From randy at procyonlabs.com Mon Jun 1 00:10:56 2009 From: randy at procyonlabs.com (Randal T. Rioux) Date: Sun, 31 May 2009 18:10:56 -0400 Subject: [Openvas-devel] [openvas-Bugs][990] Portbunny is not found under the scanners on OpenVAS Client Message-ID: <937607.634091243807856369.JavaMail.servlet@perfora> The PortBunny guys did a great, albeit inebriated, talk on the software at Defcon in '08. I can help with this if nobody else has grabbed it (I have to run (didn't check status), just caught this note in my inbox now). Thanks, Randy >Bugs item #990, was opened at 2009-05-13 13:09 >Status: Open >Priority: 3 >Submitted By: Markus Schr?der (msgbeep) >Assigned to: Nobody (None) >Summary: Portbunny is not found under the scanners on OpenVAS Client >Architecture: None >Resolution: Accepted As Bug >Severity: normal >Version: v2.0.3 >Component: openvas-server >Operating System: other >Product: OpenVAS >Hardware: None >URL: > > >Initial Comment: >Issue is important for me, because I have to scan a host with all possible >scanners ( acting as port scanner ). > >In my case I installed OpenVAS and some packages found for CentOS on > >http://www.atomicorp.com/channels/atomic/centos/ > >Portbunny Version 1.1.1 was installed after OpenVAS was running first time. >Felix helped me to figure out what is the problem. >I delete all caches to rebuild them. >Every check brought more sickness to me to see portbunny is not a part of >possible scanners. >Every help to fix that are welcome. > >Chears >Markus Schr?der > >---------------------------------------------------------------------- > >You can respond by visiting: >http://wald.intevation.org/tracker/?func=detail&atid=220&aid=990&group_id=29 >_______________________________________________ >Openvas-devel mailing list >Openvas-devel at wald.intevation.org >http://lists.wald.intevation.org/mailman/listinfo/openvas-devel From michael.wiegand at intevation.de Thu Jun 4 15:26:00 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Thu, 4 Jun 2009 15:26:00 +0200 Subject: [Openvas-devel] Planning openvas-libraries 2.0.3 Message-ID: <20090604132600.GI9221@intevation.de> Hello, I'd like to schedule yet another release: openvas-libraries 2.0.3. A number of fixes and improvements have happened in this module and new functionality has been added. To enable other modules to use this functionality, we need a new openvas-libraries release. Changes since the last release include: - Support for localization in security messages (e.g. umlauts) has been re-enabled. - New functions for GnuTLS-based communication were added. - New functions for authentication were added. - An improved caching framework has been added ("NVT Info objects") As openvas-server and openvas-client, openvas-libraries will be branched as well to enables us to start work on the 2.1 series. I would like to schedule this release for Wednesday or Thursday next week. If you have any questions or suggestions, please let me know. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090604/9269652e/attachment.pgp From Jan-Oliver.Wagner at greenbone.net Thu Jun 4 21:18:08 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Thu, 4 Jun 2009 21:18:08 +0200 Subject: [Openvas-devel] New NVT server side cache to overcome NVT size limits Message-ID: <200906042118.08453.Jan-Oliver.Wagner@greenbone.net> Hello, I was unhappy with the current cache for the major reason that the cache as designed by the Nessus people limits NVTs in various ways. E.g. length of description, number of dependencies, number of CVEs etc. are all limited. The current cache works with fixed sizes, and just dumps binary memory blocks to/from filesystem. I've designed a keyfile approach where each cache file is a keyfile corresponding to a NVT. The limits of the keyfiles are far beyond what we have currently. I've used the nvti.c module which you find in current openvas-libraries of trunk and did some measurements: Applied for: openvas-plugins rev 3609 + a couple of personal scripts = 12028 scripts Patch for measurement with time command: Index: openvasd/pluginload.c =================================================================== --- openvasd/pluginload.c (Revision 3609) +++ openvasd/pluginload.c (Arbeitskopie) @@ -219,6 +219,7 @@ if ( be_quiet == 0 ) printf("\rAll plugins loaded \n"); +exit(0); return plugins; } Results: Keyfile solution: Initial start with empty cache: time openvasd real 4m4.297s user 1m15.853s sys 1m16.549s Keyfile solution: Start with cache: time openvasd real 0m6.960s user 0m5.892s sys 0m0.700s Keyfile solution: Size of Cache: du -sh . 48M . Old cache version with same NVTs: Current binary cache: Start without cache: time openvasd real 5m42.230s user 1m15.465s sys 1m7.948s Current binary cache: Start with cache: real 0m3.453s user 0m2.808s sys 0m0.496s Current binary cache: Cache size: du -sh . 142M . Summary: * Building the cache anew duration is almost the same * Loading existing cache duration doubles with keyfiles, but still at ~2000 NVTs per second * Harddisk consumption drops to ~1/3 of the current solution * There is still more opportunities to increase speed, as I did not optimize for speed yet. * No limits for description, CVEs, dependencies, ... This patch could be integrated after we branch openvas-libraries for 2.1- series. Opinions? Worth a Change Request? Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck AG Osnabr?ck, HR B 202460 | Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner From felix.wolfsteller at intevation.de Fri Jun 5 09:11:26 2009 From: felix.wolfsteller at intevation.de (Felix Wolfsteller) Date: Fri, 5 Jun 2009 09:11:26 +0200 Subject: [Openvas-devel] New NVT server side cache to overcome NVT size limits In-Reply-To: <200906042118.08453.Jan-Oliver.Wagner@greenbone.net> References: <200906042118.08453.Jan-Oliver.Wagner@greenbone.net> Message-ID: <200906050911.26535.felix.wolfsteller@intevation.de> yay! On Thursday 04 June 2009 21:18:08 Jan-Oliver Wagner wrote: > I've designed a keyfile approach where each cache file is a keyfile > corresponding to a NVT. > The limits of the keyfiles are far beyond what we have currently. > > I've used the nvti.c module which you find in current openvas-libraries > of trunk and did some measurements: > > Opinions? A speedup could be possible by not having a file for every plugin, but one cache file to rule them all - or one per subdir. The groups would correspond to nvts. This has a number of advantages and disadvatages: - Higher mem-consumption on startup - Probably faster startup, as just on file has to be opened - It would be easy to keep the cache clean of NVTs that are not present anymore (currently .desc/ can be full of files that are not needed, they have to be deleted by hand) - The check "is nvt newer than cache" would have to be changed - Slightly more difficult to look into the cache (you have to search in the file) Besides that, we should do a paholes on the nvti and pref structs. > Worth a Change Request? yes. -- felix -- Felix Wolfsteller | ++49-541-335 08 3451 | http://www.intevation.de/ PGP Key: 39DE0100 Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From openvas-bugs at wald.intevation.org Wed Jun 3 12:20:38 2009 From: openvas-bugs at wald.intevation.org (openvas-bugs@wald.intevation.org) Date: Wed, 3 Jun 2009 12:20:38 +0200 (CEST) Subject: [Openvas-devel] =?utf-8?q?=5Bopenvas-Bugs=5D=5B1022=5D_Deleting_t?= =?utf-8?q?he_Task_of_a_Scope_while_scanning_kills_client?= Message-ID: <20090603102038.1250013A16@pyrosoma.intevation.org> Bugs item #1022, was opened at 2009-06-03 10:20 Status: Open Priority: 3 Submitted By: Felix Wolfsteller (felix) Assigned to: Nobody (None) Summary: Deleting the Task of a Scope while scanning kills client Architecture: None Resolution: None Severity: normal Version: None Component: openvas-client Operating System: Linux Product: OpenVAS Hardware: None URL: Initial Comment: * Had a Task with a couple of scopes and reports in it. * Executed the Scope. * While the Scan was happening, I deleted the Task. * An error message came up, afterwards the client crashed. A test with fresh task & scope led to different behaviour. The client did not crash, but kept complaining endlessly on stderr ('nessus_get_socket_from_connection: bad fd <0>'). ---------------------------------------------------------------------- You can respond by visiting: http://wald.intevation.org/tracker/?func=detail&atid=220&aid=1022&group_id=29 From openvas-bugs at wald.intevation.org Thu Jun 4 23:24:58 2009 From: openvas-bugs at wald.intevation.org (openvas-bugs@wald.intevation.org) Date: Thu, 4 Jun 2009 23:24:58 +0200 (CEST) Subject: [Openvas-devel] =?utf-8?q?=5Bopenvas-Bugs=5D=5B1025=5D_openvas-li?= =?utf-8?q?bnasl-2=2E0=2E1_Failed_configure_CentOS_5=2E3?= Message-ID: <20090604212458.5938113B3E@pyrosoma.intevation.org> Bugs item #1025, was opened at 2009-06-04 16:24 Status: Open Priority: 3 Submitted By: Don Brocker (dbrocker) Assigned to: Nobody (None) Summary: openvas-libnasl-2.0.1 Failed configure CentOS 5.3 Architecture: None Resolution: None Severity: None Version: None Component: None Operating System: None Product: None Hardware: None URL: Initial Comment: When running a configure for openvas-libnasl-2.0.1 I get the following: checking for short... yes checking size of short... configure: error: cannot compute sizeof (short) See `config.log' for more details. I have included my config.log. Have I missed installing something needed? Any help in configuring this will be much appreciated. ---------------------------------------------------------------------- You can respond by visiting: http://wald.intevation.org/tracker/?func=detail&atid=220&aid=1025&group_id=29 From d.jagdmann at dn-systems.de Fri Jun 5 21:41:16 2009 From: d.jagdmann at dn-systems.de (Dirk Jagdmann) Date: Fri, 05 Jun 2009 12:41:16 -0700 Subject: [Openvas-devel] New NVT server side cache to overcome NVT size limits In-Reply-To: <200906042118.08453.Jan-Oliver.Wagner@greenbone.net> References: <200906042118.08453.Jan-Oliver.Wagner@greenbone.net> Message-ID: <4A2974DC.2030808@dn-systems.de> > Opinions? Memory dumps are stupid. Having the information in a portable format would allow other tools (written in other programming languages) to work on the cache. However I don't know if the cache only stores text data or if it has other data types (numbers, IP addresses). If so, you should pay some attention to data type sizes on 32bit vs 64bit systems, as they may have problems loading them. -- Dirk Jagdmann : Coder Tel. +49-5121-28989-15 -- DN-Systems Enterprise Internet Solutions GmbH Hornemannstr. 11 31137 Hildesheim, Germany Tel. +49-5121-28989-0 Fax. +49-5121-28989-11 Handelsregister HRB-3213 Amtsgericht Hildesheim Gesch?ftsf?hrer: Lukas Grunwald From Jan-Oliver.Wagner at greenbone.net Fri Jun 5 22:54:35 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Fri, 5 Jun 2009 22:54:35 +0200 Subject: [Openvas-devel] New NVT server side cache to overcome NVT size limits In-Reply-To: <4A2974DC.2030808@dn-systems.de> References: <200906042118.08453.Jan-Oliver.Wagner@greenbone.net> <4A2974DC.2030808@dn-systems.de> Message-ID: <200906052254.35336.Jan-Oliver.Wagner@greenbone.net> On Friday 05 June 2009 21:41:16 Dirk Jagdmann wrote: > > Opinions? > > Memory dumps are stupid. Having the information in a portable format > would allow other tools (written in other programming languages) to work > on the cache. Indeed. > However I don't know if the cache only stores text data or > if it has other data types (numbers, IP addresses). If so, you should > pay some attention to data type sizes on 32bit vs 64bit systems, as they > may have problems loading them. Currently it is Strings, Lists of Strings and Integers. glib usually takes care of the architectural differences, so I don't expect any problems here. Also, glib takes care of encoding and escaping. Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck AG Osnabr?ck, HR B 202460 | Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner From d.jagdmann at dn-systems.de Fri Jun 5 23:24:24 2009 From: d.jagdmann at dn-systems.de (Dirk Jagdmann) Date: Fri, 05 Jun 2009 14:24:24 -0700 Subject: [Openvas-devel] New NVT server side cache to overcome NVT size limits In-Reply-To: <200906052254.35336.Jan-Oliver.Wagner@greenbone.net> References: <200906042118.08453.Jan-Oliver.Wagner@greenbone.net> <4A2974DC.2030808@dn-systems.de> <200906052254.35336.Jan-Oliver.Wagner@greenbone.net> Message-ID: <4A298D08.3090703@dn-systems.de> >> However I don't know if the cache only stores text data or >> if it has other data types (numbers, IP addresses). If so, you should >> pay some attention to data type sizes on 32bit vs 64bit systems, as they >> may have problems loading them. > > Currently it is Strings, Lists of Strings and Integers. > glib usually takes care of the architectural differences, so I don't > expect any problems here. Also, glib takes care of encoding and escaping. As long as no 64bit guy wants to store the capacity of his new 1.5TB drive in bytes as an integer and then some legacy 32bit process likes to query the disk capacity... -- Dirk Jagdmann : Coder Tel. +49-5121-28989-15 -- DN-Systems Enterprise Internet Solutions GmbH Hornemannstr. 