/*/db}{domino\_default\_db.nasl}{}
+ \kbdesc{www/emweb}{http\_version.nasl}{}
+ \kbdesc{www/filemakerpro}{http\_version.nasl}{}
+ \kbdesc{www/firstclass}{http\_version.nasl}{}
+ \kbdesc{www/goahead}{http\_version.nasl}{}
+ \kbdesc{www/hmap/*/banner\_ok}{www\_fingerprinting\_hmap.nasl}{}
+ \kbdesc{www/hmap/*/banner\_regex}{www\_fingerprinting\_hmap.nasl}{}
+ \kbdesc{www/hmap/*/description}{www\_fingerprinting\_hmap.nasl}{}
+ \kbdesc{www/hmap/*/raw\_signature}{www\_fingerprinting\_hmap.nasl}{}
+ \kbdesc{www/hmap/*/signature}{www\_fingerprinting\_hmap.nasl}{}
+ \kbdesc{www/ibm-http}{http\_version.nasl}{}
+ \kbdesc{www/ideawebserver}{http\_version.nasl}{}
+ \kbdesc{www/iis}{http\_version.nasl}{}
+ \kbdesc{www/iplanet}{http\_version.nasl}{}
+ \kbdesc{www/ipswitch-imail}{http\_version.nasl}{}
+ \kbdesc{www/jetty}{http\_version.nasl}{}
+ \kbdesc{www/jigsaw}{http\_version.nasl}{}
+ \kbdesc{www/KFWebServer}{http\_version.nasl}{}
+ \kbdesc{www/linuxconf}{http\_version.nasl}{}
+ \kbdesc{www/miniserv}{http\_version.nasl}{}
+ \kbdesc{www/multiple\_get/*}{www\_multiple\_get.nasl}{}
+ \kbdesc{www/ncsa}{http\_version.nasl}{}
+ \kbdesc{www/netcache}{http\_version.nasl}{}
+ \kbdesc{www/netscape-commerce}{http\_version.nasl}{}
+ \kbdesc{www/netscape-fasttrack}{http\_version.nasl}{}
+ \kbdesc{www/netware}{http\_version.nasl}{}
+ \kbdesc{www/novell}{http\_version.nasl}{}
+ \kbdesc{www/omnihttpd}{http\_version.nasl}{}
+ \kbdesc{www/OracleApache}{http\_version.nasl}{}
+ \kbdesc{www/oracle-web-listener}{http\_version.nasl}{}
+ \kbdesc{www/pi3web}{http\_version.nasl}{}
+ \kbdesc{www/*/generic\_xss}{cross\_site\_scripting.nasl}{}
+ \kbdesc{www/*/punBB}{punBB\_detect.nasl}{}
+ \kbdesc{www/*/vBulletin}{vbulletin\_detect.nasl}{}
+ \kbdesc{www/*/webmin}{webmin.nasl}{}
+ \kbdesc{www/real\_banner/*}{http\_version.nasl}{}
+ \kbdesc{www/resin}{http\_version.nasl}{}
+ \kbdesc{www/roxen}{http\_version.nasl}{}
+ \kbdesc{www/sambar}{http\_version.nasl}{}
+ \kbdesc{www/savant}{http\_version.nasl}{}
+ \kbdesc{www/simpleserver}{http\_version.nasl}{}
+ \kbdesc{www/squid}{http\_version.nasl}{}
+ \kbdesc{www/statistics-server}{http\_version.nasl}{}
+ \kbdesc{www/stronghold}{http\_version.nasl}{}
+ \kbdesc{www/stweb}{http\_version.nasl}{}
+ \kbdesc{www/theserver}{http\_version.nasl}{}
+ \kbdesc{www/thttpd}{http\_version.nasl}{}
+ \kbdesc{www/tigershark}{http\_version.nasl}{}
+ \kbdesc{www/tomcat}{http\_version.nasl}{}
+ \kbdesc{www/too\_big\_post\_crash}{monkeyweb\_too\_big\_post.nasl}{}
+ \kbdesc{www/too\_long\_url\_crash}{oracle9iAS\_too\_long\_url.nasl, ws4e\_too\_long\_url.nasl}{}
+ \kbdesc{www/tux}{http\_version.nasl}{}
+ \kbdesc{www/visualroute}{http\_version.nasl}{}
+ \kbdesc{www/vnc}{vnc\_http.nasl}{}
+ \kbdesc{www/vqserver}{http\_version.nasl}{}
+ \kbdesc{www/wdaemon}{http\_version.nasl}{}
+ \kbdesc{www/weblogic}{http\_version.nasl}{}
+ \kbdesc{www/webserver4everyone}{http\_version.nasl}{}
+ \kbdesc{www/websitepro}{http\_version.nasl}{}
+ \kbdesc{www/webstar}{http\_version.nasl}{}
+ \kbdesc{www/wwwfileshare}{http\_version.nasl}{}
+ \kbdesc{www/xitami}{http\_version.nasl}{}
+ \kbdesc{www/zeus}{http\_version.nasl}{}
+ \kbdesc{www/zope}{http\_version.nasl}{}
+ \kbdesc{X11/*/answer}{X.nasl}{}
+ \kbdesc{X11/*/open}{X.nasl}{}
+ \kbdesc{X11/*/version}{X.nasl}{}
+ \kbdesc{xedus/*/running}{xedus\_detect.nasl}{}
+ \kbdesc{zebra/banner/*}{find\_service2.nasl}{}
+ \kbdesc{zebra/banner/*}{zebra\_dos.nasl}{}
+ \kbdesc{zonealarm/version}{zone\_alarm\_local\_dos.nasl}{}
+\end{description}
+
+\xname{test-and-debugging-procedures}
+\section{Test and debugging procedures}
+
+There are different approaches to test your OpenVAS NVTs; for example, the
+network TCP/IP tests differs from the local security tests.
+For the local security test, it is important to see the command line and what
+was queried on a local system using a shell.
+An excellent start is using the \verb|openvas-nasl| tool to execute your script
+on the target environment to see if any error messages come up.
+
+\xname{testing-a-local-vulnerability}
+\subsection{Testing a local vulnerability}
+
+Here is an example of using the \verb|openvas-nasl| tool to perform a test:
+
+First test if your script written in NASL is syntactically correct. This could
+be done by using openvas-nasl with the -p option, e.g.:
+\begin{verbatim}
+# openvas-nasl -p broken-example.nasl
+syntax error, unexpected IDENT, expecting ')'
+Parse error at or near line 17
+\end{verbatim} 
+
+This is telling us that this script has a syntax error.
+Test the functionality of your script only after you made sure your script
+contains only syntactically correct NASL.
+
+Now you can test on your target host, if the LVT is correct, by writing
+debug-output into a debug file:
+
+\begin{verbatim}
+ openvas-nasl  -T /tmp/debug-lvt.txt -X  example-lvt.nasl
+\end{verbatim}
+
+The debug output will be written into the debug-lvt.txt file, which in this
+example will look like this:
+
+\begin{verbatim}
+[...]
+NASL:0196> make_list(...)
+[9831]() NASL> [080c9968] <- "qpkg"
+[9831]() NASL> [080c9a00] <- "-nc"
+[9831]() NASL> [080c9f38] <- "-I"
+[9831]() NASL> [080c9f98] <- "-v"
+[9831](example-lvt.nasl) NASL> Call make_list(1: "qpkg", 2: "-nc", 3: "-I", 4:
+"-v")
+[9831](example-lvt.nasl) NASL> Return make_list: ???? (DYN_ARRAY (64))
+[9831]() NASL> [080c9e88] <- (VAR2_ARRAY)
+[9831](example-lvt.nasl) NASL> Call pread(cmd: "qpkg", argv: ???? (DYN_ARRAY
+(64)))
+[9831](example-lvt.nasl) NASL> Return pread: "qpkg: invalid option -- n
+Usage: qpkg <opt..."
+[9831]() NASL> [080c95c0] <- "qpkg: invalid option -- n
+Usage: qpkg <opts> <misc args> : manipulate Gentoo binpkgs
+
+Options: -[cpP:vqChV]
+  -c, --clean          * clean pkgdir of unused binary files
+  -p, --pretend        * pretend only
+  -P, --pkgdir   <arg> * alternate package directory
+  -v, --verbose        * Make a lot of noise
+  -q, --quiet          * Tighter output; suppress warnings
+  -C, --nocolor        * Don't output color
+  -h, --help           * Print this help and exit
+  -V, --version        * Print version and exit
+"
+NASL:0199> if (! (qpkg_list)) { ... }
+[9831](example-lvt.nasl) NASL> [080c95c0] -> "qpkg: invalid option -- n
+Usage: qpkg <opts> <misc args> : manipulate Gentoo binpkgs
+
+Options: -[cpP:vqChV]
+  -c, --clean          * clean pkgdir of unused binary files
+  -p, --pretend        * pretend only
+  -P, --pkgdir   <arg> * alternate package directory
+  -v, --verbose        * Make a lot of noise
+  -q, --quiet          * Tighter output; suppress warnings
+  -C, --nocolor        * Don't output color
+  -h, --help           * Print this help and exit
+  -V, --version        * Print version and exit
+"
+NASL:0201> if (((arch) && (my_arch)) && (my_arch >!< arch)) { ... }
+[9831](example-lvt.nasl) NASL> [080c9948] -> undef
+NASL:0201> l=egrep(...);
+NASL:0201> egrep(...)
+[9831](example-lvt.nasl) NASL> [080c95c0] -> "qpkg: invalid option -- n
+Usage: qpkg <opts> <misc args> : manipulate Gentoo binpkgs
+
+Options: -[cpP:vqChV]
+  -c, --clean          * clean pkgdir of unused binary files
+  -p, --pretend        * pretend only
+  -P, --pkgdir   <arg> * alternate package directory
+  -v, --verbose        * Make a lot of noise
+  -q, --quiet          * Tighter output; suppress warnings
+  -C, --nocolor        * Don't output color
+  -h, --help           * Print this help and exit
+  -V, --version        * Print version and exit
+"
+[9831]() NASL> [080c9890] <- "qpkg: invalid option ? n
+[...]
+\end{verbatim}
+
+ The last line tells us that an incorrect syntax for the qpkg tool was given to
+the LVT.
+
+\xname{testing-a-network-vulnerability}
+\subsection{Testing a network vulnerability}
+
+Here is an example using the openvas-nasl tool to perform a test:
+
+First test if your script written in NASL is syntactically correct. This could
+be done by using the openvas-nasl tool with the -p option, e.g.:
+\begin{verbatim}
+# openvas-nasl -p broken-example.nasl
+syntax error, unexpected IDENT, expecting ')'
+Parse error at or near line 17
+\end{verbatim} 
+
+This is telling us that this script has a syntax error. 
+Test the functionality of your script after making sure that your script
+contains only correct NASL.
+
+The test on the network is a bit more complicated. To test if the right packet
+was sent, you can use TCPDUMP to capture the communication between the host can
+the client, e.g.:
+
+\begin{verbatim}
+# tcpdump -i lo -w debug.pcap -s 1450
+tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 1450 bytes
+10 packets captured
+20 packets received by filter
+0 packets dropped by kernel
+\end{verbatim}
+
+Now it is possible to decode the content of the network communication.
+
+\begin{verbatim}
+ # tcpdump -vvvv -n -r debug.pcap
+reading from file debug.pcap, link-type EN10MB (Ethernet)
+15:45:52.474613 IP (tos 0x0, ttl 64, id 60969, offset 0, flags [DF], proto TCP
+(6), length 60) 127.0.0.1.53655 > 127.0.0.1.24: S, cksum 0x80c9 (correct),
+1315997236:1315997236(0) win 32792 <mss 16396,sackOK,timestamp 5466141
+0,nop,wscale 6>
+15:45:52.474618 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6),
+length 60) 127.0.0.1.24 > 127.0.0.1.53655: S, cksum 0x64b5 (correct),
+1311860089:1311860089(0) ack 1315997237 win 32768 <mss 16396,sackOK,timestamp
+5466141 5466141,nop,wscale 6>
+15:45:52.474638 IP (tos 0x0, ttl 64, id 60970, offset 0, flags [DF], proto TCP
+(6), length 52) 127.0.0.1.53655 > 127.0.0.1.24: ., cksum 0x4bd8 (correct),
+1:1(0) ack 1 win 513 <nop,nop,timestamp 5466141 5466141>
+15:45:52.474797 IP (tos 0x0, ttl 64, id 3431, offset 0, flags [DF], proto TCP
+(6), length 72) 127.0.0.1.24 > 127.0.0.1.53655: P, cksum 0xfe3c (incorrect (->
+0x941e), 1:21(20) ack 1 win 512 <nop,nop,timestamp 5466141 5466141>
+15:45:52.474829 IP (tos 0x0, ttl 64, id 60971, offset 0, flags [DF], proto TCP
+(6), length 52) 127.0.0.1.53655 > 127.0.0.1.24: ., cksum 0x4bc3 (correct),
+1:1(0) ack 21 win 513 <nop,nop,timestamp 5466142 5466141>
+15:45:52.475572 IP (tos 0x0, ttl 64, id 60972, offset 0, flags [DF], proto TCP
+(6), length 68) 127.0.0.1.53655 > 127.0.0.1.24: P, cksum 0xfe38 (incorrect (->
+0xefa4), 1:17(16) ack 21 win 513 <nop,nop,timestamp 5466142 5466141>
+15:45:52.475586 IP (tos 0x0, ttl 64, id 3432, offset 0, flags [DF], proto TCP
+(6), length 52) 127.0.0.1.24 > 127.0.0.1.53655: ., cksum 0x4bb3 (correct),
+21:21(0) ack 17 win 512 <nop,nop,timestamp 5466142 5466142>
+15:45:57.479223 IP (tos 0x0, ttl 64, id 60973, offset 0, flags [DF], proto TCP
+(6), length 52) 127.0.0.1.53655 > 127.0.0.1.24: F, cksum 0x46ce (correct),
+17:17(0) ack 21 win 513 <nop,nop,timestamp 5467393 5466142>
+15:45:57.479279 IP (tos 0x0, ttl 64, id 3433, offset 0, flags [DF], proto TCP
+(6), length 52) 127.0.0.1.24 > 127.0.0.1.53655: F, cksum 0x41eb (correct),
+21:21(0) ack 18 win 512 <nop,nop,timestamp 5467393 5467393>
+15:45:57.479296 IP (tos 0x0, ttl 64, id 60974, offset 0, flags [DF], proto TCP
+(6), length 52) 127.0.0.1.53655 > 127.0.0.1.24: ., cksum 0x41ea (correct),
+18:18(0) ack 22 win 513 <nop,nop,timestamp 5467393 5467393>
+\end{verbatim} 
+
+If a deeper packet analysis is needed, tools like \verb|wireshark| are able to
+read such files in \verb|pcap| format, and perform a close analysis of all type
+of network communication packets.
+
+The \verb|openvas-nasl| interpreter also provides us with a logfile at
+ \verb|/tmp/debug-nvt.txt|. This file helps us to debug NASL based NVTs:
+
+\begin{verbatim}
+[...]
+NASL:0277> register_int_in_kb(...)
+[9905](ssh_detect24.nasl) NASL> [0811e310] -> 0
+[9905]() NASL> [08120328] <- 0
+[9905]() NASL> [08120358] <- "Secret/SSH/bugged_sshd"
+[9905](ssh_detect24.nasl) NASL> Call register_int_in_kb(int: 0, name:
+"Secret/SSH/bugged_sshd")
+NASL:0055> if ((! (defined_func(...))) || (! (_reuse_connection))) { ... }
+NASL:0054> defined_func(...)
+[9905]() NASL> [081203a8] <- "replace_kb_item"
+[9905](ssh_detect24.nasl) NASL> Call defined_func(1: "replace_kb_item")
+[9905](ssh_detect24.nasl) NASL> Return defined_func: 1
+[9905](ssh_detect24.nasl) NASL> [0811e2d8] -> undef
+NASL:0054> return 0;
+[9905](ssh_detect24.nasl) NASL> Return register_int_in_kb: 0
+[9905](ssh_detect24.nasl) NASL> Return init: FAKE
+NASL:1771> server_version=ssh_exchange_identification(...);
+NASL:1771> ssh_exchange_identification(...)
+[9905](ssh_detect24.nasl) NASL> [0811fde0] -> 1000000
+[9905]() NASL> [08120688] <- 1000000
+[9905](ssh_detect24.nasl) NASL> Call ssh_exchange_identification(socket:
+1000000)
+NASL:0377> local_var ...
+NASL:0379> buf=recv_line(...);
+NASL:0379> recv_line(...)
+[9905](ssh_detect24.nasl) NASL> [08120688] -> 1000000
+[9905]() NASL> [081207b0] <- 1000000
+[9905]() NASL> [081207d0] <- 1024
+[9905](ssh_detect24.nasl) NASL> Call recv_line(socket: 1000000, length: 1024)
+[9905](ssh_detect24.nasl) NASL> Return recv_line: "SSH-2.0-FreeSSH_9.9
+"
+[9905]() NASL> [081202d0] <- "SSH-2.0-FreeSSH_9.9
+"
+NASL:0388> if (! (buf)) { ... }
+[9905](ssh_detect24.nasl) NASL> [081202d0] -> "SSH-2.0-FreeSSH_9.9
+"
+NASL:0394> if (! (ereg(...))) { ... }
+NASL:0388> ereg(...)
+[9905](ssh_detect24.nasl) NASL> [081202d0] -> "SSH-2.0-FreeSSH_9.9
+"
+[9905]() NASL> [081206a8] <- "SSH-2.0-FreeSSH_9.9
+"
+[9905]() NASL> [081207b0] <- "^SSH-*[0-9]\.*[0-9]-*[^\n]"
+[9905](ssh_detect24.nasl) NASL> Call ereg(string: "SSH-2.0-FreeSSH_9.9
+", pattern: "^SSH-*[0-9]\.*[0-9]-*[^\n]")
+[9905](ssh_detect24.nasl) NASL> Return ereg: 1
+NASL:0394> sshversion=split(...);
+NASL:0394> split(...)
+[9905](ssh_detect24.nasl) NASL> [081202d0] -> "SSH-2.0-FreeSSH_9.9
+"
+[9905]() NASL> [08120638] <- "SSH-2.0-FreeSSH_9.9
+"
+[9905]() NASL> [081207b0] <- "-"
+[9905]() NASL> [0811fff8] <- 0
+[9905](ssh_detect24.nasl) NASL> Call split(1: "SSH-2.0-FreeSSH_9.9
+", sep: "-", keep: 0)
+[9905](ssh_detect24.nasl) NASL> Return split: ???? (DYN_ARRAY (64))
+[9905]() NASL> [081202f0] <- (VAR2_ARRAY)
+NASL:0395> num=split(...);
+NASL:0395> split(...)
+[...]
+\end{verbatim}
+
+This information should be sufficient to solve the problem. If not, it might be
+an OpenVAS bug in the script engine.
+To detect this, compile OpenVAS NASL with debug symbols and use GDB. More
+information on GBD can be found at:
+\hyperurl{http://www.gnu.org/software/gdb/gdb.html}.
+
+\xname{writing-smbclient-based-wlsc-nasl-scripts}
+\section{Writing SMBclient-based WLSC NASL Scripts}
+
+\compendiumauthor{Carsten Koch Mauthe}
+
+The SMB-Client API is made available as \verb!smbcl_func.inc!. This file has to
+be included in any WLSC Script.
+
+\xname{smbclient-smbclientavail}
+\subsubsection{smbclientavail()}
+
+This function returns TRUE if smbclient can be used from within openvasd.
+It also sets the knowledge base item "SMB/smbclient". It should be called first
+in any WLSC Script.
+Example:
+
+\begin{verbatim}
+  include("smbcl_func.inc");
+  if(!get_kb_item("SMB/smbclient"))
+  {
+    smbclientavail();
+  }
+  if(get_kb_item("SMB/smbclient"))
+  {
+    do something;
+  }
+  else
+  {
+    report = string("SMBClient not found on this host !");
+    security_note(port:0, proto:"SMBClient", data:report);
+    exit(0);
+  }
+\end{verbatim} 
+
+\xname{smbclient-smbversion}
+\subsubsection{smbversion()}
+
+This function returns TRUE if successful and writes the DOMAIN, OS Version and
+SMB Server version to the knowledge base as items "SMB/DOMAIN", "SMB/OS" and
+"SMB/SERVER".
+
+\xname{smbclient-smbgetfile}
+\subsubsection{smbgetfile(share, filename, tmp\_filename)}
+
+Use this function to get a file from the target host and save this file locally
+using tmp\_filename. Returns TRUE if successful.
+Example:
+\begin{verbatim}
+  tmp_filename = get_tmp_dir() + "tmpfile" + rand();
+  orig_filename = "C:\Windows\systems32\ntdll.dll";
+  smbgetfile(share: "C$", filename: orig_filename, tmp_filename: tmp_filename)
+\end{verbatim} 
+
+\xname{smbclient-smbgetdir}
+\subsubsection{smbgetdir(share, dir, typ)}
+
+Use this function to get directory entries from the SMB source.
+\begin{description}
+ \item[typ = 0:] All entries
+ \item[typ = 1:] Only file entries
+ \item[typ = 2:] Only directory entries
+\end{description}
+
+With this it is possible to check for one or more files or directories. 
+Returns NULL or array of Strings containing found entries.
+Example:
+
+\begin{verbatim}
+  r = smbgetdir(share: "C$", dir: "C:\Windows\systems32\*.dll", typ: 1);
+\end{verbatim} 
+
+\xname{smbclient-getpefileversion}
+\subsubsection{GetPEFileVersion (tmp\_filename, orig\_filename)}
+
+This function returns the Version of Windows PE/32 executables like .exe or
+.dll. Together with smbgetfile, this can be used to check for Windows
+vulnerabilities.
+
+Example:
+\begin{verbatim}
+  tmp_filename = get_tmp_dir() + "tmpfile" + rand();
+  orig_filename = "C:\Windows\systems32\ntdll.dll";
+  if(smbgetfile(share: "C$", filename: orig_filename,
+                tmp_filename: tmp_filename))
+  {
+    v = GetPEFileVersion(tmp_filename:tmp_filename,
+                        orig_filename:orig_filename);
+    if(v = "1.2.3.4")
+    {
+      ...
+\end{verbatim}
+
+\xname{smbclient-get-windir}
+\subsubsection{get\_windir()}
+
+This function returns the standard Windows folder WINNT or WINDOWS, depending on
+the OS found by "smbversion".
+
+\xname{smbclient-example}
+\subsection{Example}
+
+This is a complete NASL test for a Windows Local Security Check. It can be found
+in the OpenVAS plugins as win\_CVE-2007-0043.nasl.
+
+\begin{verbatim}
+#
+# This script was written by
+# Carsten Koch-Mauthe
+# <c.koch-mauthe at dn-systems.de>
+#
+# This script is released under the GNU GPLv2
+#
+# $Revision: 01 $
+
+if(description)
+{
+  if (OPENVAS_NASL_LEVEL >= 2206)
+  {
+    script_oid("1.3.6.1.4.1.25623.1.0.90010");
+  }
+  else
+  {
+    script_id(90010);
+  }
+  script_version ("$Revision: 01 $");
+  script_cve_id("CVE-2007-0043");
+  name["english"] = ".NET JIT Compiler Vulnerability";
+  script_name(english:name["english"]);
+
+  desc["english"] = 
+"The remote host is affected by the vulnerabilities described in CVE-2007-0043
+
+Checking if System.web.dll version is less than 2.0.50727.832
+
+Impact
+    The Just In Time (JIT) Compiler service in Microsoft
+    .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP,
+    Server 2003, and Vista allows user-assisted remote
+    attackers to execute arbitrary code via unspecified
+    vectors involving an unchecked buffer, probably a
+    buffer overflow, aka .NET JIT Compiler Vulnerability.
+    Checking if System.web.dll version is less than 2.0.50727.832
+
+References:
+    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0043
+
+Solution:
+    All users should upgrade to the latest version.
+
+
+Risk factor : High";
+
+  script_description(english:desc["english"]);
+  summary["english"] = "Test for .NET JIT Compiler Vulnerability";
+  script_summary(english:summary["english"]);
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"This script is under GPLv2");
+  family["english"] = "Windows.NET";
+  script_family(english:family["english"]);
+  exit(0);
+}
+
+#
+# The code starts here
+#
+
+include("version_func.inc");
+include("smbcl_func.inc");
+
+if(!get_kb_item("SMB/smbclient"))
+{
+  smbclientavail();
+}
+test_version = "2.0.50727.832";
+
+if(get_kb_item("SMB/smbclient"))
+{
+  if(smbversion() == 0)
+  {
+    report = string("Error getting SMB-Data -> " +
+                    get_kb_item("SMB/ERROR"));
+    security_note(port:0, proto:"SMBClient", data:report);
+    exit(0);
+  }
+}
+else
+{
+  report = string("SMBClient not found on this host !");
+  security_note(port:0, proto:"SMBClient", data:report);
+  exit(0);
+}
+
+win_dir = get_windir();
+if(!isnull(win_dir))
+{
+  path = win_dir+"Microsoft.NET\Framework\";
+  filespec = "v2*";
+  r = smbgetdir(share: "C$", dir: path+filespec, typ: 2);
+  if(!isnull(r))
+  {
+    filespec = r[0] + "\" + "system.web.dll";
+    r = smbgetdir(share: "C$", dir: path+filespec, typ: 1);
+    if(!isnull(r))
+    {
+      tmp_filename = get_tmp_dir() + "tmpfile" + rand();
+      orig_filename = path + filespec;
+      if(smbgetfile(share: "C$", filename: orig_filename,
+                    tmp_filename: tmp_filename))
+      {
+        v = GetPEFileVersion(tmp_filename:tmp_filename,
+                              orig_filename:orig_filename);
+        unlink(tmp_filename);
+        if(version_is_less(version: v, test_version: test_version))
+        {
+          security_hole(port:0, proto:"SMB");
+          report = report + "Fileversion : C$ " +
+                    orig_filename + " "+ v + string("\n");
+          security_hole(port:0, proto:"SMB", data:report);
+        }
+      }
+      else
+      {
+        report = string("Error getting SMB-File -> " +
+                        get_kb_item("SMB/ERROR")) + string("\n");
+        security_note(port:0, proto:"SMB", data:report);
+      }
+    }
+  }
+  else
+  {
+    report = string(".NET V2xx not found/no access -> " +
+                    get_kb_item("SMB/ERROR")) + string("\n");
+    security_note(port:0, proto:"SMB", data:report);
+  }
+}
+
+exit(0);
+\end{verbatim}
+
+
+\clearpage
+
+\xname{developers-guide-for-openvas-server-and-client}
+\chapter{Developers Guide for OpenVAS Server and Client}
+\compendiumauthor{Jan-Oliver Wagner}
+\xname{the-openvas-source-code-map}
+\section{The OpenVAS Source Code Map}
+
+A large chunk of the OpenVAS codebase was inherited from Nessus. As with
+any project of this size, it can be quite difficult to find your way around if
+you are new to the code. While the Nessus code was very well structured in some
+places, it proved to be rather chaotic and difficult to understand in other. In
+order to better visualize the codebase, the OpenVAS project has begun to create
+maps of the source code and its structure.
+
+Below you will find a first draft of the overview and internal structure. Keep
+in mind that this is a work in progress; updated maps are likely to be
+available on the OpenVAS website.
+
+\IncludeImage[width=10cm]{images/OpenVAS-Module-Overview}
+
+\IncludeImage[width=14cm]{images/OpenVAS-Module-Internals}
+
+\xname{source-code-branches}
+\section{Source Code Branches for Stable and In-Development}
+
+If you look at the OpenVAS source code for the first time, you might wonder what
+all those branches and tags are for and why most changes tend to occur in the
+``trunk'' section.
+
+Similar to many other projects, the OpenVAS project uses the concepts of
+branches and tags to signify important steps in the source code management. As
+you might have already noticed, almost all changes to the source code happen in
+the trunk section. The trunk is the place where bug fixes, new features and
+other additions appear first. \footnote{Even though it might be tempting to use
+the trunk version to get the latest features, be aware that the trunk is under
+constant development and intended for developers. This means that the trunk
+version is not recommended for any production use.}
+
+When a component has reached a stable state and the changes to this component
+have been evaluated by other developers, a decision is made to release a new
+version of this component. An intent to release a new version is usually
+announced on the developer mailing list. If the developers agree with this
+intent, a release is prepared. As part of the release process, the revision of
+the component that will become the release is tagged and appears in the tags
+section with the new version number, like \verb|openvas-client-release-1.1.0|.
+
+A tagged version is a snapshot of the source code as it was at the time of the
+release; this, among other things, allows users to use the source code
+management to check out older versions should this become necessary. No further
+development will occur on a tagged version. If changes to a tagged version are
+needed, these changes will occur in the trunk or the branch where this release
+originated from and will be released as a new release with a new tag.
+
+As you have guessed from the last sentence, branches are different from tags in
+that further development can occur in a branch. The code is usually branched
+right before major changes are made that might render the trunk unstable for
+some time and cause incompatibilities with previous versions. One reason for
+branching is enabling these major changes to the codebase while still retaining
+a separate branch where minor maintenance changes to already released versions
+can occur.
+
+For example, after releasing the 1.1.5 version of openvas-client, it might be
+decided that upcoming major changes justify a new branch. This leads to the
+creation of a branch name \verb|openvas-client-1-1|. Future releases of the 1.1
+series (1.1.6, 1.1.7) will come from this branch, while the trunk undergoes
+major changes that will ultimately lead to the release of 1.2.0.
+
+\xname{code-quality-and-code-security}
+\section{Code Quality and Code Security}
+
+Especially as an IT security product, the OpenVAS project is committed to a high
+level regarding code quality and security. While the code inherited from Nessus
+certainly left room for improvements in this two aspects, the OpenVAS project is
+confident in its abilities to mitigate these shortcomings and to further improve
+code quality and security.
+
+The OpenVAS project makes use of a number of automated tools in order to measure
+the quality of the codebase and to identify potential issues in the code itself.
+Tools used by the OpenVAS project include Flawfinder and RATS (Rough Auditing
+Tool for Security).
+
+The latest results of the code quality tests is available at:
+
+\hyperurl{http://www.openvas.org/code-quality.html}
+
+Please be aware that you should make yourself familiar with the tools used for
+generating these results before interpreting the absolute numbers. While every
+issue reported by these tools is evaluated by the OpenVAS developers, some of
+the issues reported do not have a significant impact on code quality and
+security.
+
+\xname{management-of-openvas-change-requests}
+\section{Management of OpenVAS Change Requests}
+
+OpenVAS change requests describe proposed changes to one of the OpenVAS
+components. Though this is a formalized approach, this does not replace open
+discussion among interested developers on the mailing lists. In fact, these open
+discussions are the main source of change requests. This approach is intended
+to make the OpenVAS development process as transparent as possible to the
+OpenVAS developers as well as to the OpenVAS user community and other interested
+parties.
+
+You can find the most current change requests at:
+
+\hyperurl{http://www.openvas.org/openvas-crs.html}.
+
+A complete change request consists of the following sections:
+
+\begin{description}
+ \item[Status:] A general description of the current status of this request.
+This could be something like ``in discussion'', ``agreed (voted +3) for release
+1.4'' or ``Step 1 and 2 implemented''.
+ \item[Purpose:] A concise summary of the reasons for this change request.
+ \item[References:] Links to corresponding issue tracker entries or mailing list
+discussions.
+ \item[Rationale:] A more verbose explanation as to why this change request
+should be implemented.
+ \item[Effects:] The effects should this change request be implemented,
+describing changes to API, compatibility, user experience and so on.
+ \item[Design and Implementation:] Technical details regarding the
+implementation of this change request.
+ \item[History:] Date, name and description of changes to this change request in
+ChangeLog format.
+\end{description}
+
+Change requests can be created by anybody; although most change requests are
+created by OpenVAS developers, this is not in any way meant to exclude
+anyone from creating their own change request and submitting it to the
+openvas-discuss mailing list. Authors of change requests are encouraged to
+discuss their ideas for change requests on this mailing or in the OpenVAS IRC
+channel (\#openvas on irc.oftc.net) before compiling the actual request.
+
+The OpenVAS developer community regularly votes on new change requests. Every
+OpenVAS developer can vote for or against a certain changed request by voting
+``+1'' (for), ``+/-0'' (somewhat for/against) or ``-1'' (against). After a
+number of days has passed, the votes are counted; a positive result means that
+the change request has been accepted and will be implemented in future versions
+of OpenVAS.
+
+The voting process itself is not yet fully formalized and subject to change;
+ideas and suggestions are welcome.
+
+\xname{submitting-patches}
+\section{Submitting Patches}
+
+If you have found (and fixed) a bug in the OpenVAS source code, implemented a
+change request or added a new feature, you are welcome to send a patch
+containing your changes to the OpenVAS developers.
+
+To facilitate the inclusion of your changes into the code, please keep in mind
+the following guidelines:
+\begin{itemize}
+ \item If possible, try to send a patch against the latest SVN revision.
+ \item Send your patch as a unified context diff, in the format the GNU
+\verb|diff| tool would produce when called with the -u3 parameter. If you are
+working on a revision you checked out from the SVN repository, the
+\verb|svn diff| command will produce the correct output.
+ \item Please detail your changes in the appropriate ChangeLog. This will help
+other people (especially other developers) to understand what you changed and
+why you changed it.
+ \item Try to keep your patches atomic. That means that each patch should
+contain only one feature, bugfix or addition. Please do not submit a patch
+containing dozens of features as it is highly unlikely that the developers will
+want to add all your changes simultaneously. Your patch is far more likely to
+be accepted if you send in a number of small patches instead and leave it at
+the discretion of the developers to determine the best time to include your
+changes.
+\end{itemize}
+
+If you have followed these guidelines your patch should now be ready for
+submission to the OpenVAS project. The best way to do this is to send your
+patch to the OpenVAS developers mailing list at
+openvas-devel at wald.intevation.org with a short explanation as to what you did
+and why you did it.
+
+\xname{write-access-to-source-code-repository}
+\section{Write-Access to Source Code Repository}
+
+Write access to the source code repository is granted by the project
+coordinators. If you want to able to commit changes to the source code
+repository, just drop a message on the openvas-devel mailing list.
+Usually you are asked to send your first changes as patches to the
+mailing list to demonstrate you know what you are doing. If these
+are accepted, it is also usual that you are immediately approved for
+write access to the source code repository.
+
+Note that that changes to the code repository are watched by several
+developers. Low quality changes or uncoordinated high-impact-changes
+might get reverted immediately.
+
+\xname{maintaining-changelog}
+\section{Maintaining ChangeLog}
+
+Any main module of OpenVAS maintains a ``ChangeLog'' file in its
+root directory. It is a GNU-style ChangeLog and syntax highlighting
+for your favorite editor should work out of the box.
+
+Some rules for the ChangeLog file:
+
+\begin{itemize}
+\item Keep the GNU-style syntax for your new entries. Your syntax-highlighting
+      editor will support you.
+\item Make atomic commits: Always include the updated ChangeLog file together with
+      the changed files.
+\item List any changed file explicitly in the ChangeLog, even if there were many.
+      See the ChangeLog file for examples how to write the change information.
+\end{itemize}
+
+Note: The ChangeLog is intentionally not created automatically. Before committing,
+developers are forced to reflect on the changes they did. This regularly leads
+to detection of suboptimal changes or identification of intermediate (try-out/debugging)
+changes that of course should not go to the main repository.
+
+The developer's ChangeLog is the base for writing the user's CHANGES when a new
+release is prepared.
+
+\xname{source-code-style-guide}
+\section{Source Code Style Guide}
+
+Currently there is no complete definition of a style guide
+for the source code of OpenVAS.
+
+In fact, several styles have been mixed into OpenVAS over
+the last years, most inherited from the old Nessus times.
+
+However, some rules should always be followed when adding
+new code or when changing some source code lines anyway.
+For the rest, it makes sense to be close to the GNU coding style
+which you will find more or less applied already.
+
+\begin{itemize}
+
+\item Indention: Do not use tabulators at all, only regular spaces.
+
+\item Indention: Indent with a step of 2 space characters.
+
+\item Function definitions: Do not use old K\&R style.
+
+\end{itemize}
+
+\xname{openvas-transfer-protocol}
+\chapter{OpenVAS Transfer Protocol (OTP)}
+
+\textbf{Note: The OpenVAS Transfer Protocol was introduced in version 2.0 beta.
+Be aware that the information presented represents the current state of OTP,
+which is still under heavy development. This notice will be removed once the
+OTP specification has been finalized.}
+
+The client and the server module in an OpenVAS installation communicate through
+the OpenVAS Transfer Protocol (OTP). Earlier versions of OpenVAS have used the
+Nessus Transport Protocol (NTP) inherited from Nessus, but in order to address
+shortcomings of NTP and to facilitate further improvements in the OpenVAS
+modules it became necessary to make changes to the protocol. Since NTP was
+specified by the Nessus project and changes to NTP by the Nessus project are to
+be expected, a decision was made to switch to a new protocol to avoid
+collisions with future protocol specifications by the Nessus project and to
+avoid confusion with other well-established protocols. The initial
+specification of OTP is very close to the NTP implementation in the last
+versions available under the GNU General Public License (GPL).
+
+\xname{changes-ntp-otp}
+\section{Changes from NTP 1.2 to OTP 1.0}
+This section describes the changes between NTP 1.2 and OTP 1.0. If you already
+have some experience with NTP, this section should help you to spot the main
+differences between the two protocols
+
+\paragraph{Plug-in upload}
+Section 10 of the NTP Extensions describes the \verb|ATTACHED_PLUGIN| message
+type. Using this message type, it was possible for a client to upload a plug-in
+to a server. Due to security considerations described in the OpenVAS change
+request \#4, this message type has been removed from the protocol.
+
+\paragraph{Version information}
+The undocumented \verb|NESSUS_VERSION| message type has been replaced with the
+\verb|OPENVAS_VERSION| message type. When an \verb|OPENVAS_VERSION| message is
+issued by the client, the server is expected to respond with a message
+containing the current server version.
+
+\paragraph{New message types}
+In addition to the existing message types \verb|HOLE|, \verb|INFO| and
+\verb|NOTE| two new message types have been added to the protocol: \verb|DEBUG|
+and \verb|LOG|. Their purpose is to give clients more control about the
+verbosity of the messages they receive from the server.
+
+\paragraph{Detached scans}
+This functionality has been dropped due to design decisions. This means the
+following commands have been removed from the protocol:
+\verb|DETACHED_SESSIONS_LIST| and \verb|DETACHED_STOP|. The following
+preferences have been removed from the protocol as well: detached\_scan,
+continuous\_scan, delay\_between\_scan\_loops, detached\_scan\_email\_address.
+
+\paragraph{Plugin order information}
+The server command \verb|PLUGINS_ORDER| was defined for NTP 1.2 but not
+implemented in the server. This command has been removed from the protocol.
+
+\paragraph{Starting a scan}
+NTP offered two ways of starting a scan, \verb|NEW_ATTACK| and
+\verb|LONG_ATTACK|. The latter allowed arbitray long list of targets while the
+first was limited to 4000 bytes. The OpenVAS-Client (and so did NessusClient)
+used only \verb|LONG_ATTACK| anyway.
+
+\paragraph{Reporting preferences errors}
+NTP allowed the reporting of preferences errors with the
+\verb|PREFERENCES_ERRORS| message type. Since this message type was never
+properly implemented in either server or client and due to design decisions,
+this message type has been removed from the protocol.
+
+\paragraph{Protocol extensions}
+These protocol extensions have been made standard of the OTP protocol:
+"timestamps", "dependencies", "plugins\_version", "plugins\_cve\_id",
+"plugins\_bugtraq\_id" and "plugins\_xrefs".
+
+\xname{general-aspects-of-otp}
+\section{General Aspects of OTP}
+
+The OpenVAS Transfer Protocol is text-based, human readable and line-oriented.
+Each line consists of fields separated by ``\verb+ <|> +''. The first fields
+indicates whether it is a command send by client or by server (``\verb|CLIENT|''
+vs. ``\verb|SERVER|'').
+
+\xname{otp-initialization-and-features}
+\section{Protocol Initialization and Protocol Features}
+
+The client will start a protocol session by sending a version string specifying
+the requested protocol version to the server. Upon receiving this string, the
+server may answer with the same version string if it supports the requested
+protocol version or terminate the connection.
+
+Syntax:
+\begin{verbatim}
+< OTP/1.0 >
+User : user_name
+Password : user_password
+\end{verbatim}
+
+\xname{otp-commands}
+\section{Protocol Commands}
+
+\xname{otp-attached\_file}
+\subsection{ATTACHED\_FILE}
+
+\paragraph{Description:}
+This command corresponds to the plugin preferences type "file". It follows
+the command \verb|PREFERENCES| to upload the specified files from client to
+server.
+
+\paragraph{Syntax:}
+
+\begin{verbatim}
+CLIENT <|> ATTACHED_FILE
+name: file_name
+content: octet/stream
+bytes: file_length
+file_content
+\end{verbatim}
+
+where
+\begin{description}
+ \item[file\_name] The path and name of the file. It is a identifier
+to reference the file in the plugin preferences.
+ \item[file\_length] the number of bytes that will follow after the newline
+ \item[file\_content] the actual file as byte stream.
+\end{description}
+
+\xname{otp-bye}
+\subsection{BYE}
+
+\paragraph{Description:}
+This command is used by the server to indicate that a scan session has finished.
+
+The client is expected to acknowlegde this command.
+
+\paragraph{Syntax:}
+
+\begin{verbatim}
+SERVER <|> BYE <|> BYE <|> SERVER
+CLIENT <|> BYE <|> ACK
+\end{verbatim}
+
+\xname{otp-complete_list}
+\subsection{COMPLETE\_LIST}
+
+\paragraph{Description:}
+This command can be used by the client to request the complete list of plugins
+from the server.
+
+It usually follows the \verb|PLUGINS_MD5| commands of the server in case the
+server side md5sum is not equal to the md5sum of the client side cached NVTs.
+Alternatively, the client can use the command \verb|SEND_PLUGINS_MD5|.
+
+The server will answer with command \verb|PLUGIN_LIST|.
+
+\paragraph{Syntax:}
+
+\begin{verbatim}
+CLIENT <|> COMPLETE_LIST <|> CLIENT
+\end{verbatim}
+
+\xname{otp-debug}
+\subsection{DEBUG}
+
+\paragraph{Description:}
+With this command the server reports a identified problem of class "debug". The
+"general" version is applied if no port relates to the note.
+
+\paragraph{Syntax:}
+
+\begin{verbatim}
+SERVER <|> DEBUG <|> host <|> service_name (port_number/protocol_type) <|>
+description <|> oid <|> SERVER
+
+SERVER <|> DEBUG <|> host <|> general <|> description <|> oid <|> SERVER
+\end{verbatim}
+
+where
+\begin{description}
+ \item[host] the target system
+ \item[service\_name] the name of the service (like in /etc/services)
+ \item[port\_number] the port number the problem relates to.
+ \item[protocol\_type] "tcp" or "udp".
+ \item[description] the problem description where newlines have been replaced by
+semicolons.
+ \item[oid] the OID of the NVT that identified the problem.
+\end{description}
+
+\xname{otp-error}
+\subsection{ERROR}
+
+\paragraph{Description:}
+In case of problems the server sends an error message with this command. In case
+of unrecoverable problems, the server will then close connection with
+the \verb|BYE| command.
+
+\paragraph{Syntax:}
+
+\begin{verbatim}
+SERVER <|> ERROR <|> error description <|> SERVER
+\end{verbatim}
+
+\xname{otp-finished}
+\subsection{FINISHED}
+
+\paragraph{Description:}
+The server will send this information each time when a scan of a single host is
+finished.
+This will only be done if requested by the client via setting the preferences
+option "ntp\_opt\_show\_end".
+
+\paragraph{Syntax:}
+
+\begin{verbatim}
+SERVER <|> FINISHED <|> host <|> SERVER
+\end{verbatim}
+
+\xname{otp-go-on}
+\subsection{GO ON}
+
+\paragraph{Description:}
+This command can be used by the client to confirm that the plugin information
+has been received and to signal to the server that it may proceed. It usually
+follows the \verb|PLUGINS_MD5| commands of the server in case the server side
+md5sum is equal to the md5sum of the client side cached NVTs. The server will
+answer with command \verb|PREFERENCES| and communication will continue.
+
+\paragraph{Syntax:}
+
+\begin{verbatim}
+CLIENT <|> GO ON <|> CLIENT
+\end{verbatim}
+
+\xname{otp-hole}
+\subsection{HOLE}
+
+\paragraph{Description:}
+With this command the server reports a identified problem of class
+"security hole". The "general" version is applied if no port relates to the
+hole.
+
+\paragraph{Syntax:}
+
+\begin{verbatim}
+SERVER <|> HOLE <|> host <|> service_name (port_number/protocol_type) <|>
+description <|> oid <|> SERVER
+
+SERVER <|> HOLE <|> host <|> general <|> description <|> oid <|> SERVER
+\end{verbatim}
+
+where
+\begin{description}
+ \item[host] the target system
+ \item[service\_name] the name of the service (like in /etc/services)
+ \item[port\_number] the port number the problem relates to.
+ \item[protocol\_type] "tcp" or "udp".
+ \item[description] the problem description where newlines have been replaced by
+semicolons.
+ \item[oid] the OID of the NVT that identified the problem.
+\end{description}
+
+\xname{otp-info}
+\subsection{INFO}
+
+\paragraph{Description:}
+With this command the server reports a identified problem of class "security
+info". The "general" version is applied if no port relates to the info.
+\paragraph{Syntax:}
+
+\begin{verbatim}
+SERVER <|> INFO <|> host <|> service_name (port_number/protocol_type) <|>
+description <|> oid <|> SERVER
+
+SERVER <|> INFO <|> host <|> general <|> description <|> oid <|> SERVER
+\end{verbatim}
+
+    where
+\begin{description}
+ \item[host] the target system
+ \item[service\_name] the name of the service (like in /etc/services)
+ \item[port\_number] the port number the problem relates to.
+ \item[protocol\_type] "tcp" or "udp".
+ \item[description] the problem description where newlines have been replaced by
+semicolons.
+ \item[oid] the OID of the NVT that identified the problem.
+\end{description}
+
+\xname{otp-log}
+\subsection{LOG}
+
+\paragraph{Description:}
+With this command the server reports a identified problem of class "log". The
+"general" version is applied if no port relates to the note.
+
+\paragraph{Syntax:}
+
+\begin{verbatim}
+SERVER <|> LOG <|> host <|> service_name (port_number/protocol_type) <|>
+description <|> oid <|> SERVER
+
+SERVER <|> LOG <|> host <|> general <|> description <|> oid <|> SERVER
+\end{verbatim}
+
+where
+\begin{description}
+ \item[host] the target system
+ \item[service\_name] the name of the service (like in /etc/services)
+ \item[port\_number] the port number the problem relates to.
+ \item[protocol\_type] "tcp" or "udp".
+ \item[description] the problem description where newlines have been replaced by
+semicolons.
+ \item[oid] the OID of the NVT that identified the problem.
+\end{description}
+
+\xname{otp-long_attack}
+\subsection{LONG\_ATTACK}
+
+\paragraph{Description:}
+With this command the client requests the server to attack target system(s)
+"hosts". "hosts" is one or many (comma-separated) IP or FQDN.
+
+"length" is the number of bytes of "hosts". In case this does not match, the
+server will close connection.
+
+Before the client sends \verb|LONG_ATTACK|, the commands \verb|PREFERENCES| and
+\verb|RULES| should be applied.
+
+\paragraph{Syntax:}
+
+\begin{verbatim}
+CLIENT <|> LONG_ATTACK
+length
+hosts
+\end{verbatim}
+
+\xname{otp-note}
+\subsection{NOTE}
+
+\paragraph{Description:}
+With this command the server reports a identified problem of class "security
+note". The "general" version is applied if no port relates to the note.
+
+\paragraph{Syntax:}
+
+\begin{verbatim}
+SERVER <|> NOTE <|> host <|> service_name (port_number/protocol_type) <|>
+description <|> oid <|> SERVER
+
+SERVER <|> NOTE <|> host <|> general <|> description <|> oid <|> SERVER
+\end{verbatim}
+
+where
+\begin{description}
+ \item[host] the target system
+ \item[service\_name] the name of the service (like in /etc/services)
+ \item[port\_number] the port number the problem relates to.
+ \item[protocol\_type] "tcp" or "udp".
+ \item[description] the problem description where newlines have been replaced by
+semicolons.
+ \item[oid] the OID of the NVT that identified the problem.
+\end{description}
+
+\xname{otp-openvas_version}
+\subsection{OPENVAS\_VERSION}
+
+\paragraph{Description:}
+With this command the client asks the server to send its version.
+
+The server will answer as shown in the syntax.
+
+\paragraph{Syntax:}
+
+\begin{verbatim}
+CLIENT <|> OPENVAS_VERSION <|> CLIENT
+
+SERVER <|> OPENVAS_VERSION <|> version <|> SERVER
+\end{verbatim}
+
+\xname{otp-plugin_dependencies}
+\subsection{PLUGINS\_DEPENDENCIES}
+
+\paragraph{Description:}
+The \verb|PLUGINS_DEPENDENCIES| message is send after the \verb|RULES| messages.
+
+\paragraph{Syntax:}
+
+\begin{verbatim}
+SERVER <|> PLUGINS_DEPENDENCIES
+nvt_name1 <|> dependency1 <|> dependency2 <|> ... <|>
+nvt_name2 <|> dependency1 <|> dependency2 <|> ... <|>
+...
+<|> SERVER
+\end{verbatim}
+
+\xname{otp-plugins_md5}
+\subsection{PLUGINS\_MD5}
+
+\paragraph{Description:}
+Attention: This command occurs in two ways.
+
+\begin{enumerate}
+ \item This command can be used instead the of \verb|PLUGIN_LIST| command.
+"md5sum" is the MD5 sum over all NVTs.
+ \item This command follows the \verb|SEND_PLUGINS_MD5| command of the client
+and delivers the md5sums for each NVT.
+\end{enumerate}
+
+\paragraph{Syntax:}
+\begin{enumerate}
+ \item
+\begin{verbatim}
+SERVER <|> PLUGINS_MD5 <|> md5sum <|> SERVER
+\end{verbatim}
+ \item
+\begin{verbatim}
+SERVER <|> PLUGINS_MD5
+nvt_oid1 <|> md5sum1
+nvt_oid2 <|> md5sum2
+...
+<|> SERVER
+\end{verbatim}
+\end{enumerate}
+
+\xname{otp-plugin_info}
+\subsection{PLUGIN\_INFO}
+
+\paragraph{Description:}
+This command is issued by the client to request information of the NVT specified
+by its oid.
+
+\paragraph{Syntax:}
+
+\begin{verbatim}
+CLIENT <|> PLUGIN_INFO <|> oid <|> CLIENT
+\end{verbatim}
+
+The server answers with this line (analogous to \verb|PLUGIN_LIST| command):
+
+\begin{verbatim}
+oid <|> name <|> category <|> copyright <|> description <|> summary <|>
+family <|> plugin_version <|> cve_id <|> bugtraq_id <|> xrefs
+\end{verbatim}
+
+In case no plugin with OID=oid is found, the server will not answer at
+all.
+
+\xname{otp-plugin_list}
+\subsection{PLUGIN\_LIST}
+
+\paragraph{Description:}
+With this command the server sends detailed information about the available
+NVTs.
+
+The server will send \verb|PREFERENCES| and \verb|RULES| right after this
+command.
+
+The client might request individual NVT information via \verb|PLUGIN_INFO|
+command.
+
+\paragraph{Syntax:}
+
+\begin{verbatim}
+SERVER <|> PLUGIN_LIST <|>
+oid <|> name <|> category <|> copyright <|> description <|> summary <|> family
+<|> plugin_version <|> cve_id <|> bugtraq_id <|> xrefs
+oid <|> name <|> category <|> copyright <|> description <|> summary <|> family
+<|> plugin_version <|> cve_id <|> bugtraq_id <|> xrefs
+<|> SERVER
+\end{verbatim}
+
+\xname{otp-port}
+\subsection{PORT}
+
+\paragraph{Description:}
+With this command the server reports on open port "port\_number" on target
+system "host".
+
+\paragraph{Syntax:}
+
+\begin{verbatim}
+SERVER <|> PORT <|> host <|> port_number <|> SERVER
+\end{verbatim}
+
+\xname{otp-preferences}
+\subsection{PREFERENCES}
+
+\paragraph{Description:}
+With this command the values for the preferences are
+communicated. The server uses the commands to inform
+about defaults, the client uses the command to send
+the user selections.
+
+Note that besides some general preferences, the syntax definition
+describes also per-NVT preferences and its special way of applying these.
+
+\paragraph{Available preferences:}
+
+\begin{description}
+ \item [ntp\_save\_sessions] If set to "yes", the server will support
+server-side saving of scan sessions and the following commands will be
+available: \verb|SESSIONS_LIST|, \verb|SESSION_DELETE| and
+\verb|SESSION_RESTORE|.
+ \item [save\_session] If set to yes, the server will save the scan as a
+session.
+ \item [save\_empty\_sessions] Only considered if save\_session is set to "yes".
+If set to "yes" even emtpy scans will be saved a session.
+ \item [max\_threads] 
+ \item [test\_file] 
+ \item [ping\_hosts] 
+ \item [reverse\_lookup] 
+ \item [outside\_firewall] 
+ \item [host\_expansion] 
+ \item [port\_range] 
+ \item [max\_hosts] 
+ \item [save\_knowledge\_base] Activates KB saving when set to "yes"
+ \item [only\_test\_hosts\_whose\_kb\_we\_have] Only scans host for which the KB
+is filled when set to "yes"
+ \item [only\_test\_hosts\_whose\_kb\_we\_dont\_have] Only scans host for which
+the KB is empty when set to "yes"
+ \item [kb\_restore] Restore the KB contents for tested hosts when when set to
+"yes".
+ \item [kb\_dont\_replay\_scanners] Don't run scanners in case in case
+kb\_restore is set to "yes" and there is contents in the KB when set to "yes".
+ \item [kb\_dont\_replay\_info\_gathering] Don't run gatherers in case in case
+kb\_restore is set to "yes" and there is contents in the KB when set to "yes".
+ \item [kb\_dont\_replay\_attacks] Don't run attack scripts in case in case
+kb\_restore is set to "yes" and there is contents in the KB when set to "yes".
+ \item [kb\_dont\_replay\_denials] Don't run DoS attack scripts in case in case
+kb\_restore is set to "yes" and there is contents in the KB when set to "yes".
+ \item [kb\_max\_age] This sets the maximum age (in seconds) of a KB until it
+gets disregarded.
+ \item[timeout.<nvt\_id> = <timeout>] Set the timeout <timeout> for NVT
+<nvt\_id>. Timeout of "-1" means no specific timeout.
+\end{description}
+
+Only sent by CLIENT:
+\begin{description}
+ \item [plugin\_set] empty means all NVTs
+ \item [ntp\_opt\_show\_end] Tell server to send \verb|FINISHED| messages
+ \item [ntp\_keep\_communication\_alive] Tell server to keep the connection even
+after a scan was finished.
+ \item [ntp\_short\_status] Tell server send shorter \verb|STATUS| message in
+order to save bandwidth.
+\end{description}
+
+\paragraph{Syntax:}
+
+\begin{verbatim}
+SERVER <|> PREFERENCES <|>
+pref_name <|> value
+pref_name <|> value
+pref_name <|> value
+...
+<|> SERVER
+
+CLIENT <|> PREFERENCES <|>
+pref_name <|> value
+pref_name <|> value
+pref_name <|> value
+...
+<|> CLIENT
+\end{verbatim}
+
+
+For preference of individual NVTs these lines can occur inside the list:
+
+\begin{verbatim}
+nvt_name[pref_type]:pref_name <|> value
+\end{verbatim}
+
+where
+\begin{description}
+ \item [nvt\_name] This references the NVT for which the preferences are set
+ \item [pref\_type] Defines the variable type of the preference which ultimately
+determines the widget type in the client GUI.
+ \item [pref\_name] This references the Preference and at the same time is used
+as the visible string for the user in the GUI.
+ \item [value] The default value for this preference when sent by SERVER, the
+user selected value if send by CLIENT
+\end{description}
+
+and pref\_type is one of these:
+\begin{description}
+ \item [checkbox] value is "yes" or "no"
+ \item [entry] value is a text string
+ \item [password] value is a text string but should not be shown in GUI or in
+cleartext in local files
+ \item [radio] value is a list of semicolon-separated options when sent by
+SERVER and only the user-selected option name when sent by CLIENT
+ \item [file] value is "<none>" when sent by SERVER and a file path when sent by
+CLIENT. The client has to submit the file under the very same path name using
+the command \verb|ATTACHED_FILE|.
+\end{description}
+
+\xname{otp-rules}
+\subsection{RULES}
+
+\paragraph{Description:}
+Rules define restrictions for target systems.
+Client-side rules self-restrict target host patterns,
+server-side rules are just for information to the client.
+These rule sets are independent of each other.
+
+\paragraph{Syntax:}
+
+\begin{verbatim}
+SERVER <|> RULES <|>
+rule_1;
+rule_2;
+rule_3;
+...
+<|> SERVER
+
+CLIENT <|> RULES <|>
+rule_1;
+rule_2;
+rule_3;
+...
+<|> CLIENT
+\end{verbatim}
+
+\xname{otp-send_plugins_md5}
+\subsection{SEND\_PLUGINS\_MD5}
+
+\paragraph{Description:}
+This command usually follows the \verb|PLUGINS_MD5| commands of the server in
+case the server side md5sum is not equal to the md5sum of the client side cached
+NVTs.
+Alternatively, the client can use the command \verb|COMPLETE_LIST|.
+
+The server will answer with command \verb|PLUGINS_MD5|.
+
+\paragraph{Syntax:}
+
+\begin{verbatim}
+CLIENT <|> SEND_PLUGINS_MD5 <|> CLIENT
+\end{verbatim}
+
+\xname{otp-sessions_list}
+\subsection{SESSIONS\_LIST}
+
+\paragraph{Description:}
+The CLIENT request with this command the list of sessions stored on the server
+side for the logged in user.
+
+The SERVER will answer with the same command and provide the list of sessions.
+The session names are derived from time stamps. The hosts are the targets
+applied for the respective session. The hosts are just there to help identify
+the sessions. It is cut after 4000 bytes of length.
+
+\paragraph{Syntax:}
+
+\begin{verbatim}
+CLIENT <|> SESSIONS_LIST <|> CLIENT
+
+SERVER <|> SESSIONS_LIST
+session_name1 hosts1
+session_name2 hosts2
+...
+<|> SERVER
+\end{verbatim}
+
+\xname{otp-session_delete}
+\subsection{SESSION\_DELETE}
+
+\paragraph{Description:}
+With this command the client deletes the session identified with "session\_name"
+from the server-side storage. The server will not answer in case of success,
+else it will answer with an \verb|ERROR| command.
+
+\paragraph{Syntax:}
+
+\begin{verbatim}
+CLIENT <|> SESSION_DELETE <|> session_name <|> CLIENT
+\end{verbatim}
+
+
+\xname{otp-session_restore}
+\subsection{SESSION\_RESTORE}
+
+\paragraph{Description:}
+With this command the client tells the server to pick up again the session
+identified with "session\_name". The server will act as if a \verb|LONG_ATTACK|
+command has issued and will send all results that were collected so far for this
+session immediately (and naturally rapidly) and then continue the scan where it
+stopped.
+
+\paragraph{Syntax:}
+
+\begin{verbatim}
+CLIENT <|> SESSION_RESTORE <|> session_name <|> CLIENT
+\end{verbatim}
+
+\xname{otp-status}
+\subsection{STATUS}
+
+\paragraph{Description:}
+With this command, the server informs the client about the progress of the scan
+for target system "host". "attack\_state" is either "portscan" or "attack" (or
+just "p" and "a" in case the client has set preferences option
+"ntp\_short\_status"). "current" is the currently processed port and "max" the
+last port number to be tested.
+
+\paragraph{Syntax:}
+
+\begin{verbatim}
+SERVER <|> STATUS <|> host <|> attack_state <|> current/max <|> SERVER
+\end{verbatim}
+
+In case the client has set "ntp\_short\_status":
+\begin{verbatim}
+SERVER <|> STATUS <|> attack_state:host:current:max <|> SERVER
+\end{verbatim}
+
+\xname{otp-stop_attack}
+\subsection{STOP\_ATTACK}
+
+\paragraph{Description:}
+With this command, the client tells the server to stop scanning target "host".
+
+\paragraph{Syntax:}
+
+\begin{verbatim}
+CLIENT <|> STOP_ATTACK <|> host <|> CLIENT
+\end{verbatim}
+
+\xname{otp-stop_whole_test}
+\subsection{STOP\_WHOLE\_TEST}
+
+\paragraph{Description:}
+With this command the client tells to stop the currently running test.
+
+\paragraph{Syntax:}
+
+\begin{verbatim}
+CLIENT <|> STOP_WHOLE_TEST <|> CLIENT
+\end{verbatim}
+
+\xname{otp-time}
+\subsection{TIME}
+
+\paragraph{Description:}
+The \verb|TIME| messages are sent by the server to inform about the duration of
+scanning a host and of the whole scan.
+
+\paragraph{Syntax:}
+
+After completion of scanning a target host the server sends:
+\begin{verbatim}
+SERVER <|> TIME <|> HOST_START <|> host <|> time_string <|> SERVER
+SERVER <|> TIME <|> HOST_END <|> host <|> time_string <|> SERVER
+\end{verbatim}
+
+or, in case STOP\_ATTACK was issued by the client:
+\begin{verbatim}
+SERVER <|> TIME <|> HOST_START <|> host <|> time_string <|> SERVER
+SERVER <|> TIME <|> HOST_INTERRUPTED <|> host <|> time_string <|> SERVER
+\end{verbatim}
+
+After completion of the whole scan the server sends:
+\begin{verbatim}
+SERVER <|> TIME <|> SCAN_START <|> time_string <|> SERVER
+SERVER <|> TIME <|> SCAN_END <|> time_string  <|> SERVER
+\end{verbatim}
+
+where time\_string is of the form "Wed Jun 30 21:49:08 1993".
+
+\clearpage
+
+\xname{document-license}
+\chapter{Document License: CC by SA}
+
+\begin{latexonly}
+\urlstyle{normal}
+
+\begin{center}
+\IncludeImage[width=5cm]{images/cc-by-sa-logo}
+\textbf{Creative Commons Attribution-ShareAlike 3.0 Unported}
+\end{center}
+
+
+You are free to copy, distribute and transmit the work under the following
+conditions:
+
+\textit{Attribution.} You must give the original author credit.
+
+\textit{Share Alike.} If you alter, transform, or build upon this work,
+you may distribute the resulting work only under a license identical to this one.
+
+\begin{itemize}
+  \item  For any reuse or distribution, you must make clear to others the license terms of this work.
+  \item  Any of the above conditions can be waived if you get permission from the copyright holder.
+\end{itemize}
+
+
+Nothing in this license impairs or restricts the author's moral rights.\\
+To view the full licensing agreement, visit
+\begin{center}
+    \normalsize\hyperurl{http://creativecommons.org/licenses/by-sa/3.0/}
+\end{center}
+or mail to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.
+\end{latexonly}
+
+\W \hyperurl{http://creativecommons.org/licenses/by-sa/3.0/}
+\W \xname{footnotes}
+\end{document}

Modified: trunk/openvas-compendium/openvas-compendium.tex
===================================================================
--- trunk/openvas-compendium/openvas-compendium.tex	2008-10-07 12:21:23 UTC (rev 1489)
+++ trunk/openvas-compendium/openvas-compendium.tex	2008-10-07 12:39:34 UTC (rev 1490)
@@ -153,7 +153,7 @@
 server component with a set of Network Vulnerability Tests (NVTs) to detect
 security problems in remote systems and applications.
 
-The OpenVAS development team consists of various intersted
+The OpenVAS development team consists of various interested
 parties from academia and commercial entities as well as individuals.
 The majority of the team members has a long professional record
 in security consulting and/or software development.
@@ -185,7 +185,7 @@
 speed. Scans will always originate from the host where OpenVAS-Server is
 running; therefore, this machine has to be able reach the intended targets.
 
-The Server requires three other modules:
+The server requires three other modules:
 
 \begin{description}
 
@@ -445,7 +445,8 @@
 Now read the file \verb|INSTALL_README| inside the directory "openvas-libraries"
 for the next steps.
 
-Repeat for each module and read the corresponding INSTALL or README files.
+Repeat for each module and read the corresponding \verb|INSTALL| or
+\verb|README| files.
 
 \xname{most-current-state-server}
 \subsection{Most current state of development (directly from the source code
@@ -484,7 +485,8 @@
 Now read the file \verb|INSTALL_README| inside the directory "openvas-libraries"
 for the next steps.
 
-Repeat for each module and read the corresponding INSTALL or README files. 
+Repeat for each module and read the corresponding \verb|INSTALL| or
+\verb|README| files.
 
 Although the OpenVAS team is committed to maintaining a high code quality,
 please be aware that you are using a development state that may be incomplete


From scm-commit at wald.intevation.org  Wed Oct  8 13:48:45 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Wed,  8 Oct 2008 13:48:45 +0200 (CEST)
Subject: [Openvas-commits] r1494 - in trunk/openvas-plugins: . scripts
Message-ID: <20081008114845.4CE2A40717@pyrosoma.intevation.org>

Author: chandra
Date: 2008-10-08 13:48:43 +0200 (Wed, 08 Oct 2008)
New Revision: 1494

Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/gb_adobe_prdts_code_exec_vuln_lin.nasl
   trunk/openvas-plugins/scripts/gb_adobe_prdts_code_exec_vuln_win.nasl
   trunk/openvas-plugins/scripts/gb_adobe_prdts_detect_lin.nasl
   trunk/openvas-plugins/scripts/gb_firefox_detect_lin.nasl
Log:
Fixed issues: to use the library functions available and reported FP

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2008-10-08 10:48:18 UTC (rev 1493)
+++ trunk/openvas-plugins/ChangeLog	2008-10-08 11:48:43 UTC (rev 1494)
@@ -1,3 +1,10 @@
+2008-10-08 Chandrashekhar B <bchandra at secpod.com>
+	* scripts/gb_adobe_prdts_detect_lin.nasl,
+	  scripts/gb_adobe_prdts_code_exec_vuln_win.nasl,
+	  scripts/gb_firefox_detect_lin.nasl,
+	  scripts/gb_adobe_prdts_code_exec_vuln_lin.nasl:
+	  Fixed issues
+
 2008-10-07 Chandrashekhar B <bchandra at secpod.com>
 	* scripts/gb_ms08-046.nasl,
 	  scripts/gb_php_detect.nasl,

Modified: trunk/openvas-plugins/scripts/gb_adobe_prdts_code_exec_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_prdts_code_exec_vuln_lin.nasl	2008-10-08 10:48:18 UTC (rev 1493)
+++ trunk/openvas-plugins/scripts/gb_adobe_prdts_code_exec_vuln_lin.nasl	2008-10-08 11:48:43 UTC (rev 1494)
@@ -77,11 +77,16 @@
 }
 
 
-adobeVer = get_kb_item("Adobe/Reader/Linux/Ver");
+adobeVer = get_kb_item("Adobe/Reader/Linux/Version");
 if(!adobeVer){
   exit(0);
 }
 
-if(adobeVer =~ "^(7\.0(\.[0-9])?|(8\.0(\..*)?|8\.1(\.[0-2])?))$"){
+# Security Update 1 (SU1) is applied
+if(adobeVer =~ "8.1.2_SU[0-9]+"){
+  exit(0);
+}
+
+if(adobeVer =~ "^(7\.0(\.[0-9])?|8\.0(\..*)?|8\.1(\.[0-2])?)$"){
   security_hole(0);
 }

Modified: trunk/openvas-plugins/scripts/gb_adobe_prdts_code_exec_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_prdts_code_exec_vuln_win.nasl	2008-10-08 10:48:18 UTC (rev 1493)
+++ trunk/openvas-plugins/scripts/gb_adobe_prdts_code_exec_vuln_win.nasl	2008-10-08 11:48:43 UTC (rev 1494)
@@ -2,7 +2,7 @@
 # OpenVAS Vulnerability Test
 # $Id: gb_adobe_prdts_code_exec_vuln_win.nasl 298 2008-10-01 13:17:18Z oct $
 #
-# Adobe Reader/Acrobat JavaScript Method Handling Vulnerability
+# Adobe Reader/Acrobat JavaScript Method Handling Vulnerability (Windows)
 #
 # Authors:
 # Veerendra GG <veerendragg at secpod.com>
@@ -31,7 +31,7 @@
   script_cve_id("CVE-2008-2641");
   script_bugtraq_id(29908);
   script_xref(name:"CB-A", value:"08-0105");
-  script_name(english:"Adobe Reader/Acrobat JavaScript Method Handling Vulnerability");
+  script_name(english:"Adobe Reader/Acrobat JavaScript Method Handling Vulnerability (Windows)");
   desc["english"] = "
 
   Overview : This host has Adobe Reader/Acrobat installed, which is/are prone
@@ -105,10 +105,13 @@
       exit(0);
     }
 
-    if(adobeVer =~ "^(7\.0(\.[0-9])?|(8\.0(\..*)?|8\.1(\.[0-2])?))$")
-    {
-      security_hole(0);
+    if(adobeVer == "8.1.2" && adobeName =~ "Security Update ?[0-9]+"){
       exit(0);
     }
+
+    if(adobeVer =~ "^(7\.0(\.[0-9])?|8\.0(\..*)?|8\.1(\.[0-2])?)$"){
+      security_hole(0);
+    }
+    exit(0);
   }
 }

Modified: trunk/openvas-plugins/scripts/gb_adobe_prdts_detect_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_prdts_detect_lin.nasl	2008-10-08 10:48:18 UTC (rev 1493)
+++ trunk/openvas-plugins/scripts/gb_adobe_prdts_detect_lin.nasl	2008-10-08 11:48:43 UTC (rev 1494)
@@ -36,77 +36,23 @@
   Risk factor : Informational";
 
   script_description(english:desc["english"]);
-  script_summary(english:"Get/Set the versions of Adobe Products");
+  script_summary(english:"Set the Versions of Adobe Products");
   script_category(ACT_GATHER_INFO);
   script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
   script_family(english:"General");
-  script_dependencies("gather-package-list.nasl");
-  script_require_keys("ssh/login/uname");
   exit(0);
 }
 
 
-include("ssh_func.inc");
+include("version_func.inc");
 
-if("Linux" >!< get_kb_item("ssh/login/uname")){
-  exit(0);
-}
-
-rpmLists = get_kb_list("ssh/*/rpms");
-foreach rpm (rpmLists)
+adobePath = find_file(file_name:"AcroVersion", file_path:"/");
+foreach path (adobePath)
 {
-  if("AdobeReader" >< rpm)
-  {
-    adobeVer = egrep(pattern:"AdobeReader.*$", string:rpm);
-    adobeVer = chomp(adobeVer);
-    adobeVer = ereg_replace(pattern:"AdobeReader_[a-z]+~([.0-9]*).*",
-                            string:adobeVer, replace:"\1");
-    if(adobeVer =~ "^[0-9](\.|[0-9]).*"){
-        set_kb_item(name:"Adobe/Reader/Linux/Ver", value:adobeVer);
-    }
-    exit(0);
+  path = chomp(path);
+  adobeMatch = get_bin_version(full_prog_name:"cat", version_argv:path,
+                               ver_pattern:"[0-9.]+(_SU[0-9])?");
+  if(adobeMatch){
+    set_kb_item(name:"Adobe/Reader/Linux/Version", value:adobeMatch[0]);
   }
 }
-
-sock = ssh_login_or_reuse_connection();
-if(!sock){
-       exit(0);
-}
-
-# If not RPM.
-acroPath = ssh_cmd(socket:sock, cmd:"locate -ir .*Reader/AcroVersion$",
-                   timeout:120);
-
-# If thorough test is on
-if("Reader/AcroVersion" >!< acroPath &&
-   "yes" >< get_kb_item("global_settings/thorough_tests"))
-{
-  cmd = "find / -maxdepth 7 -mindepth 3 -xdev -type f -path" +
-            " '*Reader/AcroVersion' -print";
-  acroPath = ssh_cmd(socket:sock, cmd:cmd, timeout:120);
-}
-
-if("Reader/AcroVersion" >!< acroPath)
-{
-  ssh_close_connection();
-  exit(0);
-}
-
-acroPath = split(acroPath);
-foreach path (acroPath)
-{
-  if(ssh_cmd(socket:sock, cmd:"test -f " + chomp(path) + " && echo $?",
-             timeout:120))
-  {
-    adobeVer = ssh_cmd(socket:sock, cmd:"cat " + chomp(path), timeout:120);
-    adobeVer = chomp(adobeVer);
-    adobeVer = ereg_replace(pattern:"([.0-9]*).*", string:adobeVer, replace:"\1");
-    if(adobeVer)
-    {
-      set_kb_item(name:"Adobe/Reader/Linux/Ver", value:adobeVer);
-      ssh_close_connection();
-      exit(0);
-    }
-  }
-}
-ssh_close_connection();

Modified: trunk/openvas-plugins/scripts/gb_firefox_detect_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_firefox_detect_lin.nasl	2008-10-08 10:48:18 UTC (rev 1493)
+++ trunk/openvas-plugins/scripts/gb_firefox_detect_lin.nasl	2008-10-08 11:48:43 UTC (rev 1494)
@@ -45,44 +45,18 @@
 }
 
 
-include("ssh_func.inc");
+include("version_func.inc");
 
-sock = ssh_login_or_reuse_connection();
-if(!sock){
-  exit(0);
-}
-
-foxName = ssh_cmd(socket:sock, cmd:"firefox -v", timeout:120);
-if(foxName =~ "firefox.* not found")
+foxName = find_file(file_name:"firefox", file_path:"/");
+foreach binary_foxName (foxName)
 {
-  foxName = ssh_cmd(socket:sock, cmd:"locate -ir firefox$", timeout:120);
-  if("firefox" >< foxName)
+  binary_name = chomp(binary_foxName);
+  foxMatch = get_bin_version(full_prog_name:binary_name, version_argv:"-v",
+                             ver_pattern:"Mozilla.*Copyright.*mozilla\.org");
+  if(foxMatch =~ "Firefox|Iceweasel")
   {
-    foxName = split(foxName);
-    for(i = 0; i < max_index(foxName); i++)
-      path = path + chomp(foxName[i]) + " -v;";
-
-    foxName = ssh_cmd(socket:sock, cmd:path, timeout:120);
+    foxVer = eregmatch(pattern:"[0-9.]+", string:foxMatch[0]);
+    set_kb_item(name:"Firefox/Linux/Ver", value:foxVer[0]);
+    exit(0);
   }
-  else
-  {
-    # Search for Firefox thoroughly (slow).
-    if("yes" >< get_kb_item("global_settings/thorough_tests"))
-    {
-      command = "find / -mount -maxdepth 5 -mindepth 1 -type f -name " +
-                "'firefox' -exec '{}' '-v' ';'";
-      foxName = ssh_cmd(socket:sock, cmd:command, timeout:500);
-    }
-  }
 }
-
-# Firefox is branded as Iceweasel in Debian
-if(foxName =~ "Firefox|Iceweasel")
-{
-  foxName = egrep(pattern:"Mozilla.*Copyright.*mozilla\.org", string:foxName);
-  foxName = chomp(foxName);
-  foxVer = eregmatch(pattern:"[.0-9]+", string:foxName);
-  set_kb_item(name:"Firefox/Linux/Ver", value:foxVer[0]);
-}
-
-ssh_close_connection();


From scm-commit at wald.intevation.org  Wed Oct  8 14:44:21 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Wed,  8 Oct 2008 14:44:21 +0200 (CEST)
Subject: [Openvas-commits] r1495 - trunk/doc/website
Message-ID: <20081008124421.E12DA4073C@pyrosoma.intevation.org>

Author: mwiegand
Date: 2008-10-08 14:44:20 +0200 (Wed, 08 Oct 2008)
New Revision: 1495

Modified:
   trunk/doc/website/openvas-cr-16.htm4
Log:
Fixed author for CR #16.


Modified: trunk/doc/website/openvas-cr-16.htm4
===================================================================
--- trunk/doc/website/openvas-cr-16.htm4	2008-10-08 11:48:43 UTC (rev 1494)
+++ trunk/doc/website/openvas-cr-16.htm4	2008-10-08 12:44:20 UTC (rev 1495)
@@ -6,7 +6,7 @@
 m4_dnl Description: OpenVAS Change Request #16
 m4_dnl
 m4_dnl Authors:
-m4_dnl Jan-Oliver Wagner <jan-oliver.wagner at intevation.de>
+m4_dnl Michael Wiegand <michael.wiegand at intevation.de>
 m4_dnl
 m4_dnl Copyright:
 m4_dnl Copyright (C) 2008 Intevation GmbH


From scm-commit at wald.intevation.org  Wed Oct  8 16:17:44 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Wed,  8 Oct 2008 16:17:44 +0200 (CEST)
Subject: [Openvas-commits] r1496 - trunk/doc/website
Message-ID: <20081008141744.1EBF240727@pyrosoma.intevation.org>

Author: mwiegand
Date: 2008-10-08 16:17:43 +0200 (Wed, 08 Oct 2008)
New Revision: 1496

Modified:
   trunk/doc/website/openvas-cr-16.htm4
Log:
Made CR #16 more clear based on Jan-Olivers suggestions on openvas-devel.


Modified: trunk/doc/website/openvas-cr-16.htm4
===================================================================
--- trunk/doc/website/openvas-cr-16.htm4	2008-10-08 12:44:20 UTC (rev 1495)
+++ trunk/doc/website/openvas-cr-16.htm4	2008-10-08 14:17:43 UTC (rev 1496)
@@ -34,9 +34,16 @@
 
 <p>
   To make the behavior of OpenVAS-Client more flexible and more useful for
-  scanning with fixed NVT sets.
+  periodic scanning with fixed NVT sets.
 </p>
 
+<p>
+  To make a first step towards family-based scan scenarios. In the future it
+  should be possible to define a family (like Debian local security checks) and
+  automatically enable all new NVTs of this family, while new NVTs from other
+  families stay disabled.
+</p>
+
 <h3>References</h3>
 
 <p>
@@ -58,6 +65,12 @@
   enabled has to manually disable all new NVTs after connecting to the server.
 </p>
 
+<p>
+  As stated under <i>Purpose</i>, this scheme is intended to allow for
+  family-specific settings at a later date; there are cases where new NVTs of a
+  specific family should be enabled, but other new NVTs should not.
+</p>
+
 <h3>Effects</h3>
 
 <p>
@@ -73,6 +86,10 @@
   plugin selection section of OpenVAS-Client and will be scope-specific.
 </p>
 
+<p>
+  The automatic enabling of NVTs happens in nessus/context.c (context_add_plugin).
+  This would probably a good place to check for the value of the new preference.
+</p>
 
 <h3>History</h3>
 


From scm-commit at wald.intevation.org  Wed Oct  8 16:26:49 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Wed,  8 Oct 2008 16:26:49 +0200 (CEST)
Subject: [Openvas-commits] r1497 - trunk/doc/website
Message-ID: <20081008142649.4212B40727@pyrosoma.intevation.org>

Author: mwiegand
Date: 2008-10-08 16:26:49 +0200 (Wed, 08 Oct 2008)
New Revision: 1497

Modified:
   trunk/doc/website/openvas-cr-16.htm4
   trunk/doc/website/roadmap.htm4
Log:
Added reference to CR #16, updated roadmap.


Modified: trunk/doc/website/openvas-cr-16.htm4
===================================================================
--- trunk/doc/website/openvas-cr-16.htm4	2008-10-08 14:17:43 UTC (rev 1496)
+++ trunk/doc/website/openvas-cr-16.htm4	2008-10-08 14:26:49 UTC (rev 1497)
@@ -47,7 +47,8 @@
 <h3>References</h3>
 
 <p>
-  This change request originated from the OpenVAS roadmap.
+  <a href="http://lists.wald.intevation.org/pipermail/openvas-discuss/2007-May/000252.html">Mail
+  from Kenneth Ng to openvas-discuss</a> regarding this feature.
 </p>
 
 <h3>Rationale</h3>

Modified: trunk/doc/website/roadmap.htm4
===================================================================
--- trunk/doc/website/roadmap.htm4	2008-10-08 14:17:43 UTC (rev 1496)
+++ trunk/doc/website/roadmap.htm4	2008-10-08 14:26:49 UTC (rev 1497)
@@ -79,13 +79,6 @@
      This is related to ideas about false-positive marking.
      </p>
 
-<li> Configurable option "Don't automatically add and run new plugins":
-     <p>
-     An option to say: "do not add new plugins to the .nessusrc file(s)".
-     Or maybe, add all new ones as "no".  Sometimes I want to run a given
-     set of plugins periodically.  I don't want all new ones to also get run.
-     </p>
-
 <li> Direct support of Database:
      <p>
      OpenVAS Server should optionally write results into a database.


From scm-commit at wald.intevation.org  Wed Oct  8 21:18:46 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Wed,  8 Oct 2008 21:18:46 +0200 (CEST)
Subject: [Openvas-commits] r1498 - in trunk/openvas-plugins: . scripts
Message-ID: <20081008191846.510624072D@pyrosoma.intevation.org>

Author: reinke
Date: 2008-10-08 21:18:44 +0200 (Wed, 08 Oct 2008)
New Revision: 1498

Added:
   trunk/openvas-plugins/scripts/gentoo_unmaintained_packages.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/gather-package-list.nasl
Log:
Added gentoo_unmaintained.nasl

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2008-10-08 14:26:49 UTC (rev 1497)
+++ trunk/openvas-plugins/ChangeLog	2008-10-08 19:18:44 UTC (rev 1498)
@@ -1,3 +1,8 @@
+2008-10-08  Thomas Reinke <reinke at securityspace.com>
+	* scripts/gentoo_unmaintained_packages.nasl added.
+	  Updated gather-package-list.nasl to added necessary
+	  prerequisites for above mentioned script.
+
 2008-10-08 Chandrashekhar B <bchandra at secpod.com>
 	* scripts/gb_adobe_prdts_detect_lin.nasl,
 	  scripts/gb_adobe_prdts_code_exec_vuln_win.nasl,
@@ -39,6 +44,7 @@
 	  scripts/gb_adobe_prdts_detect_lin.nasl:
 	  Added new plugins
 
+>>>>>>> .r1497
 2008-10-03  Thomas Reinke <reinke at securityspace.com>
 	* script/freebsd_lighttpd5.nasl script/freebsd_mplayer9.nasl,
 	  script/freebsd_mysql-client0.nasl script/freebsdsa_nd6.nasl:

Modified: trunk/openvas-plugins/scripts/gather-package-list.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gather-package-list.nasl	2008-10-08 14:26:49 UTC (rev 1497)
+++ trunk/openvas-plugins/scripts/gather-package-list.nasl	2008-10-08 19:18:44 UTC (rev 1498)
@@ -669,6 +669,12 @@
     set_kb_item(name: "ssh/login/gentoo", value: "GENTOO");
     buf = ssh_cmd(socket:sock, cmd:'find /var/db/pkg -mindepth 2 -maxdepth 2 -printf "%P\\n"');
     set_kb_item(name: "ssh/login/pkg", value: buf);
+    # Determine the list of maintained packages
+    buf = ssh_cmd(socket:sock, cmd: "find /usr/portage/ -wholename '/usr/portage/*-*/*.ebuild' | sed 's,/usr/portage/\([^/]*\)/.*/\([^/]*\)\.ebuild$,\1/\2,'");
+    if(strlen(buf)==0) { # Earlier find used 'path' in place of 'wholename'
+	buf = ssh_cmd(socket:sock, cmd: "find /usr/portage/ -path '/usr/portage/*-*/*.ebuild' | sed 's,/usr/portage/\([^/]*\)/.*/\([^/]*\)\.ebuild$,\1/\2,'");
+    }
+    set_kb_item(name: "ssh/login/gentoo_maintained", value: buf);
     security_note(port:port, data:string("We are able to login and detect that you are running Gentoo"));
     exit(0);
 }

Added: trunk/openvas-plugins/scripts/gentoo_unmaintained_packages.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gentoo_unmaintained_packages.nasl	2008-10-08 14:26:49 UTC (rev 1497)
+++ trunk/openvas-plugins/scripts/gentoo_unmaintained_packages.nasl	2008-10-08 19:18:44 UTC (rev 1498)
@@ -0,0 +1,128 @@
+# This script is (C) 2007 Michel Arboi <mikhail at nessus.org>
+# 2008/10/08 Updated by Thomas Reinke to work with OpenVAS.
+# GPL
+
+ desc = '
+Synopsis :
+
+The remote operating system contains obsolete software
+
+Description :
+
+The remote Gentoo system contains several packages or versions 
+which have been marked as obsolete and have been removed from 
+the portage tree.
+These versions are therefore unmaintained, which means that if
+any security flaw is found in them, no patch will be made 
+available.
+
+In addition to this, these packages might break after a library 
+upgrade and it will be impossible to recompile them.
+
+Solution: 
+
+Remove or upgrade those packages.
+
+Risk factor : 
+
+Medium / CVSS Base Score : 6 
+(AV:R/AC:H/Au:NR/C:P/A:P/I:P/B:N)
+';
+
+if (description)
+{
+ script_id(24017);
+ script_version("$Revision: 1.2 $");
+
+ script_description(english: desc);
+ script_copyright(english: "Copyright (C) 2007 Michel Arboi <mikhail at nessus.org>");
+ script_name(english: "Unmaintained Gentoo packages");
+ script_category(ACT_GATHER_INFO);
+ script_family(english: "Gentoo Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys('ssh/login/pkg', 'ssh/login/gentoo_maintained');
+ script_summary(english: 'Find obsolete Gentoo packages that cannot be installed any more');
+ exit(0);
+}
+
+include('global_settings.inc');
+
+installed = get_kb_item('ssh/login/pkg');
+maintained = get_kb_item('ssh/login/gentoo_maintained');
+
+# 
+# Debug only
+# function exec(cmd)
+# {
+#  return pread(cmd: "/bin/sh", argv: make_list("sh", "-c", cmd));
+# }
+# 
+# installed = exec(cmd: 'find /var/db/pkg/ -mindepth 2 -maxdepth 2 -printf "%P\\n"');
+# maintained = exec(cmd: "find /usr/portage/ -wholename '/usr/portage/*-*/*.ebuild' | sed 's,/usr/portage/\([^/]*\)/.*/\([^/]*\)\.ebuild$,\1/\2,'");
+# 
+
+if (isnull(installed) || isnull(maintained)) exit(0);
+
+bad_l = ''; old_l = ''; obsolete_l = '';
+
+maintained_v = sort(split(maintained, keep: 0));
+maintained = NULL;	# Free memory
+
+installed_v = sort(split(installed, keep: 0));
+installed = NULL;
+
+i1 = 0; i2 = 0; n1 = max_index(maintained_v); n2 = max_index(installed_v);
+all = 0; bad = 0;
+
+prev_m = maintained_v[0];	# So that it can be parsed
+
+for (i2 = 0; i2 < n2; i2 ++)
+{
+ # There is no software in a "virtual" package
+ # -MERGING-* & lockfiles are artefacts
+ if (! match(string: installed_v[i2], pattern: 'virtual/*') &&
+     ! match(string: installed_v[i2], pattern: '*/-MERGING-*') &&
+     ! match(string: installed_v[i2], pattern: '*/*.portage_lockfile') )
+ {
+  while (maintained_v[i1] < installed_v[i2])
+  {
+   prev_m = maintained_v[i1];
+   i1 ++;
+  }
+
+  if (maintained_v[i1] != installed_v[i2])
+  {
+   pat = '^([a-z0-9]+-[a-z0-9]+/[^0-9][a-z0-9+_-]+)-[0-9].*$';
+   iv = eregmatch(string: installed_v[i2], pattern: pat, icase: 1);
+   mv = eregmatch(string: maintained_v[i1], pattern: pat, icase: 1);
+   pv = eregmatch(string: prev_m, pattern: pat, icase: 1);
+
+   if (! isnull(iv)  && ! isnull(mv) && ! isnull(pv))
+    if (iv[1] == mv[1] || iv[1] == pv[1])
+     old_l += installed_v[i2] + '\n';
+    else
+     obs_l += installed_v[i2] + '\n';
+   else
+   {
+    debug_print('Cannot parse ', installed_v[i2], ' or ', maintained_v[i1], ' or ', prev_m);
+    bad_l += installed_v[i2] + '\n';
+   }
+   bad ++;
+  }
+  all ++;
+ }
+}
+
+if (bad > 0) 
+{
+ desc += '\n\nPlugin output :\n\n';
+ if (strlen(obs_l) > 0)
+  desc = strcat(desc, 'The following packages are not maintained any more:\n', obs_l, '\n');
+ if (strlen(old_l) > 0)
+  desc = strcat(desc, 'The following packages should be updated:\n', old_l, '\n');
+ if (bad_l > 0)
+  desc = strcat(desc, 'The following obsolete packages were found:\n', bad_l, '\n');
+  security_warning(port: 0, data: desc);
+}
+debug_print('Found ', bad, ' obsolete packages among ', all, ' packages\n');
+


From scm-commit at wald.intevation.org  Thu Oct  9 00:42:38 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Thu,  9 Oct 2008 00:42:38 +0200 (CEST)
Subject: [Openvas-commits] r1499 - in trunk/openvas-plugins: . scripts
Message-ID: <20081008224238.DEF844072A@pyrosoma.intevation.org>

Author: reinke
Date: 2008-10-09 00:42:36 +0200 (Thu, 09 Oct 2008)
New Revision: 1499

Added:
   trunk/openvas-plugins/scripts/deb_1643_1.nasl
   trunk/openvas-plugins/scripts/deb_1647_1.nasl
   trunk/openvas-plugins/scripts/deb_1648_1.nasl
   trunk/openvas-plugins/scripts/glsa_200810_01.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
Log:
New scripts added

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2008-10-08 19:18:44 UTC (rev 1498)
+++ trunk/openvas-plugins/ChangeLog	2008-10-08 22:42:36 UTC (rev 1499)
@@ -1,4 +1,8 @@
 2008-10-08  Thomas Reinke <reinke at securityspace.com>
+	* deb_1643_1.nasl deb_1647_1.nasl deb_1648_1.nasl
+	  glsa_200810_01.nasl   New scripts
+
+2008-10-08  Thomas Reinke <reinke at securityspace.com>
 	* scripts/gentoo_unmaintained_packages.nasl added.
 	  Updated gather-package-list.nasl to added necessary
 	  prerequisites for above mentioned script.