11 31137 Hildesheim, Germany Tel. +49-5121-28989-0 Fax. +49-5121-28989-11 Handelsregister HRB-3213 Amtsgericht Hildesheim Gesch?ftsf?hrer: Lukas Grunwald From Jan-Oliver.Wagner at greenbone.net Fri Jun 5 23:44:51 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Fri, 5 Jun 2009 23:44:51 +0200 Subject: [Openvas-devel] New NVT server side cache to overcome NVT size limits In-Reply-To: <200906042118.08453.Jan-Oliver.Wagner@greenbone.net> References: <200906042118.08453.Jan-Oliver.Wagner@greenbone.net> Message-ID: <200906052344.51356.Jan-Oliver.Wagner@greenbone.net> On Thursday 04 June 2009 21:18:08 Jan-Oliver Wagner wrote: > I was unhappy with the current cache for the major reason that > the cache as designed by the Nessus people limits NVTs in various ways. > E.g. length of description, number of dependencies, number of CVEs etc. > are all limited. >... > Worth a Change Request? I created one now: http://www.openvas.org/openvas-cr-33.html Please comment. I like to call for a vote already next week. Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck AG Osnabr?ck, HR B 202460 | Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner From d.jagdmann at dn-systems.de Sat Jun 6 01:00:41 2009 From: d.jagdmann at dn-systems.de (Dirk Jagdmann) Date: Fri, 05 Jun 2009 16:00:41 -0700 Subject: [Openvas-devel] New NVT server side cache to overcome NVT size limits In-Reply-To: <200906052344.51356.Jan-Oliver.Wagner@greenbone.net> References: <200906042118.08453.Jan-Oliver.Wagner@greenbone.net> <200906052344.51356.Jan-Oliver.Wagner@greenbone.net> Message-ID: <4A29A399.7080302@dn-systems.de> > http://www.openvas.org/openvas-cr-33.html > Please comment. I like to call for a vote already next week. I guess as long as you stick to the glib key-file functions you won't see any load performance improvements, since the glib supports many features in the key-file that the OpenVAS cache probably never needs (line continuations, comments, maybe more). If load performance should be improved later on, just make sure you don't use any fancy features of the glib implementation, so we could replace it later on with a re-implementation of the key-file loader which only handles the used features in an optimal way. I don't know how/where OpenVAS stores it's *.desc file now, but I assume the filename is derived somehow from the plugin ID and that they all live in only one cache directory. I recommend using a simple directory hierarchy (like HTTP proxies do), so we don't have huge directories containing thousands of files (even if modern filesystems with internal tree structures handle those cases better than classic ones). In case there may be file system size restrictions in the future, or somebody want's to scan a really large amount of clients with OpenVAS you could add a gzip/bzip2/lzip layer to keep the cache files compressed on disc. I also don't know about OpenVAS internals, but apart from the fixed memory structures of the cache subsystem, can the rest of OpenVAS deal with the new arbitrary long description strings? -- Dirk Jagdmann : Coder Tel. +49-5121-28989-15 -- DN-Systems Enterprise Internet Solutions GmbH Hornemannstr. 11 31137 Hildesheim, Germany Tel. +49-5121-28989-0 Fax. +49-5121-28989-11 Handelsregister HRB-3213 Amtsgericht Hildesheim Gesch?ftsf?hrer: Lukas Grunwald From michael.wiegand at intevation.de Mon Jun 8 10:17:22 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Mon, 8 Jun 2009 10:17:22 +0200 Subject: [Openvas-devel] New NVT server side cache to overcome NVT size limits In-Reply-To: <4A29A399.7080302@dn-systems.de> References: <200906042118.08453.Jan-Oliver.Wagner@greenbone.net> <200906052344.51356.Jan-Oliver.Wagner@greenbone.net> <4A29A399.7080302@dn-systems.de> Message-ID: <20090608081722.GJ9207@intevation.de> * Dirk Jagdmann [ 6. Jun 2009]: > > http://www.openvas.org/openvas-cr-33.html > > Please comment. I like to call for a vote already next week. > > I don't know how/where OpenVAS stores it's *.desc file now, but I assume > the filename is derived somehow from the plugin ID and that they all > live in only one cache directory. I recommend using a simple directory > hierarchy (like HTTP proxies do), so we don't have huge directories > containing thousands of files (even if modern filesystems with internal > tree structures handle those cases better than classic ones). I think they are in one cache directory per NVT directory, so different subdirectories in the NVT directory are stored in different cache (sub-)directories. > I also don't know about OpenVAS internals, but apart from the fixed > memory structures of the cache subsystem, can the rest of OpenVAS deal > with the new arbitrary long description strings? That is a good point. I can think of at least on instance which might have trouble with arbitrary long strings. I will look into that. Jan, do you want me to add those places to the CR? Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090608/1cab66b1/attachment.pgp From Jan-Oliver.Wagner at greenbone.net Mon Jun 8 08:38:27 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Mon, 8 Jun 2009 08:38:27 +0200 Subject: [Openvas-devel] New NVT server side cache to overcome NVT size limits In-Reply-To: <4A29A399.7080302@dn-systems.de> References: <200906042118.08453.Jan-Oliver.Wagner@greenbone.net> <200906052344.51356.Jan-Oliver.Wagner@greenbone.net> <4A29A399.7080302@dn-systems.de> Message-ID: <200906080838.28648.Jan-Oliver.Wagner@greenbone.net> On Saturday 06 June 2009 01:00:41 Dirk Jagdmann wrote: > > http://www.openvas.org/openvas-cr-33.html > > Please comment. I like to call for a vote already next week. > > I guess as long as you stick to the glib key-file functions you won't > see any load performance improvements, since the glib supports many > features in the key-file that the OpenVAS cache probably never needs > (line continuations, comments, maybe more). If load performance should > be improved later on, just make sure you don't use any fancy features of > the glib implementation, so we could replace it later on with a > re-implementation of the key-file loader which only handles the used > features in an optimal way. I see load performance improvements inside the current code. > I don't know how/where OpenVAS stores it's *.desc file now, but I assume > the filename is derived somehow from the plugin ID and that they all > live in only one cache directory. The filename ist used, not the OID. > I recommend using a simple directory > hierarchy (like HTTP proxies do), so we don't have huge directories > containing thousands of files (even if modern filesystems with internal > tree structures handle those cases better than classic ones). This is already prepared and works. Just the feed does not use it because it remains compatible with OpenVAS 1.0 where the subdir feature was not ready. > In case there may be file system size restrictions in the future, or > somebody want's to scan a really large amount of clients with OpenVAS > you could add a gzip/bzip2/lzip layer to keep the cache files compressed > on disc. As soon as we change to use of subdirs, we at least get rid of some of these potential problems. > I also don't know about OpenVAS internals, but apart from the fixed > memory structures of the cache subsystem, can the rest of OpenVAS deal > with the new arbitrary long description strings? Good question. I have to find out. Surely there are limits. However, during my naive tests with just I did not reach those limits. Careful testing and code analysis of course is needed to find out about the new limits. All the best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck AG Osnabr?ck, HR B 202460 | Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner From mmundell at intevation.de Mon Jun 8 11:36:20 2009 From: mmundell at intevation.de (Matthew Mundell) Date: 08 Jun 2009 09:35:20 -0001 Subject: [Openvas-devel] New NVT server side cache to overcome NVT size limits In-Reply-To: Message of Fri, 5 Jun 2009 23:44:51 +0200. <200906052344.51356.Jan-Oliver.Wagner@greenbone.net> Message-ID: <20090608093621.A48EEDEBC9@mail.ukfsn.org> > http://www.openvas.org/openvas-cr-33.html > > Please comment. I like to call for a vote already next week. I imagine using an SQLite database for the cache would speed up loading and saving. Would this be a better option than key files? From Jan-Oliver.Wagner at greenbone.net Mon Jun 8 14:01:25 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Mon, 8 Jun 2009 14:01:25 +0200 Subject: [Openvas-devel] New NVT server side cache to overcome NVT size limits In-Reply-To: <20090608093621.A48EEDEBC9@mail.ukfsn.org> References: <20090608093621.A48EEDEBC9@mail.ukfsn.org> Message-ID: <200906081401.25463.Jan-Oliver.Wagner@greenbone.net> On Monday 08 June 2009 11:36:20 Matthew Mundell wrote: > > http://www.openvas.org/openvas-cr-33.html > > > > Please comment. I like to call for a vote already next week. > > I imagine using an SQLite database for the cache would speed up loading and > saving. Would this be a better option than key files? It is an alternative to keyfiles, and likely the way to go ultimately. Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck AG Osnabr?ck, HR B 202460 | Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner From lists at securityspace.com Mon Jun 8 17:06:33 2009 From: lists at securityspace.com (Thomas Reinke) Date: Mon, 08 Jun 2009 11:06:33 -0400 Subject: [Openvas-devel] Licensing technicality Message-ID: <4A2D28F9.60905@securityspace.com> Hi, Having been reviewing some of the recent code (script) based changes, we stumbled over a licensing inconsistency that is not a big deal but probably should be addressed. A number of scripts claim that they are licensed under the terms of the "GPL v2 AND later". This is probably incorrect. It should probably be changed to "GPL v2 OR later". Scripts affected can be shown be running find -exec grep -l -H 'version 2 and later' \{\} \; from within the scripts directory. Given that many of these recently had the copyright changed to exclude a redundant licensing clause, and that redundant clause said "...GPL 2 OR later" I suspect the intent was to make it a proper "or" all along. Thomas From c_edjenguele at yahoo.it Mon Jun 8 19:19:04 2009 From: c_edjenguele at yahoo.it (Christian Eric EDJENGUELE) Date: Mon, 8 Jun 2009 17:19:04 +0000 (GMT) Subject: [Openvas-devel] Licensing technicality In-Reply-To: <4A2D28F9.60905@securityspace.com> References: <4A2D28F9.60905@securityspace.com> Message-ID: <519368.57820.qm@web28606.mail.ukl.yahoo.com> I've changed the copyright notice in fact to avoid redundancy, because the GPL licensing clause was already in the script comment. --- Christian Eric Edjenguele IT Security Software Developer & Researcher / Business Developer / Enterprise Software Architect mobile (IT): +39 3408580513 ----- Messaggio originale ----- > Da: Thomas Reinke > A: openvas-devel at wald.intevation.org > Inviato: Luned? 8 giugno 2009, 17:06:33 > Oggetto: [Openvas-devel] Licensing technicality > > Hi, > > Having been reviewing some of the recent code (script) based changes, > we stumbled over a licensing inconsistency that is not a big deal > but probably should be addressed. > > A number of scripts claim that they are licensed under the terms > of the "GPL v2 AND later". This is probably incorrect. > It should probably be changed to "GPL v2 OR later". > > Scripts affected can be shown be running > > find -exec grep -l -H 'version 2 and later' \{\} \; > > from within the scripts directory. Given that many of these recently > had the copyright changed to exclude a redundant licensing clause, > and that redundant clause said "...GPL 2 OR later" I suspect the > intent was to make it a proper "or" all along. > > Thomas > > _______________________________________________ > Openvas-devel mailing list > Openvas-devel at wald.intevation.org > http://lists.wald.intevation.org/mailman/listinfo/openvas-devel From lists at securityspace.com Mon Jun 8 20:52:03 2009 From: lists at securityspace.com (Thomas Reinke) Date: Mon, 08 Jun 2009 14:52:03 -0400 Subject: [Openvas-devel] Licensing technicality In-Reply-To: <519368.57820.qm@web28606.mail.ukl.yahoo.com> References: <4A2D28F9.60905@securityspace.com> <519368.57820.qm@web28606.mail.ukl.yahoo.com> Message-ID: <4A2D5DD3.3070203@securityspace.com> If you look at the scripts involved, as I said, it's not the copyright that was the problem. It's the script comments where the licensing text is problematic. Thomas Christian Eric EDJENGUELE wrote: > I've changed the copyright notice in fact to avoid redundancy, because the GPL licensing clause was already in the script comment. > > --- > Christian Eric Edjenguele > IT Security Software Developer & Researcher / Business Developer / Enterprise Software Architect > mobile (IT): +39 3408580513 > > > > ----- Messaggio originale ----- >> Da: Thomas Reinke >> A: openvas-devel at wald.intevation.org >> Inviato: Luned? 