Added: trunk/openvas-plugins/scripts/deb_1643_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_1643_1.nasl	2008-10-08 19:18:44 UTC (rev 1498)
+++ trunk/openvas-plugins/scripts/deb_1643_1.nasl	2008-10-08 22:42:36 UTC (rev 1499)
@@ -0,0 +1,85 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 1643-1 (feta)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(61711);
+ script_cve_id("CVE-2008-4440");
+ script_version ("$");
+ name["english"] = "Debian Security Advisory DSA 1643-1 (feta)";
+ script_name(english:name["english"]);
+
+ desc["english"] = "
+The remote host is missing an update to feta
+announced via advisory DSA 1643-1.
+
+Dmitry E. Oboukhov discovered that the to-upgrade plugin of Feta,
+a simpler interface to APT, dpkg, and other Debian package tools
+creates temporary files insecurely, which may lead to local denial
+of service through symlink attacks.
+
+For the stable distribution (etch), this problem has been fixed in
+version 1.4.15+etch1.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 1.4.16+nmu1.
+
+We recommend that you upgrade your feta package.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201643-1
+
+Risk factor : High";
+
+ script_description(english:desc["english"]);
+
+ summary["english"] = "Debian Security Advisory DSA 1643-1 (feta)";
+ script_summary(english:summary["english"]);
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com");
+ family["english"] = "Debian Local Security Checks";
+ script_family(english:family["english"]);
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+vuln = 0;
+if(isdpkgvuln(pkg:"feta", ver:"1.4.15+etch1", rls:"DEB4.0")) {
+    vuln = 1;
+}
+
+if(vuln) {
+    security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/deb_1647_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_1647_1.nasl	2008-10-08 19:18:44 UTC (rev 1498)
+++ trunk/openvas-plugins/scripts/deb_1647_1.nasl	2008-10-08 22:42:36 UTC (rev 1499)
@@ -0,0 +1,176 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 1647-1 (php5)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(61712);
+ script_cve_id("CVE-2008-3658", "CVE-2008-3659", "CVE-2008-3660");
+ script_version ("$");
+ name["english"] = "Debian Security Advisory DSA 1647-1 (php5)";
+ script_name(english:name["english"]);
+
+ desc["english"] = "
+The remote host is missing an update to php5
+announced via advisory DSA 1647-1.
+
+Several vulnerabilities have been discovered in PHP, a server-side,
+HTML-embedded scripting language. The Common Vulnerabilities and
+Exposures project identifies the following problems:
+
+CVE-2008-3658
+
+Buffer overflow in the imageloadfont function allows a denial
+of service or code execution through a crafted font file.
+
+CVE-2008-3659
+
+Buffer overflow in the memnstr function allows a denial of
+service  or code execution via a crafted delimiter parameter
+to the explode function.
+
+CVE-2008-3660
+
+Denial of service is possible in the FastCGI module by a
+remote attacker by making a request with multiple dots
+before the extension.
+
+For the stable distribution (etch), these problems have been fixed in
+version 5.2.0-8+etch13.
+
+For the testing (lenny) and unstable distribution (sid), these problems
+have been fixed in version 5.2.6-4.
+
+We recommend that you upgrade your php5 package.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201647-1
+
+Risk factor : High";
+
+ script_description(english:desc["english"]);
+
+ summary["english"] = "Debian Security Advisory DSA 1647-1 (php5)";
+ script_summary(english:summary["english"]);
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com");
+ family["english"] = "Debian Local Security Checks";
+ script_family(english:family["english"]);
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+vuln = 0;
+if(isdpkgvuln(pkg:"php-pear", ver:"5.2.0-8+etch13", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"php5", ver:"5.2.0-8+etch13", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"php5-dev", ver:"5.2.0-8+etch13", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"php5-tidy", ver:"5.2.0-8+etch13", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"php5-mysql", ver:"5.2.0-8+etch13", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"php5-xmlrpc", ver:"5.2.0-8+etch13", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"php5-cgi", ver:"5.2.0-8+etch13", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"php5-xsl", ver:"5.2.0-8+etch13", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"php5-gd", ver:"5.2.0-8+etch13", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"php5-snmp", ver:"5.2.0-8+etch13", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"php5-sybase", ver:"5.2.0-8+etch13", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"php5-mcrypt", ver:"5.2.0-8+etch13", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"php5-common", ver:"5.2.0-8+etch13", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"php5-mhash", ver:"5.2.0-8+etch13", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"php5-pspell", ver:"5.2.0-8+etch13", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"libapache-mod-php5", ver:"5.2.0-8+etch13", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"php5-ldap", ver:"5.2.0-8+etch13", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"php5-imap", ver:"5.2.0-8+etch13", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"php5-recode", ver:"5.2.0-8+etch13", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"php5-pgsql", ver:"5.2.0-8+etch13", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"php5-sqlite", ver:"5.2.0-8+etch13", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"php5-curl", ver:"5.2.0-8+etch13", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"libapache2-mod-php5", ver:"5.2.0-8+etch13", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"php5-odbc", ver:"5.2.0-8+etch13", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"php5-cli", ver:"5.2.0-8+etch13", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"php5-interbase", ver:"5.2.0-8+etch13", rls:"DEB4.0")) {
+    vuln = 1;
+}
+
+if(vuln) {
+    security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/deb_1648_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_1648_1.nasl	2008-10-08 19:18:44 UTC (rev 1498)
+++ trunk/openvas-plugins/scripts/deb_1648_1.nasl	2008-10-08 22:42:36 UTC (rev 1499)
@@ -0,0 +1,85 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 1648-1 (mon)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(61713);
+ script_cve_id("CVE-2008-4477");
+ script_version ("$");
+ name["english"] = "Debian Security Advisory DSA 1648-1 (mon)";
+ script_name(english:name["english"]);
+
+ desc["english"] = "
+The remote host is missing an update to mon
+announced via advisory DSA 1648-1.
+
+Dmitry E. Oboukhov discovered that the test.alert script used in one of the
+alert functions in mon, a system to monitor hosts or services and alert
+about problems, creates temporary files insecurely, which may lead to a local
+denial of service through symlink attacks.
+
+For the stable distribution (etch), this problem has been fixed in
+version 0.99.2-9+etch2.
+
+For the testing (lenny) and unstable distribution (sid), this problem has
+been fixed in version 0.99.2-13.
+
+We recommend that you upgrade your mon package.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201648-1
+
+Risk factor : High";
+
+ script_description(english:desc["english"]);
+
+ summary["english"] = "Debian Security Advisory DSA 1648-1 (mon)";
+ script_summary(english:summary["english"]);
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com");
+ family["english"] = "Debian Local Security Checks";
+ script_family(english:family["english"]);
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+vuln = 0;
+if(isdpkgvuln(pkg:"mon", ver:"0.99.2-9+etch2", rls:"DEB4.0")) {
+    vuln = 1;
+}
+
+if(vuln) {
+    security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/glsa_200810_01.nasl
===================================================================
--- trunk/openvas-plugins/scripts/glsa_200810_01.nasl	2008-10-08 19:18:44 UTC (rev 1498)
+++ trunk/openvas-plugins/scripts/glsa_200810_01.nasl	2008-10-08 22:42:36 UTC (rev 1499)
@@ -0,0 +1,83 @@
+#
+# OpenVAS Vulnerability Test
+# $
+# Description: Auto generated from Gentoo's XML based advisory
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisories, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+                                                                                
+                                                                                
+if(description)
+{
+ script_id(61714);
+ script_cve_id("CVE-2008-2149", "CVE-2008-3908");
+ script_version ("$");
+ name["english"] = "Gentoo Security Advisory GLSA 200810-01 (wordnet)";
+ script_name(english:name["english"]);
+
+ desc["english"] = "
+The remote host is missing updates announced in
+advisory GLSA 200810-01.
+
+Multiple vulnerabilities were found in WordNet, possibly allowing for the
+execution of arbitrary code.
+
+Solution:
+All WordNet users should upgrade to the latest version:
+
+    # emerge --sync
+    # emerge --ask --oneshot --verbose '>=app-dicts/wordnet-3.0-r2'
+
+http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200810-01
+http://bugs.gentoo.org/show_bug.cgi?id=211491
+
+Risk factor : Medium";
+
+ script_description(english:desc["english"]);
+
+ summary["english"] = "Gentoo Security Advisory GLSA 200810-01 (wordnet)";
+ script_summary(english:summary["english"]);
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com");
+ family["english"] = "Gentoo Local Security Checks";
+ script_family(english:family["english"]);
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/gentoo");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-gentoo.inc");
+vuln = 0;
+if(ispkgvuln(pkg:"app-dicts/wordnet", unaffected: make_list("ge 3.0-r2"), vulnerable: make_list("lt 3.0-r2"))) {
+    vuln=1;
+}
+
+if(vuln) {
+    security_hole(0);
+}


From scm-commit at wald.intevation.org  Thu Oct  9 10:51:06 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Thu,  9 Oct 2008 10:51:06 +0200 (CEST)
Subject: [Openvas-commits] r1500 - trunk/openvas-compendium
Message-ID: <20081009085106.92A69406A5@pyrosoma.intevation.org>

Author: mwiegand
Date: 2008-10-09 10:51:04 +0200 (Thu, 09 Oct 2008)
New Revision: 1500

Modified:
   trunk/openvas-compendium/ChangeLog
   trunk/openvas-compendium/openvas-compendium.de.tex
   trunk/openvas-compendium/openvas-compendium.tex
Log:
* openvas-compendium.de.tex: Updated translation.

* openvas-compendium.tex: Fixed typos.


Modified: trunk/openvas-compendium/ChangeLog
===================================================================
--- trunk/openvas-compendium/ChangeLog	2008-10-08 22:42:36 UTC (rev 1499)
+++ trunk/openvas-compendium/ChangeLog	2008-10-09 08:51:04 UTC (rev 1500)
@@ -1,5 +1,11 @@
-2008-09-30  Michael Wiegand <michael.wiegand at intevation.de>
+2008-10-09  Michael Wiegand <michael.wiegand at intevation.de>
 
+	* openvas-compendium.de.tex: Updated translation.
+
+	* openvas-compendium.tex: Fixed typos.
+
+2008-10-07  Michael Wiegand <michael.wiegand at intevation.de>
+
 	* openvas-compendium.de.tex: First partial translation of the OpenVAS
 	compendium into German. Most parts are still in English, this will
 	hopefully changed in the next few weeks.

Modified: trunk/openvas-compendium/openvas-compendium.de.tex
===================================================================
--- trunk/openvas-compendium/openvas-compendium.de.tex	2008-10-08 22:42:36 UTC (rev 1499)
+++ trunk/openvas-compendium/openvas-compendium.de.tex	2008-10-09 08:51:04 UTC (rev 1500)
@@ -513,70 +513,75 @@
 aktuellen Entwicklungsstand benutzen, der unvollständig und instabil sein
 könnte und nicht in Produktivumgebungen eingesetzt werden sollte.
 
-\xname{configuring-openvas-server}
-\section{Configuring OpenVAS-Server}
-\label{sec:Configuring OpenVAS-Server} 
+\xname{openvas-server-konfigurieren}
+\section{OpenVAS-Server konfigurieren}
+\label{sec:Configuring OpenVAS-Server}
 \compendiumauthor{Michael Wiegand}
 
-After installing OpenVAS-Server some additional steps are needed to get your
-OpenVAS installation up and running. This section provides with the information
-you need to generate a server certificate and add users to your installation.
+Nachdem Sie OpenVAS-Server installiert haben, sind einige zusätzliche Schritte
+notwendig, damit Sie Ihre OpenVAS-Installation effektiv nutzen können: So
+müssen Sie beispielsweise Zertifikate für den Server erstellen und Benutzer
+anlegen, bevor Sie sich mit dem Server verbinden können.
 
-If you have installed OpenVAS from packages provided by your distribution, be
-aware that there might be differences between the instructions provided by this
-compendium and the steps necessary on your distribution. Please refer to the
-documentation provided by your distribution for additional information.
+Falls Sie OpenVAS aus Pakete installiert haben, die von Ihrer Distribution zur
+Verfügung gestellt wurden, müssen Sie unter Umständen andere Schritte als die
+in diesem Kompendium beschriebenen durchführen. Bitte konsultieren Sie die
+Dokumentation zur Ihrer Distribution, falls Sie nähere Informationen benötigen.
 
-Also note that you might need to installation additional software in you are
-planning on using the tools described in chapter \ref{chap:tools}.
+Bitte beachten Sie außerdem, dass Sie eventuell zusätzliche Software
+installieren müssen, falls Sie in Kapitel \ref{chap:tools} beschrieben
+Sicherheitswerkzeuge zusammen mit OpenVAS nutzen wollen.
 
-\xname{generating-a-server-certificate}
-\subsection{Generating a Server Certificate}
+\xname{erstellung-eines-serverzertifikates}
+\subsection{Erstellung eines Serverzertifikates}
 
-For security reasons, communication between server and client is only possible
-through SSL encrypted connections. In order to establish an SSL encrypted
-connection, the server needs to have an SSL certificate. If the machine
-OpenVAS-Server is running on does not have a certificate, you will to generate
-one yourself.
+Aus Sicherheitsgründen ist eine Kommunikation zwischem dem OpenVAS Server und
+dem Client nur über eine SSL-verschlüsselte Verbindung möglich. Damit eine
+verschlüsselte Verbindung aufgebaut werden kann, muss der Server ein
+gültiges SSL-Zertifikat besitzen. Falls für den Rechner, auf dem der OpenVAS
+Server läuft, noch kein Zertifikat verfügbar ist, müssen Sie ein neues
+erstellen.
 
-The easiest way to do this is through the \verb|openvas-mkcert|
-script provided by the OpenVAS-Server package. This will generate two
-certificates: one certificate for a local certificate authority (CA) and a
-second certificate for the OpenVAS server which is signed by the CA and is
-presented to connecting clients.
+Am einfachsten geht dies mit dem im OpenVAS-Server Modul enthaltenen Skript
+\verb|openvas-mkcert|. Dieses Skript erstellt zwei Zertifikate: Ein Zertifikat
+für eine lokale Zertifizierungsstelle (Certificate Authority, CA) und ein
+zweites Zertifikat für den OpenVAS Server, das von dieser CA signiert ist und
+beim Verbindungsaufbau übermittelt wird.
 
-However, in case you want or have to consider a X.509 Public Key Infrastructure (PKI),
-you may of course use a certificate signed by the respective CA, which is e.g. done
-by your trust center.
+Falls Sie bereits über eine X.509-basierte Public-Key-Infrastruktur (PKI)
+verfügen, können Sie selbstverständlich auch ein Zertifikat verwenden, das von
+der zuständigen CA (etwa Ihrem Trust-Center) signiert wurde.
 
-\xname{adding-new-users}
-\subsection{Adding New Users}
+\xname{neue-benutzer-hinzufuegen}
+\subsection{Neue Benutzer hinzufügen}
 
-In order to use an OpenVAS server, a client needs to have a user account on the
-server. The OpenVAS-Server package provides the \verb|openvas-adduser| script
-to simplify creating user account. Using \verb|openvas-adduser|, you can specify
-whether the user should use a password or a certificate to authenticate himself
-and optionally restrict the access rights of the user.
+Um einen OpenVAS Server nutzen zu können, muss der Benutzer auf dem Server ein
+Benutzerkonto besitzen. Das OpenVAS-Server Modul erhält hierfür das Skript
+\verb|openvas-adduser|. Bei der Erstellung eines Benutzerkontos mit
+\verb|openvas-adduser| können Sie angeben, ob sich der Benutzer mit einem
+Passwort oder mit einem Zertifikat authentifizieren soll und optional die
+Zugriffsrechte dieses Benutzers einschränken.
 
-Restricted access rights can be useful to prevent users from scanning arbitrary
-hosts or networks. You can specify rules that restrict an user to certain hosts
-or subnets or even prevent him from scanning any host but his own.
+Beschränkte Zugriffsrechte können nützlich sein, um zu verhindern, dass
+Benutzer beliebige Zielrechner scannen können. Sie können Regeln angeben, die
+Benutzer auf bestimmte Zielrechner oder -netzwerke beschränken oder einen
+Benutzer nur das Scannen des eigenen Rechners erlauben.
 
-The correct syntax for user rules is:
+Der korrekte Syntax für die benutzerspezifischen Zugriffsregeln ist wie folgt:
 
 \verb#accept|deny ip/mask#
 
-and 
+und
 
 \verb#default accept|deny#
 
-Where \verb#mask# is the CIDR netmask of the rule.
+Wobei \verb#mask# die Netzmaske des Zugriffsregel nach dem CIDR-Schema ist.
 
-The \verb#default# statement must be the last rule and defines the policy for
-the user.
+Die \verb#default# Regel muss die letzte Regel sein und definiert die
+grundlegende Richtlinie für diesen Benutzer.
 
-The following rule set will allow the user to test 192.168.1.0/24, 
-192.168.3.0/24 and 172.22.0.0/16, but nothing else:
+Die folgenden Regeln erlauben es dem Benutzer, ausschließlich die Netzwerke
+192.168.1.0/24, 192.168.3.0/24 und 172.22.0.0/16 zu scannen:
 
 \begin{verbatim}
 accept 192.168.1.0/24
@@ -585,242 +590,245 @@
 default deny
 \end{verbatim}
 
-The following rule set will allow the user to test whatever he wants, 
-except the network 192.168.1.0/24:
+Die folgenden Regeln erlauben es dem Benutzer, beliebige Rechner und Netzwerke
+zu scannen, bis auf das Subnetz 192.168.1.0/24:
 
 \begin{verbatim}
 deny 192.168.1.0/24
 default accept
 \end{verbatim}
 
-The keyword \verb#client_ip# is replaced at runtime by the IP address
-of the user. If you want to restrict the user to be able to scan only the system
-he is connecting from, you can use the following ruleset:
+Das Schlüsselwort \verb#client_ip# wird zur Laufzeit durch die IP-Adresse des
+Benutzers ersetzt. Falls den Benutzer auf das System beschränken wollen, von
+dem aus er sich mit dem Server verbindet, können Sie die folgenden Regeln
+verwenden:
 
 \begin{verbatim}
 accept client_ip
 default deny
 \end{verbatim}
 
-\xname{advanced-configuration-server}
-\subsection{Advanced Configuration}
+\xname{fortgeschrittene-konfiguration-server}
+\subsection{Fortgeschrittene Konfiguration}
 
-If you need to make changes to the default OpenVAS-Server configuration, you can
-do so in the configuration file located at \verb#/etc/openvas/openvasd.conf#.
+Falls Sie die voreingestellte Konfiguration von OpenVAS-Server ändern möchten,
+können Sie dies in der Konfigurationsdatei tun, die Sie im Normalfall unter
+\verb#/etc/openvas/openvasd.conf# finden.
 
-The following settings can be configured through the openvasd.conf configuration
-file (note: the default values for your distribution may differ from the default
-values described here):
+Die folgenden Einstellungen können in der \verb#openvasd.conf# vorgenommen
+werden. Bitte beachten Sie, dass die Voreinstellungen für Ihre Distribution von
+den hier beschriebenen Werten abweichen können.
 
 \begin{description}
- \item[plugins\_folder] This setting configures the path where the NVT scripts
-can be found. \textit{(default value: /lib/openvas/plugins)}
- \item[max\_hosts] The maximum number of hosts that will be tested
-simultaneously. \textit{(default value: 30)}
- \item[max\_checks] The maximum number of checks that will run simultaneously
-against a given host. \textit{(default value: 10)}
- \item[be\_nice] Niceness. If set to 'yes', openvasd will renice itself to 10.
-\textit{(default value: no)}
- \item[logfile] The file used to log activity. If this value is set to 'syslog',
-OpenVAS-Server will use syslogd for logging.
-\textit{(default value: /var/log/openvas/openvasd.messages)}
- \item[log\_whole\_attack] This setting controls how detailed should be logged. If
-this option is set to 'no', only the start and end time of the scan is logged.
-If set to 'yes', OpenVAS-Server will log more information, including the time
-each plugin took to execute. Be aware that this may cause OpenVAS-Server to use 
-more hard disk space and to access the hard disk more often during the scan.
-\textit{(default value: no)}
- \item[log\_plugins\_name\_at\_load] This setting controls whether the names of the
-plugins that are loaded by the server should be logged.
-\textit{(default value: no)}
+ \item[plugins\_folder] Der Pfad, indem die NVT Skripte gefunden werden können-
+\textit{(Voreinstellung: /lib/openvas/plugins)}
+ \item[max\_hosts] Die maximale Anzahl von Zielrechnern, die auf einmal getestet
+werden können. \textit{(Voreinstellung: 30)}
+ \item[max\_checks] Die maximale Anzahl von Tests, die gleichzeitig
+gegen einen Zielrechner durchgeführt werden. \textit{(Voreinstellung: 10)}
+ \item[be\_nice] Priorität der Serverprozesses (``Niceness''). Wenn diese 
+Einstellung auf dem Wert ``yes'' steht, wird \verb|openvasd| seine
+Prozesspriorität auf 10 herabsetzen. \textit{(Voreinstellung: no)}
+ \item[logfile] Die Datei, in die der OpenVAS-Server Meldungen schreiben soll.
+Wenn dieser Wert auf \verb|syslogd| gesetzt wird, wird OpenVAS-Server den
+\verb|syslogd|-Dienst benutzen.
+\textit{(Voreinstellung: /var/log/openvas/openvasd.messages)}
+ \item[log\_whole\_attack] Diese Einstellung bestimmt, wie detailliert der
+Scanablauf protokolliert werden soll. Wenn diese Einstellung auf ``no'' gesetzt
+ist, wird lediglich der Start- und Endzeitpunkt des Scans protokolliert. Falls
+diese Einstellung auf ``yes'' gesetzt wird, protokolliert OpenVAS-Server den
+Ablauf detaillierter und protokolliert beispielsweise die Zeit, die die
+einzelnen NVTs zur Ausführung benötigt haben. Bitte beachten Sie, dass
+OpenVAS-Server dadurch mehr Festplattenkapazität in Anspruch nehmen wird und
+während des Scanvorgangs öfter auf die Festplatte zugreifen wird.
+\textit{(Voreinstellung: no)}
+ \item[log\_plugins\_name\_at\_load] Diese Einstellung bestimmt, ob die Namen
+der NVTs, die vom Server geladen werden, protokolliert werde sollen.
+\textit{(Voreinstellung: no)}
+ \item[dumpfile] Diese Einstellung konfiguriert den Name der Datei, die für
+Debug-Ausgaben genutzt werden soll. Wenn diese Einstellung auf ``-'' gesetzt
+wird, werden Debug-Ausgaben in Standardausgabe (stdout) geschrieben.
+\textit{(Voreinstellung: /var/log/openvas/openvasd.dump)}
+ \item[rules] Der Dateiname für die Zugriffsregeln.
+\textit{(Voreinstellung: /etc/openvas/openvasd.rules)}
+ \item[users] Der Dateiname für die Benutzerdatenbank.
+\textit{(Voreinstellung: /etc/openvas/openvasd.users)}
+ \item[cgi\_path] Der voreingestellte Pfad für zu überprüfende CGI-Skripte;
+mehrere Werte werden durch Doppelpunkte (``:'') getrennt.
+\textit{(Voreinstellung: /cgi-bin:/scripts)}
+ \item[port\_range] Der Bereich der Ports, die von den Portscannern gescannt
+werden sollen. Wenn diese Einstellung auf ``default'' gesetzt ist, wird
+OpenVAS-Server die in der Datei \verb#/var/lib/openvas/openvas-services#
+aufgelisteten Ports überprüfen.
+\textit{(Voreinstellung: default)}
+ \item[optimize\_test] Manche Sicherheitstests geben an, dass sie nur gestartet
+werden sollen, wenn bestimmte Werte bereits in der Wissensbasis vorhanden sind
+oder wenn ein bestimmter Port offen ist. Wenn diese Option aus ``yes'' gesetzt
+wird, beschleunigt dies den Scan, kann aber dazu führen, dass einige
+Sicherheitslücken nicht gefunden werden.
+\textit{(Voreinstellung: yes)}
+ \item[language] Die Sprache, die in den NVT-Beschreibungen verwendet werden
+soll. Zur Zeit werden die Werte ``english'' und ``french'' unterstützt.
+\textit{(Voreinstellung: english)}
+ \item[checks\_read\_timeout] Die Zeitbeschränkung (in Sekunden) für
+Lesevorgänge auf Sockets während des Scanvorgangs. \textit{(Voreinstellung: 5)}
+ \item[non\_simult\_ports] Mit dieser Option kann eine Liste von Ports
+angegeben werden, gegen die NVTs nicht gleichzeitig laufen sollen.
+\textit{(Voreinstellung: 139, 445)}
+ \item[plugins\_timeout] Die maximale Ausführungszeit für ein NVT (in Sekunden).
+\textit{(Voreinstellung: 320)}
+ \item[safe\_checks] Manche Sicherheitstests können den Zielrechner schädigen,
+etwa durch einen Störung eines bestimmten Dienst bis zu einem Neustart des
+Dienstes oder des Zielrechners. Wenn diese Einstellung auf ``yes'' steht, wird
+sich OpenVAS-Server auf die Banner der entsprechenden Dienste verlassen anstatt
+den Test wirklich durchzuführen. Dies führt zu einem weniger zuverlässigen
+Bericht, macht aber eine Einschränkung der Funktionalität des Zielrechners
+während des Scanvorgangs weniger wahrscheinlich. \textit{(Voreinstellung: yes)}
+ \item[auto\_enable\_dependencies] Wenn dieses Einstellung auf ``yes''
+gesetzt ist, wird OpenVAS-Server automatisch NVTs aktivieren, von denen die vom
+Benutzer ausgewählten NVTs abhängig sind. \textit{(Voreinstellung: yes)}
+ \item[silent\_dependencies] Wenn diese Einstellung auf ``yes'' gesetzt ist,
+wird die Ausgabe von automatisch aktivierten NVTs nicht an den Client gesendet.
+\textit{(Voreinstellung: yes)}
+ \item[use\_mac\_addr] Verwendet MAC-Adressen und nicht IP-Adressen, um Rechner
+zu identifizieren; dies kann etwa in DHCP-Netzwerken nützlich sein.
+\textit{(Voreinstellung: no)}
+ \item[save\_knowledge\_base] Diese Einstellung steuert, ob die während des
+Scanvorgangs erstellte Wissensbasis nach dem Scan auf dem Server gespeichert
+werden soll. \textit{(Voreinstellung: no)}
+ \item[kb\_restore] Diese Einstellung steuert, ob die Wissensbasis für einen
+erneuten Test wieder geladen werden soll. \textit{(Voreinstellung: no)}
+ \item[only\_test\_hosts\_whose\_kb\_we\_dont\_have] Wenn diese Einstellung
+aktiviert ist, scannt OpenVAS nur die Rechner, die noch nicht in der
+Wissensbasis vorhanden sind. Diese Einstellung kann beispielsweise eingesetzt
+werden, um Rechner einmal zu scannen, wenn Sie das erste Mal im Subnetz
+erscheinen. \textit{(Voreinstellung: no)}
+ \item[only\_test\_hosts\_whose\_kb\_we\_have] Wenn diese Einstellung aktiviert
+ist, wird OpenVAS nur die Rechner scannen, die bereits in der Wissensbasis
+vorhanden sind. Dies kann nützlich sein, wenn eine bestimmte Menge von
+Zielrechnern regelmäßig überprüft werden soll. \textit{(Voreinstellung: no)}
+ \item[kb\_dont\_replay\_scanners] Wenn sowohl diese Einstellung als auch die
+Einstellung \verb|kb_restore| aktiviert ist, werden Scanner-NVTs nicht erneut
+gestartet falls sie bereits in der Vergangenheit gestartet wurden.
+\textit{(Voreinstellung: no)}
+ \item[kb\_dont\_replay\_info\_gathering] Wenn sowohl diese Einstellung als auch
+die Einstellung \verb|kb_restore| aktiviert ist, werden NVTs zur
+Informationssammlung nicht erneut gestartet falls sie bereits in der
+Vergangenheit gestartet wurden. \textit{(Voreinstellung: no)}
+ \item[kb\_dont\_replay\_attacks] Wenn sowohl diese Einstellung als auch die
+Einstellung \verb|kb_restore| aktiviert ist, werden Angriffs-NVTs nicht erneut
+gestartet falls sie bereits in der Vergangenheit gestartet wurden.
+\textit{(Voreinstellung: no)}
+ \item[kb\_dont\_replay\_denials] Wenn sowohl diese Einstellung als auch die
+Einstellung \verb|kb_restore| aktiviert ist, werden ``Denial of Service''-NVTs
+nicht erneut gestartet falls sie bereits in der Vergangenheit gestartet wurden.
+\textit{(Voreinstellung: no)}
+ \item[kb\_max\_age] Diese Option steuert das maximale Alter (in Sekunden) der
+Wissensbasis. \textit{(Voreinstellung: 864000)}
+ \item[slice\_network\_addresses] Wenn diese Einstellung auf ``yes'' gesetzt
+ist, wird OpenVAS das Netzwerk nicht der Reihe nach scannen (10.0.0.1,
+10.0.0.2, 10.0.0.3), sondern wird versuchen, den Scan gleichmäßig über das
+Netzwerk zu verteilen (etwa: 10.0.0.1, 10.0.0.127, 10.0.0.2, 10.0.0.128).
+\textit{(Voreinstellung: no)}
+ \item[nasl\_no\_signature\_check] Wenn dieses Einstellung auf ``yes'' gesetzt
+ist, wird OpenVAS-Server die kryptografischen Signaturen der NVTs nicht
+überprüfen und wird NVTs ausführen, auch wenn diese über keine oder keine
+gültige Signatur verfügen.
 
- \item[dumpfile] This option configures the name of the file that should be used
-for debugging output. If this option is set to '-', debugging output will be
-written to stdout. \textit{(default value: /var/log/openvas/openvasd.dump)}
-
- \item[rules] The filename for the server rules file.
-\textit{(default value: /etc/openvas/openvasd.rules)}
-
- \item[users] The filename for the user database.
-\textit{(default value: /etc/openvas/openvasd.users)}
-
- \item[cgi\_path] The default CGI paths to check, separated by colons(':').
-\textit{(default value: /cgi-bin:/scripts)}
-
- \item[port\_range] The range of ports that will be scanned by the port scanners.
-If this setting is set to 'default', OpenVAS-Server will scan the ports
-specified in the file found at \verb#/var/lib/openvas/openvas-services#.
-\textit{(default value: default)}
-
- \item[optimize\_test] Security tests may request to be launched if and only if
-certain information gathered by other tests exists in the knowledge base, or if
-and only if a given port is open. If this option is set to 'yes', it will speed
-up the test, but may cause the OpenVAS server to miss some vulnerabilities.
-\textit{(default value: yes)}
-
- \item[language] The language to use in plugin description. Currently the values
-'english' and 'french' are supported. \textit{(default value: english)}
-
- \item[checks\_read\_timeout] The read timeout (in seconds) for the sockets used
-while scanning. \textit{(default value: 5)}
-
- \item[non\_simult\_ports] This option can be used to specify a list of ports or
-services against which plugins should not be run simultaneously.
-\textit{(default value: 139, 445)}
-
- \item[plugins\_timeout] The maximum lifetime of a plugin (in seconds).
-\textit{(default value: 320)}
-
- \item[safe\_checks] Some security checks may harm the target server, by
-disabling the remote service temporarily or until a reboot. If this option, is
-set to 'yes', the OpenVAS server will rely on banners instead of actually
-performing a security check. This will result in a less reliable report, but you
-is less likely to disrupt functionality on the target system during a test.
-\textit{(default value: yes)}
-
- \item[auto\_enable\_dependencies] If this option is set to 'yes', OpenVAS-Server
-will automatically enable plugins which are need by the plugins selected by the
-user. \textit{(default value: yes)}
-
- \item[silent\_dependencies] If this option is set to 'yes', output from plugins
-which were enabled automatically will not be send to the client.
-\textit{(default value: yes)}
-
- \item[use\_mac\_addr] Designate hosts by MAC address, not IP address; this can
-be useful in DHCP networks. \textit{(default value: no)}
-
- \item[save\_knowledge\_base] This option controls whether the knowledge base
-created during the scan should be saved to disk. \textit{(default value: no)}
-
- \item[kb\_restore] This setting controls whether the knowledge base should be
-restored for each test. \textit{(default value: no)}
-
- \item[only\_test\_hosts\_whose\_kb\_we\_dont\_have] If this option is set to
-'yes', OpenVAS-Server will only test the hosts that are not yet in the knowledge
-base. This can be used to scan new hosts once if they appear in a subnet for the
-first time, for example. \textit{(default value: no)}
-
- \item[only\_test\_hosts\_whose\_kb\_we\_have] If this option is set to 'yes',
-OpenVAS-Server will only test the hosts that are already in the knowledge
-base. This is useful for scanning only a set of host that are already known to 
-the server. \textit{(default value: no)}
-
- \item[kb\_dont\_replay\_scanners] If this option is set to 'yes' and the option
-kb\_restore has been enabled, scanner plugins will not be launched if they have
-already been launched in the past. \textit{(default value: no)}
-
- \item[kb\_dont\_replay\_info\_gathering] If this option is set to 'yes' and the
-option kb\_restore has been enabled, information gathering plugins will not be
-launched if they have already been launched in the past.
-\textit{(default value: no)}
-
- \item[kb\_dont\_replay\_attacks] If this option is set to 'yes' and the option
-kb\_restore has been enabled, attack plugins will not be launched if they have
-already been launched in the past. \textit{(default value: no)}
-
- \item[kb\_dont\_replay\_denials] If this option is set to 'yes' and the option
-kb\_restore has been enable, denial of service plugins will not be launched if
-they have already been launched in the past. \textit{(default value: no)}
-
- \item[kb\_max\_age] This option sets the maximum age of the knowledge base (in
-seconds). \textit{(default value: 864000)}
-
- \item[slice\_network\_addresses] If this option is set to 'yes', OpenVAS will
-not scan a network sequentially, (10.0.0.1, 10.0.0.2, 10.0.0.3) but will attempt
-to slice the workload throughout the whole network (i.e.: 10.0.0.1, 10.0.0.127,
-10.0.0.2, 10.0.0.128). \textit{(default value: no)}
-
- \item[nasl\_no\_signature\_check] If this option is set to 'yes',
-OpenVAS-Server will not check the signatures of the NASL scripts and will run
-scripts even if they have no or no valid signature. Be aware that setting this
+(Be aware that setting this
 option to 'yes' does pose a security risk. However, at the current stage of
 OpenVAS development, signatures are only available for a limited subset of
 tests. If this option is set to 'no', you will only be able to use a very
 limited number of plugins. For this reason, this option will default to 'yes'
-until an infrastructure for signature checking has been established. 
-\textit{(default value: yes)}
+until an infrastructure for signature checking has been established.)
+\textit{(Voreinstellung: yes)}
 \end{description}
 
-\xname{configuring-nvt-feeds}
-\section{Configuring NVT Feeds}
+\xname{nvt-feeds-konfigurieren}
+\section{NVT Feeds konfigurieren}
 
-\compendiumauthor{Jan-Oliver Wagner and Tim Brown}
+\compendiumauthor{Jan-Oliver Wagner und Tim Brown}
 
-This section explains how NVT Feed Services work in general and how you can use
-a Feed Service to keep up-to-date with the latest NVTs.
+In diesem Abschnitt wird beschrieben, wie ein NVT ``Feed Service'' (etwa: NVT
+Abonnement) funktioniert und wie Sie einen Feed Service nutzen können, um Ihre
+NVT-Sammlung auf dem neuesten Stand zu halten.
 
-An OpenVAS NVT Feed Service provides a set of NVTs (i.e. ".nasl" and ".inc"
-files) which can be downloaded into your OpenVAS server installation.
+Ein OpenVAS NVT Feed Service stellt eine Sammlung von NVTs (etwa in Form von
+``.nasl''- und ``.inc''-Dateien) zur Verfügung, die Sie sich in Ihre
+OpenVAS-Installation herunterladen können.
 
-In fact, only changed and new NVTs will be downloaded along with their signature
-files (".asc") and an overall "md5sums". This synchronization process uses the
-RSYNC technology. The signatures are only relevant for you if you configure
-your OpenVAS server to execute only trusted NVTs.
+Bei einer Aktualisierung Ihrer NVT-Sammlung über einen NVT Feed Service werden
+nur neue und veränderte NVT heruntergeladen, zusammen mit den jeweiligen
+Signaturen (``.asc''-Dateien) und einer Datei mit Prüfsummen (``md5sums''). Der
+Synchronisationsprozess basiert auf der RSYNC-Technologie. Die Signaturen sind
+nur von Bedeutung, wenn Sie Ihren OpenVAS Server dazu konfiguriert haben, nur
+signierte NVTs auszuführen.
 
-\xname{prerequisites-server}
-\subsection{Prerequisites}
+\xname{voraussetzungen-server}
+\subsection{Voraussetzungen}
 
-Apart from openvas-plugins (version 0.9.1 or higher), which contains the
-"openvas-nvt-sync" script, you need to have the standard \verb|rsync| and
-\verb|md5sum| tools available on the system where your OpenVAS server instance
-is running. If you installed OpenVAS from a binary package, the package
-management of your distribution should have taken care to meet these
-dependencies already.
+Abgesehen von dem \verb|openvas-plugins|-Modul, welches das Skript
+\verb|openvas-nvt-sync| enthält, müssen auf dem System, auf dem der OpenVAS
+Server läuft, die Programme \verb|rsync| und \verb|md5sum| verfügbar sein.
+Falls Sie OpenVAS aus einem Binärpaket installiert haben, sollte die
+Paketverwaltung Ihrer Distribution die Verfügbarkeit dieser Programme
+bereits automatisch sichergestellt haben.
 
-\xname{synchronizing-with-openvas-nvt-feed}
-\subsection{Performing a synchronization with an OpenVAS NVT Feed}
+\xname{synchronisation-mit-einem-openvas-nvt-feed}
+\subsection{Synchronisation mit einem OpenVAS NVT Feed}
 
-To synchronize your NVT repository with an OpenVAS NVT Feed, you need to follow
-these steps:
+Um Ihre NVT-Sammlung mit einem OpenVAS NVT-Feed zu synchronisieren, müssen Sie
+folgende Schritte durchführen:
 
 \begin{enumerate}
- \item Check the configuration of the synchronization command:
-Usually you will find this shell script installed as
-\verb|/usr/sbin/openvas-nvt-sync|.
+ \item Überprüfen Sie die Einstellungen des Synchronisationsskriptes:
+In der Regel wird das Skript unter \verb|/usr/sbin/openvas-nvt-sync|
+installiert.
 
-You should verify that the variables "NVT\_DIR" and "FEED" are correct. This
-should be the case for NVT\_DIR if you did not deviate from the standard build
-and install routine. For FEED there is currently only the pre-configured one
-available anyway. So, just don't change it.
+Sie sollten überprüfen, ob die Variablen \verb|NVT_DIR| und \verb|FEED| die für
+Ihre Konfiguration korrekten Werte beinhalten. Für \verb|NVT_DIR| sollte dies
+der Fall sein, sofern Sie nicht von dem beschrieben Installationsablauf
+abgewichen sind. Für \verb|FEED| existiert momentan nur der voreingestellte
+Feed Service; hier ist im Allgemeinen keine Änderung notwendig.
 
-\item Run the synchronization command:
+\item Rufen Sie das Synchronisationsskript auf:
 \begin{verbatim}
            # openvas-nvt-sync
 \end{verbatim}
 
-It will connect to the currently only available NVT feed. At the end, it will
-verify the md5 checksums of all synchronized files. If any of them fails, an
-error is reported. In this case you should retry a couple of minutes later
-(reasons for failures could be network lags or that feed was updated at the same
-time.) If the problem occurs again, please report it to the OpenVAS discussion
-mailing list.
+Das Skript synchronisiert sich nun mit dem angegeben NVT Feed Service. Nach der
+Synchronisation werden die Prüfsummen aller synchronisierten Datei überprüft.
+Falls dabei ein Fehler festgestellt wird, erhalten Sie eine Fehlermeldung. In
+diesem Fall sollten Sie einige Minuten später erneut eine Synchronisation
+versuchen; meist sind Netzwerkverzögerung oder eine gleichzeitige
+Aktualisierung der NVT-Sammlung auf dem RSYNC-Server dafür verantwortlich.
+Sollte der Fehler wiederholt auftreten, melden Sie dies bitte der
+OpenVAS-Mailingliste.
 
-\item Restart the OpenVAS server (openvasd):
+\item Starten Sie den OpenVAS Server neu:
 \begin{verbatim}
            # kill -1 PID
 \end{verbatim}
 
-Where PID is the process ID of the main openvasd. You may see in the
-"openvas-nvt-sync" script how this should work ideally, but currently it does
-not work. You might consider using the "killall openvasd" command if you really
-know what this means.
+Wobei PID für die Prozess-ID des \verb|openvasd|-Prozesses steht. Sie können
+ebenfalls den Befehl \verb|killall openvasd| benutzen, falls Sie damit
+Erfahrung haben.
 \end{enumerate}
 
-\xname{available-nvt-feed-services}
-\subsection{Available NVT Feed Services}
+\xname{verfuegbare-nvt-feed-services}
+\subsection{Verfügbare NVT Feed Services}
 
-For demonstration purposes, the OpenVAS project offers a simple NVT feed at
-rsync://rsync.openvas.org:/nvt-feed. It is pre-configured in the
-"openvas-nvt-sync" tool.
+Das OpenVAS-Projekt stellt unter \verb|rsync://rsync.openvas.org:/nvt-feed|
+einen NVT Feed Service zur Verfügung. Dieser ist im \verb|openvas-nvt-sync|
+voreingestellt. Die NVTs sind mit dem Zertifikat für OpenVAS-Transferintegrität
+signiert.
 
-However, the NVTs are signed with the OpenVAS Transfer Integrity certificate.
+\xname{automatische-synchronisation-mit-einem-nvt-feed-service}
+\subsection{Automatische Synchronisation mit einem NVT Feed Service}
 
-\xname{automatically-updating-an-nvt-feed}
-\subsection{Automatically Updating an NVT Feed}
-
 \begin{itemize}
-\item Create a script called "openvas-update" and save it somewhere such as
-"/usr/local/bin":
+\item Erstellen Sie ein Skript mit dem Namen \verb|openvas-update| und
+speichern Sie es, etwa im Verzeichnis \verb|/usr/local/bin|:
 \begin{verbatim}
 	#!/bin/sh
 
@@ -838,63 +846,68 @@
 	fi
 \end{verbatim}
 
-\item Update your crontab to contain a line such as:
+\item Fügen Sie zu Ihrer \verb|crontab| die folgende Zeile hinzu:
 \begin{verbatim}
 	25 4 * * *	root	/usr/local/bin/openvas-update
 \end{verbatim}
 \end{itemize}
 
-\xname{managing-nvt-signatures}
-\section{Managing NVT signatures}
+\xname{verwaltung-von-nvt-signaturen}
+\section{Verwaltung von NVT Signaturen}
 \compendiumauthor{Jan-Oliver Wagner}
 
-This section explains what you need to do to allow your OpenVAS-Server to
-execute only signed NVTs with a trust level you decide.
+In diesem Abschnitt wird erklärt, was Sie tun müssen, damit ihr OpenVAS-Server
+ausschließlich signierte NVTs mit einer von Ihnen festgelegten Vertrauensgrad
+ausführt.
 
-Currently, some signed NVTs are available by using the command
-\verb#openvas-nvt-sync# which is included in openvas-plugins
-The signatures correspond to the certificate "OpenVAS Transfer Integrity"
-available on the OpenVAS website.
+Zur Zeit können Sie signierte NVTs beispielsweise über den im Skript
+\verb|openvas-nvt-sync| voreingestellten Feed Service erhalten. Die in diesem
+Feed enthaltenen Signaturen beziehen sich auf das Zertifikat ``OpenVAS Transfer
+Integrity'', das über die OpenVAS-Website verfügbar ist.
 
-\xname{what-is-a-signature}
-\subsection{What is a Signature?}
+\xname{was-ist-eine-signatur}
+\subsection{Was ist eine Signatur?}
 
-A clever method is applied to compute a unique checksum for a file. If only a
-single character in the file changes, the checksum will change as well. This
-checksum is digitally signed in a way that you can test with a public
-certificate whether a certain key was used to create the signature. Such a key
-and certificate do always form a pair that is related to each other. If the
-signed file has been modified by a third party, the signature will be broken. In
-this case you should not trust the file.
+Über einen Algorithmus wird eine eindeutige Prüfsumme für eine Datei berechnet.
+Falls sich auch nur ein Zeichen in der Datei verändert, ändert sich die
+Prüfsumme ebenfalls. Diese Prüfsumme wird nun auf eine Weise digital signiert,
+die es Ihnen erlaubt mit einem öffentlichen Zertifikat zu überprüfen, ob
+diese Signatur mit einem bestimmten Schlüssel durchgeführt wurde. Ein Schlüssel
+und ein Zertifikat stehen immer in Beziehung zueinander; falls die signierte
+Datei von einem Dritten modifiziert wurde, wird die Überprüfung der Signatur
+fehlschlagen. In diesem Fall sollten Sie der Datei nicht vertrauen.
 
-If the signature is not broken, the question remains if you trust the owner of
-the key. If you decided to do so (and there any many ways and supporting
-technologies to manage this), you can accept the file as trustworthy.
+Falls sowohl Datei als auch Signatur intakt sind, bleibt die Frage, ob Sie dem
+Besitzer dieses Schlüssels vertrauen. Es gibt viele Wege, eine Antwort auf
+diese Frage zu finden; falls Sie sich dazu entscheiden, dem Besitzer diese
+Schlüssels vertrauen, können Sie die Datei als vertrauenswürdig akzeptieren.
 
-\xname{the-signature-format}
-\subsection{The Signature Format}
+\xname{das-signatur-format}
+\subsection{Das Signatur Format}
 
-The signatures for OpenVAS NVTs and associated files (.nasl, .inc and .nes) are
-standard so-called "ASCII-armored detached OpenPGP signatures" created with
-GnuPG. This format features:
+Die Signaturen für OpenVAS-NVTs und mit NVTs verbundenen Dateien (``.nasl'',
+``.inc'') sind so genannte ``ASCII-armored detached OpenPGP signatures'', die
+mit GnuPG erzeugt wurden. Dieses Format bietet die folgenden Vorteile:
 
 \begin{itemize}
- \item Multiple signer keys possible
- \item Site administrators can decide which keys to trust
- \item Signatures can be created and verified with widely available tools like
-GnuPG
- \item detached signatures do not require changes to the signed file (like
-inline signatures would)
+ \item Mehrere Signaturen pro NVT sind möglich
+ \item Administratoren können entscheiden, welchen Schlüsseln sie vertrauen
+ \item Signaturen können mit weitverbreiteten Programmen wie GnuPG erstellt
+und überprüft werden
+ \item ``Detached signatures'' (also Signaturen in separaten Dateien) führen
+nicht zu Änderungen in den signierten Dateien, wie es integrierte Signaturen
+tun würden
 \end{itemize}
 
-The name of the signature file is the name of the signed file with the added
-extension ".asc". That is, the name of the signature file for a file
-"myscript.nasl" is "myscript.nasl.asc".
+Der Dateiname der Signatur besteht im Allgemeinen auf dem Name der signierten
+Datei und dem Zusatz ``.asc''. Eine Signatur für die Datei ``meinskript.nasl''
+wäre also in der Datei ``meinskript.nasl.asc'' zu finden.
 
-Please note the difference to Nessus: Nessus signatures were inline x509-based
-signatures. This concept does not consider multiple signatures. Please be aware
-that OpenVAS no longer supports Nessus signatures and will consider plugins
-unsigned even if the have a valid Nessus signature.
+Bitte beachten Sie an dieser Stelle den Unterschied zu Nessus:
+Nessus-Signaturen waren integrierte X.509-basierte Signaturen, die nicht die
+oben genannten Vorteile boten. Beachten Sie, dass OpenVAS keine
+Nessus-Signaturen unterstützt und NVTs als unsigniert einstufen wird, auch wenn
+sie über eine gültige Nessus-Signatur verfügen.
 
 \xname{the-signature-verification-process}
 \subsection{The Signature Verification Process}

Modified: trunk/openvas-compendium/openvas-compendium.tex
===================================================================
--- trunk/openvas-compendium/openvas-compendium.tex	2008-10-08 22:42:36 UTC (rev 1499)
+++ trunk/openvas-compendium/openvas-compendium.tex	2008-10-09 08:51:04 UTC (rev 1500)
@@ -512,11 +512,11 @@
 \xname{generating-a-server-certificate}
 \subsection{Generating a Server Certificate}
 
-For security reasons, communication between server and client is only possible
-through SSL encrypted connections. In order to establish an SSL encrypted
-connection, the server needs to have an SSL certificate. If the machine
-OpenVAS-Server is running on does not have a certificate, you will to generate
-one yourself.
+For security reasons, communication between the OpenVAS server and client is
+only possible through SSL encrypted connections. In order to establish an SSL
+encrypted connection, the server needs to have an SSL certificate. If the
+machine OpenVAS-Server is running on does not have a certificate, you will have
+to generate one yourself.
 
 The easiest way to do this is through the \verb|openvas-mkcert|
 script provided by the OpenVAS-Server package. This will generate two
@@ -651,10 +651,10 @@
 \textit{(default value: 320)}
 
  \item[safe\_checks] Some security checks may harm the target server, by
-disabling the remote service temporarily or until a reboot. If this option, is
+disabling the remote service temporarily or until a reboot. If this option is
 set to 'yes', the OpenVAS server will rely on banners instead of actually
-performing a security check. This will result in a less reliable report, but you
-is less likely to disrupt functionality on the target system during a test.
+performing a security check. This will result in a less reliable report, but is
+less likely to disrupt functionality on the target system during a test.
 \textit{(default value: yes)}
 
  \item[auto\_enable\_dependencies] If this option is set to 'yes', OpenVAS-Server
@@ -705,7 +705,7 @@
 seconds). \textit{(default value: 864000)}
 
  \item[slice\_network\_addresses] If this option is set to 'yes', OpenVAS will
-not scan a network sequentially, (10.0.0.1, 10.0.0.2, 10.0.0.3) but will attempt
+not scan a network sequentially (10.0.0.1, 10.0.0.2, 10.0.0.3), but will attempt
 to slice the workload throughout the whole network (i.e.: 10.0.0.1, 10.0.0.127,
 10.0.0.2, 10.0.0.128). \textit{(default value: no)}
 


From scm-commit at wald.intevation.org  Thu Oct  9 12:00:16 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Thu,  9 Oct 2008 12:00:16 +0200 (CEST)
Subject: [Openvas-commits] r1501 - in trunk/openvas-libraries: . libopenvas
Message-ID: <20081009100016.ED6294074D@pyrosoma.intevation.org>

Author: mwiegand
Date: 2008-10-09 12:00:16 +0200 (Thu, 09 Oct 2008)
New Revision: 1501

Modified:
   trunk/openvas-libraries/ChangeLog
   trunk/openvas-libraries/libopenvas/pcap.c
Log:
* libopenvas/pcap.c: Added missing include for config.h; this fixes a
bug caused by a missing #define that led to a segfault on 64bit
machines.


Modified: trunk/openvas-libraries/ChangeLog
===================================================================
--- trunk/openvas-libraries/ChangeLog	2008-10-09 08:51:04 UTC (rev 1500)
+++ trunk/openvas-libraries/ChangeLog	2008-10-09 10:00:16 UTC (rev 1501)
@@ -1,3 +1,9 @@
+2008-10-09  Michael Wiegand <michael.wiegand at intevation.de>
+
+	* libopenvas/pcap.c: Added missing include for config.h; this fixes a
+	bug caused by a missing #define that led to a segfault on 64bit
+	machines.
+
 2008-09-23  Jan-Oliver Wagner <jan-oliver.wagner at intevation.de>
 
 	* libopenvas/ntp.h: Removed elements "scan_ids",

Modified: trunk/openvas-libraries/libopenvas/pcap.c
===================================================================
--- trunk/openvas-libraries/libopenvas/pcap.c	2008-10-09 08:51:04 UTC (rev 1500)
+++ trunk/openvas-libraries/libopenvas/pcap.c	2008-10-09 10:00:16 UTC (rev 1501)
@@ -33,6 +33,7 @@
 #include "pcap_openvas.h"
 #include "system_internal.h"
 #include "network.h"
+#include "config.h"
 
 #define MAXROUTES 1024
 


From scm-commit at wald.intevation.org  Thu Oct  9 12:19:44 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Thu,  9 Oct 2008 12:19:44 +0200 (CEST)
Subject: [Openvas-commits] r1502 - in branches/openvas-libraries-1-0: .
	libopenvas
Message-ID: <20081009101944.5C2914072A@pyrosoma.intevation.org>

Author: mwiegand
Date: 2008-10-09 12:19:44 +0200 (Thu, 09 Oct 2008)
New Revision: 1502

Modified:
   branches/openvas-libraries-1-0/ChangeLog
   branches/openvas-libraries-1-0/libopenvas/pcap.c
Log:
* libopenvas/pcap.c: Added missing include for config.h; this fixes a
bug caused by a missing #define that led to a segfault on 64bit
machines and was discovered by Michael Meyer. This is a backport from
-trunk.


Modified: branches/openvas-libraries-1-0/ChangeLog
===================================================================
--- branches/openvas-libraries-1-0/ChangeLog	2008-10-09 10:00:16 UTC (rev 1501)
+++ branches/openvas-libraries-1-0/ChangeLog	2008-10-09 10:19:44 UTC (rev 1502)
@@ -1,3 +1,10 @@
+2008-10-09  Michael Wiegand <michael.wiegand at intevation.de>
+
+	* libopenvas/pcap.c: Added missing include for config.h; this fixes a
+	bug caused by a missing #define that led to a segfault on 64bit
+	machines and was discovered by Michael Meyer. This is a backport from
+	-trunk.
+
 2008-09-02  Michael Wiegand <michael.wiegand at intevation.de>
 
 	* libopenvas/network.c (ovas_server_context_attach): Display gnutls

Modified: branches/openvas-libraries-1-0/libopenvas/pcap.c
===================================================================
--- branches/openvas-libraries-1-0/libopenvas/pcap.c	2008-10-09 10:00:16 UTC (rev 1501)
+++ branches/openvas-libraries-1-0/libopenvas/pcap.c	2008-10-09 10:19:44 UTC (rev 1502)
@@ -33,6 +33,7 @@
 #include "pcap_openvas.h"
 #include "system_internal.h"
 #include "network.h"
+#include "config.h"
 
 #define MAXROUTES 1024
 


From scm-commit at wald.intevation.org  Thu Oct  9 12:26:12 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Thu,  9 Oct 2008 12:26:12 +0200 (CEST)
Subject: [Openvas-commits] r1503 - trunk/openvas-libraries
Message-ID: <20081009102612.66A674072A@pyrosoma.intevation.org>

Author: mwiegand
Date: 2008-10-09 12:26:12 +0200 (Thu, 09 Oct 2008)
New Revision: 1503

Modified:
   trunk/openvas-libraries/ChangeLog
Log:
Added missing credit for bug hunting to ChangeLog.


Modified: trunk/openvas-libraries/ChangeLog
===================================================================
--- trunk/openvas-libraries/ChangeLog	2008-10-09 10:19:44 UTC (rev 1502)
+++ trunk/openvas-libraries/ChangeLog	2008-10-09 10:26:12 UTC (rev 1503)
@@ -2,7 +2,7 @@
 
 	* libopenvas/pcap.c: Added missing include for config.h; this fixes a
 	bug caused by a missing #define that led to a segfault on 64bit
-	machines.
+	machines and was discovered by Michael Meyer.
 
 2008-09-23  Jan-Oliver Wagner <jan-oliver.wagner at intevation.de>
 


From scm-commit at wald.intevation.org  Thu Oct  9 15:14:39 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Thu,  9 Oct 2008 15:14:39 +0200 (CEST)
Subject: [Openvas-commits] r1504 - trunk/openvas-compendium
Message-ID: <20081009131439.85BF640743@pyrosoma.intevation.org>

Author: mwiegand
Date: 2008-10-09 15:14:38 +0200 (Thu, 09 Oct 2008)
New Revision: 1504

Modified:
   trunk/openvas-compendium/ChangeLog
   trunk/openvas-compendium/openvas-compendium.de.tex
   trunk/openvas-compendium/openvas-compendium.tex
Log:
* openvas-compendium.de.tex: Finished translating chapter regarding
OpenVAS-Server installation and configuration.

* openvas-compendium.tex: Fixed typos.


Modified: trunk/openvas-compendium/ChangeLog
===================================================================
--- trunk/openvas-compendium/ChangeLog	2008-10-09 10:26:12 UTC (rev 1503)
+++ trunk/openvas-compendium/ChangeLog	2008-10-09 13:14:38 UTC (rev 1504)
@@ -1,5 +1,12 @@
 2008-10-09  Michael Wiegand <michael.wiegand at intevation.de>
 
+	* openvas-compendium.de.tex: Finished translating chapter regarding
+	OpenVAS-Server installation and configuration.
+
+	* openvas-compendium.tex: Fixed typos.
+
+2008-10-09  Michael Wiegand <michael.wiegand at intevation.de>
+
 	* openvas-compendium.de.tex: Updated translation.
 
 	* openvas-compendium.tex: Fixed typos.

Modified: trunk/openvas-compendium/openvas-compendium.de.tex
===================================================================
--- trunk/openvas-compendium/openvas-compendium.de.tex	2008-10-09 10:26:12 UTC (rev 1503)
+++ trunk/openvas-compendium/openvas-compendium.de.tex	2008-10-09 13:14:38 UTC (rev 1504)
@@ -909,76 +909,84 @@
 Nessus-Signaturen unterstützt und NVTs als unsigniert einstufen wird, auch wenn
 sie über eine gültige Nessus-Signatur verfügen.
 
-\xname{the-signature-verification-process}
-\subsection{The Signature Verification Process}
+\xname{ueberpruefung-von-signaturen}
+\subsection{Überprüfung von Signaturen}
 
-The signature verification of the OpenVAS server is activated by setting
-"nasl\_no\_signature\_check = no" in /etc/openvas/openvasd.conf.
+Sie können die Überprüfung der Signaturen durch den OpenVAS Server aktivieren,
+indem Sie in der Konfigurationsdatei (im Allgemeinen
+\verb|/etc/openvas/openvasd.conf|) die Einstellung
+\verb|nasl_no_signature_check| auf ``no'' setzen.
 
-At start-up the openvas daemon (openvasd) checks all signatures for validity.
-Only fully trusted files are considered by the server and thus loaded and made
-available to OpenVAS client.
+Beim Starten des OpenVAS-Dienstes (openvasd) werden alle Signaturen auf ihre
+Gültigkeit überprüft. Nur vertrauenswürdige Dateien werden vom Server
+berücksichtigt und an den Client übermittelt.
 
-The trust check uses a special list of certificates managed for the
-OpenVAS server. It is a standard GnuPG keyring located by default in
-/etc/openvas/gnupg.
+Für die Überprüfung wird eine vom OpenVAS Server verwaltete Liste von
+Zertifikaten genutzt. Diese Liste besteht aus einer Datei im ``GnuPG
+Keyring''-Format und liegt in der Regel im Verzeichnis
+\verb|/etc/openvas/gnupg|.
 
-When OpenVAS verifies a signature it checks all signatures contained in the
-signature file and all signatures must be fully valid. This means that all of
-the following criteria must be fulfilled for all signatures:
+Wenn OpenVAS-Server eine Signatur überprüft, werden alle in der Signaturdatei
+vorhanden Signaturen überprüft; für einen erfolgreiche Überprüfung müssen alle
+Signaturen vollständig gültig sein. Dies bedeutet, dass alle der folgenden
+Bedingungen für allen Signaturen erfüllt werden müssen:
 
 \begin{itemize}
- \item The certificate must be present in the keyring.
- \item The key must be fully valid.
- \item The signature must be valid.
+ \item Das Zertifikat muss im Keyring vorhanden sein.
+ \item Der Schlüssel muss vollständig gültig sein.
+ \item Die Signatur muss gültig sein.
 \end{itemize}
 
-If any of the signatures does not meet all of these criteria, that file is
-considered untrustworthy and will not be executed at all. If all signatures meet
-the criteria, the script is trusted fully and may execute all functions. If no
-signature file exists, the script is not executed at all.
+Falls eine der Signaturen nicht alle Bedingungen erfüllt, wird die Datei als
+nicht vertrauenswürdig eingestuft und nicht ausgeführt. Falls alle Signaturen
+alle Bedingungen erfüllen, wird die Datei als vertrauenswürdig eingestuft und
+kann ausgeführt werden. Fall keine Signaturdatei vorhanden ist, wird die Datei
+nicht ausgeführt.
 
-Again, please note the difference to Nessus: For Nessus signatures, three levels
-were distinguished: no signature, a bad signature and a good signature. Plugins
-with no signature were still executed, but in a "restricted" mode where no
-functions that were regarded critical could be executed. OpenVAS explicitly only
-distinguishes between fully trusted and untrusted files.
+Bitte beachten Sie auch hier den Unterschied zu Nessus: Bei Nessus-Signaturen
+wurden drei Vertrauensgrade unterschieden: Keine Signatur, eine ungültige
+Signatur und ein gültige Signatur. NVTs ohne Signatur wurden in einem
+abgesicherten (``restricted'') Modus ausgeführt und konnten keine als kritisch
+eingeschätzten Funktionen ausführen. Im Gegensatz dazu unterscheidet OpenVAS
+nur zwischen vertrauenswürdigen und nicht vertrauenswürdigen Dateien.
 
-\xname{how-to-add-a-certificate}
-\subsection{How to Add a Certificate}
+\xname{hinzufuegen-eines-zertifikates}
+\subsection{Hinzufügen eines Zertifikates}
 
-To add a certificate to the OpenVAS Server keyring, use this command:
+Um ein Zertifikat zu Ihrem OpenVAS-Server Keyring hinzuzufügen, können Sie den
+folgenden Befehl nutzen:
 
 \begin{verbatim}
 # gpg --homedir=/etc/openvas/gnupg --import certificate-file.asc
 \end{verbatim}
 
-See the OpenVAS website for available certificate files.
+Verfügbare Zertifikate finden Sie auf der OpenVAS-Website.
 
-\xname{how-to-set-trust}
-\subsection{How to Set Trust}
+\xname{vertrauen-festlegen}
+\subsection{Vertrauen festlegen}
 
-To express trust into keys that signed NVTs (see "How to set trust" below) you
-need a signing key for your OpenVAS installation. You can use an existing key,
-or you can generate a new one:
+Um Ihr Vertrauen in einen Schlüssel festzulegen, mit dem NVTs signiert wurden,
+benötigen Sie einen Schlüssel für Ihre OpenVAS-Installation. Sie können dazu
+einen existierenden Schlüssel benutzen oder einen neuen Schlüssel erstellen:
 
 \begin{verbatim}
 # gpg --homedir=/etc/openvas/gnupg --gen-key
 \end{verbatim}
 
-This needs to be done only once for an OpenVAS-Server installation.
+Dieser Schritt muss nur einmal pro OpenVAS-Installation ausgeführt werden.
 
-For OpenVAS to trust a signature, the key used to create the signature has to be
-valid. A certificate corresponding to this key that was just imported has an
-unknown validity and thus is considered not valid.
+Damit OpenVAS eine Signatur als vertrauenswürdig einstuft, muss der für die
+Erstellung der Signatur verwendete Schlüssel gültig sein. Ein sich auf diesen
+Schlüssel beziehendes Zertifikat, das gerade importiert wurde, hat eine
+unbekannte Gültigkeit und wird von OpenVAS-Server als ungültig eingestuft.
 
-In order to trust a certificate for your purpose, you have to sign it. The
-recommended way is to use local signatures that remain only in the keyring of
-your OpenVAS Server installation.
+Um ein Zertifikat als vertrauenswürdig einzustufen müssen Sie es signieren. Es
+wird empfohlen, für diesen Zweck lokale Signaturen zu verwenden, die lediglich
+im Keyring Ihre OpenVAS-Installation vorhanden sind.
 
-To sign a certificate you need to know its KEY\_ID. You can get it either
-from the OpenVAS website or via a "list-keys" command. Then you can locally
-sign:
+Um ein Zertifikat signieren zu können, müssen Sie zunächst die \verb|KEY_ID|
+des Zertifikates wissen. Diese erhalten Sie entweder von der OpenVAS-Website
+oder mit dem Befehl \verb|list-keys|. Dann können Sie lokal signieren:
 
 \begin{verbatim}
 # gpg --homedir=/etc/openvas/gnupg --list-keys
@@ -986,37 +994,42 @@
 # gpg --homedir=/etc/openvas/gnupg --lsign-key KEY_ID
 \end{verbatim}
 
+Vor dem Signieren sollten Sie sich absolut sicher sein, dass Sie das korrekte
+Zertifikat unterzeichnen. Sie sollten den Fingerabdruck der Zertifikates und
+andere Methoden nutzen, um sich davon zu überzeugen.
 Before signing you should be absolutely sure that you are signing correct
 certificate. You may use its fingerprint and other methods to convince yourself.
 
-\xname{how-to-remove-a-certificate}
-\subsection{How to Remove a Certificate}
+\xname{entfernen-eines-zertifikates}
+\subsection{Entfernen eines Zertifikates}
 
 \begin{verbatim}
 # gpg --homedir=/etc/openvas/gnupg --delete-keys KEY_ID
 \end{verbatim}
 
-\xname{manual-signature-verification}
-\subsection{Manual Signature Verification}
+\xname{manuelle-ueberpruefung-eines-zertifikates}
+\subsection{Manuelle Überprüfung eines Zertifikates}
 
-In case you want to manually verify the validity of a .nasl file, you  can
-either run GnuPG:
+Falls Sie die Gültigkeit einer NVT von Hand überprüfen möchten, können Sie dazu
+entweder GnuPG verwenden:
 
 \begin{verbatim}
 $ gpg --homedir=/etc/openvas/gnupg gpg --verify script.nasl.asc script.nasl
 \end{verbatim}
 
-Or you can use the standalone nasl interpreter:
+Oder Sie können den eigenständigen NASL Interpreter nutzen:
 \begin{verbatim}
 $ openvas-nasl -p script.nasl
 \end{verbatim}
 
-The -p Option means that the script is only parsed and not executed.
+Die Option ``-p'' bedeutet, dass das Skript nur übersetzt, aber nicht
+ausgeführt wird.
 
-To debug the signature verification done by the nasl interpreter, use the -T
-option to enable the trace mode. The signature verification will leave more
-detailed information about the verification and the signatures found in the
-trace file.
+Um nach Fehlern bei der Überprüfung der Signatur durch den NASL Interpreter zu
+suchen könne die Option ``-T'' verwenden und damit die Nachverfolgung (``trace
+mode'') aktivieren. Die Überprüfung der Signatur wird auf diesem Wege
+ausführlichere Informationen bezüglich der Überprüfung in der ``trace file''
+aufzeichnen.
 \clearpage
 
 \xname{openvas-file-locations}

Modified: trunk/openvas-compendium/openvas-compendium.tex
===================================================================
--- trunk/openvas-compendium/openvas-compendium.tex	2008-10-09 10:26:12 UTC (rev 1503)
+++ trunk/openvas-compendium/openvas-compendium.tex	2008-10-09 13:14:38 UTC (rev 1504)
@@ -924,9 +924,9 @@
 \xname{how-to-set-trust}
 \subsection{How to Set Trust}
 
-To express trust into keys that signed NVTs (see "How to set trust" below) you
-need a signing key for your OpenVAS installation. You can use an existing key,
-or you can generate a new one:
+To express trust into keys that signed NVTs you need a signing key for your
+OpenVAS installation. You can use an existing key, or you can generate a new
+one:
 
 \begin{verbatim}
 # gpg --homedir=/etc/openvas/gnupg --gen-key
@@ -977,7 +977,7 @@
 $ openvas-nasl -p script.nasl
 \end{verbatim}
 
-The -p Option means that the script is only parsed and not executed.
+The -p option means that the script is only parsed and not executed.
 
 To debug the signature verification done by the nasl interpreter, use the -T
 option to enable the trace mode. The signature verification will leave more


From scm-commit at wald.intevation.org  Thu Oct  9 15:31:55 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Thu,  9 Oct 2008 15:31:55 +0200 (CEST)
Subject: [Openvas-commits] r1505 - trunk/doc/website
Message-ID: <20081009133155.2480540743@pyrosoma.intevation.org>

Author: mwiegand
Date: 2008-10-09 15:31:54 +0200 (Thu, 09 Oct 2008)
New Revision: 1505

Modified:
   trunk/doc/website/openvas-cr-16.htm4
Log:
Updated CR #16 based on Tims suggestions on openvas-devel and in #openvas.


Modified: trunk/doc/website/openvas-cr-16.htm4
===================================================================
--- trunk/doc/website/openvas-cr-16.htm4	2008-10-09 13:14:38 UTC (rev 1504)
+++ trunk/doc/website/openvas-cr-16.htm4	2008-10-09 13:31:54 UTC (rev 1505)
@@ -72,11 +72,18 @@
   specific family should be enabled, but other new NVTs should not.
 </p>
 
+<p>
+  The present version also makes it very difficult for an user to identify new
+  NVTs and new families. This change should also include an option that informs
+  the user when new NVTs or families have been found when enabled.
+</p>
+
 <h3>Effects</h3>
 
 <p>
   This change will introduce a configurable setting in the client that controls
-  whether new NVTs should be automatically enabled or not.
+  whether new NVTs should be automatically enabled or not and an setting that
+  informs the user when new NVTs or families have been found when enabled.
 </p>
 
 
@@ -95,6 +102,8 @@
 <h3>History</h3>
 
 <ul>
+<li> 2008-10-09 Michael Wiegand &lt;michael.wiegand at intevation.de&gt;:<br>
+     Updated text.</li>
 <li> 2008-10-08 Michael Wiegand &lt;michael.wiegand at intevation.de&gt;:<br>
      Initial text.</li>
 </ul>


From scm-commit at wald.intevation.org  Fri Oct 10 15:56:52 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Fri, 10 Oct 2008 15:56:52 +0200 (CEST)
Subject: [Openvas-commits] r1506 - trunk/openvas-compendium
Message-ID: <20081010135652.4EFAC4074F@pyrosoma.intevation.org>

Author: mwiegand
Date: 2008-10-10 15:56:50 +0200 (Fri, 10 Oct 2008)
New Revision: 1506

Modified:
   trunk/openvas-compendium/ChangeLog
   trunk/openvas-compendium/openvas-compendium.de.tex
   trunk/openvas-compendium/openvas-compendium.tex
Log:
* openvas-compendium.de.tex: Updated translation.

* openvas-compendium.tex: Fixed typos.


Modified: trunk/openvas-compendium/ChangeLog
===================================================================
--- trunk/openvas-compendium/ChangeLog	2008-10-09 13:31:54 UTC (rev 1505)
+++ trunk/openvas-compendium/ChangeLog	2008-10-10 13:56:50 UTC (rev 1506)
@@ -1,3 +1,9 @@
+2008-10-10  Michael Wiegand <michael.wiegand at intevation.de>
+
+	* openvas-compendium.de.tex: Updated translation.
+
+	* openvas-compendium.tex: Fixed typos.
+
 2008-10-09  Michael Wiegand <michael.wiegand at intevation.de>
 
 	* openvas-compendium.de.tex: Finished translating chapter regarding

Modified: trunk/openvas-compendium/openvas-compendium.de.tex
===================================================================
--- trunk/openvas-compendium/openvas-compendium.de.tex	2008-10-09 13:31:54 UTC (rev 1505)
+++ trunk/openvas-compendium/openvas-compendium.de.tex	2008-10-10 13:56:50 UTC (rev 1506)
@@ -50,7 +50,7 @@
 
 \newcommand{\compendiumversion}{0.3.0.SVN}
 \newcommand{\compendiumdate}{20080828}
-\newcommand{\compendiumauthor}[1]{\begin{small}(by {#1})\end{small}}
+\newcommand{\compendiumauthor}[1]{\begin{small}(von {#1})\end{small}}
 \newcommand{\hyperurl}[1]{\htmlonly{\xml{p}\small
 \xlink{{#1}}{{#1}}\xml{br}}\texonly{\small{#1}}}
 
@@ -433,7 +433,7 @@
 \section{OpenVAS-Server kompilieren}
 \label{sec:compiling-openvas-server-from-source}
 
-\xname{aktuelle-quelltext-release-server}
+\xname{aktuelles-quelltext-release-server}
 \subsection{Aktuelles Quelltext-Release}
 
 Auf der OpenVAS-Website finden Sie den Link zum aktuellen Quelltext-Release.
@@ -508,8 +508,8 @@
 Wiederholen Sie dies nun für die übrigen Module und lesen Sie die jeweiligen
 \verb|INSTALL|- und/oder \verb|README|-Dateien.
 
-Das Team der OpenVAS-Entwickler fühlt dazu verpflichtet, eine möglichst hohe
-Codequalität zu gewährleisten. Bitte beachten Sie trotzdem, dass Sie einen
+Das Team der OpenVAS-Entwickler fühlt sich dazu verpflichtet, eine möglichst
+hohe Codequalität zu gewährleisten. Bitte beachten Sie trotzdem, dass Sie einen
 aktuellen Entwicklungsstand benutzen, der unvollständig und instabil sein
 könnte und nicht in Produktivumgebungen eingesetzt werden sollte.
 
@@ -1036,120 +1036,127 @@
 \chapter{OpenVAS File Locations}
 \compendiumauthor{Michael Wiegand}
 
-The OpenVAS components will install files to different locations on your
-system during installation. This chapter aims to give you a rough idea of what
-will be installed where.
+Bei der Installation von OpenVAS werden Dateien an verschiedenen Orten in Ihrem
+Dateisystem abgelegt. Dieses Kapitel soll Ihnen einen groben Überblick geben,
+welche Dateien wohin installiert werden.
 
-Please note that the locations presented here refer to a standard installation
-from source with PREFIX=/usr/local.
-These locations may differ according to the choices made when
-configuring and compiling the individual components; if you installed OpenVAS
-from binary packages provided for your distribution, the package maintainers
-may have chosen different locations according to the distributions guidelines.
+Bitte beachten Sie, dass die hier beschriebenen Orte sich auf eine
+Standardinstallation aus dem Quelltext mit \verb|prefix=/usr/local| beziehen.
+Diese Orte können abweichen falls Sie bei der Konfiguration und Installation
+der einzelnen Modulen eine andere Auswahl getroffen haben; falls Sie OpenVAS
+aus einem von Ihrer Distribution zur Verfügung gestellten Binärpaket
+installiert haben, wurde eventuell andere Orte gemäß des Richtlinien Ihrer
+Distribution ausgewählt.
 
-Be aware that most of these directories will of course contain files additional
-to the ones described in the following sections; this chapter only points out
-which files will be placed by OpenVAS in certain locations.
+Beachten Sie auch, das viele der beschriebenen Verzeichnisse naturgemäß mehr
+Dateien beinhalten als die hier beschriebenen; diese Kapitel bezieht sich nur
+auf Dateien, die von OpenVAS an diesen Orten abgelegt wurden.
 
 \xname{usr-local-bin}
-\section{Executables for users (PREFIX/bin)}
+\section{Ausführbare Dateien für Benutzer (PREFIX/bin)}
 
-This directory holds executables that are either relevant for
-the user or for the source code compilation procedure:
+Dieses Verzeichnis enthält ausführbare Dateien, die für den Benutzer oder
+während des Kompilierens hilfreich sein können.
 
 \begin{itemize}
-\item \verb|libopenvas-config|: compile parameters for modules that use openvas-libraries
-\item \verb|openvas-libnasl-config|: compile parameters for modules that use openvas-libnasl
-\item \verb|openvasd-config|: compile parameters for modules that use openvas-server
-\item \verb|openvas-mkcert-client|: a tool for generating client certificates
-\item \verb|openvas-nasl|: a standalone NASL interpreter for users who want to test
-  a NASL skript for syntax errors.
-\item \verb|OpenVAS-Client|: The graphical user interface.
+\item \verb|libopenvas-config|: Ausgabe von Kompilierungs-Parametern für Module,
+die openvas-libraries nutzen
+\item \verb|openvas-libnasl-config|: Ausgabe von Kompilierungs-Parametern für
+Module, die openvas-libnasl nutzen
+\item \verb|openvasd-config|: Ausgabe von Kompilierungs-Parametern für
+Module, die openvas-server nutzen
+\item \verb|openvas-mkcert-client|: Erstellung von Client-Zertifikaten
+\item \verb|openvas-nasl|: Ein eigenständiger NASL-Interpreter
+\item \verb|OpenVAS-Client|: Die grafische Benutzungsoberfläche
 % TODO: Is this worth mentioning or will it be removed anyway eventually?
 % \item \verb|openvas-mkrand|:
 \end{itemize}
 
 \xname{usr-local-etc-openvas}
-\section{Server configuration (PREFIX/etc/openvas)}
+\section{Server-Konfiguration (PREFIX/etc/openvas)}
 
-This directory holds the system-wide configuration data for OpenVAS including
-the file for the access rules and the user database.
+Dieses Verzeichnis enthält die systemweiten Konfigurationsdateien für OpenVAS,
+inklusive der Zugriffsregeln und der Benutzerdatenbank.
 
 \begin{itemize}
-\item \verb|openvasd.conf|: the main server configuration.
-\item \verb|openvasd.rules|: rules to restrict set of target systems for OpenVAS users.
-\item \verb|gnupg|: the keyring and trust levels for defining which NVTs are allowed for
-  execution
+\item \verb|openvasd.conf|: Die zentrale Konfigurationsdatei des OpenVAS
+Servers.
+\item \verb|openvasd.rules|: Regeln, die den Zugriff auf Zielsysteme für die
+Nutzer dieser OpenVAS-Installation einschränken.
+\item \verb|gnupg|: Der Keyring und die Vertrauensgrade anhand derer
+festgelegt wird, welche NVTs vertrauenswürdig genug sind, um ausgeführt zu
+werden.
 \end{itemize}
 
 \xname{usr-local-include-openvas}
-\section{Compilation files (PREFIX/include/openvas)}
+\section{Datei für die Kompilierung (PREFIX/include/openvas)}
 
-This directory contains the C header files for OpenVAS. They are only
-relevant for compilation of OpenVAS on the respective system.
+Dieses Verzeichnis enthält die C-Headerdateien für OpenVAS. Diese Dateien sind
+nur für die Kompilierung von OpenVAS auf dem jeweiligen System relevant.
 
 \xname{usr-local-lib}
-\section{Libraries (PREFIX/lib}
+\section{Bibliotheken (PREFIX/lib}
 
-This directory holds the library files, static (.a) and dynamic (.so)
-of the OpenVAS components openvas-libraries and openvas-libnasl.
+Dieses Verzeichnis enthält die statischen (``.a'') und dynamischen (``.so'')
+Programmbibliotheken, die von den Modulen openvas-libraries und openvas-libnasl
+genutzt werden.
 
 \xname{usr-local-lib-openvas-plugins}
 \section{NVTs (PREFIX/lib/openvas/plugins)}
 
-This is the directory where all \verb|.nasl| and \verb|.inc| files are located.
+Dieses Verzeichnis enthält alle \verb|.nasl|- und \verb|.inc|-Dateien.
 
 \xname{usr-local-sbin}
-\section{Executables for server (PREFIX/sbin)}
+\section{Ausführbare Dateien für OpenVAS-Server (PREFIX/sbin)}
 
-This directory holds several executables useful for OpenVAS system administrators:
+Dieses Verzeichnis enthält verschiedene ausführbare Dateien, die für die
+Administration von OpenVAS-Server nützlich sind:
 
 \begin{itemize}
-\item \verb|openvasd|: The OpenVAS server itself.
-\item \verb|openvas-adduser|: Routine to add a OpenVAS user.
-\item \verb|openvas-mkcert|: Routine to create a server certificate.
-\item \verb|openvas-rmuser|: Routine to remove a OpenVAS user.
-\item \verb|openvas-check-signature|: Routine to check singatures on NVTs.
-\item \verb|openvas-nvt-sync|: Routine for synchronisation with NVT Feeds.
+\item \verb|openvasd|: Der OpenVAS Server.
+\item \verb|openvas-adduser|: Programm zum Hinzufügen eines OpenVAS-Nutzers.
+\item \verb|openvas-mkcert|: Programm zum Erstellen eines Serverzertifikates.
+\item \verb|openvas-rmuser|: Programm zum Entfernen eines OpenVAS-Nutzers.
+\item \verb|openvas-check-signature|: Programm zur Überprüfung der
+NVT-Signaturen.
+\item \verb|openvas-nvt-sync|: Programm zur Synchronisation mit NVT Feeds.
 \end{itemize}
 
 \xname{usr-local-share-man}
-\section{Manual pages for users (PREFIX/share/man)}
+\section{Bedienungsanleitungen für Benutzer (PREFIX/share/man)}
 
-This directory contains the standard unixoid manual pages for the individual executables
-relevant for OpenVAS users and for the source code compilation process.
+Dieses Verzeichnis enthält die auf Unix-basierten Systemen gebräuchlichen
+Bedienungsanleitungen (``man pages'') für die für OpenVAS-Anwender gedachten
+ausführbaren Dateien.
 
 \xname{usr-local-man}
 \section{Manual pages for server (PREFIX/man)}
 
-This directory contains the standard unixoid manual pages for the individual executables
-relevant for OpenVAS administation.
+Dieses Verzeichnis enthält die auf Unix-basierten Systemen gebräuchlichen
+Bedienungsanleitungen (``man pages'') für die für OpenVAS-Administratoren
+gedachten ausführbaren Dateien.
 
 \xname{usr-local-var-lib-openvas}
-\section{Server installation specific data (PREFIX/var/lib/openvas)}
+\section{Installationsspezifische Daten (PREFIX/var/lib/openvas)}
 
-This directory contains data which are specific for each OpenVAS installation:
+Dieses Verzeichnis enthält Daten, die für die jeweilige OpenVAS-Installation
+spezifisch sind:
 
 \begin{itemize}
-
-\item \verb|CA|: Public certitificates created for OpenVAS Server SSL connections.
-
-\item \verb|private/CA|: Corresponding private certificates.
-
-\item \verb|users/|: Files for each configured OpenVAS user.
-
-\item \verb|openvas-services|: List of known services with their port numbers.
-
-\item \verb|services.tcp|: TCP services.
-
-\item \verb|services.udp|: UDP services.
-
+\item \verb|CA|: Öffentliche Zertifikate, die für den Aufbau einer
+verschlüsselten Verbindung erstellt wurden.
+\item \verb|private/CA|: Die dazugehörigen geheimen Zertifikate.
+\item \verb|users/|: Dateien für die einzelnen OpenVAS-Benutzer.
+\item \verb|openvas-services|: Liste der bekannten Dienste und der zugehörigen
+Portnummern.
+\item \verb|services.tcp|: TCP-Dienste.
+\item \verb|services.udp|: UDP-Dienste.
 \end{itemize}
 
 \xname{usr-local-var-log-openvas}
-\section{Log files (PREFIX/var/log/openvas)}
+\section{Protokolldateien (PREFIX/var/log/openvas)}
 
-This directory holds the log files of the OpenVAS-Server component:
+Dieses Verzeichnis enthält die Protokolldateien des OpenVAS-Servers:
 
 \begin{itemize}
 \item \verb|openvasd.dump|
@@ -1158,58 +1165,55 @@
 
 
 \xname{usr-local-var-run}
-\section{Server process information (PREFIX/var/run)}
+\section{Serverprozessinformation (PREFIX/var/run)}
 
-This directory contains runtime data of a running OpenVAS system:
+Dieses Verzeichnis enthält Laufzeitdaten einer in der Ausführung befindlichen
+OpenVAS-Installation:
 
 \begin{itemize}
-\item \verb|openvasd.pid|: Process identifier file.
+\item \verb|openvasd.pid|: Datei zur Prozessidentifizierung.
 \end{itemize}
 
 \xname{home-openvas}
-\section{User data (HOME/)}
+\section{Benutzerdaten (HOME/)}
 
-All user specific runtime data (managed by OpenVAS-Client) are located
-in the home directory of the user:
+Alle benutzerspezifischen Daten, die von OpenVAS-Client verwaltet werden, sind
+im jeweiligen Benutzerverzeichnis (``HOME'') abgelegt:
 
 \begin{itemize}
-\item \verb|.openvas/TTT/|: Directory with all files that relate to task ,,TTT''.
-
-\item \verb|.openvas/TTT/nessusrc|: [OpenVAS 1.0] Task-specific configuration.
-
-\item \verb|.openvas/TTT/openvasrc|: [OpenVAS 2.0] Task-specific configuration.
-
-\item \verb|.openvas/TTT/SSS/|: Directory with all files that relate to scope ,,SSS''
-  of task ,,TTT''.
-
-\item \verb|.openvas/TTT/SSS/nessusrc|: [OpenVAS 1.0] Scope-specific configuration.
-
-\item \verb|.openvas/TTT/SSS/openvasrc|: [OpenVAS 2.0] Scope-specific configuration.
-
-\item \verb|.openvas/TTT/SSS/RRR/|: Directory with all files that relate to report ,,RRR'' of scope ,,SSS''
-  of task ,,TTT''.
-
-\item \verb|.openvas/TTT/SSS/RRR/nessusrc|: [OpenVAS 1.0] Configuration that
-  was applied when creating this report ,,RRR''.
-
-\item \verb|.openvas/TTT/SSS/RRR/openvasrc|: [OpenVAS 2.0] Configuration that
-  was applied when creating this report ,,RRR''.
-
-\item \verb|.openvas/TTT/SSS/RRR/report.nbe|: The actual contents of report ,,RRR'' in a text format.
-
-\item \verb|.openvas/TTT/SSS/RRR/report.nbe.cnt|: Counter for security holes, warnings and hints collected
-  with this report (can be recalculated from report.nbe).
-
-\item \verb|.openvas/TTT/SSS/RRR/nessus_plugin_cache|: [OpenVAS 1.0] Cached NVT descriptions
-  that define the NVTs called to produce report ,,RRR''.
-
-\item \verb|.openvas/TTT/SSS/RRR/openvas_nvt_cache|: [OpenVAS 2.0] Cached NVT descriptions
-  that define the NVTs called to produce report ,,RRR''.
-
-\item \verb|.openvasrc|: Default configuration for OpenVAS-Client.
-
-\item \verb|.openvasrc.cert|: Certificates of OpenVAS Servers connected in the past
-  that were accepted by the user as correct.
+\item \verb|.openvas/TTT/|: Verzeichnis mit alle Dateien bezüglich Aufgabe
+,,TTT''.
+\item \verb|.openvas/TTT/nessusrc|: [OpenVAS 1.0] Aufgabenspezifische
+Konfiguration.
+\item \verb|.openvas/TTT/openvasrc|: [OpenVAS 2.0] Aufgabenspezifische
+Konfiguration.
+\item \verb|.openvas/TTT/SSS/|: Verzeichnis mit allen Dateien, die sich auf
+Bereich ,,SSS'' der Aufgabe ,,TTT'' beziehen.
+\item \verb|.openvas/TTT/SSS/nessusrc|: [OpenVAS 1.0] Bereichsspezifische
+Konfiguration.
+\item \verb|.openvas/TTT/SSS/openvasrc|: [OpenVAS 2.0] Bereichsspezifische
+Konfiguration.
+\item \verb|.openvas/TTT/SSS/RRR/|: Verzeichnis mit allen Dateien, die sich auf
+den Bericht ,,RRR'' im Bereich ,,SSS'' der Aufgabe ,,TTT'' beziehen.
+\item \verb|.openvas/TTT/SSS/RRR/nessusrc|: [OpenVAS 1.0] Die während
+der Erstellung des Berichtes ,,RRR'' gesetzte Konfiguration.
+\item \verb|.openvas/TTT/SSS/RRR/openvasrc|: [OpenVAS 2.0] Die während
+der Erstellung des Berichtes ,,RRR'' gesetzte Konfiguration.
+\item \verb|.openvas/TTT/SSS/RRR/report.nbe|: Der Inhalt des Berichtes ,,RRR''
+in einem Textformat.
+\item \verb|.openvas/TTT/SSS/RRR/report.nbe.cnt|: Zähler für die im jeweiligen
+Bericht enthaltenen Sicherheitsmeldungen. Dieser Zähler kann aus der
+Berichtsdatei report.nbe neu berechnet werden.
+\item \verb|.openvas/TTT/SSS/RRR/nessus_plugin_cache|: [OpenVAS 1.0]
+Zwischenspeicher der Beschreibungen der NVTs, die bei der Erstellung des
+Berichtes ,,RRR'' eingesetzt wurden.
+\item \verb|.openvas/TTT/SSS/RRR/openvas_nvt_cache|: [OpenVAS 2.0]
+Zwischenspeicher der Beschreibungen der NVTs, die bei der Erstellung des
+Berichtes ,,RRR'' eingesetzt wurden.
+\item \verb|.openvasrc|: Voreinstellungen für OpenVAS-Client.
+\item \verb|.openvasrc.cert|: Zertifikate von OpenVAS-Servern, mit denen sich
+der Client in der Vergangenheit verbunden hat und die vom Benutzer als
+vertrauenswürdig akzeptiert wurden.
 \end{itemize}
 
 
@@ -1217,173 +1221,128 @@
 \chapter{Installing and Configuring OpenVAS-Client}
 \compendiumauthor{Tim Brown, Jan-Oliver Wagner and Michael Wiegand}
 
-\xname{installing-binary-packages-client}
-\section{Installing Binary Packages}
+\xname{binaerpakete-installieren-client}
+\section{Binärpakete installieren}
 
-Binary packages for the major linux distributions and some other platforms are
-available for download from the OpenVAS website or from services provided by
-third parties.
+Binärpakete für die verbreitetsten Linux-Distributionen und einige andere
+Unix-basierte Systeme sind über die OpenVAS-Website verfügbar.
 
+Falls OpenVAS-Client noch nicht für das Betriebssystem oder die
+Distribution Ihrer Wahl verfügbar ist, ist es auf den meisten Unix-basierten
+Systemen in der Regel möglich, OpenVAS-Client selbst zu kompilieren (siehe
+Abschnitt \ref{sec:compiling-openvas-client-from-source}). Bei Bedarf können Sie
+gerne die bei dieser Distribution für die Paketierung Verantwortlichen darauf
+hinweisen, dass Sie an OpenVAS-Paketen interessiert sind und dass das OpenVAS
+Entwickler-Team neue Paketierungen nach Möglichkeit unterstützt.
+
 \xname{installing-debian-client}
-\subsection{Debian "Sid" (unstable) and "Lenny" (testing)}
+\subsection{Debian und Ubuntu}
 
-OpenVAS-Client is an official Debian package for the distributions "unstable"
-("Sid) and "testing" ("Lenny"). You can find more information about the Debian
-packages on the OpenVAS-Client package pages for
-Sid\footnote{\hyperurl{http://packages.debian.org/sid/openvas-client}} and
-Lenny\footnote{\hyperurl{http://packages.debian.org/lenny/openvas-client}}.
+OpenVAS-Client ist ein offizieller Bestandteil der Debian-Distributionen
+``unstable'' (``Sid'') und ``testing'' (``Lenny'') und der
+Ubuntu-Distributionen ab Version 8.10 (``Intrepid Ibex''). Das heißt, dass Sie 
+OpenVAS-Client einfach mittels des \verb|apt-get|
+Mechanismus installieren können, falls Sie eine dieser Distributionen
+verwenden. Bitte informieren Sie sich auf der OpenVAS-Website, falls Sie
+Binärpakete für ältere Versionen dieser Distributionen benötigen.
 