8 giugno 2009, 17:06:33 >> Oggetto: [Openvas-devel] Licensing technicality >> >> Hi, >> >> Having been reviewing some of the recent code (script) based changes, >> we stumbled over a licensing inconsistency that is not a big deal >> but probably should be addressed. >> >> A number of scripts claim that they are licensed under the terms >> of the "GPL v2 AND later". This is probably incorrect. >> It should probably be changed to "GPL v2 OR later". >> >> Scripts affected can be shown be running >> >> find -exec grep -l -H 'version 2 and later' \{\} \; >> >> from within the scripts directory. Given that many of these recently >> had the copyright changed to exclude a redundant licensing clause, >> and that redundant clause said "...GPL 2 OR later" I suspect the >> intent was to make it a proper "or" all along. >> >> Thomas >> >> _______________________________________________ >> Openvas-devel mailing list >> Openvas-devel at wald.intevation.org >> http://lists.wald.intevation.org/mailman/listinfo/openvas-devel > > > > > From Jan-Oliver.Wagner at greenbone.net Mon Jun 8 23:47:33 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Mon, 8 Jun 2009 23:47:33 +0200 Subject: [Openvas-devel] Licensing technicality In-Reply-To: <4A2D28F9.60905@securityspace.com> References: <4A2D28F9.60905@securityspace.com> Message-ID: <200906082347.35437.Jan-Oliver.Wagner@greenbone.net> On Montag, 8. Juni 2009, Thomas Reinke wrote: > Having been reviewing some of the recent code (script) based changes, > we stumbled over a licensing inconsistency that is not a big deal > but probably should be addressed. > > A number of scripts claim that they are licensed under the terms > of the "GPL v2 AND later". This is probably incorrect. > It should probably be changed to "GPL v2 OR later". > > Scripts affected can be shown be running > > find -exec grep -l -H 'version 2 and later' \{\} \; > > from within the scripts directory. Given that many of these recently > had the copyright changed to exclude a redundant licensing clause, > and that redundant clause said "...GPL 2 OR later" I suspect the > intent was to make it a proper "or" all along. eagle eye :-) For many european languages, the "and" could also mean alternative. So, it happens often that "and" is written while "or" is meant. This is no excuse, of coourse ;-) Just ome background why it happens. "or" should indeed be consistently used. BTW, I like the short terms "GPLv2" / "GPLv2+" ;-) Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 202460 Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner From d.jagdmann at dn-systems.de Tue Jun 9 03:59:50 2009 From: d.jagdmann at dn-systems.de (Dirk Jagdmann) Date: Mon, 08 Jun 2009 18:59:50 -0700 Subject: [Openvas-devel] Licensing technicality In-Reply-To: <200906082347.35437.Jan-Oliver.Wagner@greenbone.net> References: <4A2D28F9.60905@securityspace.com> <200906082347.35437.Jan-Oliver.Wagner@greenbone.net> Message-ID: <4A2DC216.1010101@dn-systems.de> > BTW, I like the short terms "GPLv2" / "GPLv2+" ;-) Me beeing a RegExer would only match: GPLv2 GPLv22 GPLv222 GPLv2222 GPLv22222 but not the latest incarnation of the Copyleft. -- Dirk Jagdmann : Coder Tel. +49-5121-28989-15 -- DN-Systems Enterprise Internet Solutions GmbH Hornemannstr. 11 31137 Hildesheim, Germany Tel. +49-5121-28989-0 Fax. +49-5121-28989-11 Handelsregister HRB-3213 Amtsgericht Hildesheim Gesch?ftsf?hrer: Lukas Grunwald From c_edjenguele at yahoo.it Tue Jun 9 09:04:27 2009 From: c_edjenguele at yahoo.it (Christian Eric EDJENGUELE) Date: Tue, 9 Jun 2009 07:04:27 +0000 (GMT) Subject: [Openvas-devel] Licensing technicality In-Reply-To: <4A2D5DD3.3070203@securityspace.com> References: <4A2D28F9.60905@securityspace.com> <519368.57820.qm@web28606.mail.ukl.yahoo.com> <4A2D5DD3.3070203@securityspace.com> Message-ID: <121528.65823.qm@web28604.mail.ukl.yahoo.com> yes I can see that --- Christian Eric Edjenguele IT Security Software Developer & Researcher / Business Developer / Enterprise Software Architect mobile (IT): +39 3408580513 ----- Messaggio originale ----- > Da: Thomas Reinke > A: Christian Eric EDJENGUELE > Cc: openvas-devel at wald.intevation.org > Inviato: Luned? 8 giugno 2009, 20:52:03 > Oggetto: Re: [Openvas-devel] Licensing technicality > > If you look at the scripts involved, as I said, it's not the copyright > that was the problem. It's the script comments where the licensing > text is problematic. > > Thomas > > Christian Eric EDJENGUELE wrote: > > I've changed the copyright notice in fact to avoid redundancy, because the GPL > licensing clause was already in the script comment. > > > > --- > > Christian Eric Edjenguele > > IT Security Software Developer & Researcher / Business Developer / Enterprise > Software Architect > > mobile (IT): +39 3408580513 > > > > > > > > ----- Messaggio originale ----- > >> Da: Thomas Reinke > >> A: openvas-devel at wald.intevation.org > >> Inviato: Luned? 8 giugno 2009, 17:06:33 > >> Oggetto: [Openvas-devel] Licensing technicality > >> > >> Hi, > >> > >> Having been reviewing some of the recent code (script) based changes, > >> we stumbled over a licensing inconsistency that is not a big deal > >> but probably should be addressed. > >> > >> A number of scripts claim that they are licensed under the terms > >> of the "GPL v2 AND later". This is probably incorrect. > >> It should probably be changed to "GPL v2 OR later". > >> > >> Scripts affected can be shown be running > >> > >> find -exec grep -l -H 'version 2 and later' \{\} \; > >> > >> from within the scripts directory. Given that many of these recently > >> had the copyright changed to exclude a redundant licensing clause, > >> and that redundant clause said "...GPL 2 OR later" I suspect the > >> intent was to make it a proper "or" all along. > >> > >> Thomas > >> > >> _______________________________________________ > >> Openvas-devel mailing list > >> Openvas-devel at wald.intevation.org > >> http://lists.wald.intevation.org/mailman/listinfo/openvas-devel > > > > > > > > > > From michael.wiegand at intevation.de Tue Jun 9 09:51:18 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Tue, 9 Jun 2009 09:51:18 +0200 Subject: [Openvas-devel] [Openvas-commits] r3653 - in trunk/openvas-plugins: . scripts In-Reply-To: <20090608112824.B5DABD6309@pyrosoma.intevation.org> References: <20090608112824.B5DABD6309@pyrosoma.intevation.org> Message-ID: <20090609075118.GG9170@intevation.de> Chandra, you broke two scripts with this commit by replacing the last line with "a" (see below). Could you fix this? A reminder for everybody: Please do test your code before committing. Thanks! Regards, Michael * scm-commit at wald.intevation.org [ 8. Jun 2009]: > Author: chandra > Date: 2009-06-08 13:28:16 +0200 (Mon, 08 Jun 2009) > New Revision: 3653 > > Modified: > trunk/openvas-plugins/scripts/gb_firefox_ftp_clnt_xss_vuln_win.nasl > trunk/openvas-plugins/scripts/pop3_unencrypted_cleartext_logins.nasl > > Modified: trunk/openvas-plugins/scripts/gb_firefox_ftp_clnt_xss_vuln_win.nasl > =================================================================== > --- trunk/openvas-plugins/scripts/gb_firefox_ftp_clnt_xss_vuln_win.nasl 2009-06-08 08:31:39 UTC (rev 3652) > +++ trunk/openvas-plugins/scripts/gb_firefox_ftp_clnt_xss_vuln_win.nasl 2009-06-08 11:28:16 UTC (rev 3653) > @@ -64,7 +64,7 @@ > script_summary(english:"Check for the version of Firefox"); > script_category(ACT_GATHER_INFO); > script_copyright(english:"Copyright (C) 2008 Intevation GmbH"); > - script_family(english:"Misc."); > + script_family(english:"General"); > script_dependencies("gb_firefox_detect_win.nasl"); > exit(0); > } > @@ -76,4 +76,4 @@ > if(version_in_range(version:get_kb_item("Firefox/Win/Ver"), > test_version:"3.0.1", test_version2:"3.0.3")){ > security_hole(0); > -} > +a > > > Modified: trunk/openvas-plugins/scripts/pop3_unencrypted_cleartext_logins.nasl > =================================================================== > --- trunk/openvas-plugins/scripts/pop3_unencrypted_cleartext_logins.nasl 2009-06-08 08:31:39 UTC (rev 3652) > +++ trunk/openvas-plugins/scripts/pop3_unencrypted_cleartext_logins.nasl 2009-06-08 11:28:16 UTC (rev 3653) > @@ -35,7 +35,7 @@ > script_category(ACT_GATHER_INFO); > script_copyright(english:"This script is Copyright (C) 2004 George A. Theall"); > > - family["english"] = "Misc."; > + family["english"] = "General"; > script_family(english:family["english"]); > > script_dependencie("find_service.nes", "global_settings.nasl", "logins.nasl"); > @@ -187,4 +187,4 @@ > resp = ""; > } > close(soc); > - > +a > -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090609/95c9d34c/attachment-0001.pgp From bchandra at secpod.com Tue Jun 9 10:22:18 2009 From: bchandra at secpod.com (Chandrashekhar B) Date: Tue, 9 Jun 2009 13:52:18 +0530 Subject: [Openvas-devel] [Openvas-commits] r3653 - in trunk/openvas-plugins: . scripts In-Reply-To: <20090609075118.GG9170@intevation.de> References: <20090608112824.B5DABD6309@pyrosoma.intevation.org> <20090609075118.GG9170@intevation.de> Message-ID: Sorry! fixed. Chandra. -----Original Message----- From: Michael Wiegand [mailto:michael.wiegand at intevation.de] Sent: Tuesday, June 09, 2009 1:21 PM To: openvas-devel at wald.intevation.org; Chandrashekhar B Subject: Re: [Openvas-commits] r3653 - in trunk/openvas-plugins: . scripts Chandra, you broke two scripts with this commit by replacing the last line with "a" (see below). Could you fix this? A reminder for everybody: Please do test your code before committing. Thanks! Regards, Michael * scm-commit at wald.intevation.org [ 8. Jun 2009]: > Author: chandra > Date: 2009-06-08 13:28:16 +0200 (Mon, 08 Jun 2009) > New Revision: 3653 > > Modified: > trunk/openvas-plugins/scripts/gb_firefox_ftp_clnt_xss_vuln_win.nasl > trunk/openvas-plugins/scripts/pop3_unencrypted_cleartext_logins.nasl > > Modified: trunk/openvas-plugins/scripts/gb_firefox_ftp_clnt_xss_vuln_win.nasl > =================================================================== > --- trunk/openvas-plugins/scripts/gb_firefox_ftp_clnt_xss_vuln_win.nasl 2009-06-08 08:31:39 UTC (rev 3652) > +++ trunk/openvas-plugins/scripts/gb_firefox_ftp_clnt_xss_vuln_win.nasl 2009-06-08 11:28:16 UTC (rev 3653) > @@ -64,7 +64,7 @@ > script_summary(english:"Check for the version of Firefox"); > script_category(ACT_GATHER_INFO); > script_copyright(english:"Copyright (C) 2008 Intevation GmbH"); > - script_family(english:"Misc."); > + script_family(english:"General"); > script_dependencies("gb_firefox_detect_win.nasl"); > exit(0); > } > @@ -76,4 +76,4 @@ > if(version_in_range(version:get_kb_item("Firefox/Win/Ver"), > test_version:"3.0.1", test_version2:"3.0.3")){ > security_hole(0); > -} > +a > > > Modified: trunk/openvas-plugins/scripts/pop3_unencrypted_cleartext_logins.nasl > =================================================================== > --- trunk/openvas-plugins/scripts/pop3_unencrypted_cleartext_logins.nasl 2009-06-08 08:31:39 UTC (rev 3652) > +++ trunk/openvas-plugins/scripts/pop3_unencrypted_cleartext_logins.nasl 2009-06-08 11:28:16 UTC (rev 3653) > @@ -35,7 +35,7 @@ > script_category(ACT_GATHER_INFO); > script_copyright(english:"This script is Copyright (C) 2004 George A. Theall"); > > - family["english"] = "Misc."; > + family["english"] = "General"; > script_family(english:family["english"]); > > script_dependencie("find_service.nes", "global_settings.nasl", "logins.nasl"); > @@ -187,4 +187,4 @@ > resp = ""; > } > close(soc); > - > +a > -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From christian.edjenguele at owasp.org Tue Jun 9 21:20:21 2009 From: christian.edjenguele at owasp.org (Christian Eric Edjenguele) Date: Tue, 09 Jun 2009 21:20:21 +0200 Subject: [Openvas-devel] [Openvas-commits] r3679 - in trunk/openvas-plugins: . scripts In-Reply-To: <20090609173522.11A0A13462@pyrosoma.intevation.org> References: <20090609173522.11A0A13462@pyrosoma.intevation.org> Message-ID: <4A2EB5F5.5010607@owasp.org> scm-commit at wald.intevation.org wrote: > Author: reinke > Date: 2009-06-09 19:35:20 +0200 (Tue, 09 Jun 2009) > New Revision: 3679 > > Modified: > trunk/openvas-plugins/ChangeLog > trunk/openvas-plugins/scripts/remote-MS03-034.nasl > Log: > bugfix > > Modified: trunk/openvas-plugins/ChangeLog > =================================================================== > --- trunk/openvas-plugins/ChangeLog 2009-06-09 16:52:33 UTC (rev 3678) > +++ trunk/openvas-plugins/ChangeLog 2009-06-09 17:35:20 UTC (rev 3679) > @@ -1,3 +1,8 @@ > +2009-06-09 Thomas Reinke > + * scripts/remote-MS03-034.nasl > + Added exit(0) to avoid many many many security warnings in certain > + situations. > + > 2009-06-09 Chandrashekhar B > * scripts/unprotected_cheopsNG.nasl, > scripts/gb_adobe_flash_player_mult_vuln_nov08_lin.nasl, > > Modified: trunk/openvas-plugins/scripts/remote-MS03-034.nasl > =================================================================== > --- trunk/openvas-plugins/scripts/remote-MS03-034.nasl 2009-06-09 16:52:33 UTC (rev 3678) > +++ trunk/openvas-plugins/scripts/remote-MS03-034.nasl 2009-06-09 17:35:20 UTC (rev 3679) > @@ -148,6 +148,9 @@ > if(matrix[j] != matrix[i]) > # Report Microsoft Windows 'NetBT Name Service' Information Leakage Vulnerability (MS03-034) > security_warning(port); > + # And exit lest we report this warning a > + # ridiculously large number of times. > + exit(0); > } > > } > Thomas, if you added this comment that sounds like an insult to me to make me abandon the OpenVAS project, then there you succeeded. But a question: what do you think you are ? forget, I do not expect a reply from a person who does not know what is respect. > _______________________________________________ > Openvas-commits mailing list > Openvas-commits at wald.intevation.org > http://lists.wald.intevation.org/mailman/listinfo/openvas-commits -- Christian Eric Edjenguele IT Security Software Engineer / IT Enterprise Software Architect From lists at securityspace.com Tue Jun 9 21:45:14 2009 From: lists at securityspace.com (Thomas Reinke) Date: Tue, 09 Jun 2009 15:45:14 -0400 Subject: [Openvas-devel] [Openvas-commits] r3679 - in trunk/openvas-plugins: . scripts In-Reply-To: <4A2EB5F5.5010607@owasp.org> References: <20090609173522.11A0A13462@pyrosoma.intevation.org> <4A2EB5F5.5010607@owasp.org> Message-ID: <4A2EBBCA.2010800@securityspace.com> Hi Christian. No insult intended. I'm pretty blunt on most issues. Even those where I screw up (and have done so in the past - just look at the scripts changelog for 2009-05-12). The comment was put in because we received 100+ or so instances of the test result an audit. A VERY large number. That being said, you're point is taken. I'll tone down the comments. My apologies. Thomas Christian Eric Edjenguele wrote: > scm-commit at wald.intevation.org wrote: >> Author: reinke >> Date: 2009-06-09 19:35:20 +0200 (Tue, 09 Jun 2009) >> New Revision: 3679 >> >> Modified: >> trunk/openvas-plugins/ChangeLog >> trunk/openvas-plugins/scripts/remote-MS03-034.nasl >> Log: >> bugfix >> >> Modified: trunk/openvas-plugins/ChangeLog >> =================================================================== >> --- trunk/openvas-plugins/ChangeLog 2009-06-09 16:52:33 UTC (rev 3678) >> +++ trunk/openvas-plugins/ChangeLog 2009-06-09 17:35:20 UTC (rev 3679) >> @@ -1,3 +1,8 @@ >> +2009-06-09 Thomas Reinke >> + * scripts/remote-MS03-034.nasl >> + Added exit(0) to avoid many many many security warnings in certain >> + situations. >> + >> 2009-06-09 Chandrashekhar B >> * scripts/unprotected_cheopsNG.nasl, >> scripts/gb_adobe_flash_player_mult_vuln_nov08_lin.nasl, >> >> Modified: trunk/openvas-plugins/scripts/remote-MS03-034.nasl >> =================================================================== >> --- trunk/openvas-plugins/scripts/remote-MS03-034.nasl 2009-06-09 16:52:33 UTC (rev 3678) >> +++ trunk/openvas-plugins/scripts/remote-MS03-034.nasl 2009-06-09 17:35:20 UTC (rev 3679) >> @@ -148,6 +148,9 @@ >> if(matrix[j] != matrix[i]) >> # Report Microsoft Windows 'NetBT Name Service' Information Leakage Vulnerability (MS03-034) >> security_warning(port); >> + # And exit lest we report this warning a >> + # ridiculously large number of times. >> + exit(0); >> } >> >> } >> > > Thomas, if you added this comment that sounds like an insult to me to > make me abandon the OpenVAS project, then there you succeeded. > But a question: what do you think you are ? > forget, I do not expect a reply from a person who does not know what is > respect. > > >> _______________________________________________ >> Openvas-commits mailing list >> Openvas-commits at wald.intevation.org >> http://lists.wald.intevation.org/mailman/listinfo/openvas-commits > > From michael.wiegand at intevation.de Wed Jun 10 08:17:11 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Wed, 10 Jun 2009 08:17:11 +0200 Subject: [Openvas-devel] [Openvas-commits] r3679 - in trunk/openvas-plugins: . scripts In-Reply-To: <4A2EB5F5.5010607@owasp.org> References: <20090609173522.11A0A13462@pyrosoma.intevation.org> <4A2EB5F5.5010607@owasp.org> Message-ID: <20090610061711.GD3759@intevation.de> * Christian Eric Edjenguele [ 9. Jun 2009]: > Thomas, if you added this comment that sounds like an insult to me to > make me abandon the OpenVAS project, then there you succeeded. > But a question: what do you think you are ? > forget, I do not expect a reply from a person who does not know what is > respect. As Thomas already said, I don't think he meant to insult or disrespect you in any way. I hope this situation is solved by Thomas' apology and the removal of the comment in question. That being said, a gentle reminder to everybody: Please try to keep your comments and ChangeLog entries on-topic and concise. Not only does this help to avoid situations like this, it also helps the person reading the code or ChangeLog to figure out what you just changed and why. I know it is satisfying to complain about bad code (and there is a lot of opportunity for that in some of the old Nessus code...), but it is rarely helpful. ;) Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090610/e7bb68dc/attachment.pgp From Jan-Oliver.Wagner at greenbone.net Wed Jun 10 21:31:52 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Wed, 10 Jun 2009 21:31:52 +0200 Subject: [Openvas-devel] Call for vote: CR #33 (Change server-side NVT cache from binary dumps to keyfiles) Message-ID: <200906102131.53084.Jan-Oliver.Wagner@greenbone.net> Hi, now that openvas-libraries is open of 2.1-developments, I'd like to call for a vote on CR#33: http://www.openvas.org/openvas-cr-33.html Naturally I vote +1 :-) Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck AG Osnabr?ck, HR B 202460 | Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner From lists at securityspace.com Wed Jun 10 22:09:38 2009 From: lists at securityspace.com (Thomas Reinke) Date: Wed, 10 Jun 2009 16:09:38 -0400 Subject: [Openvas-devel] Call for vote: CR #33 (Change server-side NVT cache from binary dumps to keyfiles) In-Reply-To: <200906102131.53084.Jan-Oliver.Wagner@greenbone.net> References: <200906102131.53084.Jan-Oliver.Wagner@greenbone.net> Message-ID: <4A301302.2070703@securityspace.com> > like to call for a vote on CR#33: > http://www.openvas.org/openvas-cr-33.html +1 From openvas-bugs at wald.intevation.org Wed Jun 10 02:21:53 2009 From: openvas-bugs at wald.intevation.org (openvas-bugs@wald.intevation.org) Date: Wed, 10 Jun 2009 02:21:53 +0200 (CEST) Subject: [Openvas-devel] =?utf-8?q?=5Bopenvas-Bugs=5D=5B1028=5D_Openvasd_h?= =?utf-8?q?its_100=25_CPU=2C_with_no_clients_attached=2E?= Message-ID: <20090610002153.C123BD6307@pyrosoma.intevation.org> Bugs item #1028, was opened at 2009-06-10 00:21 Status: Open Priority: 3 Submitted By: Leigh Purdie (redphoenix) Assigned to: Nobody (None) Summary: Openvasd hits 100% CPU, with no clients attached. Architecture: 32 Bit Resolution: None Severity: normal Version: v2.0.1 Component: openvas-server Operating System: Linux Product: OpenVAS Hardware: None URL: Initial Comment: Openvas server is claiming to be serving a client on localhost, but the client has completed/terminated. Openvas server is looping. Only produced once so far - I'll update the bug report if it occurs again. Used openvas-client, called from php: /usr/bin/openvas-client -V -x -c /path/to/OPENVASRC -T xml -q localhost 9390 username password /path/to/targets /path/to/results OPENVASRC is pretty generic - destructive plugins disabled, but otherwise fairly baseline. # top top - 10:08:25 up 8 days, 22:41, 3 users, load average: 0.94, 1.03, 1.01 Tasks: 97 total, 2 running, 95 sleeping, 0 stopped, 0 zombie Cpu(s): 41.2%us, 4.5%sy, 0.0%ni, 54.2%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st Mem: 1942028k total, 1841048k used, 100980k free, 176744k buffers Swap: 5686968k total, 84k used, 5686884k free, 1150112k cached PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 12120 root 20 0 19296 14m 604 R 99 0.8 11197:47 openvasd .. # strace -f -p 12120 2>&1 | head -30 Process 12120 attached - interrupt to quit getrusage(RUSAGE_SELF, {ru_utime={625042, 540000}, ru_stime={48037, 640000}, ...}) = 0 time(NULL) = 1244592519 times({tms_utime=62504254, tms_stime=4803764, tms_cutime=0, tms_cstime=0}) = 77261109 gettimeofday({1244592519, 691074}, NULL) = 0 getrusage(RUSAGE_SELF, {ru_utime={625042, 540000}, ru_stime={48037, 640000}, ...}) = 0 time(NULL) = 1244592519 times({tms_utime=62504254, tms_stime=4803764, tms_cutime=0, tms_cstime=0}) = 77261109 gettimeofday({1244592519, 691204}, NULL) = 0 getrusage(RUSAGE_SELF, {ru_utime={625042, 540000}, ru_stime={48037, 640000}, ...}) = 0 time(NULL) = 1244592519 times({tms_utime=62504254, tms_stime=4803764, tms_cutime=0, tms_cstime=0}) = 77261109 ... (etc) # ps -ef | grep -i openvas root 12120 1 98 Jun02 ? 7-18:38:18 openvasd: serving 127.0.0.1 root 29367 29294 0 10:08 pts/1 00:00:00 grep -i openvas root 31258 1 0 00:26 ? 00:00:00 openvasd: waiting for incoming connections # dpkg -l \*openvas\* Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Installed/Config-f/Unpacked/Failed-cfg/Half-inst/t-aWait/T-pend |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad) ||/ Name Version Description +++-=======================-=======================-============================================================== un libopenvas1 (no description available) ii libopenvas2 2.0.2-1intevation1 remote network security auditor - shared libraries un libopenvasnasl1 (no description available) ii libopenvasnasl2 2.0.1-1intevation1 OpenVAS shared libraries ii openvas-client 2.0.3-1intevation1 Remote network security auditor, the client ii openvas-plugins 1.0.6-1intevation2 OpenVAS vulnerability tests ii openvas-server 2.0.1-1intevation2 remote network security auditor - server # /etc/init.d/openvas-server stop Stopping OpenVAS daemon: openvasd. root at flare:~# ps -ef | grep openvas root 12120 1 98 Jun02 ? 7-18:45:35 openvasd: serving 127.0.0.1 root 30685 29294 0 10:16 pts/1 00:00:00 grep openvas # kill 12120 # ps -ef | grep openvas root 30687 29294 0 10:16 pts/1 00:00:00 grep openvas ---------------------------------------------------------------------- You can respond by visiting: http://wald.intevation.org/tracker/?func=detail&atid=220&aid=1028&group_id=29 From openvas-bugs at wald.intevation.org Thu Jun 11 08:16:51 2009 From: openvas-bugs at wald.intevation.org (openvas-bugs@wald.intevation.org) Date: Thu, 11 Jun 2009 08:16:51 +0200 (CEST) Subject: [Openvas-devel] =?utf-8?q?=5Bopenvas-Bugs=5D=5B1033=5D_resolv=2Eh?= =?utf-8?q?=3A_error=3A_array_type_has_incomplete_element_type?