-This means you can simply install OpenVAS-Client on Debian Sid or Debian
-Lenny with the following command:
-\begin{verbatim}
-# apt-get install openvas-client
-\end{verbatim}
-
-\xname{installing-etch-client}
-\subsection{Debian "Etch" 4.0 (stable)}
-
-OpenVAS-Client is not an official package for the Debian 4.0 release ("Etch").
-To enable you to easily run OpenVAS-Client on Debian Etch, the OpenVAS
-project provides backports for Etch. You can install OpenVAS-Client on
-Debian Etch by following these steps:
-
-Select the following resource and add the line
-to the file /etc/apt/sources.list on your system:
-\begin{verbatim}
- deb http://apt.intevation.de/ etch openvas
-\end{verbatim}
-
-Then, update your package list and install OpenVAS-Client:
-
-\begin{verbatim}
- # apt-get update
- # apt-get install openvas-client
-\end{verbatim} 
-
-\xname{installing-ubuntu-client}
-\subsection{Ubuntu 8.10 "Intrepid Ibex"}
-
-OpenVAS-Client has been added to the upcoming Ubuntu 8.10 release
-("Intrepid Ibex") which is scheduled for release in October 2008. You can find
-more information about the Ubuntu
-package on the OpenVAS Client package page for Intrepid Ibex (at
-\hyperurl{http://packages.ubuntu.com/intrepid/openvas-client}).
-
-This means you can simply install OpenVAS-Client on Ubuntu 8.10 with the
-following command:
-
-\begin{verbatim}
-# apt-get install openvas-client
-\end{verbatim}
-
-Backported packages are also available for the Ubuntu 8.04 LTS release ("Hardy
-Heron"). To install OpenVAS-Client on Ubuntu 8.04 LTS, simply follow the
-instructions for Debian 4.0 "Etch" as described above.
-
 \xname{installing-gentoo-client}
 \subsection{Gentoo}
 
-Please see the installation description for OpenVAS-Server on Gentoo in
-section \ref{sec:gentoo-server}.
+OpenVAS-Client Pakete für Gentoo sind über das ``Portage''-System verfügbar. In
+der Gentoo-Dokumentation und auf der OpenVAS-Website finden Sie nähere
+Informationen zur Installation dieser Pakete.
 
-\xname{installing-suse-client}
-\subsection{OpenSUSE 10.2}
+\xname{installing-rpms-client}
+\subsection{OpenSUSE 10.2, 10.3, 11.0 (auch für Fedora 8, 9 und Mandriva 2007,
+2008)}
 
-In the download area you will find the file
-openvas-client-N.N.N-M.suse102.openvas.i586.rpm where N.N.N stands for the
-version of OpenVAS-Client and M for the package release number.
+Pakete für einige Versionen von OpenSUSE, Fedora, Mandriva und anderen
+RPM-basierten Distributionen sind in einer inoffiziellen Paketquelle unter
+\hyperurl{http://download.opensuse.org/repositories/home:/bitshuffler:/openvas/}
+verfügbar. In der Dokumentation Ihrer Distributionen finden Sie eine Anleitung
+zum Hinzufügen von Paketquellen und zum Installieren dieser Pakete.
 
-The corresponding source RPM files are named
-openvas-client-N.N.N-M.suse102.openvas.src.rpm.
-You will need these files only if you plan to rebuild the actual installation
-package.
-
-\xname{installing-fedora-client}
-\subsection{Fedora 8}
-
-In the download area you will find the file
-openvas-client-N.N.N-M.fc8.openvas.i586.rpm
-where N.N.N stands for the version of OpenVAS-Client and
-M for the package release number.
-
-The corresponding source RPM files are named
-openvas-client-N.N.N-M.fc8.openvas.src.rpm.
-You will need these files only if you plan to rebuild
-the actual installation package.
-
 \xname{installing-windows-client}
 \subsection{Windows XP SP2}
 
-In the download area you will find the file OpenVAS-Client-N.N.N-M-LL-setup.exe
-where N.N.N stands for the version of OpenVAS-Client, M for the package release
-number and LL for the language (e.g. en=English, de=German, sv=Swedish).
+Binärpakete für Microsoft Windows XP SP2 sind über die OpenVAS-Website
+verfügbar.
 
 \xname{installing-freebsd-client}
 \subsection{FreeBSD}
 
-The FreeBSD Ports and Packages Collection provides ports and packages for
+Die FreeBSD Ports- und Paketesammlung enthält Ports und Pakete für
 OpenVAS-Client.
 
-The following commands can be used to compile and install the FreeBSD port on
-your FreeBSD system:
+Mit dem folgenden Befehl können Sie den FreeBSD Port auf Ihrem FreeBSD
+System kompilieren und installieren:
 
 \begin{verbatim}
 cd /usr/ports/security/openvas-client/ && make install clean
 \end{verbatim}
 
-If you would rather use the binary package, you will want to use the following
-commands:
+Falls Sie das Binärpaket vorziehen, so können Sie dieses mit dem folgenden
+Befehl installieren:
 \begin{verbatim}
 pkg_add -r openvas-client
 \end{verbatim}
 
-\xname{compiling-openvas-client-from-source}
-\section{Compiling OpenVAS-Client from Source Packages}
+\xname{openvas-client-kompilieren}
+\section{OpenVAS-Client kompilieren}
+\label{sec:compiling-openvas-client-from-source}
 
-\xname{latest-source-code-release-client}
-\subsection{Latest source code release}
+\xname{aktuelles-quelltext-release-release-client}
+\subsection{Aktuelles Quelltext-Release}
 
-Be aware the there are currently two different series of OpenVAS available for
-download: the stable 1.0 series and the upcoming 2.0 series. The releases for
-the 2.0 series are currently designated as ``beta'', meaning that they are still
-in a testing phase and might not work as expected. You are more than welcome to
-use the releases for the 2.0 series if you want to take part in testing the new
-functionality provided by this versions; if you are planning on using OpenVAS in
-a production environment, we recommend that you use the releases of the 1.0
-series until the 2.0 series has been finalized.
+Auf der OpenVAS-Website finden Sie den Link zum aktuellen Quelltext-Release.
 
-Download the ".tar.gz" source code archive from the download section of the
-OpenVAS website and unpack with "tar -xzf openvas-client-N.N.N.tar.gz".
-Compiling from source is currently geared towards GNU/Linux systems, but may
-work as well in other environments.
+Bitte beachten Sie, dass zur Zeit zwei verschiedene Serien der OpenVAS-Modulen
+verfügbar sind; die stabile Serie 1.0 und die zukünftige Serie 2.0. Die
+Releases der Serie 2.0 sind zur Zeit in der Beta-Phase, also noch nicht
+abschließend getestet und bieten unter Umständen eingeschränkte Funktionalität.
+Sie sind herzlich dazu eingeladen, diese Versionen zu nutzen, falls Sie bei der
+Erprobung der in diesen Versionen enthaltenen neuen Funktionalität helfen
+möchten. Falls Sie OpenVAS in einer Produktivumgebung einsetzen wollen,
+sollten Sie auf die Releases der Serie 1.0 zurückgreifen bis die Serie 2.0 die
+Beta-Phase abgeschlossen hat.
 
-Now read the README file inside the new directory for further instructions.
+Laden Sie zunächst das Quelltextarchiv mit der Endung ``.tar.gz''
+herunter und entpacken Sie sie mit dem Befehl
+\verb|tar -xzf openvas-client-N.N.N.tar.gz|. Das Kompilieren des Quelltextes ist
+zur Zeit auf GNU/Linux-Systeme ausgerichtet, funktioniert aber eventuell in
+anderen Umgebungen.
 
-\xname{most-current-state-client}
-\subsection{Most current state of development (directly from the source code
-management system)}
+Bitte lesen Sie nun die Datei \verb|README| in dem eben entpackten Verzeichnis,
+dort finden Sie weitere Anweisungen.
 
-You need subversion to retrieve the code:
+\xname{aktueller-entwicklungsstand-client}
+\subsection{Aktueller Entwicklungsstand (direkt aus der Quelltextverwaltung)}
 
-\paragraph{Stable 1.0 branch}
+Sie benötigen das Programm ``subversion'', um den aktuellen Entwicklungsstand
+herunterzuladen:
 
+\paragraph{Stabiler Zweig (1.0)}
+
 \begin{verbatim}
  $ svn checkout
 https://svn.wald.intevation.org/svn/openvas/branches/openvas-client-1-0
 \end{verbatim}
 
-\paragraph{Current state of development}
+\paragraph{Aktueller Entwicklungsstand}
 
 \begin{verbatim}
  $ svn checkout
 https://svn.wald.intevation.org/svn/openvas/trunk/openvas-client
 \end{verbatim}
 
-Change to the new directory and follow the instructions of the README file.
+Bitte lesen Sie nun die Datei \verb|README| in dem neu erstellten Verzeichnis,
+dort finden Sie weitere Anweisungen.
 
-Although the OpenVAS team is committed to maintaining a high code quality,
-please be aware that you are using a development state that may be incomplete
-and unstable and should not be used in production environments.
+Das Team der OpenVAS-Entwickler fühlt sich dazu verpflichtet, eine möglichst
+hohe Codequalität zu gewährleisten. Bitte beachten Sie trotzdem, dass Sie einen
+aktuellen Entwicklungsstand benutzen, der unvollständig und instabil sein
+könnte und nicht in Produktivumgebungen eingesetzt werden sollte.
 
 \clearpage
 
@@ -2116,43 +2075,46 @@
 erzeugten Verweise in der PDF-Datei variieren.
 
 \xname{client-sladinstaller}
-\subsection{Installing SLAD using SLADinstaller}
+\subsection{Installation von SLAD mit SLADinstaller}
 
-If you are planning to use the Security Local Auditing Daemon (SLAD) with
-OpenVAS (as described in section \ref{sec:slad}), there is a convenient way to
-install SLAD on a local or remote machine. Using the ``SLAD install'' option in
-the file menu, you can launch the \verb|sladinstaller| binary from within
-OpenVAS-Client, which will the guide you through the installation process.
+Falls Sie SLAD (``Security Local Auditing Daemon'') wie in Abschnitt
+\ref{sec:slad} beschrieben mit OpenVAS einsetzen wollen, bietet OpenVAS eine
+einfache Methode zur Installation von SLAD auf einem lokalen oder entfernen
+Rechner. Über den Menüpunkt ``SLAD installieren'' im Dateimenü können Sie das
+Programm \verb|sladinstaller| starten, welches Sie durch den weiteren
+Installationsablauf führt.
 
-Please note that the \verb|sladinstaller| binary needs to be available in your
-system path for you to be able to use this feature. More information on
-installing and using \verb|sladinstaller| is available in section
-\ref{sec:slad}.
+Bitte beachten Sie, dass das Programm \verb|sladinstaller| in Ihrem Systempfad
+verfügbar sein muss, damit Sie diese Methode nutzen können. Weitere
+Informationen zur Installation und Benutzung von \verb|sladinstaller| finden
+Sie in Abschnitt \ref{sec:slad}.
 
 \clearpage
 
-\xname{performing-local-security-checks}
-\chapter{Performing Local Security Checks}
+\xname{durchfuehrung-von-local-security-checks}
+\chapter{Durchführung von Local Security Checks}
 \compendiumauthor{Jan-Oliver Wagner}
 \xname{debian-local-security-checks}
 \section{Debian Local Security Checks}
 
-This section explains how to run local security checks with OpenVAS. So far,
-this procedure has been tested only with Debian local security checks.
+Dieser Abschnitt beschreibt, wie Sie lokale Sicherheitstests (``Local Security
+Checks'') mit OpenVAS durchführen können. Der hier beschriebene Ablauf wurde
+bis jetzt nur für lokale Sicherheitstests unter Debian getestet.
 
-\xname{prerequisites-dlsc}
-\subsection{Prerequisites}
+\xname{voraussetzungen-dlsc}
+\subsection{Voraussetzungen}
 \label{sec:deb-lsc-prereqs}
 
-To perform local security checks, you need a working OpenVAS-Server
-installation. Information on setting up and configuring OpenVAS-Server is
-available in chapter \ref{chap:Install-And-Configure-Server} on page
+Um lokale Sicherheitstests durchführen zu können, benötigen Sie eine
+funktionstüchtigen OpenVAS-Server. Informationen zur Installation und
+Konfiguration von OpenVAS-Server finden Sie in Kapitel
+\ref{chap:Install-And-Configure-Server} ab Seite
 \pageref{chap:Install-And-Configure-Server}.
 
-\xname{create-users-for-local-security-checks}
-\subsection{Create users for local security checks}
+\xname{benutzer-fuer-local-security-checks-erstellen}
+\subsection{Benutzer für Local Security Checks erstellen}
 
-First, you need a key with certificate:
+Als erstes benötigen Sie einen Schlüssel mit Zertifikat:
 
 \begin{verbatim}
 $ ssh-keygen -t rsa -f ~/.ssh/id_rsa_sshovas -C
@@ -2160,11 +2122,12 @@
 $ openssl pkcs8 -topk8 -v2 des3 -in ~/.ssh/id_rsa_sshovas -out sshovas_rsa.p8
 \end{verbatim}
 
-Note: The comment (here: "OpenVAS-Local-Security-Checks-Key") must not
-contain spaces.
-Currently, you need a rsa pkcs8 key for OpenVAS local security checks.
+Beachten Sie, dass der Kommentar (hier: "OpenVAS-Local-Security-Checks-Key")
+keine Leerzeichen enthalten darf.
+Zur Zeit benötigen Sie einen Schlüssel vom Typ ``RSA PKCS8'' für lokale
+Sicherheitstests aus OpenVAS.
 
-Now, for each target system:
+Führen Sie nun auf jedem Zielsystem die folgenden Befehle durch:
 \begin{verbatim}
 # adduser --disabled-password sshovas
 Name: OpenVAS Local Security Checks
@@ -2175,10 +2138,10 @@
 $ chmod 400 .ssh/authorized_keys
 \end{verbatim}
 
-\xname{configure-the-local-security-checks-in-openvas-client}
-\subsection{Configure the local security checks in OpenVAS-Client}
+\xname{local-security-checks-in-openvas-client-konfigurieren}
+\subsection{Local Security Checks in OpenVAS-Client konfigurieren}
 
-In Preferences, configure SSH Authorization: 
+Konfigurieren Sie in den Voreinstellungen die SSH-Anmeldung:
 \begin{verbatim}
 SSH login name: sshovas
 SSH private key: ~/.ssh/sshovas_rsa.p8
@@ -2186,10 +2149,12 @@
 SSH public key: ssh/id_rsa_sshovas.pub
 \end{verbatim}
 
-Note: It is actually not necessary to submit the public key, but currently this
-is necessary due to a bug inherited from Nessus.
+Beachten Sie: Es ist im Allgemeinen nicht notwendig, den öffentlichen Schlüssel
+zu übertragen. Bedingt durch einen Fehler in dem von Nessus übernommenen Code
+muss dies aber zur Zeit durchgeführt werden.
 
-Next, make sure you select at least these plugins:
+Stellen Sie als nächstes sicher, dass Sie mindestens die folgenden NVTs
+aktiviert haben:
 \begin{itemize}
 \item Debian Local Security Checks/*
 \item Misc/Determine List of installed packages via SSH login
@@ -2197,56 +2162,58 @@
 \item Settings/Global variable settings
 \item Settings/SSH Authorization
 \end {itemize}
-or ensure dependencies are resolved at runtime (see checkboxes) if you select
-only some local security checks.
+oder stellen Sie sicher, dass Abhängigkeiten zur Laufzeit aufgelöst werden,
+falls Sie nicht alle lokalen Sicherheitstests ausführen möchten.
 
 \xname{windows-local-security-checks}
 \section{Windows Local Security Checks}
 
-In order to provide - analogous to the Linux Local Security Check - a framework
-for checking and testing for Microsoft Windows vulnerabilities, a new
-Application Programming Interface (API) was introduced by the OpenVAS team.
+Um -- analog zu den lokalen Sicherheitstests für Linux -- ein Gerüst für die
+lokale Suche nach Sicherheitslücken in Microsoft Windows-Systemen zur Verfügung
+zu stellen, hat das Team der OpenVAS-Entwickler eine neue
+Programmierschnittstelle (``Application Programming Interface'', API)
+eingeführt.
 
-This API (for the Nessus Attack Scripting Language, NASL) allows to check and
-examine binary files (e.g. DLLs) as well Microsoft Windows meta-data on
-Microsoft Windows machines by accessing the complete file system using default
-Windows administrative shares.
+Diese API (für die ``Nessus Attack Scripting Language'', NASL) ermöglicht es,
+sowohl Binärdateien (wie etwas DLLs) als auch auf Metadaten des
+Microsoft Windows-Systems zu überprüfen, indem dafür die voreingestellten
+administrativen Freigaben des Windows-Systems genutzt werden.
 
-The functionality is similar to the Nessus Windows Local Security checks.
-However, the OpenVAS solution is using samba (smbclient) and does not
-re-implement the binary SMB protocol in NASL.
+Die Funktionalität is ähnlich zu den ``Nessus Windows Local Security checks''.
+Im Gegensatz zu dieser Implementation benutzt OpenVAS für den Zugriff
+\verb|samba| (\verb|smbclient|) und implemtiert das binäre SMB-Protokoll
+nicht selbst.
 
-The advantage of this smbclient integration is to act more flexible on protocol
-changes on the SAMBA/CEFIS protocol side.
+Der Vorteil dieser Integration von \verb|smbclient| ist, dass auf diese Weise
+flexibler und schneller auf Änderungen des SAMBA/CEFIS-Protokolls reagiert
+werden kann.
 
-\xname{preparing-the-openvas-server-wlsc}
-\subsection{Preparing the OpenVAS Server}
+\xname{vorbereiten-des-openvas-servers-wlsc}
+\subsection{Vorbereiten des OpenVAS Servers}
 
-To install the WLSC, a few steps are required to be taken on the server that
-hosts and runs the actual scan daemon "openvasd".
+Um die lokalen Sicherheitstests für Windows zu installieren müssen zunächst
+einige Schritte auf dem Rechner vorgenommen werden, auf dem der
+OpenVAS-Serverdienst (\verb|openvasd|) läuft.
 
-It depends on the operating system where you run the OpenVAS server, how the
-steps are carried out technically.
+Die genaue Durchführung dieser Schritte hängt von dem Betriebssystem dieses
+Rechners ab; genauere Informationen finden Sie in der mit Ihrem System
+ausgelieferten Dokumentation.
 
 \begin{enumerate}
-
-\item Install SAMBA (\hyperurl{http://www.samba.org})
-
-Installation packages should be readily available for your operating system.
-
-\item Make sure that the binary "smbclient" in is the installation/execution
-path.
-
-\item Check the permissions of openvasd and smbclient: smbclient must be
-executable with the permissions of openvasd.
-
+\item SAMBA installieren (\hyperurl{http://www.samba.org})
+Installationspakete sollten in der Regel für Ihr Betriebssystem verfügbar sein.
+\item Stellen Sie sicher, dass die ausführbare Datei \verb|smbclient| in Ihrem
+Systempfad gefunden werden kann.
+\item Überprüfen die Einstellungen zu den Rechten bei den ausführbaren Dateien
+\verb|openvasd| und \verb|smbclient|: \verb|smbclient| muss mit den Rechten von
+\verb|openvasd| ausführbar sein.
 \end{enumerate}
 
-\xname{preparing-the-microsoft-windows-target}
-\subsection{Preparing the Microsoft Windows target}
+\xname{vorbereiten-des-microsoft-windows-zielrechners}
+\subsection{Vorbereiten des Microsoft Windows Zielrechners}
 
-The WLSC implementation has been tested on the following Microsoft Windows
-Operating Systems:
+Die Implementation der lokalen Sicherheitstests für Microsoft Windows wurde auf
+den folgenden Betriebssystemen getestet:
 \begin{itemize}
 \item Windows NT 4.0
 \item Windows 2000
@@ -2254,41 +2221,44 @@
 \item Windows XP SP3
 \item Windows Vista
 \end{itemize}
-Probably the WLSC is also compatible with other Microsoft Operating Systems.
-Once the SMB Port of a Windows target is accessible, the Operating System (OS)
-and SAMBA Version could be detected immediately and will be reported. For deeper
-tests the following steps are required:
+Wahrscheinlich sind die lokalen Sicherheitstests für Microsoft Windows auch mit
+anderen Versionen kompatibel.
+Sofern der SMB-Port des Zielrechners erreichbar ist, kann die Version des
+Betriebssystems und die SAMBA-Version ermittelt werden. Für eine weiterführende
+Überprüfung sind die folgenden Schritte notwendig:
 
-You need the Windows credentials for an administrative user. Usually this is the
-user name (Default is "Administrator") and the correct password for this user.
-There is no default password, this has been defined before during the Windows
-installation process.
+Sie benötigen administrative Zugriffsrechte auf den Zielrechner. Diese erhalten
+Sie in der Regel mit dem Benutzernamen (Voreinstellung: ``Administrator'') und
+dem Passwort dieses Benutzers. Es gibt kein voreingestelltes Passwort, dass
+Passwort wurde während der Installation des Betriebssystems festgelegt.
 
-These credentials are entered in the OpenVAS-Client GUI as SMB Credentials and
-are used on every host in the target list.
+Die Zugriffsinformationen werden in der grafischen Benutzungsoberfläche von
+OpenVAS-Client als ``SMB Credentials'' angegeben; diese Informationen werden
+für jeden Rechnern in der Liste der Zielsysteme verwendet.
 
-If you plan to scan a whole Windows Domain, you can enter the
-Domain-Administrative user and password instead of the target host credentials.
+Falls Sie planen, eine ganze Windows-Domäne zu scannen, können Sie an dieser
+den Benutzernamen und das Passwort des Domänen-Administrators angeben.
 
-Make sure the Windows-(personal) Firewall is disabled for the OpenVAS Server
-host, or a correct rule for the Test-Network is entered.
+Stellen Sie sicher, dass während des Scans keine Firewall auf den Zielsystem
+aktiv ist oder dass eine entsprechende Ausnahmeregel für den OpenVAS Server
+vorhanden ist.
 
-\paragraph{Additional Note for Windows XP}
+\paragraph{Anmerkung für Windows XP}
 
-For Windows XP it is important that "Easy Filesharing" is switched off.
-To disable this, the Windows Click-Path is: Windows Explorer/Tools/Folder
-Options/View (see screenshot below).
+Bei der Verwendung von Windows XP is es wichtig, dass die Einstellungen
+``Einfache Dateifreigabe verwenden'' nicht aktiviert ist.
 
-Without this setting, "smbclient" is not able to retrieve files from the Windows
-System shares (\verb!C$,D$...!).
+Ohne diese Einstellung ist \verb|smbclient| nicht in der Lage, auf Dateien in
+den Windows-Systemfreigaben zuzugreifen.
 
 \IncludeImage[width=10cm]{images/wlsc-windows-en}
 
-\xname{executing-the-checks-via-openvas-client-wlsc}
-\subsection{Executing the checks via OpenVAS-Client}
+\xname{ausfuehrung-der-tests-in-openvas-client-wlsc}
+\subsection{Ausführung der Tests in OpenVAS-Client}
 
-Using the OpenVAS-Client you specify the credentials and the target host
-information will be reported as illustrated by the following two screenshots:
+Nachdem Sie in OpenVAS-Client den Zielrechner und die Zugriffsinformationen
+angegeben und den Scan ausgeführt haben, werden Informationen über das
+Zielsystem im Bericht erscheinen:
 
 \IncludeImage[width=10cm]{images/wlsc-client-en}
 
@@ -2296,23 +2266,25 @@
 
 \clearpage
 
-\xname{using-integrated-tools}
-\chapter{Using Integrated Tools}
+\xname{integrierte-sicherheitswerkzeuge-verwenden}
+\chapter{Integrierte Sicherheitswerkzeuge verwenden}
 \label{chap:tools}
 
 \xname{security-local-auditing-daemon}
 \section{Security Local Auditing Daemon (SLAD)}
 \compendiumauthor{Jan-Oliver Wagner}
-\xname{how-to-use-slad-with-openvas}
-\subsection{How to use Security Local Auditing Daemon (SLAD) with OpenVAS}
+\xname{slad-mit-openvas-benutzen}
+\subsection{Security Local Auditing Daemon (SLAD) mit OpenVAS benutzen}
 \label{sec:slad}
 
-Homepage: \hyperurl{http://www.dn-systems.org/slad.shtml}
+Website: \hyperurl{http://www.dn-systems.org/slad.shtml}
 
-This description is a quick guide how you get first results with SLAD via
-OpenVAS. For real production mode you should make yourself familiar with the
-details of SLAD and its integrated tools. There is also the SLAD developer's and
-administrator's guide as PDF file.
+Dieser Abschnitt ist als eine kurze Einleitung gedacht, die Ihnen helfen soll,
+erste Ergebnisse von SLAD mittels OpenVAS zu erhalten. Falls Sie SLAD in einer
+Produktivumgebung einsetzen wollen, sollten Sie sich zunächst mit den
+Details zu SLAD und den in SLAD enthaltenen Programmen vertraut machen. Eine
+Anleitung für SLAD-Entwickler und -Administratoren ist ebenfalls als
+PDF-Dokument verfügbar.
 
 \begin{enumerate}
 
@@ -2379,76 +2351,82 @@
 \end{enumerate}
 
 \xname{slad-plugins}
-\subsection{SLAD plugins}
+\subsection{SLAD Plugins}
 
-As shown above, the sladd is just a program to run other programs from inside a
-daemon and provide an unififed interface to their output. The current package of
-SLAD contains the following plugins:
+Wie bereits beschrieben, handelt es sich bei SLAD um einen Dienst, der anderer
+Programme einbindet und eine einheitliche Schnittstelle zu ihren Ausgaben zur
+Verfügung stellt. In der aktuellen Version enthält SLAD die folgenden Plugins:
 
 \subsubsection{chkrootkit}
 
-The chkrootkit package is a tool to locally check for signs of installed
-rootkits.
+\verb|chkrootkit| ist ein Programm, das das lokale System auf Anzeichen für
+installierte Rootkits untersucht.
 
 \subsubsection{clamav}
 
-The clamav plugin provides a GPLed virus scanner for linux. The options include
-scanning with or without archive (.zip, .tar.gz, etc) scanning, and removing
-infected files or putting them into quarantine.
+Das \verb|clamav| stellt einen GPL-lizenzierten Virenscanner für Linux zur
+Verfügung. Es lässt sich steuern, ob Archive (``.zip'', ``.tar.gz'' usw.)
+gescannt werden sollen oder nicht und ob infizierte Dateien entfernt werden
+sollen oder in einem Quarantäne-Bereich isoliert werden sollen.
 
 \subsubsection{john}
 
-John the ripper is a fast password cracker. This tool is meant to find
-weak user passwords, which could compromise system security. It comes
-with three options:
+``John the ripper'' ist ein schneller Passwortbrecher. Ziel dieses Programmes
+ist es, schwache Benutzerpasswörter zu finden, die die Sicherheit des Systems
+beeinträchtigen könnten. Drei Optionen sind verfügbar:
 
 \begin{description}
-  \item[Fast crack mode:] In this mode, John only tries the usernames and
-derived  words against the hashed passwords.
-  \item[Dictionary mode:] In this mode all words from the installed dictionary
-are tried to attack the hashed passwords.
-  \item[Full crack mode:] This slowest mode tries all words from the dictionary,
-as well as rules generated variations of these, against the user's passwords 
+  \item[Fast crack mode:] In diesem Modus testet John lediglich den
+Benutzernamen und davon abgeleitete Wörter gegen die Hashwerte der Passwörter.
+  \item[Dictionary mode:] In diesem Modus werden alle Wörter des installierten
+Wörterbuchs genutzt, um die Hashwerte der Passwörter anzugreifen.
+  \item[Full crack mode:] Dieser langsamste Modus testet alle Wörter des
+Wörtbuchs sowie daraus generierte Variationen dieser Wörter gegen die
+Benutzerpasswörter.
 \end{description}
 
-\textbf{The "normal" version of John exposes cracked passwords in clear-text.
-This makes John difficult to operate with in a professional environment.
-Therefore, SLAD uses a John the Ripper version which has been patched. In this
-version cracked passwords are not exposed anymore, instead only the
-user-accounts with crackable passwords are identified.}
+\textbf{Die Standardversion von John zeigt gebrochene Passwörter im Klartext
+an. Dies macht es schwierig, John in einer professionellen Umgebung
+einzusetzen. Aus diesem Grund nutzt SLAD eine Version von John the Ripper, die
+dahingehend verändert wurde, dass nicht die Passwörter, sondern die Namen der
+Benutzer mit schwachen Passwörtern angezeigt werden.}
 
 \subsubsection{lsof}
 
-The unix system utility lsof simply shows a list of files currently open on the
-system and which program uses them. This can assist an administrator to find
-unusual activity on the system.
+Das Unix-Systemprogramm \verb|lsof| zeigt eine Liste der zur Zeit auf dem
+System offenen Dateien an und welche Programme diese Dateien nutzt. Diese
+Ausgabe kann Administratoren dabei helfen, ungewöhnliche Aktivitäten auf dem
+System festzustellen.
 
 \subsubsection{tiger}
 
-The tiger suite is a package to analyze the host's security. Out of the many
-checks the suite can perform four groups have been created. These are:
+Die ``tiger''-Sammlung ist ein Paket zur Analyse der Sicherheit des Rechnern.
+Die Vielzahl der Sicherheitstests, die ``tiger'' durchführen kann, lässt sich
+vier Gruppen unterteilen:
 
 \begin{description}
-\item[Users:] The users check covers accounts, checks for mail aliases, ftp
-login users and the like.
-\item[Permission:] This selection checks users and group access permissions on
-device nodes, logfiles and other important files and directories.
-\item[Config:] This script checks for weaknesses and mistakes in common system
-and application specific configuration files.
-\item[System:] The system check looks for open deleted files, processes that are
-waiting for incoming connections, and other ``unsual'' things.
-\item[Full system check:] This runs all of the above checks.
+\item[Users:] Dieser Test deckt Benutzerkonten ab, überprüft Mailweiterleitung,
+FTP-Zugänge und ähnliches.
+\item[Permission:] Diese Auswahl überprüft Zugriffsrechte von Benutzern und
+Gruppen auf bestimmte wichtige Dateien und Verzeichnisse.
+\item[Config:] Dieses Skripts sucht nach Schwachstellen und Fehlern in
+verbreiteten system- und anwendungsspezifischen Konfigurationsdateien.
+\item[System:] Diese Tests sucht nach offenen gelöschten Dateien, Prozessen,
+die auf ankommende Verbindungen warten und andere ``ungewöhnliche'' Dinge.
+\item[Full system check:] Dies führt alle oben beschriebenen Tests aus.
 \end{description}
 
 \subsubsection{tripwire}
 
-Tripwire is an open source file integrity checker. It initially stores hashes of
-system files in a database for comparison on subsequent runs. Modifications
-performed by a potential intruder can be easily spotted this way.
+Tripwire ist ein Open Source-Programm, das die Integrität von Dateien
+überprüft. Beim ersten Aufruf erstellt Tripwire eine Datenbank mit Hashwerten
+der Systemdateien, die es bei zukünftigen Aufruf zum Vergleich heranzieht.
+Veränderungen am System lassen sich auf diese Weise leicht feststellen.
 
-The default installation of tripwire contains a rule set for Debian. For details
-on how to adapt these to a different operating system or distribution, see the
-SLAD 2 Developers and Administrators Guide.
+Die Standardinstallation von Tripwire enthält einen Regelsatz für Debian. Falls
+Sie diesen Regelsatz an eine andere Distribution oder ein anderes
+Betriebssystem anpassen möchten, finden Sie in der SLAD-Dokumentation für
+Entwickler und Administratoren weitere Informationen.
 
 \subsubsection{Snort}
 

Modified: trunk/openvas-compendium/openvas-compendium.tex
===================================================================
--- trunk/openvas-compendium/openvas-compendium.tex	2008-10-09 13:31:54 UTC (rev 1505)
+++ trunk/openvas-compendium/openvas-compendium.tex	2008-10-10 13:56:50 UTC (rev 1506)
@@ -994,7 +994,7 @@
 will be installed where.
 
 Please note that the locations presented here refer to a standard installation
-from source with PREFIX=/usr/local.
+from source with prefix=/usr/local.
 These locations may differ according to the choices made when
 configuring and compiling the individual components; if you installed OpenVAS
 from binary packages provided for your distribution, the package maintainers
@@ -1189,9 +1189,9 @@
 \subsection{Debian and Ubuntu}
 
 OpenVAS-Client is an official package for the Debian distributions "unstable"
-("Sid) and "testing" ("Lenny") and for Ubuntu releases onward from release 8.10
-(``Intrepid Ibex''). This means that you can install OpenVAS-Server using the
-\verb|apt-get| mechanism if you are using one of these distributions. Please
+(``Sid'') and "testing" (``Lenny'') and for Ubuntu releases onward from release
+8.10 (``Intrepid Ibex''). This means that you can install OpenVAS-Client using
+the \verb|apt-get| mechanism if you are using one of these distributions. Please
 refer to the OpenVAS website for up-to-date information regarding package
 availability for older versions.
 


From scm-commit at wald.intevation.org  Sun Oct 12 02:29:51 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Sun, 12 Oct 2008 02:29:51 +0200 (CEST)
Subject: [Openvas-commits] r1507 - in trunk/openvas-libnasl: . nasl
Message-ID: <20081012002951.40709406FF@pyrosoma.intevation.org>

Author: timb
Date: 2008-10-12 02:29:50 +0200 (Sun, 12 Oct 2008)
New Revision: 1507

Modified:
   trunk/openvas-libnasl/ChangeLog
   trunk/openvas-libnasl/nasl/nasl_cmd_exec.c
Log:
Fixed problem of TRUE not being defined


Modified: trunk/openvas-libnasl/ChangeLog
===================================================================
--- trunk/openvas-libnasl/ChangeLog	2008-10-10 13:56:50 UTC (rev 1506)
+++ trunk/openvas-libnasl/ChangeLog	2008-10-12 00:29:50 UTC (rev 1507)
@@ -1,3 +1,7 @@
+2008-10-12  Tim Brown <timb at nth-dimension.org.uk>
+
+	* nasl/nasl_cmd_exec.c: Fixed problem of TRUE not being defined.
+
 2008-10-05  Tim Brown <timb at nth-dimension.org.uk>
 
 	* nasl/nasl_cmd_exec.c: Fixed potential symlink attacks against fread,

Modified: trunk/openvas-libnasl/nasl/nasl_cmd_exec.c
===================================================================
--- trunk/openvas-libnasl/nasl/nasl_cmd_exec.c	2008-10-10 13:56:50 UTC (rev 1506)
+++ trunk/openvas-libnasl/nasl/nasl_cmd_exec.c	2008-10-12 00:29:50 UTC (rev 1507)
@@ -20,6 +20,7 @@
   * This file contains all the "unsafe" functions found in NASL
   */
 #include <includes.h>
+#include <glib.h>
 
 #include "nasl_tree.h"
 #include "nasl_global_ctxt.h"
@@ -277,7 +278,7 @@
     }
   }
   fp = fdopen(fd, "r");
-  if(fp != FALSE) {
+  if (fp != FALSE) {
     close(fp);
     nasl_perror(lexic, "fread: %s: %s\n", fname, strerror(errno));
     return NULL;


From scm-commit at wald.intevation.org  Sun Oct 12 05:22:55 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Sun, 12 Oct 2008 05:22:55 +0200 (CEST)
Subject: [Openvas-commits] r1508 - trunk/openvas-plugins
Message-ID: <20081012032255.CBB9C40704@pyrosoma.intevation.org>

Author: timb
Date: 2008-10-12 05:22:54 +0200 (Sun, 12 Oct 2008)
New Revision: 1508

Modified:
   trunk/openvas-plugins/ChangeLog
Log:
Tidied


Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2008-10-12 00:29:50 UTC (rev 1507)
+++ trunk/openvas-plugins/ChangeLog	2008-10-12 03:22:54 UTC (rev 1508)
@@ -1,151 +1,173 @@
 2008-10-08  Thomas Reinke <reinke at securityspace.com>
+
 	* deb_1643_1.nasl deb_1647_1.nasl deb_1648_1.nasl
-	  glsa_200810_01.nasl   New scripts
+	  glsa_200810_01.nasl: New scripts.
 
 2008-10-08  Thomas Reinke <reinke at securityspace.com>
+
 	* scripts/gentoo_unmaintained_packages.nasl added.
 	  Updated gather-package-list.nasl to added necessary
 	  prerequisites for above mentioned script.
 
 2008-10-08 Chandrashekhar B <bchandra at secpod.com>
+
 	* scripts/gb_adobe_prdts_detect_lin.nasl,
 	  scripts/gb_adobe_prdts_code_exec_vuln_win.nasl,
 	  scripts/gb_firefox_detect_lin.nasl,
 	  scripts/gb_adobe_prdts_code_exec_vuln_lin.nasl:
-	  Fixed issues
+	  Fixed issues.
 
 2008-10-07 Chandrashekhar B <bchandra at secpod.com>
+
 	* scripts/gb_ms08-046.nasl,
 	  scripts/gb_php_detect.nasl,
 	  scripts/gb_php_mult_vuln_aug08.nasl:
-	  Added new plugins
+	  Added new plugins.
 
 2008-10-07 Chandrashekhar B <bchandra at secpod.com>
+
 	* scripts/secpod_smb_func.inc:
 	  Resolved an issue, was fetching unwanted numbers in certain 
-	  file versions patterns
+	  file versions patterns.
 
 2008-10-07 Chandrashekhar B <bchandra at secpod.com>
+
 	* scripts/gb_thunderbird_mult_vuln_july08_lin.nasl,
 	  scripts/gb_seamonkey_mult_vuln_july08_lin.nasl,
 	  scripts/gb_firefox_detect_lin.nasl,
 	  scripts/gb_thunderbird_detect_lin.nasl,
 	  scripts/gb_firefox_mult_vuln_july08_lin.nasl,
 	  scripts/gb_seamonkey_detect_lin.nasl:
-	  Added new plugins
+	  Added new plugins.
 
 2008-10-06 Chandrashekhar B <bchandra at secpod.com>
+
 	* scripts/gb_thunderbird_detect_win.nasl,
 	  scripts/gb_thunderbird_mult_vuln_july08_win.nasl,
 	  scripts/gb_firefox_detect_win.nasl,
 	  scripts/gb_firefox_mult_vuln_july08_win.nasl,
 	  scripts/gb_seamonkey_detect_win.nasl,
 	  scripts/gb_seamonkey_mult_vuln_july08_win.nasl:
-	  Added new plugins
+	  Added new plugins.
 
 2008-10-04 Chandrashekhar B <bchandra at secpod.com>
+
 	* scripts/gb_adobe_prdts_code_exec_vuln_lin.nasl,
 	  scripts/gb_adobe_prdts_detect_lin.nasl:
-	  Added new plugins
+	  Added new plugins.
 
->>>>>>> .r1497
 2008-10-03  Thomas Reinke <reinke at securityspace.com>
+
 	* script/freebsd_lighttpd5.nasl script/freebsd_mplayer9.nasl,
 	  script/freebsd_mysql-client0.nasl script/freebsdsa_nd6.nasl:
-	  Added new plugins
+	  Added new plugins.
 
 2008-10-03 Chandrashekhar B <bchandra at secpod.com>
+
 	* scripts/secpod_phpmyadmin_detect_900129.nasl,
 	  scripts/secpod_phpmyadmin_remote_command_exe_vuln_900130.nasl,
 	  scripts/secpod_phpmyadmin_xss_vuln_900134.nasl:
-	  Added new plugins
+	  Added new plugins.
 
 	 * scripts/gb_ms08-033.nasl:
-	 Updated the regex
+	 Updated the regex.
 
 2008-10-01 Chandrashekhar B <bchandra at secpod.com>
+
 	* scripts/gb_adobe_prdts_code_exec_vuln_win.nasl,
 	  scripts/gb_openoffice_rtl_allocatememory_bof_vuln_lin.nasl,
 	  scripts/gb_openoffice_rtl_allocatememory_bof_vuln_win.nasl:
-	  Added new plugins
+	  Added new plugins.
 
 2008-10-01 Chandrashekhar B <bchandra at secpod.com>
+
 	* scripts/ssh_get_info.nasl:
-	  Changed the name as it conflicts with gather-package-list.nasl
+	  Changed the name as it conflicts with gather-package-list.nasl.
 
 2008-09-30 Chandrashekhar B <bchandra at secpod.com>
+
 	* scripts/gb_ms08-033.nasl,
 	  scripts/gb_ms08-030.nasl:
-	  Added new plugins
+	  Added new plugins.
 
 2008-09-29 Chandrashekhar B <bchandra at secpod.com>
+
 	* scripts/gb_vmware_prdts_prv_esc_vuln.nasl,
 	  scripts/gb_vmware_prdts_detect_win.nasl:
-	  Updated to fix the issues and included a new CVE
+	  Updated to fix the issues and included a new CVE.
 
 	* scripts/gb_ms08-031.nasl,
 	  scripts/secpod_ie_supersede.inc,
 	  scripts/gb_vmware_prdts_vix_api_mult_vuln.nasl:
-	  Added new plugins
+	  Added new plugins.
 
 2008-09-28  Thomas Reinke <reinke at securityspace.com>
-	* corrected freebsd scripts variable error introduced
+
+	* Corrected freebsd scripts variable error introduced
 	  when converting from proprietary function names to
 	  openvas function naming convention.
+
 	* glsa_200809_16.nasl glsa_200809_17.nasl glsa_200809_18.nasl
 	  Added new plugins
 
 2008-09-26 Chandrashekhar <bchandra at secpod.com>
+
 	* scripts/gb_vmware_tools_local_prv_esc_vuln_win.nasl,
 	  scripts/gb_vmware_prdts_prv_esc_vuln.nasl,
 	  scripts/gb_apple_quicktime_mult_vuln_win.nasl,
 	  scripts/gb_ca_etrust_scm_mult_vuln.nasl,
 	  scripts/gb_vmware_tools_local_prv_esc_vuln_lin.nasl:
-	  Added new plugins
+	  Added new plugins.
 
 	* scripts/secpod_smb_func.inc,
 	  scripts/gb_vmware_prdts_detect_win.nasl,
 	  scripts/gb_vmware_prdts_mult_vuln_win.nasl:
-	  Incorporated review changes
+	  Incorporated review changes.
 
 2008-09-26 Chandrashekhar B <bchandra at secpod.com>
+
 	* scripts/gb_vmware_prdts_detect_win.nasl,
 	  scripts/freebsd_opendchub.nasl:
-	  Fixed script parse errors	
+	  Fixed script parse errors.
 
 2008-09-26 Chandrashekhar B <bchandra at secpod.com>
+
 	* scripts/gb_vmware_prdts_detect_lin.nasl,
 	  scripts/gb_vmware_prdts_mult_vuln_lin.nasl:
-	  Incorporated review comments
+	  Incorporated review comments.
 
 2008-09-26 Chandrashekhar B <bchandra at secpod.com>
+
 	* scripts/secpod_proftpd_cmd_handling_sec_vuln_900133.nasl,
 	  scripts/secpod_office_products_version_900032.nasl,
 	  scripts/secpod_nms_dvd_burning_sdk_actvx_vuln_900132.nasl,
 	  scripts/secpod_ms_iexplorer_dos_vuln_900131.nasl:
-	  Added new scripts and modified Office product version detection
+	  Added new scripts and modified Office product version detection.
 
 2008-09-25  Vlatko Kosturjak <kost at linux.hr>
 
 	* scripts/remote-MS00-006.nasl: corrected script id
 
 2008-09-25 Chandrashekhar B <bchandra at secpod.com>
+
 	* scripts/secpod_smb_func.inc:
 	  Removed smb_nt.inc to correct multiple import errors
-	  in the dump
+	  in the dump.
 
 	* scripts/gb_vmware_prdts_detect_win.nasl:
-	  Include smb_nt.inc
+	  Include smb_nt.inc.
 
 2008-09-25 Chandrashekhar B <bchandra at secpod.com>
+
 	* scripts/gb_vmware_prdts_detect_lin.nasl,
 	  scripts/gb_vmware_prdts_detect_win.nasl,
 	  scripts/gb_vmware_prdts_mult_vuln_lin.nasl,
 	  scripts/gb_vmware_prdts_mult_vuln_win.nasl:
 	  Code formatting changes and deleted the respective
-	  plugins with script_id in the file names
+	  plugins with script_id in the file names.
 
 2008-08-25 Chandrashekhar B <bchandra at secpod.com>
+
 	* scripts/secpod_apple_quicktime_mult_vuln_900121.nasl,
 	  scripts/secpod_apple_quicktime_detection_win_900124.nasl,
  	  scripts/secpod_simple_machines_forum_sec_bypass_vuln_900118.nasl,
@@ -161,12 +183,13 @@
 	  scripts/secpod_ibm_db2_8_udb_mult_vuln_lin_900216.nasl,
 	  scripts/secpod_zonealarm_net_sec_suite_bof_vuln_900126.nasl,
 	  scripts/secpod_apple_itunes_detection_win_900123.nasl:
-	  Added new scripts
+	  Added new scripts.
 
 2008-08-25 Chandrashekhar B <bchandra at secpod.com>
+
 	* scripts/smb_logins.nasl:
 	  Updated the KB items names to reflect that
-	  of smb_authorization.nasl
+	  of smb_authorization.nasl.
 
 2008-09-24  Thomas Reinke <reinke at securityspace.com>
    


From scm-commit at wald.intevation.org  Sun Oct 12 05:42:15 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Sun, 12 Oct 2008 05:42:15 +0200 (CEST)
Subject: [Openvas-commits] r1509 - in trunk/openvas-plugins: . scripts
Message-ID: <20081012034215.E1AA0406F8@pyrosoma.intevation.org>

Author: timb
Date: 2008-10-12 05:42:14 +0200 (Sun, 12 Oct 2008)
New Revision: 1509

Removed:
   trunk/openvas-plugins/scripts/ssh_get_info.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/aix_maintenance_level.nasl
   trunk/openvas-plugins/scripts/apple-sa-2004-08-09.nasl
   trunk/openvas-plugins/scripts/cfengine_detect.nasl
   trunk/openvas-plugins/scripts/gather-package-list.nasl
   trunk/openvas-plugins/scripts/ike-scan.nasl
   trunk/openvas-plugins/scripts/redhat_update_level.nasl
Log:
Now uses gather-package-list.nasl although this is broken as there is no code to get the maintenance levels, patch information as these scripts require

Updated gather-package-list.nasl with Solaris support

Cleaned up ike-scan locking code


Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2008-10-12 03:22:54 UTC (rev 1508)
+++ trunk/openvas-plugins/ChangeLog	2008-10-12 03:42:14 UTC (rev 1509)
@@ -1,3 +1,20 @@
+2008-10-12  Tim Brown <timb at nth-dimension.org.uk>
+
+	* scripts/aix_maintenance_level.nasl,
+	scripts/apple-sa-2004-08-09.nasl,
+	scripts/cfengine_detect.nasl,
+	scripts/redhat_update_level.nasl: Now uses
+	gather-package-list.nasl although this is broken
+	as there is no code to get the maintenance levels,
+	patch information as these scripts require.
+	
+	* scripts/ssh_get_info.nasl: Removed.
+	
+	* scripts/gather-package-list.nasl: Updated with Solaris
+	support.
+
+	* scripts/ike-scan.nasl: Cleaned up locking code.
+
 2008-10-08  Thomas Reinke <reinke at securityspace.com>
 
 	* deb_1643_1.nasl deb_1647_1.nasl deb_1648_1.nasl

Modified: trunk/openvas-plugins/scripts/aix_maintenance_level.nasl
===================================================================
--- trunk/openvas-plugins/scripts/aix_maintenance_level.nasl	2008-10-12 03:22:54 UTC (rev 1508)
+++ trunk/openvas-plugins/scripts/aix_maintenance_level.nasl	2008-10-12 03:42:14 UTC (rev 1509)
@@ -32,7 +32,7 @@
  family["english"] = "AIX Local Security Checks";
  script_family(english:family["english"]);
  
- script_dependencies("ssh_get_info.nasl");
+ script_dependencies("gather-package-list.nasl");
  script_require_keys("Host/AIX/oslevel");
  exit(0);
 }

Modified: trunk/openvas-plugins/scripts/apple-sa-2004-08-09.nasl
===================================================================
--- trunk/openvas-plugins/scripts/apple-sa-2004-08-09.nasl	2008-10-12 03:22:54 UTC (rev 1508)
+++ trunk/openvas-plugins/scripts/apple-sa-2004-08-09.nasl	2008-10-12 03:42:14 UTC (rev 1509)
@@ -48,7 +48,7 @@
  family["english"] = "MacOS X Local Security Checks";
  script_family(english:family["english"]);
  
- script_dependencies("ssh_get_info.nasl");
+ script_dependencies("gather-package-list.nasl");
  script_require_keys("Host/MacOSX/packages");
  exit(0);
 }

Modified: trunk/openvas-plugins/scripts/cfengine_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/cfengine_detect.nasl	2008-10-12 03:22:54 UTC (rev 1508)
+++ trunk/openvas-plugins/scripts/cfengine_detect.nasl	2008-10-12 03:42:14 UTC (rev 1509)
@@ -31,7 +31,7 @@
  script_family(english:family["english"], francais:family["francais"]);
  script_require_ports(5308);
 
- if ( defined_func("bn_random") ) script_dependencies("ssh_get_info.nasl");
+ if ( defined_func("bn_random") ) script_dependencies("gather-package-list.nasl");
  exit(0);
 }
 

Modified: trunk/openvas-plugins/scripts/gather-package-list.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gather-package-list.nasl	2008-10-12 03:22:54 UTC (rev 1508)
+++ trunk/openvas-plugins/scripts/gather-package-list.nasl	2008-10-12 03:42:14 UTC (rev 1509)
@@ -4,9 +4,11 @@
 #
 # Authors:
 # Thomas Reinke <reinke at securityspace.com>
+# Tim Brown <timb at nth-dimension.org.uk>
 #
 # Copyright:
 # Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
+# Copyright (c) 2008 Tim Brown
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License Version 2
@@ -44,7 +46,7 @@
 
  script_category(ACT_GATHER_INFO);
 
- script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com");
+ script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com & Tim Brown");
  family["english"] = "Misc.";
  script_family(english:family["english"]);
  script_dependencies("find_service.nes", "ssh_authorization.nasl");
@@ -70,6 +72,8 @@
 uname = ssh_cmd(socket:sock, cmd:"uname -a");
 set_kb_item(name: "ssh/login/uname", value:uname);
 
+# GNU/Linux platforms:
+
 # Ok...let's first check if this is a RedHat/Fedora Core/Mandrake release
 rls = ssh_cmd(socket:sock, cmd:"cat /etc/redhat-release");
 if("Red Hat Linux release 7.3" >< rls) {
@@ -447,47 +451,6 @@
     exit(0);
 }
 
-#How about FreeBSD?  If the uname line begins with "FreeBSD ", we have a match
-if(substr(uname, 0, 7)=="FreeBSD ") {
-    version=eregmatch(pattern:"^[^ ]+ [^ ]+ ([^ ]+)+",string:uname);
-    splitup = eregmatch(pattern:"([^-]+)-([^-]+)-p([0-9]+)", string:version[1]);
-    found = 0;
-    if(!isnull(splitup)) {
-	release = splitup[1];
-	patchlevel = splitup[3];
-	found = 1;
-    } else {
-	splitup = eregmatch(pattern:"([^-]+)-RELEASE", string:version[1]);
-	if(!isnull(splitup)) {
-	    release = splitup[1];
-	    patchlevel = "0";
-	    found = 1;
-	} else {
-	    splitup=eregmatch(pattern:"([^-]+)-SECURITY",string:version[1]);
-	    if(!isnull(splitup)) {
-		release = splitup[1];
-		security_note(port:port, data:string("We have detected you are running FreeBSD ", splitup[0], ". It also appears that you are using freebsd-update, a binary update tool for keeping your distribution up to date.  We will not be able to check your core distribution for vulnerabilities, but we will check your installed ports packages."));
-		found = 2;
-	    } else {
-		security_note(port:port, data:string("You appear to be running FreeBSD, but we do not recognize the output format of uname: ", uname, ". Local security checks will NOT be run."));
-	    }
-	}
-    }
-    if(found==1) {
-	set_kb_item(name: "ssh/login/freebsdrel", value: release);
-	set_kb_item(name: "ssh/login/freebsdpatchlevel", value: patchlevel);
-	security_note(port:port, data:string("We are able to login and detect that you are running FreeBSD ", release, " Patch level: ", patchlevel));
-    }
-    if(found==2) {
-	set_kb_item(name: "ssh/login/freebsdrel", value: release);
-	security_note(port:port, data:string("We are able to login and detect that you are running FreeBSD ", release, " Patch level: Unknown"));
-    }
-    if(found!=0) {
-	buf = ssh_cmd(socket:sock, cmd:"pkg_info");
-	set_kb_item(name: "ssh/login/freebsdpkg", value:buf);
-    }
-}
-
 # Hmmm...is it Debian?
 rls = ssh_cmd(socket:sock, cmd:"cat /etc/debian_version");
 if("2.2"><rls) {
@@ -679,6 +642,68 @@
     exit(0);
 }
 
+# Non GNU/Linux platforms:
+
+#How about FreeBSD?  If the uname line begins with "FreeBSD ", we have a match
+if(substr(uname, 0, 7)=="FreeBSD ") {
+    version=eregmatch(pattern:"^[^ ]+ [^ ]+ ([^ ]+)+",string:uname);
+    splitup = eregmatch(pattern:"([^-]+)-([^-]+)-p([0-9]+)", string:version[1]);
+    found = 0;
+    if(!isnull(splitup)) {
+	release = splitup[1];
+	patchlevel = splitup[3];
+	found = 1;
+    } else {
+	splitup = eregmatch(pattern:"([^-]+)-RELEASE", string:version[1]);
+	if(!isnull(splitup)) {
+	    release = splitup[1];
+	    patchlevel = "0";
+	    found = 1;
+	} else {
+	    splitup=eregmatch(pattern:"([^-]+)-SECURITY",string:version[1]);
+	    if(!isnull(splitup)) {
+		release = splitup[1];
+		security_note(port:port, data:string("We have detected you are running FreeBSD ", splitup[0], ". It also appears that you are using freebsd-update, a binary update tool for keeping your distribution up to date.  We will not be able to check your core distribution for vulnerabilities, but we will check your installed ports packages."));
+		found = 2;
+	    } else {
+		security_note(port:port, data:string("You appear to be running FreeBSD, but we do not recognize the output format of uname: ", uname, ". Local security checks will NOT be run."));
+	    }
+	}
+    }
+    if(found==1) {
+	set_kb_item(name: "ssh/login/freebsdrel", value: release);
+	set_kb_item(name: "ssh/login/freebsdpatchlevel", value: patchlevel);
+	security_note(port:port, data:string("We are able to login and detect that you are running FreeBSD ", release, " Patch level: ", patchlevel));
+    }
+    if(found==2) {
+	set_kb_item(name: "ssh/login/freebsdrel", value: release);
+	security_note(port:port, data:string("We are able to login and detect that you are running FreeBSD ", release, " Patch level: Unknown"));
+    }
+    if(found!=0) {
+	buf = ssh_cmd(socket:sock, cmd:"pkg_info");
+	set_kb_item(name: "ssh/login/freebsdpkg", value:buf);
+    }
+    exit(0);
+}
+
+# Whilst we're at it, lets check if it's Solaris
+if (substr(uname, 0, 5) == "SunOS ") {
+    osversion = ssh_cmd(socket:sock, cmd:"uname -r");
+    set_kb_item(name: "ssh/login/solosversion", value:osversion);
+    hardwaretype = ssh_cmd(socket:sock, cmd:"uname -p");
+    set_kb_item(name: "ssh/login/solhardwaretype", value:hardwaretype);
+    buf = ssh_cmd(socket:sock, cmd:"pkginfo");
+    set_kb_item(name: "ssh/login/solpackages", value:buf);
+    buf = ssh_cmd(socket:sock, cmd:"showrev -p");
+    set_kb_item(name: "ssh/login/solpatches", value:buf);
+    if (hardwaretype >< "sparc") {
+        security_note(port:port, data:string("We are able to login and detect that you are running Solaris ", osversion, " Arch: SPARC"));
+    } else {
+        security_note(port:port, data:string("We are able to login and detect that you are running Solaris ", osversion, " Arch: x86"));
+    }
+    exit(0);
+}
+
 #{ "NetBSD",     "????????????????",         },
 #{ "OpenBSD",    "????????????????",         },
 #{ "WhiteBox",   "????????????????",         },

Modified: trunk/openvas-plugins/scripts/ike-scan.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ike-scan.nasl	2008-10-12 03:22:54 UTC (rev 1508)
+++ trunk/openvas-plugins/scripts/ike-scan.nasl	2008-10-12 03:42:14 UTC (rev 1509)
@@ -39,22 +39,9 @@
 # * Support for known vendor IDs
 # * PSK crack
 #
-# Tested against Racoon and Openswan
+# Tested against Racoon and Openswan and used as part of a live
+# penetration test against Checkpoint VPN-1 and Cisco VPN.
 
-# basic locking mechanism
-# multiple ike-scans launched are not supported because you cannot bind
-# to same UDP port twice locally, so we must implement locking mechanism.
-tmpfile=NULL;
-if (defined_func("get_tmp_dir"))
-{
- tmpdir = get_tmp_dir();
- if (tmpdir) tmpfile = strcat(tmpdir, "openvas-nasl-ike-scan");
-}
-if (!tmpfile)
-{
-	tmpfile="/tmp/openvas-nasl-ike-scan";
-}
-
 if (description)
 {
 	script_id(80000);
@@ -136,14 +123,9 @@
 diffiehellmangroupname["4"] = "EC2N-185";
 diffiehellmangroupname["5"] = "MODP-1536";
 
-while (file_stat(tmpfile)>0) {
-	usleep (1000+(rand()%1000));
-}
-fwrite(data:"lock",file:tmpfile);
-
 function on_exit()
 {
-  if (tmpfile) unlink(tmpfile);
+	unlink(lockfilename);
 }
 
 function command_construct(_ike2flag, _sourceportnumber, _destinationportnumber, _checkmode, _fingerprintmode, _groupname, _encryptionalgorithm, _hashalgorithm, _authenticationmethod, _diffiehellmangroup, _maximumretry, _maximumtimeout, _destinationipaddress)
@@ -211,6 +193,16 @@
 	}
 }
 
+# Basic locking mechanism as multiple ike-scans launched are not
+# supported because you cannot bind to same UDP port twice locally
+lockdirectoryname = get_tmp_dir();
+lockfilename = lockdirectoryname + "openvas-nasl-ike-scan";
+while (file_stat(lockfilename) > 0)
+{
+	usleep(1000 + (rand() % 1000));
+}
+fwrite(data:"lock", file:lockfilename);
+
 # Not sure how much value there is in supporting IKE v2
 #ike2flag = script_get_preference("Use IKE v2");
 sourceportnumber = script_get_preference("Source port number");

Modified: trunk/openvas-plugins/scripts/redhat_update_level.nasl
===================================================================
--- trunk/openvas-plugins/scripts/redhat_update_level.nasl	2008-10-12 03:22:54 UTC (rev 1508)
+++ trunk/openvas-plugins/scripts/redhat_update_level.nasl	2008-10-12 03:42:14 UTC (rev 1509)
@@ -32,7 +32,7 @@
  family["english"] = "Red Hat Local Security Checks";
  script_family(english:family["english"]);
  
- script_dependencies("ssh_get_info.nasl");
+ script_dependencies("gather-package-list.nasl");
  script_require_keys("Host/RedHat/release");
  exit(0);
 }

Deleted: trunk/openvas-plugins/scripts/ssh_get_info.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ssh_get_info.nasl	2008-10-12 03:22:54 UTC (rev 1508)
+++ trunk/openvas-plugins/scripts/ssh_get_info.nasl	2008-10-12 03:42:14 UTC (rev 1509)
@@ -1,687 +0,0 @@
-#
-# This script was written by Thomas Reinke <reinke at securityspace.com>
-#
-# Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License Version 2
-# 
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-# 
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-#
-
-if(description)
-{
- script_id(50281);
- script_version("$");
- 
- name["english"] = "Gather list of installed packages via SSH login";
- script_name(english:name["english"]);
- 
- desc["english"] = "
-This script will, if given a userid/password or
-key to the remote system, login to that system,
-determine the OS it is running, and for supported
-systems, extract the list of installed packages.
-
-Risk factor : None";
-
- script_description(english:desc["english"]);
- 
- summary["english"] = "Determine OS and list of installed packages via SSH login";
- script_summary(english:summary["english"]);
- 
- script_category(ACT_GATHER_INFO);
- 
- script_copyright(english:"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com");
- family["english"] = "Misc.";
- script_family(english:family["english"]);
- script_dependencie("find_service.nes", "ssh_authorization.nasl");
- exit(0);
-}
-
-#
-# The script code starts here
-#
-cmdline = 0;
-include("ssh_func.inc");
-
-port = get_kb_item("Services/ssh");
-if(!port) {
-    port = 22;
-}
-sock = ssh_login_or_reuse_connection();
-if(!sock) {
-    exit(0);
-}
-
-# First command: Grab uname -a of the remote system
-uname = ssh_cmd(socket:sock, cmd:"uname -a");
-set_kb_item(name: "ssh/login/uname", value:uname);
-
-# Ok...let's first check if this is a RedHat/Fedora Core/Mandrake release
-rls = ssh_cmd(socket:sock, cmd:"cat /etc/redhat-release");
-if("Red Hat Linux release 7.3" >< rls) {
-    set_kb_item(name: "ssh/login/release", value: "RH7.3");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
-    exit(0);
-}
-if("Red Hat Linux release 8.0 (Psyche)" >< rls) {
-    set_kb_item(name: "ssh/login/release", value: "RH8.0");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
-    exit(0);
-}
-if("Red Hat Linux release 9 (Shrike)" >< rls) {
-    set_kb_item(name: "ssh/login/release", value: "RH9");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
-    exit(0);
-}
-if("Fedora Core release 1 (Yarrow)" >< rls) {
-    set_kb_item(name: "ssh/login/release", value: "FC1");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
-    exit(0);
-}
-if("Fedora Core release 2 (Tettnang)" >< rls) {
-    set_kb_item(name: "ssh/login/release", value: "FC2");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
-    exit(0);
-}
-if("Fedora Core release 3 (Heidelberg)" >< rls) {
-    set_kb_item(name: "ssh/login/release", value: "FC3");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
-    exit(0);
-}
-if("Fedora Core release 4 (Stentz)" >< rls) {
-    set_kb_item(name: "ssh/login/release", value: "FC4");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
-    exit(0);
-}
-if("Fedora Core release 5 (Bordeaux)" >< rls) {
-    set_kb_item(name: "ssh/login/release", value: "FC5");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
-    exit(0);
-}
-if("Fedora Core release 6 (Zod)" >< rls) {
-    set_kb_item(name: "ssh/login/release", value: "FC6");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
-    exit(0);
-}
-
-# Red Hat Enterprise Linux ES release 2.1 (Panama)
-# Red Hat Enterprise Linux AS release 3 (Taroon Update 1)
-# Red Hat Enterprise Linux AS release 3 (Taroon Update 2)
-# Red Hat Enterprise Linux AS release 3 (Taroon Update 3)
-# Red Hat Enterprise Linux Desktop release 3.90
-
-if(egrep(pattern:"Red Hat Enterprise.*release 2\.1", string:rls)) {
-    set_kb_item(name: "ssh/login/release", value: "RHENT_2.1");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
-    exit(0);
-}
-if(egrep(pattern:"Red Hat Enterprise.*release 3 ", string:rls)) {
-    set_kb_item(name: "ssh/login/release", value: "RHENT_3");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
-    exit(0);
-}
-if(egrep(pattern:"Red Hat Enterprise.*release 4 ", string:rls)) {
-    set_kb_item(name: "ssh/login/release", value: "RHENT_4");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
-    exit(0);
-}
-
-if("Mandriva Linux release 2007.1" >< rls) {
-    set_kb_item(name: "ssh/login/release", value: "MNDK_2007.1");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
-    exit(0);
-}
-if("Mandriva Linux release 2007.0" >< rls) {
-    set_kb_item(name: "ssh/login/release", value: "MNDK_2007.0");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
-    exit(0);
-}
-if("Mandriva Linux release 2006.0" >< rls) {
-    set_kb_item(name: "ssh/login/release", value: "MNDK_2006.0");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
-    exit(0);
-}
-if("Mandrakelinux release 10.2" >< rls) {
-    set_kb_item(name: "ssh/login/release", value: "MNDK_10.2");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
-    exit(0);
-}
-if("Mandrakelinux release 10.1" >< rls) {
-    set_kb_item(name: "ssh/login/release", value: "MNDK_10.1");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
-    exit(0);
-}
-if("Mandrake Linux release 10.0" >< rls) {
-    set_kb_item(name: "ssh/login/release", value: "MNDK_10.0");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
-    exit(0);
-}
-if("Mandrake Linux release 9.2" >< rls) {
-    set_kb_item(name: "ssh/login/release", value: "MNDK_9.2");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
-    exit(0);
-}
-if("Mandrake Linux release 9.1" >< rls) {
-    set_kb_item(name: "ssh/login/release", value: "MNDK_9.1");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
-    exit(0);
-}
-if("Mandrake Linux release 8.1" >< rls) {
-    set_kb_item(name: "ssh/login/release", value: "MNDK_8.1");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
-    exit(0);
-}
-if("Mandrake Linux release 8.0" >< rls) {
-    set_kb_item(name: "ssh/login/release", value: "MNDK_8.0");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
-    exit(0);
-}
-if("Mandrake Linux release 7.2" >< rls) {
-    set_kb_item(name: "ssh/login/release", value: "MNDK_7.2");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
-    exit(0);
-}
-
-# Ok...also using /etc/redhat-release is CentOS...let's try them now
-# We'll stay with major release # checking unless we find out we need to do
-# otherwise.
-#CentOS release 4.0 (Final)
-#CentOS release 4.1 (Final)
-#CentOS release 3.4 (final)
-if("CentOS release 4" >< rls) {
-    set_kb_item(name: "ssh/login/release", value: "CENTOS4");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running CentOS release 4"));
-    exit(0);
-}
-if("CentOS release 3" >< rls) {
-    set_kb_item(name: "ssh/login/release", value: "CENTOS3");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running CentOS release 3"));
-    exit(0);
-}
-
-# Hmmm...is it Ubuntu?
-rls = ssh_cmd(socket:sock, cmd:"cat /etc/lsb-release");
-if("DISTRIB_ID=Ubuntu"><rls && "DISTRIB_RELEASE=4.10"><rls) {
-    set_kb_item(name: "ssh/login/release", value: "UBUNTU4.1");
-    buf = ssh_cmd(socket:sock, cmd:"COLUMNS=200 dpkg -l");
-    set_kb_item(name: "ssh/login/packages", value:buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running Ubuntu 4.10"));
-    exit(0);
-}
-if("DISTRIB_ID=Ubuntu"><rls && "DISTRIB_RELEASE=5.04"><rls) {
-    set_kb_item(name: "ssh/login/release", value: "UBUNTU5.04");
-    buf = ssh_cmd(socket:sock, cmd:"COLUMNS=200 dpkg -l");
-    set_kb_item(name: "ssh/login/packages", value:buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running Ubuntu 5.04"));
-    exit(0);
-}
-if("DISTRIB_ID=Ubuntu"><rls && "DISTRIB_RELEASE=5.10"><rls) {
-    set_kb_item(name: "ssh/login/release", value: "UBUNTU5.10");
-    buf = ssh_cmd(socket:sock, cmd:"COLUMNS=200 dpkg -l");
-    set_kb_item(name: "ssh/login/packages", value:buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running Ubuntu 5.10"));
-    exit(0);
-}
-if("DISTRIB_ID=Ubuntu"><rls && "DISTRIB_RELEASE=6.10"><rls) {
-    set_kb_item(name: "ssh/login/release", value: "UBUNTU6.10");
-    buf = ssh_cmd(socket:sock, cmd:"COLUMNS=200 dpkg -l");
-    set_kb_item(name: "ssh/login/packages", value:buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running Ubuntu 6.10"));
-    exit(0);
-}
-if("DISTRIB_ID=Ubuntu"><rls && "DISTRIB_RELEASE=7.10"><rls) {
-    set_kb_item(name: "ssh/login/release", value: "UBUNTU7.10");
-    buf = ssh_cmd(socket:sock, cmd:"COLUMNS=200 dpkg -l");
-    set_kb_item(name: "ssh/login/packages", value:buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running Ubuntu 7.10"));
-    exit(0);
-}
-
-# How about Conectiva Linux?
-rls = ssh_cmd(socket:sock, cmd:"cat /etc/conectiva-release");
-if("Conectiva Linux 9" >< rls) {
-    set_kb_item(name: "ssh/login/release", value: "CL9");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value:buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running Conectiva Linux 9"));
-    exit(0);
-}
-if("Conectiva Linux 10" >< rls) {
-    set_kb_item(name: "ssh/login/release", value: "CL10");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value:buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running Conectiva Linux 10"));
-    exit(0);
-}
-
-# How about Turbolinux?
-# Turbolinux signatures:
-# release 6.0 WorkStation (Shiga)       -- Unsupported
-# TurboLinux release 6.1 Server (Naha)	-- Unsupported
-# Turbolinux Server 6.5 (Jupiter)       -- Unsupported
-# Turbolinux Server 7.0 (Esprit)
-# Turbolinux Workstation 7.0 (Monza)
-# Turbolinux Server 8.0 (Viper)
-# Turbolinux Workstation 8.0 (SilverStone)
-# Turbolinux Server 10.0 (Celica)
-# Turbolinux Desktop 10.0 (Suzuka)
-# -- Need:
-#- Turbolinux Appliance Server 1.0 Hosting Edition
-#- Turbolinux Appliance Server 1.0 Workgroup Edition
-#- Turbolinux Home
-#- Turbolinux 10 F...
-
-rls = ssh_cmd(socket:sock, cmd:"cat /etc/turbolinux-release");
-if("Turbolinux Server 7.0" >< rls) {
-    set_kb_item(name: "ssh/login/release", value: "TLS7");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value:buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
-    exit(0);
-}
-if("Turbolinux Workstation 7.0" >< rls) {
-    set_kb_item(name: "ssh/login/release", value: "TLWS7");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value:buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
-    exit(0);
-}
-if("Turbolinux Server 8.0" >< rls) {
-    set_kb_item(name: "ssh/login/release", value: "TLS8");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value:buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
-    exit(0);
-}
-if("Turbolinux Workstation 8.0" >< rls) {
-    set_kb_item(name: "ssh/login/release", value: "TLWS8");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value:buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
-    exit(0);
-}
-if("Turbolinux Desktop 10.0" >< rls) {
-    set_kb_item(name: "ssh/login/release", value: "TLDT10");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value:buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
-    exit(0);
-}
-if("Turbolinux Server 10.0" >< rls) {
-    set_kb_item(name: "ssh/login/release", value: "TLS10");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value:buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
-    exit(0);
-}
-if("Turbolinux">< rls) {
-    security_note(port:port, data:string("We have detected you are running a version of Turbolinux currently not supported by SecuritySpace.  Please report the following banner to SecuritySpace: ", rls));
-    exit(0);
-}
-
-#How about FreeBSD?  If the uname line begins with "FreeBSD ", we have a match
-if(substr(uname, 0, 7)=="FreeBSD ") {
-    version=eregmatch(pattern:"^[^ ]+ [^ ]+ ([^ ]+)+",string:uname);
-    splitup = eregmatch(pattern:"([^-]+)-([^-]+)-p([0-9]+)", string:version[1]);
-    found = 0;
-    if(!isnull(splitup)) {
-	release = splitup[1];
-	patchlevel = splitup[3];
-	found = 1;
-    } else {
-	splitup = eregmatch(pattern:"([^-]+)-RELEASE", string:version[1]);
-	if(!isnull(splitup)) {
-	    release = splitup[1];
-	    patchlevel = "0";
-	    found = 1;
-	} else {
-	    splitup=eregmatch(pattern:"([^-]+)-SECURITY",string:version[1]);
-	    if(!isnull(splitup)) {
-		release = splitup[1];
-		security_note(port:port, data:string("We have detected you are running FreeBSD ", splitup[0], ". It also appears that you are using freebsd-update, a binary update tool for keeping your distribution up to date.  We will not be able to check your core distribution for vulnerabilities, but we will check your installed ports packages."));
-		found = 2;
-	    } else {
-		security_note(port:port, data:string("You appear to be running FreeBSD, but we do not recognize the output format of uname: ", uname, ". Local security checks will NOT be run."));
-	    }
-	}
-    }
-    if(found==1) {
-	set_kb_item(name: "ssh/login/freebsdrel", value: release);
-	set_kb_item(name: "ssh/login/freebsdpatchlevel", value: patchlevel);
-	security_note(port:port, data:string("We are able to login and detect that you are running FreeBSD ", release, " Patch level: ", patchlevel));
-    }
-    if(found==2) {
-	set_kb_item(name: "ssh/login/freebsdrel", value: release);
-	security_note(port:port, data:string("We are able to login and detect that you are running FreeBSD ", release, " Patch level: Unknown"));
-    }
-    if(found!=0) {
-	buf = ssh_cmd(socket:sock, cmd:"pkg_info");
-	set_kb_item(name: "ssh/login/freebsdpkg", value:buf);
-    }
-}
-
-# Hmmm...is it Debian?
-rls = ssh_cmd(socket:sock, cmd:"cat /etc/debian_version");
-if("2.2"><rls) {
-    set_kb_item(name: "ssh/login/release", value: "DEB2.2");
-    buf = ssh_cmd(socket:sock, cmd:"COLUMNS=200 dpkg -l");
-    set_kb_item(name: "ssh/login/packages", value:buf);
-    # the following is only for convenience to suffice
-    # old local security checks that expet the list under
-    # this kb item.
-    set_kb_item(name: "Host/Debian/dpkg-l", value:buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running Debian 2.2 (Potato)"));
-    exit(0);
-}
-if("3.0"><rls) {
-    set_kb_item(name: "ssh/login/release", value: "DEB3.0");
-    buf = ssh_cmd(socket:sock, cmd:"COLUMNS=200 dpkg -l");
-    set_kb_item(name: "ssh/login/packages", value:buf);
-    # the following is only for convenience to suffice
-    # old local security checks that expet the list under
-    # this kb item.
-    set_kb_item(name: "Host/Debian/dpkg-l", value:buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running Debian 3.0 (Woody)"));
-    exit(0);
-}
-if("3.1"><rls) {
-    set_kb_item(name: "ssh/login/release", value: "DEB3.1");
-    buf = ssh_cmd(socket:sock, cmd:"COLUMNS=200 dpkg -l");
-    set_kb_item(name: "ssh/login/packages", value:buf);
-    # the following is only for convenience to suffice
-    # old local security checks that expet the list under
-    # this kb item.
-    set_kb_item(name: "Host/Debian/dpkg-l", value:buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running Debian 3.1 (Sarge)"));
-    exit(0);
-}
-if("4.0"><rls) {
-    set_kb_item(name: "ssh/login/release", value: "DEB4.0");
-    buf = ssh_cmd(socket:sock, cmd:"COLUMNS=200 dpkg -l");
-    set_kb_item(name: "ssh/login/packages", value:buf);
-    # the following is only for convenience to suffice
-    # old local security checks that expet the list under
-    # this kb item.
-    set_kb_item(name: "Host/Debian/dpkg-l", value:buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running Debian 4.0 (Etch)"));
-    exit(0);
-}
-
-# How about Slackware?
-rls = ssh_cmd(socket:sock, cmd:"cat /etc/slackware-version");
-if("Slackware 12.0"><rls) {
-    set_kb_item(name: "ssh/login/release", value: "SLK12.0");
-    buf = ssh_cmd(socket:sock, cmd:"ls /var/log/packages");
-    set_kb_item(name: "ssh/login/slackpack", value:buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running Slackware 12.0"));
-    exit(0);
-}
-if("Slackware 11.0"><rls) {
-    set_kb_item(name: "ssh/login/release", value: "SLK11.0");
-    buf = ssh_cmd(socket:sock, cmd:"ls /var/log/packages");
-    set_kb_item(name: "ssh/login/slackpack", value:buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running Slackware 11.0"));
-    exit(0);
-}
-if("Slackware 10.2"><rls) {
-    set_kb_item(name: "ssh/login/release", value: "SLK10.2");
-    buf = ssh_cmd(socket:sock, cmd:"ls /var/log/packages");
-    set_kb_item(name: "ssh/login/slackpack", value:buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running Slackware 10.2"));
-    exit(0);
-}
-if("Slackware 10.1"><rls) {
-    set_kb_item(name: "ssh/login/release", value: "SLK10.1");
-    buf = ssh_cmd(socket:sock, cmd:"ls /var/log/packages");
-    set_kb_item(name: "ssh/login/slackpack", value:buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running Slackware 10.1"));
-    exit(0);
-}
-if("Slackware 10.0"><rls) {
-    set_kb_item(name: "ssh/login/release", value: "SLK10.0");
-    buf = ssh_cmd(socket:sock, cmd:"ls /var/log/packages");
-    set_kb_item(name: "ssh/login/slackpack", value:buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running Slackware 10.0"));
-    exit(0);
-}
-if("Slackware 9.1"><rls) {
-    set_kb_item(name: "ssh/login/release", value: "SLK9.1");
-    buf = ssh_cmd(socket:sock, cmd:"ls /var/log/packages");
-    set_kb_item(name: "ssh/login/slackpack", value:buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running Slackware 9.1"));
-    exit(0);
-}
-if("Slackware 9.0"><rls) {
-    set_kb_item(name: "ssh/login/release", value: "SLK9.0");
-    buf = ssh_cmd(socket:sock, cmd:"ls /var/log/packages");
-    set_kb_item(name: "ssh/login/slackpack", value:buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running Slackware 9.0"));
-    exit(0);
-}
-if("Slackware 8.1"><rls) {
-    set_kb_item(name: "ssh/login/release", value: "SLK8.1");
-    buf = ssh_cmd(socket:sock, cmd:"ls /var/log/packages");
-    set_kb_item(name: "ssh/login/slackpack", value:buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running Slackware 8.1"));
-    exit(0);
-}
-# How about SuSe?
-# SuSE Linux 9.x (i586)
-# SUSE LINUX 10.1 
-
-rls = ssh_cmd(socket:sock, cmd:"cat /etc/SuSE-release");
-if("SUSE LINUX 10.2 "><rls) {
-    set_kb_item(name: "ssh/login/release", value: "SUSE10.2");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running SuSE Linux 10.2"));
-    exit(0);
-}
-if("SUSE LINUX 10.1 "><rls) {
-    set_kb_item(name: "ssh/login/release", value: "SUSE10.1");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running SuSE Linux 10.1"));
-    exit(0);
-}
-if("SuSE Linux 9.3 "><rls) {
-    set_kb_item(name: "ssh/login/release", value: "SUSE9.3");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running SuSE Linux 9.3"));
-    exit(0);
-}
-if("SuSE Linux 9.2 "><rls) {
-    set_kb_item(name: "ssh/login/release", value: "SUSE9.2");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running SuSE Linux 9.2"));
-    exit(0);
-}
-if("SuSE Linux 9.1 "><rls) {
-    set_kb_item(name: "ssh/login/release", value: "SUSE9.1");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running SuSE Linux 9.1"));
-    exit(0);
-}
-if("SuSE Linux 9.0 "><rls) {
-    set_kb_item(name: "ssh/login/release", value: "SUSE9.0");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running SuSE Linux 9.0"));
-    exit(0);
-}
-if("SuSE Linux 8.2 "><rls) {
-    set_kb_item(name: "ssh/login/release", value: "SUSE8.2");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running SuSE Linux 8.2"));
-    exit(0);
-}
-if("SuSE Linux 8.1 "><rls) {
-    set_kb_item(name: "ssh/login/release", value: "SUSE8.1");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running SuSE Linux 8.1"));
-    exit(0);
-}
-if("SuSE Linux 8.0 "><rls) {
-    set_kb_item(name: "ssh/login/release", value: "SUSE8.0");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running SuSE Linux 8.0"));
-    exit(0);
-}
-if("SuSE Linux 7.3 "><rls) {
-    set_kb_item(name: "ssh/login/release", value: "SUSE7.3");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running SuSE Linux 7.3"));
-    exit(0);
-}
-
-# How about Trustix?
-rls = ssh_cmd(socket:sock, cmd:"cat /etc/release");
-rls2 = ssh_cmd(socket:sock, cmd:"cat /etc/trustix-release");
-if("Trustix Secure Linux release 3.0"><rls ||
-       "Trustix Secure Linux release 3.0"><rls2) {
-    set_kb_item(name: "ssh/login/release", value: "TSL3.0");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running Trustix 3.0"));
-    exit(0);
-}
-if("Trustix Secure Linux release 2.2"><rls ||
-       "Trustix Secure Linux release 2.2"><rls2) {
-    set_kb_item(name: "ssh/login/release", value: "TSL2.2");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running Trustix 2.2"));
-    exit(0);
-}
-if("Trustix Secure Linux release 2.1"><rls ||
-       "Trustix Secure Linux release 2.1"><rls2) {
-    set_kb_item(name: "ssh/login/release", value: "TSL2.1");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running Trustix 2.1"));
-    exit(0);
-}
-if("Trustix Secure Linux release 2.0"><rls ||
-       "Trustix Secure Linux release 2.0"><rls2) {
-    set_kb_item(name: "ssh/login/release", value: "TSL2.0");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running Trustix 2.0"));
-    exit(0);
-}
-if("Trustix Secure Linux release 1.5"><rls ||
-       "Trustix Secure Linux release 1.5"><rls2) {
-    set_kb_item(name: "ssh/login/release", value: "TSL1.5");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running Trustix 1.5"));
-    exit(0);
-}
-if("Trustix Secure Linux release 1.2"><rls ||
-       "Trustix Secure Linux release 1.2"><rls2) {
-    set_kb_item(name: "ssh/login/release", value: "TSL1.2");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running Trustix 1.2"));
-    exit(0);
-}
-if("Trustix Secure Linux release 1.1"><rls ||
-       "Trustix Secure Linux release 1.1"><rls2) {
-    set_kb_item(name: "ssh/login/release", value: "TSL1.1");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
-    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running Trustix 1.1"));
-    exit(0);
-}
-# Missing Trustix e-2
-
-# How about Gentoo? Note, just check that its ANY gentoo release, since the
-# build # doesn't matter for purposes of checking package version numbers.
-rls = ssh_cmd(socket:sock, cmd:"cat /etc/gentoo-release");
-if("Gentoo"><rls) {
-    set_kb_item(name: "ssh/login/release", value: "GENTOO");
-    set_kb_item(name: "ssh/login/gentoo", value: "GENTOO");
-    buf = ssh_cmd(socket:sock, cmd:'find /var/db/pkg -mindepth 2 -maxdepth 2 -printf "%P\\n"');
-    set_kb_item(name: "ssh/login/pkg", value: buf);
-    security_note(port:port, data:string("We are able to login and detect that you are running Gentoo"));
-    exit(0);
-}
-
-#{ "NetBSD",     "????????????????",         },
-#{ "OpenBSD",    "????????????????",         },
-#{ "WhiteBox",   "????????????????",         },
-#{ "Linspire",   "????????????????",         },
-#{ "Desktop BSD","????????????????",         },
-#{ "PC-BSD",     "????????????????",         },
-#{ "FreeSBIE",   "????????????????",         },
-#{ "JDS",        "/etc/sun-release",         },
-#{ "Yellow Dog", "/etc/yellowdog-release",   },
-
-security_note(port: 0, data: strcat('System identifier unknown: "', uname, '"\nTherefore no local security checks applied (missing list of installed packages) though ssh login provided and works'));
-
-exit(0);


From scm-commit at wald.intevation.org  Sun Oct 12 17:22:46 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Sun, 12 Oct 2008 17:22:46 +0200 (CEST)
Subject: [Openvas-commits] r1511 - trunk/openvas-plugins
Message-ID: <20081012152246.89ACE406E7@pyrosoma.intevation.org>

Author: timb
Date: 2008-10-12 17:22:45 +0200 (Sun, 12 Oct 2008)
New Revision: 1511

Modified:
   trunk/openvas-plugins/ChangeLog
Log:
Tidied


Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2008-10-12 10:26:34 UTC (rev 1510)
+++ trunk/openvas-plugins/ChangeLog	2008-10-12 15:22:45 UTC (rev 1511)
@@ -18,226 +18,225 @@
 2008-10-08  Thomas Reinke <reinke at securityspace.com>
 
 	* deb_1643_1.nasl deb_1647_1.nasl deb_1648_1.nasl
-	  glsa_200810_01.nasl: New scripts.
+	glsa_200810_01.nasl: New scripts.
 
 2008-10-08  Thomas Reinke <reinke at securityspace.com>
 
 	* scripts/gentoo_unmaintained_packages.nasl added.
-	  Updated gather-package-list.nasl to added necessary
-	  prerequisites for above mentioned script.
+	Updated gather-package-list.nasl to added necessary
+	prerequisites for above mentioned script.
 
-2008-10-08 Chandrashekhar B <bchandra at secpod.com>
+2008-10-08  Chandrashekhar B <bchandra at secpod.com>
 
 	* scripts/gb_adobe_prdts_detect_lin.nasl,
-	  scripts/gb_adobe_prdts_code_exec_vuln_win.nasl,
-	  scripts/gb_firefox_detect_lin.nasl,
-	  scripts/gb_adobe_prdts_code_exec_vuln_lin.nasl:
-	  Fixed issues.
+	scripts/gb_adobe_prdts_code_exec_vuln_win.nasl,
+	scripts/gb_firefox_detect_lin.nasl,
+	scripts/gb_adobe_prdts_code_exec_vuln_lin.nasl:
+	Fixed issues.
 
-2008-10-07 Chandrashekhar B <bchandra at secpod.com>
+2008-10-07  Chandrashekhar B <bchandra at secpod.com>
 
 	* scripts/gb_ms08-046.nasl,
-	  scripts/gb_php_detect.nasl,
-	  scripts/gb_php_mult_vuln_aug08.nasl:
-	  Added new plugins.
+	scripts/gb_php_detect.nasl,
+	scripts/gb_php_mult_vuln_aug08.nasl:
+	Added new plugins.
 
-2008-10-07 Chandrashekhar B <bchandra at secpod.com>
+2008-10-07  Chandrashekhar B <bchandra at secpod.com>
 
 	* scripts/secpod_smb_func.inc:
-	  Resolved an issue, was fetching unwanted numbers in certain 
-	  file versions patterns.
+	Resolved an issue, was fetching unwanted numbers in certain 
+	file versions patterns.
 
-2008-10-07 Chandrashekhar B <bchandra at secpod.com>
+2008-10-07  Chandrashekhar B <bchandra at secpod.com>
 
 	* scripts/gb_thunderbird_mult_vuln_july08_lin.nasl,
-	  scripts/gb_seamonkey_mult_vuln_july08_lin.nasl,
-	  scripts/gb_firefox_detect_lin.nasl,
-	  scripts/gb_thunderbird_detect_lin.nasl,
-	  scripts/gb_firefox_mult_vuln_july08_lin.nasl,
-	  scripts/gb_seamonkey_detect_lin.nasl:
-	  Added new plugins.
+	scripts/gb_seamonkey_mult_vuln_july08_lin.nasl,
+	scripts/gb_firefox_detect_lin.nasl,
+	scripts/gb_thunderbird_detect_lin.nasl,
+	scripts/gb_firefox_mult_vuln_july08_lin.nasl,
+	scripts/gb_seamonkey_detect_lin.nasl:
+	Added new plugins.
 
-2008-10-06 Chandrashekhar B <bchandra at secpod.com>
+2008-10-06  Chandrashekhar B <bchandra at secpod.com>
 
 	* scripts/gb_thunderbird_detect_win.nasl,
-	  scripts/gb_thunderbird_mult_vuln_july08_win.nasl,
-	  scripts/gb_firefox_detect_win.nasl,
-	  scripts/gb_firefox_mult_vuln_july08_win.nasl,
-	  scripts/gb_seamonkey_detect_win.nasl,
-	  scripts/gb_seamonkey_mult_vuln_july08_win.nasl:
-	  Added new plugins.
+	scripts/gb_thunderbird_mult_vuln_july08_win.nasl,
+	scripts/gb_firefox_detect_win.nasl,
+	scripts/gb_firefox_mult_vuln_july08_win.nasl,
+	scripts/gb_seamonkey_detect_win.nasl,
+	scripts/gb_seamonkey_mult_vuln_july08_win.nasl:
+	Added new plugins.
 
-2008-10-04 Chandrashekhar B <bchandra at secpod.com>
+2008-10-04  Chandrashekhar B <bchandra at secpod.com>
 
 	* scripts/gb_adobe_prdts_code_exec_vuln_lin.nasl,
-	  scripts/gb_adobe_prdts_detect_lin.nasl:
-	  Added new plugins.
+	scripts/gb_adobe_prdts_detect_lin.nasl:
+	Added new plugins.
 
 2008-10-03  Thomas Reinke <reinke at securityspace.com>
 
 	* script/freebsd_lighttpd5.nasl script/freebsd_mplayer9.nasl,
-	  script/freebsd_mysql-client0.nasl script/freebsdsa_nd6.nasl:
-	  Added new plugins.
+	script/freebsd_mysql-client0.nasl script/freebsdsa_nd6.nasl:
+	Added new plugins.
 
-2008-10-03 Chandrashekhar B <bchandra at secpod.com>
+2008-10-03  Chandrashekhar B <bchandra at secpod.com>
 
 	* scripts/secpod_phpmyadmin_detect_900129.nasl,
-	  scripts/secpod_phpmyadmin_remote_command_exe_vuln_900130.nasl,
-	  scripts/secpod_phpmyadmin_xss_vuln_900134.nasl:
-	  Added new plugins.
+	scripts/secpod_phpmyadmin_remote_command_exe_vuln_900130.nasl,
+	scripts/secpod_phpmyadmin_xss_vuln_900134.nasl:
+	Added new plugins.
 
-	 * scripts/gb_ms08-033.nasl:
-	 Updated the regex.
+	 * scripts/gb_ms08-033.nasl: Updated the regex.
 
-2008-10-01 Chandrashekhar B <bchandra at secpod.com>
+2008-10-01  Chandrashekhar B <bchandra at secpod.com>
 
 	* scripts/gb_adobe_prdts_code_exec_vuln_win.nasl,
-	  scripts/gb_openoffice_rtl_allocatememory_bof_vuln_lin.nasl,
-	  scripts/gb_openoffice_rtl_allocatememory_bof_vuln_win.nasl:
-	  Added new plugins.
+	scripts/gb_openoffice_rtl_allocatememory_bof_vuln_lin.nasl,
+	scripts/gb_openoffice_rtl_allocatememory_bof_vuln_win.nasl:
+	Added new plugins.
 
-2008-10-01 Chandrashekhar B <bchandra at secpod.com>
+2008-10-01  Chandrashekhar B <bchandra at secpod.com>
 
 	* scripts/ssh_get_info.nasl:
-	  Changed the name as it conflicts with gather-package-list.nasl.
+	Changed the name as it conflicts with gather-package-list.nasl.
 
 2008-09-30 Chandrashekhar B <bchandra at secpod.com>
 
 	* scripts/gb_ms08-033.nasl,
-	  scripts/gb_ms08-030.nasl:
-	  Added new plugins.
+	scripts/gb_ms08-030.nasl:
+	Added new plugins.
 
-2008-09-29 Chandrashekhar B <bchandra at secpod.com>
+2008-09-29  Chandrashekhar B <bchandra at secpod.com>
 
 	* scripts/gb_vmware_prdts_prv_esc_vuln.nasl,
-	  scripts/gb_vmware_prdts_detect_win.nasl:
-	  Updated to fix the issues and included a new CVE.
+	scripts/gb_vmware_prdts_detect_win.nasl:
+	Updated to fix the issues and included a new CVE.
 
 	* scripts/gb_ms08-031.nasl,
-	  scripts/secpod_ie_supersede.inc,
-	  scripts/gb_vmware_prdts_vix_api_mult_vuln.nasl:
-	  Added new plugins.
+	scripts/secpod_ie_supersede.inc,
+	scripts/gb_vmware_prdts_vix_api_mult_vuln.nasl:
+	Added new plugins.
 
 2008-09-28  Thomas Reinke <reinke at securityspace.com>
 
 	* Corrected freebsd scripts variable error introduced
-	  when converting from proprietary function names to
-	  openvas function naming convention.
+	when converting from proprietary function names to
+	openvas function naming convention.
 
 	* glsa_200809_16.nasl glsa_200809_17.nasl glsa_200809_18.nasl
-	  Added new plugins
+	Added new plugins
 
-2008-09-26 Chandrashekhar <bchandra at secpod.com>
+2008-09-26  Chandrashekhar <bchandra at secpod.com>
 
 	* scripts/gb_vmware_tools_local_prv_esc_vuln_win.nasl,
-	  scripts/gb_vmware_prdts_prv_esc_vuln.nasl,
-	  scripts/gb_apple_quicktime_mult_vuln_win.nasl,
-	  scripts/gb_ca_etrust_scm_mult_vuln.nasl,
-	  scripts/gb_vmware_tools_local_prv_esc_vuln_lin.nasl:
-	  Added new plugins.
+	scripts/gb_vmware_prdts_prv_esc_vuln.nasl,
+	scripts/gb_apple_quicktime_mult_vuln_win.nasl,
+	scripts/gb_ca_etrust_scm_mult_vuln.nasl,
+	scripts/gb_vmware_tools_local_prv_esc_vuln_lin.nasl:
+	Added new plugins.
 
 	* scripts/secpod_smb_func.inc,
-	  scripts/gb_vmware_prdts_detect_win.nasl,
-	  scripts/gb_vmware_prdts_mult_vuln_win.nasl:
-	  Incorporated review changes.
+	scripts/gb_vmware_prdts_detect_win.nasl,
+	scripts/gb_vmware_prdts_mult_vuln_win.nasl:
+	Incorporated review changes.
 
-2008-09-26 Chandrashekhar B <bchandra at secpod.com>
+2008-09-26  Chandrashekhar B <bchandra at secpod.com>
 
 	* scripts/gb_vmware_prdts_detect_win.nasl,
-	  scripts/freebsd_opendchub.nasl:
-	  Fixed script parse errors.
+	scripts/freebsd_opendchub.nasl:
+	Fixed script parse errors.
 
-2008-09-26 Chandrashekhar B <bchandra at secpod.com>
+2008-09-26  Chandrashekhar B <bchandra at secpod.com>
 
 	* scripts/gb_vmware_prdts_detect_lin.nasl,
-	  scripts/gb_vmware_prdts_mult_vuln_lin.nasl:
-	  Incorporated review comments.
+	scripts/gb_vmware_prdts_mult_vuln_lin.nasl:
+	Incorporated review comments.
 
-2008-09-26 Chandrashekhar B <bchandra at secpod.com>
+2008-09-26  Chandrashekhar B <bchandra at secpod.com>
 
 	* scripts/secpod_proftpd_cmd_handling_sec_vuln_900133.nasl,
-	  scripts/secpod_office_products_version_900032.nasl,
-	  scripts/secpod_nms_dvd_burning_sdk_actvx_vuln_900132.nasl,
-	  scripts/secpod_ms_iexplorer_dos_vuln_900131.nasl:
-	  Added new scripts and modified Office product version detection.
+	scripts/secpod_office_products_version_900032.nasl,
+	scripts/secpod_nms_dvd_burning_sdk_actvx_vuln_900132.nasl,
+	scripts/secpod_ms_iexplorer_dos_vuln_900131.nasl:
+	Added new scripts and modified Office product version detection.
 
 2008-09-25  Vlatko Kosturjak <kost at linux.hr>
 
 	* scripts/remote-MS00-006.nasl: corrected script id
 
-2008-09-25 Chandrashekhar B <bchandra at secpod.com>
+2008-09-25  Chandrashekhar B <bchandra at secpod.com>
 
 	* scripts/secpod_smb_func.inc:
-	  Removed smb_nt.inc to correct multiple import errors
-	  in the dump.
+	Removed smb_nt.inc to correct multiple import errors
+	in the dump.
 
 	* scripts/gb_vmware_prdts_detect_win.nasl:
-	  Include smb_nt.inc.
+	Include smb_nt.inc.
 
-2008-09-25 Chandrashekhar B <bchandra at secpod.com>
+2008-09-25  Chandrashekhar B <bchandra at secpod.com>
 
 	* scripts/gb_vmware_prdts_detect_lin.nasl,
-	  scripts/gb_vmware_prdts_detect_win.nasl,
-	  scripts/gb_vmware_prdts_mult_vuln_lin.nasl,
-	  scripts/gb_vmware_prdts_mult_vuln_win.nasl:
-	  Code formatting changes and deleted the respective
-	  plugins with script_id in the file names.
+	scripts/gb_vmware_prdts_detect_win.nasl,
+	scripts/gb_vmware_prdts_mult_vuln_lin.nasl,
+	scripts/gb_vmware_prdts_mult_vuln_win.nasl:
+	Code formatting changes and deleted the respective
+	plugins with script_id in the file names.
 
-2008-08-25 Chandrashekhar B <bchandra at secpod.com>
+2008-08-25  Chandrashekhar B <bchandra at secpod.com>
 
 	* scripts/secpod_apple_quicktime_mult_vuln_900121.nasl,
-	  scripts/secpod_apple_quicktime_detection_win_900124.nasl,
- 	  scripts/secpod_simple_machines_forum_sec_bypass_vuln_900118.nasl,
-	  scripts/secpod_ibm_db2_detect_linux_900217.nasl,
-	  scripts/secpod_ibm_db2_8_udb_mult_vuln_win_900215.nasl,
-	  scripts/secpod_personal_ftp_server_dos_vuln_900127.nasl,
-	  scripts/secpod_ibm_db2_detect_win_900218.nasl,
-	  scripts/secpod_ibmhttpserver_mod_proxy_dos_900222.nasl,
-	  scripts/secpod_apple_itunes_prv_esc_vuln_900122.nasl,
-	  scripts/secpod_wordpress_mult_vuln_900219.nasl,
-	  scripts/secpod_mysql_dos_vuln_900221.nasl,
-	  scripts/secpod_trendmicro_officescan_bof_vuln_sept08_900220.nasl,
-	  scripts/secpod_ibm_db2_8_udb_mult_vuln_lin_900216.nasl,
-	  scripts/secpod_zonealarm_net_sec_suite_bof_vuln_900126.nasl,
-	  scripts/secpod_apple_itunes_detection_win_900123.nasl:
-	  Added new scripts.
+	scripts/secpod_apple_quicktime_detection_win_900124.nasl,
+ 	scripts/secpod_simple_machines_forum_sec_bypass_vuln_900118.nasl,
+	scripts/secpod_ibm_db2_detect_linux_900217.nasl,
+	scripts/secpod_ibm_db2_8_udb_mult_vuln_win_900215.nasl,
+	scripts/secpod_personal_ftp_server_dos_vuln_900127.nasl,
+	scripts/secpod_ibm_db2_detect_win_900218.nasl,
+	scripts/secpod_ibmhttpserver_mod_proxy_dos_900222.nasl,
+	scripts/secpod_apple_itunes_prv_esc_vuln_900122.nasl,
+	scripts/secpod_wordpress_mult_vuln_900219.nasl,
+	scripts/secpod_mysql_dos_vuln_900221.nasl,
+	scripts/secpod_trendmicro_officescan_bof_vuln_sept08_900220.nasl,
+	scripts/secpod_ibm_db2_8_udb_mult_vuln_lin_900216.nasl,
+	scripts/secpod_zonealarm_net_sec_suite_bof_vuln_900126.nasl,
+	scripts/secpod_apple_itunes_detection_win_900123.nasl:
+	Added new scripts.
 
-2008-08-25 Chandrashekhar B <bchandra at secpod.com>
+2008-08-25  Chandrashekhar B <bchandra at secpod.com>
 
 	* scripts/smb_logins.nasl:
-	  Updated the KB items names to reflect that
-	  of smb_authorization.nasl.
+	Updated the KB items names to reflect that
+	of smb_authorization.nasl.
 
 2008-09-24  Thomas Reinke <reinke at securityspace.com>
    
 	* Removed legacy gentoo scripts that were no longer
-	  being maintained, and were non functional due
-	  to missing prerequisite.
-	  Added replacement gentoo scripts that work with
-	  gather-package-list.nasl and are up to date.
+	being maintained, and were non functional due
+	to missing prerequisite.
+	* Added replacement gentoo scripts that work with
+	gather-package-list.nasl and are up to date.
 
 2008-09-24  Thomas Reinke <reinke at securityspace.com>
 
 	* deb_1634_2.nasl deb_1638_1.nasl deb_1639_1.nasl
-	  deb_1640_1.nasl deb_1641_1.nasl deb_1642_1.nasl
-	  freebsd_firefox34.nasl freebsd_gallery3.nasl
-	  freebsd_phpMyAdmin15.nasl freebsd_phpMyAdmin16.nasl
-	  freebsd_proftpd4.nasl freebsd_squirrelmail5.nasl
-	  New scripts
+	deb_1640_1.nasl deb_1641_1.nasl deb_1642_1.nasl
+	freebsd_firefox34.nasl freebsd_gallery3.nasl
+	freebsd_phpMyAdmin15.nasl freebsd_phpMyAdmin16.nasl
+	freebsd_proftpd4.nasl freebsd_squirrelmail5.nasl:
+	New scripts.
 
 2008-09-24  Jan-Oliver Wagner <jan-oliver.wagner at intevation.de>
 
 	* template.nasl: make clear the oid setting should not be present as long
 	as we don't have assigned them. Simplified call of script_family().
 
-2008-09-23 Chandrashekhar B <bchandra at secpod.com>
+2008-09-23  Chandrashekhar B <bchandra at secpod.com>
 
 	* scripts/gb_vmware_prdts_detect_win_800000.nasl,
-	  scripts/gb_vmware_prdts_mult_vuln_win_800002.nasl,
-	  scripts/gb_vmware_prdts_detect_lin_800001.nasl,
-	  scripts/gb_vmware_prdts_mult_vuln_lin_800003.nasl:
-	  Added new plugins for VMWare related vulnerabilities 
-	  including the VMWare detect scripts
+	scripts/gb_vmware_prdts_mult_vuln_win_800002.nasl,
+	scripts/gb_vmware_prdts_detect_lin_800001.nasl,
+	scripts/gb_vmware_prdts_mult_vuln_lin_800003.nasl:
+	Added new plugins for VMWare related vulnerabilities 
+	including the VMWare detect scripts.
 
 2008-09-23  Vlatko Kosturjak <kost at linux.hr>
 
@@ -249,13 +248,13 @@
 	* scripts/ike-scan.nasl: added warning if running on
 	multiple hosts in parallel as it is not supported
 
-2009-09-22 Chandrashekhar B <bchandra at secpod.com>
+2009-09-22  Chandrashekhar B <bchandra at secpod.com>
 	* scripts/solaris.inc : Added solaris.inc which was
-	  distributed with Tenable GPL feed
+	distributed with Tenable GPL feed
 
-2008-09-19 Chandrashekhar B <bchandra at secpod.com>
+2008-09-19  Chandrashekhar B <bchandra at secpod.com>
 	* template.nasl: Updated to include script_version() and 
-	  script_require_ports()
+	script_require_ports()
 
 2008-09-19  Jan-Oliver Wagner <jan-oliver.wagner at intevation.de>
 


From scm-commit at wald.intevation.org  Sun Oct 12 17:49:15 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Sun, 12 Oct 2008 17:49:15 +0200 (CEST)
Subject: [Openvas-commits] r1513 - trunk/openvas-server
Message-ID: <20081012154915.E1ACE406E6@pyrosoma.intevation.org>

Author: timb
Date: 2008-10-12 17:49:15 +0200 (Sun, 12 Oct 2008)
New Revision: 1513

Modified:
   trunk/openvas-server/ChangeLog
Log:
Minor typo


Modified: trunk/openvas-server/ChangeLog
===================================================================
--- trunk/openvas-server/ChangeLog	2008-10-12 15:44:17 UTC (rev 1512)
+++ trunk/openvas-server/ChangeLog	2008-10-12 15:49:15 UTC (rev 1513)
@@ -1,6 +1,6 @@
 2008-10-12  Tim Brown <timb at nth-dimension.org.uk>
 
-	* configure: Refreshed auto* (autoconf) as ./configure was barfing.
+	* configure: Refreshed auto* (aclocal && autoconf) as ./configure was barfing.
 
 	* configure, configure.in: GLIB needs to be quoted when we pass it to
 	PKG_CHECK_MODULES in configure.in, otherwise m4 tries to expand it.


From scm-commit at wald.intevation.org  Sun Oct 12 18:09:34 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Sun, 12 Oct 2008 18:09:34 +0200 (CEST)
Subject: [Openvas-commits] r1514 - trunk/openvas-server
Message-ID: <20081012160934.BB550406F4@pyrosoma.intevation.org>

Author: timb
Date: 2008-10-12 18:09:34 +0200 (Sun, 12 Oct 2008)
New Revision: 1514

Modified:
   trunk/openvas-server/ChangeLog
   trunk/openvas-server/Makefile
Log:
Now makes $localstatedir/openvas/private/CA


Modified: trunk/openvas-server/ChangeLog
===================================================================
--- trunk/openvas-server/ChangeLog	2008-10-12 15:49:15 UTC (rev 1513)
+++ trunk/openvas-server/ChangeLog	2008-10-12 16:09:34 UTC (rev 1514)
@@ -5,6 +5,8 @@
 	* configure, configure.in: GLIB needs to be quoted when we pass it to
 	PKG_CHECK_MODULES in configure.in, otherwise m4 tries to expand it.
 
+	* Makefile.in: Now makes $localstatedir/openvas/private/CA
+
 2008-10-01  Michael Wiegand <michael.wiegand at intevation.de>
 
 	* openvasd/oval_plugins.c: Changed to set OIDs exclusively; setting IDs

Modified: trunk/openvas-server/Makefile
===================================================================
--- trunk/openvas-server/Makefile	2008-10-12 15:49:15 UTC (rev 1513)
+++ trunk/openvas-server/Makefile	2008-10-12 16:09:34 UTC (rev 1514)
@@ -62,6 +62,8 @@
 	@test -d $(DESTDIR)${OPENVASD_STATEDIR}/tmp || $(INSTALL_DIR) -m 755 $(DESTDIR)${OPENVASD_STATEDIR}/tmp
 	@test -d $(DESTDIR)${OPENVASD_STATEDIR}/jobs  || $(INSTALL_DIR) -m 755 $(DESTDIR)${OPENVASD_STATEDIR}/jobs
 	@test -d $(DESTDIR)${OPENVASD_STATEDIR}/CA || $(INSTALL_DIR) -m 755 $(DESTDIR)${OPENVASD_STATEDIR}/CA
+	@test -d $(DESTDIR)${OPENVASD_STATEDIR}/private || $(INSTALL_DIR) -m 700 $(DESTDIR)${OPENVASD_STATEDIR}/private
+	@test -d $(DESTDIR)${OPENVASD_STATEDIR}/private/CA || $(INSTALL_DIR) -m 700 $(DESTDIR)${OPENVASD_STATEDIR}/private/CA
 	@test -d $(DESTDIR)${OPENVASD_LOGDIR} || $(INSTALL_DIR) -m 755 $(DESTDIR)${OPENVASD_LOGDIR}
 	@test -d $(DESTDIR)${localstatedir}/run || $(INSTALL_DIR) -m 755 $(DESTDIR)${localstatedir}/run
 	@test -d $(DESTDIR)${includedir} || $(INSTALL_DIR) -m 755 $(DESTDIR)${includedir}


From scm-commit at wald.intevation.org  Sun Oct 12 18:10:18 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Sun, 12 Oct 2008 18:10:18 +0200 (CEST)
Subject: [Openvas-commits] r1515 - trunk/openvas-server
Message-ID: <20081012161018.4F440406F4@pyrosoma.intevation.org>

Author: timb
Date: 2008-10-12 18:10:18 +0200 (Sun, 12 Oct 2008)
New Revision: 1515

Modified:
   trunk/openvas-server/ChangeLog
Log:
Minor typo


Modified: trunk/openvas-server/ChangeLog
===================================================================
--- trunk/openvas-server/ChangeLog	2008-10-12 16:09:34 UTC (rev 1514)
+++ trunk/openvas-server/ChangeLog	2008-10-12 16:10:18 UTC (rev 1515)
@@ -5,7 +5,7 @@
 	* configure, configure.in: GLIB needs to be quoted when we pass it to
 	PKG_CHECK_MODULES in configure.in, otherwise m4 tries to expand it.
 
-	* Makefile.in: Now makes $localstatedir/openvas/private/CA
+	* Makefile: Now makes $localstatedir/openvas/private/CA
 
 2008-10-01  Michael Wiegand <michael.wiegand at intevation.de>
 


From scm-commit at wald.intevation.org  Sun Oct 12 20:35:15 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Sun, 12 Oct 2008 20:35:15 +0200 (CEST)
Subject: [Openvas-commits] r1517 - in trunk/openvas-libraries: .
	packaging/debian
Message-ID: <20081012183515.D3D10406E6@pyrosoma.intevation.org>

Author: timb
Date: 2008-10-12 20:35:14 +0200 (Sun, 12 Oct 2008)
New Revision: 1517

Removed:
   trunk/openvas-libraries/packaging/debian/libopenvas1-dev.install
   trunk/openvas-libraries/packaging/debian/libopenvas1.install
Modified:
   trunk/openvas-libraries/ChangeLog
   trunk/openvas-libraries/packaging/debian/changelog
   trunk/openvas-libraries/packaging/debian/control
   trunk/openvas-libraries/packaging/debian/copyright
   trunk/openvas-libraries/packaging/debian/rules
Log:
New upstream release
Cleaned up the rules
Updated copyright


Modified: trunk/openvas-libraries/ChangeLog
===================================================================
--- trunk/openvas-libraries/ChangeLog	2008-10-12 18:10:54 UTC (rev 1516)
+++ trunk/openvas-libraries/ChangeLog	2008-10-12 18:35:14 UTC (rev 1517)
@@ -1,3 +1,11 @@
+2008-10-12  Tim Brown <timb at nth-dimension.org.uk>
+
+	* openvas-client/packaging/debian/changelog: Updated.
+
+	* openvas-client/packaging/debian/copyright: Updated.
+
+	* openvas-client/packaging/debian/rules: Cleaned up.
+
 2008-10-09  Michael Wiegand <michael.wiegand at intevation.de>
 
 	* libopenvas/pcap.c: Added missing include for config.h; this fixes a

Modified: trunk/openvas-libraries/packaging/debian/changelog
===================================================================
--- trunk/openvas-libraries/packaging/debian/changelog	2008-10-12 18:10:54 UTC (rev 1516)
+++ trunk/openvas-libraries/packaging/debian/changelog	2008-10-12 18:35:14 UTC (rev 1517)
@@ -1,3 +1,11 @@
+openvas-libraries (2.0.0.beta1-1) UNRELEASED; urgency=low
+
+  * New upstream release
+  * Cleaned up the rules
+  * Updated copyright
+
+ -- Tim Brown <timb at nth-dimension.org.uk>  Sun, 12 Oct 2008 19:23:20 +0100
+
 openvas-libraries (1.0.2-2) UNRELEASED; urgency=low
 
   * Not released yet
@@ -48,7 +56,7 @@
   * Minor updates to control file, now lists jfs as uploader, fixed deprecated
     ${Source-Version} substvar, Build-Depends directive
   * Minor update to rules file, DH_COMPAT environment variable no longer required
-  * Minor update to libopenvas1-dev.install
+  * Minor update to libopenvas2-dev.install
 
  -- Tim Brown <timb at nth-dimension.org.uk>  Wed, 16 Apr 2008 05:21:09 +0100
 

Modified: trunk/openvas-libraries/packaging/debian/control
===================================================================
--- trunk/openvas-libraries/packaging/debian/control	2008-10-12 18:10:54 UTC (rev 1516)
+++ trunk/openvas-libraries/packaging/debian/control	2008-10-12 18:35:14 UTC (rev 1517)
@@ -9,10 +9,11 @@
 Vcs-Svn: https://svn.wald.intevation.org/svn/openvas/trunk/openvas-libraries/packaging/debian/
 Standards-Version: 3.8.0
 
-Package: libopenvas1-dev
+Package: libopenvas2-dev
 Section: libdevel
 Architecture: any
-Depends: libopenvas1 (= ${binary:Version}), libgnutls-dev, libpcap-dev
+Depends: libopenvas2 (= ${binary:Version}), libgnutls-dev, libpcap-dev
+Replaces: libopenvas1-dev
 Description: OpenVAS static libraries and headers
  The OpenVAS Security Scanner is a security auditing tool. It makes
  possible to test security modules in an attempt to find vulnerable
@@ -25,10 +26,11 @@
  This package contains the required static libraries, headers, and
  openvas-config script.
 
-Package: libopenvas1
+Package: libopenvas2
 Section: libs
 Architecture: any
 Depends: ${shlibs:Depends}, ${misc:Depends}
+Replaces: libopenvas1
 Description: OpenVAS shared libraries
  The OpenVAS Security Scanner is a security auditing tool. It makes
  possible to test security modules in an attempt to find vulnerable

Modified: trunk/openvas-libraries/packaging/debian/copyright
===================================================================
--- trunk/openvas-libraries/packaging/debian/copyright	2008-10-12 18:10:54 UTC (rev 1516)
+++ trunk/openvas-libraries/packaging/debian/copyright	2008-10-12 18:35:14 UTC (rev 1517)
@@ -31,6 +31,11 @@
 
      * Renaud Deraison
      * Michael Arboi
+     * Bernhard Herzog <bh at intevation.de>
+     * Jan-Oliver Wagner <jan-oliver.wagner at intevation.de>
+     * Michael Wiegand <michael.wiegand at intevation.de>
+     * Tim Brown <timb at nth-dimension.org.uk>
+     * Vlatko Kosturjak <kost at linux.hr>
 
 License:
 

Deleted: trunk/openvas-libraries/packaging/debian/libopenvas1-dev.install
===================================================================
--- trunk/openvas-libraries/packaging/debian/libopenvas1-dev.install	2008-10-12 18:10:54 UTC (rev 1516)
+++ trunk/openvas-libraries/packaging/debian/libopenvas1-dev.install	2008-10-12 18:35:14 UTC (rev 1517)
@@ -1,6 +0,0 @@
-usr/include/*
-usr/lib/lib*.a
-usr/lib/lib*.so
-usr/lib/*.la
-usr/share/man/man1/libopenvas-config.1
-usr/bin/libopenvas-config

Deleted: trunk/openvas-libraries/packaging/debian/libopenvas1.install
===================================================================
--- trunk/openvas-libraries/packaging/debian/libopenvas1.install	2008-10-12 18:10:54 UTC (rev 1516)
+++ trunk/openvas-libraries/packaging/debian/libopenvas1.install	2008-10-12 18:35:14 UTC (rev 1517)
@@ -1 +0,0 @@
-usr/lib/lib*.so.*

Modified: trunk/openvas-libraries/packaging/debian/rules
===================================================================
--- trunk/openvas-libraries/packaging/debian/rules	2008-10-12 18:10:54 UTC (rev 1516)
+++ trunk/openvas-libraries/packaging/debian/rules	2008-10-12 18:35:14 UTC (rev 1517)
@@ -1,64 +1,94 @@
 #!/usr/bin/make -f
-# Derived from dh_make example.
+# -*- makefile -*-
+# Sample debian/rules that uses debhelper.
+# This file was originally written by Joey Hess and Craig Small.
+# As a special exception, when this file is copied by dh-make into a
+# dh-make output file, you may use that output file without restriction.
+# This special exception was added by Craig Small in version 0.37 of dh-make.
 
+# Uncomment this to turn on verbose mode.
 #export DH_VERBOSE=1
-export DH_OPTIONS
 
-version		:= $(shell cat VERSION)
-tmp		:= $(CURDIR)/debian/tmp
 
-CFLAGS := -g -Wall -D_REENTRANT
-ifneq "$(findstring noopt,$(DEB_BUILD_OPTIONS))" ""
-CFLAGS += -O0
+# These are used for cross-compiling and for saving the configure script
+# from having to guess our platform (since we know it already)
+DEB_HOST_GNU_TYPE   ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
+DEB_BUILD_GNU_TYPE  ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
+ifneq ($(DEB_HOST_GNU_TYPE),$(DEB_BUILD_GNU_TYPE))
+CROSS= --build $(DEB_BUILD_GNU_TYPE) --host $(DEB_HOST_GNU_TYPE)
 else
-CFLAGS += -O2
+CROSS= --build $(DEB_BUILD_GNU_TYPE)
 endif
 
+
+
+
+# shared library versions, option 1
+version=2.0.5
+major=2
+# option 2, assuming the library is created as src/.libs/libfoo.so.2.0.5 or so
+#version=`ls src/.libs/lib*.so.* | \
+# awk '{if (match($$0,/[0-9]+\.[0-9]+\.[0-9]+$$/)) print substr($$0,RSTART)}'`
+#major=`ls src/.libs/lib*.so.* | \
+# awk '{if (match($$0,/\.so\.[0-9]+$$/)) print substr($$0,RSTART+4)}'`
+
+config.status: configure
+	dh_testdir
+	# Add here commands to configure the package.
+ifneq "$(wildcard /usr/share/misc/config.sub)" ""
+	cp -f /usr/share/misc/config.sub config.sub
+endif
+ifneq "$(wildcard /usr/share/misc/config.guess)" ""
+	cp -f /usr/share/misc/config.guess config.guess
+endif
+	./configure $(CROSS) --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info --localstatedir=/var CFLAGS="$(CFLAGS)" LDFLAGS="-Wl,-z,defs"
+
+
 build: build-stamp
 build-stamp: config.status
 	dh_testdir
-	$(MAKE) localstatedir=/var
+
+	# Add here commands to compile the package.
+	$(MAKE)
 	touch $@
 
-config.status: configure
-	CFLAGS="$(CFLAGS)" ./configure --prefix=/usr --sysconfdir=/etc \
-	--localstatedir=/var  --mandir='$${prefix}/share/man' \
-	--enable-static --enable-cipher
-
 clean:
 	dh_testdir
 	dh_testroot
+	rm -f build-stamp
+
+	# Add here commands to clean up after the build process.
 	touch openvas-libraries.tmpl
 	[ ! -f Makefile ] || $(MAKE) distclean
-	dh_clean build-stamp
+	rm -f config.sub config.guess
 
-install: DH_OPTIONS=
-install: build-stamp
+	dh_clean
+
+install: build
 	dh_testdir
 	dh_testroot
 	dh_clean -k
-	$(MAKE) install prefix=$(tmp)/usr
-	dh_installdirs -plibopenvas1-dev usr/share/doc/libopenvas1
-	dh_install --sourcedir=debian/tmp
-	find debian/libopenvas1/usr -type d -empty | xargs -r rmdir -p --ignore-fail-on-non-empty
-	find debian/libopenvas1-dev/usr -type d -empty | xargs -r rmdir -p --ignore-fail-on-non-empty
+	dh_installdirs
 
-binary-indep:
-# Nothing.
+	# Add here commands to install the package into debian/tmp
+	$(MAKE) prefix=$(CURDIR)/debian/tmp/usr install
 
-binary-arch: DH_OPTIONS=-a
-binary-arch: install
+# Build architecture-independent files here.
+binary-indep: build install
+# We have nothing to do by default.
+
+# Build architecture-dependent files here.
+binary-arch: build install
 	dh_testdir
 	dh_testroot
+	dh_installchangelogs ChangeLog
 	dh_installdocs
-	( cd debian/libopenvas1-dev/usr/share/doc/ ; rm -rf libopenvas1-dev; ln -s libopenvas1 libopenvas1-dev; )
-	dh_installchangelogs
-ifeq "$(findstring nostrip,$(DEB_BUILD_OPTIONS))" ""
+	dh_install --sourcedir=debian/tmp
+	( cd debian/libopenvas2-dev/usr/share/doc/ ; rm -rf libopenvas2-dev; ln -s libopenvas2 libopenvas2-dev; )
 	dh_strip
-endif
 	dh_compress
 	dh_fixperms
-	dh_makeshlibs -V "libopenvas1 (>= $(version))"
+	dh_makeshlibs -V
 	dh_installdeb
 	dh_shlibdeps
 	dh_gencontrol


From scm-commit at wald.intevation.org  Sun Oct 12 20:38:20 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Sun, 12 Oct 2008 20:38:20 +0200 (CEST)
Subject: [Openvas-commits] r1518 - in trunk/openvas-libraries: .
	packaging/debian
Message-ID: <20081012183820.0E78E406E6@pyrosoma.intevation.org>

Author: timb
Date: 2008-10-12 20:38:19 +0200 (Sun, 12 Oct 2008)
New Revision: 1518

Added:
   trunk/openvas-libraries/packaging/debian/libopenvas2-dev.dirs
   trunk/openvas-libraries/packaging/debian/libopenvas2-dev.install
   trunk/openvas-libraries/packaging/debian/libopenvas2.dirs
   trunk/openvas-libraries/packaging/debian/libopenvas2.install
Modified:
   trunk/openvas-libraries/ChangeLog
Log:
Cleaned up the rules


Modified: trunk/openvas-libraries/ChangeLog
===================================================================
--- trunk/openvas-libraries/ChangeLog	2008-10-12 18:35:14 UTC (rev 1517)
+++ trunk/openvas-libraries/ChangeLog	2008-10-12 18:38:19 UTC (rev 1518)
@@ -1,11 +1,16 @@
 2008-10-12  Tim Brown <timb at nth-dimension.org.uk>
 
-	* openvas-client/packaging/debian/changelog: Updated.
+	* packaging/debian/changelog: Updated.
 
-	* openvas-client/packaging/debian/copyright: Updated.
+	* packaging/debian/copyright: Updated.
 
-	* openvas-client/packaging/debian/rules: Cleaned up.
+	* packaging/debian/rules: Cleaned up.
 
+	* packaging/debian/libopenvas2-dev.dirs,
+	packaging/debian/libopenvas2-dev.install,
+	packaging/debian/libopenvas2.dirs,
+	packaging/debian/libopenvas2.install: Added.
+
 2008-10-09  Michael Wiegand <michael.wiegand at intevation.de>
 
 	* libopenvas/pcap.c: Added missing include for config.h; this fixes a

Added: trunk/openvas-libraries/packaging/debian/libopenvas2-dev.dirs
===================================================================
--- trunk/openvas-libraries/packaging/debian/libopenvas2-dev.dirs	2008-10-12 18:35:14 UTC (rev 1517)
+++ trunk/openvas-libraries/packaging/debian/libopenvas2-dev.dirs	2008-10-12 18:38:19 UTC (rev 1518)
@@ -0,0 +1,2 @@
+usr/lib
+usr/include

Added: trunk/openvas-libraries/packaging/debian/libopenvas2-dev.install
===================================================================
--- trunk/openvas-libraries/packaging/debian/libopenvas2-dev.install	2008-10-12 18:35:14 UTC (rev 1517)
+++ trunk/openvas-libraries/packaging/debian/libopenvas2-dev.install	2008-10-12 18:38:19 UTC (rev 1518)
@@ -0,0 +1,6 @@
+usr/include/*
+usr/lib/lib*.a
+usr/lib/lib*.so
+usr/lib/*.la
+usr/share/man/man1/libopenvas-config.1
+usr/bin/libopenvas-config

Added: trunk/openvas-libraries/packaging/debian/libopenvas2.dirs
===================================================================
--- trunk/openvas-libraries/packaging/debian/libopenvas2.dirs	2008-10-12 18:35:14 UTC (rev 1517)
+++ trunk/openvas-libraries/packaging/debian/libopenvas2.dirs	2008-10-12 18:38:19 UTC (rev 1518)
@@ -0,0 +1,2 @@
+usr/lib
+usr/share/doc/libopenvas2

Added: trunk/openvas-libraries/packaging/debian/libopenvas2.install
===================================================================
--- trunk/openvas-libraries/packaging/debian/libopenvas2.install	2008-10-12 18:35:14 UTC (rev 1517)
+++ trunk/openvas-libraries/packaging/debian/libopenvas2.install	2008-10-12 18:38:19 UTC (rev 1518)
@@ -0,0 +1 @@
+usr/lib/lib*.so.*


From scm-commit at wald.intevation.org  Sun Oct 12 20:40:05 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Sun, 12 Oct 2008 20:40:05 +0200 (CEST)
Subject: [Openvas-commits] r1519 - trunk/openvas-client
Message-ID: <20081012184005.D7F0A406E6@pyrosoma.intevation.org>

Author: timb
Date: 2008-10-12 20:40:04 +0200 (Sun, 12 Oct 2008)
New Revision: 1519

Modified:
   trunk/openvas-client/ChangeLog
Log:
Fixed typos


Modified: trunk/openvas-client/ChangeLog
===================================================================
--- trunk/openvas-client/ChangeLog	2008-10-12 18:38:19 UTC (rev 1518)
+++ trunk/openvas-client/ChangeLog	2008-10-12 18:40:04 UTC (rev 1519)
@@ -4,11 +4,11 @@
 	packaging/debian/patches/02_update_configure.dpatch
 	openvas-client/packaging/debian/patches/00list: Removed.
 
-	* openvas-client/packaging/debian/changelog: Updated.
+	* packaging/debian/changelog: Updated.
 
-	* openvas-client/packaging/debian/copyright: Updated.
+	* packaging/debian/copyright: Updated.
 
-	* openvas-client/packaging/debian/rules: Cleaned up.
+	* packaging/debian/rules: Cleaned up.
 
 2008-10-06  Michael Wiegand <michael.wiegand at intevation.de>
 


From scm-commit at wald.intevation.org  Sun Oct 12 21:01:10 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Sun, 12 Oct 2008 21:01:10 +0200 (CEST)
Subject: [Openvas-commits] r1520 - in trunk/openvas-libnasl: .
	packaging/debian
Message-ID: <20081012190110.A15C5406E6@pyrosoma.intevation.org>

Author: timb
Date: 2008-10-12 21:01:10 +0200 (Sun, 12 Oct 2008)
New Revision: 1520

Added:
   trunk/openvas-libnasl/packaging/debian/libopenvasnasl2-dev.dirs
   trunk/openvas-libnasl/packaging/debian/libopenvasnasl2-dev.install
   trunk/openvas-libnasl/packaging/debian/libopenvasnasl2.dirs
   trunk/openvas-libnasl/packaging/debian/libopenvasnasl2.install
Removed:
   trunk/openvas-libnasl/packaging/debian/libopenvasnasl1-dev.install
   trunk/openvas-libnasl/packaging/debian/libopenvasnasl1.install
Modified:
   trunk/openvas-libnasl/ChangeLog
   trunk/openvas-libnasl/packaging/debian/changelog
   trunk/openvas-libnasl/packaging/debian/control
   trunk/openvas-libnasl/packaging/debian/copyright
   trunk/openvas-libnasl/packaging/debian/rules
Log:
New upstream release
Cleaned up the rules
Updated copyright


Modified: trunk/openvas-libnasl/ChangeLog
===================================================================
--- trunk/openvas-libnasl/ChangeLog	2008-10-12 18:40:04 UTC (rev 1519)
+++ trunk/openvas-libnasl/ChangeLog	2008-10-12 19:01:10 UTC (rev 1520)
@@ -6,6 +6,17 @@
 	(aclocal && libtoolize --copy --force) as libraries were
 	being created with *no* extension.
 
+	* packaging/debian/changelog: Updated.
+
+	* packaging/debian/copyright: Updated.
+
+	* packaging/debian/rules: Cleaned up.
+
+	* packaging/debian/libopenvasnasl2-dev.dirs,
+	packaging/debian/libopenvasnasl2-dev.install,
+	packaging/debian/libopenvasnasl2.dirs,
+	packaging/debian/libopenvasnasl2.install: Added.
+
 2008-10-05  Tim Brown <timb at nth-dimension.org.uk>
 
 	* nasl/nasl_cmd_exec.c: Fixed potential symlink attacks against fread,

Modified: trunk/openvas-libnasl/packaging/debian/changelog
===================================================================
--- trunk/openvas-libnasl/packaging/debian/changelog	2008-10-12 18:40:04 UTC (rev 1519)
+++ trunk/openvas-libnasl/packaging/debian/changelog	2008-10-12 19:01:10 UTC (rev 1520)
@@ -1,3 +1,13 @@
+openvas-libnasl (2.0.0.beta1-1) UNRELEASED; urgency=low
+
+  * New upstream release
+  * Refreshed auto* (aclocal && libtoolize --copy --force) as libraries were
+    being created with *no* extension
+  * Cleaned up the rules
+  * Updated copyright
+
+ -- Tim Brown <timb at nth-dimension.org.uk>  Sun, 12 Oct 2008 19:53:32 +0100
+
 openvas-libnasl (1.0.1-1) unstable; urgency=low
 
   * New upstream release

Modified: trunk/openvas-libnasl/packaging/debian/control
===================================================================
--- trunk/openvas-libnasl/packaging/debian/control	2008-10-12 18:40:04 UTC (rev 1519)
+++ trunk/openvas-libnasl/packaging/debian/control	2008-10-12 19:01:10 UTC (rev 1520)
@@ -3,16 +3,17 @@
 Priority: optional
 Maintainer: Debian OpenVAS Maintainers <openvas-distro-deb at wald.intevation.org>
 Uploaders: Tim Brown <timb at nth-dimension.org.uk>, Javier Fernandez-Sanguino Pen~a <jfs at debian.org>, Jan Wagner <waja at cyconet.org>
-Build-Depends: debhelper (>= 5), autotools-dev, libopenvas1-dev (>= 1.0.2) , libgpgme11-dev (>= 1.1.5), bison, libpcap0.8-dev, libgcrypt11-dev, libgnutls-dev
+Build-Depends: debhelper (>= 5), autotools-dev, libopenvas2-dev (>= 2.0.0) , libgpgme11-dev (>= 1.1.5), bison, libpcap0.8-dev, libgcrypt11-dev, libgnutls-dev, libglib2.0-dev
 Homepage: http://www.openvas.org/
 Vcs-Browser: http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-libnasl/packaging/debian/?root=openvas
 Vcs-Svn: https://svn.wald.intevation.org/svn/openvas/trunk/openvas-libnasl/packaging/debian/
 Standards-Version: 3.8.0
 
-Package: libopenvasnasl1-dev
+Package: libopenvasnasl2-dev
 Section: libdevel
 Architecture: any
-Depends: libopenvasnasl1 (= ${binary:Version}), ${shlibs:Depends}, libopenvas1-dev (>= 1.0.2) , libgpgme11-dev (>= 1.1.5), libpcap0.8-dev, libgcrypt11-dev, libgnutls-dev
+Depends: libopenvasnasl2 (= ${binary:Version}), ${shlibs:Depends}, libopenvas2-dev (>= 2.0.0) , libgpgme11-dev (>= 1.1.5), libpcap0.8-dev, libgcrypt11-dev, libgnutls-dev
+Replaces: libopenvasnasl1-dev
 Description: OpenVAS static libraries and headers
  The OpenVAS Security Scanner is a security auditing tool. It makes
  possible to test security modules in an attempt to find vulnerable
@@ -25,10 +26,11 @@
  This package contains the required static libraries, headers, and
  the openvas-config script.
 
-Package: libopenvasnasl1
+Package: libopenvasnasl2
 Section: libs
 Architecture: any
 Depends: ${shlibs:Depends}, ${misc:Depends}
+Replaces: libopenvasnasl1
 Description: OpenVAS shared libraries
  The OpenVAS Security Scanner is a security auditing tool. It makes
  possible to test security modules in an attempt to find vulnerable

Modified: trunk/openvas-libnasl/packaging/debian/copyright
===================================================================
--- trunk/openvas-libnasl/packaging/debian/copyright	2008-10-12 18:40:04 UTC (rev 1519)
+++ trunk/openvas-libnasl/packaging/debian/copyright	2008-10-12 19:01:10 UTC (rev 1520)
@@ -33,6 +33,11 @@
      * Jan-Oliver Wagner <jan.oliver.wagner at intevation.de>
      * Andrew Tridgell
      * Luke Kenneth Casson Leighton
+     * Bernhard Herzog <bh at intevation.de>
+     * Chandrashekhar B <bchandra at secpod.com>
+     * Javier Fernandez-Sanguino <jfs at computer.org>
+     * Michael Wiegand <michael.wiegand at intevation.de>
+     * Tim Brown <timb at nth-dimension.org.uk>
 
 License:
 

Deleted: trunk/openvas-libnasl/packaging/debian/libopenvasnasl1-dev.install
===================================================================
--- trunk/openvas-libnasl/packaging/debian/libopenvasnasl1-dev.install	2008-10-12 18:40:04 UTC (rev 1519)
+++ trunk/openvas-libnasl/packaging/debian/libopenvasnasl1-dev.install	2008-10-12 19:01:10 UTC (rev 1520)
@@ -1,8 +0,0 @@
-usr/include/*
-usr/lib/lib*.a
-usr/lib/lib*.so
-usr/lib/*.la
-usr/share/man/man1/openvas-libnasl-config.1
-usr/share/man/man1/openvas-nasl.1
-usr/bin/openvas-libnasl-config
-usr/bin/openvas-nasl

Deleted: trunk/openvas-libnasl/packaging/debian/libopenvasnasl1.install
===================================================================
--- trunk/openvas-libnasl/packaging/debian/libopenvasnasl1.install	2008-10-12 18:40:04 UTC (rev 1519)
+++ trunk/openvas-libnasl/packaging/debian/libopenvasnasl1.install	2008-10-12 19:01:10 UTC (rev 1520)
@@ -1 +0,0 @@
-usr/lib/lib*.so.*

Added: trunk/openvas-libnasl/packaging/debian/libopenvasnasl2-dev.dirs
===================================================================
--- trunk/openvas-libnasl/packaging/debian/libopenvasnasl2-dev.dirs	2008-10-12 18:40:04 UTC (rev 1519)
+++ trunk/openvas-libnasl/packaging/debian/libopenvasnasl2-dev.dirs	2008-10-12 19:01:10 UTC (rev 1520)
@@ -0,0 +1,2 @@
+usr/lib
+usr/include

Added: trunk/openvas-libnasl/packaging/debian/libopenvasnasl2-dev.install
===================================================================
--- trunk/openvas-libnasl/packaging/debian/libopenvasnasl2-dev.install	2008-10-12 18:40:04 UTC (rev 1519)
+++ trunk/openvas-libnasl/packaging/debian/libopenvasnasl2-dev.install	2008-10-12 19:01:10 UTC (rev 1520)
@@ -0,0 +1,8 @@
+usr/include/*
+usr/lib/lib*.a
+usr/lib/*.la
+usr/lib/lib*.so
+usr/share/man/man1/openvas-libnasl-config.1
+usr/share/man/man1/openvas-nasl.1
+usr/bin/openvas-libnasl-config
+usr/bin/openvas-nasl

Added: trunk/openvas-libnasl/packaging/debian/libopenvasnasl2.dirs
===================================================================
--- trunk/openvas-libnasl/packaging/debian/libopenvasnasl2.dirs	2008-10-12 18:40:04 UTC (rev 1519)
+++ trunk/openvas-libnasl/packaging/debian/libopenvasnasl2.dirs	2008-10-12 19:01:10 UTC (rev 1520)
@@ -0,0 +1,2 @@
+usr/lib
+usr/share/doc/libopenvasnasl2

Added: trunk/openvas-libnasl/packaging/debian/libopenvasnasl2.install
===================================================================
--- trunk/openvas-libnasl/packaging/debian/libopenvasnasl2.install	2008-10-12 18:40:04 UTC (rev 1519)
+++ trunk/openvas-libnasl/packaging/debian/libopenvasnasl2.install	2008-10-12 19:01:10 UTC (rev 1520)
@@ -0,0 +1 @@
+usr/lib/lib*.so.*

Modified: trunk/openvas-libnasl/packaging/debian/rules
===================================================================
--- trunk/openvas-libnasl/packaging/debian/rules	2008-10-12 18:40:04 UTC (rev 1519)
+++ trunk/openvas-libnasl/packaging/debian/rules	2008-10-12 19:01:10 UTC (rev 1520)
@@ -1,64 +1,94 @@
 #!/usr/bin/make -f
-# Derived from dh_make example.
+# -*- makefile -*-
+# Sample debian/rules that uses debhelper.
+# This file was originally written by Joey Hess and Craig Small.
+# As a special exception, when this file is copied by dh-make into a
+# dh-make output file, you may use that output file without restriction.
+# This special exception was added by Craig Small in version 0.37 of dh-make.
 
+# Uncomment this to turn on verbose mode.
 #export DH_VERBOSE=1
-export DH_OPTIONS
 
-version		:= $(shell cat VERSION)
-tmp		:= $(CURDIR)/debian/tmp
 
-CFLAGS := -g -Wall -D_REENTRANT
-ifneq "$(findstring noopt,$(DEB_BUILD_OPTIONS))" ""
-CFLAGS += -O0
+# These are used for cross-compiling and for saving the configure script
+# from having to guess our platform (since we know it already)
+DEB_HOST_GNU_TYPE   ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
+DEB_BUILD_GNU_TYPE  ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
+ifneq ($(DEB_HOST_GNU_TYPE),$(DEB_BUILD_GNU_TYPE))
+CROSS= --build $(DEB_BUILD_GNU_TYPE) --host $(DEB_HOST_GNU_TYPE)
 else
-CFLAGS += -O2
+CROSS= --build $(DEB_BUILD_GNU_TYPE)
 endif
 
+
+
+
+# shared library versions, option 1
+version=2.0.5
+major=2
+# option 2, assuming the library is created as src/.libs/libfoo.so.2.0.5 or so
+#version=`ls src/.libs/lib*.so.* | \
+# awk '{if (match($$0,/[0-9]+\.[0-9]+\.[0-9]+$$/)) print substr($$0,RSTART)}'`
+#major=`ls src/.libs/lib*.so.* | \
+# awk '{if (match($$0,/\.so\.[0-9]+$$/)) print substr($$0,RSTART+4)}'`
+
+config.status: configure
+	dh_testdir
+	# Add here commands to configure the package.
+ifneq "$(wildcard /usr/share/misc/config.sub)" ""
+	cp -f /usr/share/misc/config.sub config.sub
+endif
+ifneq "$(wildcard /usr/share/misc/config.guess)" ""
+	cp -f /usr/share/misc/config.guess config.guess
+endif
+	./configure $(CROSS) --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info --localstatedir=/var CFLAGS="$(CFLAGS)" LDFLAGS="-Wl,-z,defs"
+
+
 build: build-stamp
 build-stamp: config.status
 	dh_testdir
-	$(MAKE) localstatedir=/var
+
+	# Add here commands to compile the package.
+	$(MAKE)
 	touch $@
 
-config.status: configure
-	CFLAGS="$(CFLAGS)" ./configure --prefix=/usr --sysconfdir=/etc \
-	--localstatedir=/var  --mandir='$${prefix}/share/man' \
-	--enable-static --enable-cipher
-
 clean:
 	dh_testdir
 	dh_testroot
+	rm -f build-stamp
+
+	# Add here commands to clean up after the build process.
 	touch nasl.tmpl
 	[ ! -f Makefile ] || $(MAKE) distclean
-	dh_clean build-stamp
+	rm -f config.sub config.guess
 
-install: DH_OPTIONS=
-install: build-stamp
+	dh_clean
+
+install: build
 	dh_testdir
 	dh_testroot
 	dh_clean -k
-	$(MAKE) install DESTDIR=$(tmp)/
-	dh_installdirs -plibopenvasnasl1-dev usr/share/doc/libopenvasnasl1
-	dh_install --sourcedir=debian/tmp
-	find debian/libopenvasnasl1/usr -type d -empty | xargs -r rmdir -p --ignore-fail-on-non-empty
-	find debian/libopenvasnasl1-dev/usr -type d -empty | xargs -r rmdir -p --ignore-fail-on-non-empty
+	dh_installdirs
 
-binary-indep:
-# Nothing.
+	# Add here commands to install the package into debian/tmp
+	$(MAKE) prefix=$(CURDIR)/debian/tmp/usr install
 
-binary-arch: DH_OPTIONS=-a
-binary-arch: install
+# Build architecture-independent files here.
+binary-indep: build install
+# We have nothing to do by default.
+
+# Build architecture-dependent files here.
+binary-arch: build install
 	dh_testdir
 	dh_testroot
 	dh_installdocs
-	( cd debian/libopenvasnasl1-dev/usr/share/doc/ ; rm -rf libopenvasnasl1-dev; ln -s libopenvasnasl1 libopenvasnasl1-dev; )
-	dh_installchangelogs
-ifeq "$(findstring nostrip,$(DEB_BUILD_OPTIONS))" ""
+	dh_install --sourcedir=debian/tmp
+	( cd debian/libopenvasnasl2-dev/usr/share/doc/ ; rm -rf libopenvasnasl2-dev; ln -s libopenvasnasl2 libopenvasnasl2-dev; )
+	dh_installchangelogs ChangeLog
 	dh_strip
-endif
 	dh_compress
 	dh_fixperms
-	dh_makeshlibs -V "libopenvasnasl1 (>= $(version))"
+	dh_makeshlibs -V
 	dh_installdeb
 	dh_shlibdeps
 	dh_gencontrol


From scm-commit at wald.intevation.org  Sun Oct 12 12:26:38 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Sun, 12 Oct 2008 12:26:38 +0200 (CEST)
Subject: [Openvas-commits] r1510 - trunk/openvas-libnasl
Message-ID: <20081012102638.A4313406A5@pyrosoma.intevation.org>

Author: timb
Date: 2008-10-12 12:26:34 +0200 (Sun, 12 Oct 2008)
New Revision: 1510

Modified:
   trunk/openvas-libnasl/ChangeLog
   trunk/openvas-libnasl/aclocal.m4
   trunk/openvas-libnasl/config.guess
   trunk/openvas-libnasl/config.sub
   trunk/openvas-libnasl/ltmain.sh
Log:
Refreshed auto* (aclocal && libtoolize --copy --force) as libraries were being created with *no* extension


Modified: trunk/openvas-libnasl/ChangeLog
===================================================================
--- trunk/openvas-libnasl/ChangeLog	2008-10-12 03:42:14 UTC (rev 1509)
+++ trunk/openvas-libnasl/ChangeLog	2008-10-12 10:26:34 UTC (rev 1510)
@@ -2,6 +2,10 @@
 
 	* nasl/nasl_cmd_exec.c: Fixed problem of TRUE not being defined.
 
+	* config.guess, config.sub, ltmain.sh, aclocal.m4: Refreshed auto*
+	(aclocal && libtoolize --copy --force) as libraries were
+	being created with *no* extension.
+
 2008-10-05  Tim Brown <timb at nth-dimension.org.uk>
 
 	* nasl/nasl_cmd_exec.c: Fixed potential symlink attacks against fread,

Modified: trunk/openvas-libnasl/aclocal.m4
===================================================================
--- trunk/openvas-libnasl/aclocal.m4	2008-10-12 03:42:14 UTC (rev 1509)
+++ trunk/openvas-libnasl/aclocal.m4	2008-10-12 10:26:34 UTC (rev 1510)
@@ -1,7 +1,7 @@
-# generated automatically by aclocal 1.9.6 -*- Autoconf -*-
+# generated automatically by aclocal 1.10.1 -*- Autoconf -*-
 
 # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
-# 2005  Free Software Foundation, Inc.
+# 2005, 2006, 2007, 2008  Free Software Foundation, Inc.
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -13,7 +13,7 @@
 
 # libtool.m4 - Configure libtool for the host system. -*-Autoconf-*-
 
-# serial 48 Debian 1.5.22-4 AC_PROG_LIBTOOL
+# serial 52 Debian 1.5.26-4 AC_PROG_LIBTOOL
 
 
 # AC_PROVIDE_IFELSE(MACRO-NAME, IF-PROVIDED, IF-NOT-PROVIDED)
@@ -101,7 +101,6 @@
 AC_REQUIRE([AC_OBJEXT])dnl
 AC_REQUIRE([AC_EXEEXT])dnl
 dnl
-
 AC_LIBTOOL_SYS_MAX_CMD_LEN
 AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE
 AC_LIBTOOL_OBJDIR
@@ -176,7 +175,7 @@
 test -z "$ac_objext" && ac_objext=o
 
 # Determine commands to create old-style static archives.
-old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs$old_deplibs'
+old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs'
 old_postinstall_cmds='chmod 644 $oldlib'
 old_postuninstall_cmds=
 
@@ -203,6 +202,8 @@
   ;;
 esac
 
+_LT_REQUIRED_DARWIN_CHECKS
+
 AC_PROVIDE_IFELSE([AC_LIBTOOL_DLOPEN], enable_dlopen=yes, enable_dlopen=no)
 AC_PROVIDE_IFELSE([AC_LIBTOOL_WIN32_DLL],
 enable_win32_dll=yes, enable_win32_dll=no)
@@ -263,8 +264,9 @@
 # Check for compiler boilerplate output or warnings with
 # the simple compiler test code.
 AC_DEFUN([_LT_COMPILER_BOILERPLATE],
-[ac_outfile=conftest.$ac_objext
-printf "$lt_simple_compile_test_code" >conftest.$ac_ext
+[AC_REQUIRE([LT_AC_PROG_SED])dnl
+ac_outfile=conftest.$ac_objext
+echo "$lt_simple_compile_test_code" >conftest.$ac_ext
 eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
 _lt_compiler_boilerplate=`cat conftest.err`
 $rm conftest*
@@ -276,14 +278,86 @@
 # Check for linker boilerplate output or warnings with
 # the simple link test code.
 AC_DEFUN([_LT_LINKER_BOILERPLATE],
-[ac_outfile=conftest.$ac_objext
-printf "$lt_simple_link_test_code" >conftest.$ac_ext
+[AC_REQUIRE([LT_AC_PROG_SED])dnl
+ac_outfile=conftest.$ac_objext
+echo "$lt_simple_link_test_code" >conftest.$ac_ext
 eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
 _lt_linker_boilerplate=`cat conftest.err`
-$rm conftest*
+$rm -r conftest*
 ])# _LT_LINKER_BOILERPLATE
 
+# _LT_REQUIRED_DARWIN_CHECKS
+# --------------------------
+# Check for some things on darwin
+AC_DEFUN([_LT_REQUIRED_DARWIN_CHECKS],[
+  case $host_os in
+    rhapsody* | darwin*)
+    AC_CHECK_TOOL([DSYMUTIL], [dsymutil], [:])
+    AC_CHECK_TOOL([NMEDIT], [nmedit], [:])
 
+    AC_CACHE_CHECK([for -single_module linker flag],[lt_cv_apple_cc_single_mod],
+      [lt_cv_apple_cc_single_mod=no
+      if test -z "${LT_MULTI_MODULE}"; then
+   # By default we will add the -single_module flag. You can override
+   # by either setting the environment variable LT_MULTI_MODULE
+   # non-empty at configure time, or by adding -multi_module to the
+   # link flags.
+   echo "int foo(void){return 1;}" > conftest.c
+   $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
+     -dynamiclib ${wl}-single_module conftest.c
+   if test -f libconftest.dylib; then
+     lt_cv_apple_cc_single_mod=yes
+     rm -rf libconftest.dylib*
+   fi
+   rm conftest.c
+      fi])
+    AC_CACHE_CHECK([for -exported_symbols_list linker flag],
+      [lt_cv_ld_exported_symbols_list],
+      [lt_cv_ld_exported_symbols_list=no
+      save_LDFLAGS=$LDFLAGS
+      echo "_main" > conftest.sym
+      LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym"
+      AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])],
+   [lt_cv_ld_exported_symbols_list=yes],
+   [lt_cv_ld_exported_symbols_list=no])
+   LDFLAGS="$save_LDFLAGS"
+    ])
+    case $host_os in
+    rhapsody* | darwin1.[[0123]])
+      _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;;
+    darwin1.*)
+     _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;;
+    darwin*)
+      # if running on 10.5 or later, the deployment target defaults
+      # to the OS version, if on x86, and 10.4, the deployment
+      # target defaults to 10.4. Don't you love it?
+      case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
+   10.0,*86*-darwin8*|10.0,*-darwin[[91]]*)
+     _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;;
+   10.[[012]]*)
+     _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;;
+   10.*)
+     _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;;
+      esac
+    ;;
+  esac
+    if test "$lt_cv_apple_cc_single_mod" = "yes"; then
+      _lt_dar_single_mod='$single_module'
+    fi
+    if test "$lt_cv_ld_exported_symbols_list" = "yes"; then
+      _lt_dar_export_syms=' ${wl}-exported_symbols_list,$output_objdir/${libname}-symbols.expsym'
+    else
+      _lt_dar_export_syms="~$NMEDIT -s \$output_objdir/\${libname}-symbols.expsym \${lib}"
+    fi
+    if test "$DSYMUTIL" != ":"; then
+      _lt_dsymutil="~$DSYMUTIL \$lib || :"
+    else
+      _lt_dsymutil=
+    fi
+    ;;
+  esac
+])
+
 # _LT_AC_SYS_LIBPATH_AIX
 # ----------------------
 # Links a minimal program and checks the executable
@@ -293,12 +367,20 @@
 # If we don't find anything, use the default library path according
 # to the aix ld manual.
 AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX],
-[AC_LINK_IFELSE(AC_LANG_PROGRAM,[
-aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
-}'`
+[AC_REQUIRE([LT_AC_PROG_SED])dnl
+AC_LINK_IFELSE(AC_LANG_PROGRAM,[
+lt_aix_libpath_sed='
+    /Import File Strings/,/^$/ {
+	/^0/ {
+	    s/^0  *\(.*\)$/\1/
+	    p
+	}
+    }'
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
 # Check for a 64-bit object if we didn't find anything.
-if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
-}'`; fi],[])
+if test -z "$aix_libpath"; then
+  aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+fi],[])
 if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
 ])# _LT_AC_SYS_LIBPATH_AIX
 
@@ -529,13 +611,17 @@
   rm -rf conftest*
   ;;
 
-x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*|s390*-*linux*|sparc*-*linux*)
+x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \
+s390*-*linux*|sparc*-*linux*)
   # Find out which ABI we are using.
   echo 'int i;' > conftest.$ac_ext
   if AC_TRY_EVAL(ac_compile); then
     case `/usr/bin/file conftest.o` in
     *32-bit*)
       case $host in
+        x86_64-*kfreebsd*-gnu)
+          LD="${LD-ld} -m elf_i386_fbsd"
+          ;;
         x86_64-*linux*)
           LD="${LD-ld} -m elf_i386"
           ;;
@@ -552,6 +638,9 @@
       ;;
     *64-bit*)
       case $host in
+        x86_64-*kfreebsd*-gnu)
+          LD="${LD-ld} -m elf_x86_64_fbsd"
+          ;;
         x86_64-*linux*)
           LD="${LD-ld} -m elf_x86_64"
           ;;
@@ -592,7 +681,11 @@
     *64-bit*)
       case $lt_cv_prog_gnu_ld in
       yes*) LD="${LD-ld} -m elf64_sparc" ;;
-      *)    LD="${LD-ld} -64" ;;
+      *)
+        if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then
+	  LD="${LD-ld} -64"
+	fi
+	;;
       esac
       ;;
     esac
@@ -623,7 +716,7 @@
 AC_CACHE_CHECK([$1], [$2],
   [$2=no
   ifelse([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4])
-   printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
    lt_compiler_flag="$3"
    # Insert the option either (1) after the last *FLAGS variable, or
    # (2) before a word containing "conftest.", or (3) at the end.
@@ -664,11 +757,12 @@
 # ------------------------------------------------------------
 # Check whether the given compiler option works
 AC_DEFUN([AC_LIBTOOL_LINKER_OPTION],
-[AC_CACHE_CHECK([$1], [$2],
+[AC_REQUIRE([LT_AC_PROG_SED])dnl
+AC_CACHE_CHECK([$1], [$2],
   [$2=no
    save_LDFLAGS="$LDFLAGS"
    LDFLAGS="$LDFLAGS $3"
-   printf "$lt_simple_link_test_code" > conftest.$ac_ext
+   echo "$lt_simple_link_test_code" > conftest.$ac_ext
    if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
      # The linker can only warn and ignore the option if not recognized
      # So say no if there are warnings
@@ -684,7 +778,7 @@
        $2=yes
      fi
    fi
-   $rm conftest*
+   $rm -r conftest*
    LDFLAGS="$save_LDFLAGS"
 ])
 
@@ -782,24 +876,27 @@
     fi
     ;;
   *)
-    # If test is not a shell built-in, we'll probably end up computing a
-    # maximum length that is only half of the actual maximum length, but
-    # we can't tell.
-    SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
-    while (test "X"`$SHELL [$]0 --fallback-echo "X$teststring" 2>/dev/null` \
+    lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null`
+    if test -n "$lt_cv_sys_max_cmd_len"; then
+      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
+      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
+    else
+      SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
+      while (test "X"`$SHELL [$]0 --fallback-echo "X$teststring" 2>/dev/null` \
 	       = "XX$teststring") >/dev/null 2>&1 &&
-	    new_result=`expr "X$teststring" : ".*" 2>&1` &&
-	    lt_cv_sys_max_cmd_len=$new_result &&
-	    test $i != 17 # 1/2 MB should be enough
-    do
-      i=`expr $i + 1`
-      teststring=$teststring$teststring
-    done
-    teststring=
-    # Add a significant safety factor because C++ compilers can tack on massive
-    # amounts of additional arguments before passing them to the linker.
-    # It appears as though 1/2 is a usable value.
-    lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
+	      new_result=`expr "X$teststring" : ".*" 2>&1` &&
+	      lt_cv_sys_max_cmd_len=$new_result &&
+	      test $i != 17 # 1/2 MB should be enough
+      do
+        i=`expr $i + 1`
+        teststring=$teststring$teststring
+      done
+      teststring=
+      # Add a significant safety factor because C++ compilers can tack on massive
+      # amounts of additional arguments before passing them to the linker.
+      # It appears as though 1/2 is a usable value.
+      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
+    fi
     ;;
   esac
 ])
@@ -952,7 +1049,7 @@
     AC_CHECK_FUNC([shl_load],
 	  [lt_cv_dlopen="shl_load"],
       [AC_CHECK_LIB([dld], [shl_load],
-	    [lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-dld"],
+	    [lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld"],
 	[AC_CHECK_FUNC([dlopen],
 	      [lt_cv_dlopen="dlopen"],
 	  [AC_CHECK_LIB([dl], [dlopen],
@@ -960,7 +1057,7 @@
 	    [AC_CHECK_LIB([svld], [dlopen],
 		  [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"],
 	      [AC_CHECK_LIB([dld], [dld_link],
-		    [lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-dld"])
+		    [lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld"])
 	      ])
 	    ])
 	  ])
@@ -1026,7 +1123,8 @@
 # ---------------------------------
 # Check to see if options -c and -o are simultaneously supported by compiler
 AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O],
-[AC_REQUIRE([_LT_AC_SYS_COMPILER])dnl
+[AC_REQUIRE([LT_AC_PROG_SED])dnl
+AC_REQUIRE([_LT_AC_SYS_COMPILER])dnl
 AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext],
   [_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)],
   [_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)=no
@@ -1034,7 +1132,7 @@
    mkdir conftest
    cd conftest
    mkdir out
-   printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
 
    lt_compiler_flag="-o out/conftest2.$ac_objext"
    # Insert the option either (1) after the last *FLAGS variable, or
@@ -1174,6 +1272,7 @@
    darwin*)
        if test -n "$STRIP" ; then
          striplib="$STRIP -x"
+         old_striplib="$STRIP -S"
          AC_MSG_RESULT([yes])
        else
   AC_MSG_RESULT([no])
@@ -1191,7 +1290,8 @@
 # -----------------------------
 # PORTME Fill in your ld.so characteristics
 AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER],
-[AC_MSG_CHECKING([dynamic linker characteristics])
+[AC_REQUIRE([LT_AC_PROG_SED])dnl
+AC_MSG_CHECKING([dynamic linker characteristics])
 library_names_spec=
 libname_spec='lib$name'
 soname_spec=
@@ -1205,20 +1305,58 @@
 version_type=none
 dynamic_linker="$host_os ld.so"
 sys_lib_dlsearch_path_spec="/lib /usr/lib"
+m4_if($1,[],[
 if test "$GCC" = yes; then
-  sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
-  if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then
+  case $host_os in
+    darwin*) lt_awk_arg="/^libraries:/,/LR/" ;;
+    *) lt_awk_arg="/^libraries:/" ;;
+  esac
+  lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+  if echo "$lt_search_path_spec" | grep ';' >/dev/null ; then
     # if the path contains ";" then we assume it to be the separator
     # otherwise default to the standard path separator (i.e. ":") - it is
     # assumed that no part of a normal pathname contains ";" but that should
     # okay in the real world where ";" in dirpaths is itself problematic.
-    sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+    lt_search_path_spec=`echo "$lt_search_path_spec" | $SED -e 's/;/ /g'`
   else
-    sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED  -e "s/$PATH_SEPARATOR/ /g"`
+    lt_search_path_spec=`echo "$lt_search_path_spec" | $SED  -e "s/$PATH_SEPARATOR/ /g"`
   fi
+  # Ok, now we have the path, separated by spaces, we can step through it
+  # and add multilib dir if necessary.
+  lt_tmp_lt_search_path_spec=
+  lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null`
+  for lt_sys_path in $lt_search_path_spec; do
+    if test -d "$lt_sys_path/$lt_multi_os_dir"; then
+      lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir"
+    else
+      test -d "$lt_sys_path" && \
+	lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path"
+    fi
+  done
+  lt_search_path_spec=`echo $lt_tmp_lt_search_path_spec | awk '
+BEGIN {RS=" "; FS="/|\n";} {
+  lt_foo="";
+  lt_count=0;
+  for (lt_i = NF; lt_i > 0; lt_i--) {
+    if ($lt_i != "" && $lt_i != ".") {
+      if ($lt_i == "..") {
+        lt_count++;
+      } else {
+        if (lt_count == 0) {
+          lt_foo="/" $lt_i lt_foo;
+        } else {
+          lt_count--;
+        }
+      }
+    }
+  }
+  if (lt_foo != "") { lt_freq[[lt_foo]]++; }
+  if (lt_freq[[lt_foo]] == 1) { print lt_foo; }
+}'`
+  sys_lib_search_path_spec=`echo $lt_search_path_spec`
 else
   sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
-fi
+fi])
 need_lib_prefix=unknown
 hardcode_into_libs=no
 
@@ -1236,7 +1374,7 @@
   soname_spec='${libname}${release}${shared_ext}$major'
   ;;
 
-aix4* | aix5*)
+aix[[4-9]]*)
   version_type=linux
   need_lib_prefix=no
   need_version=no
@@ -1375,12 +1513,8 @@
   shlibpath_overrides_runpath=yes
   shlibpath_var=DYLD_LIBRARY_PATH
   shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
-  # Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same.
-  if test "$GCC" = yes; then
-    sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"`
-  else
-    sys_lib_search_path_spec='/lib /usr/lib /usr/local/lib'
-  fi
+  m4_if([$1], [],[
+  sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"]) 
   sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
   ;;
 
@@ -1434,7 +1568,7 @@
     shlibpath_overrides_runpath=no
     hardcode_into_libs=yes
     ;;
-  freebsd*) # from 4.6 on
+  *) # from 4.6 on, and DragonFly
     shlibpath_overrides_runpath=yes
     hardcode_into_libs=yes
     ;;
@@ -1497,7 +1631,7 @@
   postinstall_cmds='chmod 555 $lib'
   ;;
 
-interix3*)
+interix[[3-9]]*)
   version_type=linux
   need_lib_prefix=no
   need_version=no
@@ -1568,7 +1702,7 @@
 
   # Append ld.so.conf contents to the search path
   if test -f /etc/ld.so.conf; then
-    lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+    lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ 	]*hwcap[ 	]/d;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
     sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
   fi
 
@@ -1674,6 +1808,10 @@
   sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
   ;;
 
+rdos*)
+  dynamic_linker=no
+  ;;
+
 solaris*)
   version_type=linux
   need_lib_prefix=no
@@ -1769,6 +1907,13 @@
 AC_MSG_RESULT([$dynamic_linker])
 test "$dynamic_linker" = no && can_build_shared=no
 
+AC_CACHE_VAL([lt_cv_sys_lib_search_path_spec],
+[lt_cv_sys_lib_search_path_spec="$sys_lib_search_path_spec"])
+sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec"
+AC_CACHE_VAL([lt_cv_sys_lib_dlsearch_path_spec],
+[lt_cv_sys_lib_dlsearch_path_spec="$sys_lib_dlsearch_path_spec"])
+sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec"
+
 variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
 if test "$GCC" = yes; then
   variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
@@ -1779,7 +1924,8 @@
 # _LT_AC_TAGCONFIG
 # ----------------
 AC_DEFUN([_LT_AC_TAGCONFIG],
-[AC_ARG_WITH([tags],
+[AC_REQUIRE([LT_AC_PROG_SED])dnl
+AC_ARG_WITH([tags],
     [AC_HELP_STRING([--with-tags@<:@=TAGS@:>@],
         [include additional configurations @<:@automatic@:>@])],
     [tagnames="$withval"])
@@ -2040,7 +2186,7 @@
 
 # AC_PATH_TOOL_PREFIX
 # -------------------
-# find a file program which can recognise shared library
+# find a file program which can recognize shared library
 AC_DEFUN([AC_PATH_TOOL_PREFIX],
 [AC_REQUIRE([AC_PROG_EGREP])dnl
 AC_MSG_CHECKING([for $1])
@@ -2103,7 +2249,7 @@
 
 # AC_PATH_MAGIC
 # -------------
-# find a file program which can recognise a shared library
+# find a file program which can recognize a shared library
 AC_DEFUN([AC_PATH_MAGIC],
 [AC_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH)
 if test -z "$lt_cv_path_MAGIC_CMD"; then
@@ -2250,7 +2396,7 @@
 # how to check for library dependencies
 #  -- PORTME fill in with the dynamic library characteristics
 AC_DEFUN([AC_DEPLIBS_CHECK_METHOD],
-[AC_CACHE_CHECK([how to recognise dependent libraries],
+[AC_CACHE_CHECK([how to recognize dependent libraries],
 lt_cv_deplibs_check_method,
 [lt_cv_file_magic_cmd='$MAGIC_CMD'
 lt_cv_file_magic_test_file=
@@ -2267,7 +2413,7 @@
 # whether `pass_all' will *always* work, you probably want this one.
 
 case $host_os in
-aix4* | aix5*)
+aix[[4-9]]*)
   lt_cv_deplibs_check_method=pass_all
   ;;
 
@@ -2289,9 +2435,15 @@
 
 mingw* | pw32*)
   # Base MSYS/MinGW do not provide the 'file' command needed by
-  # func_win32_libid shell function, so use a weaker test based on 'objdump'.
-  lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?'
-  lt_cv_file_magic_cmd='$OBJDUMP -f'
+  # func_win32_libid shell function, so use a weaker test based on 'objdump',
+  # unless we find 'file', for example because we are cross-compiling.
+  if ( file / ) >/dev/null 2>&1; then
+    lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
+    lt_cv_file_magic_cmd='func_win32_libid'
+  else
+    lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?'
+    lt_cv_file_magic_cmd='$OBJDUMP -f'
+  fi
   ;;
 
 darwin* | rhapsody*)
@@ -2336,7 +2488,7 @@
   esac
   ;;
 
-interix3*)
+interix[[3-9]]*)
   # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here
   lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|\.a)$'
   ;;
@@ -2386,6 +2538,10 @@
   lt_cv_deplibs_check_method=pass_all
   ;;
 
+rdos*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
 solaris*)
   lt_cv_deplibs_check_method=pass_all
   ;;
@@ -2438,7 +2594,7 @@
   lt_cv_path_NM="$NM"
 else
   lt_nm_to_check="${ac_tool_prefix}nm"
-  if test -n "$ac_tool_prefix" && test "$build" = "$host"; then 
+  if test -n "$ac_tool_prefix" && test "$build" = "$host"; then
     lt_nm_to_check="$lt_nm_to_check nm"
   fi
   for lt_tmp_nm in $lt_nm_to_check; do
@@ -2654,10 +2810,10 @@
 _LT_AC_TAGVAR(objext, $1)=$objext
 
 # Code to be used in simple compile tests
-lt_simple_compile_test_code="int some_variable = 0;\n"
+lt_simple_compile_test_code="int some_variable = 0;"
 
 # Code to be used in simple link tests
-lt_simple_link_test_code='int main(){return(0);}\n'
+lt_simple_link_test_code='int main(){return(0);}'
 
 _LT_AC_SYS_COMPILER
 
@@ -2693,7 +2849,7 @@
   fi
   ;;
 
-aix4* | aix5*)
+aix[[4-9]]*)
   if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
     test "$enable_shared" = yes && enable_static=no
   fi
@@ -2750,6 +2906,7 @@
 _LT_AC_TAGVAR(predeps, $1)=
 _LT_AC_TAGVAR(postdeps, $1)=
 _LT_AC_TAGVAR(compiler_lib_search_path, $1)=
+_LT_AC_TAGVAR(compiler_lib_search_dirs, $1)=
 
 # Source file extension for C++ test sources.
 ac_ext=cpp
@@ -2759,10 +2916,10 @@
 _LT_AC_TAGVAR(objext, $1)=$objext
 
 # Code to be used in simple compile tests
-lt_simple_compile_test_code="int some_variable = 0;\n"
+lt_simple_compile_test_code="int some_variable = 0;"
 
 # Code to be used in simple link tests
-lt_simple_link_test_code='int main(int, char *[[]]) { return(0); }\n'
+lt_simple_link_test_code='int main(int, char *[[]]) { return(0); }'
 
 # ltmain only uses $CC for tagged configurations so make sure $CC is set.
 _LT_AC_SYS_COMPILER
@@ -2859,7 +3016,7 @@
     # FIXME: insert proper C++ library support
     _LT_AC_TAGVAR(ld_shlibs, $1)=no
     ;;
-  aix4* | aix5*)
+  aix[[4-9]]*)
     if test "$host_cpu" = ia64; then
       # On IA64, the linker does run time linking by default, so we don't
       # have to do anything special.
@@ -2872,7 +3029,7 @@
       # Test if we are trying to use run time linking or normal
       # AIX style linking. If -brtl is somewhere in LDFLAGS, we
       # need to do runtime linking.
-      case $host_os in aix4.[[23]]|aix4.[[23]].*|aix5*)
+      case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*)
 	for ld_flag in $LDFLAGS; do
 	  case $ld_flag in
 	  *-brtl*)
@@ -2908,7 +3065,7 @@
 	   strings "$collect2name" | grep resolve_lib_name >/dev/null
 	then
 	  # We have reworked collect2
-	  _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+	  :
 	else
 	  # We have old collect2
 	  _LT_AC_TAGVAR(hardcode_direct, $1)=unsupported
@@ -3018,59 +3175,31 @@
     fi
   ;;
       darwin* | rhapsody*)
-        case $host_os in
-        rhapsody* | darwin1.[[012]])
-         _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-undefined ${wl}suppress'
-         ;;
-       *) # Darwin 1.3 on
-         if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then
-           _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
-         else
-           case ${MACOSX_DEPLOYMENT_TARGET} in
-             10.[[012]])
-               _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
-               ;;
-             10.*)
-               _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-undefined ${wl}dynamic_lookup'
-               ;;
-           esac
-         fi
-         ;;
-        esac
       _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
       _LT_AC_TAGVAR(hardcode_direct, $1)=no
       _LT_AC_TAGVAR(hardcode_automatic, $1)=yes
       _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
       _LT_AC_TAGVAR(whole_archive_flag_spec, $1)=''
       _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
-
-    if test "$GXX" = yes ; then
-      lt_int_apple_cc_single_mod=no
+      _LT_AC_TAGVAR(allow_undefined_flag, $1)="$_lt_dar_allow_undefined"
+      if test "$GXX" = yes ; then
       output_verbose_link_cmd='echo'
-      if $CC -dumpspecs 2>&1 | $EGREP 'single_module' >/dev/null ; then
-       lt_int_apple_cc_single_mod=yes
+      _LT_AC_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}"
+      _LT_AC_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}"
+      _LT_AC_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}"
+      _LT_AC_TAGVAR(module_expsym_cmds, $1)="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}"
+      if test "$lt_cv_apple_cc_single_mod" != "yes"; then
+        _LT_AC_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dsymutil}"
+        _LT_AC_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dar_export_syms}${_lt_dsymutil}"
       fi
-      if test "X$lt_int_apple_cc_single_mod" = Xyes ; then
-       _LT_AC_TAGVAR(archive_cmds, $1)='$CC -dynamiclib -single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
       else
-          _LT_AC_TAGVAR(archive_cmds, $1)='$CC -r -keep_private_externs -nostdlib -o ${lib}-master.o $libobjs~$CC -dynamiclib $allow_undefined_flag -o $lib ${lib}-master.o $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
-        fi
-        _LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
-        # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
-          if test "X$lt_int_apple_cc_single_mod" = Xyes ; then
-            _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib -single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
-          else
-            _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -r -keep_private_externs -nostdlib -o ${lib}-master.o $libobjs~$CC -dynamiclib $allow_undefined_flag -o $lib ${lib}-master.o $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
-          fi
-            _LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag  -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
-      else
       case $cc_basename in
         xlc*)
          output_verbose_link_cmd='echo'
-          _LT_AC_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring'
+          _LT_AC_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $xlcverstring'
           _LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
           # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
-          _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+          _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $xlcverstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
           _LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag  -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
           ;;
        *)
@@ -3153,9 +3282,7 @@
       _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
 
       case $host_cpu in
-      hppa*64*|ia64*)
-	_LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='+b $libdir'
-        ;;
+      hppa*64*|ia64*) ;;
       *)
 	_LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
         ;;
@@ -3223,7 +3350,7 @@
 	;;
     esac
     ;;
-  interix3*)
+  interix[[3-9]]*)
     _LT_AC_TAGVAR(hardcode_direct, $1)=no
     _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
     _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
@@ -3315,7 +3442,7 @@
 	_LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
 	_LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive'
 	;;
-      pgCC*)
+      pgCC* | pgcpp*)
         # Portland Group C++ compiler
 	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
   	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
@@ -3343,6 +3470,29 @@
 	# dependencies.
 	output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
 	;;
+      *)
+	case `$CC -V 2>&1 | sed 5q` in
+	*Sun\ C*)
+	  # Sun C++ 5.9
+	  _LT_AC_TAGVAR(no_undefined_flag, $1)=' -zdefs'
+	  _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	  _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file ${wl}$export_symbols'
+	  _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+	  _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
+
+	  # Not sure whether something based on
+	  # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1
+	  # would be better.
+	  output_verbose_link_cmd='echo'
+
+	  # Archives containing C++ object files must be created using
+	  # "CC -xar", where "CC" is the Sun C++ compiler.  This is
+	  # necessary to make sure instantiated templates are included
+	  # in the archive.
+	  _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs'
+	  ;;
+	esac
+	;;
     esac
     ;;
   lynxos*)
@@ -3381,16 +3531,20 @@
     _LT_AC_TAGVAR(ld_shlibs, $1)=no
     ;;
   openbsd*)
-    _LT_AC_TAGVAR(hardcode_direct, $1)=yes
-    _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
-    _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
-    _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
-    if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
-      _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib'
-      _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
-      _LT_AC_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+    if test -f /usr/libexec/ld.so; then
+      _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+      _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
+      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+      if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib'
+	_LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+	_LT_AC_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+      fi
+      output_verbose_link_cmd='echo'
+    else
+      _LT_AC_TAGVAR(ld_shlibs, $1)=no
     fi
-    output_verbose_link_cmd='echo'
     ;;
   osf3*)
     case $cc_basename in
@@ -3552,15 +3706,10 @@
 	case $host_os in
 	  solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
 	  *)
-	    # The C++ compiler is used as linker so we must use $wl
-	    # flag to pass the commands to the underlying system
-	    # linker. We must also pass each convience library through
-	    # to the system linker between allextract/defaultextract.
-	    # The C++ compiler will combine linker options so we
-	    # cannot just pass the convience library names through
-	    # without $wl.
+	    # The compiler driver will combine and reorder linker options,
+	    # but understands `-z linker_flag'.
 	    # Supported since Solaris 2.6 (maybe 2.5.1?)
-	    _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract'
+	    _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract'
 	    ;;
 	esac
 	_LT_AC_TAGVAR(link_all_deplibs, $1)=yes
@@ -3607,6 +3756,12 @@
 	  fi
 
 	  _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $wl$libdir'
+	  case $host_os in
+	  solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
+	  *)
+	    _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract'
+	    ;;
+	  esac
 	fi
 	;;
     esac
@@ -3722,7 +3877,8 @@
 # compiler output when linking a shared library.
 # Parse the compiler output and extract the necessary
 # objects, libraries and library flags.
-AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP],[
+AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP],
+[AC_REQUIRE([LT_AC_PROG_SED])dnl
 dnl we can't use the lt_simple_compile_test_code here,
 dnl because it contains code intended for an executable,
 dnl not a library.  It's possible we should let each
@@ -3847,10 +4003,15 @@
 
 $rm -f confest.$objext
 
+_LT_AC_TAGVAR(compiler_lib_search_dirs, $1)=
+if test -n "$_LT_AC_TAGVAR(compiler_lib_search_path, $1)"; then
+  _LT_AC_TAGVAR(compiler_lib_search_dirs, $1)=`echo " ${_LT_AC_TAGVAR(compiler_lib_search_path, $1)}" | ${SED} -e 's! -L! !g' -e 's!^ !!'`
+fi
+
 # PORTME: override above test on systems where it is broken
 ifelse([$1],[CXX],
 [case $host_os in
-interix3*)
+interix[[3-9]]*)
   # Interix 3.5 installs completely hosed .la files for C++, so rather than
   # hack all around it, let's just trust "g++" to DTRT.
   _LT_AC_TAGVAR(predep_objects,$1)=
@@ -3858,19 +4019,51 @@
   _LT_AC_TAGVAR(postdeps,$1)=
   ;;
 
+linux*)
+  case `$CC -V 2>&1 | sed 5q` in
+  *Sun\ C*)
+    # Sun C++ 5.9
+    #
+    # The more standards-conforming stlport4 library is
+    # incompatible with the Cstd library. Avoid specifying
+    # it if it's in CXXFLAGS. Ignore libCrun as
+    # -library=stlport4 depends on it.
+    case " $CXX $CXXFLAGS " in
+    *" -library=stlport4 "*)
+      solaris_use_stlport4=yes
+      ;;
+    esac
+    if test "$solaris_use_stlport4" != yes; then
+      _LT_AC_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun'
+    fi
+    ;;
+  esac
+  ;;
+
 solaris*)
   case $cc_basename in
   CC*)
+    # The more standards-conforming stlport4 library is
+    # incompatible with the Cstd library. Avoid specifying
+    # it if it's in CXXFLAGS. Ignore libCrun as
+    # -library=stlport4 depends on it.
+    case " $CXX $CXXFLAGS " in
+    *" -library=stlport4 "*)
+      solaris_use_stlport4=yes
+      ;;
+    esac
+
     # Adding this requires a known-good setup of shared libraries for
     # Sun compiler versions before 5.6, else PIC objects from an old
     # archive will be linked into the output, leading to subtle bugs.
-    _LT_AC_TAGVAR(postdeps,$1)='-lCstd -lCrun'
+    if test "$solaris_use_stlport4" != yes; then
+      _LT_AC_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun'
+    fi
     ;;
   esac
   ;;
 esac
 ])
-
 case " $_LT_AC_TAGVAR(postdeps, $1) " in
 *" -lc "*) _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no ;;
 esac
@@ -3913,10 +4106,17 @@
 _LT_AC_TAGVAR(objext, $1)=$objext
 
 # Code to be used in simple compile tests
-lt_simple_compile_test_code="      subroutine t\n      return\n      end\n"
+lt_simple_compile_test_code="\
+      subroutine t
+      return
+      end
+"
 
 # Code to be used in simple link tests
-lt_simple_link_test_code="      program t\n      end\n"
+lt_simple_link_test_code="\
+      program t
+      end
+"
 
 # ltmain only uses $CC for tagged configurations so make sure $CC is set.
 _LT_AC_SYS_COMPILER
@@ -3948,7 +4148,7 @@
     postinstall_cmds='$RANLIB $lib'
   fi
   ;;
-aix4* | aix5*)
+aix[[4-9]]*)
   if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
     test "$enable_shared" = yes && enable_static=no
   fi
@@ -3995,10 +4195,10 @@
 _LT_AC_TAGVAR(objext, $1)=$objext
 
 # Code to be used in simple compile tests
-lt_simple_compile_test_code="class foo {}\n"
+lt_simple_compile_test_code="class foo {}"
 
 # Code to be used in simple link tests
-lt_simple_link_test_code='public class conftest { public static void main(String[[]] argv) {}; }\n'
+lt_simple_link_test_code='public class conftest { public static void main(String[[]] argv) {}; }'
 
 # ltmain only uses $CC for tagged configurations so make sure $CC is set.
 _LT_AC_SYS_COMPILER
@@ -4051,7 +4251,7 @@
 _LT_AC_TAGVAR(objext, $1)=$objext
 
 # Code to be used in simple compile tests
-lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }\n'
+lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }'
 
 # Code to be used in simple link tests
 lt_simple_link_test_code="$lt_simple_compile_test_code"
@@ -4125,6 +4325,7 @@
     _LT_AC_TAGVAR(predeps, $1) \
     _LT_AC_TAGVAR(postdeps, $1) \
     _LT_AC_TAGVAR(compiler_lib_search_path, $1) \
+    _LT_AC_TAGVAR(compiler_lib_search_dirs, $1) \
     _LT_AC_TAGVAR(archive_cmds, $1) \
     _LT_AC_TAGVAR(archive_expsym_cmds, $1) \
     _LT_AC_TAGVAR(postinstall_cmds, $1) \
@@ -4140,6 +4341,7 @@
     _LT_AC_TAGVAR(module_cmds, $1) \
     _LT_AC_TAGVAR(module_expsym_cmds, $1) \
     _LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1) \
+    _LT_AC_TAGVAR(fix_srcfile_path, $1) \
     _LT_AC_TAGVAR(exclude_expsyms, $1) \
     _LT_AC_TAGVAR(include_expsyms, $1); do
 
@@ -4186,7 +4388,7 @@
 # Generated automatically by $PROGRAM (GNU $PACKAGE $VERSION$TIMESTAMP)
 # NOTE: Changes made to this file will be lost: look at ltmain.sh.
 #
-# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008
 # Free Software Foundation, Inc.
 #
 # This file is part of GNU Libtool:
@@ -4423,6 +4625,10 @@
 # shared library.
 postdeps=$lt_[]_LT_AC_TAGVAR(postdeps, $1)
 
+# The directories searched by this compiler when creating a shared
+# library
+compiler_lib_search_dirs=$lt_[]_LT_AC_TAGVAR(compiler_lib_search_dirs, $1)
+
 # The library search path used internally by the compiler when linking
 # a shared library.
 compiler_lib_search_path=$lt_[]_LT_AC_TAGVAR(compiler_lib_search_path, $1)
@@ -4511,7 +4717,7 @@
 sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
 
 # Fix the shell variable \$srcfile for the compiler.
-fix_srcfile_path="$_LT_AC_TAGVAR(fix_srcfile_path, $1)"
+fix_srcfile_path=$lt_fix_srcfile_path
 
 # Set to yes if exported symbols are required.
 always_export_symbols=$_LT_AC_TAGVAR(always_export_symbols, $1)
@@ -4594,6 +4800,7 @@
 # ---------------------------------
 AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE],
 [AC_REQUIRE([AC_CANONICAL_HOST])
+AC_REQUIRE([LT_AC_PROG_SED])
 AC_REQUIRE([AC_PROG_NM])
 AC_REQUIRE([AC_OBJEXT])
 # Check for command to grab the raw symbol name followed by C symbol from nm.
@@ -4771,7 +4978,7 @@
     echo "$progname: failed program was:" >&AS_MESSAGE_LOG_FD
     cat conftest.$ac_ext >&5
   fi
-  rm -f conftest* conftst*
+  rm -rf conftest* conftst*
 
   # Do not use the global_symbol_pipe unless it works.
   if test "$pipe_works" = yes; then
@@ -4820,13 +5027,16 @@
       # like `-m68040'.
       _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
       ;;
-    beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+    beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
       # PIC is the default for these OSes.
       ;;
-    mingw* | os2* | pw32*)
+    mingw* | cygwin* | os2* | pw32*)
       # This hack is so that the source file can tell whether it is being
       # built for inclusion in a dll (and should export symbols for example).
-      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'
+      # Although the cygwin gcc ignores -fPIC, still need this for old-style
+      # (--disable-auto-import) libraries
+      m4_if([$1], [GCJ], [],
+	[_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
       ;;
     darwin* | rhapsody*)
       # PIC is the default on this platform
@@ -4837,7 +5047,7 @@
       # DJGPP does not support shared libraries at all
       _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=
       ;;
-    interix3*)
+    interix[[3-9]]*)
       # Interix 3.x gcc -fpic/-fPIC options generate broken code.
       # Instead, we relocate shared libraries at runtime.
       ;;
@@ -4863,7 +5073,7 @@
     esac
   else
     case $host_os in
-      aix4* | aix5*)
+      aix[[4-9]]*)
 	# All AIX code is PIC.
 	if test "$host_cpu" = ia64; then
 	  # AIX 5 now supports IA64 processor
@@ -4959,7 +5169,7 @@
 	    _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
 	    _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-static'
 	    ;;
-	  pgCC*)
+	  pgCC* | pgcpp*)
 	    # Portland Group C++ compiler.
 	    _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
 	    _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
@@ -4973,6 +5183,14 @@
 	    _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
 	    ;;
 	  *)
+	    case `$CC -V 2>&1 | sed 5q` in
+	    *Sun\ C*)
+	      # Sun C++ 5.9
+	      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+	      _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+	      _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
+	      ;;
+	    esac
 	    ;;
 	esac
 	;;
@@ -5093,14 +5311,17 @@
       _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
       ;;
 
-    beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+    beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
       # PIC is the default for these OSes.
       ;;
 
-    mingw* | pw32* | os2*)
+    mingw* | cygwin* | pw32* | os2*)
       # This hack is so that the source file can tell whether it is being
       # built for inclusion in a dll (and should export symbols for example).
-      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'
+      # Although the cygwin gcc ignores -fPIC, still need this for old-style
+      # (--disable-auto-import) libraries
+      m4_if([$1], [GCJ], [],
+	[_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
       ;;
 
     darwin* | rhapsody*)
@@ -5109,7 +5330,7 @@
       _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
       ;;
 
-    interix3*)
+    interix[[3-9]]*)
       # Interix 3.x gcc -fpic/-fPIC options generate broken code.
       # Instead, we relocate shared libraries at runtime.
       ;;
@@ -5167,10 +5388,11 @@
        esac
        ;;
 
-    mingw* | pw32* | os2*)
+    mingw* | cygwin* | pw32* | os2*)
       # This hack is so that the source file can tell whether it is being
       # built for inclusion in a dll (and should export symbols for example).
-      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'
+      m4_if([$1], [GCJ], [],
+	[_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
       ;;
 
     hpux9* | hpux10* | hpux11*)
@@ -5219,6 +5441,22 @@
         # All Alpha code is PIC.
         _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
         ;;
+      *)
+        case `$CC -V 2>&1 | sed 5q` in
+	*Sun\ C*)
+	  # Sun C 5.9
+	  _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+	  _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+	  _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	  ;;
+	*Sun\ F*)
+	  # Sun Fortran 8.3 passes all unrecognized flags to the linker
+	  _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+	  _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+	  _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)=''
+	  ;;
+	esac
+	;;
       esac
       ;;
 
@@ -5228,6 +5466,10 @@
       _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
       ;;
 
+    rdos*)
+      _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+      ;;
+
     solaris*)
       _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
       _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
@@ -5287,7 +5529,7 @@
 #
 if test -n "$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)"; then
   AC_LIBTOOL_COMPILER_OPTION([if $compiler PIC flag $_LT_AC_TAGVAR(lt_prog_compiler_pic, $1) works],
-    _LT_AC_TAGVAR(lt_prog_compiler_pic_works, $1),
+    _LT_AC_TAGVAR(lt_cv_prog_compiler_pic_works, $1),
     [$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)ifelse([$1],[],[ -DPIC],[ifelse([$1],[CXX],[ -DPIC],[])])], [],
     [case $_LT_AC_TAGVAR(lt_prog_compiler_pic, $1) in
      "" | " "*) ;;
@@ -5311,7 +5553,7 @@
 #
 wl=$_LT_AC_TAGVAR(lt_prog_compiler_wl, $1) eval lt_tmp_static_flag=\"$_LT_AC_TAGVAR(lt_prog_compiler_static, $1)\"
 AC_LIBTOOL_LINKER_OPTION([if $compiler static flag $lt_tmp_static_flag works],
-  _LT_AC_TAGVAR(lt_prog_compiler_static_works, $1),
+  _LT_AC_TAGVAR(lt_cv_prog_compiler_static_works, $1),
   $lt_tmp_static_flag,
   [],
   [_LT_AC_TAGVAR(lt_prog_compiler_static, $1)=])
@@ -5322,11 +5564,12 @@
 # ------------------------------------
 # See if the linker supports building shared libraries.
 AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS],
-[AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
+[AC_REQUIRE([LT_AC_PROG_SED])dnl
+AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
 ifelse([$1],[CXX],[
   _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
   case $host_os in
-  aix4* | aix5*)
+  aix[[4-9]]*)
     # If we're using GNU nm, then we don't want the "-C" option.
     # -C means demangle to AIX nm, but means don't demangle with GNU nm
     if $NM -V 2>&1 | grep 'GNU' > /dev/null; then
@@ -5339,7 +5582,7 @@
     _LT_AC_TAGVAR(export_symbols_cmds, $1)="$ltdll_cmds"
   ;;
   cygwin* | mingw*)
-    _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]] /s/.* \([[^ ]]*\)/\1 DATA/;/^.* __nm__/s/^.* __nm__\([[^ ]]*\) [[^ ]]*/\1 DATA/;/^I /d;/^[[AITW]] /s/.* //'\'' | sort | uniq > $export_symbols'
+    _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;/^.*[[ ]]__nm__/s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols'
   ;;
   linux* | k*bsd*-gnu)
     _LT_AC_TAGVAR(link_all_deplibs, $1)=no
@@ -5348,6 +5591,7 @@
     _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
   ;;
   esac
+  _LT_AC_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*']
 ],[
   runpath_var=
   _LT_AC_TAGVAR(allow_undefined_flag, $1)=
@@ -5378,12 +5622,14 @@
   # it will be wrapped by ` (' and `)$', so one must not match beginning or
   # end of line.  Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc',
   # as well as any symbol that contains `d'.
-  _LT_AC_TAGVAR(exclude_expsyms, $1)="_GLOBAL_OFFSET_TABLE_"
+  _LT_AC_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*']
   # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
   # platforms (ab)use it in PIC code, but their linkers get confused if
   # the symbol is explicitly referenced.  Since portable code cannot
   # rely on this symbol name, it's probably fine to never include it in
   # preloaded symbol tables.
+  # Exclude shared library initialization/finalization symbols.
+dnl Note also adjust exclude_expsyms for C++ above.
   extract_expsyms_cmds=
   # Just being paranoid about ensuring that cc_basename is set.
   _LT_CC_BASENAME([$compiler])
@@ -5433,7 +5679,7 @@
 
     # See if GNU ld supports shared libraries.
     case $host_os in
-    aix3* | aix4* | aix5*)
+    aix[[3-9]]*)
       # On AIX/PPC, the GNU linker is very broken
       if test "$host_cpu" != ia64; then
 	_LT_AC_TAGVAR(ld_shlibs, $1)=no
@@ -5481,7 +5727,7 @@
       _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported
       _LT_AC_TAGVAR(always_export_symbols, $1)=no
       _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-      _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]] /s/.* \([[^ ]]*\)/\1 DATA/'\'' | $SED -e '\''/^[[AITW]] /s/.* //'\'' | sort | uniq > $export_symbols'
+      _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/'\'' -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols'
 
       if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
         _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
@@ -5499,7 +5745,7 @@
       fi
       ;;
 
-    interix3*)
+    interix[[3-9]]*)
       _LT_AC_TAGVAR(hardcode_direct, $1)=no
       _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
       _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
@@ -5514,7 +5760,7 @@
       _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
       ;;
 
-    linux* | k*bsd*-gnu)
+    gnu* | linux* | k*bsd*-gnu)
       if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
 	tmp_addflag=
 	case $cc_basename,$host_cpu in
@@ -5532,13 +5778,22 @@
 	ifc* | ifort*)			# Intel Fortran compiler
 	  tmp_addflag=' -nofor_main' ;;
 	esac
-	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+	case `$CC -V 2>&1 | sed 5q` in
+	*Sun\ C*)			# Sun C 5.9
+	  _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
+	  tmp_sharedflag='-G' ;;
+	*Sun\ F*)			# Sun Fortran 8.3
+	  tmp_sharedflag='-G' ;;
+	*)
+	  tmp_sharedflag='-shared' ;;
+	esac
+	_LT_AC_TAGVAR(archive_cmds, $1)='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
 
 	if test $supports_anon_versioning = yes; then
 	  _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $output_objdir/$libname.ver~
   cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
   $echo "local: *; };" >> $output_objdir/$libname.ver~
-	  $CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
+	  $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
 	fi
 	_LT_AC_TAGVAR(link_all_deplibs, $1)=no
       else
@@ -5579,7 +5834,7 @@
 
     sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
       case `$LD -v 2>&1` in
-        *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*) 
+        *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*)
 	_LT_AC_TAGVAR(ld_shlibs, $1)=no
 	cat <<_LT_EOF 1>&2
 
@@ -5644,7 +5899,7 @@
       fi
       ;;
 
-    aix4* | aix5*)
+    aix[[4-9]]*)
       if test "$host_cpu" = ia64; then
 	# On IA64, the linker does run time linking by default, so we don't
 	# have to do anything special.
@@ -5664,7 +5919,7 @@
 	# Test if we are trying to use run time linking or normal
 	# AIX style linking. If -brtl is somewhere in LDFLAGS, we
 	# need to do runtime linking.
-	case $host_os in aix4.[[23]]|aix4.[[23]].*|aix5*)
+	case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*)
 	  for ld_flag in $LDFLAGS; do
   	  if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
   	    aix_use_runtimelinking=yes
@@ -5698,7 +5953,7 @@
   	   strings "$collect2name" | grep resolve_lib_name >/dev/null
 	  then
   	  # We have reworked collect2
-  	  _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+  	  :
 	  else
   	  # We have old collect2
   	  _LT_AC_TAGVAR(hardcode_direct, $1)=unsupported
@@ -5791,7 +6046,7 @@
       # The linker will automatically build a .lib file if we build a DLL.
       _LT_AC_TAGVAR(old_archive_From_new_cmds, $1)='true'
       # FIXME: Should let the user specify the lib program.
-      _LT_AC_TAGVAR(old_archive_cmds, $1)='lib /OUT:$oldlib$oldobjs$old_deplibs'
+      _LT_AC_TAGVAR(old_archive_cmds, $1)='lib -OUT:$oldlib$oldobjs$old_deplibs'
       _LT_AC_TAGVAR(fix_srcfile_path, $1)='`cygpath -w "$srcfile"`'
       _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
       ;;
@@ -5824,19 +6079,18 @@
       _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
     if test "$GCC" = yes ; then
     	output_verbose_link_cmd='echo'
-        _LT_AC_TAGVAR(archive_cmds, $1)='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
-      _LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
-      # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
-      _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
-      _LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag  -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+        _LT_AC_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}"
+        _LT_AC_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}"
+        _LT_AC_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}"
+        _LT_AC_TAGVAR(module_expsym_cmds, $1)="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}"
     else
       case $cc_basename in
         xlc*)
          output_verbose_link_cmd='echo'
-         _LT_AC_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring'
+         _LT_AC_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $xlcverstring'
          _LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
           # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
-         _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+         _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $xlcverstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
           _LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag  -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
           ;;
        *)
@@ -5998,24 +6252,28 @@
       ;;
 
     openbsd*)
-      _LT_AC_TAGVAR(hardcode_direct, $1)=yes
-      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
-      if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
-	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols'
-	_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
-	_LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+      if test -f /usr/libexec/ld.so; then
+	_LT_AC_TAGVAR(hardcode_direct, $1)=yes
+	_LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+	if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+	  _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+	  _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols'
+	  _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+	  _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+	else
+	  case $host_os in
+	   openbsd[[01]].* | openbsd2.[[0-7]] | openbsd2.[[0-7]].*)
+	     _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+	     _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+	     ;;
+	   *)
+	     _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+	     _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+	     ;;
+	  esac
+        fi
       else
-       case $host_os in
-	 openbsd[[01]].* | openbsd2.[[0-7]] | openbsd2.[[0-7]].*)
-	   _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-	   _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-	   ;;
-	 *)
-	   _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-	   _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
-	   ;;
-       esac
+	_LT_AC_TAGVAR(ld_shlibs, $1)=no
       fi
       ;;
 
@@ -6074,17 +6332,16 @@
       case $host_os in
       solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
       *)
- 	# The compiler driver will combine linker options so we
- 	# cannot just pass the convience library names through
- 	# without $wl, iff we do not link with $LD.
- 	# Luckily, gcc supports the same syntax we need for Sun Studio.
+	# The compiler driver will combine and reorder linker options,
+	# but understands `-z linker_flag'.  GCC discards it without `$wl',
+	# but is careful enough not to reorder.
  	# Supported since Solaris 2.6 (maybe 2.5.1?)
- 	case $wlarc in
- 	'')
- 	  _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' ;;
- 	*)
- 	  _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract' ;;
- 	esac ;;
+	if test "$GCC" = yes; then
+	  _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract'
+	else
+	  _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract'
+	fi
+	;;
       esac
       _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
       ;;
@@ -6141,7 +6398,7 @@
       fi
       ;;
 
-    sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7*)
+    sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*)
       _LT_AC_TAGVAR(no_undefined_flag, $1)='${wl}-z,text'
       _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
       _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
@@ -6216,7 +6473,7 @@
       # to ld, don't add -lc before -lgcc.
       AC_MSG_CHECKING([whether -lc should be explicitly linked in])
       $rm conftest*
-      printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+      echo "$lt_simple_compile_test_code" > conftest.$ac_ext
 
       if AC_TRY_EVAL(ac_compile) 2>conftest.err; then
         soname=conftest
@@ -6319,6 +6576,30 @@
 [AC_CHECK_TOOL(RC, windres, no)
 ])
 
+
+# Cheap backport of AS_EXECUTABLE_P and required macros
+# from Autoconf 2.59; we should not use $as_executable_p directly.
+
+# _AS_TEST_PREPARE
+# ----------------
+m4_ifndef([_AS_TEST_PREPARE],
+[m4_defun([_AS_TEST_PREPARE],
+[if test -x / >/dev/null 2>&1; then
+  as_executable_p='test -x'
+else
+  as_executable_p='test -f'
+fi
+])])# _AS_TEST_PREPARE
+
+# AS_EXECUTABLE_P
+# ---------------
+# Check whether a file is executable.
+m4_ifndef([AS_EXECUTABLE_P],
+[m4_defun([AS_EXECUTABLE_P],
+[AS_REQUIRE([_AS_TEST_PREPARE])dnl
+$as_executable_p $1[]dnl
+])])# AS_EXECUTABLE_P
+
 # NOTE: This macro has been submitted for inclusion into   #
 #  GNU Autoconf as AC_PROG_SED.  When it is available in   #
 #  a released version of Autoconf we should remove this    #
@@ -6339,12 +6620,13 @@
   test -z "$as_dir" && as_dir=.
   for lt_ac_prog in sed gsed; do
     for ac_exec_ext in '' $ac_executable_extensions; do
-      if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then
+      if AS_EXECUTABLE_P(["$as_dir/$lt_ac_prog$ac_exec_ext"]); then
         lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext"
       fi
     done
   done
 done
+IFS=$as_save_IFS
 lt_ac_max=0
 lt_ac_count=0
 # Add /usr/xpg4/bin/sed as it is typically found on Solaris
@@ -6377,6 +6659,7 @@
 done
 ])
 SED=$lt_cv_path_SED
+AC_SUBST([SED])
 AC_MSG_RESULT([$SED])
 ])
 
@@ -6528,7 +6811,7 @@
 
 _PKG_TEXT
 
-To get pkg-config, see <http://www.freedesktop.org/software/pkgconfig>.])],
+To get pkg-config, see <http://pkg-config.freedesktop.org/>.])],
 		[$4])
 else
 	$1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS

Modified: trunk/openvas-libnasl/config.guess
===================================================================
--- trunk/openvas-libnasl/config.guess	2008-10-12 03:42:14 UTC (rev 1509)
+++ trunk/openvas-libnasl/config.guess	2008-10-12 10:26:34 UTC (rev 1510)
@@ -1,9 +1,10 @@
 #! /bin/sh
 # Attempt to guess a canonical system name.
 #   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-#   2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
+#   2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008
+#   Free Software Foundation, Inc.
 