= Message-ID: <20090611061651.1352F136EB@pyrosoma.intevation.org> Bugs item #1033, was opened at 2009-06-11 00:16 Status: Open Priority: 3 Submitted By: Ryan Schmidt (ryandesign) Assigned to: Nobody (None) Summary: resolv.h: error: array type has incomplete element type Architecture: 32 Bit Resolution: None Severity: normal Version: v2.0.3 Component: openvas-libraries Operating System: MacOS X Product: OpenVAS Hardware: Macintosh URL: Initial Comment: I've recently created ports for the openvas components in MacPorts for Mac OS X users. It was fairly straightforward. openvas-libraries initially failed to build, on Mac OS X 10.4.11, with this error: /usr/bin/gcc-4.0 -pipe -I../ -DHAVE_CONFIG_H -I. -I/mp/var/macports/build/_Users_rschmidt_macports_dports_security_openvas-libraries/work/openvas-libraries-2.0.3/include -I/mp/include -I/mp/include/glib-2.0 -I/mp/lib/glib-2.0/include -I/mp/include -DHAVE_CONFIG_H -I../libopenvascommon -g -Wall -c pcap.c -fno-common -DPIC -o .libs/pcap.o In file included from pcap.c:19: /usr/include/resolv.h:189: error: array type has incomplete element type /usr/include/resolv.h:203: error: field 'addr' has incomplete type /usr/include/resolv.h:231: error: field 'sin' has incomplete type make[1]: *** [pcap.o] Error 1 make: *** [all] Error 2 I'm attaching the patch I used to work around this. I do not know if this patch will cause problems on other operating systems. ---------------------------------------------------------------------- You can respond by visiting: http://wald.intevation.org/tracker/?func=detail&atid=220&aid=1033&group_id=29 From felix.wolfsteller at intevation.de Thu Jun 11 09:28:14 2009 From: felix.wolfsteller at intevation.de (Felix Wolfsteller) Date: Thu, 11 Jun 2009 09:28:14 +0200 Subject: [Openvas-devel] Call for vote: CR #33 (Change server-side NVT cache from binary dumps to keyfiles) In-Reply-To: <200906102131.53084.Jan-Oliver.Wagner@greenbone.net> References: <200906102131.53084.Jan-Oliver.Wagner@greenbone.net> Message-ID: <200906110928.14694.felix.wolfsteller@intevation.de> +1 --felix On Wednesday 10 June 2009 21:31:52 Jan-Oliver Wagner wrote: > Hi, > > now that openvas-libraries is open of 2.1-developments, I'd > like to call for a vote on CR#33: > http://www.openvas.org/openvas-cr-33.html > > Naturally I vote +1 :-) > > Best > > Jan -- Felix Wolfsteller | ++49-541-335 08 3451 | http://www.intevation.de/ PGP Key: 39DE0100 Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From michael.wiegand at intevation.de Thu Jun 11 10:12:19 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Thu, 11 Jun 2009 10:12:19 +0200 Subject: [Openvas-devel] Call for vote: CR #33 (Change server-side NVT cache from binary dumps to keyfiles) In-Reply-To: <200906102131.53084.Jan-Oliver.Wagner@greenbone.net> References: <200906102131.53084.Jan-Oliver.Wagner@greenbone.net> Message-ID: <20090611081219.GC27642@intevation.de> * Jan-Oliver Wagner [10. Jun 2009]: > now that openvas-libraries is open of 2.1-developments, I'd > like to call for a vote on CR#33: +1 Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090611/22b9134e/attachment.pgp From mmundell at intevation.de Thu Jun 11 10:15:30 2009 From: mmundell at intevation.de (Matthew Mundell) Date: 11 Jun 2009 08:14:30 -0001 Subject: [Openvas-devel] Call for vote: CR #33 (Change server-side NVT cache from binary dumps to keyfiles) In-Reply-To: Message of Wed, 10 Jun 2009 21:31:52 +0200. <200906102131.53084.Jan-Oliver.Wagner@greenbone.net> Message-ID: <20090611081531.3FFFEDEB95@mail.ukfsn.org> +1 From mime at gmx.de Thu Jun 11 11:07:00 2009 From: mime at gmx.de (Michael Meyer) Date: Thu, 11 Jun 2009 11:07:00 +0200 Subject: [Openvas-devel] Call for vote: CR #33 (Change server-side NVT cache from binary dumps to keyfiles) In-Reply-To: <200906102131.53084.Jan-Oliver.Wagner@greenbone.net> References: <200906102131.53084.Jan-Oliver.Wagner@greenbone.net> Message-ID: <20090611090700.GB2729@komma-nix.de> *** Jan-Oliver Wagner wrote: > now that openvas-libraries is open of 2.1-developments, I'd > like to call for a vote on CR#33: > http://www.openvas.org/openvas-cr-33.html +1 Micha From bchandra at secpod.com Thu Jun 11 11:28:55 2009 From: bchandra at secpod.com (Chandrashekhar B) Date: Thu, 11 Jun 2009 14:58:55 +0530 Subject: [Openvas-devel] Call for vote: CR #33 (Change server-side NVT cachefrom binary dumps to keyfiles) In-Reply-To: <200906102131.53084.Jan-Oliver.Wagner@greenbone.net> References: <200906102131.53084.Jan-Oliver.Wagner@greenbone.net> Message-ID: <2067981947D04E80A0D56DE2C76FB28B@bchandra> +1 Chandra. -----Original Message----- From: openvas-devel-bounces at wald.intevation.org [mailto:openvas-devel-bounces at wald.intevation.org] On Behalf Of Jan-Oliver Wagner Sent: Thursday, June 11, 2009 1:02 AM To: openvas-devel at wald.intevation.org Subject: [Openvas-devel] Call for vote: CR #33 (Change server-side NVT cachefrom binary dumps to keyfiles) Hi, now that openvas-libraries is open of 2.1-developments, I'd like to call for a vote on CR#33: http://www.openvas.org/openvas-cr-33.html Naturally I vote +1 :-) Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck AG Osnabr?ck, HR B 202460 | Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-devel mailing list Openvas-devel at wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-devel From c_edjenguele at yahoo.it Thu Jun 11 13:43:52 2009 From: c_edjenguele at yahoo.it (Christian Eric EDJENGUELE) Date: Thu, 11 Jun 2009 11:43:52 +0000 (GMT) Subject: [Openvas-devel] Call for vote: CR #33 (Change server-side NVT cachefrom binary dumps to keyfiles) In-Reply-To: <2067981947D04E80A0D56DE2C76FB28B@bchandra> References: <200906102131.53084.Jan-Oliver.Wagner@greenbone.net> <2067981947D04E80A0D56DE2C76FB28B@bchandra> Message-ID: <166320.32781.qm@web28610.mail.ukl.yahoo.com> +1 --- Christian Eric Edjenguele IT Security Software Developer & Researcher / Business Developer / Enterprise Software Architect mobile (IT): +39 3408580513 > -----Original Message----- > From: openvas-devel-bounces at wald.intevation.org > [mailto:openvas-devel-bounces at wald.intevation.org] On Behalf Of Jan-Oliver > Wagner > Sent: Thursday, June 11, 2009 1:02 AM > To: openvas-devel at wald.intevation.org > Subject: [Openvas-devel] Call for vote: CR #33 (Change server-side NVT > cachefrom binary dumps to keyfiles) > > Hi, > > now that openvas-libraries is open of 2.1-developments, I'd > like to call for a vote on CR#33: > http://www.openvas.org/openvas-cr-33.html > > Naturally I vote +1 :-) > > Best > > Jan > > -- > Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ > Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck > AG Osnabr?ck, HR B 202460 | Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver > Wagner > _______________________________________________ > Openvas-devel mailing list > Openvas-devel at wald.intevation.org > http://lists.wald.intevation.org/mailman/listinfo/openvas-devel > > _______________________________________________ > Openvas-devel mailing list > Openvas-devel at wald.intevation.org > http://lists.wald.intevation.org/mailman/listinfo/openvas-devel From openvas-bugs at wald.intevation.org Thu Jun 11 11:27:16 2009 From: openvas-bugs at wald.intevation.org (openvas-bugs@wald.intevation.org) Date: Thu, 11 Jun 2009 11:27:16 +0200 (CEST) Subject: [Openvas-devel] =?utf-8?q?=5Bopenvas-Bugs=5D=5B1034=5D_openvas-se?= =?utf-8?q?rver_build_fails_because_it_doesn=27t_use_-lgcrypt?= Message-ID: <20090611092716.C1C7EF2020@pyrosoma.intevation.org> Bugs item #1034, was opened at 2009-06-11 03:27 Status: Open Priority: 3 Submitted By: Ryan Schmidt (ryandesign) Assigned to: Nobody (None) Summary: openvas-server build fails because it doesn't use -lgcrypt Architecture: 32 Bit Resolution: None Severity: normal Version: v2.0.1 Component: openvas-libraries Operating System: MacOS X Product: OpenVAS Hardware: Macintosh URL: Initial Comment: Compiling openvas-server on Mac OS X 10.4.11 I have this situation: /usr/bin/gcc-4.0 -L/mp/lib -I. -I/mp/var/macports/build/_Users_rschmidt_macports_dports_security_openvas-server/work/openvas-server-2.0.2/include -I/mp/include/glib-2.0 -I/mp/lib/glib-2.0/include -I/mp/include auth.o attack.o comm.o log.o rules.o sighand.o processes.o users.o utils.o ntp_11.o otp_1_0.o parser.o hosts.o preferences.o piic.o pluginload.o nasl_plugins.o nes_plugins.o oval_plugins.o plugs_req.o openvasd.o save_tests.o save_kb.o pluginlaunch.o locks.o plugs_hash.o pluginscheduler.o shared_socket.o -o openvasd `/mp/bin/openvas-libnasl-config --libs` `/mp/bin/libopenvas-config --libs` -ldl -L/mp/lib -lglib-2.0 -lintl -liconv /usr/libexec/gcc/i686-apple-darwin8/4.0.1/ld: warning multiple definitions of symbol _inet_aton /mp/lib/libopenvas.dylib(system.o) definition of _inet_aton /usr/lib/gcc/i686-apple-darwin8/4.0.1/../../../libdl.dylib(inet_addr.So) definition of _inet_aton /usr/libexec/gcc/i686-apple-darwin8/4.0.1/ld: warning multiple definitions of symbol _srand48 /mp/lib/libopenvas.dylib(rand.o) definition of _srand48 /usr/lib/gcc/i686-apple-darwin8/4.0.1/../../../libdl.dylib(srand48.So) definition of _srand48 /usr/libexec/gcc/i686-apple-darwin8/4.0.1/ld: warning multiple definitions of symbol _lrand48 /mp/lib/libopenvas.dylib(rand.o) definition of _lrand48 /usr/lib/gcc/i686-apple-darwin8/4.0.1/../../../libdl.dylib(lrand48.So) definition of _lrand48 /usr/libexec/gcc/i686-apple-darwin8/4.0.1/ld: Undefined symbols: _gcry_md_hash_buffer _gcry_md_close _gcry_md_open _gcry_md_read _gcry_md_write _gcry_strerror _gcry_strsource These _gcry symbols are from gcrypt, which is a dependency of gnutls which is a dependency of openvas-libraries which as you know is a dependency of openvas-libnasl which is a dependency of openvas-server. Now, it looks like this could be correct: $ libgnutls-config --libs -L/mp/lib -lgnutls -L/mp/lib -lgcrypt -lgpg-error gnutls does depend on gcrypt so it seems right that it should list -lgcrypt, and gcrypt needs gpg-error so it seems right that it should have -lgpg-error. But this looks problematic to me: $ libopenvas-config --libs -L/mp/lib -lopenvas -lopenvas_hg -lpcap -lgnutls -lresolv -ll Shouldn't it include everything "libgnutls-config --libs" shows, in particular -lgcrypt and -lgpg-error? I fixed this in MacPorts by adding "-lgcrypt" to the output of "openvas-libnasl-config --libs" but perhaps the most correct thing to do is to fix libopenvas-config so it picks up everything from libgnutls-config, and then if necessary fix openvas-libnasl-config so it picks up everything from libopenvas-config. ---------------------------------------------------------------------- You can respond by visiting: http://wald.intevation.org/tracker/?func=detail&atid=220&aid=1034&group_id=29 From Jan-Oliver.Wagner at greenbone.net Fri Jun 12 00:54:44 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Fri, 12 Jun 2009 00:54:44 +0200 Subject: [Openvas-devel] New CRs on glib upgrade and OpenSSL to GNU/TLS migration Message-ID: <200906120054.44559.Jan-Oliver.Wagner@greenbone.net> Hi, I just added two further CRs: OpenVAS Change Request #34: Upgrade OpenVAS Server dependency from glib 2.6 to glib 2.8 http://www.openvas.org/openvas-cr-34.html OpenVAS Change Request #35: OpenVAS-Client: Migrate from OpenSSL to GNU/TLS http://www.openvas.org/openvas-cr-35.html Comments are welcome. This is not yet call for a vote. Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck AG Osnabr?ck, HR B 202460 | Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner From d.jagdmann at dn-systems.de Fri Jun 12 06:13:37 2009 From: d.jagdmann at dn-systems.de (Dirk Jagdmann) Date: Thu, 11 Jun 2009 21:13:37 -0700 Subject: [Openvas-devel] New CRs on glib upgrade and OpenSSL to GNU/TLS migration In-Reply-To: <200906120054.44559.Jan-Oliver.Wagner@greenbone.net> References: <200906120054.44559.Jan-Oliver.Wagner@greenbone.net> Message-ID: <4A31D5F1.80306@dn-systems.de> > OpenVAS Change Request #34: > Upgrade OpenVAS Server dependency from glib 2.6 to glib 2.8 > http://www.openvas.org/openvas-cr-34.html If you upgrade that requirement, just have a look if 2.10 or 2.12 would offer even more functions that might be usefull compared to 2.6. I think if we change this dependency we could take a larger step ahead, because if there might be usefull new function in later releases we don't have to do this work every couple of month. I personally don't think that people will want to use new releases of OpenVAS on Linux installation more than 2 years old. As a test, we could make a poll on the mailling lists and website which OS versions people are acutally using, so we get an idea of the real world usage. (And I'm pretty sure, that with my Redhat 6.0 based system from 1999 I'm the oldest one anyway...) -- Dirk Jagdmann : Coder Tel. +49-5121-28989-15 -- DN-Systems Enterprise Internet Solutions GmbH Hornemannstr. 11 31137 Hildesheim, Germany Tel. +49-5121-28989-0 Fax. +49-5121-28989-11 Handelsregister HRB-3213 Amtsgericht Hildesheim Gesch?ftsf?hrer: Lukas Grunwald From michael.wiegand at intevation.de Fri Jun 12 10:53:06 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Fri, 12 Jun 2009 10:53:06 +0200 Subject: [Openvas-devel] New CRs on glib upgrade and OpenSSL to GNU/TLS migration In-Reply-To: <4A31D5F1.80306@dn-systems.de> References: <200906120054.44559.Jan-Oliver.Wagner@greenbone.net> <4A31D5F1.80306@dn-systems.de> Message-ID: <20090612085306.GE7507@intevation.de> * Dirk Jagdmann [12. Jun 2009]: > > OpenVAS Change Request #34: > > Upgrade OpenVAS Server dependency from glib 2.6 to glib 2.8 > > http://www.openvas.org/openvas-cr-34.html > > If you upgrade that requirement, just have a look if 2.10 or 2.12 would > offer even more functions that might be usefull compared to 2.6. I was thinking the same thing and had a look at the changes in the last few glib releases. I think the step to 2.8 already provides a great benefit since it adds quite a number of file related functions we could really use (see: http://library.gnome.org/devel/glib/2.8/ix06.html). While 2.10 or 2.12 provide interesting functionality as well, at a first glance I don't see anything we could use as directly as the file functions in 2.8 (see: http://library.gnome.org/devel/glib/2.10/ix07.html and http://library.gnome.org/devel/glib/2.12/ix08.html). But this is just my impression; what do the other developers think? Is there anything in 2.10 or 2.12 which would solve an issue we are currently having? Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090612/7f89e9b5/attachment.pgp From geoff at galitz.org Fri Jun 12 11:13:36 2009 From: geoff at galitz.org (Geoff Galitz) Date: Fri, 12 Jun 2009 11:13:36 +0200 Subject: [Openvas-devel] Call for vote: CR #33 (Change server-side NVTcache from binary dumps to keyfiles) In-Reply-To: <200906110928.14694.felix.wolfsteller@intevation.de> References: <200906102131.53084.Jan-Oliver.Wagner@greenbone.net> <200906110928.14694.felix.wolfsteller@intevation.de> Message-ID: +1 --------------------------------- Geoff Galitz Blankenheim NRW, Germany http://www.galitz.org/ http://german-way.com/blog/ From geoff at galitz.org Fri Jun 12 11:30:16 2009 From: geoff at galitz.org (Geoff Galitz) Date: Fri, 12 Jun 2009 11:30:16 +0200 Subject: [Openvas-devel] New CRs on glib upgrade and OpenSSL to GNU/TLSmigration In-Reply-To: <20090612085306.GE7507@intevation.de> References: <200906120054.44559.Jan-Oliver.Wagner@greenbone.net><4A31D5F1.80306@dn-systems.de> <20090612085306.GE7507@intevation.de> Message-ID: I'm not opposed to upgrading the glib dependency, but be aware that some *NIX distributions are slow to make such packages available to their userbase and in some cases can cause difficulties during the OS upgrade process. Some Centos users recently experienced trouble because a needed glib update was not taking place in the correct order during a large update. The fix was quite simple, but required reading the release notes... which of course people tend not to do. So... my position is: if there is a compelling need for the dependency change then we should go for it, but only if there is a real benefit. Otherwise we might get some frustrated users (I've been in that basket before). -geoff --------------------------------- Geoff Galitz Blankenheim NRW, Germany http://www.galitz.org/ http://german-way.com/blog/ > -----Original Message----- > From: openvas-devel-bounces at wald.intevation.org [mailto:openvas-devel- > bounces at wald.intevation.org] On Behalf Of Michael Wiegand > Sent: Freitag, 12. Juni 2009 10:53 > To: Dirk Jagdmann > Cc: Jan-Oliver Wagner; openvas-devel at wald.intevation.org > Subject: Re: [Openvas-devel] New CRs on glib upgrade and OpenSSL to > GNU/TLSmigration > > * Dirk Jagdmann [12. Jun 2009]: > > > OpenVAS Change Request #34: > > > Upgrade OpenVAS Server dependency from glib 2.6 to glib 2.8 > > > http://www.openvas.org/openvas-cr-34.html > > > > If you upgrade that requirement, just have a look if 2.10 or 2.12 would > > offer even more functions that might be usefull compared to 2.6. ..... From matt at mundell.ukfsn.org Fri Jun 12 11:25:01 2009 From: matt at mundell.ukfsn.org (Matthew Mundell) Date: 12 Jun 2009 09:24:01 -0001 Subject: [Openvas-devel] New CRs on glib upgrade and OpenSSL to GNU/TLS migration In-Reply-To: Message of Fri, 12 Jun 2009 10:53:06 +0200. <20090612085306.GE7507@intevation.de> Message-ID: <20090612092502.9B672DEBDD@mail.ukfsn.org> > But this is just my impression; what do the other developers think? Is > there anything in 2.10 or 2.12 which would solve an issue we are > currently having? The manager is already using g_base64_decode g_base64_encode from 2.12 as I had just presumed 2.6 was the version in Debian Etch. I've also already used at least g_file_set_contents from 2.8. From Jan-Oliver.Wagner at greenbone.net Fri Jun 12 14:06:48 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Fri, 12 Jun 2009 14:06:48 +0200 Subject: [Openvas-devel] New CRs on glib upgrade and OpenSSL to GNU/TLS migration In-Reply-To: <4A31D5F1.80306@dn-systems.de> References: <200906120054.44559.Jan-Oliver.Wagner@greenbone.net> <4A31D5F1.80306@dn-systems.de> Message-ID: <200906121406.49499.Jan-Oliver.Wagner@greenbone.net> On Freitag, 12. Juni 2009, Dirk Jagdmann wrote: > > OpenVAS Change Request #34: > > Upgrade OpenVAS Server dependency from glib 2.6 to glib 2.8 > > http://www.openvas.org/openvas-cr-34.html > > If you upgrade that requirement, just have a look if 2.10 or 2.12 would > offer even more functions that might be usefull compared to 2.6. > I think if we change this dependency we could take a larger step ahead, > because if there might be usefull new function in later releases we > don't have to do this work every couple of month. > > I personally don't think that people will want to use new releases of > OpenVAS on Linux installation more than 2 years old. As a test, we could > make a poll on the mailling lists and website which OS versions people > are acutally using, so we get an idea of the real world usage. (And I'm > pretty sure, that with my Redhat 6.0 based system from 1999 I'm the > oldest one anyway...) I think you are correct with what you say. However, I prefer to stay conservative. And if I could only name functions of 2.8 that I need, I prefer to not go beyond that. After all, it is not _that_ complicated to raise the requirements as I expect new release-series in a pretty regular intervall (1-2 per year). Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 202460 Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner From openvas-bugs at wald.intevation.org Fri Jun 12 15:56:07 2009 From: openvas-bugs at wald.intevation.org (openvas-bugs@wald.intevation.org) Date: Fri, 12 Jun 2009 15:56:07 +0200 (CEST) Subject: [Openvas-devel] =?utf-8?q?=5Bopenvas-Bugs=5D=5B1035=5D_openvas-li?= =?utf-8?q?braries_build_fails_because_it_doesn=27t_use_-lgcrypt?= Message-ID: <20090612135607.511681120BD@pyrosoma.intevation.org> Bugs item #1035, was opened at 2009-06-12 13:56 Status: Open Priority: 3 Submitted By: Stephan Kleine (bitshuffler) Assigned to: Nobody (None) Summary: openvas-libraries build fails because it doesn't use -lgcrypt Architecture: None Resolution: None Severity: None Version: v2.0.3 Component: openvas-libraries Operating System: Linux Product: OpenVAS Hardware: None URL: Initial Comment: openvas-libraries fails to compile on Debian & Ubuntu cause -lgcrypt is missing in the linking options of libopenvas/Makefile. This probably is a similar issue as #1034 The attached patch fixes it for the moment but it's merely a crude hack to get it compiled. The problem might be that "libgnutls-config --libs" on Debian just returns "-lgnutls" while on openSUSE it returns "-L/usr/lib -lgnutls -lgcrypt -lgpg-error". I'm sorry, but is it really too much to ask for that you compile that stuff before you tag it as release one time? I mean it's not really some hidden secret bug but something that fails every build on Debian based distros. Also it was my secret hope that you use OBS to test your releases before tagging (since it allows you to build your stuff for almost 20 distros / versions it should be fine if it works there). You don't even need to touch one of the "official" repos but can do that in your home as well by running 3 commands - please see http://en.opensuse.org/Build_Service/Collaboration for details. I'm sorry if I sound impolite but that's somehow frustrating. ---------------------------------------------------------------------- You can respond by visiting: http://wald.intevation.org/tracker/?func=detail&atid=220&aid=1035&group_id=29 From openvas-bugs at wald.intevation.org Fri Jun 12 16:05:24 2009 From: openvas-bugs at wald.intevation.org (openvas-bugs@wald.intevation.org) Date: Fri, 12 Jun 2009 16:05:24 +0200 (CEST) Subject: [Openvas-devel] =?utf-8?q?=5Bopenvas-Bugs=5D=5B1036=5D_XML_output?= =?utf-8?q?_is_missing_=22Scanner/Plugin_list=22?= Message-ID: <20090612140524.573ED1120C9@pyrosoma.intevation.org> Bugs item #1036, was opened at 2009-06-12 14:05 Status: Open Priority: 3 Submitted By: Luiz Casey (dink) Assigned to: Nobody (None) Summary: XML output is missing "Scanner/Plugin list" Architecture: 32 Bit Resolution: None Severity: normal Version: v2.0.3 Component: openvas-client Operating System: Linux Product: OpenVAS Hardware: Other URL: Initial Comment: When a xml report is generated, content within the tag is missing. On a nessus 2.0 xml output: Nessus TCP scanner $Revision: 1.65 $ Port scanners scanner Unknown Look for open TCP ports & services banners (C) 2004 Michel Arboi <mikhail at nessus.org> Ping the remote host $Revision: 1.42 $ Port scanners scanner None icmp/tcp pings the remote host This script is Copyright (C) 1999 Renaud Deraison Is it possible to have this generated in the openvas outputs? I am not sure if this is a bug or a feature request. Steps to reproduce: Generate a scan and have the output of a xml. ---------------------------------------------------------------------- You can respond by visiting: http://wald.intevation.org/tracker/?func=detail&atid=220&aid=1036&group_id=29 From Jan-Oliver.Wagner at greenbone.net Fri Jun 12 22:39:24 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Fri, 12 Jun 2009 22:39:24 +0200 Subject: [Openvas-devel] Call for vote: CR #33 (Change server-side NVT cache from binary dumps to keyfiles) In-Reply-To: <200906102131.53084.Jan-Oliver.Wagner@greenbone.net> References: <200906102131.53084.Jan-Oliver.Wagner@greenbone.net> Message-ID: <200906122239.24976.Jan-Oliver.Wagner@greenbone.net> On Wednesday 10 June 2009 21:31:52 Jan-Oliver Wagner wrote: > now that openvas-libraries is open of 2.1-developments, I'd > like to call for a vote on CR#33: > http://www.openvas.org/openvas-cr-33.html thanks for the vote. I just comitted the patch. So, in case you are using trunk of openvas-libraries, please watch out for possible effects. Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck AG Osnabr?ck, HR B 202460 | Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner From openvas-bugs at wald.intevation.org Fri Jun 12 22:42:24 2009 From: openvas-bugs at wald.intevation.org (openvas-bugs@wald.intevation.org) Date: Fri, 12 Jun 2009 22:42:24 +0200 (CEST) Subject: [Openvas-devel] =?utf-8?q?=5Bopenvas-Bugs=5D=5B1037=5D_Small_bug_?= =?utf-8?q?in_libopenvas/Makefile?= Message-ID: <20090612204224.3A45DD6306@pyrosoma.intevation.org> Bugs item #1037, was opened at 2009-06-12 20:42 Status: Open Priority: 3 Submitted By: Stephan Kleine (bitshuffler) Assigned to: Nobody (None) Summary: Small bug in libopenvas/Makefile Architecture: None Resolution: None Severity: None Version: v2.0.3 Component: openvas-libraries Operating System: Linux Product: OpenVAS Hardware: None URL: Initial Comment: In libopenvas/Makefile there's a $(DESTDIR) in the wrong place IMHO which gets fixed by the attached patch. ---------------------------------------------------------------------- You can respond by visiting: http://wald.intevation.org/tracker/?func=detail&atid=220&aid=1037&group_id=29 From openvas-bugs at wald.intevation.org Mon Jun 15 07:53:21 2009 From: openvas-bugs at wald.intevation.org (openvas-bugs@wald.intevation.org) Date: Mon, 15 Jun 2009 07:53:21 +0200 (CEST) Subject: [Openvas-devel] =?utf-8?q?=5Bopenvas-Bugs=5D=5B1038=5D_reduplicat?= =?utf-8?q?ion_of_serving_process_that_do_not_terminate_after_on_CL?= =?utf-8?q?I?