-timestamp='2005-06-30'
+timestamp='2008-01-23'
 
 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
@@ -55,8 +56,8 @@
 GNU config.guess ($timestamp)
 
 Originally written by Per Bothner.
-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
-Free Software Foundation, Inc.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
+2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
 
 This is free software; see the source for copying conditions.  There is NO
 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@@ -106,7 +107,7 @@
 trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
 trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
 : ${TMPDIR=/tmp} ;
- { tmp=`(umask 077 && mktemp -d -q "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
  { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
  { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
  { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
@@ -125,7 +126,7 @@
 	;;
  ,,*)   CC_FOR_BUILD=$CC ;;
  ,*,*)  CC_FOR_BUILD=$HOST_CC ;;
-esac ;'
+esac ; set_cc_for_build= ;'
 
 # This is needed to find uname on a Pyramid OSx when run in the BSD universe.
 # (ghazi at noc.rutgers.edu 1994-08-24)
@@ -160,6 +161,7 @@
 	    arm*) machine=arm-unknown ;;
 	    sh3el) machine=shl-unknown ;;
 	    sh3eb) machine=sh-unknown ;;
+	    sh5el) machine=sh5le-unknown ;;
 	    *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
 	esac
 	# The Operating System including object format, if it has switched
@@ -206,8 +208,11 @@
     *:ekkoBSD:*:*)
 	echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
 	exit ;;
+    *:SolidBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE}
+	exit ;;
     macppc:MirBSD:*:*)
-	echo powerppc-unknown-mirbsd${UNAME_RELEASE}
+	echo powerpc-unknown-mirbsd${UNAME_RELEASE}
 	exit ;;
     *:MirBSD:*:*)
 	echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
@@ -325,7 +330,7 @@
     sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
 	echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
 	exit ;;
-    i86pc:SunOS:5.*:*)
+    i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
 	echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
 	exit ;;
     sun4*:SunOS:6*:*)
@@ -527,7 +532,7 @@
 		echo rs6000-ibm-aix3.2
 	fi
 	exit ;;
-    *:AIX:*:[45])
+    *:AIX:*:[456])
 	IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
 	if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
 		IBM_ARCH=rs6000
@@ -623,8 +628,7 @@
 	esac
 	if [ ${HP_ARCH} = "hppa2.0w" ]
 	then
-	    # avoid double evaluation of $set_cc_for_build
-	    test -n "$CC_FOR_BUILD" || eval $set_cc_for_build
+	    eval $set_cc_for_build
 
 	    # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
 	    # 32-bit code.  hppa64-hp-hpux* has the same kernel and a compiler
@@ -765,12 +769,19 @@
 	echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
 	exit ;;
     *:FreeBSD:*:*)
-	echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+	case ${UNAME_MACHINE} in
+	    pc98)
+		echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	    amd64)
+		echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	    *)
+		echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	esac
 	exit ;;
     i*:CYGWIN*:*)
 	echo ${UNAME_MACHINE}-pc-cygwin
 	exit ;;
-    i*:MINGW*:*)
+    *:MINGW*:*)
 	echo ${UNAME_MACHINE}-pc-mingw32
 	exit ;;
     i*:windows32*:*)
@@ -780,9 +791,18 @@
     i*:PW*:*)
 	echo ${UNAME_MACHINE}-pc-pw32
 	exit ;;
-    x86:Interix*:[34]*)
-	echo i586-pc-interix${UNAME_RELEASE}|sed -e 's/\..*//'
-	exit ;;
+    *:Interix*:[3456]*)
+    	case ${UNAME_MACHINE} in
+	    x86)
+		echo i586-pc-interix${UNAME_RELEASE}
+		exit ;;
+	    EM64T | authenticamd)
+		echo x86_64-unknown-interix${UNAME_RELEASE}
+		exit ;;
+	    IA64)
+		echo ia64-unknown-interix${UNAME_RELEASE}
+		exit ;;
+	esac ;;
     [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
 	echo i${UNAME_MACHINE}-pc-mks
 	exit ;;
@@ -795,7 +815,7 @@
     i*:UWIN*:*)
 	echo ${UNAME_MACHINE}-pc-uwin
 	exit ;;
-    amd64:CYGWIN*:*:*)
+    amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
 	echo x86_64-unknown-cygwin
 	exit ;;
     p*:CYGWIN*:*)
@@ -816,6 +836,16 @@
 	echo ${UNAME_MACHINE}-pc-minix
 	exit ;;
     arm*:Linux:*:*)
+	eval $set_cc_for_build
+	if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \
+	    | grep -q __ARM_EABI__
+	then
+	    echo ${UNAME_MACHINE}-unknown-linux-gnu
+	else
+	    echo ${UNAME_MACHINE}-unknown-linux-gnueabi
+	fi
+	exit ;;
+    avr32*:Linux:*:*)
 	echo ${UNAME_MACHINE}-unknown-linux-gnu
 	exit ;;
     cris:Linux:*:*)
@@ -852,7 +882,11 @@
 	#endif
 	#endif
 EOF
-	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^CPU/{
+		s: ::g
+		p
+	    }'`"
 	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
 	;;
     mips64:Linux:*:*)
@@ -871,9 +905,16 @@
 	#endif
 	#endif
 EOF
-	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^CPU/{
+		s: ::g
+		p
+	    }'`"
 	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
 	;;
+    or32:Linux:*:*)
+	echo or32-unknown-linux-gnu
+	exit ;;
     ppc:Linux:*:*)
 	echo powerpc-unknown-linux-gnu
 	exit ;;
@@ -917,9 +958,15 @@
     sparc:Linux:*:* | sparc64:Linux:*:*)
 	echo ${UNAME_MACHINE}-unknown-linux-gnu
 	exit ;;
+    vax:Linux:*:*)
+	echo ${UNAME_MACHINE}-dec-linux-gnu
+	exit ;;
     x86_64:Linux:*:*)
 	echo x86_64-unknown-linux-gnu
 	exit ;;
+    xtensa*:Linux:*:*)
+    	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
     i*86:Linux:*:*)
 	# The BFD linker knows what the default object file format is, so
 	# first see if it will tell us. cd to the root directory to prevent
@@ -962,7 +1009,7 @@
 	LIBC=gnulibc1
 	# endif
 	#else
-	#ifdef __INTEL_COMPILER
+	#if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC)
 	LIBC=gnu
 	#else
 	LIBC=gnuaout
@@ -972,7 +1019,11 @@
 	LIBC=dietlibc
 	#endif
 EOF
-	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^LIBC/{
+		s: ::g
+		p
+	    }'`"
 	test x"${LIBC}" != x && {
 		echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
 		exit
@@ -1174,6 +1225,15 @@
     SX-6:SUPER-UX:*:*)
 	echo sx6-nec-superux${UNAME_RELEASE}
 	exit ;;
+    SX-7:SUPER-UX:*:*)
+	echo sx7-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8:SUPER-UX:*:*)
+	echo sx8-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8R:SUPER-UX:*:*)
+	echo sx8r-nec-superux${UNAME_RELEASE}
+	exit ;;
     Power*:Rhapsody:*:*)
 	echo powerpc-apple-rhapsody${UNAME_RELEASE}
 	exit ;;
@@ -1183,7 +1243,6 @@
     *:Darwin:*:*)
 	UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
 	case $UNAME_PROCESSOR in
-	    *86) UNAME_PROCESSOR=i686 ;;
 	    unknown) UNAME_PROCESSOR=powerpc ;;
 	esac
 	echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
@@ -1262,6 +1321,9 @@
     i*86:skyos:*:*)
 	echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
 	exit ;;
+    i*86:rdos:*:*)
+	echo ${UNAME_MACHINE}-pc-rdos
+	exit ;;
 esac
 
 #echo '(No uname command or uname output not recognized.)' 1>&2
@@ -1422,9 +1484,9 @@
 the operating system you are using. It is advised that you
 download the most up to date version of the config scripts from
 
-  http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess
+  http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
 and
-  http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub
+  http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
 
 If the version you run ($0) is already up to date, please
 send the following data and any information you think might be

Modified: trunk/openvas-libnasl/config.sub
===================================================================
--- trunk/openvas-libnasl/config.sub	2008-10-12 03:42:14 UTC (rev 1509)
+++ trunk/openvas-libnasl/config.sub	2008-10-12 10:26:34 UTC (rev 1510)
@@ -1,9 +1,10 @@
 #! /bin/sh
 # Configuration validation subroutine script.
 #   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-#   2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
+#   2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008
+#   Free Software Foundation, Inc.
 
-timestamp='2005-07-04'
+timestamp='2008-01-16'
 
 # This file is (in principle) common to ALL GNU software.
 # The presence of a machine in this file suggests that SOME GNU software
@@ -71,8 +72,8 @@
 version="\
 GNU config.sub ($timestamp)
 
-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
-Free Software Foundation, Inc.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
+2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
 
 This is free software; see the source for copying conditions.  There is NO
 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@@ -119,8 +120,9 @@
 # Here we must recognize all the valid KERNEL-OS combinations.
 maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
 case $maybe_os in
-  nto-qnx* | linux-gnu* | linux-dietlibc | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | \
-  kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*)
+  nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \
+  uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \
+  storm-chaos* | os2-emx* | rtmk-nova*)
     os=-$maybe_os
     basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
     ;;
@@ -171,6 +173,10 @@
 	-hiux*)
 		os=-hiuxwe2
 		;;
+	-sco6)
+		os=-sco5v6
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
 	-sco5)
 		os=-sco3.2v5
 		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
@@ -187,6 +193,10 @@
 		# Don't forget version if it is 3.2v4 or newer.
 		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
 		;;
+	-sco5v6*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
 	-sco*)
 		os=-sco3.2v2
 		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
@@ -231,15 +241,16 @@
 	| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
 	| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
 	| am33_2.0 \
-	| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \
+	| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
 	| bfin \
 	| c4x | clipper \
 	| d10v | d30v | dlx | dsp16xx \
-	| fr30 | frv \
+	| fido | fr30 | frv \
 	| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
 	| i370 | i860 | i960 | ia64 \
 	| ip2k | iq2000 \
-	| m32r | m32rle | m68000 | m68k | m88k | maxq | mcore \
+	| m32c | m32r | m32rle | m68000 | m68k | m88k \
+	| maxq | mb | microblaze | mcore | mep \
 	| mips | mipsbe | mipseb | mipsel | mipsle \
 	| mips16 \
 	| mips64 | mips64el \
@@ -257,28 +268,27 @@
 	| mipsisa64sr71k | mipsisa64sr71kel \
 	| mipstx39 | mipstx39el \
 	| mn10200 | mn10300 \
-	| ms1 \
+	| mt \
 	| msp430 \
+	| nios | nios2 \
 	| ns16k | ns32k \
 	| or32 \
 	| pdp10 | pdp11 | pj | pjl \
 	| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
 	| pyramid \
-	| sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
+	| score \
+	| sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
 	| sh64 | sh64le \
-	| sparc | sparc64 | sparc64b | sparc86x | sparclet | sparclite \
-	| sparcv8 | sparcv9 | sparcv9b \
-	| strongarm \
+	| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
+	| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
+	| spu | strongarm \
 	| tahoe | thumb | tic4x | tic80 | tron \
 	| v850 | v850e \
 	| we32k \
-	| x86 | xscale | xscalee[bl] | xstormy16 | xtensa \
+	| x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \
 	| z8k)
 		basic_machine=$basic_machine-unknown
 		;;
-	m32c)
-		basic_machine=$basic_machine-unknown
-		;;
 	m6811 | m68hc11 | m6812 | m68hc12)
 		# Motorola 68HC11/12.
 		basic_machine=$basic_machine-unknown
@@ -286,6 +296,9 @@
 		;;
 	m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
 		;;
+	ms1)
+		basic_machine=mt-unknown
+		;;
 
 	# We use `pc' rather than `unknown'
 	# because (1) that's what they normally are, and
@@ -305,18 +318,18 @@
 	| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
 	| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
 	| arm-*  | armbe-* | armle-* | armeb-* | armv*-* \
-	| avr-* \
+	| avr-* | avr32-* \
 	| bfin-* | bs2000-* \
 	| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
 	| clipper-* | craynv-* | cydra-* \
 	| d10v-* | d30v-* | dlx-* \
 	| elxsi-* \
-	| f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \
+	| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
 	| h8300-* | h8500-* \
 	| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
 	| i*86-* | i860-* | i960-* | ia64-* \
 	| ip2k-* | iq2000-* \
-	| m32r-* | m32rle-* \
+	| m32c-* | m32r-* | m32rle-* \
 	| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
 	| m88110-* | m88k-* | maxq-* | mcore-* \
 	| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
@@ -336,30 +349,33 @@
 	| mipsisa64sr71k-* | mipsisa64sr71kel-* \
 	| mipstx39-* | mipstx39el-* \
 	| mmix-* \
-	| ms1-* \
+	| mt-* \
 	| msp430-* \
+	| nios-* | nios2-* \
 	| none-* | np1-* | ns16k-* | ns32k-* \
 	| orion-* \
 	| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
 	| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
 	| pyramid-* \
 	| romp-* | rs6000-* \
-	| sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | shbe-* \
+	| sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
 	| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
-	| sparc-* | sparc64-* | sparc64b-* | sparc86x-* | sparclet-* \
+	| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
 	| sparclite-* \
-	| sparcv8-* | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
+	| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \
 	| tahoe-* | thumb-* \
 	| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
 	| tron-* \
 	| v850-* | v850e-* | vax-* \
 	| we32k-* \
-	| x86-* | x86_64-* | xps100-* | xscale-* | xscalee[bl]-* \
-	| xstormy16-* | xtensa-* \
+	| x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \
+	| xstormy16-* | xtensa*-* \
 	| ymp-* \
 	| z8k-*)
 		;;
-	m32c-*)
+	# Recognize the basic CPU types without company name, with glob match.
+	xtensa*)
+		basic_machine=$basic_machine-unknown
 		;;
 	# Recognize the various machine names and aliases which stand
 	# for a CPU type and a company and sometimes even an OS.
@@ -431,6 +447,14 @@
 		basic_machine=ns32k-sequent
 		os=-dynix
 		;;
+	blackfin)
+		basic_machine=bfin-unknown
+		os=-linux
+		;;
+	blackfin-*)
+		basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'`
+		os=-linux
+		;;
 	c90)
 		basic_machine=c90-cray
 		os=-unicos
@@ -463,8 +487,8 @@
 		basic_machine=craynv-cray
 		os=-unicosmp
 		;;
-	cr16c)
-		basic_machine=cr16c-unknown
+	cr16)
+		basic_machine=cr16-unknown
 		os=-elf
 		;;
 	crds | unos)
@@ -656,6 +680,14 @@
 		basic_machine=m68k-isi
 		os=-sysv
 		;;
+	m68knommu)
+		basic_machine=m68k-unknown
+		os=-linux
+		;;
+	m68knommu-*)
+		basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'`
+		os=-linux
+		;;
 	m88k-omron*)
 		basic_machine=m88k-omron
 		;;
@@ -671,6 +703,10 @@
 		basic_machine=i386-pc
 		os=-mingw32
 		;;
+	mingw32ce)
+		basic_machine=arm-unknown
+		os=-mingw32ce
+		;;
 	miniframe)
 		basic_machine=m68000-convergent
 		;;
@@ -696,6 +732,9 @@
 		basic_machine=i386-pc
 		os=-msdos
 		;;
+	ms1-*)
+		basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
+		;;
 	mvs)
 		basic_machine=i370-ibm
 		os=-mvs
@@ -794,6 +833,14 @@
 		basic_machine=i860-intel
 		os=-osf
 		;;
+	parisc)
+		basic_machine=hppa-unknown
+		os=-linux
+		;;
+	parisc-*)
+		basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'`
+		os=-linux
+		;;
 	pbd)
 		basic_machine=sparc-tti
 		;;
@@ -803,6 +850,12 @@
 	pc532 | pc532-*)
 		basic_machine=ns32k-pc532
 		;;
+	pc98)
+		basic_machine=i386-pc
+		;;
+	pc98-*)
+		basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
 	pentium | p5 | k5 | k6 | nexgen | viac3)
 		basic_machine=i586-pc
 		;;
@@ -859,6 +912,10 @@
 		basic_machine=i586-unknown
 		os=-pw32
 		;;
+	rdos)
+		basic_machine=i386-pc
+		os=-rdos
+		;;
 	rom68k)
 		basic_machine=m68k-rom68k
 		os=-coff
@@ -885,6 +942,10 @@
 	sb1el)
 		basic_machine=mipsisa64sb1el-unknown
 		;;
+	sde)
+		basic_machine=mipsisa32-sde
+		os=-elf
+		;;
 	sei)
 		basic_machine=mips-sei
 		os=-seiux
@@ -896,6 +957,9 @@
 		basic_machine=sh-hitachi
 		os=-hms
 		;;
+	sh5el)
+		basic_machine=sh5le-unknown
+		;;
 	sh64)
 		basic_machine=sh64-unknown
 		;;
@@ -985,6 +1049,10 @@
 		basic_machine=tic6x-unknown
 		os=-coff
 		;;
+	tile*)
+		basic_machine=tile-unknown
+		os=-linux-gnu
+		;;
 	tx39)
 		basic_machine=mipstx39-unknown
 		;;
@@ -1101,7 +1169,7 @@
 	sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele)
 		basic_machine=sh-unknown
 		;;
-	sparc | sparcv8 | sparcv9 | sparcv9b)
+	sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
 		basic_machine=sparc-sun
 		;;
 	cydra)
@@ -1174,20 +1242,23 @@
 	      | -aos* \
 	      | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
 	      | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
-	      | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* | -openbsd* \
+	      | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
+	      | -openbsd* | -solidbsd* \
 	      | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
 	      | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
 	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
 	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
 	      | -chorusos* | -chorusrdb* \
 	      | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
-	      | -mingw32* | -linux-gnu* | -linux-uclibc* | -uxpv* | -beos* | -mpeix* | -udk* \
+	      | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \
+	      | -uxpv* | -beos* | -mpeix* | -udk* \
 	      | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
 	      | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
 	      | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
 	      | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
 	      | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
-	      | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* | -skyos*)
+	      | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
+	      | -skyos* | -haiku* | -rdos* | -toppers* | -drops*)
 	# Remember, each alternative MUST END IN *, to match a version number.
 		;;
 	-qnx*)
@@ -1205,7 +1276,7 @@
 		os=`echo $os | sed -e 's|nto|nto-qnx|'`
 		;;
 	-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
-	      | -windows* | -osx | -abug | -netware* | -os9* | -beos* \
+	      | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
 	      | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
 		;;
 	-mac*)
@@ -1339,6 +1410,12 @@
 # system, and we'll never get to this point.
 
 case $basic_machine in
+        score-*)
+		os=-elf
+		;;
+        spu-*)
+		os=-elf
+		;;
 	*-acorn)
 		os=-riscix1.2
 		;;
@@ -1348,9 +1425,9 @@
 	arm*-semi)
 		os=-aout
 		;;
-    c4x-* | tic4x-*)
-        os=-coff
-        ;;
+        c4x-* | tic4x-*)
+        	os=-coff
+		;;
 	# This must come before the *-dec entry.
 	pdp10-*)
 		os=-tops20
@@ -1376,6 +1453,9 @@
 	m68*-cisco)
 		os=-aout
 		;;
+        mep-*)
+		os=-elf
+		;;
 	mips*-cisco)
 		os=-elf
 		;;
@@ -1394,6 +1474,9 @@
 	*-be)
 		os=-beos
 		;;
+	*-haiku)
+		os=-haiku
+		;;
 	*-ibm)
 		os=-aix
 		;;

Modified: trunk/openvas-libnasl/ltmain.sh
===================================================================
--- trunk/openvas-libnasl/ltmain.sh	2008-10-12 03:42:14 UTC (rev 1509)
+++ trunk/openvas-libnasl/ltmain.sh	2008-10-12 10:26:34 UTC (rev 1510)
@@ -1,8 +1,8 @@
 # ltmain.sh - Provide generalized library-building support services.
 # NOTE: Changing this file will not affect anything until you rerun configure.
 #
-# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001
-# Free Software Foundation, Inc.
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006,
+# 2007, 2008  Free Software Foundation, Inc.
 # Originally by Gordon Matzigkeit <gord at gnu.ai.mit.edu>, 1996
 #
 # This program is free software; you can redistribute it and/or modify
@@ -17,13 +17,49 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 #
 # As a special exception to the GNU General Public License, if you
 # distribute this file as part of a program that contains a
 # configuration script generated by Autoconf, you may include it under
 # the same distribution terms that you use for the rest of that program.
 
+basename="s,^.*/,,g"
+
+# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh
+# is ksh but when the shell is invoked as "sh" and the current value of
+# the _XPG environment variable is not equal to 1 (one), the special
+# positional parameter $0, within a function call, is the name of the
+# function.
+progpath="$0"
+
+# The name of this program:
+progname=`echo "$progpath" | $SED $basename`
+modename="$progname"
+
+# Global variables:
+EXIT_SUCCESS=0
+EXIT_FAILURE=1
+
+PROGRAM=ltmain.sh
+PACKAGE=libtool
+VERSION="1.5.26 Debian 1.5.26-4"
+TIMESTAMP=" (1.1220.2.493 2008/02/01 16:58:18)"
+
+# Be Bourne compatible (taken from Autoconf:_AS_BOURNE_COMPATIBLE).
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in *posix*) set -o posix;; esac
+fi
+BIN_SH=xpg4; export BIN_SH # for Tru64
+DUALCASE=1; export DUALCASE # for MKS sh
+
 # Check that we have a working $echo.
 if test "X$1" = X--no-reexec; then
   # Discard the --no-reexec flag, and continue.
@@ -36,7 +72,7 @@
   :
 else
   # Restart under the correct shell, and then maybe $echo will work.
-  exec $SHELL "$0" --no-reexec ${1+"$@"}
+  exec $SHELL "$progpath" --no-reexec ${1+"$@"}
 fi
 
 if test "X$1" = X--fallback-echo; then
@@ -45,19 +81,9 @@
   cat <<EOF
 $*
 EOF
-  exit 0
+  exit $EXIT_SUCCESS
 fi
 
-# The name of this program.
-progname=`$echo "$0" | sed 's%^.*/%%'`
-modename="$progname"
-
-# Constants.
-PROGRAM=ltmain.sh
-PACKAGE=libtool
-VERSION=1.4.2
-TIMESTAMP=" (1.922.2.53 2001/09/11 03:18:52)"
-
 default_mode=
 help="Try \`$progname --help' for more information."
 magic="%%%MAGIC variable%%%"
@@ -67,30 +93,50 @@
 
 # Sed substitution that helps us do robust quoting.  It backslashifies
 # metacharacters that are still active within double-quoted strings.
-Xsed='sed -e 1s/^X//'
+Xsed="${SED}"' -e 1s/^X//'
 sed_quote_subst='s/\([\\`\\"$\\\\]\)/\\\1/g'
-SP2NL='tr \040 \012'
-NL2SP='tr \015\012 \040\040'
+# test EBCDIC or ASCII
+case `echo X|tr X '\101'` in
+ A) # ASCII based system
+    # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr
+  SP2NL='tr \040 \012'
+  NL2SP='tr \015\012 \040\040'
+  ;;
+ *) # EBCDIC based system
+  SP2NL='tr \100 \n'
+  NL2SP='tr \r\n \100\100'
+  ;;
+esac
 
 # NLS nuisances.
 # Only set LANG and LC_ALL to C if already set.
 # These must not be set unconditionally because not all systems understand
 # e.g. LANG=C (notably SCO).
 # We save the old values to restore during execute mode.
-if test "${LC_ALL+set}" = set; then
-  save_LC_ALL="$LC_ALL"; LC_ALL=C; export LC_ALL
+lt_env=
+for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES
+do
+  eval "if test \"\${$lt_var+set}\" = set; then
+	  save_$lt_var=\$$lt_var
+	  lt_env=\"$lt_var=\$$lt_var \$lt_env\"
+	  $lt_var=C
+	  export $lt_var
+	fi"
+done
+
+if test -n "$lt_env"; then
+  lt_env="env $lt_env"
 fi
-if test "${LANG+set}" = set; then
-  save_LANG="$LANG"; LANG=C; export LANG
-fi
 
 # Make sure IFS has a sensible default
-: ${IFS=" 	"}
+lt_nl='
+'
+IFS=" 	$lt_nl"
 
 if test "$build_libtool_libs" != yes && test "$build_old_libs" != yes; then
-  echo "$modename: not configured to build any kind of library" 1>&2
-  echo "Fatal configuration error.  See the $PACKAGE docs for more information." 1>&2
-  exit 1
+  $echo "$modename: not configured to build any kind of library" 1>&2
+  $echo "Fatal configuration error.  See the $PACKAGE docs for more information." 1>&2
+  exit $EXIT_FAILURE
 fi
 
 # Global variables.
@@ -102,11 +148,286 @@
 show="$echo"
 show_help=
 execute_dlfiles=
+duplicate_deps=no
+preserve_args=
 lo2o="s/\\.lo\$/.${objext}/"
 o2lo="s/\\.${objext}\$/.lo/"
+extracted_archives=
+extracted_serial=0
 
+#####################################
+# Shell function definitions:
+# This seems to be the best place for them
+
+# func_mktempdir [string]
+# Make a temporary directory that won't clash with other running
+# libtool processes, and avoids race conditions if possible.  If
+# given, STRING is the basename for that directory.
+func_mktempdir ()
+{
+    my_template="${TMPDIR-/tmp}/${1-$progname}"
+
+    if test "$run" = ":"; then
+      # Return a directory name, but don't create it in dry-run mode
+      my_tmpdir="${my_template}-$$"
+    else
+
+      # If mktemp works, use that first and foremost
+      my_tmpdir=`mktemp -d "${my_template}-XXXXXXXX" 2>/dev/null`
+
+      if test ! -d "$my_tmpdir"; then
+	# Failing that, at least try and use $RANDOM to avoid a race
+	my_tmpdir="${my_template}-${RANDOM-0}$$"
+
+	save_mktempdir_umask=`umask`
+	umask 0077
+	$mkdir "$my_tmpdir"
+	umask $save_mktempdir_umask
+      fi
+
+      # If we're not in dry-run mode, bomb out on failure
+      test -d "$my_tmpdir" || {
+        $echo "cannot create temporary directory \`$my_tmpdir'" 1>&2
+	exit $EXIT_FAILURE
+      }
+    fi
+
+    $echo "X$my_tmpdir" | $Xsed
+}
+
+
+# func_win32_libid arg
+# return the library type of file 'arg'
+#
+# Need a lot of goo to handle *both* DLLs and import libs
+# Has to be a shell function in order to 'eat' the argument
+# that is supplied when $file_magic_command is called.
+func_win32_libid ()
+{
+  win32_libid_type="unknown"
+  win32_fileres=`file -L $1 2>/dev/null`
+  case $win32_fileres in
+  *ar\ archive\ import\ library*) # definitely import
+    win32_libid_type="x86 archive import"
+    ;;
+  *ar\ archive*) # could be an import, or static
+    if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null | \
+      $EGREP -e 'file format pe-i386(.*architecture: i386)?' >/dev/null ; then
+      win32_nmres=`eval $NM -f posix -A $1 | \
+	$SED -n -e '1,100{
+		/ I /{
+			s,.*,import,
+			p
+			q
+			}
+		}'`
+      case $win32_nmres in
+      import*)  win32_libid_type="x86 archive import";;
+      *)        win32_libid_type="x86 archive static";;
+      esac
+    fi
+    ;;
+  *DLL*)
+    win32_libid_type="x86 DLL"
+    ;;
+  *executable*) # but shell scripts are "executable" too...
+    case $win32_fileres in
+    *MS\ Windows\ PE\ Intel*)
+      win32_libid_type="x86 DLL"
+      ;;
+    esac
+    ;;
+  esac
+  $echo $win32_libid_type
+}
+
+
+# func_infer_tag arg
+# Infer tagged configuration to use if any are available and
+# if one wasn't chosen via the "--tag" command line option.
+# Only attempt this if the compiler in the base compile
+# command doesn't match the default compiler.
+# arg is usually of the form 'gcc ...'
+func_infer_tag ()
+{
+    if test -n "$available_tags" && test -z "$tagname"; then
+      CC_quoted=
+      for arg in $CC; do
+	case $arg in
+	  *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
+	  arg="\"$arg\""
+	  ;;
+	esac
+	CC_quoted="$CC_quoted $arg"
+      done
+      case $@ in
+      # Blanks in the command may have been stripped by the calling shell,
+      # but not from the CC environment variable when configure was run.
+      " $CC "* | "$CC "* | " `$echo $CC` "* | "`$echo $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$echo $CC_quoted` "* | "`$echo $CC_quoted` "*) ;;
+      # Blanks at the start of $base_compile will cause this to fail
+      # if we don't check for them as well.
+      *)
+	for z in $available_tags; do
+	  if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then
+	    # Evaluate the configuration.
+	    eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`"
+	    CC_quoted=
+	    for arg in $CC; do
+	    # Double-quote args containing other shell metacharacters.
+	    case $arg in
+	      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
+	      arg="\"$arg\""
+	      ;;
+	    esac
+	    CC_quoted="$CC_quoted $arg"
+	  done
+	    case "$@ " in
+	      " $CC "* | "$CC "* | " `$echo $CC` "* | "`$echo $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$echo $CC_quoted` "* | "`$echo $CC_quoted` "*)
+	      # The compiler in the base compile command matches
+	      # the one in the tagged configuration.
+	      # Assume this is the tagged configuration we want.
+	      tagname=$z
+	      break
+	      ;;
+	    esac
+	  fi
+	done
+	# If $tagname still isn't set, then no tagged configuration
+	# was found and let the user know that the "--tag" command
+	# line option must be used.
+	if test -z "$tagname"; then
+	  $echo "$modename: unable to infer tagged configuration"
+	  $echo "$modename: specify a tag with \`--tag'" 1>&2
+	  exit $EXIT_FAILURE
+#        else
+#          $echo "$modename: using $tagname tagged configuration"
+	fi
+	;;
+      esac
+    fi
+}
+
+
+# func_extract_an_archive dir oldlib
+func_extract_an_archive ()
+{
+    f_ex_an_ar_dir="$1"; shift
+    f_ex_an_ar_oldlib="$1"
+
+    $show "(cd $f_ex_an_ar_dir && $AR x $f_ex_an_ar_oldlib)"
+    $run eval "(cd \$f_ex_an_ar_dir && $AR x \$f_ex_an_ar_oldlib)" || exit $?
+    if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then
+     :
+    else
+      $echo "$modename: ERROR: object name conflicts: $f_ex_an_ar_dir/$f_ex_an_ar_oldlib" 1>&2
+      exit $EXIT_FAILURE
+    fi
+}
+
+# func_extract_archives gentop oldlib ...
+func_extract_archives ()
+{
+    my_gentop="$1"; shift
+    my_oldlibs=${1+"$@"}
+    my_oldobjs=""
+    my_xlib=""
+    my_xabs=""
+    my_xdir=""
+    my_status=""
+
+    $show "${rm}r $my_gentop"
+    $run ${rm}r "$my_gentop"
+    $show "$mkdir $my_gentop"
+    $run $mkdir "$my_gentop"
+    my_status=$?
+    if test "$my_status" -ne 0 && test ! -d "$my_gentop"; then
+      exit $my_status
+    fi
+
+    for my_xlib in $my_oldlibs; do
+      # Extract the objects.
+      case $my_xlib in
+	[\\/]* | [A-Za-z]:[\\/]*) my_xabs="$my_xlib" ;;
+	*) my_xabs=`pwd`"/$my_xlib" ;;
+      esac
+      my_xlib=`$echo "X$my_xlib" | $Xsed -e 's%^.*/%%'`
+      my_xlib_u=$my_xlib
+      while :; do
+        case " $extracted_archives " in
+	*" $my_xlib_u "*)
+	  extracted_serial=`expr $extracted_serial + 1`
+	  my_xlib_u=lt$extracted_serial-$my_xlib ;;
+	*) break ;;
+	esac
+      done
+      extracted_archives="$extracted_archives $my_xlib_u"
+      my_xdir="$my_gentop/$my_xlib_u"
+
+      $show "${rm}r $my_xdir"
+      $run ${rm}r "$my_xdir"
+      $show "$mkdir $my_xdir"
+      $run $mkdir "$my_xdir"
+      exit_status=$?
+      if test "$exit_status" -ne 0 && test ! -d "$my_xdir"; then
+	exit $exit_status
+      fi
+      case $host in
+      *-darwin*)
+	$show "Extracting $my_xabs"
+	# Do not bother doing anything if just a dry run
+	if test -z "$run"; then
+	  darwin_orig_dir=`pwd`
+	  cd $my_xdir || exit $?
+	  darwin_archive=$my_xabs
+	  darwin_curdir=`pwd`
+	  darwin_base_archive=`$echo "X$darwin_archive" | $Xsed -e 's%^.*/%%'`
+	  darwin_arches=`lipo -info "$darwin_archive" 2>/dev/null | $EGREP Architectures 2>/dev/null`
+	  if test -n "$darwin_arches"; then 
+	    darwin_arches=`echo "$darwin_arches" | $SED -e 's/.*are://'`
+	    darwin_arch=
+	    $show "$darwin_base_archive has multiple architectures $darwin_arches"
+	    for darwin_arch in  $darwin_arches ; do
+	      mkdir -p "unfat-$$/${darwin_base_archive}-${darwin_arch}"
+	      lipo -thin $darwin_arch -output "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" "${darwin_archive}"
+	      cd "unfat-$$/${darwin_base_archive}-${darwin_arch}"
+	      func_extract_an_archive "`pwd`" "${darwin_base_archive}"
+	      cd "$darwin_curdir"
+	      $rm "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}"
+	    done # $darwin_arches
+      ## Okay now we have a bunch of thin objects, gotta fatten them up :)
+	    darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print| xargs basename | sort -u | $NL2SP`
+	    darwin_file=
+	    darwin_files=
+	    for darwin_file in $darwin_filelist; do
+	      darwin_files=`find unfat-$$ -name $darwin_file -print | $NL2SP`
+	      lipo -create -output "$darwin_file" $darwin_files
+	    done # $darwin_filelist
+	    ${rm}r unfat-$$
+	    cd "$darwin_orig_dir"
+	  else
+	    cd "$darwin_orig_dir"
+ 	    func_extract_an_archive "$my_xdir" "$my_xabs"
+	  fi # $darwin_arches
+	fi # $run
+	;;
+      *)
+        func_extract_an_archive "$my_xdir" "$my_xabs"
+        ;;
+      esac
+      my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | $NL2SP`
+    done
+    func_extract_archives_result="$my_oldobjs"
+}
+# End of Shell function definitions
+#####################################
+
+# Darwin sucks
+eval std_shrext=\"$shrext_cmds\"
+
+disable_libs=no
+
 # Parse our command line options once, thoroughly.
-while test $# -gt 0
+while test "$#" -gt 0
 do
   arg="$1"
   shift
@@ -122,6 +443,34 @@
     execute_dlfiles)
       execute_dlfiles="$execute_dlfiles $arg"
       ;;
+    tag)
+      tagname="$arg"
+      preserve_args="${preserve_args}=$arg"
+
+      # Check whether tagname contains only valid characters
+      case $tagname in
+      *[!-_A-Za-z0-9,/]*)
+	$echo "$progname: invalid tag name: $tagname" 1>&2
+	exit $EXIT_FAILURE
+	;;
+      esac
+
+      case $tagname in
+      CC)
+	# Don't test for the "default" C tag, as we know, it's there, but
+	# not specially marked.
+	;;
+      *)
+	if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$" < "$progpath" > /dev/null; then
+	  taglist="$taglist $tagname"
+	  # Evaluate the configuration.
+	  eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$tagname'$/,/^# ### END LIBTOOL TAG CONFIG: '$tagname'$/p' < $progpath`"
+	else
+	  $echo "$progname: ignoring unknown tag $tagname" 1>&2
+	fi
+	;;
+      esac
+      ;;
     *)
       eval "$prev=\$arg"
       ;;
@@ -139,18 +488,28 @@
     ;;
 
   --version)
-    echo "$PROGRAM (GNU $PACKAGE) $VERSION$TIMESTAMP"
-    exit 0
+    echo "\
+$PROGRAM (GNU $PACKAGE) $VERSION$TIMESTAMP
+
+Copyright (C) 2008  Free Software Foundation, Inc.
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+    exit $?
     ;;
 
   --config)
-    sed -e '1,/^# ### BEGIN LIBTOOL CONFIG/d' -e '/^# ### END LIBTOOL CONFIG/,$d' $0
-    exit 0
+    ${SED} -e '1,/^# ### BEGIN LIBTOOL CONFIG/d' -e '/^# ### END LIBTOOL CONFIG/,$d' $progpath
+    # Now print the configurations for the tags.
+    for tagname in $taglist; do
+      ${SED} -n -e "/^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$/,/^# ### END LIBTOOL TAG CONFIG: $tagname$/p" < "$progpath"
+    done
+    exit $?
     ;;
 
   --debug)
-    echo "$progname: enabling shell trace mode"
+    $echo "$progname: enabling shell trace mode"
     set -x
+    preserve_args="$preserve_args $arg"
     ;;
 
   --dry-run | -n)
@@ -158,18 +517,18 @@
     ;;
 
   --features)
-    echo "host: $host"
+    $echo "host: $host"
     if test "$build_libtool_libs" = yes; then
-      echo "enable shared libraries"
+      $echo "enable shared libraries"
     else
-      echo "disable shared libraries"
+      $echo "disable shared libraries"
     fi
     if test "$build_old_libs" = yes; then
-      echo "enable static libraries"
+      $echo "enable static libraries"
     else
-      echo "disable static libraries"
+      $echo "disable static libraries"
     fi
-    exit 0
+    exit $?
     ;;
 
   --finish) mode="finish" ;;
@@ -177,10 +536,25 @@
   --mode) prevopt="--mode" prev=mode ;;
   --mode=*) mode="$optarg" ;;
 
+  --preserve-dup-deps) duplicate_deps="yes" ;;
+
   --quiet | --silent)
     show=:
+    preserve_args="$preserve_args $arg"
     ;;
 
+  --tag)
+    prevopt="--tag"
+    prev=tag
+    preserve_args="$preserve_args --tag"
+    ;;
+  --tag=*)
+    set tag "$optarg" ${1+"$@"}
+    shift
+    prev=tag
+    preserve_args="$preserve_args --tag"
+    ;;
+
   -dlopen)
     prevopt="-dlopen"
     prev=execute_dlfiles
@@ -189,7 +563,7 @@
   -*)
     $echo "$modename: unrecognized option \`$arg'" 1>&2
     $echo "$help" 1>&2
-    exit 1
+    exit $EXIT_FAILURE
     ;;
 
   *)
@@ -202,9 +576,21 @@
 if test -n "$prevopt"; then
   $echo "$modename: option \`$prevopt' requires an argument" 1>&2
   $echo "$help" 1>&2
-  exit 1
+  exit $EXIT_FAILURE
 fi
 
+case $disable_libs in
+no) 
+  ;;
+shared)
+  build_libtool_libs=no
+  build_old_libs=yes
+  ;;
+static)
+  build_old_libs=`case $build_libtool_libs in yes) echo no;; *) echo yes;; esac`
+  ;;
+esac
+
 # If this variable is set in any of the actions, the command in it
 # will be execed at the end.  This prevents here-documents from being
 # left over by shells.
@@ -214,8 +600,10 @@
 
   # Infer the operation mode.
   if test -z "$mode"; then
+    $echo "*** Warning: inferring the mode of operation is deprecated." 1>&2
+    $echo "*** Future versions of Libtool will require --mode=MODE be specified." 1>&2
     case $nonopt in
-    *cc | *++ | gcc* | *-gcc*)
+    *cc | cc* | *++ | gcc* | *-gcc* | g++* | xlc*)
       mode=link
       for arg
       do
@@ -256,7 +644,7 @@
   if test -n "$execute_dlfiles" && test "$mode" != execute; then
     $echo "$modename: unrecognized option \`-dlopen'" 1>&2
     $echo "$help" 1>&2
-    exit 1
+    exit $EXIT_FAILURE
   fi
 
   # Change the help message to a mode-specific one.
@@ -270,158 +658,127 @@
     modename="$modename: compile"
     # Get the compilation command and the source file.
     base_compile=
-    prev=
-    lastarg=
-    srcfile="$nonopt"
+    srcfile="$nonopt"  #  always keep a non-empty value in "srcfile"
+    suppress_opt=yes
     suppress_output=
+    arg_mode=normal
+    libobj=
+    later=
 
-    user_target=no
     for arg
     do
-      case $prev in
-      "") ;;
-      xcompiler)
-	# Aesthetically quote the previous argument.
-	prev=
-	lastarg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
+      case $arg_mode in
+      arg  )
+	# do not "continue".  Instead, add this to base_compile
+	lastarg="$arg"
+	arg_mode=normal
+	;;
 
-	case $arg in
-	# Double-quote args containing other shell metacharacters.
-	# Many Bourne shells cannot handle close brackets correctly
-	# in scan sets, so we specify it separately.
-	*[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-	  arg="\"$arg\""
-	  ;;
-	esac
-
-	# Add the previous argument to base_compile.
-	if test -z "$base_compile"; then
-	  base_compile="$lastarg"
-	else
-	  base_compile="$base_compile $lastarg"
-	fi
+      target )
+	libobj="$arg"
+	arg_mode=normal
 	continue
 	;;
-      esac
 
-      # Accept any command-line options.
-      case $arg in
-      -o)
-	if test "$user_target" != "no"; then
-	  $echo "$modename: you cannot specify \`-o' more than once" 1>&2
-	  exit 1
-	fi
-	user_target=next
-	;;
+      normal )
+	# Accept any command-line options.
+	case $arg in
+	-o)
+	  if test -n "$libobj" ; then
+	    $echo "$modename: you cannot specify \`-o' more than once" 1>&2
+	    exit $EXIT_FAILURE
+	  fi
+	  arg_mode=target
+	  continue
+	  ;;
 
-      -static)
-	build_old_libs=yes
-	continue
-	;;
+	-static | -prefer-pic | -prefer-non-pic)
+	  later="$later $arg"
+	  continue
+	  ;;
 
-      -prefer-pic)
-	pic_mode=yes
-	continue
-	;;
+	-no-suppress)
+	  suppress_opt=no
+	  continue
+	  ;;
 
-      -prefer-non-pic)
-	pic_mode=no
-	continue
-	;;
+	-Xcompiler)
+	  arg_mode=arg  #  the next one goes into the "base_compile" arg list
+	  continue      #  The current "srcfile" will either be retained or
+	  ;;            #  replaced later.  I would guess that would be a bug.
 
-      -Xcompiler)
-	prev=xcompiler
-	continue
-	;;
+	-Wc,*)
+	  args=`$echo "X$arg" | $Xsed -e "s/^-Wc,//"`
+	  lastarg=
+	  save_ifs="$IFS"; IFS=','
+ 	  for arg in $args; do
+	    IFS="$save_ifs"
 
-      -Wc,*)
-	args=`$echo "X$arg" | $Xsed -e "s/^-Wc,//"`
-	lastarg=
-	save_ifs="$IFS"; IFS=','
-	for arg in $args; do
+	    # Double-quote args containing other shell metacharacters.
+	    # Many Bourne shells cannot handle close brackets correctly
+	    # in scan sets, so we specify it separately.
+	    case $arg in
+	      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
+	      arg="\"$arg\""
+	      ;;
+	    esac
+	    lastarg="$lastarg $arg"
+	  done
 	  IFS="$save_ifs"
+	  lastarg=`$echo "X$lastarg" | $Xsed -e "s/^ //"`
 
-	  # Double-quote args containing other shell metacharacters.
-	  # Many Bourne shells cannot handle close brackets correctly
-	  # in scan sets, so we specify it separately.
-	  case $arg in
-	    *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-	    arg="\"$arg\""
-	    ;;
-	  esac
-	  lastarg="$lastarg $arg"
-	done
-	IFS="$save_ifs"
-	lastarg=`$echo "X$lastarg" | $Xsed -e "s/^ //"`
-
-	# Add the arguments to base_compile.
-	if test -z "$base_compile"; then
-	  base_compile="$lastarg"
-	else
+	  # Add the arguments to base_compile.
 	  base_compile="$base_compile $lastarg"
-	fi
-	continue
-	;;
-      esac
+	  continue
+	  ;;
 
-      case $user_target in
-      next)
-	# The next one is the -o target name
-	user_target=yes
-	continue
+	* )
+	  # Accept the current argument as the source file.
+	  # The previous "srcfile" becomes the current argument.
+	  #
+	  lastarg="$srcfile"
+	  srcfile="$arg"
+	  ;;
+	esac  #  case $arg
 	;;
-      yes)
-	# We got the output file
-	user_target=set
-	libobj="$arg"
-	continue
-	;;
-      esac
+      esac    #  case $arg_mode
 
-      # Accept the current argument as the source file.
-      lastarg="$srcfile"
-      srcfile="$arg"
-
       # Aesthetically quote the previous argument.
-
-      # Backslashify any backslashes, double quotes, and dollar signs.
-      # These are the only characters that are still specially
-      # interpreted inside of double-quoted scrings.
       lastarg=`$echo "X$lastarg" | $Xsed -e "$sed_quote_subst"`
 
+      case $lastarg in
       # Double-quote args containing other shell metacharacters.
       # Many Bourne shells cannot handle close brackets correctly
-      # in scan sets, so we specify it separately.
-      case $lastarg in
+      # in scan sets, and some SunOS ksh mistreat backslash-escaping
+      # in scan sets (worked around with variable expansion),
+      # and furthermore cannot handle '|' '&' '(' ')' in scan sets 
+      # at all, so we specify them separately.
       *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
 	lastarg="\"$lastarg\""
 	;;
       esac
 
-      # Add the previous argument to base_compile.
-      if test -z "$base_compile"; then
-	base_compile="$lastarg"
-      else
-	base_compile="$base_compile $lastarg"
-      fi
-    done
+      base_compile="$base_compile $lastarg"
+    done # for arg
 
-    case $user_target in
-    set)
+    case $arg_mode in
+    arg)
+      $echo "$modename: you must specify an argument for -Xcompile"
+      exit $EXIT_FAILURE
       ;;
-    no)
-      # Get the name of the library object.
-      libobj=`$echo "X$srcfile" | $Xsed -e 's%^.*/%%'`
+    target)
+      $echo "$modename: you must specify a target with \`-o'" 1>&2
+      exit $EXIT_FAILURE
       ;;
     *)
-      $echo "$modename: you must specify a target with \`-o'" 1>&2
-      exit 1
+      # Get the name of the library object.
+      [ -z "$libobj" ] && libobj=`$echo "X$srcfile" | $Xsed -e 's%^.*/%%'`
       ;;
     esac
 
     # Recognize several different file suffixes.
     # If the user specifies -o file.o, it is replaced with file.lo
-    xform='[cCFSfmso]'
+    xform='[cCFSifmso]'
     case $libobj in
     *.ada) xform=ada ;;
     *.adb) xform=adb ;;
@@ -429,10 +786,15 @@
     *.asm) xform=asm ;;
     *.c++) xform=c++ ;;
     *.cc) xform=cc ;;
+    *.ii) xform=ii ;;
+    *.class) xform=class ;;
     *.cpp) xform=cpp ;;
     *.cxx) xform=cxx ;;
-    *.f90) xform=f90 ;;
+    *.[fF][09]?) xform=[fF][09]. ;;
     *.for) xform=for ;;
+    *.java) xform=java ;;
+    *.obj) xform=obj ;;
+    *.sx) xform=sx ;;
     esac
 
     libobj=`$echo "X$libobj" | $Xsed -e "s/\.$xform$/.lo/"`
@@ -441,25 +803,63 @@
     *.lo) obj=`$echo "X$libobj" | $Xsed -e "$lo2o"` ;;
     *)
       $echo "$modename: cannot determine name of library object from \`$libobj'" 1>&2
-      exit 1
+      exit $EXIT_FAILURE
       ;;
     esac
 
+    func_infer_tag $base_compile
+
+    for arg in $later; do
+      case $arg in
+      -static)
+	build_old_libs=yes
+	continue
+	;;
+
+      -prefer-pic)
+	pic_mode=yes
+	continue
+	;;
+
+      -prefer-non-pic)
+	pic_mode=no
+	continue
+	;;
+      esac
+    done
+
+    qlibobj=`$echo "X$libobj" | $Xsed -e "$sed_quote_subst"`
+    case $qlibobj in
+      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
+	qlibobj="\"$qlibobj\"" ;;
+    esac
+    test "X$libobj" != "X$qlibobj" \
+	&& $echo "X$libobj" | grep '[]~#^*{};<>?"'"'"' 	&()|`$[]' \
+	&& $echo "$modename: libobj name \`$libobj' may not contain shell special characters."
+    objname=`$echo "X$obj" | $Xsed -e 's%^.*/%%'`
+    xdir=`$echo "X$obj" | $Xsed -e 's%/[^/]*$%%'`
+    if test "X$xdir" = "X$obj"; then
+      xdir=
+    else
+      xdir=$xdir/
+    fi
+    lobj=${xdir}$objdir/$objname
+
     if test -z "$base_compile"; then
       $echo "$modename: you must specify a compilation command" 1>&2
       $echo "$help" 1>&2
-      exit 1
+      exit $EXIT_FAILURE
     fi
 
     # Delete any leftover library objects.
     if test "$build_old_libs" = yes; then
-      removelist="$obj $libobj"
+      removelist="$obj $lobj $libobj ${libobj}T"
     else
-      removelist="$libobj"
+      removelist="$lobj $libobj ${libobj}T"
     fi
 
     $run $rm $removelist
-    trap "$run $rm $removelist; exit 1" 1 2 15
+    trap "$run $rm $removelist; exit $EXIT_FAILURE" 1 2 15
 
     # On Cygwin there's no "real" PIC flag so we must build both object types
     case $host_os in
@@ -467,7 +867,7 @@
       pic_mode=default
       ;;
     esac
-    if test $pic_mode = no && test "$deplibs_check_method" != pass_all; then
+    if test "$pic_mode" = no && test "$deplibs_check_method" != pass_all; then
       # non-PIC code in shared libraries is not supported
       pic_mode=default
     fi
@@ -478,8 +878,9 @@
       output_obj=`$echo "X$srcfile" | $Xsed -e 's%^.*/%%' -e 's%\.[^.]*$%%'`.${objext}
       lockfile="$output_obj.lock"
       removelist="$removelist $output_obj $lockfile"
-      trap "$run $rm $removelist; exit 1" 1 2 15
+      trap "$run $rm $removelist; exit $EXIT_FAILURE" 1 2 15
     else
+      output_obj=
       need_locks=no
       lockfile=
     fi
@@ -487,13 +888,13 @@
     # Lock this critical section if it is needed
     # We use this script file to make the link, it avoids creating a new file
     if test "$need_locks" = yes; then
-      until $run ln "$0" "$lockfile" 2>/dev/null; do
+      until $run ln "$progpath" "$lockfile" 2>/dev/null; do
 	$show "Waiting for $lockfile to be removed"
 	sleep 2
       done
     elif test "$need_locks" = warn; then
       if test -f "$lockfile"; then
-	echo "\
+	$echo "\
 *** ERROR, $lockfile exists and contains:
 `cat $lockfile 2>/dev/null`
 
@@ -505,68 +906,72 @@
 compiler."
 
 	$run $rm $removelist
-	exit 1
+	exit $EXIT_FAILURE
       fi
-      echo $srcfile > "$lockfile"
+      $echo "$srcfile" > "$lockfile"
     fi
 
     if test -n "$fix_srcfile_path"; then
       eval srcfile=\"$fix_srcfile_path\"
     fi
+    qsrcfile=`$echo "X$srcfile" | $Xsed -e "$sed_quote_subst"`
+    case $qsrcfile in
+      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
+      qsrcfile="\"$qsrcfile\"" ;;
+    esac
 
+    $run $rm "$libobj" "${libobj}T"
+
+    # Create a libtool object file (analogous to a ".la" file),
+    # but don't create it if we're doing a dry run.
+    test -z "$run" && cat > ${libobj}T <<EOF
+# $libobj - a libtool object file
+# Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# Name of the PIC object.
+EOF
+
     # Only build a PIC object if we are building libtool libraries.
     if test "$build_libtool_libs" = yes; then
       # Without this assignment, base_compile gets emptied.
       fbsd_hideous_sh_bug=$base_compile
 
       if test "$pic_mode" != no; then
-	# All platforms use -DPIC, to notify preprocessed assembler code.
-	command="$base_compile $srcfile $pic_flag -DPIC"
+	command="$base_compile $qsrcfile $pic_flag"
       else
 	# Don't build PIC code
-	command="$base_compile $srcfile"
+	command="$base_compile $qsrcfile"
       fi
-      if test "$build_old_libs" = yes; then
-	lo_libobj="$libobj"
-	dir=`$echo "X$libobj" | $Xsed -e 's%/[^/]*$%%'`
-	if test "X$dir" = "X$libobj"; then
-	  dir="$objdir"
-	else
-	  dir="$dir/$objdir"
-	fi
-	libobj="$dir/"`$echo "X$libobj" | $Xsed -e 's%^.*/%%'`
 
-	if test -d "$dir"; then
-	  $show "$rm $libobj"
-	  $run $rm $libobj
-	else
-	  $show "$mkdir $dir"
-	  $run $mkdir $dir
-	  status=$?
-	  if test $status -ne 0 && test ! -d $dir; then
-	    exit $status
-	  fi
+      if test ! -d "${xdir}$objdir"; then
+	$show "$mkdir ${xdir}$objdir"
+	$run $mkdir ${xdir}$objdir
+	exit_status=$?
+	if test "$exit_status" -ne 0 && test ! -d "${xdir}$objdir"; then
+	  exit $exit_status
 	fi
       fi
-      if test "$compiler_o_lo" = yes; then
-	output_obj="$libobj"
-	command="$command -o $output_obj"
-      elif test "$compiler_c_o" = yes; then
-	output_obj="$obj"
-	command="$command -o $output_obj"
+
+      if test -z "$output_obj"; then
+	# Place PIC objects in $objdir
+	command="$command -o $lobj"
       fi
 
-      $run $rm "$output_obj"
+      $run $rm "$lobj" "$output_obj"
+
       $show "$command"
-      if $run eval "$command"; then :
+      if $run eval $lt_env "$command"; then :
       else
 	test -n "$output_obj" && $run $rm $removelist
-	exit 1
+	exit $EXIT_FAILURE
       fi
 
       if test "$need_locks" = warn &&
-	 test x"`cat $lockfile 2>/dev/null`" != x"$srcfile"; then
-	echo "\
+	 test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then
+	$echo "\
 *** ERROR, $lockfile contains:
 `cat $lockfile 2>/dev/null`
 
@@ -581,13 +986,13 @@
 compiler."
 
 	$run $rm $removelist
-	exit 1
+	exit $EXIT_FAILURE
       fi
 
       # Just move the object if needed, then go on to compile the next one
-      if test x"$output_obj" != x"$libobj"; then
-	$show "$mv $output_obj $libobj"
-	if $run $mv $output_obj $libobj; then :
+      if test -n "$output_obj" && test "X$output_obj" != "X$lobj"; then
+	$show "$mv $output_obj $lobj"
+	if $run $mv $output_obj $lobj; then :
 	else
 	  error=$?
 	  $run $rm $removelist
@@ -595,77 +1000,50 @@
 	fi
       fi
 
-      # If we have no pic_flag, then copy the object into place and finish.
-      if (test -z "$pic_flag" || test "$pic_mode" != default) &&
-	 test "$build_old_libs" = yes; then
-	# Rename the .lo from within objdir to obj
-	if test -f $obj; then
-	  $show $rm $obj
-	  $run $rm $obj
-	fi
+      # Append the name of the PIC object to the libtool object file.
+      test -z "$run" && cat >> ${libobj}T <<EOF
+pic_object='$objdir/$objname'
 
-	$show "$mv $libobj $obj"
-	if $run $mv $libobj $obj; then :
-	else
-	  error=$?
-	  $run $rm $removelist
-	  exit $error
-	fi
+EOF
 
-	xdir=`$echo "X$obj" | $Xsed -e 's%/[^/]*$%%'`
-	if test "X$xdir" = "X$obj"; then
-	  xdir="."
-	else
-	  xdir="$xdir"
-	fi
-	baseobj=`$echo "X$obj" | $Xsed -e "s%.*/%%"`
-	libobj=`$echo "X$baseobj" | $Xsed -e "$o2lo"`
-	# Now arrange that obj and lo_libobj become the same file
-	$show "(cd $xdir && $LN_S $baseobj $libobj)"
-	if $run eval '(cd $xdir && $LN_S $baseobj $libobj)'; then
-	  # Unlock the critical section if it was locked
-	  if test "$need_locks" != no; then
-	    $run $rm "$lockfile"
-	  fi
-	  exit 0
-	else
-	  error=$?
-	  $run $rm $removelist
-	  exit $error
-	fi
+      # Allow error messages only from the first compilation.
+      if test "$suppress_opt" = yes; then
+        suppress_output=' >/dev/null 2>&1'
       fi
+    else
+      # No PIC object so indicate it doesn't exist in the libtool
+      # object file.
+      test -z "$run" && cat >> ${libobj}T <<EOF
+pic_object=none
 
-      # Allow error messages only from the first compilation.
-      suppress_output=' >/dev/null 2>&1'
+EOF
     fi
 
     # Only build a position-dependent object if we build old libraries.
     if test "$build_old_libs" = yes; then
       if test "$pic_mode" != yes; then
 	# Don't build PIC code
-	command="$base_compile $srcfile"
+	command="$base_compile $qsrcfile"
       else
-	# All platforms use -DPIC, to notify preprocessed assembler code.
-	command="$base_compile $srcfile $pic_flag -DPIC"
+	command="$base_compile $qsrcfile $pic_flag"
       fi
       if test "$compiler_c_o" = yes; then
 	command="$command -o $obj"
-	output_obj="$obj"
       fi
 
       # Suppress compiler output if we already did a PIC compilation.
       command="$command$suppress_output"
-      $run $rm "$output_obj"
+      $run $rm "$obj" "$output_obj"
       $show "$command"
-      if $run eval "$command"; then :
+      if $run eval $lt_env "$command"; then :
       else
 	$run $rm $removelist
-	exit 1
+	exit $EXIT_FAILURE
       fi
 
       if test "$need_locks" = warn &&
-	 test x"`cat $lockfile 2>/dev/null`" != x"$srcfile"; then
-	echo "\
+	 test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then
+	$echo "\
 *** ERROR, $lockfile contains:
 `cat $lockfile 2>/dev/null`
 
@@ -680,11 +1058,11 @@
 compiler."
 
 	$run $rm $removelist
-	exit 1
+	exit $EXIT_FAILURE
       fi
 
       # Just move the object if needed
-      if test x"$output_obj" != x"$obj"; then
+      if test -n "$output_obj" && test "X$output_obj" != "X$obj"; then
 	$show "$mv $output_obj $obj"
 	if $run $mv $output_obj $obj; then :
 	else
@@ -694,29 +1072,31 @@
 	fi
       fi
 
-      # Create an invalid libtool object if no PIC, so that we do not
-      # accidentally link it into a program.
-      if test "$build_libtool_libs" != yes; then
-	$show "echo timestamp > $libobj"
-	$run eval "echo timestamp > \$libobj" || exit $?
-      else
-	# Move the .lo from within objdir
-	$show "$mv $libobj $lo_libobj"
-	if $run $mv $libobj $lo_libobj; then :
-	else
-	  error=$?
-	  $run $rm $removelist
-	  exit $error
-	fi
-      fi
+      # Append the name of the non-PIC object the libtool object file.
+      # Only append if the libtool object file exists.
+      test -z "$run" && cat >> ${libobj}T <<EOF
+# Name of the non-PIC object.
+non_pic_object='$objname'
+
+EOF
+    else
+      # Append the name of the non-PIC object the libtool object file.
+      # Only append if the libtool object file exists.
+      test -z "$run" && cat >> ${libobj}T <<EOF
+# Name of the non-PIC object.
+non_pic_object=none
+
+EOF
     fi
 
+    $run $mv "${libobj}T" "${libobj}"
+
     # Unlock the critical section if it was locked
     if test "$need_locks" != no; then
       $run $rm "$lockfile"
     fi
 
-    exit 0
+    exit $EXIT_SUCCESS
     ;;
 
   # libtool link mode
@@ -727,7 +1107,7 @@
       # It is impossible to link a dll without this setting, and
       # we shouldn't force the makefile maintainer to figure out
       # which system we are compiling for in order to pass an extra
-      # flag for every libtool invokation.
+      # flag for every libtool invocation.
       # allow_undefined=no
 
       # FIXME: Unfortunately, there are problems with the above when trying
@@ -742,6 +1122,7 @@
       ;;
     esac
     libtool_args="$nonopt"
+    base_compile="$nonopt $@"
     compile_command="$nonopt"
     finalize_command="$nonopt"
 
@@ -757,6 +1138,7 @@
     linker_flags=
     dllsearchpath=
     lib_search_path=`pwd`
+    inst_prefix_dir=
 
     avoid_version=no
     dlfiles=
@@ -771,6 +1153,9 @@
     module=no
     no_install=no
     objs=
+    non_pic_objects=
+    notinst_path= # paths that contain not-installed libtool libraries
+    precious_files_regex=
     prefer_static_libs=no
     preload=no
     prev=
@@ -782,27 +1167,41 @@
     temp_rpath=
     thread_safe=no
     vinfo=
+    vinfo_number=no
+    single_module="${wl}-single_module"
 
+    func_infer_tag $base_compile
+
     # We need to know -static, to get the right output filenames.
     for arg
     do
       case $arg in
-      -all-static | -static)
-	if test "X$arg" = "X-all-static"; then
+      -all-static | -static | -static-libtool-libs)
+	case $arg in
+	-all-static)
 	  if test "$build_libtool_libs" = yes && test -z "$link_static_flag"; then
 	    $echo "$modename: warning: complete static linking is impossible in this configuration" 1>&2
 	  fi
 	  if test -n "$link_static_flag"; then
 	    dlopen_self=$dlopen_self_static
 	  fi
-	else
+	  prefer_static_libs=yes
+	  ;;
+	-static)
 	  if test -z "$pic_flag" && test -n "$link_static_flag"; then
 	    dlopen_self=$dlopen_self_static
 	  fi
-	fi
+	  prefer_static_libs=built
+	  ;;
+	-static-libtool-libs)
+	  if test -z "$pic_flag" && test -n "$link_static_flag"; then
+	    dlopen_self=$dlopen_self_static
+	  fi
+	  prefer_static_libs=yes
+	  ;;
+	esac
 	build_libtool_libs=no
 	build_old_libs=yes
-	prefer_static_libs=yes
 	break
 	;;
       esac
@@ -812,7 +1211,7 @@
     test -n "$old_archive_from_new_cmds" && build_old_libs=yes
 
     # Go through the arguments, transforming them on the way.
-    while test $# -gt 0; do
+    while test "$#" -gt 0; do
       arg="$1"
       shift
       case $arg in
@@ -877,7 +1276,7 @@
 	  export_symbols="$arg"
 	  if test ! -f "$arg"; then
 	    $echo "$modename: symbol file \`$arg' does not exist"
-	    exit 1
+	    exit $EXIT_FAILURE
 	  fi
 	  prev=
 	  continue
@@ -887,18 +1286,140 @@
 	  prev=
 	  continue
 	  ;;
+	inst_prefix)
+	  inst_prefix_dir="$arg"
+	  prev=
+	  continue
+	  ;;
+	precious_regex)
+	  precious_files_regex="$arg"
+	  prev=
+	  continue
+	  ;;
 	release)
 	  release="-$arg"
 	  prev=
 	  continue
 	  ;;
+	objectlist)
+	  if test -f "$arg"; then
+	    save_arg=$arg
+	    moreargs=
+	    for fil in `cat $save_arg`
+	    do
+#	      moreargs="$moreargs $fil"
+	      arg=$fil
+	      # A libtool-controlled object.
+
+	      # Check to see that this really is a libtool object.
+	      if (${SED} -e '2q' $arg | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
+		pic_object=
+		non_pic_object=
+
+		# Read the .lo file
+		# If there is no directory component, then add one.
+		case $arg in
+		*/* | *\\*) . $arg ;;
+		*) . ./$arg ;;
+		esac
+
+		if test -z "$pic_object" || \
+		   test -z "$non_pic_object" ||
+		   test "$pic_object" = none && \
+		   test "$non_pic_object" = none; then
+		  $echo "$modename: cannot find name of object for \`$arg'" 1>&2
+		  exit $EXIT_FAILURE
+		fi
+
+		# Extract subdirectory from the argument.
+		xdir=`$echo "X$arg" | $Xsed -e 's%/[^/]*$%%'`
+		if test "X$xdir" = "X$arg"; then
+		  xdir=
+		else
+		  xdir="$xdir/"
+		fi
+
+		if test "$pic_object" != none; then
+		  # Prepend the subdirectory the object is found in.
+		  pic_object="$xdir$pic_object"
+
+		  if test "$prev" = dlfiles; then
+		    if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then
+		      dlfiles="$dlfiles $pic_object"
+		      prev=
+		      continue
+		    else
+		      # If libtool objects are unsupported, then we need to preload.
+		      prev=dlprefiles
+		    fi
+		  fi
+
+		  # CHECK ME:  I think I busted this.  -Ossama
+		  if test "$prev" = dlprefiles; then
+		    # Preload the old-style object.
+		    dlprefiles="$dlprefiles $pic_object"
+		    prev=
+		  fi
+
+		  # A PIC object.
+		  libobjs="$libobjs $pic_object"
+		  arg="$pic_object"
+		fi
+
+		# Non-PIC object.
+		if test "$non_pic_object" != none; then
+		  # Prepend the subdirectory the object is found in.
+		  non_pic_object="$xdir$non_pic_object"
+
+		  # A standard non-PIC object
+		  non_pic_objects="$non_pic_objects $non_pic_object"
+		  if test -z "$pic_object" || test "$pic_object" = none ; then
+		    arg="$non_pic_object"
+		  fi
+		else
+		  # If the PIC object exists, use it instead.
+		  # $xdir was prepended to $pic_object above.
+		  non_pic_object="$pic_object"
+		  non_pic_objects="$non_pic_objects $non_pic_object"
+		fi
+	      else
+		# Only an error if not doing a dry-run.
+		if test -z "$run"; then
+		  $echo "$modename: \`$arg' is not a valid libtool object" 1>&2
+		  exit $EXIT_FAILURE
+		else
+		  # Dry-run case.
+
+		  # Extract subdirectory from the argument.
+		  xdir=`$echo "X$arg" | $Xsed -e 's%/[^/]*$%%'`
+		  if test "X$xdir" = "X$arg"; then
+		    xdir=
+		  else
+		    xdir="$xdir/"
+		  fi
+
+		  pic_object=`$echo "X${xdir}${objdir}/${arg}" | $Xsed -e "$lo2o"`
+		  non_pic_object=`$echo "X${xdir}${arg}" | $Xsed -e "$lo2o"`
+		  libobjs="$libobjs $pic_object"
+		  non_pic_objects="$non_pic_objects $non_pic_object"
+		fi
+	      fi
+	    done
+	  else
+	    $echo "$modename: link input file \`$save_arg' does not exist"
+	    exit $EXIT_FAILURE
+	  fi
+	  arg=$save_arg
+	  prev=
+	  continue
+	  ;;
 	rpath | xrpath)
 	  # We need an absolute path.
 	  case $arg in
 	  [\\/]* | [A-Za-z]:[\\/]*) ;;
 	  *)
 	    $echo "$modename: only absolute run-paths are allowed" 1>&2
-	    exit 1
+	    exit $EXIT_FAILURE
 	    ;;
 	  esac
 	  if test "$prev" = rpath; then
@@ -930,13 +1451,33 @@
 	  finalize_command="$finalize_command $wl$qarg"
 	  continue
 	  ;;
+	xcclinker)
+	  linker_flags="$linker_flags $qarg"
+	  compiler_flags="$compiler_flags $qarg"
+	  prev=
+	  compile_command="$compile_command $qarg"
+	  finalize_command="$finalize_command $qarg"
+	  continue
+	  ;;
+	shrext)
+  	  shrext_cmds="$arg"
+	  prev=
+	  continue
+	  ;;
+	darwin_framework|darwin_framework_skip)
+	  test "$prev" = "darwin_framework" && compiler_flags="$compiler_flags $arg"
+	  compile_command="$compile_command $arg"
+	  finalize_command="$finalize_command $arg"
+	  prev=
+	  continue
+	  ;;
 	*)
 	  eval "$prev=\"\$arg\""
 	  prev=
 	  continue
 	  ;;
 	esac
-      fi # test -n $prev
+      fi # test -n "$prev"
 
       prevarg="$arg"
 
@@ -978,7 +1519,7 @@
       -export-symbols | -export-symbols-regex)
 	if test -n "$export_symbols" || test -n "$export_symbols_regex"; then
 	  $echo "$modename: more than one -exported-symbols argument is not allowed"
-	  exit 1
+	  exit $EXIT_FAILURE
 	fi
 	if test "X$arg" = "X-export-symbols"; then
 	  prev=expsyms
@@ -988,11 +1529,28 @@
 	continue
 	;;
 
+      -framework|-arch|-isysroot)
+	case " $CC " in
+	  *" ${arg} ${1} "* | *" ${arg}	${1} "*) 
+		prev=darwin_framework_skip ;;
+	  *) compiler_flags="$compiler_flags $arg"
+	     prev=darwin_framework ;;
+	esac
+	compile_command="$compile_command $arg"
+	finalize_command="$finalize_command $arg"
+	continue
+	;;
+
+      -inst-prefix-dir)
+	prev=inst_prefix
+	continue
+	;;
+
       # The native IRIX linker understands -LANG:*, -LIST:* and -LNO:*
       # so, if we see these flags be careful not to treat them like -L
       -L[A-Z][A-Z]*:*)
 	case $with_gcc/$host in
-	no/*-*-irix*)
+	no/*-*-irix* | /*-*-irix*)
 	  compile_command="$compile_command $arg"
 	  finalize_command="$finalize_command $arg"
 	  ;;
@@ -1009,7 +1567,8 @@
 	  absdir=`cd "$dir" && pwd`
 	  if test -z "$absdir"; then
 	    $echo "$modename: cannot determine absolute directory name of \`$dir'" 1>&2
-	    exit 1
+	    absdir="$dir"
+	    notinst_path="$notinst_path $dir"
 	  fi
 	  dir="$absdir"
 	  ;;
@@ -1023,10 +1582,15 @@
 	esac
 	case $host in
 	*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*)
+	  testbindir=`$echo "X$dir" | $Xsed -e 's*/lib$*/bin*'`
 	  case :$dllsearchpath: in
 	  *":$dir:"*) ;;
 	  *) dllsearchpath="$dllsearchpath:$dir";;
 	  esac
+	  case :$dllsearchpath: in
+	  *":$testbindir:"*) ;;
+	  *) dllsearchpath="$dllsearchpath:$testbindir";;
+	  esac
 	  ;;
 	esac
 	continue
@@ -1035,36 +1599,104 @@
       -l*)
 	if test "X$arg" = "X-lc" || test "X$arg" = "X-lm"; then
 	  case $host in
-	  *-*-cygwin* | *-*-pw32* | *-*-beos*)
+	  *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos*)
 	    # These systems don't actually have a C or math library (as such)
 	    continue
 	    ;;
-	  *-*-mingw* | *-*-os2*)
+	  *-*-os2*)
 	    # These systems don't actually have a C library (as such)
 	    test "X$arg" = "X-lc" && continue
 	    ;;
-	  *-*-openbsd*)
+	  *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
 	    # Do not include libc due to us having libc/libc_r.
 	    test "X$arg" = "X-lc" && continue
 	    ;;
-	  esac
-	 elif test "X$arg" = "X-lc_r"; then
-	  case $host in
-	  *-*-openbsd*)
-	    # Do not include libc_r directly, use -pthread flag.
+	  *-*-rhapsody* | *-*-darwin1.[012])
+	    # Rhapsody C and math libraries are in the System framework
+	    deplibs="$deplibs -framework System"
 	    continue
 	    ;;
+	  *-*-sco3.2v5* | *-*-sco5v6*)
+	    # Causes problems with __ctype
+	    test "X$arg" = "X-lc" && continue
+	    ;;
+	  *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*)
+	    # Compiler inserts libc in the correct place for threads to work
+	    test "X$arg" = "X-lc" && continue
+	    ;;
 	  esac
+	elif test "X$arg" = "X-lc_r"; then
+	 case $host in
+	 *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
+	   # Do not include libc_r directly, use -pthread flag.
+	   continue
+	   ;;
+	 esac
 	fi
 	deplibs="$deplibs $arg"
 	continue
 	;;
 
+      # Tru64 UNIX uses -model [arg] to determine the layout of C++
+      # classes, name mangling, and exception handling.
+      -model)
+	compile_command="$compile_command $arg"
+	compiler_flags="$compiler_flags $arg"
+	finalize_command="$finalize_command $arg"
+	prev=xcompiler
+	continue
+	;;
+
+     -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads)
+	compiler_flags="$compiler_flags $arg"
+	compile_command="$compile_command $arg"
+	finalize_command="$finalize_command $arg"
+	continue
+	;;
+
+      -multi_module)
+	single_module="${wl}-multi_module"
+	continue
+	;;
+
       -module)
 	module=yes
 	continue
 	;;
 
+      # -64, -mips[0-9] enable 64-bit mode on the SGI compiler
+      # -r[0-9][0-9]* specifies the processor on the SGI compiler
+      # -xarch=*, -xtarget=* enable 64-bit mode on the Sun compiler
+      # +DA*, +DD* enable 64-bit mode on the HP compiler
+      # -q* pass through compiler args for the IBM compiler
+      # -m* pass through architecture-specific compiler args for GCC
+      # -m*, -t[45]*, -txscale* pass through architecture-specific
+      # compiler args for GCC
+      # -p, -pg, --coverage, -fprofile-* pass through profiling flag for GCC
+      # -F/path gives path to uninstalled frameworks, gcc on darwin
+      # @file GCC response files
+      -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \
+      -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*)
+
+	# Unknown arguments in both finalize_command and compile_command need
+	# to be aesthetically quoted because they are evaled later.
+	arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
+	case $arg in
+	*[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
+	  arg="\"$arg\""
+	  ;;
+	esac
+        compile_command="$compile_command $arg"
+        finalize_command="$finalize_command $arg"
+        compiler_flags="$compiler_flags $arg"
+        continue
+        ;;
+
+      -shrext)
+	prev=shrext
+	continue
+	;;
+
       -no-fast-install)
 	fast_install=no
 	continue
@@ -1072,9 +1704,9 @@
 
       -no-install)
 	case $host in
-	*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*)
+	*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-darwin*)
 	  # The PATH hackery in wrapper scripts is required on Windows
-	  # in order for the loader to find any dlls it needs.
+	  # and Darwin in order for the loader to find any dlls it needs.
 	  $echo "$modename: warning: \`-no-install' is ignored for $host" 1>&2
 	  $echo "$modename: warning: assuming \`-no-fast-install' instead" 1>&2
 	  fast_install=no
@@ -1089,8 +1721,18 @@
 	continue
 	;;
 
+      -objectlist)
+	prev=objectlist
+	continue
+	;;
+
       -o) prev=output ;;
 
+      -precious-files-regex)
+	prev=precious_regex
+	continue
+	;;
+
       -release)
 	prev=release
 	continue
@@ -1113,7 +1755,7 @@
 	[\\/]* | [A-Za-z]:[\\/]*) ;;
 	*)
 	  $echo "$modename: only absolute run-paths are allowed" 1>&2
-	  exit 1
+	  exit $EXIT_FAILURE
 	  ;;
 	esac
 	case "$xrpath " in
@@ -1123,7 +1765,7 @@
 	continue
 	;;
 
-      -static)
+      -static | -static-libtool-libs)
 	# The effects of -static are defined in a previous loop.
 	# We used to do the same as -all-static on platforms that
 	# didn't have a PIC flag, but the assumption that the effects
@@ -1141,6 +1783,11 @@
 	prev=vinfo
 	continue
 	;;
+      -version-number)
+	prev=vinfo
+	vinfo_number=yes
+	continue
+	;;
 
       -Wc,*)
 	args=`$echo "X$arg" | $Xsed -e "$sed_quote_subst" -e 's/^-Wc,//'`
@@ -1189,6 +1836,11 @@
 	continue
 	;;
 
+      -XCClinker)
+	prev=xcclinker
+	continue
+	;;
+
       # Some other compiler flag.
       -* | +*)
 	# Unknown arguments in both finalize_command and compile_command need
@@ -1201,29 +1853,106 @@
 	esac
 	;;
 
-      *.lo | *.$objext)
-	# A library or standard object.
-	if test "$prev" = dlfiles; then
-	  # This file was specified with -dlopen.
-	  if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then
-	    dlfiles="$dlfiles $arg"
-	    prev=
-	    continue
+      *.$objext)
+	# A standard object.
+	objs="$objs $arg"
+	;;
+
+      *.lo)
+	# A libtool-controlled object.
+
+	# Check to see that this really is a libtool object.
+	if (${SED} -e '2q' $arg | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
+	  pic_object=
+	  non_pic_object=
+
+	  # Read the .lo file
+	  # If there is no directory component, then add one.
+	  case $arg in
+	  */* | *\\*) . $arg ;;
+	  *) . ./$arg ;;
+	  esac
+
+	  if test -z "$pic_object" || \
+	     test -z "$non_pic_object" ||
+	     test "$pic_object" = none && \
+	     test "$non_pic_object" = none; then
+	    $echo "$modename: cannot find name of object for \`$arg'" 1>&2
+	    exit $EXIT_FAILURE
+	  fi
+
+	  # Extract subdirectory from the argument.
+	  xdir=`$echo "X$arg" | $Xsed -e 's%/[^/]*$%%'`
+	  if test "X$xdir" = "X$arg"; then
+	    xdir=
+ 	  else
+	    xdir="$xdir/"
+	  fi
+
+	  if test "$pic_object" != none; then
+	    # Prepend the subdirectory the object is found in.
+	    pic_object="$xdir$pic_object"
+
+	    if test "$prev" = dlfiles; then
+	      if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then
+		dlfiles="$dlfiles $pic_object"
+		prev=
+		continue
+	      else
+		# If libtool objects are unsupported, then we need to preload.
+		prev=dlprefiles
+	      fi
+	    fi
+
+	    # CHECK ME:  I think I busted this.  -Ossama
+	    if test "$prev" = dlprefiles; then
+	      # Preload the old-style object.
+	      dlprefiles="$dlprefiles $pic_object"
+	      prev=
+	    fi
+
+	    # A PIC object.
+	    libobjs="$libobjs $pic_object"
+	    arg="$pic_object"
+	  fi
+
+	  # Non-PIC object.
+	  if test "$non_pic_object" != none; then
+	    # Prepend the subdirectory the object is found in.
+	    non_pic_object="$xdir$non_pic_object"
+
+	    # A standard non-PIC object
+	    non_pic_objects="$non_pic_objects $non_pic_object"
+	    if test -z "$pic_object" || test "$pic_object" = none ; then
+	      arg="$non_pic_object"
+	    fi
 	  else
-	    # If libtool objects are unsupported, then we need to preload.
-	    prev=dlprefiles
+	    # If the PIC object exists, use it instead.
+	    # $xdir was prepended to $pic_object above.
+	    non_pic_object="$pic_object"
+	    non_pic_objects="$non_pic_objects $non_pic_object"
 	  fi
-	fi
+	else
+	  # Only an error if not doing a dry-run.
+	  if test -z "$run"; then
+	    $echo "$modename: \`$arg' is not a valid libtool object" 1>&2
+	    exit $EXIT_FAILURE
+	  else
+	    # Dry-run case.
 
-	if test "$prev" = dlprefiles; then
-	  # Preload the old-style object.
-	  dlprefiles="$dlprefiles "`$echo "X$arg" | $Xsed -e "$lo2o"`
-	  prev=
-	else
-	  case $arg in
-	  *.lo) libobjs="$libobjs $arg" ;;
-	  *) objs="$objs $arg" ;;
-	  esac
+	    # Extract subdirectory from the argument.
+	    xdir=`$echo "X$arg" | $Xsed -e 's%/[^/]*$%%'`
+	    if test "X$xdir" = "X$arg"; then
+	      xdir=
+	    else
+	      xdir="$xdir/"
+	    fi
+
+	    pic_object=`$echo "X${xdir}${objdir}/${arg}" | $Xsed -e "$lo2o"`
+	    non_pic_object=`$echo "X${xdir}${arg}" | $Xsed -e "$lo2o"`
+	    libobjs="$libobjs $pic_object"
+	    non_pic_objects="$non_pic_objects $non_pic_object"
+	  fi
 	fi
 	;;
 
@@ -1274,7 +2003,7 @@
     if test -n "$prev"; then
       $echo "$modename: the \`$prevarg' option requires an argument" 1>&2
       $echo "$help" 1>&2
-      exit 1
+      exit $EXIT_FAILURE
     fi
 
     if test "$export_dynamic" = yes && test -n "$export_dynamic_flag_spec"; then
@@ -1283,6 +2012,7 @@
       finalize_command="$finalize_command $arg"
     fi
 
+    oldlibs=
     # calculate the name of the file, without its directory
     outputname=`$echo "X$output" | $Xsed -e 's%^.*/%%'`
     libobjs_save="$libobjs"
@@ -1303,12 +2033,12 @@
       output_objdir="$output_objdir/$objdir"
     fi
     # Create the object directory.
-    if test ! -d $output_objdir; then
+    if test ! -d "$output_objdir"; then
       $show "$mkdir $output_objdir"
       $run $mkdir $output_objdir
-      status=$?
-      if test $status -ne 0 && test ! -d $output_objdir; then
-	exit $status
+      exit_status=$?
+      if test "$exit_status" -ne 0 && test ! -d "$output_objdir"; then
+	exit $exit_status
       fi
     fi
 
@@ -1317,7 +2047,7 @@
     "")
       $echo "$modename: you must specify an output file" 1>&2
       $echo "$help" 1>&2
-      exit 1
+      exit $EXIT_FAILURE
       ;;
     *.$libext) linkmode=oldlib ;;
     *.lo | *.$objext) linkmode=obj ;;
@@ -1325,22 +2055,52 @@
     *) linkmode=prog ;; # Anything else should be a program.
     esac
 
+    case $host in
+    *cygwin* | *mingw* | *pw32*)
+      # don't eliminate duplications in $postdeps and $predeps
+      duplicate_compiler_generated_deps=yes
+      ;;
+    *)
+      duplicate_compiler_generated_deps=$duplicate_deps
+      ;;
+    esac
     specialdeplibs=
+
     libs=
     # Find all interdependent deplibs by searching for libraries
     # that are linked more than once (e.g. -la -lb -la)
     for deplib in $deplibs; do
-      case "$libs " in
-      *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
-      esac
+      if test "X$duplicate_deps" = "Xyes" ; then
+	case "$libs " in
+	*" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+	esac
+      fi
       libs="$libs $deplib"
     done
+
+    if test "$linkmode" = lib; then
+      libs="$predeps $libs $compiler_lib_search_path $postdeps"
+
+      # Compute libraries that are listed more than once in $predeps
+      # $postdeps and mark them as special (i.e., whose duplicates are
+      # not to be eliminated).
+      pre_post_deps=
+      if test "X$duplicate_compiler_generated_deps" = "Xyes" ; then
+	for pre_post_dep in $predeps $postdeps; do
+	  case "$pre_post_deps " in
+	  *" $pre_post_dep "*) specialdeplibs="$specialdeplibs $pre_post_deps" ;;
+	  esac
+	  pre_post_deps="$pre_post_deps $pre_post_dep"
+	done
+      fi
+      pre_post_deps=
+    fi
+
     deplibs=
     newdependency_libs=
     newlib_search_path=
     need_relink=no # whether we're linking any uninstalled libtool libraries
     notinst_deplibs= # not-installed libtool libraries
-    notinst_path= # paths that contain not-installed libtool libraries
     case $linkmode in
     lib)
 	passes="conv link"
@@ -1349,7 +2109,7 @@
 	  *.la) ;;
 	  *)
 	    $echo "$modename: libraries can \`-dlopen' only libtool libraries: $file" 1>&2
-	    exit 1
+	    exit $EXIT_FAILURE
 	    ;;
 	  esac
 	done
@@ -1366,39 +2126,63 @@
 	;;
     esac
     for pass in $passes; do
-      if test $linkmode = prog; then
-	# Determine which files to process
+      if test "$linkmode,$pass" = "lib,link" ||
+	 test "$linkmode,$pass" = "prog,scan"; then
+	libs="$deplibs"
+	deplibs=
+      fi
+      if test "$linkmode" = prog; then
 	case $pass in
-	dlopen)
-	  libs="$dlfiles"
-	  save_deplibs="$deplibs" # Collect dlpreopened libraries
-	  deplibs=
+	dlopen) libs="$dlfiles" ;;
+	dlpreopen) libs="$dlprefiles" ;;
+	link)
+	  libs="$deplibs %DEPLIBS%"
+	  test "X$link_all_deplibs" != Xno && libs="$libs $dependency_libs"
 	  ;;
-	dlpreopen) libs="$dlprefiles" ;;
-	link) libs="$deplibs %DEPLIBS% $dependency_libs" ;;
 	esac
       fi
+      if test "$pass" = dlopen; then
+	# Collect dlpreopened libraries
+	save_deplibs="$deplibs"
+	deplibs=
+      fi
       for deplib in $libs; do
 	lib=
 	found=no
 	case $deplib in
+	-mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads)
+	  if test "$linkmode,$pass" = "prog,link"; then
+	    compile_deplibs="$deplib $compile_deplibs"
+	    finalize_deplibs="$deplib $finalize_deplibs"
+	  else
+	    compiler_flags="$compiler_flags $deplib"
+	  fi
+	  continue
+	  ;;
 	-l*)
-	  if test $linkmode = oldlib && test $linkmode = obj; then
-	    $echo "$modename: warning: \`-l' is ignored for archives/objects: $deplib" 1>&2
+	  if test "$linkmode" != lib && test "$linkmode" != prog; then
+	    $echo "$modename: warning: \`-l' is ignored for archives/objects" 1>&2
 	    continue
 	  fi
-	  if test $pass = conv; then
-	    deplibs="$deplib $deplibs"
-	    continue
+	  name=`$echo "X$deplib" | $Xsed -e 's/^-l//'`
+	  if test "$linkmode" = lib; then
+	    searchdirs="$newlib_search_path $lib_search_path $compiler_lib_search_dirs $sys_lib_search_path $shlib_search_path"
+	  else
+	    searchdirs="$newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path"
 	  fi
-	  name=`$echo "X$deplib" | $Xsed -e 's/^-l//'`
-	  for searchdir in $newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path; do
-	    # Search the libtool library
-	    lib="$searchdir/lib${name}.la"
-	    if test -f "$lib"; then
-	      found=yes
-	      break
-	    fi
+	  for searchdir in $searchdirs; do
+	    for search_ext in .la $std_shrext .so .a; do
+	      # Search the libtool library
+	      lib="$searchdir/lib${name}${search_ext}"
+	      if test -f "$lib"; then
+		if test "$search_ext" = ".la"; then
+		  found=yes
+		else
+		  found=no
+		fi
+		break 2
+	      fi
+	    done
 	  done
 	  if test "$found" != yes; then
 	    # deplib doesn't seem to be a libtool library
@@ -1407,40 +2191,76 @@
 	      finalize_deplibs="$deplib $finalize_deplibs"
 	    else
 	      deplibs="$deplib $deplibs"
-	      test $linkmode = lib && newdependency_libs="$deplib $newdependency_libs"
+	      test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs"
 	    fi
 	    continue
+	  else # deplib is a libtool library
+	    # If $allow_libtool_libs_with_static_runtimes && $deplib is a stdlib,
+	    # We need to do some special things here, and not later.
+	    if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+	      case " $predeps $postdeps " in
+	      *" $deplib "*)
+		if (${SED} -e '2q' $lib |
+                    grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
+		  library_names=
+		  old_library=
+		  case $lib in
+		  */* | *\\*) . $lib ;;
+		  *) . ./$lib ;;
+		  esac
+		  for l in $old_library $library_names; do
+		    ll="$l"
+		  done
+		  if test "X$ll" = "X$old_library" ; then # only static version available
+		    found=no
+		    ladir=`$echo "X$lib" | $Xsed -e 's%/[^/]*$%%'`
+		    test "X$ladir" = "X$lib" && ladir="."
+		    lib=$ladir/$old_library
+		    if test "$linkmode,$pass" = "prog,link"; then
+		      compile_deplibs="$deplib $compile_deplibs"
+		      finalize_deplibs="$deplib $finalize_deplibs"
+		    else
+		      deplibs="$deplib $deplibs"
+		      test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs"
+		    fi
+		    continue
+		  fi
+		fi
+	        ;;
+	      *) ;;
+	      esac
+	    fi
 	  fi
 	  ;; # -l
 	-L*)
 	  case $linkmode in
 	  lib)
 	    deplibs="$deplib $deplibs"
-	    test $pass = conv && continue
+	    test "$pass" = conv && continue
 	    newdependency_libs="$deplib $newdependency_libs"
 	    newlib_search_path="$newlib_search_path "`$echo "X$deplib" | $Xsed -e 's/^-L//'`
 	    ;;
 	  prog)
-	    if test $pass = conv; then
+	    if test "$pass" = conv; then
 	      deplibs="$deplib $deplibs"
 	      continue
 	    fi
-	    if test $pass = scan; then
+	    if test "$pass" = scan; then
 	      deplibs="$deplib $deplibs"
-	      newlib_search_path="$newlib_search_path "`$echo "X$deplib" | $Xsed -e 's/^-L//'`
 	    else
 	      compile_deplibs="$deplib $compile_deplibs"
 	      finalize_deplibs="$deplib $finalize_deplibs"
 	    fi
+	    newlib_search_path="$newlib_search_path "`$echo "X$deplib" | $Xsed -e 's/^-L//'`
 	    ;;
 	  *)
-	    $echo "$modename: warning: \`-L' is ignored for archives/objects: $deplib" 1>&2
+	    $echo "$modename: warning: \`-L' is ignored for archives/objects" 1>&2
 	    ;;
 	  esac # linkmode
 	  continue
 	  ;; # -L
 	-R*)
-	  if test $pass = link; then
+	  if test "$pass" = link; then
 	    dir=`$echo "X$deplib" | $Xsed -e 's/^-R//'`
 	    # Make sure the xrpath contains only unique directories.
 	    case "$xrpath " in
@@ -1453,28 +2273,45 @@
 	  ;;
 	*.la) lib="$deplib" ;;
 	*.$libext)
-	  if test $pass = conv; then
+	  if test "$pass" = conv; then
 	    deplibs="$deplib $deplibs"
 	    continue
 	  fi
 	  case $linkmode in
 	  lib)
-	    if test "$deplibs_check_method" != pass_all; then
-	      echo
-	      echo "*** Warning: This library needs some functionality provided by $deplib."
-	      echo "*** I have the capability to make that library automatically link in when"
-	      echo "*** you link to this library.  But I can only do this if you have a"
-	      echo "*** shared version of the library, which you do not appear to have."
+	    valid_a_lib=no
+	    case $deplibs_check_method in
+	      match_pattern*)
+		set dummy $deplibs_check_method
+	        match_pattern_regex=`expr "$deplibs_check_method" : "$2 \(.*\)"`
+		if eval $echo \"$deplib\" 2>/dev/null \
+		    | $SED 10q \
+		    | $EGREP "$match_pattern_regex" > /dev/null; then
+		  valid_a_lib=yes
+		fi
+		;;
+	      pass_all)
+		valid_a_lib=yes
+		;;
+            esac
+	    if test "$valid_a_lib" != yes; then
+	      $echo
+	      $echo "*** Warning: Trying to link with static lib archive $deplib."
+	      $echo "*** I have the capability to make that library automatically link in when"
+	      $echo "*** you link to this library.  But I can only do this if you have a"
+	      $echo "*** shared version of the library, which you do not appear to have"
+	      $echo "*** because the file extensions .$libext of this argument makes me believe"
+	      $echo "*** that it is just a static archive that I should not used here."
 	    else
-	      echo
-	      echo "*** Warning: Linking the shared library $output against the"
-	      echo "*** static library $deplib is not portable!"
+	      $echo
+	      $echo "*** Warning: Linking the shared library $output against the"
+	      $echo "*** static library $deplib is not portable!"
 	      deplibs="$deplib $deplibs"
 	    fi
 	    continue
 	    ;;
 	  prog)
-	    if test $pass != link; then
+	    if test "$pass" != link; then
 	      deplibs="$deplib $deplibs"
 	    else
 	      compile_deplibs="$deplib $compile_deplibs"
@@ -1485,14 +2322,18 @@
 	  esac # linkmode
 	  ;; # *.$libext
 	*.lo | *.$objext)
-	  if test $pass = dlpreopen || test "$dlopen_support" != yes || test "$build_libtool_libs" = no; then
-	    # If there is no dlopen support or we're linking statically,
-	    # we need to preload.
-	    newdlprefiles="$newdlprefiles $deplib"
-	    compile_deplibs="$deplib $compile_deplibs"
-	    finalize_deplibs="$deplib $finalize_deplibs"
-	  else
-	    newdlfiles="$newdlfiles $deplib"
+	  if test "$pass" = conv; then
+	    deplibs="$deplib $deplibs"
+	  elif test "$linkmode" = prog; then
+	    if test "$pass" = dlpreopen || test "$dlopen_support" != yes || test "$build_libtool_libs" = no; then
+	      # If there is no dlopen support or we're linking statically,
+	      # we need to preload.
+	      newdlprefiles="$newdlprefiles $deplib"
+	      compile_deplibs="$deplib $compile_deplibs"
+	      finalize_deplibs="$deplib $finalize_deplibs"
+	    else
+	      newdlfiles="$newdlfiles $deplib"
+	    fi
 	  fi
 	  continue
 	  ;;
@@ -1501,17 +2342,17 @@
 	  continue
 	  ;;
 	esac # case $deplib
-	if test $found = yes || test -f "$lib"; then :
+	if test "$found" = yes || test -f "$lib"; then :
 	else
-	  $echo "$modename: cannot find the library \`$lib'" 1>&2
-	  exit 1
+	  $echo "$modename: cannot find the library \`$lib' or unhandled argument \`$deplib'" 1>&2
+	  exit $EXIT_FAILURE
 	fi
 
 	# Check to see that this really is a libtool archive.
-	if (sed -e '2q' $lib | egrep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then :
+	if (${SED} -e '2q' $lib | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then :
 	else
 	  $echo "$modename: \`$lib' is not a valid libtool archive" 1>&2
-	  exit 1
+	  exit $EXIT_FAILURE
 	fi
 
 	ladir=`$echo "X$lib" | $Xsed -e 's%/[^/]*$%%'`
@@ -1524,9 +2365,12 @@
 	library_names=
 	old_library=
 	# If the library was installed with an old release of libtool,
-	# it will not redefine variable installed.
+	# it will not redefine variables installed, or shouldnotlink
 	installed=yes
+	shouldnotlink=no
+	avoidtemprpath=
 
+
 	# Read the .la file
 	case $lib in
 	*/* | *\\*) . $lib ;;
@@ -1535,19 +2379,18 @@
 
 	if test "$linkmode,$pass" = "lib,link" ||
 	   test "$linkmode,$pass" = "prog,scan" ||
-	   { test $linkmode = oldlib && test $linkmode = obj; }; then
-	   # Add dl[pre]opened files of deplib
+	   { test "$linkmode" != prog && test "$linkmode" != lib; }; then
 	  test -n "$dlopen" && dlfiles="$dlfiles $dlopen"
 	  test -n "$dlpreopen" && dlprefiles="$dlprefiles $dlpreopen"
 	fi
 
-	if test $pass = conv; then
+	if test "$pass" = conv; then
 	  # Only check for convenience libraries
 	  deplibs="$lib $deplibs"
 	  if test -z "$libdir"; then
 	    if test -z "$old_library"; then
 	      $echo "$modename: cannot find name of link library for \`$lib'" 1>&2
-	      exit 1
+	      exit $EXIT_FAILURE
 	    fi
 	    # It is a libtool convenience library, so add in its objects.
 	    convenience="$convenience $ladir/$objdir/$old_library"
@@ -1555,18 +2398,21 @@
 	    tmp_libs=
 	    for deplib in $dependency_libs; do
 	      deplibs="$deplib $deplibs"
-	      case "$tmp_libs " in
-	      *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
-	      esac
+              if test "X$duplicate_deps" = "Xyes" ; then
+	        case "$tmp_libs " in
+	        *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+	        esac
+              fi
 	      tmp_libs="$tmp_libs $deplib"
 	    done
-	  elif test $linkmode != prog && test $linkmode != lib; then
+	  elif test "$linkmode" != prog && test "$linkmode" != lib; then
 	    $echo "$modename: \`$lib' is not a convenience library" 1>&2
-	    exit 1
+	    exit $EXIT_FAILURE
 	  fi
 	  continue
 	fi # $pass = conv
 
+
 	# Get the name of the library we link against.
 	linklib=
 	for l in $old_library $library_names; do
@@ -1574,19 +2420,23 @@
 	done
 	if test -z "$linklib"; then
 	  $echo "$modename: cannot find name of link library for \`$lib'" 1>&2
-	  exit 1
+	  exit $EXIT_FAILURE
 	fi
 
 	# This library was specified with -dlopen.
-	if test $pass = dlopen; then
+	if test "$pass" = dlopen; then
 	  if test -z "$libdir"; then
 	    $echo "$modename: cannot -dlopen a convenience library: \`$lib'" 1>&2
-	    exit 1
+	    exit $EXIT_FAILURE
 	  fi
-	  if test -z "$dlname" || test "$dlopen_support" != yes || test "$build_libtool_libs" = no; then
+	  if test -z "$dlname" ||
+	     test "$dlopen_support" != yes ||
+	     test "$build_libtool_libs" = no; then
 	    # If there is no dlname, no dlopen support or we're linking
-	    # statically, we need to preload.
-	    dlprefiles="$dlprefiles $lib"
+	    # statically, we need to preload.  We also need to preload any
+	    # dependent libraries so libltdl's deplib preloader doesn't
+	    # bomb out in the load deplibs phase.
+	    dlprefiles="$dlprefiles $lib $dependency_libs"
 	  else
 	    newdlfiles="$newdlfiles $lib"
 	  fi
@@ -1618,19 +2468,27 @@
 	    dir="$libdir"
 	    absdir="$libdir"
 	  fi
+	  test "X$hardcode_automatic" = Xyes && avoidtemprpath=yes
 	else
-	  dir="$ladir/$objdir"
-	  absdir="$abs_ladir/$objdir"
-	  # Remove this search path later
-	  notinst_path="$notinst_path $abs_ladir"
+	  if test ! -f "$ladir/$objdir/$linklib" && test -f "$abs_ladir/$linklib"; then
+	    dir="$ladir"
+	    absdir="$abs_ladir"
+	    # Remove this search path later
+	    notinst_path="$notinst_path $abs_ladir"
+	  else
+	    dir="$ladir/$objdir"
+	    absdir="$abs_ladir/$objdir"
+	    # Remove this search path later
+	    notinst_path="$notinst_path $abs_ladir"
+	  fi
 	fi # $installed = yes
 	name=`$echo "X$laname" | $Xsed -e 's/\.la$//' -e 's/^lib//'`
 
 	# This library was specified with -dlpreopen.
-	if test $pass = dlpreopen; then
+	if test "$pass" = dlpreopen; then
 	  if test -z "$libdir"; then
 	    $echo "$modename: cannot -dlpreopen a convenience library: \`$lib'" 1>&2
-	    exit 1
+	    exit $EXIT_FAILURE
 	  fi
 	  # Prefer using a static library (so that no silly _DYNAMIC symbols
 	  # are required to link).
@@ -1646,18 +2504,19 @@
 
 	if test -z "$libdir"; then
 	  # Link the convenience library
-	  if test $linkmode = lib; then
+	  if test "$linkmode" = lib; then
 	    deplibs="$dir/$old_library $deplibs"
 	  elif test "$linkmode,$pass" = "prog,link"; then
 	    compile_deplibs="$dir/$old_library $compile_deplibs"
 	    finalize_deplibs="$dir/$old_library $finalize_deplibs"
 	  else
-	    deplibs="$lib $deplibs"
+	    deplibs="$lib $deplibs" # used for prog,scan pass
 	  fi
 	  continue
 	fi
 
-	if test $linkmode = prog && test $pass != link; then
+
+	if test "$linkmode" = prog && test "$pass" != link; then
 	  newlib_search_path="$newlib_search_path $ladir"
 	  deplibs="$lib $deplibs"
 
@@ -1673,28 +2532,38 @@
 	    -L*) newlib_search_path="$newlib_search_path "`$echo "X$deplib" | $Xsed -e 's/^-L//'`;; ### testsuite: skip nested quoting test
 	    esac
 	    # Need to link against all dependency_libs?
-	    if test $linkalldeplibs = yes; then
+	    if test "$linkalldeplibs" = yes; then
 	      deplibs="$deplib $deplibs"
 	    else
 	      # Need to hardcode shared library paths
 	      # or/and link against static libraries
 	      newdependency_libs="$deplib $newdependency_libs"
 	    fi
-	    case "$tmp_libs " in
-	    *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
-	    esac
+	    if test "X$duplicate_deps" = "Xyes" ; then
+	      case "$tmp_libs " in
+	      *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+	      esac
+	    fi
 	    tmp_libs="$tmp_libs $deplib"
 	  done # for deplib
 	  continue
 	fi # $linkmode = prog...
 
-	link_static=no # Whether the deplib will be linked statically
-	if test -n "$library_names" &&
-	   { test "$prefer_static_libs" = no || test -z "$old_library"; }; then
-	  # Link against this shared library
+	if test "$linkmode,$pass" = "prog,link"; then
+	  if test -n "$library_names" &&
+	     { { test "$prefer_static_libs" = no ||
+		 test "$prefer_static_libs,$installed" = "built,yes"; } ||
+	       test -z "$old_library"; }; then
+	    # We need to hardcode the library path
+	    if test -n "$shlibpath_var" && test -z "$avoidtemprpath" ; then
+	      # Make sure the rpath contains only unique directories.
+	      case "$temp_rpath " in
+	      *" $dir "*) ;;
+	      *" $absdir "*) ;;
+	      *) temp_rpath="$temp_rpath $absdir" ;;
+	      esac
+	    fi
 
-	  if test "$linkmode,$pass" = "prog,link" ||
-	   { test $linkmode = lib && test $hardcode_into_libs = yes; }; then
 	    # Hardcode the library path.
 	    # Skip directories that are in the system default run-time
 	    # search path.
@@ -1716,17 +2585,6 @@
 	      esac
 	      ;;
 	    esac
-	    if test $linkmode = prog; then
-	      # We need to hardcode the library path
-	      if test -n "$shlibpath_var"; then
-		# Make sure the rpath contains only unique directories.
-		case "$temp_rpath " in
-		*" $dir "*) ;;
-		*" $absdir "*) ;;
-		*) temp_rpath="$temp_rpath $dir" ;;
-		esac
-	      fi
-	    fi
 	  fi # $linkmode,$pass = prog,link...
 
 	  if test "$alldeplibs" = yes &&
@@ -1736,12 +2594,57 @@
 	    # We only need to search for static libraries
 	    continue
 	  fi
+	fi
 
+	link_static=no # Whether the deplib will be linked statically
+	use_static_libs=$prefer_static_libs
+	if test "$use_static_libs" = built && test "$installed" = yes ; then
+	  use_static_libs=no
+	fi
+	if test -n "$library_names" &&
+	   { test "$use_static_libs" = no || test -z "$old_library"; }; then
 	  if test "$installed" = no; then
 	    notinst_deplibs="$notinst_deplibs $lib"
 	    need_relink=yes
 	  fi
+	  # This is a shared library
 
+	  # Warn about portability, can't link against -module's on
+	  # some systems (darwin)
+	  if test "$shouldnotlink" = yes && test "$pass" = link ; then
+	    $echo
+	    if test "$linkmode" = prog; then
+	      $echo "*** Warning: Linking the executable $output against the loadable module"
+	    else
+	      $echo "*** Warning: Linking the shared library $output against the loadable module"
+	    fi
+	    $echo "*** $linklib is not portable!"
+	  fi
+	  if test "$linkmode" = lib &&
+	     test "$hardcode_into_libs" = yes; then
+	    # Hardcode the library path.
+	    # Skip directories that are in the system default run-time
+	    # search path.
+	    case " $sys_lib_dlsearch_path " in
+	    *" $absdir "*) ;;
+	    *)
+	      case "$compile_rpath " in
+	      *" $absdir "*) ;;
+	      *) compile_rpath="$compile_rpath $absdir"
+	      esac
+	      ;;
+	    esac
+	    case " $sys_lib_dlsearch_path " in
+	    *" $libdir "*) ;;
+	    *)
+	      case "$finalize_rpath " in
+	      *" $libdir "*) ;;
+	      *) finalize_rpath="$finalize_rpath $libdir"
+	      esac
+	      ;;
+	    esac
+	  fi
+
 	  if test -n "$old_archive_from_expsyms_cmds"; then
 	    # figure out the soname
 	    set dummy $library_names
@@ -1754,7 +2657,7 @@
 	    elif test -n "$soname_spec"; then
 	      # bleh windows
 	      case $host in
-	      *cygwin*)
+	      *cygwin* | mingw*)
 		major=`expr $current - $age`
 		versuffix="-$major"
 		;;
@@ -1766,17 +2669,18 @@
 
 	    # Make a new name for the extract_expsyms_cmds to use
 	    soroot="$soname"
-	    soname=`echo $soroot | sed -e 's/^.*\///'`
-	    newlib="libimp-`echo $soname | sed 's/^lib//;s/\.dll$//'`.a"
+	    soname=`$echo $soroot | ${SED} -e 's/^.*\///'`
+	    newlib="libimp-`$echo $soname | ${SED} 's/^lib//;s/\.dll$//'`.a"
 
 	    # If the library has no export list, then create one now
 	    if test -f "$output_objdir/$soname-def"; then :
 	    else
 	      $show "extracting exported symbol list from \`$soname'"
 	      save_ifs="$IFS"; IFS='~'
-	      eval cmds=\"$extract_expsyms_cmds\"
+	      cmds=$extract_expsyms_cmds
 	      for cmd in $cmds; do
 		IFS="$save_ifs"
+		eval cmd=\"$cmd\"
 		$show "$cmd"
 		$run eval "$cmd" || exit $?
 	      done
@@ -1787,9 +2691,10 @@
 	    if test -f "$output_objdir/$newlib"; then :; else
 	      $show "generating import library for \`$soname'"
 	      save_ifs="$IFS"; IFS='~'
-	      eval cmds=\"$old_archive_from_expsyms_cmds\"
+	      cmds=$old_archive_from_expsyms_cmds
 	      for cmd in $cmds; do
 		IFS="$save_ifs"
+		eval cmd=\"$cmd\"
 		$show "$cmd"
 		$run eval "$cmd" || exit $?
 	      done
@@ -1798,9 +2703,9 @@
 	    # make sure the library variables are pointing to the new library
 	    dir=$output_objdir
 	    linklib=$newlib
-	  fi # test -n $old_archive_from_expsyms_cmds
+	  fi # test -n "$old_archive_from_expsyms_cmds"
 
-	  if test $linkmode = prog || test "$mode" != relink; then
+	  if test "$linkmode" = prog || test "$mode" != relink; then
 	    add_shlibpath=
 	    add_dir=
 	    add=
@@ -1809,6 +2714,26 @@
 	    immediate | unsupported)
 	      if test "$hardcode_direct" = no; then
 		add="$dir/$linklib"
+		case $host in
+		  *-*-sco3.2v5.0.[024]*) add_dir="-L$dir" ;;
+		  *-*-sysv4*uw2*) add_dir="-L$dir" ;;
+		  *-*-sysv5OpenUNIX* | *-*-sysv5UnixWare7.[01].[10]* | \
+		    *-*-unixware7*) add_dir="-L$dir" ;;
+		  *-*-darwin* )
+		    # if the lib is a module then we can not link against
+		    # it, someone is ignoring the new warnings I added
+		    if /usr/bin/file -L $add 2> /dev/null |
+                      $EGREP ": [^:]* bundle" >/dev/null ; then
+		      $echo "** Warning, lib $linklib is a module, not a shared library"
+		      if test -z "$old_library" ; then
+		        $echo
+		        $echo "** And there doesn't seem to be a static archive available"
+		        $echo "** The link will probably fail, sorry"
+		      else
+		        add="$dir/$old_library"
+		      fi
+		    fi
+		esac
 	      elif test "$hardcode_minus_L" = no; then
 		case $host in
 		*-*-sunos*) add_shlibpath="$dir" ;;
@@ -1827,6 +2752,14 @@
 		add="$dir/$linklib"
 	      elif test "$hardcode_minus_L" = yes; then
 		add_dir="-L$dir"
+		# Try looking first in the location we're being installed to.
+		if test -n "$inst_prefix_dir"; then
+		  case $libdir in
+		    [\\/]*)
+		      add_dir="$add_dir -L$inst_prefix_dir$libdir"
+		      ;;
+		  esac
+		fi
 		add="-l$name"
 	      elif test "$hardcode_shlibpath_var" = yes; then
 		add_shlibpath="$dir"
@@ -1840,7 +2773,7 @@
 
 	    if test "$lib_linked" != yes; then
 	      $echo "$modename: configuration error: unsupported hardcode properties"
-	      exit 1
+	      exit $EXIT_FAILURE
 	    fi
 
 	    if test -n "$add_shlibpath"; then
@@ -1849,7 +2782,7 @@
 	      *) compile_shlibpath="$compile_shlibpath$add_shlibpath:" ;;
 	      esac
 	    fi
-	    if test $linkmode = prog; then
+	    if test "$linkmode" = prog; then
 	      test -n "$add_dir" && compile_deplibs="$add_dir $compile_deplibs"
 	      test -n "$add" && compile_deplibs="$add $compile_deplibs"
 	    else
@@ -1866,7 +2799,7 @@
 	    fi
 	  fi
 
-	  if test $linkmode = prog || test "$mode" = relink; then
+	  if test "$linkmode" = prog || test "$mode" = relink; then
 	    add_shlibpath=
 	    add_dir=
 	    add=
@@ -1882,13 +2815,28 @@
 	      *) finalize_shlibpath="$finalize_shlibpath$libdir:" ;;
 	      esac
 	      add="-l$name"
+	    elif test "$hardcode_automatic" = yes; then
+	      if test -n "$inst_prefix_dir" &&
+		 test -f "$inst_prefix_dir$libdir/$linklib" ; then
+	        add="$inst_prefix_dir$libdir/$linklib"
+	      else
+	        add="$libdir/$linklib"
+	      fi
 	    else
 	      # We cannot seem to hardcode it, guess we'll fake it.
 	      add_dir="-L$libdir"
+	      # Try looking first in the location we're being installed to.
+	      if test -n "$inst_prefix_dir"; then
+		case $libdir in
+		  [\\/]*)
+		    add_dir="$add_dir -L$inst_prefix_dir$libdir"
+		    ;;
+		esac
+	      fi
 	      add="-l$name"
 	    fi
 
-	    if test $linkmode = prog; then
+	    if test "$linkmode" = prog; then
 	      test -n "$add_dir" && finalize_deplibs="$add_dir $finalize_deplibs"
 	      test -n "$add" && finalize_deplibs="$add $finalize_deplibs"
 	    else
@@ -1896,16 +2844,7 @@
 	      test -n "$add" && deplibs="$add $deplibs"
 	    fi
 	  fi
-	elif test $linkmode = prog; then
-	  if test "$alldeplibs" = yes &&
-	     { test "$deplibs_check_method" = pass_all ||
-	       { test "$build_libtool_libs" = yes &&
-		 test -n "$library_names"; }; }; then
-	    # We only need to search for static libraries
-	    continue
-	  fi
-
-	  # Try to link the static library
+	elif test "$linkmode" = prog; then
 	  # Here we assume that one of hardcode_direct or hardcode_minus_L
 	  # is not unsupported.  This is valid on all known static and
 	  # shared platforms.
@@ -1925,20 +2864,21 @@
 
 	    # Just print a warning and add the library to dependency_libs so
 	    # that the program can be linked against the static library.
-	    echo
-	    echo "*** Warning: This library needs some functionality provided by $lib."
-	    echo "*** I have the capability to make that library automatically link in when"
-	    echo "*** you link to this library.  But I can only do this if you have a"
-	    echo "*** shared version of the library, which you do not appear to have."
+	    $echo
+	    $echo "*** Warning: This system can not link to static lib archive $lib."
+	    $echo "*** I have the capability to make that library automatically link in when"
+	    $echo "*** you link to this library.  But I can only do this if you have a"
+	    $echo "*** shared version of the library, which you do not appear to have."
 	    if test "$module" = yes; then
-	      echo "*** Therefore, libtool will create a static module, that should work "
-	      echo "*** as long as the dlopening application is linked with the -dlopen flag."
+	      $echo "*** But as you try to build a module library, libtool will still create "
+	      $echo "*** a static module, that should work as long as the dlopening application"
+	      $echo "*** is linked with the -dlopen flag to resolve symbols at runtime."
 	      if test -z "$global_symbol_pipe"; then
-		echo
-		echo "*** However, this would only work if libtool was able to extract symbol"
-		echo "*** lists from a program, using \`nm' or equivalent, but libtool could"
-		echo "*** not find such a program.  So, this module is probably useless."
-		echo "*** \`nm' from GNU binutils and a full rebuild may help."
+		$echo
+		$echo "*** However, this would only work if libtool was able to extract symbol"
+		$echo "*** lists from a program, using \`nm' or equivalent, but libtool could"
+		$echo "*** not find such a program.  So, this module is probably useless."
+		$echo "*** \`nm' from GNU binutils and a full rebuild may help."
 	      fi
 	      if test "$build_old_libs" = no; then
 		build_libtool_libs=module
@@ -1948,17 +2888,16 @@
 	      fi
 	    fi
 	  else
-	    convenience="$convenience $dir/$old_library"
-	    old_convenience="$old_convenience $dir/$old_library"
 	    deplibs="$dir/$old_library $deplibs"
 	    link_static=yes
 	  fi
 	fi # link shared/static library?
 
-	if test $linkmode = lib; then
+	if test "$linkmode" = lib; then
 	  if test -n "$dependency_libs" &&
-	     { test $hardcode_into_libs != yes || test $build_old_libs = yes ||
-	       test $link_static = yes; }; then
+	     { test "$hardcode_into_libs" != yes ||
+	       test "$build_old_libs" = yes ||
+	       test "$link_static" = yes; }; then
 	    # Extract -R from dependency_libs
 	    temp_deplibs=
 	    for libdir in $dependency_libs; do
@@ -1981,13 +2920,15 @@
 	  tmp_libs=
 	  for deplib in $dependency_libs; do
 	    newdependency_libs="$deplib $newdependency_libs"
-	    case "$tmp_libs " in
-	    *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
-	    esac
+	    if test "X$duplicate_deps" = "Xyes" ; then
+	      case "$tmp_libs " in
+	      *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+	      esac
+	    fi
 	    tmp_libs="$tmp_libs $deplib"
 	  done
 
-	  if test $link_all_deplibs != no; then
+	  if test "$link_all_deplibs" != no; then
 	    # Add the search paths of all dependency libraries
 	    for deplib in $dependency_libs; do
 	      case $deplib in
@@ -2007,38 +2948,89 @@
 		  ;;
 		esac
 		if grep "^installed=no" $deplib > /dev/null; then
-		  path="-L$absdir/$objdir"
+		  path="$absdir/$objdir"
 		else
-		  eval libdir=`sed -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
+		  eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
 		  if test -z "$libdir"; then
 		    $echo "$modename: \`$deplib' is not a valid libtool archive" 1>&2
-		    exit 1
+		    exit $EXIT_FAILURE
 		  fi
 		  if test "$absdir" != "$libdir"; then
 		    $echo "$modename: warning: \`$deplib' seems to be moved" 1>&2
 		  fi
-		  path="-L$absdir"
+		  path="$absdir"
 		fi
+		depdepl=
+		case $host in
+		*-*-darwin*)
+		  # we do not want to link against static libs,
+		  # but need to link against shared
+		  eval deplibrary_names=`${SED} -n -e 's/^library_names=\(.*\)$/\1/p' $deplib`
+		  eval deplibdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
+		  if test -n "$deplibrary_names" ; then
+		    for tmp in $deplibrary_names ; do
+		      depdepl=$tmp
+		    done
+		    if test -f "$deplibdir/$depdepl" ; then
+		      depdepl="$deplibdir/$depdepl"
+	      	    elif test -f "$path/$depdepl" ; then
+		      depdepl="$path/$depdepl"
+		    else
+		      # Can't find it, oh well...
+		      depdepl=
+		    fi
+		    # do not add paths which are already there
+		    case " $newlib_search_path " in
+		    *" $path "*) ;;
+		    *) newlib_search_path="$newlib_search_path $path";;
+		    esac
+		  fi
+		  path=""
+		  ;;
+		*)
+		  path="-L$path"
+		  ;;
+		esac
 		;;
+	      -l*)
+		case $host in
+		*-*-darwin*)
+		  # Again, we only want to link against shared libraries
+		  eval tmp_libs=`$echo "X$deplib" | $Xsed -e "s,^\-l,,"`
+		  for tmp in $newlib_search_path ; do
+		    if test -f "$tmp/lib$tmp_libs.dylib" ; then
+		      eval depdepl="$tmp/lib$tmp_libs.dylib"
+		      break
+		    fi
+		  done
+		  path=""
+		  ;;
+		*) continue ;;
+		esac
+		;;
 	      *) continue ;;
 	      esac
 	      case " $deplibs " in
 	      *" $path "*) ;;
-	      *) deplibs="$deplibs $path" ;;
+	      *) deplibs="$path $deplibs" ;;
 	      esac
+	      case " $deplibs " in
+	      *" $depdepl "*) ;;
+	      *) deplibs="$depdepl $deplibs" ;;
+	      esac
 	    done
 	  fi # link_all_deplibs != no
 	fi # linkmode = lib
       done # for deplib in $libs
-      if test $pass = dlpreopen; then
+      dependency_libs="$newdependency_libs"
+      if test "$pass" = dlpreopen; then
 	# Link the dlpreopened libraries before other libraries
 	for deplib in $save_deplibs; do
 	  deplibs="$deplib $deplibs"
 	done
       fi
-      if test $pass != dlopen; then
-	test $pass != scan && dependency_libs="$newdependency_libs"
-	if test $pass != conv; then
+      if test "$pass" != dlopen; then
+	if test "$pass" != conv; then
 	  # Make sure lib_search_path contains only unique directories.
 	  lib_search_path=
 	  for dir in $newlib_search_path; do
@@ -2060,9 +3052,30 @@
 	  eval tmp_libs=\"\$$var\"
 	  new_libs=
 	  for deplib in $tmp_libs; do
+	    # FIXME: Pedantically, this is the right thing to do, so
+	    #        that some nasty dependency loop isn't accidentally
+	    #        broken:
+	    #new_libs="$deplib $new_libs"
+	    # Pragmatically, this seems to cause very few problems in
+	    # practice:
 	    case $deplib in
 	    -L*) new_libs="$deplib $new_libs" ;;
+	    -R*) ;;
 	    *)
+	      # And here is the reason: when a library appears more
+	      # than once as an explicit dependence of a library, or
+	      # is implicitly linked in more than once by the
+	      # compiler, it is considered special, and multiple
+	      # occurrences thereof are not removed.  Compare this
+	      # with having the same library being listed as a
+	      # dependency of multiple other libraries: in this case,
+	      # we know (pedantically, we assume) the library does not
+	      # need to be listed more than once, so we keep only the
+	      # last copy.  This is not always right, but it is rare
+	      # enough that we require users that really mean to play
+	      # such unportable linking tricks to link the library
+	      # using -Wl,-lname, so that libtool does not consider it
+	      # for duplicate removal.
 	      case " $specialdeplibs " in
 	      *" $deplib "*) new_libs="$deplib $new_libs" ;;
 	      *)
@@ -2090,19 +3103,33 @@
 	  eval $var=\"$tmp_libs\"
 	done # for var
       fi
-      if test "$pass" = "conv" &&
-       { test "$linkmode" = "lib" || test "$linkmode" = "prog"; }; then
-	libs="$deplibs" # reset libs
-	deplibs=
-      fi
+      # Last step: remove runtime libs from dependency_libs
+      # (they stay in deplibs)
+      tmp_libs=
+      for i in $dependency_libs ; do
+	case " $predeps $postdeps $compiler_lib_search_path " in
+	*" $i "*)
+	  i=""
+	  ;;
+	esac
+	if test -n "$i" ; then
+	  tmp_libs="$tmp_libs $i"
+	fi
+      done
+      dependency_libs=$tmp_libs
     done # for pass
-    if test $linkmode = prog; then
+    if test "$linkmode" = prog; then
       dlfiles="$newdlfiles"
       dlprefiles="$newdlprefiles"
     fi
 
     case $linkmode in
     oldlib)
+      case " $deplibs" in
+      *\ -l* | *\ -L*)
+	$echo "$modename: warning: \`-l' and \`-L' are ignored for archives" 1>&2 ;;
+      esac
+
       if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
 	$echo "$modename: warning: \`-dlopen' is ignored for archives" 1>&2
       fi
@@ -2116,7 +3143,7 @@
       fi
 
       if test -n "$vinfo"; then
-	$echo "$modename: warning: \`-version-info' is ignored for archives" 1>&2
+	$echo "$modename: warning: \`-version-info/-version-number' is ignored for archives" 1>&2
       fi
 
       if test -n "$release"; then
@@ -2138,17 +3165,19 @@
       case $outputname in
       lib*)
 	name=`$echo "X$outputname" | $Xsed -e 's/\.la$//' -e 's/^lib//'`
+	eval shared_ext=\"$shrext_cmds\"
 	eval libname=\"$libname_spec\"
 	;;
       *)
 	if test "$module" = no; then
 	  $echo "$modename: libtool library \`$output' must begin with \`lib'" 1>&2
 	  $echo "$help" 1>&2
-	  exit 1
+	  exit $EXIT_FAILURE
 	fi
 	if test "$need_lib_prefix" != no; then
 	  # Add the "lib" prefix for modules if required
 	  name=`$echo "X$outputname" | $Xsed -e 's/\.la$//'`
+	  eval shared_ext=\"$shrext_cmds\"
 	  eval libname=\"$libname_spec\"
 	else
 	  libname=`$echo "X$outputname" | $Xsed -e 's/\.la$//'`
@@ -2159,11 +3188,11 @@
       if test -n "$objs"; then
 	if test "$deplibs_check_method" != pass_all; then
 	  $echo "$modename: cannot build libtool library \`$output' from non-libtool objects on this host:$objs" 2>&1
-	  exit 1
+	  exit $EXIT_FAILURE
 	else
-	  echo
-	  echo "*** Warning: Linking the shared library $output against the non-libtool"
-	  echo "*** objects $objs is not portable!"
+	  $echo
+	  $echo "*** Warning: Linking the shared library $output against the non-libtool"
+	  $echo "*** objects $objs is not portable!"
 	  libobjs="$libobjs $objs"
 	fi
       fi
@@ -2173,7 +3202,7 @@
       fi
 
       set dummy $rpath
-      if test $# -gt 2; then
+      if test "$#" -gt 2; then
 	$echo "$modename: warning: ignoring multiple \`-rpath's for a libtool library" 1>&2
       fi
       install_libdir="$2"
@@ -2182,14 +3211,16 @@
       if test -z "$rpath"; then
 	if test "$build_libtool_libs" = yes; then
 	  # Building a libtool convenience library.
-	  libext=al
+	  # Some compilers have problems with a `.al' extension so
+	  # convenience libraries should have the same extension an
+	  # archive normally would.
 	  oldlibs="$output_objdir/$libname.$libext $oldlibs"
 	  build_libtool_libs=convenience
 	  build_old_libs=yes
 	fi
 
 	if test -n "$vinfo"; then
-	  $echo "$modename: warning: \`-version-info' is ignored for convenience libraries" 1>&2
+	  $echo "$modename: warning: \`-version-info/-version-number' is ignored for convenience libraries" 1>&2
 	fi
 
 	if test -n "$release"; then
@@ -2205,45 +3236,88 @@
 	if test -n "$8"; then
 	  $echo "$modename: too many parameters to \`-version-info'" 1>&2
 	  $echo "$help" 1>&2
-	  exit 1
+	  exit $EXIT_FAILURE
 	fi
 
-	current="$2"
-	revision="$3"
-	age="$4"
+	# convert absolute version numbers to libtool ages
+	# this retains compatibility with .la files and attempts
+	# to make the code below a bit more comprehensible
 
+	case $vinfo_number in
+	yes)
+	  number_major="$2"
+	  number_minor="$3"
+	  number_revision="$4"
+	  #
+	  # There are really only two kinds -- those that
+	  # use the current revision as the major version
+	  # and those that subtract age and use age as
+	  # a minor version.  But, then there is irix
+	  # which has an extra 1 added just for fun
+	  #
+	  case $version_type in
+	  darwin|linux|osf|windows|none)
+	    current=`expr $number_major + $number_minor`
+	    age="$number_minor"
+	    revision="$number_revision"
+	    ;;
+	  freebsd-aout|freebsd-elf|sunos)
+	    current="$number_major"
+	    revision="$number_minor"
+	    age="0"
+	    ;;
+	  irix|nonstopux)
+	    current=`expr $number_major + $number_minor`
+	    age="$number_minor"
+	    revision="$number_minor"
+	    lt_irix_increment=no
+	    ;;
+	  *)
+	    $echo "$modename: unknown library version type \`$version_type'" 1>&2
+	    $echo "Fatal configuration error.  See the $PACKAGE docs for more information." 1>&2
+	    exit $EXIT_FAILURE
+	    ;;
+	  esac
+	  ;;
+	no)
+	  current="$2"
+	  revision="$3"
+	  age="$4"
+	  ;;
+	esac
+
 	# Check that each of the things are valid numbers.
 	case $current in
-	0 | [1-9] | [1-9][0-9] | [1-9][0-9][0-9]) ;;
+	0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
 	*)
-	  $echo "$modename: CURRENT \`$current' is not a nonnegative integer" 1>&2
+	  $echo "$modename: CURRENT \`$current' must be a nonnegative integer" 1>&2
 	  $echo "$modename: \`$vinfo' is not valid version information" 1>&2
-	  exit 1
+	  exit $EXIT_FAILURE
 	  ;;
 	esac
 
 	case $revision in
-	0 | [1-9] | [1-9][0-9] | [1-9][0-9][0-9]) ;;
+	0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
 	*)
-	  $echo "$modename: REVISION \`$revision' is not a nonnegative integer" 1>&2
+	  $echo "$modename: REVISION \`$revision' must be a nonnegative integer" 1>&2
 	  $echo "$modename: \`$vinfo' is not valid version information" 1>&2
-	  exit 1
+	  exit $EXIT_FAILURE
 	  ;;
 	esac
 
 	case $age in
-	0 | [1-9] | [1-9][0-9] | [1-9][0-9][0-9]) ;;
+	0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
 	*)
-	  $echo "$modename: AGE \`$age' is not a nonnegative integer" 1>&2
+	  $echo "$modename: AGE \`$age' must be a nonnegative integer" 1>&2
 	  $echo "$modename: \`$vinfo' is not valid version information" 1>&2
-	  exit 1
+	  exit $EXIT_FAILURE
 	  ;;
 	esac
 
-	if test $age -gt $current; then
+	if test "$age" -gt "$current"; then
 	  $echo "$modename: AGE \`$age' is greater than the current interface number \`$current'" 1>&2
 	  $echo "$modename: \`$vinfo' is not valid version information" 1>&2
-	  exit 1
+	  exit $EXIT_FAILURE
 	fi
 
 	# Calculate the version variables.
@@ -2260,6 +3334,7 @@
 	  versuffix="$major.$age.$revision"
 	  # Darwin ld doesn't like 0 for these options...
 	  minor_current=`expr $current + 1`
+	  xlcverstring="${wl}-compatibility_version ${wl}$minor_current ${wl}-current_version ${wl}$minor_current.$revision"
 	  verstring="-compatibility_version $minor_current -current_version $minor_current.$revision"
 	  ;;
 
@@ -2273,16 +3348,24 @@
 	  versuffix=".$current";
 	  ;;
 
-	irix)
-	  major=`expr $current - $age + 1`
-	  verstring="sgi$major.$revision"
+	irix | nonstopux)
+	  if test "X$lt_irix_increment" = "Xno"; then
+	    major=`expr $current - $age`
+	  else
+	    major=`expr $current - $age + 1`
+	  fi
+	  case $version_type in
+	    nonstopux) verstring_prefix=nonstopux ;;
+	    *)         verstring_prefix=sgi ;;
+	  esac
+	  verstring="$verstring_prefix$major.$revision"
 
 	  # Add in all the interfaces that we are compatible with.
 	  loop=$revision
-	  while test $loop != 0; do
+	  while test "$loop" -ne 0; do
 	    iface=`expr $revision - $loop`
 	    loop=`expr $loop - 1`
-	    verstring="sgi$major.$iface:$verstring"
+	    verstring="$verstring_prefix$major.$iface:$verstring"
 	  done
 
 	  # Before this point, $major must not contain `.'.
@@ -2296,13 +3379,13 @@
 	  ;;
 
 	osf)
-	  major=`expr $current - $age`
+	  major=.`expr $current - $age`
 	  versuffix=".$current.$age.$revision"
 	  verstring="$current.$age.$revision"
 
 	  # Add in all the interfaces that we are compatible with.
 	  loop=$age
-	  while test $loop != 0; do
+	  while test "$loop" -ne 0; do
 	    iface=`expr $current - $loop`
 	    loop=`expr $loop - 1`
 	    verstring="$verstring:${iface}.0"
@@ -2326,20 +3409,19 @@
 
 	*)
 	  $echo "$modename: unknown library version type \`$version_type'" 1>&2
-	  echo "Fatal configuration error.  See the $PACKAGE docs for more information." 1>&2
-	  exit 1
+	  $echo "Fatal configuration error.  See the $PACKAGE docs for more information." 1>&2
+	  exit $EXIT_FAILURE
 	  ;;
 	esac
 
 	# Clear the version info if we defaulted, and they specified a release.
 	if test -z "$vinfo" && test -n "$release"; then
 	  major=
-	  verstring="0.0"
 	  case $version_type in
 	  darwin)
 	    # we can't check for "0.0" in archive_cmds due to quoting
 	    # problems, so we reset it completely
-	    verstring=""
+	    verstring=
 	    ;;
 	  *)
 	    verstring="0.0"
@@ -2373,9 +3455,30 @@
       fi
 
       if test "$mode" != relink; then
-	# Remove our outputs.
-	$show "${rm}r $output_objdir/$outputname $output_objdir/$libname.* $output_objdir/${libname}${release}.*"
-	$run ${rm}r $output_objdir/$outputname $output_objdir/$libname.* $output_objdir/${libname}${release}.*
+	# Remove our outputs, but don't remove object files since they
+	# may have been created when compiling PIC objects.
+	removelist=
+	tempremovelist=`$echo "$output_objdir/*"`
+	for p in $tempremovelist; do
+	  case $p in
+	    *.$objext)
+	       ;;
+	    $output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/${libname}${release}.*)
+	       if test "X$precious_files_regex" != "X"; then
+	         if echo $p | $EGREP -e "$precious_files_regex" >/dev/null 2>&1
+	         then
+		   continue
+		 fi
+	       fi
+	       removelist="$removelist $p"
+	       ;;
+	    *) ;;
+	  esac
+	done
+	if test -n "$removelist"; then
+	  $show "${rm}r $removelist"
+	  $run ${rm}r $removelist
+	fi
       fi
 
       # Now set the variables for building old libraries.
@@ -2387,11 +3490,11 @@
       fi
 
       # Eliminate all temporary directories.
-      for path in $notinst_path; do
-	lib_search_path=`echo "$lib_search_path " | sed -e 's% $path % %g'`
-	deplibs=`echo "$deplibs " | sed -e 's% -L$path % %g'`
-	dependency_libs=`echo "$dependency_libs " | sed -e 's% -L$path % %g'`
-      done
+      #for path in $notinst_path; do
+      #	lib_search_path=`$echo "$lib_search_path " | ${SED} -e "s% $path % %g"`
+      #	deplibs=`$echo "$deplibs " | ${SED} -e "s% -L$path % %g"`
+      #	dependency_libs=`$echo "$dependency_libs " | ${SED} -e "s% -L$path % %g"`
+      #done
 
       if test -n "$xrpath"; then
 	# If the user specified any rpath flags, then add them.
@@ -2403,7 +3506,7 @@
 	  *) finalize_rpath="$finalize_rpath $libdir" ;;
 	  esac
 	done
-	if test $hardcode_into_libs != yes || test $build_old_libs = yes; then
+	if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then
 	  dependency_libs="$temp_xrpath $dependency_libs"
 	fi
       fi
@@ -2441,12 +3544,18 @@
 	  *-*-netbsd*)
 	    # Don't link with libc until the a.out ld.so is fixed.
 	    ;;
-	  *-*-openbsd*)
+	  *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
 	    # Do not include libc due to us having libc/libc_r.
 	    ;;
-	  *)
+	  *-*-sco3.2v5* | *-*-sco5v6*)
+	    # Causes problems with __ctype
+	    ;;
+	  *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*)
+	    # Compiler inserts libc in the correct place for threads to work
+	    ;;
+ 	  *)
 	    # Add libc to deplibs on all other systems if necessary.
-	    if test $build_libtool_need_lc = "yes"; then
+	    if test "$build_libtool_need_lc" = "yes"; then
 	      deplibs="$deplibs -lc"
 	    fi
 	    ;;
@@ -2473,7 +3582,7 @@
 	  # This might be a little naive.  We might want to check
 	  # whether the library exists or not.  But this is on
 	  # osf3 & osf4 and I'm not really sure... Just
-	  # implementing what was already the behaviour.
+	  # implementing what was already the behavior.
 	  newdeplibs=$deplibs
 	  ;;
 	test_compile)
@@ -2486,64 +3595,85 @@
 	  int main() { return 0; }
 EOF
 	  $rm conftest
-	  $CC -o conftest conftest.c $deplibs
-	  if test $? -eq 0 ; then
+	  if $LTCC $LTCFLAGS -o conftest conftest.c $deplibs; then
 	    ldd_output=`ldd conftest`
 	    for i in $deplibs; do
-	      name="`expr $i : '-l\(.*\)'`"
+	      name=`expr $i : '-l\(.*\)'`
 	      # If $name is empty we are operating on a -L argument.
-	      if test -n "$name" && test "$name" != "0"; then
-		libname=`eval \\$echo \"$libname_spec\"`
-		deplib_matches=`eval \\$echo \"$library_names_spec\"`
-		set dummy $deplib_matches
-		deplib_match=$2
-		if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0 ; then
-		  newdeplibs="$newdeplibs $i"
-		else
-		  droppeddeps=yes
-		  echo
-		  echo "*** Warning: This library needs some functionality provided by $i."
-		  echo "*** I have the capability to make that library automatically link in when"
-		  echo "*** you link to this library.  But I can only do this if you have a"
-		  echo "*** shared version of the library, which you do not appear to have."
+              if test "$name" != "" && test "$name" != "0"; then
+		if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+		  case " $predeps $postdeps " in
+		  *" $i "*)
+		    newdeplibs="$newdeplibs $i"
+		    i=""
+		    ;;
+		  esac
+	        fi
+		if test -n "$i" ; then
+		  libname=`eval \\$echo \"$libname_spec\"`
+		  deplib_matches=`eval \\$echo \"$library_names_spec\"`
+		  set dummy $deplib_matches
+		  deplib_match=$2
+		  if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0 ; then
+		    newdeplibs="$newdeplibs $i"
+		  else
+		    droppeddeps=yes
+		    $echo
+		    $echo "*** Warning: dynamic linker does not accept needed library $i."
+		    $echo "*** I have the capability to make that library automatically link in when"
+		    $echo "*** you link to this library.  But I can only do this if you have a"
+		    $echo "*** shared version of the library, which I believe you do not have"
+		    $echo "*** because a test_compile did reveal that the linker did not use it for"
+		    $echo "*** its dynamic dependency list that programs get resolved with at runtime."
+		  fi
 		fi
 	      else
 		newdeplibs="$newdeplibs $i"
 	      fi
 	    done
 	  else
-	    # Error occured in the first compile.  Let's try to salvage the situation:
-	    # Compile a seperate program for each library.
+	    # Error occurred in the first compile.  Let's try to salvage
+	    # the situation: Compile a separate program for each library.
 	    for i in $deplibs; do
-	      name="`expr $i : '-l\(.*\)'`"
-	     # If $name is empty we are operating on a -L argument.
-	      if test -n "$name" && test "$name" != "0"; then
+	      name=`expr $i : '-l\(.*\)'`
+	      # If $name is empty we are operating on a -L argument.
+              if test "$name" != "" && test "$name" != "0"; then
 		$rm conftest
-		$CC -o conftest conftest.c $i
-		# Did it work?
-		if test $? -eq 0 ; then
+		if $LTCC $LTCFLAGS -o conftest conftest.c $i; then
 		  ldd_output=`ldd conftest`
-		  libname=`eval \\$echo \"$libname_spec\"`
-		  deplib_matches=`eval \\$echo \"$library_names_spec\"`
-		  set dummy $deplib_matches
-		  deplib_match=$2
-		  if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0 ; then
-		    newdeplibs="$newdeplibs $i"
-		  else
-		    droppeddeps=yes
-		    echo
-		    echo "*** Warning: This library needs some functionality provided by $i."
-		    echo "*** I have the capability to make that library automatically link in when"
-		    echo "*** you link to this library.  But I can only do this if you have a"
-		    echo "*** shared version of the library, which you do not appear to have."
+		  if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+		    case " $predeps $postdeps " in
+		    *" $i "*)
+		      newdeplibs="$newdeplibs $i"
+		      i=""
+		      ;;
+		    esac
 		  fi
+		  if test -n "$i" ; then
+		    libname=`eval \\$echo \"$libname_spec\"`
+		    deplib_matches=`eval \\$echo \"$library_names_spec\"`
+		    set dummy $deplib_matches
+		    deplib_match=$2
+		    if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0 ; then
+		      newdeplibs="$newdeplibs $i"
+		    else
+		      droppeddeps=yes
+		      $echo
+		      $echo "*** Warning: dynamic linker does not accept needed library $i."
+		      $echo "*** I have the capability to make that library automatically link in when"
+		      $echo "*** you link to this library.  But I can only do this if you have a"
+		      $echo "*** shared version of the library, which you do not appear to have"
+		      $echo "*** because a test_compile did reveal that the linker did not use this one"
+		      $echo "*** as a dynamic dependency that programs can get resolved with at runtime."
+		    fi
+		  fi
 		else
 		  droppeddeps=yes
-		  echo
-		  echo "*** Warning!  Library $i is needed by this library but I was not able to"
-		  echo "***  make it link in!  You will probably need to install it or some"
-		  echo "*** library that it depends on before this library will be fully"
-		  echo "*** functional.  Installing it before continuing would be even better."
+		  $echo
+		  $echo "*** Warning!  Library $i is needed by this library but I was not able to"
+		  $echo "*** make it link in!  You will probably need to install it or some"
+		  $echo "*** library that it depends on before this library will be fully"
+		  $echo "*** functional.  Installing it before continuing would be even better."
 		fi
 	      else
 		newdeplibs="$newdeplibs $i"
@@ -2555,13 +3685,22 @@
 	  set dummy $deplibs_check_method
 	  file_magic_regex=`expr "$deplibs_check_method" : "$2 \(.*\)"`
 	  for a_deplib in $deplibs; do
-	    name="`expr $a_deplib : '-l\(.*\)'`"
+	    name=`expr $a_deplib : '-l\(.*\)'`
 	    # If $name is empty we are operating on a -L argument.
-	    if test -n "$name" && test "$name" != "0"; then
-	      libname=`eval \\$echo \"$libname_spec\"`
-	      for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do
-		    potential_libs=`ls $i/$libname[.-]* 2>/dev/null`
-		    for potent_lib in $potential_libs; do
+            if test "$name" != "" && test  "$name" != "0"; then
+	      if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+		case " $predeps $postdeps " in
+		*" $a_deplib "*)
+		  newdeplibs="$newdeplibs $a_deplib"
+		  a_deplib=""
+		  ;;
+		esac
+	      fi
+	      if test -n "$a_deplib" ; then
+		libname=`eval \\$echo \"$libname_spec\"`
+		for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do
+		  potential_libs=`ls $i/$libname[.-]* 2>/dev/null`
+		  for potent_lib in $potential_libs; do
 		      # Follow soft links.
 		      if ls -lLd "$potent_lib" 2>/dev/null \
 			 | grep " -> " >/dev/null; then
@@ -2574,28 +3713,36 @@
 		      # but so what?
 		      potlib="$potent_lib"
 		      while test -h "$potlib" 2>/dev/null; do
-			potliblink=`ls -ld $potlib | sed 's/.* -> //'`
+			potliblink=`ls -ld $potlib | ${SED} 's/.* -> //'`
 			case $potliblink in
 			[\\/]* | [A-Za-z]:[\\/]*) potlib="$potliblink";;
 			*) potlib=`$echo "X$potlib" | $Xsed -e 's,[^/]*$,,'`"$potliblink";;
 			esac
 		      done
 		      if eval $file_magic_cmd \"\$potlib\" 2>/dev/null \
-			 | sed 10q \
-			 | egrep "$file_magic_regex" > /dev/null; then
+			 | ${SED} 10q \
+			 | $EGREP "$file_magic_regex" > /dev/null; then
 			newdeplibs="$newdeplibs $a_deplib"
 			a_deplib=""
 			break 2
 		      fi
-		    done
-	      done
+		  done
+		done
+	      fi
 	      if test -n "$a_deplib" ; then
 		droppeddeps=yes
-		echo
-		echo "*** Warning: This library needs some functionality provided by $a_deplib."
-		echo "*** I have the capability to make that library automatically link in when"
-		echo "*** you link to this library.  But I can only do this if you have a"
-		echo "*** shared version of the library, which you do not appear to have."
+		$echo
+		$echo "*** Warning: linker path does not have real file for library $a_deplib."
+		$echo "*** I have the capability to make that library automatically link in when"
+		$echo "*** you link to this library.  But I can only do this if you have a"
+		$echo "*** shared version of the library, which you do not appear to have"
+		$echo "*** because I did check the linker path looking for a file starting"
+		if test -z "$potlib" ; then
+		  $echo "*** with $libname but no candidates were found. (...for file magic test)"
+		else
+		  $echo "*** with $libname and none of the candidates passed a file format test"
+		  $echo "*** using a file magic. Last file checked: $potlib"
+		fi
 	      fi
 	    else
 	      # Add a -L argument.
@@ -2607,29 +3754,47 @@
 	  set dummy $deplibs_check_method
 	  match_pattern_regex=`expr "$deplibs_check_method" : "$2 \(.*\)"`
 	  for a_deplib in $deplibs; do
-	    name="`expr $a_deplib : '-l\(.*\)'`"
+	    name=`expr $a_deplib : '-l\(.*\)'`
 	    # If $name is empty we are operating on a -L argument.
 	    if test -n "$name" && test "$name" != "0"; then
-	      libname=`eval \\$echo \"$libname_spec\"`
-	      for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do
-		potential_libs=`ls $i/$libname[.-]* 2>/dev/null`
-		for potent_lib in $potential_libs; do
-		  if eval echo \"$potent_lib\" 2>/dev/null \
-		      | sed 10q \
-		      | egrep "$match_pattern_regex" > /dev/null; then
-		    newdeplibs="$newdeplibs $a_deplib"
-		    a_deplib=""
-		    break 2
-		  fi
+	      if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+		case " $predeps $postdeps " in
+		*" $a_deplib "*)
+		  newdeplibs="$newdeplibs $a_deplib"
+		  a_deplib=""
+		  ;;
+		esac
+	      fi
+	      if test -n "$a_deplib" ; then
+		libname=`eval \\$echo \"$libname_spec\"`
+		for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do
+		  potential_libs=`ls $i/$libname[.-]* 2>/dev/null`
+		  for potent_lib in $potential_libs; do
+		    potlib="$potent_lib" # see symlink-check above in file_magic test
+		    if eval $echo \"$potent_lib\" 2>/dev/null \
+		        | ${SED} 10q \
+		        | $EGREP "$match_pattern_regex" > /dev/null; then
+		      newdeplibs="$newdeplibs $a_deplib"
+		      a_deplib=""
+		      break 2
+		    fi
+		  done
 		done
-	      done
+	      fi
 	      if test -n "$a_deplib" ; then
 		droppeddeps=yes
-		echo
-		echo "*** Warning: This library needs some functionality provided by $a_deplib."
-		echo "*** I have the capability to make that library automatically link in when"
-		echo "*** you link to this library.  But I can only do this if you have a"
-		echo "*** shared version of the library, which you do not appear to have."
+		$echo
+		$echo "*** Warning: linker path does not have real file for library $a_deplib."
+		$echo "*** I have the capability to make that library automatically link in when"
+		$echo "*** you link to this library.  But I can only do this if you have a"
+		$echo "*** shared version of the library, which you do not appear to have"
+		$echo "*** because I did check the linker path looking for a file starting"
+		if test -z "$potlib" ; then
+		  $echo "*** with $libname but no candidates were found. (...for regex pattern test)"
+		else
+		  $echo "*** with $libname and none of the candidates passed a file format test"
+		  $echo "*** using a regex pattern. Last file checked: $potlib"
+		fi
 	      fi
 	    else
 	      # Add a -L argument.
@@ -2639,16 +3804,23 @@
 	  ;;
 	none | unknown | *)
 	  newdeplibs=""
-	  if $echo "X $deplibs" | $Xsed -e 's/ -lc$//' \
-	       -e 's/ -[LR][^ ]*//g' -e 's/[ 	]//g' |
-	     grep . >/dev/null; then
-	    echo
+	  tmp_deplibs=`$echo "X $deplibs" | $Xsed -e 's/ -lc$//' \
+	    -e 's/ -[LR][^ ]*//g'`
+	  if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+	    for i in $predeps $postdeps ; do
+	      # can't use Xsed below, because $i might contain '/'
+	      tmp_deplibs=`$echo "X $tmp_deplibs" | ${SED} -e "1s,^X,," -e "s,$i,,"`
+	    done
+	  fi
+	  if $echo "X $tmp_deplibs" | $Xsed -e 's/[ 	]//g' \
+	    | grep . >/dev/null; then
+	    $echo
 	    if test "X$deplibs_check_method" = "Xnone"; then
-	      echo "*** Warning: inter-library dependencies are not supported in this platform."
+	      $echo "*** Warning: inter-library dependencies are not supported in this platform."
 	    else
-	      echo "*** Warning: inter-library dependencies are not known to be supported."
+	      $echo "*** Warning: inter-library dependencies are not known to be supported."
 	    fi
-	    echo "*** All declared inter-library dependencies are being dropped."
+	    $echo "*** All declared inter-library dependencies are being dropped."
 	    droppeddeps=yes
 	  fi
 	  ;;
@@ -2668,17 +3840,17 @@
 
 	if test "$droppeddeps" = yes; then
 	  if test "$module" = yes; then
-	    echo
-	    echo "*** Warning: libtool could not satisfy all declared inter-library"
-	    echo "*** dependencies of module $libname.  Therefore, libtool will create"
-	    echo "*** a static module, that should work as long as the dlopening"
-	    echo "*** application is linked with the -dlopen flag."
+	    $echo
+	    $echo "*** Warning: libtool could not satisfy all declared inter-library"
+	    $echo "*** dependencies of module $libname.  Therefore, libtool will create"
+	    $echo "*** a static module, that should work as long as the dlopening"
+	    $echo "*** application is linked with the -dlopen flag."
 	    if test -z "$global_symbol_pipe"; then
-	      echo
-	      echo "*** However, this would only work if libtool was able to extract symbol"
-	      echo "*** lists from a program, using \`nm' or equivalent, but libtool could"
-	      echo "*** not find such a program.  So, this module is probably useless."
-	      echo "*** \`nm' from GNU binutils and a full rebuild may help."
+	      $echo
+	      $echo "*** However, this would only work if libtool was able to extract symbol"
+	      $echo "*** lists from a program, using \`nm' or equivalent, but libtool could"
+	      $echo "*** not find such a program.  So, this module is probably useless."
+	      $echo "*** \`nm' from GNU binutils and a full rebuild may help."
 	    fi
 	    if test "$build_old_libs" = no; then
 	      oldlibs="$output_objdir/$libname.$libext"
@@ -2688,16 +3860,16 @@
 	      build_libtool_libs=no
 	    fi
 	  else
-	    echo "*** The inter-library dependencies that have been dropped here will be"
-	    echo "*** automatically added whenever a program is linked with this library"
-	    echo "*** or is declared to -dlopen it."
+	    $echo "*** The inter-library dependencies that have been dropped here will be"
+	    $echo "*** automatically added whenever a program is linked with this library"
+	    $echo "*** or is declared to -dlopen it."
 
-	    if test $allow_undefined = no; then
-	      echo
-	      echo "*** Since this library must not contain undefined symbols,"
-	      echo "*** because either the platform does not support them or"
-	      echo "*** it was explicitly requested with -no-undefined,"
-	      echo "*** libtool will only create a static version of it."
+	    if test "$allow_undefined" = no; then
+	      $echo
+	      $echo "*** Since this library must not contain undefined symbols,"
+	      $echo "*** because either the platform does not support them or"
+	      $echo "*** it was explicitly requested with -no-undefined,"
+	      $echo "*** libtool will only create a static version of it."
 	      if test "$build_old_libs" = no; then
 		oldlibs="$output_objdir/$libname.$libext"
 		build_libtool_libs=module
@@ -2712,6 +3884,35 @@
 	deplibs=$newdeplibs
       fi
 
+
+      # move library search paths that coincide with paths to not yet
+      # installed libraries to the beginning of the library search list
+      new_libs=
+      for path in $notinst_path; do
+	case " $new_libs " in
+	*" -L$path/$objdir "*) ;;
+	*)
+	  case " $deplibs " in
+	  *" -L$path/$objdir "*)
+	    new_libs="$new_libs -L$path/$objdir" ;;
+	  esac
+	  ;;
+	esac
+      done
+      for deplib in $deplibs; do
+	case $deplib in
+	-L*)
+	  case " $new_libs " in
+	  *" $deplib "*) ;;
+	  *) new_libs="$new_libs $deplib" ;;
+	  esac
+	  ;;
+	*) new_libs="$new_libs $deplib" ;;
+	esac
+      done
+      deplibs="$new_libs"
+
+
       # All the library-specific variables (install_libdir is set above).
       library_names=
       old_library=
@@ -2719,7 +3920,7 @@
 
       # Test again, we may have decided not to build it any more
       if test "$build_libtool_libs" = yes; then
-	if test $hardcode_into_libs = yes; then
+	if test "$hardcode_into_libs" = yes; then
 	  # Hardcode the library paths
 	  hardcode_libdirs=
 	  dep_rpath=
@@ -2755,7 +3956,14 @@
 	  if test -n "$hardcode_libdir_separator" &&
 	     test -n "$hardcode_libdirs"; then
 	    libdir="$hardcode_libdirs"
-	    eval dep_rpath=\"$hardcode_libdir_flag_spec\"
+	    if test -n "$hardcode_libdir_flag_spec_ld"; then
+	      case $archive_cmds in
+	      *\$LD*) eval dep_rpath=\"$hardcode_libdir_flag_spec_ld\" ;;
+	      *)      eval dep_rpath=\"$hardcode_libdir_flag_spec\" ;;
+	      esac
+	    else
+	      eval dep_rpath=\"$hardcode_libdir_flag_spec\"
+	    fi
 	  fi
 	  if test -n "$runpath_var" && test -n "$perm_rpath"; then
 	    # We should set the runpath_var.
@@ -2775,6 +3983,7 @@
 	fi
 
 	# Get the real and link names of the library.
+	eval shared_ext=\"$shrext_cmds\"
 	eval library_names=\"$library_names_spec\"
 	set dummy $library_names
 	realname="$2"
@@ -2785,31 +3994,17 @@
 	else
 	  soname="$realname"
 	fi
-	test -z "$dlname" && dlname=$soname
+	if test -z "$dlname"; then
+	  dlname=$soname
+	fi
 
 	lib="$output_objdir/$realname"
+	linknames=
 	for link
 	do
 	  linknames="$linknames $link"
 	done
 
-	# Ensure that we have .o objects for linkers which dislike .lo
-	# (e.g. aix) in case we are running --disable-static
-	for obj in $libobjs; do
-	  xdir=`$echo "X$obj" | $Xsed -e 's%/[^/]*$%%'`
-	  if test "X$xdir" = "X$obj"; then
-	    xdir="."
-	  else
-	    xdir="$xdir"
-	  fi
-	  baseobj=`$echo "X$obj" | $Xsed -e 's%^.*/%%'`
-	  oldobj=`$echo "X$baseobj" | $Xsed -e "$lo2o"`
-	  if test ! -f $xdir/$oldobj; then
-	    $show "(cd $xdir && ${LN_S} $baseobj $oldobj)"
-	    $run eval '(cd $xdir && ${LN_S} $baseobj $oldobj)' || exit $?
-	  fi
-	done
-
 	# Use standard objects if they are pic
 	test -z "$pic_flag" && libobjs=`$echo "X$libobjs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
 
@@ -2819,17 +4014,29 @@
 	    $show "generating symbol list for \`$libname.la'"
 	    export_symbols="$output_objdir/$libname.exp"
 	    $run $rm $export_symbols
-	    eval cmds=\"$export_symbols_cmds\"
+	    cmds=$export_symbols_cmds
 	    save_ifs="$IFS"; IFS='~'
 	    for cmd in $cmds; do
 	      IFS="$save_ifs"
-	      $show "$cmd"
-	      $run eval "$cmd" || exit $?
+	      eval cmd=\"$cmd\"
+	      if len=`expr "X$cmd" : ".*"` &&
+	       test "$len" -le "$max_cmd_len" || test "$max_cmd_len" -le -1; then
+	        $show "$cmd"
+	        $run eval "$cmd" || exit $?
+	        skipped_export=false
+	      else
+	        # The command line is too long to execute in one step.
+	        $show "using reloadable object file for export list..."
+	        skipped_export=:
+		# Break out early, otherwise skipped_export may be
+		# set to false by a later but shorter cmd.
+		break
+	      fi
 	    done
 	    IFS="$save_ifs"
 	    if test -n "$export_symbols_regex"; then
-	      $show "egrep -e \"$export_symbols_regex\" \"$export_symbols\" > \"${export_symbols}T\""
-	      $run eval 'egrep -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"'
+	      $show "$EGREP -e \"$export_symbols_regex\" \"$export_symbols\" > \"${export_symbols}T\""
+	      $run eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"'
 	      $show "$mv \"${export_symbols}T\" \"$export_symbols\""
 	      $run eval '$mv "${export_symbols}T" "$export_symbols"'
 	    fi
@@ -2840,46 +4047,30 @@
 	  $run eval '$echo "X$include_expsyms" | $SP2NL >> "$export_symbols"'
 	fi
 
+	tmp_deplibs=
+	for test_deplib in $deplibs; do
+		case " $convenience " in
+		*" $test_deplib "*) ;;
+		*)
+			tmp_deplibs="$tmp_deplibs $test_deplib"
+			;;
+		esac
+	done
+	deplibs="$tmp_deplibs"
+
 	if test -n "$convenience"; then
 	  if test -n "$whole_archive_flag_spec"; then
+	    save_libobjs=$libobjs
 	    eval libobjs=\"\$libobjs $whole_archive_flag_spec\"
 	  else
 	    gentop="$output_objdir/${outputname}x"
-	    $show "${rm}r $gentop"
-	    $run ${rm}r "$gentop"
-	    $show "mkdir $gentop"
-	    $run mkdir "$gentop"
-	    status=$?
-	    if test $status -ne 0 && test ! -d "$gentop"; then
-	      exit $status
-	    fi
 	    generated="$generated $gentop"
 
-	    for xlib in $convenience; do
-	      # Extract the objects.
-	      case $xlib in
-	      [\\/]* | [A-Za-z]:[\\/]*) xabs="$xlib" ;;
-	      *) xabs=`pwd`"/$xlib" ;;
-	      esac
-	      xlib=`$echo "X$xlib" | $Xsed -e 's%^.*/%%'`
-	      xdir="$gentop/$xlib"
-
-	      $show "${rm}r $xdir"
-	      $run ${rm}r "$xdir"
-	      $show "mkdir $xdir"
-	      $run mkdir "$xdir"
-	      status=$?
-	      if test $status -ne 0 && test ! -d "$xdir"; then
-		exit $status
-	      fi
-	      $show "(cd $xdir && $AR x $xabs)"
-	      $run eval "(cd \$xdir && $AR x \$xabs)" || exit $?
-
-	      libobjs="$libobjs "`find $xdir -name \*.o -print -o -name \*.lo -print | $NL2SP`
-	    done
+	    func_extract_archives $gentop $convenience
+	    libobjs="$libobjs $func_extract_archives_result"
 	  fi
 	fi
-
+	
 	if test "$thread_safe" = yes && test -n "$thread_safe_flag_spec"; then
 	  eval flag=\"$thread_safe_flag_spec\"
 	  linker_flags="$linker_flags $flag"
@@ -2891,23 +4082,175 @@
 	fi
 
 	# Do each of the archive commands.
+	if test "$module" = yes && test -n "$module_cmds" ; then
+	  if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then
+	    eval test_cmds=\"$module_expsym_cmds\"
+	    cmds=$module_expsym_cmds
+	  else
+	    eval test_cmds=\"$module_cmds\"
+	    cmds=$module_cmds
+	  fi
+	else
 	if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then
-	  eval cmds=\"$archive_expsym_cmds\"
+	  eval test_cmds=\"$archive_expsym_cmds\"
+	  cmds=$archive_expsym_cmds
 	else
-	  eval cmds=\"$archive_cmds\"
+	  eval test_cmds=\"$archive_cmds\"
+	  cmds=$archive_cmds
+	  fi
 	fi
+
+	if test "X$skipped_export" != "X:" &&
+	   len=`expr "X$test_cmds" : ".*" 2>/dev/null` &&
+	   test "$len" -le "$max_cmd_len" || test "$max_cmd_len" -le -1; then
+	  :
+	else
+	  # The command line is too long to link in one step, link piecewise.
+	  $echo "creating reloadable object files..."
+
+	  # Save the value of $output and $libobjs because we want to
+	  # use them later.  If we have whole_archive_flag_spec, we
+	  # want to use save_libobjs as it was before
+	  # whole_archive_flag_spec was expanded, because we can't
+	  # assume the linker understands whole_archive_flag_spec.
+	  # This may have to be revisited, in case too many
+	  # convenience libraries get linked in and end up exceeding
+	  # the spec.
+	  if test -z "$convenience" || test -z "$whole_archive_flag_spec"; then
+	    save_libobjs=$libobjs
+	  fi
+	  save_output=$output
+	  output_la=`$echo "X$output" | $Xsed -e "$basename"`
+
+	  # Clear the reloadable object creation command queue and
+	  # initialize k to one.
+	  test_cmds=
+	  concat_cmds=
+	  objlist=
+	  delfiles=
+	  last_robj=
+	  k=1
+	  output=$output_objdir/$output_la-${k}.$objext
+	  # Loop over the list of objects to be linked.
+	  for obj in $save_libobjs
+	  do
+	    eval test_cmds=\"$reload_cmds $objlist $last_robj\"
+	    if test "X$objlist" = X ||
+	       { len=`expr "X$test_cmds" : ".*" 2>/dev/null` &&
+		 test "$len" -le "$max_cmd_len"; }; then
+	      objlist="$objlist $obj"
+	    else
+	      # The command $test_cmds is almost too long, add a
+	      # command to the queue.
+	      if test "$k" -eq 1 ; then
+		# The first file doesn't have a previous command to add.
+		eval concat_cmds=\"$reload_cmds $objlist $last_robj\"
+	      else
+		# All subsequent reloadable object files will link in
+		# the last one created.
+		eval concat_cmds=\"\$concat_cmds~$reload_cmds $objlist $last_robj\"
+	      fi
+	      last_robj=$output_objdir/$output_la-${k}.$objext
+	      k=`expr $k + 1`
+	      output=$output_objdir/$output_la-${k}.$objext
+	      objlist=$obj
+	      len=1
+	    fi
+	  done
+	  # Handle the remaining objects by creating one last
+	  # reloadable object file.  All subsequent reloadable object
+	  # files will link in the last one created.
+	  test -z "$concat_cmds" || concat_cmds=$concat_cmds~
+	  eval concat_cmds=\"\${concat_cmds}$reload_cmds $objlist $last_robj\"
+
+	  if ${skipped_export-false}; then
+	    $show "generating symbol list for \`$libname.la'"
+	    export_symbols="$output_objdir/$libname.exp"
+	    $run $rm $export_symbols
+	    libobjs=$output
+	    # Append the command to create the export file.
+	    eval concat_cmds=\"\$concat_cmds~$export_symbols_cmds\"
+          fi
+
+	  # Set up a command to remove the reloadable object files
+	  # after they are used.
+	  i=0
+	  while test "$i" -lt "$k"
+	  do
+	    i=`expr $i + 1`
+	    delfiles="$delfiles $output_objdir/$output_la-${i}.$objext"
+	  done
+
+	  $echo "creating a temporary reloadable object file: $output"
+
+	  # Loop through the commands generated above and execute them.
+	  save_ifs="$IFS"; IFS='~'
+	  for cmd in $concat_cmds; do
+	    IFS="$save_ifs"
+	    $show "$cmd"
+	    $run eval "$cmd" || exit $?
+	  done
+	  IFS="$save_ifs"
+
+	  libobjs=$output
+	  # Restore the value of output.
+	  output=$save_output
+
+	  if test -n "$convenience" && test -n "$whole_archive_flag_spec"; then
+	    eval libobjs=\"\$libobjs $whole_archive_flag_spec\"
+	  fi
+	  # Expand the library linking commands again to reset the
+	  # value of $libobjs for piecewise linking.
+
+	  # Do each of the archive commands.
+	  if test "$module" = yes && test -n "$module_cmds" ; then
+	    if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then
+	      cmds=$module_expsym_cmds
+	    else
+	      cmds=$module_cmds
+	    fi
+	  else
+	  if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then
+	    cmds=$archive_expsym_cmds
+	  else
+	    cmds=$archive_cmds
+	    fi
+	  fi
+
+	  # Append the command to remove the reloadable object files
+	  # to the just-reset $cmds.
+	  eval cmds=\"\$cmds~\$rm $delfiles\"
+	fi
 	save_ifs="$IFS"; IFS='~'
 	for cmd in $cmds; do
 	  IFS="$save_ifs"
+	  eval cmd=\"$cmd\"
 	  $show "$cmd"
-	  $run eval "$cmd" || exit $?
+	  $run eval "$cmd" || {
+	    lt_exit=$?
+
+	    # Restore the uninstalled library and exit
+	    if test "$mode" = relink; then
+	      $run eval '(cd $output_objdir && $rm ${realname}T && $mv ${realname}U $realname)'
+	    fi
+
+	    exit $lt_exit
+	  }
 	done
 	IFS="$save_ifs"
 
 	# Restore the uninstalled library and exit
 	if test "$mode" = relink; then
 	  $run eval '(cd $output_objdir && $rm ${realname}T && $mv $realname ${realname}T && $mv "$realname"U $realname)' || exit $?
-	  exit 0
+
+	  if test -n "$convenience"; then
+	    if test -z "$whole_archive_flag_spec"; then
+	      $show "${rm}r $gentop"
+	      $run ${rm}r "$gentop"
+	    fi
+	  fi
+
+	  exit $EXIT_SUCCESS
 	fi
 
 	# Create links to the real library.
@@ -2927,9 +4270,10 @@
       ;;
 
     obj)
-      if test -n "$deplibs"; then
-	$echo "$modename: warning: \`-l' and \`-L' are ignored for objects" 1>&2
-      fi
+      case " $deplibs" in
+      *\ -l* | *\ -L*)
+	$echo "$modename: warning: \`-l' and \`-L' are ignored for objects" 1>&2 ;;
+      esac
 
       if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
 	$echo "$modename: warning: \`-dlopen' is ignored for objects" 1>&2
@@ -2955,7 +4299,7 @@
       *.lo)
 	if test -n "$objs$old_deplibs"; then
 	  $echo "$modename: cannot build library object \`$output' from non-libtool objects" 1>&2
-	  exit 1
+	  exit $EXIT_FAILURE
 	fi
 	libobj="$output"
 	obj=`$echo "X$output" | $Xsed -e "$lo2o"`
@@ -2976,46 +4320,20 @@
       reload_conv_objs=
       gentop=
       # reload_cmds runs $LD directly, so let us get rid of
-      # -Wl from whole_archive_flag_spec
+      # -Wl from whole_archive_flag_spec and hope we can get by with
+      # turning comma into space..
       wl=
 
       if test -n "$convenience"; then
 	if test -n "$whole_archive_flag_spec"; then
-	  eval reload_conv_objs=\"\$reload_objs $whole_archive_flag_spec\"
+	  eval tmp_whole_archive_flags=\"$whole_archive_flag_spec\"
+	  reload_conv_objs=$reload_objs\ `$echo "X$tmp_whole_archive_flags" | $Xsed -e 's|,| |g'`
 	else
 	  gentop="$output_objdir/${obj}x"
-	  $show "${rm}r $gentop"
-	  $run ${rm}r "$gentop"
-	  $show "mkdir $gentop"
-	  $run mkdir "$gentop"
-	  status=$?
-	  if test $status -ne 0 && test ! -d "$gentop"; then
-	    exit $status
-	  fi
 	  generated="$generated $gentop"
 
-	  for xlib in $convenience; do
-	    # Extract the objects.
-	    case $xlib in
-	    [\\/]* | [A-Za-z]:[\\/]*) xabs="$xlib" ;;
-	    *) xabs=`pwd`"/$xlib" ;;
-	    esac
-	    xlib=`$echo "X$xlib" | $Xsed -e 's%^.*/%%'`
-	    xdir="$gentop/$xlib"
-
-	    $show "${rm}r $xdir"
-	    $run ${rm}r "$xdir"
-	    $show "mkdir $xdir"
-	    $run mkdir "$xdir"
-	    status=$?
-	    if test $status -ne 0 && test ! -d "$xdir"; then
-	      exit $status
-	    fi
-	    $show "(cd $xdir && $AR x $xabs)"
-	    $run eval "(cd \$xdir && $AR x \$xabs)" || exit $?
-
-	    reload_conv_objs="$reload_objs "`find $xdir -name \*.o -print -o -name \*.lo -print | $NL2SP`
-	  done
+	  func_extract_archives $gentop $convenience
+	  reload_conv_objs="$reload_objs $func_extract_archives_result"
 	fi
       fi
 
@@ -3023,10 +4341,11 @@
       reload_objs="$objs$old_deplibs "`$echo "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}$'/d' -e '/\.lib$/d' -e "$lo2o" | $NL2SP`" $reload_conv_objs" ### testsuite: skip nested quoting test
 
       output="$obj"
-      eval cmds=\"$reload_cmds\"
+      cmds=$reload_cmds
       save_ifs="$IFS"; IFS='~'
       for cmd in $cmds; do
 	IFS="$save_ifs"
+	eval cmd=\"$cmd\"
 	$show "$cmd"
 	$run eval "$cmd" || exit $?
       done
@@ -3039,7 +4358,7 @@
 	  $run ${rm}r $gentop
 	fi
 
-	exit 0
+	exit $EXIT_SUCCESS
       fi
 
       if test "$build_libtool_libs" != yes; then
@@ -3050,37 +4369,24 @@
 
 	# Create an invalid libtool object if no PIC, so that we don't
 	# accidentally link it into a program.
-	$show "echo timestamp > $libobj"
-	$run eval "echo timestamp > $libobj" || exit $?
-	exit 0
+	# $show "echo timestamp > $libobj"
+	# $run eval "echo timestamp > $libobj" || exit $?
+	exit $EXIT_SUCCESS
       fi
 
       if test -n "$pic_flag" || test "$pic_mode" != default; then
 	# Only do commands if we really have different PIC objects.
 	reload_objs="$libobjs $reload_conv_objs"
 	output="$libobj"
-	eval cmds=\"$reload_cmds\"
+	cmds=$reload_cmds
 	save_ifs="$IFS"; IFS='~'
 	for cmd in $cmds; do
 	  IFS="$save_ifs"
+	  eval cmd=\"$cmd\"
 	  $show "$cmd"
 	  $run eval "$cmd" || exit $?
 	done
 	IFS="$save_ifs"
-      else
-	# Just create a symlink.
-	$show $rm $libobj
-	$run $rm $libobj
-	xdir=`$echo "X$libobj" | $Xsed -e 's%/[^/]*$%%'`
-	if test "X$xdir" = "X$libobj"; then
-	  xdir="."
-	else
-	  xdir="$xdir"
-	fi
-	baseobj=`$echo "X$libobj" | $Xsed -e 's%^.*/%%'`
-	oldobj=`$echo "X$baseobj" | $Xsed -e "$lo2o"`
-	$show "(cd $xdir && $LN_S $oldobj $baseobj)"
-	$run eval '(cd $xdir && $LN_S $oldobj $baseobj)' || exit $?
       fi
 
       if test -n "$gentop"; then
@@ -3088,12 +4394,12 @@
 	$run ${rm}r $gentop
       fi
 
-      exit 0
+      exit $EXIT_SUCCESS
       ;;
 
     prog)
       case $host in
-	*cygwin*) output=`echo $output | sed -e 's,.exe$,,;s,$,.exe,'` ;;
+	*cygwin*) output=`$echo $output | ${SED} -e 's,.exe$,,;s,$,.exe,'` ;;
       esac
       if test -n "$vinfo"; then
 	$echo "$modename: warning: \`-version-info' is ignored for programs" 1>&2
@@ -3118,6 +4424,45 @@
 	;;
       esac
 
+      case $host in
+      *darwin*)
+        # Don't allow lazy linking, it breaks C++ global constructors
+        if test "$tagname" = CXX ; then
+        compile_command="$compile_command ${wl}-bind_at_load"
+        finalize_command="$finalize_command ${wl}-bind_at_load"
+        fi
+        ;;
+      esac
+
+
+      # move library search paths that coincide with paths to not yet
+      # installed libraries to the beginning of the library search list
+      new_libs=
+      for path in $notinst_path; do
+	case " $new_libs " in
+	*" -L$path/$objdir "*) ;;
+	*)
+	  case " $compile_deplibs " in
+	  *" -L$path/$objdir "*)
+	    new_libs="$new_libs -L$path/$objdir" ;;
+	  esac
+	  ;;
+	esac
+      done
+      for deplib in $compile_deplibs; do
+	case $deplib in
+	-L*)
+	  case " $new_libs " in
+	  *" $deplib "*) ;;
+	  *) new_libs="$new_libs $deplib" ;;
+	  esac
+	  ;;
+	*) new_libs="$new_libs $deplib" ;;
+	esac
+      done
+      compile_deplibs="$new_libs"
+
+
       compile_command="$compile_command $compile_deplibs"
       finalize_command="$finalize_command $finalize_deplibs"
 
@@ -3162,10 +4507,15 @@
 	fi
 	case $host in
 	*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*)
+	  testbindir=`$echo "X$libdir" | $Xsed -e 's*/lib$*/bin*'`
 	  case :$dllsearchpath: in
 	  *":$libdir:"*) ;;
 	  *) dllsearchpath="$dllsearchpath:$libdir";;
 	  esac
+	  case :$dllsearchpath: in
+	  *":$testbindir:"*) ;;
+	  *) dllsearchpath="$dllsearchpath:$testbindir";;
+	  esac
 	  ;;
 	esac
       done
@@ -3268,31 +4618,43 @@
 	    done
 
 	    if test -n "$exclude_expsyms"; then
-	      $run eval 'egrep -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T'
+	      $run eval '$EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T'
 	      $run eval '$mv "$nlist"T "$nlist"'
 	    fi
 
 	    if test -n "$export_symbols_regex"; then
-	      $run eval 'egrep -e "$export_symbols_regex" "$nlist" > "$nlist"T'
+	      $run eval '$EGREP -e "$export_symbols_regex" "$nlist" > "$nlist"T'
 	      $run eval '$mv "$nlist"T "$nlist"'
 	    fi
 
 	    # Prepare the list of exported symbols
 	    if test -z "$export_symbols"; then
-	      export_symbols="$output_objdir/$output.exp"
+	      export_symbols="$output_objdir/$outputname.exp"
 	      $run $rm $export_symbols
-	      $run eval "sed -n -e '/^: @PROGRAM@$/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"'
+	      $run eval "${SED} -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"'
+              case $host in
+              *cygwin* | *mingw* )
+	        $run eval "echo EXPORTS "'> "$output_objdir/$outputname.def"'
+		$run eval 'cat "$export_symbols" >> "$output_objdir/$outputname.def"'
+                ;;
+              esac
 	    else
-	      $run eval "sed -e 's/\([][.*^$]\)/\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$output.exp"'
-	      $run eval 'grep -f "$output_objdir/$output.exp" < "$nlist" > "$nlist"T'
+	      $run eval "${SED} -e 's/\([].[*^$]\)/\\\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"'
+	      $run eval 'grep -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T'
 	      $run eval 'mv "$nlist"T "$nlist"'
+              case $host in
+              *cygwin* | *mingw* )
+	        $run eval "echo EXPORTS "'> "$output_objdir/$outputname.def"'
+		$run eval 'cat "$nlist" >> "$output_objdir/$outputname.def"'
+                ;;
+              esac
 	    fi
 	  fi
 
 	  for arg in $dlprefiles; do
 	    $show "extracting global C symbols from \`$arg'"
-	    name=`echo "$arg" | sed -e 's%^.*/%%'`
-	    $run eval 'echo ": $name " >> "$nlist"'
+	    name=`$echo "$arg" | ${SED} -e 's%^.*/%%'`
+	    $run eval '$echo ": $name " >> "$nlist"'
 	    $run eval "$NM $arg | $global_symbol_pipe >> '$nlist'"
 	  done
 
@@ -3301,12 +4663,18 @@
 	    test -f "$nlist" || : > "$nlist"
 
 	    if test -n "$exclude_expsyms"; then
-	      egrep -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T
+	      $EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T
 	      $mv "$nlist"T "$nlist"
 	    fi
 
 	    # Try sorting and uniquifying the output.
-	    if grep -v "^: " < "$nlist" | sort +2 | uniq > "$nlist"S; then
+	    if grep -v "^: " < "$nlist" |
+		if sort -k 3 </dev/null >/dev/null 2>&1; then
+		  sort -k 3
+		else
+		  sort +2
+		fi |
+		uniq > "$nlist"S; then
 	      :
 	    else
 	      grep -v "^: " < "$nlist" > "$nlist"S
@@ -3315,7 +4683,7 @@
 	    if test -f "$nlist"S; then
 	      eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$dlsyms"'
 	    else
-	      echo '/* NONE */' >> "$output_objdir/$dlsyms"
+	      $echo '/* NONE */' >> "$output_objdir/$dlsyms"
 	    fi
 
 	    $echo >> "$output_objdir/$dlsyms" "\
@@ -3330,7 +4698,26 @@
 #endif
 
 /* The mapping between symbol names and symbols. */
+"
+
+	    case $host in
+	    *cygwin* | *mingw* )
+	  $echo >> "$output_objdir/$dlsyms" "\
+/* DATA imports from DLLs on WIN32 can't be const, because
+   runtime relocations are performed -- see ld's documentation
+   on pseudo-relocs */
+struct {
+"
+	      ;;
+	    * )
+	  $echo >> "$output_objdir/$dlsyms" "\
 const struct {
+"
+	      ;;
+	    esac
+
+
+	  $echo >> "$output_objdir/$dlsyms" "\
   const char *name;
   lt_ptr address;
 }
@@ -3367,30 +4754,43 @@
 	  *-*-freebsd2*|*-*-freebsd3.0*|*-*-freebsdelf3.0*)
 	    case "$compile_command " in
 	    *" -static "*) ;;
-	    *) pic_flag_for_symtable=" $pic_flag -DPIC -DFREEBSD_WORKAROUND";;
+	    *) pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND";;
 	    esac;;
 	  *-*-hpux*)
 	    case "$compile_command " in
 	    *" -static "*) ;;
-	    *) pic_flag_for_symtable=" $pic_flag -DPIC";;
+	    *) pic_flag_for_symtable=" $pic_flag";;
 	    esac
 	  esac
 
 	  # Now compile the dynamic symbol file.
-	  $show "(cd $output_objdir && $CC -c$no_builtin_flag$pic_flag_for_symtable \"$dlsyms\")"
-	  $run eval '(cd $output_objdir && $CC -c$no_builtin_flag$pic_flag_for_symtable "$dlsyms")' || exit $?
+	  $show "(cd $output_objdir && $LTCC  $LTCFLAGS -c$no_builtin_flag$pic_flag_for_symtable \"$dlsyms\")"
+	  $run eval '(cd $output_objdir && $LTCC  $LTCFLAGS -c$no_builtin_flag$pic_flag_for_symtable "$dlsyms")' || exit $?
 