= Message-ID: <20090615055321.4CB5213464@pyrosoma.intevation.org> Bugs item #1038, was opened at 2009-06-15 07:53 Status: Open Priority: 3 Submitted By: Markus Schr?der (msgbeep) Assigned to: Nobody (None) Summary: reduplication of serving process that do not terminate after on CLI Architecture: 32 Bit Resolution: None Severity: normal Version: v2.0.3 Component: openvas-client Operating System: other Product: OpenVAS Hardware: None URL: Initial Comment: Running OpenVAS on CLI as folloing produces the behavior: OpenVAS-Client -qx HOST_IP PORT USER PWD TARGET_FILE REPORT_FILE 2>&1> /dev/null Notice, there is no resource file given on the CLI, because I use that to get/craete an openvasrc file. It results in exact 10 serving openvasd processes that never ends and each of those processes blow near 10% of cpu. Reproducing this: Important thing is, you do not have a openvasrc file in that $HOME diractory the user you using CLI !!! ---------------------------------------------------------------------- You can respond by visiting: http://wald.intevation.org/tracker/?func=detail&atid=220&aid=1038&group_id=29 From Jan-Oliver.Wagner at greenbone.net Tue Jun 23 10:05:12 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Tue, 23 Jun 2009 10:05:12 +0200 Subject: [Openvas-devel] Call for vote for CR#36 (NASL: Remove current i18n concept) Message-ID: <200906231005.14476.Jan-Oliver.Wagner@greenbone.net> Hello, I've writte a change request on what is actually due for a long time. Lots of informal discussion happened, so I am pretty sure everyone knows about the problem. However, we should follow the formal way. Please vote/comment on OpenVAS Change Request #36: NASL: Remove current i18n concept http://www.openvas.org/openvas-cr-36.html My personal vote is of course +1. Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 202460 Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner From michael.wiegand at intevation.de Tue Jun 23 10:23:25 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Tue, 23 Jun 2009 10:23:25 +0200 Subject: [Openvas-devel] Call for vote for CR#36 (NASL: Remove current i18n concept) In-Reply-To: <200906231005.14476.Jan-Oliver.Wagner@greenbone.net> References: <200906231005.14476.Jan-Oliver.Wagner@greenbone.net> Message-ID: <20090623082325.GA9681@intevation.de> * Jan-Oliver Wagner [23. Jun 2009]: > Please vote/comment on > > OpenVAS Change Request #36: NASL: Remove current i18n concept > http://www.openvas.org/openvas-cr-36.html +1. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090623/f54fb6be/attachment.pgp From mime at gmx.de Tue Jun 23 10:38:56 2009 From: mime at gmx.de (Michael Meyer) Date: Tue, 23 Jun 2009 10:38:56 +0200 Subject: [Openvas-devel] Call for vote for CR#36 (NASL: Remove current i18n concept) In-Reply-To: <200906231005.14476.Jan-Oliver.Wagner@greenbone.net> References: <200906231005.14476.Jan-Oliver.Wagner@greenbone.net> Message-ID: <20090623083856.GA7721@komma-nix.de> *** Jan-Oliver Wagner wrote: > OpenVAS Change Request #36: NASL: Remove current i18n concept > http://www.openvas.org/openvas-cr-36.html +1 Micha From c_edjenguele at yahoo.it Tue Jun 23 10:57:46 2009 From: c_edjenguele at yahoo.it (Christian Eric EDJENGUELE) Date: Tue, 23 Jun 2009 08:57:46 +0000 (GMT) Subject: [Openvas-devel] Call for vote for CR#36 (NASL: Remove current i18n concept) In-Reply-To: <200906231005.14476.Jan-Oliver.Wagner@greenbone.net> References: <200906231005.14476.Jan-Oliver.Wagner@greenbone.net> Message-ID: <716251.21182.qm@web28602.mail.ukl.yahoo.com> +1 --- Christian Eric Edjenguele IT Security Software Developer & Researcher / Business Developer / Enterprise Software Architect mobile (IT): +39 3408580513 ----- Messaggio originale ----- > Da: Jan-Oliver Wagner > A: openvas-devel at wald.intevation.org > Inviato: Marted? 23 giugno 2009, 10:05:12 > Oggetto: [Openvas-devel] Call for vote for CR#36 (NASL: Remove current i18n concept) > > Hello, > > I've writte a change request on what is actually due for a long time. > Lots of informal discussion happened, so I am pretty sure everyone knows > about the problem. > > However, we should follow the formal way. > Please vote/comment on > > OpenVAS Change Request #36: NASL: Remove current i18n concept > http://www.openvas.org/openvas-cr-36.html > > My personal vote is of course +1. > > Best > > Jan > > -- > Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ > Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B > 202460 > Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner > _______________________________________________ > Openvas-devel mailing list > Openvas-devel at wald.intevation.org > http://lists.wald.intevation.org/mailman/listinfo/openvas-devel From bchandra at secpod.com Tue Jun 23 11:37:27 2009 From: bchandra at secpod.com (Chandrashekhar B) Date: Tue, 23 Jun 2009 15:07:27 +0530 Subject: [Openvas-devel] Call for vote for CR#36 (NASL: Remove current i18nconcept) In-Reply-To: <200906231005.14476.Jan-Oliver.Wagner@greenbone.net> References: <200906231005.14476.Jan-Oliver.Wagner@greenbone.net> Message-ID: <299EFE363D29445E8F73E5A4D9466E0A@bchandra> +1 Chandra. -----Original Message----- From: openvas-devel-bounces at wald.intevation.org [mailto:openvas-devel-bounces at wald.intevation.org] On Behalf Of Jan-Oliver Wagner Sent: Tuesday, June 23, 2009 1:35 PM To: openvas-devel at wald.intevation.org Subject: [Openvas-devel] Call for vote for CR#36 (NASL: Remove current i18nconcept) Hello, I've writte a change request on what is actually due for a long time. Lots of informal discussion happened, so I am pretty sure everyone knows about the problem. However, we should follow the formal way. Please vote/comment on OpenVAS Change Request #36: NASL: Remove current i18n concept http://www.openvas.org/openvas-cr-36.html My personal vote is of course +1. Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 202460 Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-devel mailing list Openvas-devel at wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-devel From Merlon at gmx.net Tue Jun 23 11:42:22 2009 From: Merlon at gmx.net (Merlon@gmx.net) Date: Tue, 23 Jun 2009 11:42:22 +0200 Subject: [Openvas-devel] OpenVAS Change Request #36 Message-ID: <20090623094222.200180@gmx.net> My vote for that work is +1 Markus -- GRATIS f?r alle GMX-Mitglieder: Die maxdome Movie-FLAT! Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01 From christian.edjenguele at owasp.org Tue Jun 23 11:47:41 2009 From: christian.edjenguele at owasp.org (Christian Eric Edjenguele) Date: Tue, 23 Jun 2009 11:47:41 +0200 Subject: [Openvas-devel] Using ICU as i18n solution ? In-Reply-To: <200906231005.14476.Jan-Oliver.Wagner@greenbone.net> References: <200906231005.14476.Jan-Oliver.Wagner@greenbone.net> Message-ID: <4A40A4BD.3000401@owasp.org> Jan-Oliver Wagner wrote: > Hello, > > I've writte a change request on what is actually due for a long time. > Lots of informal discussion happened, so I am pretty sure everyone knows > about the problem. > > However, we should follow the formal way. > Please vote/comment on > > OpenVAS Change Request #36: NASL: Remove current i18n concept > http://www.openvas.org/openvas-cr-36.html > > My personal vote is of course +1. > > Best > > Jan > A reliable and mature solution for i18n, could be ICU ( International Components for Unicode ). It's a set of C/C++ and Java libraries providing Unicode and Globalization support for software applications. ICU is widely portable and gives applications the same results on all platforms and between C/C++ and Java software. Below a few list of services provided by ICU: * Formatting: Format numbers, dates, times and currency amounts according the conventions of a chosen locale. This includes translating month and day names into the selected language, choosing appropriate abbreviations, ordering fields correctly, etc. This data also comes from the Common Locale Data Repository * Unicode Support: ICU closely tracks the Unicode standard, providing easy access to all of the many Unicode character properties, Unicode Normalization, Case Folding and other fundamental operations as specified by the Unicode Standard. * Regular Expression: ICU's regular expressions fully support Unicode while providing very competitive performance. * Text Boundaries: Locate the positions of words, sentences, paragraphs within a range of text, or identify locations that would be suitable for line wrapping when displaying the text. for a complete list please see the ICU user guide at: http://userguide.icu-project.org/ Demonstration are available here: http://demo.icu-project.org/icu-bin/icudemos for more information, please visit the official web site: http://site.icu-project.org/ -- Christian Eric Edjenguele IT Security Software Engineer / IT Enterprise Software Architect Mobile (IT): +39 3408580513 PGP KeyID: 0xB1654498 Key Server: http://pgp.mit.edu From openvas-bugs at wald.intevation.org Fri Jun 19 17:12:38 2009 From: openvas-bugs at wald.intevation.org (openvas-bugs@wald.intevation.org) Date: Fri, 19 Jun 2009 17:12:38 +0200 (CEST) Subject: [Openvas-devel] =?utf-8?q?=5Bopenvas-Bugs=5D=5B1044=5D_openvas-ss?= =?utf-8?q?h-client-rpm-creator=2Esh_gets_installed?= Message-ID: <20090619151238.D80C5D6307@pyrosoma.intevation.org> Bugs item #1044, was opened at 2009-06-19 15:12 Status: Open Priority: 3 Submitted By: Stephan Kleine (bitshuffler) Assigned to: Nobody (None) Summary: openvas-ssh-client-rpm-creator.sh gets installed Architecture: None Resolution: None Severity: None Version: None Component: openvas-client Operating System: Linux Product: OpenVAS Hardware: None URL: Initial Comment: Since version 2.0.4 "make install" installs /var/lib/openvas/openvas-ssh-client-rpm-creator.sh which doesn't sound right to me. ---------------------------------------------------------------------- You can respond by visiting: http://wald.intevation.org/tracker/?func=detail&atid=220&aid=1044&group_id=29 From jfs at computer.org Thu Jun 25 01:05:38 2009 From: jfs at computer.org (Javier =?iso-8859-1?Q?Fern=E1ndez-Sanguino_Pe=F1a?=) Date: Thu, 25 Jun 2009 01:05:38 +0200 Subject: [Openvas-devel] [Openvas-discuss] Discontinuing openvas-plugins tarball? In-Reply-To: <20090423081146.GB11585@intevation.de> References: <20090423081146.GB11585@intevation.de> Message-ID: <20090624230538.GB16138@javifsp.no-ip.org> On Thu, Apr 23, 2009 at 10:11:46AM +0200, Michael Wiegand wrote: > I would like your opinions regarding the following issues: > > - What would be the consequences of discontinuing the tarball release? > There should not be installations which use only the tarball and never > sync, should there? No tarball means no package in the distributions. People using a distribution (such as Debian / Ubuntu cds) with no or limited Internet access would not be able to get plugins and, consequentely, would have a mostly useless tool. > - What mechanisms should be available for users who cannot sync using > rsync due to restrictions on firewall or proxy level? Full download of the content using HTTP(s) which (typically) is something allowed through corporate proxies (even if limited through user / password). > - Should openvasd force an initial sync during installation or just > display a notice that a sync is need to use OpenVAS? It should only display a notice. Plugin updates should always be driven by administrators. My 2c, Regards Javier -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090625/1d25c005/attachment.pgp From Jan-Oliver.Wagner at greenbone.net Thu Jun 25 14:52:00 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Thu, 25 Jun 2009 14:52:00 +0200 Subject: [Openvas-devel] [Openvas-discuss] Discontinuing openvas-plugins tarball? In-Reply-To: <20090624230538.GB16138@javifsp.no-ip.org> References: <20090423081146.GB11585@intevation.de> <20090624230538.GB16138@javifsp.no-ip.org> Message-ID: <200906251452.00427.Jan-Oliver.Wagner@greenbone.net> On Thursday 25 June 2009 01:05:38 Javier Fern?ndez-Sanguino Pe?a wrote: > On Thu, Apr 23, 2009 at 10:11:46AM +0200, Michael Wiegand wrote: > > I would like your opinions regarding the following issues: > > > > - What would be the consequences of discontinuing the tarball release? > > There should not be installations which use only the tarball and never > > sync, should there? > > No tarball means no package in the distributions. People using a > distribution (such as Debian / Ubuntu cds) with no or limited Internet > access would not be able to get plugins and, consequentely, would have a > mostly useless tool. that is a good question to debate. Is a tool mostly useless if it does not scan at all or is it mostly useless with a NVT set that is out of date (thus giving only the impression of some security)? It is really not easy to answer. However, since there will be tar balls of the NVT part on a daily basis, packagers can take one and add it to the openvas-server package. Or, in the post-inst routine, the NVTs of OpenVAS are automatically dowloaded - of course only if the user wants this. IIRC, some Debian packages apply this method already. Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck AG Osnabr?ck, HR B 202460 | Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner From geoff at galitz.org Thu Jun 25 15:21:04 2009 From: geoff at galitz.org (Geoff Galitz) Date: Thu, 25 Jun 2009 15:21:04 +0200 Subject: [Openvas-devel] OpenVAS Change Request #36 In-Reply-To: <20090623094222.200180@gmx.net> References: <20090623094222.200180@gmx.net> Message-ID: <2505D9C6B2B54BB39954616B59529581@geoffPC> +1 --------------------------------- Geoff Galitz Blankenheim NRW, Germany http://www.galitz.org/ http://german-way.com/blog/ From christian.edjenguele at owasp.org Sun Jun 28 11:11:15 2009 From: christian.edjenguele at owasp.org (Christian Eric Edjenguele) Date: Sun, 28 Jun 2009 11:11:15 +0200 Subject: [Openvas-devel] OpenVAS - Nmap Integration v.0.2 Message-ID: <4A4733B3.6050405@owasp.org> I've collected some ideas about Nmap integration on OpenVAS into a document, please see the ODT attached. Comments, suggestions, questions, ... Are welcome. Best. -- Christian Eric Edjenguele IT Security Engineer PGP KeyID: 0xB1654498 -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenVAS_Nmap.odt Type: application/vnd.oasis.opendocument.text Size: 35257 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090628/e6784785/OpenVAS_Nmap-0001.bin From kost at linux.hr Sun Jun 28 22:32:00 2009 From: kost at linux.hr (Vlatko Kosturjak) Date: Sun, 28 Jun 2009 22:32:00 +0200 Subject: [Openvas-devel] OpenVAS - Nmap Integration v.0.2 In-Reply-To: <4A4733B3.6050405@owasp.org> References: <4A4733B3.6050405@owasp.org> Message-ID: <4A47D340.4020200@linux.hr> Hello Christian! Thanks on your thorough paper about nmap integration. My views on better integration with nmap are quite different. As there is on-going (google summer of code) project of converting nmap to libnmap, the best and the cleanest way to implement integration would be to wait for results of mentioned nmap project which should be done at the end of the summer. Then OpenVAS could just depend on libnmap and call nmap functions as any other C/C++ library (simple and clean). Here's the URL of Nmap project: http://socghop.appspot.com/org/home/google/gsoc2009/nmap Take a look at this bit: http://socghop.appspot.com/student_project/show/google/gsoc2009/nmap/t124022830366 As I'm watching this very closely, I'll let you know about the progress. Kost Christian Eric Edjenguele wrote: > I've collected some ideas about Nmap integration on OpenVAS into a > document, please see the ODT attached. > Comments, suggestions, questions, ... Are welcome. > > Best. > > > ------------------------------------------------------------------------ > > _______________________________________________ > Openvas-devel mailing list > Openvas-devel at wald.intevation.org > http://lists.wald.intevation.org/mailman/listinfo/openvas-devel From christian.edjenguele at owasp.org Sun Jun 28 22:52:23 2009 From: christian.edjenguele at owasp.org (Christian Eric Edjenguele) Date: Sun, 28 Jun 2009 22:52:23 +0200 Subject: [Openvas-devel] OpenVAS - Nmap Integration v.0.2 In-Reply-To: <4A47D340.4020200@linux.hr> References: <4A4733B3.6050405@owasp.org> <4A47D340.4020200@linux.hr> Message-ID: <4A47D807.6070006@owasp.org> Very interesting, the only inconvenient is the implementation effort :) otherwise,using nmap as a library might be a much more flexible and clean solution. Thanks, and let me know about the progress, I'm interested on that. Best. Vlatko Kosturjak wrote: > Hello Christian! > > Thanks on your thorough paper about nmap integration. My views on better > integration with nmap are quite different. As there is on-going (google > summer of code) project of converting nmap to libnmap, the best and the > cleanest way to implement integration would be to wait for results of > mentioned nmap project which should be done at the end of the summer. > Then OpenVAS could just depend on libnmap and call nmap functions as any > other C/C++ library (simple and clean). > > Here's the URL of Nmap project: > http://socghop.appspot.com/org/home/google/gsoc2009/nmap > Take a look at this bit: > http://socghop.appspot.com/student_project/show/google/gsoc2009/nmap/t124022830366 > > As I'm watching this very closely, I'll let you know about the progress. > > Kost > > Christian Eric Edjenguele wrote: >> I've collected some ideas about Nmap integration on OpenVAS into a >> document, please see the ODT attached. >> Comments, suggestions, questions, ... Are welcome. >> >> Best. >> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Openvas-devel mailing list >> Openvas-devel at wald.intevation.org >> http://lists.wald.intevation.org/mailman/listinfo/openvas-devel -- Christian Eric Edjenguele IT Security Engineer PGP KeyID: 0xB1654498 From felix.wolfsteller at intevation.de Mon Jun 29 11:01:10 2009 From: felix.wolfsteller at intevation.de (Felix Wolfsteller) Date: Mon, 29 Jun 2009 11:01:10 +0200 Subject: [Openvas-devel] OpenVAS - Nmap Integration v.0.2 In-Reply-To: <4A47D807.6070006@owasp.org> References: <4A4733B3.6050405@owasp.org> <4A47D340.4020200@linux.hr> <4A47D807.6070006@owasp.org> Message-ID: <200906291101.11103.felix.wolfsteller@intevation.de> If you want to be most up to date you can submit to nmap-dev, or look for Josh Marlows weekly status reports. (e.g. at http://seclists.org/nmap-dev/2009/q2/index.html ) -- Felix On Sunday 28 June 2009 22:52:23 Christian Eric Edjenguele wrote: > Very interesting, the only inconvenient is the implementation effort :) > otherwise,using nmap as a library might be a much more flexible and > clean solution. > Thanks, and let me know about the progress, I'm interested on that. > > Best. > > Vlatko Kosturjak wrote: > > Hello Christian! > > > > Thanks on your thorough paper about nmap integration. My views on better > > integration with nmap are quite different. As there is on-going (google > > summer of code) project of converting nmap to libnmap, the best and the > > cleanest way to implement integration would be to wait for results of > > mentioned nmap project which should be done at the end of the summer. > > Then OpenVAS could just depend on libnmap and call nmap functions as any > > other C/C++ library (simple and clean). > > > > Here's the URL of Nmap project: > > http://socghop.appspot.com/org/home/google/gsoc2009/nmap > > Take a look at this bit: > > http://socghop.appspot.com/student_project/show/google/gsoc2009/nmap/t124 > >022830366 > > > > As I'm watching this very closely, I'll let you know about the progress. > > > > Kost > > > > Christian Eric Edjenguele wrote: > >> I've collected some ideas about Nmap integration on OpenVAS into a > >> document, please see the ODT attached. > >> Comments, suggestions, questions, ... Are welcome. > >> > >> Best. > >> > >> > >> ------------------------------------------------------------------------ > >> > >> _______________________________________________ > >> Openvas-devel mailing list > >> Openvas-devel at wald.intevation.org > >> http://lists.wald.intevation.org/mailman/listinfo/openvas-devel -- Felix Wolfsteller | ++49-541-335 08 3451 | http://www.intevation.de/ PGP Key: 39DE0100 Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From d.jagdmann at dn-systems.de Tue Jun 30 19:35:43 2009 From: d.jagdmann at dn-systems.de (Dirk Jagdmann) Date: Tue, 30 Jun 2009 10:35:43 -0700 Subject: [Openvas-devel] OpenVAS - Nmap Integration v.0.2 In-Reply-To: <4A4733B3.6050405@owasp.org> References: <4A4733B3.6050405@owasp.org> Message-ID: <4A4A4CEF.5010202@dn-systems.de> Christian Eric Edjenguele wrote: > I've collected some ideas about Nmap integration on OpenVAS into a > document, please see the ODT attached. > Comments, suggestions, questions, ... Are welcome. Probably a libnmap as suggested by Vlatko would be the best way to integrate nmap into OpenVAS. However that project may fail, so we could maybe work on using the nmap executable directly as you proposed. However when you do so, don't do "Windows-Style"-Development and create useless temporary files, but rather use the strength of the UN*X pipes and redirect your file handles so you can read directly from the STDOUT of nmap. This will "automatically" make use of two processes (or more, if you call multiple nmap), so you can scale out so much easier. -- Dirk Jagdmann : Coder Tel. +49-5121-28989-15 -- DN-Systems Enterprise Internet Solutions GmbH Hornemannstr. 11 31137 Hildesheim, Germany Tel. +49-5121-28989-0 Fax. +49-5121-28989-11 Handelsregister HRB-3213 Amtsgericht Hildesheim Gesch?ftsf?hrer: Lukas Grunwald From openvas-bugs at wald.intevation.org Tue Jun 30 18:21:39 2009 From: openvas-bugs at wald.intevation.org (openvas-bugs@wald.intevation.org) Date: Tue, 30 Jun 2009 18:21:39 +0200 (CEST) Subject: [Openvas-devel] =?utf-8?q?=5Bopenvas-Bugs=5D=5B1051=5D_prefs=5Fco?= =?utf-8?q?ntext=2Ec=3A382=3A_error=3A_format_not_a_string_literal_?= =?utf-8?q?and_no_format_arguments?= Message-ID: <20090630162139.5B6F27A16F@pyrosoma.intevation.org> Bugs item #1051, was opened at 2009-06-30 16:21 Status: Open Priority: 3 Submitted By: Stephan Kleine (bitshuffler) Assigned to: Nobody (None) Summary: prefs_context.c:382: error: format not a string literal and no format arguments Architecture: None Resolution: None Severity: None Version: None Component: openvas-client Operating System: Linux Product: OpenVAS Hardware: None URL: Initial Comment: openvas-client fails to compile on Mandriva 2009.1 with: i586-mandriva-linux-gnu-gcc -O2 -g -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -fomit-frame-pointer -march=i586 -mtune=generic -fasynchronous-unwind-tables -Wall `sh ./cflags` -c prefs_dialog/prefs_comment.c i586-mandriva-linux-gnu-gcc -O2 -g -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -fomit-frame-pointer -march=i586 -mtune=generic -fasynchronous-unwind-tables -Wall `sh ./cflags` -c prefs_dialog/prefs_context.c prefs_dialog/prefs_context.c: In function 'prefs_context_update': prefs_dialog/prefs_context.c:382: error: format not a string literal and no format arguments make[1]: *** [prefs_context.o] Error 1 make[1]: Leaving directory `/home/abuild/rpmbuild/BUILD/openvas-client-2.0.4/nessus' make: *** [client] Error 2 Complete build log is attached. ---------------------------------------------------------------------- You can respond by visiting: http://wald.intevation.org/tracker/?func=detail&atid=220&aid=1051&group_id=29 From openvas-bugs at wald.intevation.org Tue Jun 30 18:24:36 2009 From: openvas-bugs at wald.intevation.org (openvas-bugs@wald.intevation.org) Date: Tue, 30 Jun 2009 18:24:36 +0200 (CEST) Subject: [Openvas-devel] =?utf-8?q?=5Bopenvas-Bugs=5D=5B1052=5D_Libtools_s?= =?utf-8?q?tuff_incompatible_with_Mandriva_2009=2E1?= Message-ID: <20090630162436.A14977A16F@pyrosoma.intevation.org> Bugs item #1052, was opened at 2009-06-30 16:24 Status: Open Priority: 3 Submitted By: Stephan Kleine (bitshuffler) Assigned to: Nobody (None) Summary: Libtools stuff incompatible with Mandriva 2009.1 Architecture: None Resolution: None Severity: None Version: None Component: openvas-libraries Operating System: Linux Product: OpenVAS Hardware: None URL: Initial Comment: Compilation of openvas-libraries on Mandriva 2009.1 fails with + /usr/bin/make cd libopenvas && /usr/bin/make make[1]: Entering directory `/home/abuild/rpmbuild/BUILD/openvas-libraries-2.0.3/libopenvas' /bin/sh /home/abuild/rpmbuild/BUILD/openvas-libraries-2.0.3/libtool --mode=compile i586-mandriva-linux-gnu-gcc -pipe -I../ -DHAVE_CONFIG_H -I. -I/home/abuild/rpmbuild/BUILD/openvas-libraries-2.0.3/include -I/usr/include -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -DHAVE_CONFIG_H -I../libopenvascommon -O2 -g -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -fomit-frame-pointer -march=i586 -mtune=generic -fasynchronous-unwind-tables -g -Wall -c plugutils.c /home/abuild/rpmbuild/BUILD/openvas-libraries-2.0.3/libtool: line 466: CDPATH: command not found /home/abuild/rpmbuild/BUILD/openvas-libraries-2.0.3/libtool: line 1144: func_opt_split: command not found libtool: Version mismatch error. This is libtool 2.2.6, but the libtool: definition of this LT_INIT comes from an older release. libtool: You should recreate aclocal.m4 with macros from libtool 2.2.6 libtool: and run autoconf again. make[1]: *** [plugutils.o] Error 63 make[1]: Leaving directory `/home/abuild/rpmbuild/BUILD/openvas-libraries-2.0.3/libopenvas' make: *** [all] Error 2 error: Bad exit status from /var/tmp/rpm-tmp.VV8OKP (%build) Full build log is attached. ---------------------------------------------------------------------- You can respond by visiting: http://wald.intevation.org/tracker/?func=detail&atid=220&aid=1052&group_id=29