 	  # Clean up the generated files.
 	  $show "$rm $output_objdir/$dlsyms $nlist ${nlist}S ${nlist}T"
 	  $run $rm "$output_objdir/$dlsyms" "$nlist" "${nlist}S" "${nlist}T"
 
 	  # Transform the symbol file into the correct name.
-	  compile_command=`$echo "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"`
-	  finalize_command=`$echo "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"`
+          case $host in
+          *cygwin* | *mingw* )
+            if test -f "$output_objdir/${outputname}.def" ; then
+              compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}.def $output_objdir/${outputname}S.${objext}%" | $NL2SP`
+              finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}.def $output_objdir/${outputname}S.${objext}%" | $NL2SP`
+            else
+              compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%" | $NL2SP`
+              finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%" | $NL2SP`
+             fi
+            ;;
+          * )
+            compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%" | $NL2SP`
+            finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%" | $NL2SP`
+            ;;
+          esac
 	  ;;
 	*)
 	  $echo "$modename: unknown suffix for \`$dlsyms'" 1>&2
-	  exit 1
+	  exit $EXIT_FAILURE
 	  ;;
 	esac
       else
@@ -3399,19 +4799,19 @@
 	# really was required.
 
 	# Nullify the symbol file.
-	compile_command=`$echo "X$compile_command" | $Xsed -e "s% @SYMFILE@%%"`
-	finalize_command=`$echo "X$finalize_command" | $Xsed -e "s% @SYMFILE@%%"`
+	compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "s% @SYMFILE@%%" | $NL2SP`
+	finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "s% @SYMFILE@%%" | $NL2SP`
       fi
 
-      if test $need_relink = no || test "$build_libtool_libs" != yes; then
+      if test "$need_relink" = no || test "$build_libtool_libs" != yes; then
 	# Replace the output file specification.
-	compile_command=`$echo "X$compile_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'`
+	compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e 's%@OUTPUT@%'"$output"'%g' | $NL2SP`
 	link_command="$compile_command$compile_rpath"
 
 	# We have no uninstalled library dependencies, so finalize right now.
 	$show "$link_command"
 	$run eval "$link_command"
-	status=$?
+	exit_status=$?
 
 	# Delete the generated files.
 	if test -n "$dlsyms"; then
@@ -3419,7 +4819,7 @@
 	  $run $rm "$output_objdir/${outputname}S.${objext}"
 	fi
 
-	exit $status
+	exit $exit_status
       fi
 
       if test -n "$shlibpath_var"; then
@@ -3478,7 +4878,7 @@
 	# Link the executable and exit
 	$show "$link_command"
 	$run eval "$link_command" || exit $?
-	exit 0
+	exit $EXIT_SUCCESS
       fi
 
       if test "$hardcode_action" = relink; then
@@ -3492,7 +4892,7 @@
 	if test "$fast_install" != no; then
 	  link_command="$finalize_var$compile_command$finalize_rpath"
 	  if test "$fast_install" = yes; then
-	    relink_command=`$echo "X$compile_var$compile_command$compile_rpath" | $Xsed -e 's%@OUTPUT@%\$progdir/\$file%g'`
+	    relink_command=`$echo "X$compile_var$compile_command$compile_rpath" | $SP2NL | $Xsed -e 's%@OUTPUT@%\$progdir/\$file%g' | $NL2SP`
 	  else
 	    # fast_install is set to needless
 	    relink_command=
@@ -3528,15 +4928,15 @@
 	    relink_command="$var=\"$var_value\"; export $var; $relink_command"
 	  fi
 	done
-	relink_command="cd `pwd`; $relink_command"
-	relink_command=`$echo "X$relink_command" | $Xsed -e "$sed_quote_subst"`
+	relink_command="(cd `pwd`; $relink_command)"
+	relink_command=`$echo "X$relink_command" | $SP2NL | $Xsed -e "$sed_quote_subst" | $NL2SP`
       fi
 
       # Quote $echo for shipping.
-      if test "X$echo" = "X$SHELL $0 --fallback-echo"; then
-	case $0 in
-	[\\/]* | [A-Za-z]:[\\/]*) qecho="$SHELL $0 --fallback-echo";;
-	*) qecho="$SHELL `pwd`/$0 --fallback-echo";;
+      if test "X$echo" = "X$SHELL $progpath --fallback-echo"; then
+	case $progpath in
+	[\\/]* | [A-Za-z]:[\\/]*) qecho="$SHELL $progpath --fallback-echo";;
+	*) qecho="$SHELL `pwd`/$progpath --fallback-echo";;
 	esac
 	qecho=`$echo "X$qecho" | $Xsed -e "$sed_quote_subst"`
       else
@@ -3548,16 +4948,377 @@
 	# win32 will think the script is a binary if it has
 	# a .exe suffix, so we strip it off here.
 	case $output in
-	  *.exe) output=`echo $output|sed 's,.exe$,,'` ;;
+	  *.exe) output=`$echo $output|${SED} 's,.exe$,,'` ;;
 	esac
 	# test for cygwin because mv fails w/o .exe extensions
 	case $host in
-	  *cygwin*) exeext=.exe ;;
+	  *cygwin*)
+	    exeext=.exe
+	    outputname=`$echo $outputname|${SED} 's,.exe$,,'` ;;
 	  *) exeext= ;;
 	esac
-	$rm $output
-	trap "$rm $output; exit 1" 1 2 15
+	case $host in
+	  *cygwin* | *mingw* )
+            output_name=`basename $output`
+            output_path=`dirname $output`
+            cwrappersource="$output_path/$objdir/lt-$output_name.c"
+            cwrapper="$output_path/$output_name.exe"
+            $rm $cwrappersource $cwrapper
+            trap "$rm $cwrappersource $cwrapper; exit $EXIT_FAILURE" 1 2 15
 
+	    cat > $cwrappersource <<EOF
+
+/* $cwrappersource - temporary wrapper executable for $objdir/$outputname
+   Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP
+
+   The $output program cannot be directly executed until all the libtool
+   libraries that it depends on are installed.
+
+   This wrapper executable should never be moved out of the build directory.
+   If it is, it will not operate correctly.
+
+   Currently, it simply execs the wrapper *script* "/bin/sh $output",
+   but could eventually absorb all of the scripts functionality and
+   exec $objdir/$outputname directly.
+*/
+EOF
+	    cat >> $cwrappersource<<"EOF"
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <malloc.h>
+#include <stdarg.h>
+#include <assert.h>
+#include <string.h>
+#include <ctype.h>
+#include <sys/stat.h>
+
+#if defined(PATH_MAX)
+# define LT_PATHMAX PATH_MAX
+#elif defined(MAXPATHLEN)
+# define LT_PATHMAX MAXPATHLEN
+#else
+# define LT_PATHMAX 1024
+#endif
+
+#ifndef DIR_SEPARATOR
+# define DIR_SEPARATOR '/'
+# define PATH_SEPARATOR ':'
+#endif
+
+#if defined (_WIN32) || defined (__MSDOS__) || defined (__DJGPP__) || \
+  defined (__OS2__)
+# define HAVE_DOS_BASED_FILE_SYSTEM
+# ifndef DIR_SEPARATOR_2
+#  define DIR_SEPARATOR_2 '\\'
+# endif
+# ifndef PATH_SEPARATOR_2
+#  define PATH_SEPARATOR_2 ';'
+# endif
+#endif
+
+#ifndef DIR_SEPARATOR_2
+# define IS_DIR_SEPARATOR(ch) ((ch) == DIR_SEPARATOR)
+#else /* DIR_SEPARATOR_2 */
+# define IS_DIR_SEPARATOR(ch) \
+        (((ch) == DIR_SEPARATOR) || ((ch) == DIR_SEPARATOR_2))
+#endif /* DIR_SEPARATOR_2 */
+
+#ifndef PATH_SEPARATOR_2
+# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR)
+#else /* PATH_SEPARATOR_2 */
+# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR_2)
+#endif /* PATH_SEPARATOR_2 */
+
+#define XMALLOC(type, num)      ((type *) xmalloc ((num) * sizeof(type)))
+#define XFREE(stale) do { \
+  if (stale) { free ((void *) stale); stale = 0; } \
+} while (0)
+
+/* -DDEBUG is fairly common in CFLAGS.  */
+#undef DEBUG
+#if defined DEBUGWRAPPER
+# define DEBUG(format, ...) fprintf(stderr, format, __VA_ARGS__)
+#else
+# define DEBUG(format, ...)
+#endif
+
+const char *program_name = NULL;
+
+void * xmalloc (size_t num);
+char * xstrdup (const char *string);
+const char * base_name (const char *name);
+char * find_executable(const char *wrapper);
+int    check_executable(const char *path);
+char * strendzap(char *str, const char *pat);
+void lt_fatal (const char *message, ...);
+
+int
+main (int argc, char *argv[])
+{
+  char **newargz;
+  int i;
+
+  program_name = (char *) xstrdup (base_name (argv[0]));
+  DEBUG("(main) argv[0]      : %s\n",argv[0]);
+  DEBUG("(main) program_name : %s\n",program_name);
+  newargz = XMALLOC(char *, argc+2);
+EOF
+
+            cat >> $cwrappersource <<EOF
+  newargz[0] = (char *) xstrdup("$SHELL");
+EOF
+
+            cat >> $cwrappersource <<"EOF"
+  newargz[1] = find_executable(argv[0]);
+  if (newargz[1] == NULL)
+    lt_fatal("Couldn't find %s", argv[0]);
+  DEBUG("(main) found exe at : %s\n",newargz[1]);
+  /* we know the script has the same name, without the .exe */
+  /* so make sure newargz[1] doesn't end in .exe */
+  strendzap(newargz[1],".exe");
+  for (i = 1; i < argc; i++)
+    newargz[i+1] = xstrdup(argv[i]);
+  newargz[argc+1] = NULL;
+
+  for (i=0; i<argc+1; i++)
+  {
+    DEBUG("(main) newargz[%d]   : %s\n",i,newargz[i]);
+    ;
+  }
+
+EOF
+
+            case $host_os in
+              mingw*)
+                cat >> $cwrappersource <<EOF
+  execv("$SHELL",(char const **)newargz);
+EOF
+              ;;
+              *)
+                cat >> $cwrappersource <<EOF
+  execv("$SHELL",newargz);
+EOF
+              ;;
+            esac
+
+            cat >> $cwrappersource <<"EOF"
+  return 127;
+}
+
+void *
+xmalloc (size_t num)
+{
+  void * p = (void *) malloc (num);
+  if (!p)
+    lt_fatal ("Memory exhausted");
+
+  return p;
+}
+
+char *
+xstrdup (const char *string)
+{
+  return string ? strcpy ((char *) xmalloc (strlen (string) + 1), string) : NULL
+;
+}
+
+const char *
+base_name (const char *name)
+{
+  const char *base;
+
+#if defined (HAVE_DOS_BASED_FILE_SYSTEM)
+  /* Skip over the disk name in MSDOS pathnames. */
+  if (isalpha ((unsigned char)name[0]) && name[1] == ':')
+    name += 2;
+#endif
+
+  for (base = name; *name; name++)
+    if (IS_DIR_SEPARATOR (*name))
+      base = name + 1;
+  return base;
+}
+
+int
+check_executable(const char * path)
+{
+  struct stat st;
+
+  DEBUG("(check_executable)  : %s\n", path ? (*path ? path : "EMPTY!") : "NULL!");
+  if ((!path) || (!*path))
+    return 0;
+
+  if ((stat (path, &st) >= 0) &&
+      (
+        /* MinGW & native WIN32 do not support S_IXOTH or S_IXGRP */
+#if defined (S_IXOTH)
+       ((st.st_mode & S_IXOTH) == S_IXOTH) ||
+#endif
+#if defined (S_IXGRP)
+       ((st.st_mode & S_IXGRP) == S_IXGRP) ||
+#endif
+       ((st.st_mode & S_IXUSR) == S_IXUSR))
+      )
+    return 1;
+  else
+    return 0;
+}
+
+/* Searches for the full path of the wrapper.  Returns
+   newly allocated full path name if found, NULL otherwise */
+char *
+find_executable (const char* wrapper)
+{
+  int has_slash = 0;
+  const char* p;
+  const char* p_next;
+  /* static buffer for getcwd */
+  char tmp[LT_PATHMAX + 1];
+  int tmp_len;
+  char* concat_name;
+
+  DEBUG("(find_executable)  : %s\n", wrapper ? (*wrapper ? wrapper : "EMPTY!") : "NULL!");
+
+  if ((wrapper == NULL) || (*wrapper == '\0'))
+    return NULL;
+
+  /* Absolute path? */
+#if defined (HAVE_DOS_BASED_FILE_SYSTEM)
+  if (isalpha ((unsigned char)wrapper[0]) && wrapper[1] == ':')
+  {
+    concat_name = xstrdup (wrapper);
+    if (check_executable(concat_name))
+      return concat_name;
+    XFREE(concat_name);
+  }
+  else
+  {
+#endif
+    if (IS_DIR_SEPARATOR (wrapper[0]))
+    {
+      concat_name = xstrdup (wrapper);
+      if (check_executable(concat_name))
+        return concat_name;
+      XFREE(concat_name);
+    }
+#if defined (HAVE_DOS_BASED_FILE_SYSTEM)
+  }
+#endif
+
+  for (p = wrapper; *p; p++)
+    if (*p == '/')
+    {
+      has_slash = 1;
+      break;
+    }
+  if (!has_slash)
+  {
+    /* no slashes; search PATH */
+    const char* path = getenv ("PATH");
+    if (path != NULL)
+    {
+      for (p = path; *p; p = p_next)
+      {
+        const char* q;
+        size_t p_len;
+        for (q = p; *q; q++)
+          if (IS_PATH_SEPARATOR(*q))
+            break;
+        p_len = q - p;
+        p_next = (*q == '\0' ? q : q + 1);
+        if (p_len == 0)
+        {
+          /* empty path: current directory */
+          if (getcwd (tmp, LT_PATHMAX) == NULL)
+            lt_fatal ("getcwd failed");
+          tmp_len = strlen(tmp);
+          concat_name = XMALLOC(char, tmp_len + 1 + strlen(wrapper) + 1);
+          memcpy (concat_name, tmp, tmp_len);
+          concat_name[tmp_len] = '/';
+          strcpy (concat_name + tmp_len + 1, wrapper);
+        }
+        else
+        {
+          concat_name = XMALLOC(char, p_len + 1 + strlen(wrapper) + 1);
+          memcpy (concat_name, p, p_len);
+          concat_name[p_len] = '/';
+          strcpy (concat_name + p_len + 1, wrapper);
+        }
+        if (check_executable(concat_name))
+          return concat_name;
+        XFREE(concat_name);
+      }
+    }
+    /* not found in PATH; assume curdir */
+  }
+  /* Relative path | not found in path: prepend cwd */
+  if (getcwd (tmp, LT_PATHMAX) == NULL)
+    lt_fatal ("getcwd failed");
+  tmp_len = strlen(tmp);
+  concat_name = XMALLOC(char, tmp_len + 1 + strlen(wrapper) + 1);
+  memcpy (concat_name, tmp, tmp_len);
+  concat_name[tmp_len] = '/';
+  strcpy (concat_name + tmp_len + 1, wrapper);
+
+  if (check_executable(concat_name))
+    return concat_name;
+  XFREE(concat_name);
+  return NULL;
+}
+
+char *
+strendzap(char *str, const char *pat)
+{
+  size_t len, patlen;
+
+  assert(str != NULL);
+  assert(pat != NULL);
+
+  len = strlen(str);
+  patlen = strlen(pat);
+
+  if (patlen <= len)
+  {
+    str += len - patlen;
+    if (strcmp(str, pat) == 0)
+      *str = '\0';
+  }
+  return str;
+}
+
+static void
+lt_error_core (int exit_status, const char * mode,
+          const char * message, va_list ap)
+{
+  fprintf (stderr, "%s: %s: ", program_name, mode);
+  vfprintf (stderr, message, ap);
+  fprintf (stderr, ".\n");
+
+  if (exit_status >= 0)
+    exit (exit_status);
+}
+
+void
+lt_fatal (const char *message, ...)
+{
+  va_list ap;
+  va_start (ap, message);
+  lt_error_core (EXIT_FAILURE, "FATAL", message, ap);
+  va_end (ap);
+}
+EOF
+          # we should really use a build-platform specific compiler
+          # here, but OTOH, the wrappers (shell script and this C one)
+          # are only useful if you want to execute the "real" binary.
+          # Since the "real" binary is built for $host, then this
+          # wrapper might as well be built for $host, too.
+          $run $LTCC $LTCFLAGS -s -o $cwrapper $cwrappersource
+          ;;
+        esac
+        $rm $output
+        trap "$rm $output; exit $EXIT_FAILURE" 1 2 15
+
 	$echo > $output "\
 #! $SHELL
 
@@ -3572,12 +5333,26 @@
 
 # Sed substitution that helps us do robust quoting.  It backslashifies
 # metacharacters that are still active within double-quoted strings.
-Xsed='sed -e 1s/^X//'
+Xsed='${SED} -e 1s/^X//'
 sed_quote_subst='$sed_quote_subst'
 
+# Be Bourne compatible (taken from Autoconf:_AS_BOURNE_COMPATIBLE).
+if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Zsh 3.x and 4.x performs word splitting on \${1+\"\$@\"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '\${1+\"\$@\"}'='\"\$@\"'
+  setopt NO_GLOB_SUBST
+else
+  case \`(set -o) 2>/dev/null\` in *posix*) set -o posix;; esac
+fi
+BIN_SH=xpg4; export BIN_SH # for Tru64
+DUALCASE=1; export DUALCASE # for MKS sh
+
 # The HP-UX ksh and POSIX shell print the target directory to stdout
 # if CDPATH is set.
-if test \"\${CDPATH+set}\" = set; then CDPATH=:; export CDPATH; fi
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
 
 relink_command=\"$relink_command\"
 
@@ -3610,7 +5385,7 @@
   test \"x\$thisdir\" = \"x\$file\" && thisdir=.
 
   # Follow symbolic links until we get to the real thisdir.
-  file=\`ls -ld \"\$file\" | sed -n 's/.*-> //p'\`
+  file=\`ls -ld \"\$file\" | ${SED} -n 's/.*-> //p'\`
   while test -n \"\$file\"; do
     destdir=\`\$echo \"X\$file\" | \$Xsed -e 's%/[^/]*\$%%'\`
 
@@ -3623,7 +5398,7 @@
     fi
 
     file=\`\$echo \"X\$file\" | \$Xsed -e 's%^.*/%%'\`
-    file=\`ls -ld \"\$thisdir/\$file\" | sed -n 's/.*-> //p'\`
+    file=\`ls -ld \"\$thisdir/\$file\" | ${SED} -n 's/.*-> //p'\`
   done
 
   # Try to get the absolute directory name.
@@ -3632,12 +5407,12 @@
 "
 
 	if test "$fast_install" = yes; then
-	  echo >> $output "\
+	  $echo >> $output "\
   program=lt-'$outputname'$exeext
   progdir=\"\$thisdir/$objdir\"
 
   if test ! -f \"\$progdir/\$program\" || \\
-     { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | sed 1q\`; \\
+     { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | ${SED} 1q\`; \\
        test \"X\$file\" != \"X\$progdir/\$program\"; }; then
 
     file=\"\$\$-\$program\"
@@ -3648,7 +5423,7 @@
       $rm \"\$progdir/\$file\"
     fi"
 
-	  echo >> $output "\
+	  $echo >> $output "\
 
     # relink executable if necessary
     if test -n \"\$relink_command\"; then
@@ -3656,7 +5431,7 @@
       else
 	$echo \"\$relink_command_output\" >&2
 	$rm \"\$progdir/\$file\"
-	exit 1
+	exit $EXIT_FAILURE
       fi
     fi
 
@@ -3666,13 +5441,13 @@
     $rm \"\$progdir/\$file\"
   fi"
 	else
-	  echo >> $output "\
+	  $echo >> $output "\
   program='$outputname'
   progdir=\"\$thisdir/$objdir\"
 "
 	fi
 
-	echo >> $output "\
+	$echo >> $output "\
 
   if test -f \"\$progdir/\$program\"; then"
 
@@ -3703,47 +5478,35 @@
       # Run the actual program with our arguments.
 "
 	case $host in
-	# win32 systems need to use the prog path for dll
-	# lookup to work
-	*-*-cygwin* | *-*-pw32*)
-	  $echo >> $output "\
-      exec \$progdir/\$program \${1+\"\$@\"}
-"
-	  ;;
-
 	# Backslashes separate directories on plain windows
 	*-*-mingw | *-*-os2*)
 	  $echo >> $output "\
-      exec \$progdir\\\\\$program \${1+\"\$@\"}
+      exec \"\$progdir\\\\\$program\" \${1+\"\$@\"}
 "
 	  ;;
 
 	*)
 	  $echo >> $output "\
-      # Export the path to the program.
-      PATH=\"\$progdir:\$PATH\"
-      export PATH
-
-      exec \$program \${1+\"\$@\"}
+      exec \"\$progdir/\$program\" \${1+\"\$@\"}
 "
 	  ;;
 	esac
 	$echo >> $output "\
-      \$echo \"\$0: cannot exec \$program \${1+\"\$@\"}\"
-      exit 1
+      \$echo \"\$0: cannot exec \$program \$*\"
+      exit $EXIT_FAILURE
     fi
   else
     # The program doesn't exist.
-    \$echo \"\$0: error: \$progdir/\$program does not exist\" 1>&2
+    \$echo \"\$0: error: \\\`\$progdir/\$program' does not exist\" 1>&2
     \$echo \"This script is just a wrapper for \$program.\" 1>&2
-    echo \"See the $PACKAGE documentation for more information.\" 1>&2
-    exit 1
+    $echo \"See the $PACKAGE documentation for more information.\" 1>&2
+    exit $EXIT_FAILURE
   fi
 fi\
 "
 	chmod +x $output
       fi
-      exit 0
+      exit $EXIT_SUCCESS
       ;;
     esac
 
@@ -3759,74 +5522,130 @@
 	  oldobjs="$libobjs_save"
 	  build_libtool_libs=no
 	else
-	  oldobjs="$objs$old_deplibs "`$echo "X$libobjs_save" | $SP2NL | $Xsed -e '/\.'${libext}'$/d' -e '/\.lib$/d' -e "$lo2o" | $NL2SP`
+	  oldobjs="$old_deplibs $non_pic_objects"
 	fi
 	addlibs="$old_convenience"
       fi
 
       if test -n "$addlibs"; then
 	gentop="$output_objdir/${outputname}x"
-	$show "${rm}r $gentop"
-	$run ${rm}r "$gentop"
-	$show "mkdir $gentop"
-	$run mkdir "$gentop"
-	status=$?
-	if test $status -ne 0 && test ! -d "$gentop"; then
-	  exit $status
-	fi
 	generated="$generated $gentop"
 
-	# Add in members from convenience archives.
-	for xlib in $addlibs; do
-	  # Extract the objects.
-	  case $xlib in
-	  [\\/]* | [A-Za-z]:[\\/]*) xabs="$xlib" ;;
-	  *) xabs=`pwd`"/$xlib" ;;
-	  esac
-	  xlib=`$echo "X$xlib" | $Xsed -e 's%^.*/%%'`
-	  xdir="$gentop/$xlib"
-
-	  $show "${rm}r $xdir"
-	  $run ${rm}r "$xdir"
-	  $show "mkdir $xdir"
-	  $run mkdir "$xdir"
-	  status=$?
-	  if test $status -ne 0 && test ! -d "$xdir"; then
-	    exit $status
-	  fi
-	  $show "(cd $xdir && $AR x $xabs)"
-	  $run eval "(cd \$xdir && $AR x \$xabs)" || exit $?
-
-	  oldobjs="$oldobjs "`find $xdir -name \*.${objext} -print -o -name \*.lo -print | $NL2SP`
-	done
+	func_extract_archives $gentop $addlibs
+	oldobjs="$oldobjs $func_extract_archives_result"
       fi
 
       # Do each command in the archive commands.
       if test -n "$old_archive_from_new_cmds" && test "$build_libtool_libs" = yes; then
-	eval cmds=\"$old_archive_from_new_cmds\"
+       cmds=$old_archive_from_new_cmds
       else
-	# Ensure that we have .o objects in place in case we decided
-	# not to build a shared library, and have fallen back to building
-	# static libs even though --disable-static was passed!
-	for oldobj in $oldobjs; do
-	  if test ! -f $oldobj; then
-	    xdir=`$echo "X$oldobj" | $Xsed -e 's%/[^/]*$%%'`
-	    if test "X$xdir" = "X$oldobj"; then
-	      xdir="."
-	    else
-	      xdir="$xdir"
+	# POSIX demands no paths to be encoded in archives.  We have
+	# to avoid creating archives with duplicate basenames if we
+	# might have to extract them afterwards, e.g., when creating a
+	# static archive out of a convenience library, or when linking
+	# the entirety of a libtool archive into another (currently
+	# not supported by libtool).
+	if (for obj in $oldobjs
+	    do
+	      $echo "X$obj" | $Xsed -e 's%^.*/%%'
+	    done | sort | sort -uc >/dev/null 2>&1); then
+	  :
+	else
+	  $echo "copying selected object files to avoid basename conflicts..."
+
+	  if test -z "$gentop"; then
+	    gentop="$output_objdir/${outputname}x"
+	    generated="$generated $gentop"
+
+	    $show "${rm}r $gentop"
+	    $run ${rm}r "$gentop"
+	    $show "$mkdir $gentop"
+	    $run $mkdir "$gentop"
+	    exit_status=$?
+	    if test "$exit_status" -ne 0 && test ! -d "$gentop"; then
+	      exit $exit_status
 	    fi
-	    baseobj=`$echo "X$oldobj" | $Xsed -e 's%^.*/%%'`
-	    obj=`$echo "X$baseobj" | $Xsed -e "$o2lo"`
-	    $show "(cd $xdir && ${LN_S} $obj $baseobj)"
-	    $run eval '(cd $xdir && ${LN_S} $obj $baseobj)' || exit $?
 	  fi
-	done
 
+	  save_oldobjs=$oldobjs
+	  oldobjs=
+	  counter=1
+	  for obj in $save_oldobjs
+	  do
+	    objbase=`$echo "X$obj" | $Xsed -e 's%^.*/%%'`
+	    case " $oldobjs " in
+	    " ") oldobjs=$obj ;;
+	    *[\ /]"$objbase "*)
+	      while :; do
+		# Make sure we don't pick an alternate name that also
+		# overlaps.
+		newobj=lt$counter-$objbase
+		counter=`expr $counter + 1`
+		case " $oldobjs " in
+		*[\ /]"$newobj "*) ;;
+		*) if test ! -f "$gentop/$newobj"; then break; fi ;;
+		esac
+	      done
+	      $show "ln $obj $gentop/$newobj || cp $obj $gentop/$newobj"
+	      $run ln "$obj" "$gentop/$newobj" ||
+	      $run cp "$obj" "$gentop/$newobj"
+	      oldobjs="$oldobjs $gentop/$newobj"
+	      ;;
+	    *) oldobjs="$oldobjs $obj" ;;
+	    esac
+	  done
+	fi
+
 	eval cmds=\"$old_archive_cmds\"
+
+	if len=`expr "X$cmds" : ".*"` &&
+	     test "$len" -le "$max_cmd_len" || test "$max_cmd_len" -le -1; then
+	  cmds=$old_archive_cmds
+	else
+	  # the command line is too long to link in one step, link in parts
+	  $echo "using piecewise archive linking..."
+	  save_RANLIB=$RANLIB
+	  RANLIB=:
+	  objlist=
+	  concat_cmds=
+	  save_oldobjs=$oldobjs
+
+	  # Is there a better way of finding the last object in the list?
+	  for obj in $save_oldobjs
+	  do
+	    last_oldobj=$obj
+	  done
+	  for obj in $save_oldobjs
+	  do
+	    oldobjs="$objlist $obj"
+	    objlist="$objlist $obj"
+	    eval test_cmds=\"$old_archive_cmds\"
+	    if len=`expr "X$test_cmds" : ".*" 2>/dev/null` &&
+	       test "$len" -le "$max_cmd_len"; then
+	      :
+	    else
+	      # the above command should be used before it gets too long
+	      oldobjs=$objlist
+	      if test "$obj" = "$last_oldobj" ; then
+	        RANLIB=$save_RANLIB
+	      fi
+	      test -z "$concat_cmds" || concat_cmds=$concat_cmds~
+	      eval concat_cmds=\"\${concat_cmds}$old_archive_cmds\"
+	      objlist=
+	    fi
+	  done
+	  RANLIB=$save_RANLIB
+	  oldobjs=$objlist
+	  if test "X$oldobjs" = "X" ; then
+	    eval cmds=\"\$concat_cmds\"
+	  else
+	    eval cmds=\"\$concat_cmds~\$old_archive_cmds\"
+	  fi
+	fi
       fi
       save_ifs="$IFS"; IFS='~'
       for cmd in $cmds; do
+        eval cmd=\"$cmd\"
 	IFS="$save_ifs"
 	$show "$cmd"
 	$run eval "$cmd" || exit $?
@@ -3858,9 +5677,13 @@
 	fi
       done
       # Quote the link command for shipping.
-      relink_command="cd `pwd`; $SHELL $0 --mode=relink $libtool_args"
-      relink_command=`$echo "X$relink_command" | $Xsed -e "$sed_quote_subst"`
+      relink_command="(cd `pwd`; $SHELL $progpath $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)"
+      relink_command=`$echo "X$relink_command" | $SP2NL | $Xsed -e "$sed_quote_subst" | $NL2SP`
+      if test "$hardcode_automatic" = yes ; then
+	relink_command=
+      fi
 
+
       # Only create the output if not a dry run.
       if test -z "$run"; then
 	for installed in no yes; do
@@ -3875,10 +5698,10 @@
 	      case $deplib in
 	      *.la)
 		name=`$echo "X$deplib" | $Xsed -e 's%^.*/%%'`
-		eval libdir=`sed -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
+		eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
 		if test -z "$libdir"; then
 		  $echo "$modename: \`$deplib' is not a valid libtool archive" 1>&2
-		  exit 1
+		  exit $EXIT_FAILURE
 		fi
 		newdependency_libs="$newdependency_libs $libdir/$name"
 		;;
@@ -3889,10 +5712,10 @@
 	    newdlfiles=
 	    for lib in $dlfiles; do
 	      name=`$echo "X$lib" | $Xsed -e 's%^.*/%%'`
-	      eval libdir=`sed -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
+	      eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
 	      if test -z "$libdir"; then
 		$echo "$modename: \`$lib' is not a valid libtool archive" 1>&2
-		exit 1
+		exit $EXIT_FAILURE
 	      fi
 	      newdlfiles="$newdlfiles $libdir/$name"
 	    done
@@ -3900,20 +5723,39 @@
 	    newdlprefiles=
 	    for lib in $dlprefiles; do
 	      name=`$echo "X$lib" | $Xsed -e 's%^.*/%%'`
-	      eval libdir=`sed -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
+	      eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
 	      if test -z "$libdir"; then
 		$echo "$modename: \`$lib' is not a valid libtool archive" 1>&2
-		exit 1
+		exit $EXIT_FAILURE
 	      fi
 	      newdlprefiles="$newdlprefiles $libdir/$name"
 	    done
 	    dlprefiles="$newdlprefiles"
+	  else
+	    newdlfiles=
+	    for lib in $dlfiles; do
+	      case $lib in
+		[\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;;
+		*) abs=`pwd`"/$lib" ;;
+	      esac
+	      newdlfiles="$newdlfiles $abs"
+	    done
+	    dlfiles="$newdlfiles"
+	    newdlprefiles=
+	    for lib in $dlprefiles; do
+	      case $lib in
+		[\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;;
+		*) abs=`pwd`"/$lib" ;;
+	      esac
+	      newdlprefiles="$newdlprefiles $abs"
+	    done
+	    dlprefiles="$newdlprefiles"
 	  fi
 	  $rm $output
 	  # place dlname in correct position for cygwin
 	  tdlname=$dlname
 	  case $host,$output,$installed,$module,$dlname in
-	    *cygwin*,*lai,yes,no,*.dll) tdlname=../bin/$dlname ;;
+	    *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll) tdlname=../bin/$dlname ;;
 	  esac
 	  $echo > $output "\
 # $outputname - a libtool library file
@@ -3942,13 +5784,16 @@
 # Is this an already installed library?
 installed=$installed
 
+# Should we warn about portability when linking against -modules?
+shouldnotlink=$module
+
 # Files to dlopen/dlpreopen
 dlopen='$dlfiles'
 dlpreopen='$dlprefiles'
 
 # Directory that this library needs to be installed in:
 libdir='$install_libdir'"
-	  if test "$installed" = no && test $need_relink = yes; then
+	  if test "$installed" = no && test "$need_relink" = yes; then
 	    $echo >> $output "\
 relink_command=\"$relink_command\""
 	  fi
@@ -3961,7 +5806,7 @@
       $run eval '(cd $output_objdir && $rm $outputname && $LN_S ../$outputname $outputname)' || exit $?
       ;;
     esac
-    exit 0
+    exit $EXIT_SUCCESS
     ;;
 
   # libtool install mode
@@ -3972,11 +5817,11 @@
     # install_prog (especially on Windows NT).
     if test "$nonopt" = "$SHELL" || test "$nonopt" = /bin/sh ||
        # Allow the use of GNU shtool's install command.
-       $echo "X$nonopt" | $Xsed | grep shtool > /dev/null; then
+       $echo "X$nonopt" | grep shtool > /dev/null; then
       # Aesthetically quote it.
       arg=`$echo "X$nonopt" | $Xsed -e "$sed_quote_subst"`
       case $arg in
-      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*)
+      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
 	arg="\"$arg\""
 	;;
       esac
@@ -3985,14 +5830,14 @@
       shift
     else
       install_prog=
-      arg="$nonopt"
+      arg=$nonopt
     fi
 
     # The real first argument should be the name of the installation program.
     # Aesthetically quote it.
     arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
     case $arg in
-    *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*)
+    *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
       arg="\"$arg\""
       ;;
     esac
@@ -4010,28 +5855,31 @@
     do
       if test -n "$dest"; then
 	files="$files $dest"
-	dest="$arg"
+	dest=$arg
 	continue
       fi
 
       case $arg in
       -d) isdir=yes ;;
-      -f) prev="-f" ;;
-      -g) prev="-g" ;;
-      -m) prev="-m" ;;
-      -o) prev="-o" ;;
+      -f) 
+      	case " $install_prog " in
+	*[\\\ /]cp\ *) ;;
+	*) prev=$arg ;;
+	esac
+	;;
+      -g | -m | -o) prev=$arg ;;
       -s)
 	stripme=" -s"
 	continue
 	;;
-      -*) ;;
-
+      -*)
+	;;
       *)
 	# If the previous option needed an argument, then skip it.
 	if test -n "$prev"; then
 	  prev=
 	else
-	  dest="$arg"
+	  dest=$arg
 	  continue
 	fi
 	;;
@@ -4040,7 +5888,7 @@
       # Aesthetically quote the argument.
       arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
       case $arg in
-      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*)
+      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
 	arg="\"$arg\""
 	;;
       esac
@@ -4050,13 +5898,13 @@
     if test -z "$install_prog"; then
       $echo "$modename: you must specify an install program" 1>&2
       $echo "$help" 1>&2
-      exit 1
+      exit $EXIT_FAILURE
     fi
 
     if test -n "$prev"; then
       $echo "$modename: the \`$prev' option requires an argument" 1>&2
       $echo "$help" 1>&2
-      exit 1
+      exit $EXIT_FAILURE
     fi
 
     if test -z "$files"; then
@@ -4066,7 +5914,7 @@
 	$echo "$modename: you must specify a destination" 1>&2
       fi
       $echo "$help" 1>&2
-      exit 1
+      exit $EXIT_FAILURE
     fi
 
     # Strip any trailing slash from the destination.
@@ -4084,10 +5932,10 @@
 
       # Not a directory, so check to see that there is only one file specified.
       set dummy $files
-      if test $# -gt 2; then
+      if test "$#" -gt 2; then
 	$echo "$modename: \`$dest' is not a directory" 1>&2
 	$echo "$help" 1>&2
-	exit 1
+	exit $EXIT_FAILURE
       fi
     fi
     case $destdir in
@@ -4099,7 +5947,7 @@
 	*)
 	  $echo "$modename: \`$destdir' must be an absolute directory name" 1>&2
 	  $echo "$help" 1>&2
-	  exit 1
+	  exit $EXIT_FAILURE
 	  ;;
 	esac
       done
@@ -4124,11 +5972,11 @@
 
       *.la)
 	# Check to see that this really is a libtool archive.
-	if (sed -e '2q' $file | egrep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then :
+	if (${SED} -e '2q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then :
 	else
 	  $echo "$modename: \`$file' is not a valid libtool archive" 1>&2
 	  $echo "$help" 1>&2
-	  exit 1
+	  exit $EXIT_FAILURE
 	fi
 
 	library_names=
@@ -4159,12 +6007,33 @@
 	dir="$dir$objdir"
 
 	if test -n "$relink_command"; then
+	  # Determine the prefix the user has applied to our future dir.
+	  inst_prefix_dir=`$echo "$destdir" | $SED "s%$libdir\$%%"`
+
+	  # Don't allow the user to place us outside of our expected
+	  # location b/c this prevents finding dependent libraries that
+	  # are installed to the same prefix.
+	  # At present, this check doesn't affect windows .dll's that
+	  # are installed into $libdir/../bin (currently, that works fine)
+	  # but it's something to keep an eye on.
+	  if test "$inst_prefix_dir" = "$destdir"; then
+	    $echo "$modename: error: cannot install \`$file' to a directory not ending in $libdir" 1>&2
+	    exit $EXIT_FAILURE
+	  fi
+
+	  if test -n "$inst_prefix_dir"; then
+	    # Stick the inst_prefix_dir data into the link command.
+	    relink_command=`$echo "$relink_command" | $SP2NL | $SED "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%" | $NL2SP`
+	  else
+	    relink_command=`$echo "$relink_command" | $SP2NL | $SED "s%@inst_prefix_dir@%%" | $NL2SP`
+	  fi
+
 	  $echo "$modename: warning: relinking \`$file'" 1>&2
 	  $show "$relink_command"
 	  if $run eval "$relink_command"; then :
 	  else
 	    $echo "$modename: error: relink \`$file' with the above command before installing it" 1>&2
-	    continue
+	    exit $EXIT_FAILURE
 	  fi
 	fi
 
@@ -4186,25 +6055,38 @@
 	    $run eval "$striplib $destdir/$realname" || exit $?
 	  fi
 
-	  if test $# -gt 0; then
+	  if test "$#" -gt 0; then
 	    # Delete the old symlinks, and create new ones.
+	    # Try `ln -sf' first, because the `ln' binary might depend on
+	    # the symlink we replace!  Solaris /bin/ln does not understand -f,
+	    # so we also need to try rm && ln -s.
 	    for linkname
 	    do
 	      if test "$linkname" != "$realname"; then
-		$show "(cd $destdir && $rm $linkname && $LN_S $realname $linkname)"
-		$run eval "(cd $destdir && $rm $linkname && $LN_S $realname $linkname)"
+                $show "(cd $destdir && { $LN_S -f $realname $linkname || { $rm $linkname && $LN_S $realname $linkname; }; })"
+                $run eval "(cd $destdir && { $LN_S -f $realname $linkname || { $rm $linkname && $LN_S $realname $linkname; }; })"
 	      fi
 	    done
 	  fi
 
 	  # Do each command in the postinstall commands.
 	  lib="$destdir/$realname"
-	  eval cmds=\"$postinstall_cmds\"
+	  cmds=$postinstall_cmds
 	  save_ifs="$IFS"; IFS='~'
 	  for cmd in $cmds; do
 	    IFS="$save_ifs"
+	    eval cmd=\"$cmd\"
 	    $show "$cmd"
-	    $run eval "$cmd" || exit $?
+	    $run eval "$cmd" || {
+	      lt_exit=$?
+
+	      # Restore the uninstalled library and exit
+	      if test "$mode" = relink; then
+		$run eval '(cd $output_objdir && $rm ${realname}T && $mv ${realname}U $realname)'
+	      fi
+
+	      exit $lt_exit
+	    }
 	  done
 	  IFS="$save_ifs"
 	fi
@@ -4242,7 +6124,7 @@
 	*)
 	  $echo "$modename: cannot copy a libtool object to \`$destfile'" 1>&2
 	  $echo "$help" 1>&2
-	  exit 1
+	  exit $EXIT_FAILURE
 	  ;;
 	esac
 
@@ -4260,7 +6142,7 @@
 	  $show "$install_prog $staticobj $staticdest"
 	  $run eval "$install_prog \$staticobj \$staticdest" || exit $?
 	fi
-	exit 0
+	exit $EXIT_SUCCESS
 	;;
 
       *)
@@ -4272,21 +6154,47 @@
 	  destfile="$destdir/$destfile"
 	fi
 
+	# If the file is missing, and there is a .exe on the end, strip it
+	# because it is most likely a libtool script we actually want to
+	# install
+	stripped_ext=""
+	case $file in
+	  *.exe)
+	    if test ! -f "$file"; then
+	      file=`$echo $file|${SED} 's,.exe$,,'`
+	      stripped_ext=".exe"
+	    fi
+	    ;;
+	esac
+
 	# Do a test to see if this is really a libtool program.
-	if (sed -e '4q' $file | egrep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
+	case $host in
+	*cygwin*|*mingw*)
+	    wrapper=`$echo $file | ${SED} -e 's,.exe$,,'`
+	    ;;
+	*)
+	    wrapper=$file
+	    ;;
+	esac
+	if (${SED} -e '4q' $wrapper | grep "^# Generated by .*$PACKAGE")>/dev/null 2>&1; then
 	  notinst_deplibs=
 	  relink_command=
 
+	  # Note that it is not necessary on cygwin/mingw to append a dot to
+	  # foo even if both foo and FILE.exe exist: automatic-append-.exe
+	  # behavior happens only for exec(3), not for open(2)!  Also, sourcing
+	  # `FILE.' does not work on cygwin managed mounts.
+	  #
 	  # If there is no directory component, then add one.
-	  case $file in
-	  */* | *\\*) . $file ;;
-	  *) . ./$file ;;
+	  case $wrapper in
+	  */* | *\\*) . ${wrapper} ;;
+	  *) . ./${wrapper} ;;
 	  esac
 
 	  # Check the variables that should have been set.
 	  if test -z "$notinst_deplibs"; then
-	    $echo "$modename: invalid libtool wrapper script \`$file'" 1>&2
-	    exit 1
+	    $echo "$modename: invalid libtool wrapper script \`$wrapper'" 1>&2
+	    exit $EXIT_FAILURE
 	  fi
 
 	  finalize=yes
@@ -4308,27 +6216,25 @@
 	  done
 
 	  relink_command=
+	  # Note that it is not necessary on cygwin/mingw to append a dot to
+	  # foo even if both foo and FILE.exe exist: automatic-append-.exe
+	  # behavior happens only for exec(3), not for open(2)!  Also, sourcing
+	  # `FILE.' does not work on cygwin managed mounts.
+	  #
 	  # If there is no directory component, then add one.
-	  case $file in
-	  */* | *\\*) . $file ;;
-	  *) . ./$file ;;
+	  case $wrapper in
+	  */* | *\\*) . ${wrapper} ;;
+	  *) . ./${wrapper} ;;
 	  esac
 
 	  outputname=
 	  if test "$fast_install" = no && test -n "$relink_command"; then
 	    if test "$finalize" = yes && test -z "$run"; then
-	      tmpdir="/tmp"
-	      test -n "$TMPDIR" && tmpdir="$TMPDIR"
-	      tmpdir="$tmpdir/libtool-$$"
-	      if $mkdir -p "$tmpdir" && chmod 700 "$tmpdir"; then :
-	      else
-		$echo "$modename: error: cannot create temporary directory \`$tmpdir'" 1>&2
-		continue
-	      fi
-	      file=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
+	      tmpdir=`func_mktempdir`
+	      file=`$echo "X$file$stripped_ext" | $Xsed -e 's%^.*/%%'`
 	      outputname="$tmpdir/$file"
 	      # Replace the output file specification.
-	      relink_command=`$echo "X$relink_command" | $Xsed -e 's%@OUTPUT@%'"$outputname"'%g'`
+	      relink_command=`$echo "X$relink_command" | $SP2NL | $Xsed -e 's%@OUTPUT@%'"$outputname"'%g' | $NL2SP`
 
 	      $show "$relink_command"
 	      if $run eval "$relink_command"; then :
@@ -4343,14 +6249,14 @@
 	    fi
 	  else
 	    # Install the binary that we compiled earlier.
-	    file=`$echo "X$file" | $Xsed -e "s%\([^/]*\)$%$objdir/\1%"`
+	    file=`$echo "X$file$stripped_ext" | $Xsed -e "s%\([^/]*\)$%$objdir/\1%"`
 	  fi
 	fi
 
 	# remove .exe since cygwin /usr/bin/install will append another
-	# one anyways
+	# one anyway 
 	case $install_prog,$host in
-	/usr/bin/install*,*cygwin*)
+	*/usr/bin/install*,*cygwin*)
 	  case $file:$destfile in
 	  *.exe:*.exe)
 	    # this is ok
@@ -4359,7 +6265,7 @@
 	    destfile=$destfile.exe
 	    ;;
 	  *:*.exe)
-	    destfile=`echo $destfile | sed -e 's,.exe$,,'`
+	    destfile=`$echo $destfile | ${SED} -e 's,.exe$,,'`
 	    ;;
 	  esac
 	  ;;
@@ -4380,16 +6286,17 @@
       $show "$install_prog $file $oldlib"
       $run eval "$install_prog \$file \$oldlib" || exit $?
 
-      if test -n "$stripme" && test -n "$striplib"; then
+      if test -n "$stripme" && test -n "$old_striplib"; then
 	$show "$old_striplib $oldlib"
 	$run eval "$old_striplib $oldlib" || exit $?
       fi
 
       # Do each command in the postinstall commands.
-      eval cmds=\"$old_postinstall_cmds\"
+      cmds=$old_postinstall_cmds
       save_ifs="$IFS"; IFS='~'
       for cmd in $cmds; do
 	IFS="$save_ifs"
+	eval cmd=\"$cmd\"
 	$show "$cmd"
 	$run eval "$cmd" || exit $?
       done
@@ -4403,9 +6310,9 @@
     if test -n "$current_libdirs"; then
       # Maybe just do a dry run.
       test -n "$run" && current_libdirs=" -n$current_libdirs"
-      exec_cmd='$SHELL $0 --finish$current_libdirs'
+      exec_cmd='$SHELL $progpath $preserve_args --finish$current_libdirs'
     else
-      exit 0
+      exit $EXIT_SUCCESS
     fi
     ;;
 
@@ -4424,10 +6331,11 @@
       for libdir in $libdirs; do
 	if test -n "$finish_cmds"; then
 	  # Do each command in the finish commands.
-	  eval cmds=\"$finish_cmds\"
+	  cmds=$finish_cmds
 	  save_ifs="$IFS"; IFS='~'
 	  for cmd in $cmds; do
 	    IFS="$save_ifs"
+	    eval cmd=\"$cmd\"
 	    $show "$cmd"
 	    $run eval "$cmd" || admincmds="$admincmds
        $cmd"
@@ -4444,43 +6352,43 @@
     fi
 
     # Exit here if they wanted silent mode.
-    test "$show" = ":" && exit 0
+    test "$show" = : && exit $EXIT_SUCCESS
 
-    echo "----------------------------------------------------------------------"
-    echo "Libraries have been installed in:"
+    $echo "X----------------------------------------------------------------------" | $Xsed
+    $echo "Libraries have been installed in:"
     for libdir in $libdirs; do
-      echo "   $libdir"
+      $echo "   $libdir"
     done
-    echo
-    echo "If you ever happen to want to link against installed libraries"
-    echo "in a given directory, LIBDIR, you must either use libtool, and"
-    echo "specify the full pathname of the library, or use the \`-LLIBDIR'"
-    echo "flag during linking and do at least one of the following:"
+    $echo
+    $echo "If you ever happen to want to link against installed libraries"
+    $echo "in a given directory, LIBDIR, you must either use libtool, and"
+    $echo "specify the full pathname of the library, or use the \`-LLIBDIR'"
+    $echo "flag during linking and do at least one of the following:"
     if test -n "$shlibpath_var"; then
-      echo "   - add LIBDIR to the \`$shlibpath_var' environment variable"
-      echo "     during execution"
+      $echo "   - add LIBDIR to the \`$shlibpath_var' environment variable"
+      $echo "     during execution"
     fi
     if test -n "$runpath_var"; then
-      echo "   - add LIBDIR to the \`$runpath_var' environment variable"
-      echo "     during linking"
+      $echo "   - add LIBDIR to the \`$runpath_var' environment variable"
+      $echo "     during linking"
     fi
     if test -n "$hardcode_libdir_flag_spec"; then
       libdir=LIBDIR
       eval flag=\"$hardcode_libdir_flag_spec\"
 
-      echo "   - use the \`$flag' linker flag"
+      $echo "   - use the \`$flag' linker flag"
     fi
     if test -n "$admincmds"; then
-      echo "   - have your system administrator run these commands:$admincmds"
+      $echo "   - have your system administrator run these commands:$admincmds"
     fi
     if test -f /etc/ld.so.conf; then
-      echo "   - have your system administrator add LIBDIR to \`/etc/ld.so.conf'"
+      $echo "   - have your system administrator add LIBDIR to \`/etc/ld.so.conf'"
     fi
-    echo
-    echo "See any operating system documentation about shared libraries for"
-    echo "more information, such as the ld(1) and ld.so(8) manual pages."
-    echo "----------------------------------------------------------------------"
-    exit 0
+    $echo
+    $echo "See any operating system documentation about shared libraries for"
+    $echo "more information, such as the ld(1) and ld.so(8) manual pages."
+    $echo "X----------------------------------------------------------------------" | $Xsed
+    exit $EXIT_SUCCESS
     ;;
 
   # libtool execute mode
@@ -4492,7 +6400,7 @@
     if test -z "$cmd"; then
       $echo "$modename: you must specify a COMMAND" 1>&2
       $echo "$help"
-      exit 1
+      exit $EXIT_FAILURE
     fi
 
     # Handle -dlopen flags immediately.
@@ -4500,18 +6408,18 @@
       if test ! -f "$file"; then
 	$echo "$modename: \`$file' is not a file" 1>&2
 	$echo "$help" 1>&2
-	exit 1
+	exit $EXIT_FAILURE
       fi
 
       dir=
       case $file in
       *.la)
 	# Check to see that this really is a libtool archive.
-	if (sed -e '2q' $file | egrep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then :
+	if (${SED} -e '2q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then :
 	else
 	  $echo "$modename: \`$lib' is not a valid libtool archive" 1>&2
 	  $echo "$help" 1>&2
-	  exit 1
+	  exit $EXIT_FAILURE
 	fi
 
 	# Read the libtool library.
@@ -4537,8 +6445,10 @@
 	if test -f "$dir/$objdir/$dlname"; then
 	  dir="$dir/$objdir"
 	else
-	  $echo "$modename: cannot find \`$dlname' in \`$dir' or \`$dir/$objdir'" 1>&2
-	  exit 1
+	  if test ! -f "$dir/$dlname"; then
+	    $echo "$modename: cannot find \`$dlname' in \`$dir' or \`$dir/$objdir'" 1>&2
+	    exit $EXIT_FAILURE
+	  fi
 	fi
 	;;
 
@@ -4578,7 +6488,7 @@
       -*) ;;
       *)
 	# Do a test to see if this is really a libtool program.
-	if (sed -e '4q' $file | egrep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
+	if (${SED} -e '4q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
 	  # If there is no directory component, then add one.
 	  case $file in
 	  */* | *\\*) . $file ;;
@@ -4601,16 +6511,16 @@
 	eval "export $shlibpath_var"
       fi
 
-      # Restore saved enviroment variables
-      if test "${save_LC_ALL+set}" = set; then
-	LC_ALL="$save_LC_ALL"; export LC_ALL
-      fi
-      if test "${save_LANG+set}" = set; then
-	LANG="$save_LANG"; export LANG
-      fi
+      # Restore saved environment variables
+      for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES
+      do
+	eval "if test \"\${save_$lt_var+set}\" = set; then
+		$lt_var=\$save_$lt_var; export $lt_var
+	      fi"
+      done
 
       # Now prepare to actually exec the command.
-      exec_cmd='"$cmd"$args'
+      exec_cmd="\$cmd$args"
     else
       # Display what would be done.
       if test -n "$shlibpath_var"; then
@@ -4618,7 +6528,7 @@
 	$echo "export $shlibpath_var"
       fi
       $echo "$cmd$args"
-      exit 0
+      exit $EXIT_SUCCESS
     fi
     ;;
 
@@ -4646,24 +6556,25 @@
     if test -z "$rm"; then
       $echo "$modename: you must specify an RM program" 1>&2
       $echo "$help" 1>&2
-      exit 1
+      exit $EXIT_FAILURE
     fi
 
     rmdirs=
 
+    origobjdir="$objdir"
     for file in $files; do
       dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'`
       if test "X$dir" = "X$file"; then
 	dir=.
-	objdir="$objdir"
+	objdir="$origobjdir"
       else
-	objdir="$dir/$objdir"
+	objdir="$dir/$origobjdir"
       fi
       name=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
-      test $mode = uninstall && objdir="$dir"
+      test "$mode" = uninstall && objdir="$dir"
 
       # Remember objdir for removal later, being careful to avoid duplicates
-      if test $mode = clean; then
+      if test "$mode" = clean; then
 	case " $rmdirs " in
 	  *" $objdir "*) ;;
 	  *) rmdirs="$rmdirs $objdir" ;;
@@ -4687,7 +6598,7 @@
       case $name in
       *.la)
 	# Possibly a libtool archive, so verify it.
-	if (sed -e '2q' $file | egrep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
+	if (${SED} -e '2q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
 	  . $dir/$name
 
 	  # Delete the libtool libraries and symlinks.
@@ -4695,18 +6606,27 @@
 	    rmfiles="$rmfiles $objdir/$n"
 	  done
 	  test -n "$old_library" && rmfiles="$rmfiles $objdir/$old_library"
-	  test $mode = clean && rmfiles="$rmfiles $objdir/$name $objdir/${name}i"
 
-	  if test $mode = uninstall; then
+	  case "$mode" in
+	  clean)
+	    case "  $library_names " in
+	    # "  " in the beginning catches empty $dlname
+	    *" $dlname "*) ;;
+	    *) rmfiles="$rmfiles $objdir/$dlname" ;;
+	    esac
+	     test -n "$libdir" && rmfiles="$rmfiles $objdir/$name $objdir/${name}i"
+	    ;;
+	  uninstall)
 	    if test -n "$library_names"; then
 	      # Do each command in the postuninstall commands.
-	      eval cmds=\"$postuninstall_cmds\"
+	      cmds=$postuninstall_cmds
 	      save_ifs="$IFS"; IFS='~'
 	      for cmd in $cmds; do
 		IFS="$save_ifs"
+		eval cmd=\"$cmd\"
 		$show "$cmd"
 		$run eval "$cmd"
-		if test $? != 0 && test "$rmforce" != yes; then
+		if test "$?" -ne 0 && test "$rmforce" != yes; then
 		  exit_status=1
 		fi
 	      done
@@ -4715,40 +6635,72 @@
 
 	    if test -n "$old_library"; then
 	      # Do each command in the old_postuninstall commands.
-	      eval cmds=\"$old_postuninstall_cmds\"
+	      cmds=$old_postuninstall_cmds
 	      save_ifs="$IFS"; IFS='~'
 	      for cmd in $cmds; do
 		IFS="$save_ifs"
+		eval cmd=\"$cmd\"
 		$show "$cmd"
 		$run eval "$cmd"
-		if test $? != 0 && test "$rmforce" != yes; then
+		if test "$?" -ne 0 && test "$rmforce" != yes; then
 		  exit_status=1
 		fi
 	      done
 	      IFS="$save_ifs"
 	    fi
 	    # FIXME: should reinstall the best remaining shared library.
-	  fi
+	    ;;
+	  esac
 	fi
 	;;
 
       *.lo)
-	if test "$build_old_libs" = yes; then
-	  oldobj=`$echo "X$name" | $Xsed -e "$lo2o"`
-	  rmfiles="$rmfiles $dir/$oldobj"
+	# Possibly a libtool object, so verify it.
+	if (${SED} -e '2q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
+
+	  # Read the .lo file
+	  . $dir/$name
+
+	  # Add PIC object to the list of files to remove.
+	  if test -n "$pic_object" \
+	     && test "$pic_object" != none; then
+	    rmfiles="$rmfiles $dir/$pic_object"
+	  fi
+
+	  # Add non-PIC object to the list of files to remove.
+	  if test -n "$non_pic_object" \
+	     && test "$non_pic_object" != none; then
+	    rmfiles="$rmfiles $dir/$non_pic_object"
+	  fi
 	fi
 	;;
 
       *)
-	# Do a test to see if this is a libtool program.
-	if test $mode = clean &&
-	   (sed -e '4q' $file | egrep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
-	  relink_command=
-	  . $dir/$file
+	if test "$mode" = clean ; then
+	  noexename=$name
+	  case $file in
+	  *.exe)
+	    file=`$echo $file|${SED} 's,.exe$,,'`
+	    noexename=`$echo $name|${SED} 's,.exe$,,'`
+	    # $file with .exe has already been added to rmfiles,
+	    # add $file without .exe
+	    rmfiles="$rmfiles $file"
+	    ;;
+	  esac
+	  # Do a test to see if this is a libtool program.
+	  if (${SED} -e '4q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
+	    relink_command=
+	    . $dir/$noexename
 
-	  rmfiles="$rmfiles $objdir/$name $objdir/${name}S.${objext}"
-	  if test "$fast_install" = yes && test -n "$relink_command"; then
-	    rmfiles="$rmfiles $objdir/lt-$name"
+	    # note $name still contains .exe if it was in $file originally
+	    # as does the version of $file that was added into $rmfiles
+	    rmfiles="$rmfiles $objdir/$name $objdir/${name}S.${objext}"
+	    if test "$fast_install" = yes && test -n "$relink_command"; then
+	      rmfiles="$rmfiles $objdir/lt-$name"
+	    fi
+	    if test "X$noexename" != "X$name" ; then
+	      rmfiles="$rmfiles $objdir/lt-${noexename}.c"
+	    fi
 	  fi
 	fi
 	;;
@@ -4756,6 +6708,7 @@
       $show "$rm $rmfiles"
       $run $rm $rmfiles || exit_status=1
     done
+    objdir="$origobjdir"
 
     # Try to remove the ${objdir}s in the directories where we deleted files
     for dir in $rmdirs; do
@@ -4771,20 +6724,20 @@
   "")
     $echo "$modename: you must specify a MODE" 1>&2
     $echo "$generic_help" 1>&2
-    exit 1
+    exit $EXIT_FAILURE
     ;;
   esac
 
   if test -z "$exec_cmd"; then
     $echo "$modename: invalid operation mode \`$mode'" 1>&2
     $echo "$generic_help" 1>&2
-    exit 1
+    exit $EXIT_FAILURE
   fi
 fi # test -z "$show_help"
 
 if test -n "$exec_cmd"; then
   eval exec $exec_cmd
-  exit 1
+  exit $EXIT_FAILURE
 fi
 
 # We need to display help for each of the modes.
@@ -4803,6 +6756,7 @@
     --mode=MODE       use operation mode MODE [default=inferred from MODE-ARGS]
     --quiet           same as \`--silent'
     --silent          don't print informational messages
+    --tag=TAG         use configuration variables from tag TAG
     --version         print version information
 
 MODE must be one of the following:
@@ -4816,8 +6770,10 @@
       uninstall       remove libraries from an installed directory
 
 MODE-ARGS vary depending on the MODE.  Try \`$modename --help --mode=MODE' for
-a more detailed description of MODE."
-  exit 0
+a more detailed description of MODE.
+
+Report bugs to <bug-libtool at gnu.org>."
+  exit $EXIT_SUCCESS
   ;;
 
 clean)
@@ -4918,9 +6874,9 @@
   -dlpreopen FILE   link in FILE and add its symbols to lt_preloaded_symbols
   -export-dynamic   allow symbols from OUTPUT-FILE to be resolved with dlsym(3)
   -export-symbols SYMFILE
-		    try to export only the symbols listed in SYMFILE
+                    try to export only the symbols listed in SYMFILE
   -export-symbols-regex REGEX
-		    try to export only the symbols matching REGEX
+                    try to export only the symbols matching REGEX
   -LLIBDIR          search LIBDIR for required installed libraries
   -lNAME            OUTPUT-FILE requires the installed library libNAME
   -module           build a library that can dlopened
@@ -4928,12 +6884,17 @@
   -no-install       link a not-installable executable
   -no-undefined     declare that a library does not refer to external symbols
   -o OUTPUT-FILE    create OUTPUT-FILE from the specified objects
+  -objectlist FILE  Use a list of object files found in FILE to specify objects
+  -precious-files-regex REGEX
+                    don't remove output files matching REGEX
   -release RELEASE  specify package release information
   -rpath LIBDIR     the created library will eventually be installed in LIBDIR
   -R[ ]LIBDIR       add LIBDIR to the runtime path of programs and libraries
-  -static           do not do any dynamic linking of libtool libraries
+  -static           do not do any dynamic linking of uninstalled libtool libraries
+  -static-libtool-libs
+                    do not do any dynamic linking of libtool libraries
   -version-info CURRENT[:REVISION[:AGE]]
-		    specify library version info [each variable defaults to 0]
+                    specify library version info [each variable defaults to 0]
 
 All other options (arguments beginning with \`-') are ignored.
 
@@ -4969,15 +6930,34 @@
 *)
   $echo "$modename: invalid operation mode \`$mode'" 1>&2
   $echo "$help" 1>&2
-  exit 1
+  exit $EXIT_FAILURE
   ;;
 esac
 
-echo
+$echo
 $echo "Try \`$modename --help' for more information about other modes."
 
-exit 0
+exit $?
 
+# The TAGs below are defined such that we never get into a situation
+# in which we disable both kinds of libraries.  Given conflicting
+# choices, we go for a static library, that is the most portable,
+# since we can't tell whether shared libraries were disabled because
+# the user asked for that or because the platform doesn't support
+# them.  This is particularly important on AIX, because we don't
+# support having both static and shared libraries enabled at the same
+# time on that platform, so we default to a shared-only configuration.
+# If a disable-shared tag is given, we'll fallback to a static-only
+# configuration.  But we'll never go from static-only to shared-only.
+
+# ### BEGIN LIBTOOL TAG CONFIG: disable-shared
+disable_libs=shared
+# ### END LIBTOOL TAG CONFIG: disable-shared
+
+# ### BEGIN LIBTOOL TAG CONFIG: disable-static
+disable_libs=static
+# ### END LIBTOOL TAG CONFIG: disable-static
+
 # Local Variables:
 # mode:shell-script
 # sh-indentation:2


From scm-commit at wald.intevation.org  Sun Oct 12 17:44:23 2008
From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org)
Date: Sun, 12 Oct 2008 17:44:23 +0200 (CEST)
Subject: [Openvas-commits] r1512 - trunk/openvas-server
Message-ID: <20081012154423.835934042A@pyrosoma.intevation.org>

Author: timb
Date: 2008-10-12 17:44:17 +0200 (Sun, 12 Oct 2008)
New Revision: 1512

Modified:
   trunk/openvas-server/ChangeLog
   trunk/openvas-server/configure
   trunk/openvas-server/configure.in
Log:
Refreshed auto* (autoconf) as ./configure was barfing

GLIB needs to be quoted when we pass it to PKG_CHECK_MODULES in configure.in, otherwise m4 tries to expand it



Modified: trunk/openvas-server/ChangeLog
===================================================================
--- trunk/openvas-server/ChangeLog	2008-10-12 15:22:45 UTC (rev 1511)
+++ trunk/openvas-server/ChangeLog	2008-10-12 15:44:17 UTC (rev 1512)
@@ -1,3 +1,10 @@
+2008-10-12  Tim Brown <timb at nth-dimension.org.uk>
+
+	* configure: Refreshed auto* (autoconf) as ./configure was barfing.
+
+	* configure, configure.in: GLIB needs to be quoted when we pass it to
+	PKG_CHECK_MODULES in configure.in, otherwise m4 tries to expand it.
+
 2008-10-01  Michael Wiegand <michael.wiegand at intevation.de>
 
 	* openvasd/oval_plugins.c: Changed to set OIDs exclusively; setting IDs

Modified: trunk/openvas-server/configure
===================================================================
--- trunk/openvas-server/configure	2008-10-12 15:22:45 UTC (rev 1511)
+++ trunk/openvas-server/configure	2008-10-12 15:44:17 UTC (rev 1512)
@@ -1,39 +1,758 @@
 #! /bin/sh
-
+# From configure.in Revision: 1213 .
 # Guess values for system-dependent variables and create Makefiles.
-# Generated automatically using autoconf version 2.13 
-# Copyright (C) 1992, 93, 94, 95, 96 Free Software Foundation, Inc.
+# Generated by GNU Autoconf 2.61.
 #
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
+# 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
 # This configure script is free software; the Free Software Foundation
 # gives unlimited permission to copy, distribute and modify it.
+## --------------------- ##
+## M4sh Initialization.  ##
+## --------------------- ##
 
-# Defaults:
-ac_help=
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in
+  *posix*) set -o posix ;;
+esac
+
+fi
+
+
+
+
+# PATH needs CR
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  echo "#! /bin/sh" >conf$$.sh
+  echo  "exit 0"   >>conf$$.sh
+  chmod +x conf$$.sh
+  if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
+    PATH_SEPARATOR=';'
+  else
+    PATH_SEPARATOR=:
+  fi
+  rm -f conf$$.sh
+fi
+
+# Support unset when possible.
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+  as_unset=unset
+else
+  as_unset=false
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+as_nl='
+'
+IFS=" ""	$as_nl"
+
+# Find who we are.  Look in the path if we contain no directory separator.
+case $0 in
+  *[\\/]* ) as_myself=$0 ;;
+  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+done
+IFS=$as_save_IFS
+
+     ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+  as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+  echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+  { (exit 1); exit 1; }
+fi
+
+# Work around bugs in pre-3.0 UWIN ksh.
+for as_var in ENV MAIL MAILPATH
+do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+for as_var in \
+  LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \
+  LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \
+  LC_TELEPHONE LC_TIME
+do
+  if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then
+    eval $as_var=C; export $as_var
+  else
+    ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+  fi
+done
+
+# Required to use basename.
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+
+# Name of the executable.
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+echo X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+
+# CDPATH.
+$as_unset CDPATH
+
+
+if test "x$CONFIG_SHELL" = x; then
+  if (eval ":") 2>/dev/null; then
+  as_have_required=yes
+else
+  as_have_required=no
+fi
+
+  if test $as_have_required = yes && 	 (eval ":
+(as_func_return () {
+  (exit \$1)
+}
+as_func_success () {
+  as_func_return 0
+}
+as_func_failure () {
+  as_func_return 1
+}
+as_func_ret_success () {
+  return 0
+}
+as_func_ret_failure () {
+  return 1
+}
+
+exitcode=0
+if as_func_success; then
+  :
+else
+  exitcode=1
+  echo as_func_success failed.
+fi
+
+if as_func_failure; then
+  exitcode=1
+  echo as_func_failure succeeded.
+fi
+
+if as_func_ret_success; then
+  :
+else
+  exitcode=1
+  echo as_func_ret_success failed.
+fi
+
+if as_func_ret_failure; then
+  exitcode=1
+  echo as_func_ret_failure succeeded.
+fi
+
+if ( set x; as_func_ret_success y && test x = \"\$1\" ); then
+  :
+else
+  exitcode=1
+  echo positional parameters were not saved.
+fi
+
+test \$exitcode = 0) || { (exit 1); exit 1; }
+
+(
+  as_lineno_1=\$LINENO
+  as_lineno_2=\$LINENO
+  test \"x\$as_lineno_1\" != \"x\$as_lineno_2\" &&
+  test \"x\`expr \$as_lineno_1 + 1\`\" = \"x\$as_lineno_2\") || { (exit 1); exit 1; }
+") 2> /dev/null; then
+  :
+else
+  as_candidate_shells=
+    as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  case $as_dir in
+	 /*)
+	   for as_base in sh bash ksh sh5; do
+	     as_candidate_shells="$as_candidate_shells $as_dir/$as_base"
+	   done;;
+       esac
+done
+IFS=$as_save_IFS
+
+
+      for as_shell in $as_candidate_shells $SHELL; do
+	 # Try only shells that exist, to save several forks.
+	 if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
+		{ ("$as_shell") 2> /dev/null <<\_ASEOF
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in
+  *posix*) set -o posix ;;
+esac
+
+fi
+
+
+:
+_ASEOF
+}; then
+  CONFIG_SHELL=$as_shell
+	       as_have_required=yes
+	       if { "$as_shell" 2> /dev/null <<\_ASEOF
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in
+  *posix*) set -o posix ;;
+esac
+
+fi
+
+
+:
+(as_func_return () {
+  (exit $1)
+}
+as_func_success () {
+  as_func_return 0
+}
+as_func_failure () {
+  as_func_return 1
+}
+as_func_ret_success () {
+  return 0
+}
+as_func_ret_failure () {
+  return 1
+}
+
+exitcode=0
+if as_func_success; then
+  :
+else
+  exitcode=1
+  echo as_func_success failed.
+fi
+
+if as_func_failure; then
+  exitcode=1
+  echo as_func_failure succeeded.
+fi
+
+if as_func_ret_success; then
+  :
+else
+  exitcode=1
+  echo as_func_ret_success failed.
+fi
+
+if as_func_ret_failure; then
+  exitcode=1
+  echo as_func_ret_failure succeeded.
+fi
+
+if ( set x; as_func_ret_success y && test x = "$1" ); then
+  :
+else
+  exitcode=1
+  echo positional parameters were not saved.
+fi
+
+test $exitcode = 0) || { (exit 1); exit 1; }
+
+(
+  as_lineno_1=$LINENO
+  as_lineno_2=$LINENO
+  test "x$as_lineno_1" != "x$as_lineno_2" &&
+  test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2") || { (exit 1); exit 1; }
+
+_ASEOF
+}; then
+  break
+fi
+
+fi
+
+      done
+
+      if test "x$CONFIG_SHELL" != x; then
+  for as_var in BASH_ENV ENV
+        do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+        done
+        export CONFIG_SHELL
+        exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"}
+fi
+
+
+    if test $as_have_required = no; then
+  echo This script requires a shell more modern than all the
+      echo shells that I found on your system.  Please install a
+      echo modern shell, or manually run the script under such a
+      echo shell if you do have one.
+      { (exit 1); exit 1; }
+fi
+
+
+fi
+
+fi
+
+
+
+(eval "as_func_return () {
+  (exit \$1)
+}
+as_func_success () {
+  as_func_return 0
+}
+as_func_failure () {
+  as_func_return 1
+}
+as_func_ret_success () {
+  return 0
+}
+as_func_ret_failure () {
+  return 1
+}
+
+exitcode=0
+if as_func_success; then
+  :
+else
+  exitcode=1
+  echo as_func_success failed.
+fi
+
+if as_func_failure; then
+  exitcode=1
+  echo as_func_failure succeeded.
+fi
+
+if as_func_ret_success; then
+  :
+else
+  exitcode=1
+  echo as_func_ret_success failed.
+fi
+
+if as_func_ret_failure; then
+  exitcode=1
+  echo as_func_ret_failure succeeded.
+fi
+
+if ( set x; as_func_ret_success y && test x = \"\$1\" ); then
+  :
+else
+  exitcode=1
+  echo positional parameters were not saved.
+fi
+
+test \$exitcode = 0") || {
+  echo No shell found that supports shell functions.
+  echo Please tell autoconf at gnu.org about your system,
+  echo including any error possibly output before this
+  echo message
+}
+
+
+
+  as_lineno_1=$LINENO
+  as_lineno_2=$LINENO
+  test "x$as_lineno_1" != "x$as_lineno_2" &&
+  test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || {
+
+  # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
+  # uniformly replaced by the line number.  The first 'sed' inserts a
+  # line-number line after each line using $LINENO; the second 'sed'
+  # does the real work.  The second script uses 'N' to pair each
+  # line-number line with the line containing $LINENO, and appends
+  # trailing '-' during substitution so that $LINENO is not a special
+  # case at line end.
+  # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
+  # scripts with optimization help from Paolo Bonzini.  Blame Lee
+  # E. McMahon (1931-1989) for sed's syntax.  :-)
+  sed -n '
+    p
+    /[$]LINENO/=
+  ' <$as_myself |
+    sed '
+      s/[$]LINENO.*/&-/
+      t lineno
+      b
+      :lineno
+      N
+      :loop
+      s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+      t loop
+      s/-\n.*//
+    ' >$as_me.lineno &&
+  chmod +x "$as_me.lineno" ||
+    { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
+   { (exit 1); exit 1; }; }
+
+  # Don't try to exec as it changes $[0], causing all sort of problems
+  # (the dirname of $[0] is not the place where we might find the
+  # original and so on.  Autoconf is especially sensitive to this).
+  . "./$as_me.lineno"
+  # Exit status is that of the last command.
+  exit
+}
+
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+  as_dirname=dirname
+else
+  as_dirname=false
+fi
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in
+-n*)
+  case `echo 'x\c'` in
+  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
+  *)   ECHO_C='\c';;
+  esac;;
+*)
+  ECHO_N='-n';;
+esac
+
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+  rm -f conf$$.dir/conf$$.file
+else
+  rm -f conf$$.dir
+  mkdir conf$$.dir
+fi
+echo >conf$$.file
+if ln -s conf$$.file conf$$ 2>/dev/null; then
+  as_ln_s='ln -s'
+  # ... but there are two gotchas:
+  # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+  # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+  # In both cases, we have to default to `cp -p'.
+  ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+    as_ln_s='cp -p'
+elif ln conf$$.file conf$$ 2>/dev/null; then
+  as_ln_s=ln
+else
+  as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p=:
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+  as_test_x='test -x'
+else
+  if ls -dL / >/dev/null 2>&1; then
+    as_ls_L_option=L
+  else
+    as_ls_L_option=
+  fi
+  as_test_x='
+    eval sh -c '\''
+      if test -d "$1"; then
+        test -d "$1/.";
+      else
+	case $1 in
+        -*)set "./$1";;
+	esac;
+	case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in
+	???[sx]*):;;*)false;;esac;fi
+    '\'' sh
+  '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+
+exec 7<&0 </dev/null 6>&1
+
+# Name of the host.
+# hostname on some systems (SVR3.2, Linux) returns a bogus exit status,
+# so uname gets run too.
+ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
+
+#
+# Initializations.
+#
 ac_default_prefix=/usr/local
-# Any additions from configure.in:
+ac_clean_files=
+ac_config_libobj_dir=.
+LIBOBJS=
+cross_compiling=no
+subdirs=
+MFLAGS=
+MAKEFLAGS=
+SHELL=${CONFIG_SHELL-/bin/sh}
+
+# Identity of this package.
+PACKAGE_NAME=
+PACKAGE_TARNAME=
+PACKAGE_VERSION=
+PACKAGE_STRING=
+PACKAGE_BUGREPORT=
+
+ac_unique_file=".root-dir"
 ac_default_prefix="/usr/local"
-ac_help="$ac_help
-  --enable-release	  set the compiler flags to -O6"
-ac_help="$ac_help
-  --enable-debug	  set the compiler flags to -g"
-ac_help="$ac_help
-  --enable-install=user	  for debugging, install as non-root user"
-ac_help="$ac_help
-  --enable-syslog	  log messages via syslog()"
-ac_help="$ac_help
-  --enable-tcpwrappers	  use the libwrap.a library"
-ac_help="$ac_help
-  --with-x                use the X Window System"
+# Factoring default headers for most tests.
+ac_includes_default="\
+#include <stdio.h>
+#ifdef HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+# include <sys/stat.h>
+#endif
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif
+#ifdef HAVE_STRING_H
+# if !defined STDC_HEADERS && defined HAVE_MEMORY_H
+#  include <memory.h>
+# endif
+# include <string.h>
+#endif
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif
+#ifdef HAVE_INTTYPES_H
+# include <inttypes.h>
+#endif
+#ifdef HAVE_STDINT_H
+# include <stdint.h>
+#endif
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif"
 
+ac_subst_vars='SHELL
+PATH_SEPARATOR
+PACKAGE_NAME
+PACKAGE_TARNAME
+PACKAGE_VERSION
+PACKAGE_STRING
+PACKAGE_BUGREPORT
+exec_prefix
+prefix
+program_transform_name
+bindir
+sbindir
+libexecdir
+datarootdir
+datadir
+sysconfdir
+sharedstatedir
+localstatedir
+includedir
+oldincludedir
+docdir
+infodir
+htmldir
+dvidir
+pdfdir
+psdir
+libdir
+localedir
+mandir
+DEFS
+ECHO_C
+ECHO_N
+ECHO_T
+LIBS
+build_alias
+host_alias
+target_alias
+build
+build_cpu
+build_vendor
+build_os
+host
+host_cpu
+host_vendor
+host_os
+CC
+CFLAGS
+LDFLAGS
+CPPFLAGS
+ac_ct_CC
+EXEEXT
+OBJEXT
+SET_MAKE
+INSTALL_PROGRAM
+INSTALL_SCRIPT
+INSTALL_DATA
+LIBOPENVASCONFIG
+OPENVASLIBNASLCONFIG
+PKG_CONFIG
+GLIB_CFLAGS
+GLIB_LIBS
+CPP
+GREP
+EGREP
+ALLOCA
+XMKMF
+X_CFLAGS
+X_PRE_LIBS
+X_LIBS
+X_EXTRA_LIBS
+AR
+PWD
+PWDD
+OVSCFLAGS
+NASLCFLAGS
+CWALL
+version
+OPENVASD_MAJOR
+OPENVASD_MINOR
+OPENVASD_PATCH
+OPENVASD_RC
+OPENVASD_DATE
+OVS_COMPILER
+OVS_OS_NAME
+OVS_OS_VERSION
+OPENVASD_CONFDIR
+OPENVASD_STATEDIR
+OPENVASD_PIDDIR
+OPENVASD_SHAREDSTATEDIR
+OPENVASD_DATADIR
+OPENVASD_LIBDIR
+OPENVASD_PLUGINS
+OPENVASD_LOGDIR
+OPENVASD_REPORTS
+INSTALL_DIR
+INSTALL
+RUN_LIBS
+resolv_lib
+socket_lib
+nsl_lib
+ssl_lib
+pthread_lib
+debug_flags
+man_openvas_1
+man_openvasd_8
+dl_lib
+libwrap
+uselibwrap
+use_pthreads
+rpcsvc_lib
+compat_lib
+c_r_lib
+ac_configure_args
+egdpath
+installuser
+LIBOBJS
+LTLIBOBJS'
+ac_subst_files=''
+      ac_precious_vars='build_alias
+host_alias
+target_alias
+CC
+CFLAGS
+LDFLAGS
+LIBS
+CPPFLAGS
+CPP
+XMKMF'
+
+
 # Initialize some variables set by options.
+ac_init_help=
+ac_init_version=false
 # The variables have the same names as the options, with
 # dashes changed to underlines.
-build=NONE
-cache_file=./config.cache
+cache_file=/dev/null
 exec_prefix=NONE
-host=NONE
 no_create=
-nonopt=NONE
 no_recursion=
 prefix=NONE
 program_prefix=NONE
@@ -42,94 +761,117 @@
 silent=
 site=
 srcdir=
-target=NONE
 verbose=
 x_includes=NONE
 x_libraries=NONE
+
+# Installation directory options.
+# These are left unexpanded so users can "make install exec_prefix=/foo"
+# and all the variables that are supposed to be based on exec_prefix
+# by default will actually change.
+# Use braces instead of parens because sh, perl, etc. also accept them.
+# (The list follows the same order as the GNU Coding Standards.)
 bindir='${exec_prefix}/bin'
 sbindir='${exec_prefix}/sbin'
 libexecdir='${exec_prefix}/libexec'
-datadir='${prefix}/share'
+datarootdir='${prefix}/share'
+datadir='${datarootdir}'
 sysconfdir='${prefix}/etc'
 sharedstatedir='${prefix}/com'
 localstatedir='${prefix}/var'
-libdir='${exec_prefix}/lib'
 includedir='${prefix}/include'
 oldincludedir='/usr/include'
-infodir='${prefix}/info'
-mandir='${prefix}/man'
+docdir='${datarootdir}/doc/${PACKAGE}'
+infodir='${datarootdir}/info'
+htmldir='${docdir}'
+dvidir='${docdir}'
+pdfdir='${docdir}'
+psdir='${docdir}'
+libdir='${exec_prefix}/lib'
+localedir='${datarootdir}/locale'
+mandir='${datarootdir}/man'
 
-# Initialize some other variables.
-subdirs=
-MFLAGS= MAKEFLAGS=
-SHELL=${CONFIG_SHELL-/bin/sh}
-# Maximum number of lines to put in a shell here document.
-ac_max_here_lines=12
-
 ac_prev=
+ac_dashdash=
 for ac_option
 do
-
   # If the previous option needs an argument, assign it.
   if test -n "$ac_prev"; then
-    eval "$ac_prev=\$ac_option"
+    eval $ac_prev=\$ac_option
     ac_prev=
     continue
   fi
 
-  case "$ac_option" in
-  -*=*) ac_optarg=`echo "$ac_option" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
-  *) ac_optarg= ;;
+  case $ac_option in
+  *=*)	ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
+  *)	ac_optarg=yes ;;
   esac
 
   # Accept the important Cygnus configure options, so we can diagnose typos.
 
-  case "$ac_option" in
+  case $ac_dashdash$ac_option in
+  --)
+    ac_dashdash=yes ;;
 
   -bindir | --bindir | --bindi | --bind | --bin | --bi)
     ac_prev=bindir ;;
   -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
-    bindir="$ac_optarg" ;;
+    bindir=$ac_optarg ;;
 
   -build | --build | --buil | --bui | --bu)
-    ac_prev=build ;;
+    ac_prev=build_alias ;;
   -build=* | --build=* | --buil=* | --bui=* | --bu=*)
-    build="$ac_optarg" ;;
+    build_alias=$ac_optarg ;;
 
   -cache-file | --cache-file | --cache-fil | --cache-fi \
   | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
     ac_prev=cache_file ;;
   -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
   | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
-    cache_file="$ac_optarg" ;;
+    cache_file=$ac_optarg ;;
 
-  -datadir | --datadir | --datadi | --datad | --data | --dat | --da)
+  --config-cache | -C)
+    cache_file=config.cache ;;
+
+  -datadir | --datadir | --datadi | --datad)
     ac_prev=datadir ;;
-  -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \
-  | --da=*)
-    datadir="$ac_optarg" ;;
+  -datadir=* | --datadir=* | --datadi=* | --datad=*)
+    datadir=$ac_optarg ;;
 
+  -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
+  | --dataroo | --dataro | --datar)
+    ac_prev=datarootdir ;;
+  -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
+  | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
+    datarootdir=$ac_optarg ;;
+
   -disable-* | --disable-*)
-    ac_feature=`echo $ac_option|sed -e 's/-*disable-//'`
+    ac_feature=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
     # Reject names that are not valid shell variable names.
-    if test -n "`echo $ac_feature| sed 's/[-a-zA-Z0-9_]//g'`"; then
-      { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; }
-    fi
-    ac_feature=`echo $ac_feature| sed 's/-/_/g'`
-    eval "enable_${ac_feature}=no" ;;
+    expr "x$ac_feature" : ".*[^-._$as_cr_alnum]" >/dev/null &&
+      { echo "$as_me: error: invalid feature name: $ac_feature" >&2
+   { (exit 1); exit 1; }; }
+    ac_feature=`echo $ac_feature | sed 's/[-.]/_/g'`
+    eval enable_$ac_feature=no ;;
 
+  -docdir | --docdir | --docdi | --doc | --do)
+    ac_prev=docdir ;;
+  -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
+    docdir=$ac_optarg ;;
+
+  -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
+    ac_prev=dvidir ;;
+  -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
+    dvidir=$ac_optarg ;;
+
   -enable-* | --enable-*)
-    ac_feature=`echo $ac_option|sed -e 's/-*enable-//' -e 's/=.*//'`
+    ac_feature=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
     # Reject names that are not valid shell variable names.
-    if test -n "`echo $ac_feature| sed 's/[-_a-zA-Z0-9]//g'`"; then
-      { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; }
-    fi
-    ac_feature=`echo $ac_feature| sed 's/-/_/g'`
-    case "$ac_option" in
-      *=*) ;;
-      *) ac_optarg=yes ;;
-    esac
-    eval "enable_${ac_feature}='$ac_optarg'" ;;
+    expr "x$ac_feature" : ".*[^-._$as_cr_alnum]" >/dev/null &&
+      { echo "$as_me: error: invalid feature name: $ac_feature" >&2
+   { (exit 1); exit 1; }; }
+    ac_feature=`echo $ac_feature | sed 's/[-.]/_/g'`
+    eval enable_$ac_feature=\$ac_optarg ;;
 
   -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
   | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
@@ -138,116 +880,77 @@
   -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
   | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
   | --exec=* | --exe=* | --ex=*)
-    exec_prefix="$ac_optarg" ;;
+    exec_prefix=$ac_optarg ;;
 
   -gas | --gas | --ga | --g)
     # Obsolete; use --with-gas.
     with_gas=yes ;;
 
-  -help | --help | --hel | --he)
-    # Omit some internal or obsolete options to make the list less imposing.
-    # This message is too long to be a string in the A/UX 3.1 sh.
-    cat << EOF
-Usage: configure [options] [host]
-Options: [defaults in brackets after descriptions]
-Configuration:
-  --cache-file=FILE       cache test results in FILE
-  --help                  print this message
-  --no-create             do not create output files
-  --quiet, --silent       do not print \`checking...' messages
-  --version               print the version of autoconf that created configure
-Directory and file names:
-  --prefix=PREFIX         install architecture-independent files in PREFIX
-                          [$ac_default_prefix]
-  --exec-prefix=EPREFIX   install architecture-dependent files in EPREFIX
-                          [same as prefix]
-  --bindir=DIR            user executables in DIR [EPREFIX/bin]
-  --sbindir=DIR           system admin executables in DIR [EPREFIX/sbin]
-  --libexecdir=DIR        program executables in DIR [EPREFIX/libexec]
-  --datadir=DIR           read-only architecture-independent data in DIR
-                          [PREFIX/share]
-  --sysconfdir=DIR        read-only single-machine data in DIR [PREFIX/etc]
-  --sharedstatedir=DIR    modifiable architecture-independent data in DIR
-                          [PREFIX/com]
-  --localstatedir=DIR     modifiable single-machine data in DIR [PREFIX/var]
-  --libdir=DIR            object code libraries in DIR [EPREFIX/lib]
-  --includedir=DIR        C header files in DIR [PREFIX/include]
-  --oldincludedir=DIR     C header files for non-gcc in DIR [/usr/include]
-  --infodir=DIR           info documentation in DIR [PREFIX/info]
-  --mandir=DIR            man documentation in DIR [PREFIX/man]
-  --srcdir=DIR            find the sources in DIR [configure dir or ..]
-  --program-prefix=PREFIX prepend PREFIX to installed program names
-  --program-suffix=SUFFIX append SUFFIX to installed program names
-  --program-transform-name=PROGRAM
-                          run sed PROGRAM on installed program names
-EOF
-    cat << EOF
-Host type:
-  --build=BUILD           configure for building on BUILD [BUILD=HOST]
-  --host=HOST             configure for HOST [guessed]
-  --target=TARGET         configure for TARGET [TARGET=HOST]
-Features and packages:
-  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
-  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
-  --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
-  --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)
-  --x-includes=DIR        X include files are in DIR
-  --x-libraries=DIR       X library files are in DIR
-EOF
-    if test -n "$ac_help"; then
-      echo "--enable and --with options recognized:$ac_help"
-    fi
-    exit 0 ;;
+  -help | --help | --hel | --he | -h)
+    ac_init_help=long ;;
+  -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
+    ac_init_help=recursive ;;
+  -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
+    ac_init_help=short ;;
 
   -host | --host | --hos | --ho)
-    ac_prev=host ;;
+    ac_prev=host_alias ;;
   -host=* | --host=* | --hos=* | --ho=*)
-    host="$ac_optarg" ;;
+    host_alias=$ac_optarg ;;
 
+  -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
+    ac_prev=htmldir ;;
+  -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
+  | --ht=*)
+    htmldir=$ac_optarg ;;
+
   -includedir | --includedir | --includedi | --included | --include \
   | --includ | --inclu | --incl | --inc)
     ac_prev=includedir ;;
   -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
   | --includ=* | --inclu=* | --incl=* | --inc=*)
-    includedir="$ac_optarg" ;;
+    includedir=$ac_optarg ;;
 
   -infodir | --infodir | --infodi | --infod | --info | --inf)
     ac_prev=infodir ;;
   -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
-    infodir="$ac_optarg" ;;
+    infodir=$ac_optarg ;;
 
   -libdir | --libdir | --libdi | --libd)
     ac_prev=libdir ;;
   -libdir=* | --libdir=* | --libdi=* | --libd=*)
-    libdir="$ac_optarg" ;;
+    libdir=$ac_optarg ;;
 
   -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
   | --libexe | --libex | --libe)
     ac_prev=libexecdir ;;
   -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
   | --libexe=* | --libex=* | --libe=*)
-    libexecdir="$ac_optarg" ;;
+    libexecdir=$ac_optarg ;;
 
+  -localedir | --localedir | --localedi | --localed | --locale)
+    ac_prev=localedir ;;
+  -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
+    localedir=$ac_optarg ;;
+
   -localstatedir | --localstatedir | --localstatedi | --localstated \
-  | --localstate | --localstat | --localsta | --localst \
-  | --locals | --local | --loca | --loc | --lo)
+  | --localstate | --localstat | --localsta | --localst | --locals)
     ac_prev=localstatedir ;;
   -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
-  | --localstate=* | --localstat=* | --localsta=* | --localst=* \
-  | --locals=* | --local=* | --loca=* | --loc=* | --lo=*)
-    localstatedir="$ac_optarg" ;;
+  | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
+    localstatedir=$ac_optarg ;;
 
   -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
     ac_prev=mandir ;;
   -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
-    mandir="$ac_optarg" ;;
+    mandir=$ac_optarg ;;
 
   -nfp | --nfp | --nf)
     # Obsolete; use --without-fp.
     with_fp=no ;;
 
   -no-create | --no-create | --no-creat | --no-crea | --no-cre \
-  | --no-cr | --no-c)
+  | --no-cr | --no-c | -n)
     no_create=yes ;;
 
   -no-recursion | --no-recursion | --no-recursio | --no-recursi \
@@ -261,26 +964,26 @@
   -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
   | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
   | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
-    oldincludedir="$ac_optarg" ;;
+    oldincludedir=$ac_optarg ;;
 
   -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
     ac_prev=prefix ;;
   -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
-    prefix="$ac_optarg" ;;
+    prefix=$ac_optarg ;;
 
   -program-prefix | --program-prefix | --program-prefi | --program-pref \
   | --program-pre | --program-pr | --program-p)
     ac_prev=program_prefix ;;
   -program-prefix=* | --program-prefix=* | --program-prefi=* \
   | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
-    program_prefix="$ac_optarg" ;;
+    program_prefix=$ac_optarg ;;
 
   -program-suffix | --program-suffix | --program-suffi | --program-suff \
   | --program-suf | --program-su | --program-s)
     ac_prev=program_suffix ;;
   -program-suffix=* | --program-suffix=* | --program-suffi=* \
   | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
-    program_suffix="$ac_optarg" ;;
+    program_suffix=$ac_optarg ;;
 
   -program-transform-name | --program-transform-name \
   | --program-transform-nam | --program-transform-na \
@@ -297,8 +1000,18 @@
   | --program-transfo=* | --program-transf=* \
   | --program-trans=* | --program-tran=* \
   | --progr-tra=* | --program-tr=* | --program-t=*)
-    program_transform_name="$ac_optarg" ;;
+    program_transform_name=$ac_optarg ;;
 
+  -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
+    ac_prev=pdfdir ;;
+  -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
+    pdfdir=$ac_optarg ;;
+
+  -psdir | --psdir | --psdi | --psd | --ps)
+    ac_prev=psdir ;;
+  -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
+    psdir=$ac_optarg ;;
+
   -q | -quiet | --quiet | --quie | --qui | --qu | --q \
   | -silent | --silent | --silen | --sile | --sil)
     silent=yes ;;
@@ -307,7 +1020,7 @@
     ac_prev=sbindir ;;
   -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
   | --sbi=* | --sb=*)
-    sbindir="$ac_optarg" ;;
+    sbindir=$ac_optarg ;;
 
   -sharedstatedir | --sharedstatedir | --sharedstatedi \
   | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
@@ -318,58 +1031,53 @@
   | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
   | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
   | --sha=* | --sh=*)
-    sharedstatedir="$ac_optarg" ;;
+    sharedstatedir=$ac_optarg ;;
 
   -site | --site | --sit)
     ac_prev=site ;;
   -site=* | --site=* | --sit=*)
-    site="$ac_optarg" ;;
+    site=$ac_optarg ;;
 
   -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
     ac_prev=srcdir ;;
   -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
-    srcdir="$ac_optarg" ;;
+    srcdir=$ac_optarg ;;
 
   -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
   | --syscon | --sysco | --sysc | --sys | --sy)
     ac_prev=sysconfdir ;;
   -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
   | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
-    sysconfdir="$ac_optarg" ;;
+    sysconfdir=$ac_optarg ;;
 
   -target | --target | --targe | --targ | --tar | --ta | --t)
-    ac_prev=target ;;
+    ac_prev=target_alias ;;
   -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
-    target="$ac_optarg" ;;
+    target_alias=$ac_optarg ;;
 
   -v | -verbose | --verbose | --verbos | --verbo | --verb)
     verbose=yes ;;
 
-  -version | --version | --versio | --versi | --vers)
-    echo "configure generated by autoconf version 2.13"
-    exit 0 ;;
+  -version | --version | --versio | --versi | --vers | -V)
+    ac_init_version=: ;;
 
   -with-* | --with-*)
-    ac_package=`echo $ac_option|sed -e 's/-*with-//' -e 's/=.*//'`
+    ac_package=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
     # Reject names that are not valid shell variable names.
-    if test -n "`echo $ac_package| sed 's/[-_a-zA-Z0-9]//g'`"; then
-      { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; }
-    fi
-    ac_package=`echo $ac_package| sed 's/-/_/g'`
-    case "$ac_option" in
-      *=*) ;;
-      *) ac_optarg=yes ;;
-    esac
-    eval "with_${ac_package}='$ac_optarg'" ;;
+    expr "x$ac_package" : ".*[^-._$as_cr_alnum]" >/dev/null &&
+      { echo "$as_me: error: invalid package name: $ac_package" >&2
+   { (exit 1); exit 1; }; }
+    ac_package=`echo $ac_package | sed 's/[-.]/_/g'`
+    eval with_$ac_package=\$ac_optarg ;;
 
   -without-* | --without-*)
-    ac_package=`echo $ac_option|sed -e 's/-*without-//'`
+    ac_package=`expr "x$ac_option" : 'x-*without-\(.*\)'`
     # Reject names that are not valid shell variable names.
-    if test -n "`echo $ac_package| sed 's/[-a-zA-Z0-9_]//g'`"; then
-      { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; }
-    fi
-    ac_package=`echo $ac_package| sed 's/-/_/g'`
-    eval "with_${ac_package}=no" ;;
+    expr "x$ac_package" : ".*[^-._$as_cr_alnum]" >/dev/null &&
+      { echo "$as_me: error: invalid package name: $ac_package" >&2
+   { (exit 1); exit 1; }; }
+    ac_package=`echo $ac_package | sed 's/[-.]/_/g'`
+    eval with_$ac_package=no ;;
 
   --x)
     # Obsolete; use --with-x.
@@ -380,161 +1088,682 @@
     ac_prev=x_includes ;;
   -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
   | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
-    x_includes="$ac_optarg" ;;
+    x_includes=$ac_optarg ;;
 
   -x-libraries | --x-libraries | --x-librarie | --x-librari \
   | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
     ac_prev=x_libraries ;;
   -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
   | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
-    x_libraries="$ac_optarg" ;;
+    x_libraries=$ac_optarg ;;
 
-  -*) { echo "configure: error: $ac_option: invalid option; use --help to show usage" 1>&2; exit 1; }
+  -*) { echo "$as_me: error: unrecognized option: $ac_option
+Try \`$0 --help' for more information." >&2
+   { (exit 1); exit 1; }; }
     ;;
 
+  *=*)
+    ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null &&
+      { echo "$as_me: error: invalid variable name: $ac_envvar" >&2
+   { (exit 1); exit 1; }; }
+    eval $ac_envvar=\$ac_optarg
+    export $ac_envvar ;;
+
   *)
-    if test -n "`echo $ac_option| sed 's/[-a-z0-9.]//g'`"; then
-      echo "configure: warning: $ac_option: invalid host type" 1>&2
-    fi
-    if test "x$nonopt" != xNONE; then
-      { echo "configure: error: can only configure for one host and one target at a time" 1>&2; exit 1; }
-    fi
-    nonopt="$ac_option"
+    # FIXME: should be removed in autoconf 3.0.
+    echo "$as_me: WARNING: you should use --build, --host, --target" >&2
+    expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
+      echo "$as_me: WARNING: invalid host type: $ac_option" >&2
+    : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}
     ;;
 
   esac
 done
 
 if test -n "$ac_prev"; then
-  { echo "configure: error: missing argument to --`echo $ac_prev | sed 's/_/-/g'`" 1>&2; exit 1; }
+  ac_option=--`echo $ac_prev | sed 's/_/-/g'`
+  { echo "$as_me: error: missing argument to $ac_option" >&2
+   { (exit 1); exit 1; }; }
 fi
 
-trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15
+# Be sure to have absolute directory names.
+for ac_var in	exec_prefix prefix bindir sbindir libexecdir datarootdir \
+		datadir sysconfdir sharedstatedir localstatedir includedir \
+		oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
+		libdir localedir mandir
+do
+  eval ac_val=\$$ac_var
+  case $ac_val in
+    [\\/$]* | ?:[\\/]* )  continue;;
+    NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
+  esac
+  { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2
+   { (exit 1); exit 1; }; }
+done
 
-# File descriptor usage:
-# 0 standard input
-# 1 file creation
-# 2 errors and warnings
-# 3 some systems may open it to /dev/tty
-# 4 used on the Kubota Titan
-# 6 checking for... messages and results
-# 5 compiler messages saved in config.log
-if test "$silent" = yes; then
-  exec 6>/dev/null
-else
-  exec 6>&1
+# There might be people who depend on the old broken behavior: `$host'
+# used to hold the argument of --host etc.
+# FIXME: To remove some day.
+build=$build_alias
+host=$host_alias
+target=$target_alias
+
+# FIXME: To remove some day.
+if test "x$host_alias" != x; then
+  if test "x$build_alias" = x; then
+    cross_compiling=maybe
+    echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host.
+    If a cross compiler is detected then cross compile mode will be used." >&2
+  elif test "x$build_alias" != "x$host_alias"; then
+    cross_compiling=yes
+  fi
 fi
-exec 5>./config.log
 
-echo "\
-This file contains any messages produced by compilers while
-running configure, to aid debugging if configure makes a mistake.
-" 1>&5
+ac_tool_prefix=
+test -n "$host_alias" && ac_tool_prefix=$host_alias-
 
-# Strip out --no-create and --no-recursion so they do not pile up.
-# Also quote any args containing shell metacharacters.
-ac_configure_args=
-for ac_arg
-do
-  case "$ac_arg" in
-  -no-create | --no-create | --no-creat | --no-crea | --no-cre \
-  | --no-cr | --no-c) ;;
-  -no-recursion | --no-recursion | --no-recursio | --no-recursi \
-  | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) ;;
-  *" "*|*"	"*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?]*)
-  ac_configure_args="$ac_configure_args '$ac_arg'" ;;
-  *) ac_configure_args="$ac_configure_args $ac_arg" ;;
-  esac
-done
+test "$silent" = yes && exec 6>/dev/null
 
-# NLS nuisances.
-# Only set these to C if already set.  These must not be set unconditionally
-# because not all systems understand e.g. LANG=C (notably SCO).
-# Fixing LC_MESSAGES prevents Solaris sh from translating var values in `set'!
-# Non-C LC_CTYPE values break the ctype check.
-if test "${LANG+set}"   = set; then LANG=C;   export LANG;   fi
-if test "${LC_ALL+set}" = set; then LC_ALL=C; export LC_ALL; fi
-if test "${LC_MESSAGES+set}" = set; then LC_MESSAGES=C; export LC_MESSAGES; fi
-if test "${LC_CTYPE+set}"    = set; then LC_CTYPE=C;    export LC_CTYPE;    fi
 
-# confdefs.h avoids OS command line length limits that DEFS can exceed.
-rm -rf conftest* confdefs.h
-# AIX cpp loses on an empty file, so make sure it contains at least a newline.
-echo > confdefs.h
+ac_pwd=`pwd` && test -n "$ac_pwd" &&
+ac_ls_di=`ls -di .` &&
+ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
+  { echo "$as_me: error: Working directory cannot be determined" >&2
+   { (exit 1); exit 1; }; }
+test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
+  { echo "$as_me: error: pwd does not report name of working directory" >&2
+   { (exit 1); exit 1; }; }
 
-# A filename unique to this package, relative to the directory that
-# configure is in, which we can look for to find out if srcdir is correct.
-ac_unique_file=.root-dir
 
 # Find the source files, if location was not specified.
 if test -z "$srcdir"; then
   ac_srcdir_defaulted=yes
-  # Try the directory containing this script, then its parent.
-  ac_prog=$0
-  ac_confdir=`echo $ac_prog|sed 's%/[^/][^/]*$%%'`
-  test "x$ac_confdir" = "x$ac_prog" && ac_confdir=.
+  # Try the directory containing this script, then the parent directory.
+  ac_confdir=`$as_dirname -- "$0" ||
+$as_expr X"$0" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$0" : 'X\(//\)[^/]' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+echo X"$0" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
   srcdir=$ac_confdir
-  if test ! -r $srcdir/$ac_unique_file; then
+  if test ! -r "$srcdir/$ac_unique_file"; then
     srcdir=..
   fi
 else
   ac_srcdir_defaulted=no
 fi
-if test ! -r $srcdir/$ac_unique_file; then
-  if test "$ac_srcdir_defaulted" = yes; then
-    { echo "configure: error: can not find sources in $ac_confdir or .." 1>&2; exit 1; }
-  else
-    { echo "configure: error: can not find sources in $srcdir" 1>&2; exit 1; }
-  fi
+if test ! -r "$srcdir/$ac_unique_file"; then
+  test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
+  { echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2
+   { (exit 1); exit 1; }; }
 fi
-srcdir=`echo "${srcdir}" | sed 's%\([^/]\)/*$%\1%'`
+ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
+ac_abs_confdir=`(
+	cd "$srcdir" && test -r "./$ac_unique_file" || { echo "$as_me: error: $ac_msg" >&2
+   { (exit 1); exit 1; }; }
+	pwd)`
+# When building in place, set srcdir=.
+if test "$ac_abs_confdir" = "$ac_pwd"; then
+  srcdir=.
+fi
+# Remove unnecessary trailing slashes from srcdir.
+# Double slashes in file names in object file debugging info
+# mess up M-x gdb in Emacs.
+case $srcdir in
+*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
+esac
+for ac_var in $ac_precious_vars; do
+  eval ac_env_${ac_var}_set=\${${ac_var}+set}
+  eval ac_env_${ac_var}_value=\$${ac_var}
+  eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
+  eval ac_cv_env_${ac_var}_value=\$${ac_var}
+done
 
+#
+# Report the --help message.
+#
+if test "$ac_init_help" = "long"; then
+  # Omit some internal or obsolete options to make the list less imposing.
+  # This message is too long to be a string in the A/UX 3.1 sh.
+  cat <<_ACEOF
+\`configure' configures this package to adapt to many kinds of systems.
+
+Usage: $0 [OPTION]... [VAR=VALUE]...
+
+To assign environment variables (e.g., CC, CFLAGS...), specify them as
+VAR=VALUE.  See below for descriptions of some of the useful variables.
+
+Defaults for the options are specified in brackets.
+
+Configuration:
+  -h, --help              display this help and exit
+      --help=short        display options specific to this package
+      --help=recursive    display the short help of all the included packages
+  -V, --version           display version information and exit
+  -q, --quiet, --silent   do not print \`checking...' messages
+      --cache-file=FILE   cache test results in FILE [disabled]
+  -C, --config-cache      alias for \`--cache-file=config.cache'
+  -n, --no-create         do not create output files
+      --srcdir=DIR        find the sources in DIR [configure dir or \`..']
+
+Installation directories:
+  --prefix=PREFIX         install architecture-independent files in PREFIX
+			  [$ac_default_prefix]
+  --exec-prefix=EPREFIX   install architecture-dependent files in EPREFIX
+			  [PREFIX]
+
+By default, \`make install' will install all the files in
+\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc.  You can specify
+an installation prefix other than \`$ac_default_prefix' using \`--prefix',
+for instance \`--prefix=\$HOME'.
+
+For better control, use the options below.
+
+Fine tuning of the installation directories:
+  --bindir=DIR           user executables [EPREFIX/bin]
+  --sbindir=DIR          system admin executables [EPREFIX/sbin]
+  --libexecdir=DIR       program executables [EPREFIX/libexec]
+  --sysconfdir=DIR       read-only single-machine data [PREFIX/etc]
+  --sharedstatedir=DIR   modifiable architecture-independent data [PREFIX/com]
+  --localstatedir=DIR    modifiable single-machine data [PREFIX/var]
+  --libdir=DIR           object code libraries [EPREFIX/lib]
+  --includedir=DIR       C header files [PREFIX/include]
+  --oldincludedir=DIR    C header files for non-gcc [/usr/include]
+  --datarootdir=DIR      read-only arch.-independent data root [PREFIX/share]
+  --datadir=DIR          read-only architecture-independent data [DATAROOTDIR]
+  --infodir=DIR          info documentation [DATAROOTDIR/info]
+  --localedir=DIR        locale-dependent data [DATAROOTDIR/locale]
+  --mandir=DIR           man documentation [DATAROOTDIR/man]
+  --docdir=DIR           documentation root [DATAROOTDIR/doc/PACKAGE]
+  --htmldir=DIR          html documentation [DOCDIR]
+  --dvidir=DIR           dvi documentation [DOCDIR]
+  --pdfdir=DIR           pdf documentation [DOCDIR]
+  --psdir=DIR            ps documentation [DOCDIR]
+_ACEOF
+
+  cat <<\_ACEOF
+
+X features:
+  --x-includes=DIR    X include files are in DIR
+  --x-libraries=DIR   X library files are in DIR
+
+System types:
+  --build=BUILD     configure for building on BUILD [guessed]
+  --host=HOST       cross-compile to build programs to run on HOST [BUILD]
+_ACEOF
+fi
+
+if test -n "$ac_init_help"; then
+
+  cat <<\_ACEOF
+
+Optional Features:
+  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
+  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
+  --enable-release	  set the compiler flags to -O6
+  --enable-debug	  set the compiler flags to -g
+  --enable-install=user	  for debugging, install as non-root user
+  --enable-syslog	  log messages via syslog()
+  --enable-tcpwrappers	  use the libwrap.a library
+
+Optional Packages:
+  --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
+  --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)
+  --with-x                use the X Window System
+
+Some influential environment variables:
+  CC          C compiler command
+  CFLAGS      C compiler flags
+  LDFLAGS     linker flags, e.g. -L<lib dir> if you have libraries in a
+              nonstandard directory <lib dir>
+  LIBS        libraries to pass to the linker, e.g. -l<library>
+  CPPFLAGS    C/C++/Objective C preprocessor flags, e.g. -I<include dir> if
+              you have headers in a nonstandard directory <include dir>
+  CPP         C preprocessor
+  XMKMF       Path to xmkmf, Makefile generator for X Window System
+
+Use these variables to override the choices made by `configure' or to help
+it to find libraries and programs with nonstandard names/locations.
+
+_ACEOF
+ac_status=$?
+fi
+
+if test "$ac_init_help" = "recursive"; then
+  # If there are subdirs, report their specific --help.
+  for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
+    test -d "$ac_dir" || continue
+    ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+  ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
+  # A ".." for each directory in $ac_dir_suffix.
+  ac_top_builddir_sub=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,/..,g;s,/,,'`
+  case $ac_top_builddir_sub in
+  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+  esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+  .)  # We are building in place.
+    ac_srcdir=.
+    ac_top_srcdir=$ac_top_builddir_sub
+    ac_abs_top_srcdir=$ac_pwd ;;
+  [\\/]* | ?:[\\/]* )  # Absolute name.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir
+    ac_abs_top_srcdir=$srcdir ;;
+  *) # Relative name.
+    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_build_prefix$srcdir
+    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+    cd "$ac_dir" || { ac_status=$?; continue; }
+    # Check for guested configure.
+    if test -f "$ac_srcdir/configure.gnu"; then
+      echo &&
+      $SHELL "$ac_srcdir/configure.gnu" --help=recursive
+    elif test -f "$ac_srcdir/configure"; then
+      echo &&
+      $SHELL "$ac_srcdir/configure" --help=recursive
+    else
+      echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
+    fi || ac_status=$?
+    cd "$ac_pwd" || { ac_status=$?; break; }
+  done
+fi
+
+test -n "$ac_init_help" && exit $ac_status
+if $ac_init_version; then
+  cat <<\_ACEOF
+configure
+generated by GNU Autoconf 2.61
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
+2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+This configure script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it.
+_ACEOF
+  exit
+fi
+cat >config.log <<_ACEOF
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+
+It was created by $as_me, which was
+generated by GNU Autoconf 2.61.  Invocation command line was
+
+  $ $0 $@
+
+_ACEOF
+exec 5>>config.log
+{
+cat <<_ASUNAME
+## --------- ##
+## Platform. ##
+## --------- ##
+
+hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null     || echo unknown`
+
+/bin/arch              = `(/bin/arch) 2>/dev/null              || echo unknown`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null       || echo unknown`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
+/usr/bin/hostinfo      = `(/usr/bin/hostinfo) 2>/dev/null      || echo unknown`
+/bin/machine           = `(/bin/machine) 2>/dev/null           || echo unknown`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null       || echo unknown`
+/bin/universe          = `(/bin/universe) 2>/dev/null          || echo unknown`
+
+_ASUNAME
+
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  echo "PATH: $as_dir"
+done
+IFS=$as_save_IFS
+
+} >&5
+
+cat >&5 <<_ACEOF
+
+
+## ----------- ##
+## Core tests. ##
+## ----------- ##
+
+_ACEOF
+
+
+# Keep a trace of the command line.
+# Strip out --no-create and --no-recursion so they do not pile up.
+# Strip out --silent because we don't want to record it for future runs.
+# Also quote any args containing shell meta-characters.
+# Make two passes to allow for proper duplicate-argument suppression.
+ac_configure_args=
+ac_configure_args0=
+ac_configure_args1=
+ac_must_keep_next=false
+for ac_pass in 1 2
+do
+  for ac_arg
+  do
+    case $ac_arg in
+    -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
+    -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+    | -silent | --silent | --silen | --sile | --sil)
+      continue ;;
+    *\'*)
+      ac_arg=`echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    case $ac_pass in
+    1) ac_configure_args0="$ac_configure_args0 '$ac_arg'" ;;
+    2)
+      ac_configure_args1="$ac_configure_args1 '$ac_arg'"
+      if test $ac_must_keep_next = true; then
+	ac_must_keep_next=false # Got value, back to normal.
+      else
+	case $ac_arg in
+	  *=* | --config-cache | -C | -disable-* | --disable-* \
+	  | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
+	  | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
+	  | -with-* | --with-* | -without-* | --without-* | --x)
+	    case "$ac_configure_args0 " in
+	      "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
+	    esac
+	    ;;
+	  -* ) ac_must_keep_next=true ;;
+	esac
+      fi
+      ac_configure_args="$ac_configure_args '$ac_arg'"
+      ;;
+    esac
+  done
+done
+$as_unset ac_configure_args0 || test "${ac_configure_args0+set}" != set || { ac_configure_args0=; export ac_configure_args0; }
+$as_unset ac_configure_args1 || test "${ac_configure_args1+set}" != set || { ac_configure_args1=; export ac_configure_args1; }
+
+# When interrupted or exit'd, cleanup temporary files, and complete
+# config.log.  We remove comments because anyway the quotes in there
+# would cause problems or look ugly.
+# WARNING: Use '\'' to represent an apostrophe within the trap.
+# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
+trap 'exit_status=$?
+  # Save into config.log some information that might help in debugging.
+  {
+    echo
+
+    cat <<\_ASBOX
+## ---------------- ##
+## Cache variables. ##
+## ---------------- ##
+_ASBOX
+    echo
+    # The following way of writing the cache mishandles newlines in values,
+(
+  for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
+    eval ac_val=\$$ac_var
+    case $ac_val in #(
+    *${as_nl}*)
+      case $ac_var in #(
+      *_cv_*) { echo "$as_me:$LINENO: WARNING: Cache variable $ac_var contains a newline." >&5
+echo "$as_me: WARNING: Cache variable $ac_var contains a newline." >&2;} ;;
+      esac
+      case $ac_var in #(
+      _ | IFS | as_nl) ;; #(
+      *) $as_unset $ac_var ;;
+      esac ;;
+    esac
+  done
+  (set) 2>&1 |
+    case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
+    *${as_nl}ac_space=\ *)
+      sed -n \
+	"s/'\''/'\''\\\\'\'''\''/g;
+	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
+      ;; #(
+    *)
+      sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+      ;;
+    esac |
+    sort
+)
+    echo
+
+    cat <<\_ASBOX
+## ----------------- ##
+## Output variables. ##
+## ----------------- ##
+_ASBOX
+    echo
+    for ac_var in $ac_subst_vars
+    do
+      eval ac_val=\$$ac_var
+      case $ac_val in
+      *\'\''*) ac_val=`echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+      esac
+      echo "$ac_var='\''$ac_val'\''"
+    done | sort
+    echo
+
+    if test -n "$ac_subst_files"; then
+      cat <<\_ASBOX
+## ------------------- ##
+## File substitutions. ##
+## ------------------- ##
+_ASBOX
+      echo
+      for ac_var in $ac_subst_files
+      do
+	eval ac_val=\$$ac_var
+	case $ac_val in
+	*\'\''*) ac_val=`echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+	esac
+	echo "$ac_var='\''$ac_val'\''"
+      done | sort
+      echo
+    fi
+
+    if test -s confdefs.h; then
+      cat <<\_ASBOX
+## ----------- ##
+## confdefs.h. ##
+## ----------- ##
+_ASBOX
+      echo
+      cat confdefs.h
+      echo
+    fi
+    test "$ac_signal" != 0 &&
+      echo "$as_me: caught signal $ac_signal"
+    echo "$as_me: exit $exit_status"
+  } >&5
+  rm -f core *.core core.conftest.* &&
+    rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
+    exit $exit_status
+' 0
+for ac_signal in 1 2 13 15; do
+  trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal
+done
+ac_signal=0
+
+# confdefs.h avoids OS command line length limits that DEFS can exceed.
+rm -f -r conftest* confdefs.h
+
+# Predefined preprocessor variables.
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_NAME "$PACKAGE_NAME"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_VERSION "$PACKAGE_VERSION"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_STRING "$PACKAGE_STRING"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
+_ACEOF
+
+
+# Let the site file select an alternate cache file if it wants to.
 # Prefer explicitly selected file to automatically selected ones.
-if test -z "$CONFIG_SITE"; then
-  if test "x$prefix" != xNONE; then
-    CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site"
-  else
-    CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site"
-  fi
+if test -n "$CONFIG_SITE"; then
+  set x "$CONFIG_SITE"
+elif test "x$prefix" != xNONE; then
+  set x "$prefix/share/config.site" "$prefix/etc/config.site"
+else
+  set x "$ac_default_prefix/share/config.site" \
+	"$ac_default_prefix/etc/config.site"
 fi
-for ac_site_file in $CONFIG_SITE; do
+shift
+for ac_site_file
+do
   if test -r "$ac_site_file"; then
-    echo "loading site script $ac_site_file"
+    { echo "$as_me:$LINENO: loading site script $ac_site_file" >&5
+echo "$as_me: loading site script $ac_site_file" >&6;}
+    sed 's/^/| /' "$ac_site_file" >&5
     . "$ac_site_file"
   fi
 done
 
 if test -r "$cache_file"; then
-  echo "loading cache $cache_file"
-  . $cache_file
+  # Some versions of bash will fail to source /dev/null (special
+  # files actually), so we avoid doing that.
+  if test -f "$cache_file"; then
+    { echo "$as_me:$LINENO: loading cache $cache_file" >&5
+echo "$as_me: loading cache $cache_file" >&6;}
+    case $cache_file in
+      [\\/]* | ?:[\\/]* ) . "$cache_file";;
+      *)                      . "./$cache_file";;
+    esac
+  fi
 else
-  echo "creating cache $cache_file"
-  > $cache_file
+  { echo "$as_me:$LINENO: creating cache $cache_file" >&5
+echo "$as_me: creating cache $cache_file" >&6;}
+  >$cache_file
 fi
 
+# Check that the precious variables saved in the cache have kept the same
+# value.
+ac_cache_corrupted=false
+for ac_var in $ac_precious_vars; do
+  eval ac_old_set=\$ac_cv_env_${ac_var}_set
+  eval ac_new_set=\$ac_env_${ac_var}_set
+  eval ac_old_val=\$ac_cv_env_${ac_var}_value
+  eval ac_new_val=\$ac_env_${ac_var}_value
+  case $ac_old_set,$ac_new_set in
+    set,)
+      { echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
+echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
+      ac_cache_corrupted=: ;;
+    ,set)
+      { echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5
+echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
+      ac_cache_corrupted=: ;;
+    ,);;
+    *)
+      if test "x$ac_old_val" != "x$ac_new_val"; then
+	{ echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5
+echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
+	{ echo "$as_me:$LINENO:   former value:  $ac_old_val" >&5
+echo "$as_me:   former value:  $ac_old_val" >&2;}
+	{ echo "$as_me:$LINENO:   current value: $ac_new_val" >&5
+echo "$as_me:   current value: $ac_new_val" >&2;}
+	ac_cache_corrupted=:
+      fi;;
+  esac
+  # Pass precious variables to config.status.
+  if test "$ac_new_set" = set; then
+    case $ac_new_val in
+    *\'*) ac_arg=$ac_var=`echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
+    *) ac_arg=$ac_var=$ac_new_val ;;
+    esac
+    case " $ac_configure_args " in
+      *" '$ac_arg' "*) ;; # Avoid dups.  Use of quotes ensures accuracy.
+      *) ac_configure_args="$ac_configure_args '$ac_arg'" ;;
+    esac
+  fi
+done
+if $ac_cache_corrupted; then
+  { echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5
+echo "$as_me: error: changes in the environment can compromise the build" >&2;}
+  { { echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5
+echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
 ac_ext=c
-# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options.
 ac_cpp='$CPP $CPPFLAGS'
-ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5'
-ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5'
-cross_compiling=$ac_cv_prog_cc_cross
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
 
-ac_exeext=
-ac_objext=o
-if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then
-  # Stardent Vistra SVR4 grep lacks -e, says ghazi at caip.rutgers.edu.
-  if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then
-    ac_n= ac_c='
-' ac_t='	'
-  else
-    ac_n=-n ac_c= ac_t=
-  fi
-else
-  ac_n= ac_c='\c' ac_t=
-fi
 
 
-# From configure.in Revision: 1128 
 NEED_OPENVASLIBS_VERSION=1.0.2
 NEED_OPENVASLIBNASL_VERSION=1.0.1
 
@@ -544,276 +1773,923 @@
 IFS="${save_IFS}"
 OPENVASD_DATE=\"`date '+%b %d, %Y'`\"
 expr 0 + $OPENVASD_MAJOR + $OPENVASD_MINOR + $OPENVASD_PATCH + 0 >/dev/null ||
-{ echo "configure: error:  *** Panic: Corrupt version file" 1>&2; exit 1; }
+{ { echo "$as_me:$LINENO: error:  *** Panic: Corrupt version file" >&5
+echo "$as_me: error:  *** Panic: Corrupt version file" >&2;}
+   { (exit 1); exit 1; }; }
 version=$OPENVASD_MAJOR.$OPENVASD_MINOR.$OPENVASD_PATCH
 
 test "x$prefix" != "xNONE" || prefix=/usr/local
 
 
+ac_config_headers="$ac_config_headers include/config.h"
 
 
 ac_aux_dir=
-for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do
-  if test -f $ac_dir/install-sh; then
+for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
+  if test -f "$ac_dir/install-sh"; then
     ac_aux_dir=$ac_dir
     ac_install_sh="$ac_aux_dir/install-sh -c"
     break
-  elif test -f $ac_dir/install.sh; then
+  elif test -f "$ac_dir/install.sh"; then
     ac_aux_dir=$ac_dir
     ac_install_sh="$ac_aux_dir/install.sh -c"
     break
+  elif test -f "$ac_dir/shtool"; then
+    ac_aux_dir=$ac_dir
+    ac_install_sh="$ac_aux_dir/shtool install -c"
+    break
   fi
 done
 if test -z "$ac_aux_dir"; then
-  { echo "configure: error: can not find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." 1>&2; exit 1; }
+  { { echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" >&5
+echo "$as_me: error: cannot find install-sh or install.sh in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" >&2;}
+   { (exit 1); exit 1; }; }
 fi
-ac_config_guess=$ac_aux_dir/config.guess
-ac_config_sub=$ac_aux_dir/config.sub
-ac_configure=$ac_aux_dir/configure # This should be Cygnus configure.
 
+# These three variables are undocumented and unsupported,
+# and are intended to be withdrawn in a future Autoconf release.
+# They can cause serious problems if a builder's source tree is in a directory
+# whose full name contains unusual characters.
+ac_config_guess="$SHELL $ac_aux_dir/config.guess"  # Please don't use this var.
+ac_config_sub="$SHELL $ac_aux_dir/config.sub"  # Please don't use this var.
+ac_configure="$SHELL $ac_aux_dir/configure"  # Please don't use this var.
 
+
 # Make sure we can run config.sub.
-if ${CONFIG_SHELL-/bin/sh} $ac_config_sub sun4 >/dev/null 2>&1; then :
-else { echo "configure: error: can not run $ac_config_sub" 1>&2; exit 1; }
+$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
+  { { echo "$as_me:$LINENO: error: cannot run $SHELL $ac_aux_dir/config.sub" >&5
+echo "$as_me: error: cannot run $SHELL $ac_aux_dir/config.sub" >&2;}
+   { (exit 1); exit 1; }; }
+
+{ echo "$as_me:$LINENO: checking build system type" >&5
+echo $ECHO_N "checking build system type... $ECHO_C" >&6; }
+if test "${ac_cv_build+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_build_alias=$build_alias
+test "x$ac_build_alias" = x &&
+  ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"`
+test "x$ac_build_alias" = x &&
+  { { echo "$as_me:$LINENO: error: cannot guess build type; you must specify one" >&5
+echo "$as_me: error: cannot guess build type; you must specify one" >&2;}
+   { (exit 1); exit 1; }; }
+ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` ||
+  { { echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&5
+echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&2;}
+   { (exit 1); exit 1; }; }
+
 fi
+{ echo "$as_me:$LINENO: result: $ac_cv_build" >&5
+echo "${ECHO_T}$ac_cv_build" >&6; }
+case $ac_cv_build in
+*-*-*) ;;
+*) { { echo "$as_me:$LINENO: error: invalid value of canonical build" >&5
+echo "$as_me: error: invalid value of canonical build" >&2;}
+   { (exit 1); exit 1; }; };;
+esac
+build=$ac_cv_build
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_build
+shift
+build_cpu=$1
+build_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+build_os=$*
+IFS=$ac_save_IFS
+case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
 
-echo $ac_n "checking host system type""... $ac_c" 1>&6
-echo "configure:582: checking host system type" >&5
 
-host_alias=$host
-case "$host_alias" in
-NONE)
-  case $nonopt in
-  NONE)
-    if host_alias=`${CONFIG_SHELL-/bin/sh} $ac_config_guess`; then :
-    else { echo "configure: error: can not guess host type; you must specify one" 1>&2; exit 1; }
-    fi ;;
-  *) host_alias=$nonopt ;;
-  esac ;;
+{ echo "$as_me:$LINENO: checking host system type" >&5
+echo $ECHO_N "checking host system type... $ECHO_C" >&6; }
+if test "${ac_cv_host+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test "x$host_alias" = x; then
+  ac_cv_host=$ac_cv_build
+else
+  ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` ||
+    { { echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&5
+echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_host" >&5
+echo "${ECHO_T}$ac_cv_host" >&6; }
+case $ac_cv_host in
+*-*-*) ;;
+*) { { echo "$as_me:$LINENO: error: invalid value of canonical host" >&5
+echo "$as_me: error: invalid value of canonical host" >&2;}
+   { (exit 1); exit 1; }; };;
 esac
+host=$ac_cv_host
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_host
+shift
+host_cpu=$1
+host_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+host_os=$*
+IFS=$ac_save_IFS
+case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
 
-host=`${CONFIG_SHELL-/bin/sh} $ac_config_sub $host_alias`
-host_cpu=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
-host_vendor=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
-host_os=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
-echo "$ac_t""$host" 1>&6
 
 ac_ext=c
-# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options.
 ac_cpp='$CPP $CPPFLAGS'
-ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5'
-ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5'
-cross_compiling=$ac_cv_prog_cc_cross
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
 
 
-# Extract the first word of "gcc", so it can be a program name with args.
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}gcc; ac_word=$2
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_CC="${ac_tool_prefix}gcc"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6; }
+else
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_CC"; then
+  ac_ct_CC=$CC
+  # Extract the first word of "gcc", so it can be a program name with args.
 set dummy gcc; ac_word=$2
-echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:613: checking for $ac_word" >&5
-if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
-  echo $ac_n "(cached) $ac_c" 1>&6
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
 else
+  if test -n "$ac_ct_CC"; then
+  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_CC="gcc"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+  { echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
+echo "${ECHO_T}$ac_ct_CC" >&6; }
+else
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+  if test "x$ac_ct_CC" = x; then
+    CC=""
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet.  If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&5
+echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet.  If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&2;}
+ac_tool_warned=yes ;;
+esac
+    CC=$ac_ct_CC
+  fi
+else
+  CC="$ac_cv_prog_CC"
+fi
+
+if test -z "$CC"; then
+          if test -n "$ac_tool_prefix"; then
+    # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}cc; ac_word=$2
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
   if test -n "$CC"; then
   ac_cv_prog_CC="$CC" # Let the user override the test.
 else
-  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
-  ac_dummy="$PATH"
-  for ac_dir in $ac_dummy; do
-    test -z "$ac_dir" && ac_dir=.
-    if test -f $ac_dir/$ac_word; then
-      ac_cv_prog_CC="gcc"
-      break
-    fi
-  done
-  IFS="$ac_save_ifs"
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_CC="${ac_tool_prefix}cc"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
 fi
 fi
-CC="$ac_cv_prog_CC"
+CC=$ac_cv_prog_CC
 if test -n "$CC"; then
-  echo "$ac_t""$CC" 1>&6
+  { echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6; }
 else
-  echo "$ac_t""no" 1>&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 
+
+  fi
+fi
 if test -z "$CC"; then
   # Extract the first word of "cc", so it can be a program name with args.
 set dummy cc; ac_word=$2
-echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:643: checking for $ac_word" >&5
-if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
-  echo $ac_n "(cached) $ac_c" 1>&6
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   if test -n "$CC"; then
   ac_cv_prog_CC="$CC" # Let the user override the test.
 else
-  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
   ac_prog_rejected=no
-  ac_dummy="$PATH"
-  for ac_dir in $ac_dummy; do
-    test -z "$ac_dir" && ac_dir=.
-    if test -f $ac_dir/$ac_word; then
-      if test "$ac_dir/$ac_word" = "/usr/ucb/cc"; then
-        ac_prog_rejected=yes
-	continue
-      fi
-      ac_cv_prog_CC="cc"
-      break
-    fi
-  done
-  IFS="$ac_save_ifs"
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
+       ac_prog_rejected=yes
+       continue
+     fi
+    ac_cv_prog_CC="cc"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
 if test $ac_prog_rejected = yes; then
   # We found a bogon in the path, so make sure we never use it.
   set dummy $ac_cv_prog_CC
   shift
-  if test $# -gt 0; then
+  if test $# != 0; then
     # We chose a different compiler from the bogus one.
     # However, it has the same basename, so the bogon will be chosen
     # first if we set CC to just the basename; use the full file name.
     shift
-    set dummy "$ac_dir/$ac_word" "$@"
-    shift
-    ac_cv_prog_CC="$@"
+    ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
   fi
 fi
 fi
 fi
-CC="$ac_cv_prog_CC"
+CC=$ac_cv_prog_CC
 if test -n "$CC"; then
-  echo "$ac_t""$CC" 1>&6
+  { echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6; }
 else
-  echo "$ac_t""no" 1>&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 
-  if test -z "$CC"; then
-    case "`uname -s`" in
-    *win32* | *WIN32*)
-      # Extract the first word of "cl", so it can be a program name with args.
-set dummy cl; ac_word=$2
-echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:694: checking for $ac_word" >&5
-if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
-  echo $ac_n "(cached) $ac_c" 1>&6
+
+fi
+if test -z "$CC"; then
+  if test -n "$ac_tool_prefix"; then
+  for ac_prog in cl.exe
+  do
+    # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   if test -n "$CC"; then
   ac_cv_prog_CC="$CC" # Let the user override the test.
 else
-  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
-  ac_dummy="$PATH"
-  for ac_dir in $ac_dummy; do
-    test -z "$ac_dir" && ac_dir=.
-    if test -f $ac_dir/$ac_word; then
-      ac_cv_prog_CC="cl"
-      break
-    fi
-  done
-  IFS="$ac_save_ifs"
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
 fi
 fi
-CC="$ac_cv_prog_CC"
+CC=$ac_cv_prog_CC
 if test -n "$CC"; then
-  echo "$ac_t""$CC" 1>&6
+  { echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6; }
 else
-  echo "$ac_t""no" 1>&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
- ;;
-    esac
+
+
+    test -n "$CC" && break
+  done
+fi
+if test -z "$CC"; then
+  ac_ct_CC=$CC
+  for ac_prog in cl.exe
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -n "$ac_ct_CC"; then
+  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_CC="$ac_prog"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
   fi
-  test -z "$CC" && { echo "configure: error: no acceptable cc found in \$PATH" 1>&2; exit 1; }
+done
+done
+IFS=$as_save_IFS
+
 fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+  { echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
+echo "${ECHO_T}$ac_ct_CC" >&6; }
+else
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
 
-echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6
-echo "configure:726: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5
 
-ac_ext=c
-# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options.
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5'
-ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5'
-cross_compiling=$ac_cv_prog_cc_cross
+  test -n "$ac_ct_CC" && break
+done
 
-cat > conftest.$ac_ext << EOF
+  if test "x$ac_ct_CC" = x; then
+    CC=""
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet.  If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&5
+echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet.  If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&2;}
+ac_tool_warned=yes ;;
+esac
+    CC=$ac_ct_CC
+  fi
+fi
 
-#line 737 "configure"
-#include "confdefs.h"
+fi
 
-main(){return(0);}
-EOF
-if { (eval echo configure:742: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
-  ac_cv_prog_cc_works=yes
-  # If we can't run a trivial program, we are probably using a cross compiler.
-  if (./conftest; exit) 2>/dev/null; then
-    ac_cv_prog_cc_cross=no
+
+test -z "$CC" && { { echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH
+See \`config.log' for more details." >&5
+echo "$as_me: error: no acceptable C compiler found in \$PATH
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }
+
+# Provide some information about the compiler.
+echo "$as_me:$LINENO: checking for C compiler version" >&5
+ac_compiler=`set X $ac_compile; echo $2`
+{ (ac_try="$ac_compiler --version >&5"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compiler --version >&5") 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }
+{ (ac_try="$ac_compiler -v >&5"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compiler -v >&5") 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }
+{ (ac_try="$ac_compiler -V >&5"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compiler -V >&5") 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files a.out a.exe b.out"
+# Try to create an executable without -o first, disregard a.out.
+# It will help us diagnose broken compilers, and finding out an intuition
+# of exeext.
+{ echo "$as_me:$LINENO: checking for C compiler default output file name" >&5
+echo $ECHO_N "checking for C compiler default output file name... $ECHO_C" >&6; }
+ac_link_default=`echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
+#
+# List of possible output files, starting from the most likely.
+# The algorithm is not robust to junk in `.', hence go to wildcards (a.*)
+# only as a last resort.  b.out is created by i960 compilers.
+ac_files='a_out.exe a.exe conftest.exe a.out conftest a.* conftest.* b.out'
+#
+# The IRIX 6 linker writes into existing files which may not be
+# executable, retaining their permissions.  Remove them first so a
+# subsequent execution test works.
+ac_rmfiles=
+for ac_file in $ac_files
+do
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.o | *.obj ) ;;
+    * ) ac_rmfiles="$ac_rmfiles $ac_file";;
+  esac
+done
+rm -f $ac_rmfiles
+
+if { (ac_try="$ac_link_default"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link_default") 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; then
+  # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
+# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
+# in a Makefile.  We should not override ac_cv_exeext if it was cached,
+# so that the user can short-circuit this test for compilers unknown to
+# Autoconf.
+for ac_file in $ac_files ''
+do
+  test -f "$ac_file" || continue
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.o | *.obj )
+	;;
+    [ab].out )
+	# We found the default executable, but exeext='' is most
+	# certainly right.
+	break;;
+    *.* )
+        if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
+	then :; else
+	   ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+	fi
+	# We set ac_cv_exeext here because the later test for it is not
+	# safe: cross compilers may not add the suffix if given an `-o'
+	# argument, so we may need to know it at that point already.
+	# Even if this section looks crufty: it has the advantage of
+	# actually working.
+	break;;
+    * )
+	break;;
+  esac
+done
+test "$ac_cv_exeext" = no && ac_cv_exeext=
+
+else
+  ac_file=''
+fi
+
+{ echo "$as_me:$LINENO: result: $ac_file" >&5
+echo "${ECHO_T}$ac_file" >&6; }
+if test -z "$ac_file"; then
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { echo "$as_me:$LINENO: error: C compiler cannot create executables
+See \`config.log' for more details." >&5
+echo "$as_me: error: C compiler cannot create executables
+See \`config.log' for more details." >&2;}
+   { (exit 77); exit 77; }; }
+fi
+
+ac_exeext=$ac_cv_exeext
+
+# Check that the compiler produces executables we can run.  If not, either
+# the compiler is broken, or we cross compile.
+{ echo "$as_me:$LINENO: checking whether the C compiler works" >&5
+echo $ECHO_N "checking whether the C compiler works... $ECHO_C" >&6; }
+# FIXME: These cross compiler hacks should be removed for Autoconf 3.0
+# If not cross compiling, check that we can run a simple program.
+if test "$cross_compiling" != yes; then
+  if { ac_try='./$ac_file'
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_try") 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+    cross_compiling=no
   else
-    ac_cv_prog_cc_cross=yes
+    if test "$cross_compiling" = maybe; then
+	cross_compiling=yes
+    else
+	{ { echo "$as_me:$LINENO: error: cannot run C compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details." >&5
+echo "$as_me: error: cannot run C compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }
+    fi
   fi
+fi
+{ echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+
+rm -f a.out a.exe conftest$ac_cv_exeext b.out
+ac_clean_files=$ac_clean_files_save
+# Check that the compiler produces executables we can run.  If not, either
+# the compiler is broken, or we cross compile.
+{ echo "$as_me:$LINENO: checking whether we are cross compiling" >&5
+echo $ECHO_N "checking whether we are cross compiling... $ECHO_C" >&6; }
+{ echo "$as_me:$LINENO: result: $cross_compiling" >&5
+echo "${ECHO_T}$cross_compiling" >&6; }
+
+{ echo "$as_me:$LINENO: checking for suffix of executables" >&5
+echo $ECHO_N "checking for suffix of executables... $ECHO_C" >&6; }
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; then
+  # If both `conftest.exe' and `conftest' are `present' (well, observable)
+# catch `conftest.exe'.  For instance with Cygwin, `ls conftest' will
+# work properly (i.e., refer to `conftest.exe'), while it won't with
+# `rm'.
+for ac_file in conftest.exe conftest conftest.*; do
+  test -f "$ac_file" || continue
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.o | *.obj ) ;;
+    *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+	  break;;
+    * ) break;;
+  esac
+done
 else
-  echo "configure: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  ac_cv_prog_cc_works=no
+  { { echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details." >&5
+echo "$as_me: error: cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }
 fi
-rm -fr conftest*
-ac_ext=c
-# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options.
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5'
-ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5'
-cross_compiling=$ac_cv_prog_cc_cross
 
-echo "$ac_t""$ac_cv_prog_cc_works" 1>&6
-if test $ac_cv_prog_cc_works = no; then
-  { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; }
+rm -f conftest$ac_cv_exeext
+{ echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5
+echo "${ECHO_T}$ac_cv_exeext" >&6; }
+
+rm -f conftest.$ac_ext
+EXEEXT=$ac_cv_exeext
+ac_exeext=$EXEEXT
+{ echo "$as_me:$LINENO: checking for suffix of object files" >&5
+echo $ECHO_N "checking for suffix of object files... $ECHO_C" >&6; }
+if test "${ac_cv_objext+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.o conftest.obj
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; then
+  for ac_file in conftest.o conftest.obj conftest.*; do
+  test -f "$ac_file" || continue;
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf ) ;;
+    *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
+       break;;
+  esac
+done
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile
+See \`config.log' for more details." >&5
+echo "$as_me: error: cannot compute suffix of object files: cannot compile
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }
 fi
-echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6
-echo "configure:768: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5
-echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6
-cross_compiling=$ac_cv_prog_cc_cross
 
-echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6
-echo "configure:773: checking whether we are using GNU C" >&5
-if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then
-  echo $ac_n "(cached) $ac_c" 1>&6
+rm -f conftest.$ac_cv_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_objext" >&5
+echo "${ECHO_T}$ac_cv_objext" >&6; }
+OBJEXT=$ac_cv_objext
+ac_objext=$OBJEXT
+{ echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5
+echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6; }
+if test "${ac_cv_c_compiler_gnu+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
 else
-  cat > conftest.c <<EOF
-#ifdef __GNUC__
-  yes;
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+#ifndef __GNUC__
+       choke me
 #endif
-EOF
-if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:782: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then
-  ac_cv_prog_gcc=yes
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_compiler_gnu=yes
 else
-  ac_cv_prog_gcc=no
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_compiler_gnu=no
 fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_c_compiler_gnu=$ac_compiler_gnu
+
 fi
+{ echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5
+echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6; }
+GCC=`test $ac_compiler_gnu = yes && echo yes`
+ac_test_CFLAGS=${CFLAGS+set}
+ac_save_CFLAGS=$CFLAGS
+{ echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5
+echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6; }
+if test "${ac_cv_prog_cc_g+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_save_c_werror_flag=$ac_c_werror_flag
+   ac_c_werror_flag=yes
+   ac_cv_prog_cc_g=no
+   CFLAGS="-g"
+   cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
 
-echo "$ac_t""$ac_cv_prog_gcc" 1>&6
+int
+main ()
+{
 
-if test $ac_cv_prog_gcc = yes; then
-  GCC=yes
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_prog_cc_g=yes
 else
-  GCC=
-fi
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_test_CFLAGS="${CFLAGS+set}"
-ac_save_CFLAGS="$CFLAGS"
-CFLAGS=
-echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6
-echo "configure:801: checking whether ${CC-cc} accepts -g" >&5
-if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then
-  echo $ac_n "(cached) $ac_c" 1>&6
+	CFLAGS=""
+      cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  :
 else
-  echo 'void f(){}' > conftest.c
-if test -z "`${CC-cc} -g -c conftest.c 2>&1`"; then
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_c_werror_flag=$ac_save_c_werror_flag
+	 CFLAGS="-g"
+	 cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_prog_cc_g=yes
 else
-  ac_cv_prog_cc_g=no
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
 fi
-rm -f conftest*
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
 
-echo "$ac_t""$ac_cv_prog_cc_g" 1>&6
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+   ac_c_werror_flag=$ac_save_c_werror_flag
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5
+echo "${ECHO_T}$ac_cv_prog_cc_g" >&6; }
 if test "$ac_test_CFLAGS" = set; then
-  CFLAGS="$ac_save_CFLAGS"
+  CFLAGS=$ac_save_CFLAGS
 elif test $ac_cv_prog_cc_g = yes; then
   if test "$GCC" = yes; then
     CFLAGS="-g -O2"
@@ -827,31 +2703,154 @@
     CFLAGS=
   fi
 fi
+{ echo "$as_me:$LINENO: checking for $CC option to accept ISO C89" >&5
+echo $ECHO_N "checking for $CC option to accept ISO C89... $ECHO_C" >&6; }
+if test "${ac_cv_prog_cc_c89+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_cv_prog_cc_c89=no
+ac_save_CC=$CC
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <stdarg.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+/* Most of the following tests are stolen from RCS 5.7's src/conf.sh.  */
+struct buf { int x; };
+FILE * (*rcsopen) (struct buf *, struct stat *, int);
+static char *e (p, i)
+     char **p;
+     int i;
+{
+  return p[i];
+}
+static char *f (char * (*g) (char **, int), char **p, ...)
+{
+  char *s;
+  va_list v;
+  va_start (v,p);
+  s = g (p, va_arg (v,int));
+  va_end (v);
+  return s;
+}
 
-echo $ac_n "checking whether ${MAKE-make} sets \${MAKE}""... $ac_c" 1>&6
-echo "configure:833: checking whether ${MAKE-make} sets \${MAKE}" >&5
-set dummy ${MAKE-make}; ac_make=`echo "$2" | sed 'y%./+-%__p_%'`
-if eval "test \"`echo '$''{'ac_cv_prog_make_${ac_make}_set'+set}'`\" = set"; then
-  echo $ac_n "(cached) $ac_c" 1>&6
+/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default.  It has
+   function prototypes and stuff, but not '\xHH' hex character constants.
+   These don't provoke an error unfortunately, instead are silently treated
+   as 'x'.  The following induces an error, until -std is added to get
+   proper ANSI mode.  Curiously '\x00'!='x' always comes out true, for an
+   array size at least.  It's necessary to write '\x00'==0 to get something
+   that's true only with -std.  */
+int osf4_cc_array ['\x00' == 0 ? 1 : -1];
+
+/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
+   inside strings and character constants.  */
+#define FOO(x) 'x'
+int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
+
+int test (int i, double x);
+struct s1 {int (*f) (int a);};
+struct s2 {int (*f) (double a);};
+int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
+int argc;
+char **argv;
+int
+main ()
+{
+return f (e, argv, 0) != argv[0]  ||  f (e, argv, 1) != argv[1];
+  ;
+  return 0;
+}
+_ACEOF
+for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
+	-Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
+do
+  CC="$ac_save_CC $ac_arg"
+  rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_prog_cc_c89=$ac_arg
 else
-  cat > conftestmake <<\EOF
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext
+  test "x$ac_cv_prog_cc_c89" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+
+fi
+# AC_CACHE_VAL
+case "x$ac_cv_prog_cc_c89" in
+  x)
+    { echo "$as_me:$LINENO: result: none needed" >&5
+echo "${ECHO_T}none needed" >&6; } ;;
+  xno)
+    { echo "$as_me:$LINENO: result: unsupported" >&5
+echo "${ECHO_T}unsupported" >&6; } ;;
+  *)
+    CC="$CC $ac_cv_prog_cc_c89"
+    { echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c89" >&5
+echo "${ECHO_T}$ac_cv_prog_cc_c89" >&6; } ;;
+esac
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+{ echo "$as_me:$LINENO: checking whether ${MAKE-make} sets \$(MAKE)" >&5
+echo $ECHO_N "checking whether ${MAKE-make} sets \$(MAKE)... $ECHO_C" >&6; }
+set x ${MAKE-make}; ac_make=`echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'`
+if { as_var=ac_cv_prog_make_${ac_make}_set; eval "test \"\${$as_var+set}\" = set"; }; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.make <<\_ACEOF
+SHELL = /bin/sh
 all:
-	@echo 'ac_maketemp="${MAKE}"'
-EOF
+	@echo '@@@%%%=$(MAKE)=@@@%%%'
+_ACEOF
 # GNU make sometimes prints "make[1]: Entering...", which would confuse us.
-eval `${MAKE-make} -f conftestmake 2>/dev/null | grep temp=`
-if test -n "$ac_maketemp"; then
-  eval ac_cv_prog_make_${ac_make}_set=yes
-else
-  eval ac_cv_prog_make_${ac_make}_set=no
+case `${MAKE-make} -f conftest.make 2>/dev/null` in
+  *@@@%%%=?*=@@@%%%*)
+    eval ac_cv_prog_make_${ac_make}_set=yes;;
+  *)
+    eval ac_cv_prog_make_${ac_make}_set=no;;
+esac
+rm -f conftest.make
 fi
-rm -f conftestmake
-fi
-if eval "test \"`echo '$ac_cv_prog_make_'${ac_make}_set`\" = yes"; then
-  echo "$ac_t""yes" 1>&6
+if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then
+  { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
   SET_MAKE=
 else
-  echo "$ac_t""no" 1>&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
   SET_MAKE="MAKE=${MAKE-make}"
 fi
 
@@ -862,60 +2861,76 @@
 # SunOS /usr/etc/install
 # IRIX /sbin/install
 # AIX /bin/install
+# AmigaOS /C/install, which installs bootblocks on floppy discs
 # AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
 # AFS /usr/afsws/bin/install, which mishandles nonexistent args
 # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
+# OS/2's system install, which has a completely different semantic
 # ./install, which can be erroneously created by make from ./install.sh.
-echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6
-echo "configure:871: checking for a BSD compatible install" >&5
+{ echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5
+echo $ECHO_N "checking for a BSD-compatible install... $ECHO_C" >&6; }
 if test -z "$INSTALL"; then
-if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then
-  echo $ac_n "(cached) $ac_c" 1>&6
+if test "${ac_cv_path_install+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
 else
-    IFS="${IFS= 	}"; ac_save_IFS="$IFS"; IFS=":"
-  for ac_dir in $PATH; do
-    # Account for people who put trailing slashes in PATH elements.
-    case "$ac_dir/" in
-    /|./|.//|/etc/*|/usr/sbin/*|/usr/etc/*|/sbin/*|/usr/afsws/bin/*|/usr/ucb/*) ;;
-    *)
-      # OSF1 and SCO ODT 3.0 have their own names for install.
-      # Don't use installbsd from OSF since it installs stuff as root
-      # by default.
-      for ac_prog in ginstall scoinst install; do
-        if test -f $ac_dir/$ac_prog; then
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  # Account for people who put trailing slashes in PATH elements.
+case $as_dir/ in
+  ./ | .// | /cC/* | \
+  /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
+  ?:\\/os2\\/install\\/* | ?:\\/OS2\\/INSTALL\\/* | \
+  /usr/ucb/* ) ;;
+  *)
+    # OSF1 and SCO ODT 3.0 have their own names for install.
+    # Don't use installbsd from OSF since it installs stuff as root
+    # by default.
+    for ac_prog in ginstall scoinst install; do
+      for ac_exec_ext in '' $ac_executable_extensions; do
+	if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then
 	  if test $ac_prog = install &&
-            grep dspmsg $ac_dir/$ac_prog >/dev/null 2>&1; then
+	    grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
 	    # AIX install.  It has an incompatible calling convention.
 	    :
+	  elif test $ac_prog = install &&
+	    grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+	    # program-specific install script used by HP pwplus--don't use.
+	    :
 	  else
-	    ac_cv_path_install="$ac_dir/$ac_prog -c"
-	    break 2
+	    ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
+	    break 3
 	  fi
 	fi
       done
-      ;;
-    esac
-  done
-  IFS="$ac_save_IFS"
+    done
+    ;;
+esac
+done
+IFS=$as_save_IFS
 
+
 fi
   if test "${ac_cv_path_install+set}" = set; then
-    INSTALL="$ac_cv_path_install"
+    INSTALL=$ac_cv_path_install
   else
-    # As a last resort, use the slow shell script.  We don't cache a
-    # path for INSTALL within a source directory, because that will
+    # As a last resort, use the slow shell script.  Don't cache a
+    # value for INSTALL within a source directory, because that will
     # break other packages using the cache if that directory is
-    # removed, or if the path is relative.
-    INSTALL="$ac_install_sh"
+    # removed, or if the value is a relative name.
+    INSTALL=$ac_install_sh
   fi
 fi
-echo "$ac_t""$INSTALL" 1>&6
+{ echo "$as_me:$LINENO: result: $INSTALL" >&5
+echo "${ECHO_T}$INSTALL" >&6; }
 
 # Use test -z because SunOS4 sh mishandles braces in ${var-val}.
 # It thinks the first close brace ends the variable substitution.
 test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
 
-test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL_PROGRAM}'
+test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
 
 test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
 
@@ -930,94 +2945,99 @@
 
 
 XPATH="$prefix/bin:$PATH"
-	
 
 
-# Check whether --enable-release or --disable-release was given.
+
+# Check whether --enable-release was given.
 if test "${enable_release+set}" = set; then
-  enableval="$enable_release"
-  CFLAGS="-O6"
+  enableval=$enable_release; CFLAGS="-O6"
 fi
 
 
-# Check whether --enable-debug or --disable-debug was given.
+# Check whether --enable-debug was given.
 if test "${enable_debug+set}" = set; then
-  enableval="$enable_debug"
-  
+  enableval=$enable_debug;
 	CFLAGS="-g"; debug_flags="-DDEBUG"
 fi
 
-	      
-# Check whether --enable-install or --disable-install was given.
+
+# Check whether --enable-install was given.
 if test "${enable_install+set}" = set; then
-  enableval="$enable_install"
-  installuser=$enable_install
+  enableval=$enable_install; installuser=$enable_install
 fi
 
 : ${installuser:=root}
 
-# Check whether --enable-syslog or --disable-syslog was given.
+# Check whether --enable-syslog was given.
 if test "${enable_syslog+set}" = set; then
-  enableval="$enable_syslog"
-  cat >> confdefs.h <<\EOF
+  enableval=$enable_syslog; cat >>confdefs.h <<\_ACEOF
 #define USE_SYSLOG 1
-EOF
+_ACEOF
 
 fi
 
 
-# Check whether --enable-tcpwrappers or --disable-tcpwrappers was given.
+# Check whether --enable-tcpwrappers was given.
 if test "${enable_tcpwrappers+set}" = set; then
-  enableval="$enable_tcpwrappers"
-  test "$enable_tcpwrappers" = "yes" && libwrap="-lwrap"
+  enableval=$enable_tcpwrappers; test "$enable_tcpwrappers" = "yes" && libwrap="-lwrap"
 fi
 
-	
-	
 
 
 
+
+
 # Extract the first word of "libopenvas-config", so it can be a program name with args.
 set dummy libopenvas-config; ac_word=$2
-echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:984: checking for $ac_word" >&5
-if eval "test \"`echo '$''{'ac_cv_path_LIBOPENVASCONFIG'+set}'`\" = set"; then
-  echo $ac_n "(cached) $ac_c" 1>&6
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_path_LIBOPENVASCONFIG+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
 else
-  case "$LIBOPENVASCONFIG" in
-  /*)
+  case $LIBOPENVASCONFIG in
+  [\\/]* | ?:[\\/]*)
   ac_cv_path_LIBOPENVASCONFIG="$LIBOPENVASCONFIG" # Let the user override the test with a path.
   ;;
-  ?:/*)			 
-  ac_cv_path_LIBOPENVASCONFIG="$LIBOPENVASCONFIG" # Let the user override the test with a dos path.
-  ;;
   *)
-  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
-  ac_dummy="$XPATH"
-  for ac_dir in $ac_dummy; do 
-    test -z "$ac_dir" && ac_dir=.
-    if test -f $ac_dir/$ac_word; then
-      ac_cv_path_LIBOPENVASCONFIG="$ac_dir/$ac_word"
-      break
-    fi
-  done
-  IFS="$ac_save_ifs"
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $XPATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_path_LIBOPENVASCONFIG="$as_dir/$ac_word$ac_exec_ext"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
   ;;
 esac
 fi
-LIBOPENVASCONFIG="$ac_cv_path_LIBOPENVASCONFIG"
+LIBOPENVASCONFIG=$ac_cv_path_LIBOPENVASCONFIG
 if test -n "$LIBOPENVASCONFIG"; then
-  echo "$ac_t""$LIBOPENVASCONFIG" 1>&6
+  { echo "$as_me:$LINENO: result: $LIBOPENVASCONFIG" >&5
+echo "${ECHO_T}$LIBOPENVASCONFIG" >&6; }
 else
-  echo "$ac_t""no" 1>&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 
 
-test "x$LIBOPENVASCONFIG" = x && { echo "configure: error: ""
-""
-"*** openvas-libraries is not installed ! You need to install it before you"
-"compile openvas-server."" 1>&2; exit 1; }
 
+test "x$LIBOPENVASCONFIG" = x && { { echo "$as_me:$LINENO: error: \"\"
+\"\"
+\"*** openvas-libraries is not installed ! You need to install it before you\"
+\"compile openvas-server.\"" >&5
+echo "$as_me: error: \"\"
+\"\"
+\"*** openvas-libraries is not installed ! You need to install it before you\"
+\"compile openvas-server.\"" >&2;}
+   { (exit 1); exit 1; }; }
+
 OPENVASLIBS_VERSION=`$LIBOPENVASCONFIG --version`
 
 OPENVASLIBS_MAJOR=`echo $OPENVASLIBS_VERSION | \
@@ -1051,53 +3071,67 @@
   fi
 fi
 if test $ok = no; then
-{ echo "configure: error: openvas-libraries $OPENVASLIBS_VERSION too old.
+{ { echo "$as_me:$LINENO: error: openvas-libraries $OPENVASLIBS_VERSION too old.
 Minimum required is $NEED_OPENVASLIBS_VERSION .
-" 1>&2; exit 1; }
+" >&5
+echo "$as_me: error: openvas-libraries $OPENVASLIBS_VERSION too old.
+Minimum required is $NEED_OPENVASLIBS_VERSION .
+" >&2;}
+   { (exit 1); exit 1; }; }
 fi
 
 
 # Extract the first word of "openvas-libnasl-config", so it can be a program name with args.
 set dummy openvas-libnasl-config; ac_word=$2
-echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:1064: checking for $ac_word" >&5
-if eval "test \"`echo '$''{'ac_cv_path_OPENVASLIBNASLCONFIG'+set}'`\" = set"; then
-  echo $ac_n "(cached) $ac_c" 1>&6
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_path_OPENVASLIBNASLCONFIG+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
 else
-  case "$OPENVASLIBNASLCONFIG" in
-  /*)
+  case $OPENVASLIBNASLCONFIG in
+  [\\/]* | ?:[\\/]*)
   ac_cv_path_OPENVASLIBNASLCONFIG="$OPENVASLIBNASLCONFIG" # Let the user override the test with a path.
   ;;
-  ?:/*)			 
-  ac_cv_path_OPENVASLIBNASLCONFIG="$OPENVASLIBNASLCONFIG" # Let the user override the test with a dos path.
-  ;;
   *)
-  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
-  ac_dummy="$XPATH"
-  for ac_dir in $ac_dummy; do 
-    test -z "$ac_dir" && ac_dir=.
-    if test -f $ac_dir/$ac_word; then
-      ac_cv_path_OPENVASLIBNASLCONFIG="$ac_dir/$ac_word"
-      break
-    fi
-  done
-  IFS="$ac_save_ifs"
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $XPATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_path_OPENVASLIBNASLCONFIG="$as_dir/$ac_word$ac_exec_ext"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
   ;;
 esac
 fi
-OPENVASLIBNASLCONFIG="$ac_cv_path_OPENVASLIBNASLCONFIG"
+OPENVASLIBNASLCONFIG=$ac_cv_path_OPENVASLIBNASLCONFIG
 if test -n "$OPENVASLIBNASLCONFIG"; then
-  echo "$ac_t""$OPENVASLIBNASLCONFIG" 1>&6
+  { echo "$as_me:$LINENO: result: $OPENVASLIBNASLCONFIG" >&5
+echo "${ECHO_T}$OPENVASLIBNASLCONFIG" >&6; }
 else
-  echo "$ac_t""no" 1>&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 
 
-test "x$OPENVASLIBNASLCONFIG" = x &&  { echo "configure: error: ""
-""
-"*** openvas-libnasl is not installed ! You need to install it before you "
-"compile openvas-server."" 1>&2; exit 1; }
 
+test "x$OPENVASLIBNASLCONFIG" = x &&  { { echo "$as_me:$LINENO: error: \"\"
+\"\"
+\"*** openvas-libnasl is not installed ! You need to install it before you \"
+\"compile openvas-server.\"" >&5
+echo "$as_me: error: \"\"
+\"\"
+\"*** openvas-libnasl is not installed ! You need to install it before you \"
+\"compile openvas-server.\"" >&2;}
+   { (exit 1); exit 1; }; }
+
 OPENVASLIBNASL_VERSION=`$OPENVASLIBNASLCONFIG --version`
 
 OPENVASLIBNASL_MAJOR=`echo $OPENVASLIBNASL_VERSION | \
@@ -1131,9 +3165,13 @@
   fi
 fi
 if test $ok = no; then
-{ echo "configure: error: openvas-libnasl $OPENVASLIBNASL_VERSION too old.
+{ { echo "$as_me:$LINENO: error: openvas-libnasl $OPENVASLIBNASL_VERSION too old.
 Minimum required is $NEED_OPENVASLIBNASL_VERSION .
-" 1>&2; exit 1; }
+" >&5
+echo "$as_me: error: openvas-libnasl $OPENVASLIBNASL_VERSION too old.
+Minimum required is $NEED_OPENVASLIBNASL_VERSION .
+" >&2;}
+   { (exit 1); exit 1; }; }
 fi
 
 
@@ -1142,40 +3180,45 @@
   if test -z "$PKG_CONFIG"; then
     # Extract the first word of "pkg-config", so it can be a program name with args.
 set dummy pkg-config; ac_word=$2
-echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:1147: checking for $ac_word" >&5
-if eval "test \"`echo '$''{'ac_cv_path_PKG_CONFIG'+set}'`\" = set"; then
-  echo $ac_n "(cached) $ac_c" 1>&6
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_path_PKG_CONFIG+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
 else
-  case "$PKG_CONFIG" in
-  /*)
+  case $PKG_CONFIG in
+  [\\/]* | ?:[\\/]*)
   ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
   ;;
-  ?:/*)			 
-  ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a dos path.
-  ;;
   *)
-  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
-  ac_dummy="$PATH"
-  for ac_dir in $ac_dummy; do 
-    test -z "$ac_dir" && ac_dir=.
-    if test -f $ac_dir/$ac_word; then
-      ac_cv_path_PKG_CONFIG="$ac_dir/$ac_word"
-      break
-    fi
-  done
-  IFS="$ac_save_ifs"
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
   test -z "$ac_cv_path_PKG_CONFIG" && ac_cv_path_PKG_CONFIG="no"
   ;;
 esac
 fi
-PKG_CONFIG="$ac_cv_path_PKG_CONFIG"
+PKG_CONFIG=$ac_cv_path_PKG_CONFIG
 if test -n "$PKG_CONFIG"; then
-  echo "$ac_t""$PKG_CONFIG" 1>&6
+  { echo "$as_me:$LINENO: result: $PKG_CONFIG" >&5
+echo "${ECHO_T}$PKG_CONFIG" >&6; }
 else
-  echo "$ac_t""no" 1>&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 
+
   fi
 
   if test "$PKG_CONFIG" = "no" ; then
@@ -1186,33 +3229,36 @@
   else
      PKG_CONFIG_MIN_VERSION=0.9.0
      if $PKG_CONFIG --atleast-pkgconfig-version $PKG_CONFIG_MIN_VERSION; then
-        echo $ac_n "checking for glib-2.0 >= 2.2.0""... $ac_c" 1>&6
-echo "configure:1191: checking for glib-2.0 >= 2.2.0" >&5
+        { echo "$as_me:$LINENO: checking for glib-2.0 >= 2.2.0" >&5
+echo $ECHO_N "checking for glib-2.0 >= 2.2.0... $ECHO_C" >&6; }
 
         if $PKG_CONFIG --exists "glib-2.0 >= 2.2.0" ; then
-            echo "$ac_t""yes" 1>&6
+            { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
             succeeded=yes
 
-            echo $ac_n "checking GLIB_CFLAGS""... $ac_c" 1>&6
-echo "configure:1198: checking GLIB_CFLAGS" >&5
+            { echo "$as_me:$LINENO: checking GLIB_CFLAGS" >&5
+echo $ECHO_N "checking GLIB_CFLAGS... $ECHO_C" >&6; }
             GLIB_CFLAGS=`$PKG_CONFIG --cflags "glib-2.0 >= 2.2.0"`
-            echo "$ac_t""$GLIB_CFLAGS" 1>&6
+            { echo "$as_me:$LINENO: result: $GLIB_CFLAGS" >&5
+echo "${ECHO_T}$GLIB_CFLAGS" >&6; }
 
-            echo $ac_n "checking GLIB_LIBS""... $ac_c" 1>&6
-echo "configure:1203: checking GLIB_LIBS" >&5
+            { echo "$as_me:$LINENO: checking GLIB_LIBS" >&5
+echo $ECHO_N "checking GLIB_LIBS... $ECHO_C" >&6; }
             GLIB_LIBS=`$PKG_CONFIG --libs "glib-2.0 >= 2.2.0"`
-            echo "$ac_t""$GLIB_LIBS" 1>&6
+            { echo "$as_me:$LINENO: result: $GLIB_LIBS" >&5
+echo "${ECHO_T}$GLIB_LIBS" >&6; }
         else
             GLIB_CFLAGS=""
             GLIB_LIBS=""
-## If we have a custom action on failure, don't print errors, but 
+## If we have a custom action on failure, don't print errors, but
 ## do set a variable so people can do so.
             GLIB_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "glib-2.0 >= 2.2.0"`
-            
+
         fi
 
-        
-        
+
+
      else
         echo "*** Your version of pkg-config is too old. You need version $PKG_CONFIG_MIN_VERSION or newer."
         echo "*** See http://www.freedesktop.org/software/pkgconfig"
@@ -1222,7 +3268,9 @@
   if test $succeeded = yes; then
      HAVE_GLIB="yes"
   else
-     { echo "configure: error: "glib not found"" 1>&2; exit 1; }
+     { { echo "$as_me:$LINENO: error: \"glib not found\"" >&5
+echo "$as_me: error: \"glib not found\"" >&2;}
+   { (exit 1); exit 1; }; }
   fi
 
 
@@ -1238,126 +3286,466 @@
 saveCFLAGS="$CFLAGS"
 CFLAGS="$CFLAGS $OVSCFLAGS $NASLCFLAGS"
 
-echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6
-echo "configure:1243: checking how to run the C preprocessor" >&5
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+{ echo "$as_me:$LINENO: checking how to run the C preprocessor" >&5
+echo $ECHO_N "checking how to run the C preprocessor... $ECHO_C" >&6; }
 # On Suns, sometimes $CPP names a directory.
 if test -n "$CPP" && test -d "$CPP"; then
   CPP=
 fi
 if test -z "$CPP"; then
-if eval "test \"`echo '$''{'ac_cv_prog_CPP'+set}'`\" = set"; then
-  echo $ac_n "(cached) $ac_c" 1>&6
+  if test "${ac_cv_prog_CPP+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
 else
-    # This must be in double quotes, not single quotes, because CPP may get
-  # substituted into the Makefile and "${CC-cc}" will confuse make.
-  CPP="${CC-cc} -E"
+      # Double quotes because CPP needs to be expanded
+    for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
+    do
+      ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+  # Use a header file that comes with gcc, so configuring glibc
+  # with a fresh cross-compiler works.
+  # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+  # <limits.h> exists even on freestanding compilers.
   # On the NeXT, cc -E runs the code through the compiler's parser,
-  # not just through cpp.
-  cat > conftest.$ac_ext <<EOF
-#line 1258 "configure"
-#include "confdefs.h"
-#include <assert.h>
-Syntax Error
-EOF
-ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1264: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
-if test -z "$ac_err"; then
+  # not just through cpp. "Syntax error" is here to catch this case.
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+		     Syntax error
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   :
 else
-  echo "$ac_err" >&5
-  echo "configure: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -rf conftest*
-  CPP="${CC-cc} -E -traditional-cpp"
-  cat > conftest.$ac_ext <<EOF
-#line 1275 "configure"
-#include "confdefs.h"
-#include <assert.h>
-Syntax Error
-EOF
-ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1281: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
-if test -z "$ac_err"; then
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+  # Broken: fails on valid input.
+continue
+fi
+
+rm -f conftest.err conftest.$ac_ext
+
+  # OK, works on sane cases.  Now check whether nonexistent headers
+  # can be detected and how.
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <ac_nonexistent.h>
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
+  # Broken: success on invalid input.
+continue
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+  # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+
+rm -f conftest.err conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then
+  break
+fi
+
+    done
+    ac_cv_prog_CPP=$CPP
+
+fi
+  CPP=$ac_cv_prog_CPP
+else
+  ac_cv_prog_CPP=$CPP
+fi
+{ echo "$as_me:$LINENO: result: $CPP" >&5
+echo "${ECHO_T}$CPP" >&6; }
+ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+  # Use a header file that comes with gcc, so configuring glibc
+  # with a fresh cross-compiler works.
+  # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+  # <limits.h> exists even on freestanding compilers.
+  # On the NeXT, cc -E runs the code through the compiler's parser,
+  # not just through cpp. "Syntax error" is here to catch this case.
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+		     Syntax error
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   :
 else
-  echo "$ac_err" >&5
-  echo "configure: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -rf conftest*
-  CPP="${CC-cc} -nologo -E"
-  cat > conftest.$ac_ext <<EOF
-#line 1292 "configure"
-#include "confdefs.h"
-#include <assert.h>
-Syntax Error
-EOF
-ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1298: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
-if test -z "$ac_err"; then
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+  # Broken: fails on valid input.
+continue
+fi
+
+rm -f conftest.err conftest.$ac_ext
+
+  # OK, works on sane cases.  Now check whether nonexistent headers
+  # can be detected and how.
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <ac_nonexistent.h>
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
+  # Broken: success on invalid input.
+continue
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+  # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+
+rm -f conftest.err conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then
   :
 else
-  echo "$ac_err" >&5
-  echo "configure: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -rf conftest*
-  CPP=/lib/cpp
+  { { echo "$as_me:$LINENO: error: C preprocessor \"$CPP\" fails sanity check
+See \`config.log' for more details." >&5
+echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }
 fi
-rm -f conftest*
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+{ echo "$as_me:$LINENO: checking for grep that handles long lines and -e" >&5
+echo $ECHO_N "checking for grep that handles long lines and -e... $ECHO_C" >&6; }
+if test "${ac_cv_path_GREP+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  # Extract the first word of "grep ggrep" to use in msg output
+if test -z "$GREP"; then
+set dummy grep ggrep; ac_prog_name=$2
+if test "${ac_cv_path_GREP+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_path_GREP_found=false
+# Loop through the user's path and test for each of PROGNAME-LIST
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_prog in grep ggrep; do
+  for ac_exec_ext in '' $ac_executable_extensions; do
+    ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
+    { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue
+    # Check for GNU ac_path_GREP and select it if it is found.
+  # Check for GNU $ac_path_GREP
+case `"$ac_path_GREP" --version 2>&1` in
+*GNU*)
+  ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
+*)
+  ac_count=0
+  echo $ECHO_N "0123456789$ECHO_C" >"conftest.in"
+  while :
+  do
+    cat "conftest.in" "conftest.in" >"conftest.tmp"
+    mv "conftest.tmp" "conftest.in"
+    cp "conftest.in" "conftest.nl"
+    echo 'GREP' >> "conftest.nl"
+    "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+    diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+    ac_count=`expr $ac_count + 1`
+    if test $ac_count -gt ${ac_path_GREP_max-0}; then
+      # Best one so far, save it but keep looking for a better one
+      ac_cv_path_GREP="$ac_path_GREP"
+      ac_path_GREP_max=$ac_count
+    fi
+    # 10*(2^10) chars as input seems more than enough
+    test $ac_count -gt 10 && break
+  done
+  rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+
+    $ac_path_GREP_found && break 3
+  done
+done
+
+done
+IFS=$as_save_IFS
+
+
 fi
-rm -f conftest*
+
+GREP="$ac_cv_path_GREP"
+if test -z "$GREP"; then
+  { { echo "$as_me:$LINENO: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&5
+echo "$as_me: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&2;}
+   { (exit 1); exit 1; }; }
 fi
-rm -f conftest*
-  ac_cv_prog_CPP="$CPP"
+
+else
+  ac_cv_path_GREP=$GREP
 fi
-  CPP="$ac_cv_prog_CPP"
+
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_path_GREP" >&5
+echo "${ECHO_T}$ac_cv_path_GREP" >&6; }
+ GREP="$ac_cv_path_GREP"
+
+
+{ echo "$as_me:$LINENO: checking for egrep" >&5
+echo $ECHO_N "checking for egrep... $ECHO_C" >&6; }
+if test "${ac_cv_path_EGREP+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
 else
-  ac_cv_prog_CPP="$CPP"
+  if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
+   then ac_cv_path_EGREP="$GREP -E"
+   else
+     # Extract the first word of "egrep" to use in msg output
+if test -z "$EGREP"; then
+set dummy egrep; ac_prog_name=$2
+if test "${ac_cv_path_EGREP+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_path_EGREP_found=false
+# Loop through the user's path and test for each of PROGNAME-LIST
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_prog in egrep; do
+  for ac_exec_ext in '' $ac_executable_extensions; do
+    ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
+    { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue
+    # Check for GNU ac_path_EGREP and select it if it is found.
+  # Check for GNU $ac_path_EGREP
+case `"$ac_path_EGREP" --version 2>&1` in
+*GNU*)
+  ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
+*)
+  ac_count=0
+  echo $ECHO_N "0123456789$ECHO_C" >"conftest.in"
+  while :
+  do
+    cat "conftest.in" "conftest.in" >"conftest.tmp"
+    mv "conftest.tmp" "conftest.in"
+    cp "conftest.in" "conftest.nl"
+    echo 'EGREP' >> "conftest.nl"
+    "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+    diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+    ac_count=`expr $ac_count + 1`
+    if test $ac_count -gt ${ac_path_EGREP_max-0}; then
+      # Best one so far, save it but keep looking for a better one
+      ac_cv_path_EGREP="$ac_path_EGREP"
+      ac_path_EGREP_max=$ac_count
+    fi
+    # 10*(2^10) chars as input seems more than enough
+    test $ac_count -gt 10 && break
+  done
+  rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+
+    $ac_path_EGREP_found && break 3
+  done
+done
+
+done
+IFS=$as_save_IFS
+
+
 fi
-echo "$ac_t""$CPP" 1>&6
 
-echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6
-echo "configure:1323: checking for ANSI C header files" >&5
-if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then
-  echo $ac_n "(cached) $ac_c" 1>&6
+EGREP="$ac_cv_path_EGREP"
+if test -z "$EGREP"; then
+  { { echo "$as_me:$LINENO: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&5
+echo "$as_me: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
 else
-  cat > conftest.$ac_ext <<EOF
-#line 1328 "configure"
-#include "confdefs.h"
+  ac_cv_path_EGREP=$EGREP
+fi
+
+
+   fi
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_path_EGREP" >&5
+echo "${ECHO_T}$ac_cv_path_EGREP" >&6; }
+ EGREP="$ac_cv_path_EGREP"
+
+
+{ echo "$as_me:$LINENO: checking for ANSI C header files" >&5
+echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6; }
+if test "${ac_cv_header_stdc+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
 #include <stdlib.h>
 #include <stdarg.h>
 #include <string.h>
 #include <float.h>
-EOF
-ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1336: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
-if test -z "$ac_err"; then
-  rm -rf conftest*
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_header_stdc=yes
 else
-  echo "$ac_err" >&5
-  echo "configure: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -rf conftest*
-  ac_cv_header_stdc=no
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_cv_header_stdc=no
 fi
-rm -f conftest*
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
 if test $ac_cv_header_stdc = yes; then
   # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
-cat > conftest.$ac_ext <<EOF
-#line 1353 "configure"
-#include "confdefs.h"
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
 #include <string.h>
-EOF
+
+_ACEOF
 if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "memchr" >/dev/null 2>&1; then
+  $EGREP "memchr" >/dev/null 2>&1; then
   :
 else
-  rm -rf conftest*
   ac_cv_header_stdc=no
 fi
 rm -f conftest*
@@ -1366,16 +3754,19 @@
 
 if test $ac_cv_header_stdc = yes; then
   # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
-cat > conftest.$ac_ext <<EOF
-#line 1371 "configure"
-#include "confdefs.h"
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
 #include <stdlib.h>
-EOF
+
+_ACEOF
 if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "free" >/dev/null 2>&1; then
+  $EGREP "free" >/dev/null 2>&1; then
   :
 else
-  rm -rf conftest*
   ac_cv_header_stdc=no
 fi
 rm -f conftest*
@@ -1384,662 +3775,1979 @@
 
 if test $ac_cv_header_stdc = yes; then
   # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
-if test "$cross_compiling" = yes; then
+  if test "$cross_compiling" = yes; then
   :
 else
-  cat > conftest.$ac_ext <<EOF
-#line 1392 "configure"
-#include "confdefs.h"
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
 #include <ctype.h>
-#define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
-#define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
+#include <stdlib.h>
+#if ((' ' & 0x0FF) == 0x020)
+# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
+#else
+# define ISLOWER(c) \
+		   (('a' <= (c) && (c) <= 'i') \
+		     || ('j' <= (c) && (c) <= 'r') \
+		     || ('s' <= (c) && (c) <= 'z'))
+# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
+#endif
+
 #define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
-int main () { int i; for (i = 0; i < 256; i++)
-if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) exit(2);
-exit (0); }
-
-EOF
-if { (eval echo configure:1403: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
-then
+int
+main ()
+{
+  int i;
+  for (i = 0; i < 256; i++)
+    if (XOR (islower (i), ISLOWER (i))
+	|| toupper (i) != TOUPPER (i))
+      return 2;
+  return 0;
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_try") 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
   :
 else
-  echo "configure: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -fr conftest*
-  ac_cv_header_stdc=no
+  echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ac_cv_header_stdc=no
 fi
-rm -fr conftest*
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
 
+
 fi
 fi
+{ echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5
+echo "${ECHO_T}$ac_cv_header_stdc" >&6; }
+if test $ac_cv_header_stdc = yes; then
 
-echo "$ac_t""$ac_cv_header_stdc" 1>&6
-if test $ac_cv_header_stdc = yes; then
-  cat >> confdefs.h <<\EOF
+cat >>confdefs.h <<\_ACEOF
 #define STDC_HEADERS 1
-EOF
+_ACEOF
 
 fi
 
-echo $ac_n "checking for sys/wait.h that is POSIX.1 compatible""... $ac_c" 1>&6
-echo "configure:1427: checking