From michael.wiegand at intevation.de Mon Dec 1 12:47:05 2008 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Mon, 1 Dec 2008 12:47:05 +0100 Subject: [Openvas-distro] Planning openvas-plugins 1.0.5 release Message-ID: <20081201114705.GA20725@intevation.de> Hello, there has been quite an amount of changes to openvas-plugins since the release of 1.0.4 in October, including improvements in the build environment, 64-bit cleanliness, a large number of new NVTs and updated packaging for Debian. Because of this and to synchronize this package with the SVN ahead of the upcoming 2.0 release of OpenVAS, I'd like to release openvas-plugins 1.0.5 on Wednesday, December 3rd. Please contact me if you have any issues with this plan; if you are planning on packaging openvas-plugins for a distribution, please let me know if there is anything that should be done before the release to make the inclusion of OpenVAS into the distribution of your choice easier. Thank you! Regards, Michael -- Michael Wiegand | OpenPGP key: D7D049EC | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From bitdealer at gmail.com Sat Dec 6 09:54:34 2008 From: bitdealer at gmail.com (Stephan Kleine) Date: Sat, 6 Dec 2008 09:54:34 +0100 Subject: [Openvas-distro] Feedback for RC1 Message-ID: Hello. In RC1 the -g flag is correctly added to the compilation flags in openvas-client. Thanks for this. Openvas-libraries still has the same flaws: the library files are still incorrectly named without explicitly calling "libtoolize --force" and using that lets the build fail on openSUSE 11.1 & Factory (without that it builds but the files are incorrectly named). Openvas-libnasl still doesn't build with "--disable-static" as configure option (same error as on beta2). Logs can be found at https://build.opensuse.org/project/show?project=home%3Abitshuffler%3Aopenvas%3Aunstable and packages at http://download.opensuse.org/repositories/home:/bitshuffler:/openvas:/unstable/ . IMHO a release candidate not only consists of functionality but should also imply that the code can be build without any stunts in the .spec files, which is currently not the case. Therefore it would be great if you could fix the above for RC2. best regards Stephan PS: There are now Fedora 10 packages for stable & unstable as well. From michael.wiegand at intevation.de Mon Dec 8 16:15:19 2008 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Mon, 8 Dec 2008 16:15:19 +0100 Subject: [Openvas-distro] Feedback for RC1 In-Reply-To: References: Message-ID: <20081208151519.GD11603@intevation.de> * Stephan Kleine [ 6. Dec 2008]: > Hello. > > In RC1 the -g flag is correctly added to the compilation flags in > openvas-client. Thanks for this. > > Openvas-libraries still has the same flaws: the library files are > still incorrectly named without explicitly calling "libtoolize > --force" and using that lets the build fail on openSUSE 11.1 & Factory > (without that it builds but the files are incorrectly named). > > Openvas-libnasl still doesn't build with "--disable-static" as > configure option (same error as on beta2). > > IMHO a release candidate not only consists of functionality but should > also imply that the code can be build without any stunts in the .spec > files, which is currently not the case. Therefore it would be great if > you could fix the above for RC2. Stephan, thank you for your feedback! I agree that this situation is unfortunate. I have looked into this issue and I think this is mainly caused by the way the OpenVAS build system is set up at the moment. As far as I understand your mail, these issues do not break functionality, but rather force more or less ugly workarounds, correct? Unfortunately, I have neither the time nor the experience right now to propose a good solution to this problem, so I really would appreciate any patches or suggestions as to how this issue could be solved. I'm crossposting this to -devel, there are probably some folks more knowledgeable regarding the build process than myself. Regards, Michael -- Michael Wiegand | OpenPGP key: D7D049EC | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From michael.wiegand at intevation.de Wed Dec 10 15:53:55 2008 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Wed, 10 Dec 2008 15:53:55 +0100 Subject: [Openvas-distro] Planning OpenVAS 2.0.0 Message-ID: <20081210145355.GH22004@intevation.de> Hello, I would like to schedule the release of the "real" 2.0.0 for Wednesday, December 17th. The feedback we have received for the 2.0-rc1 release was (mostly) positive and I think OpenVAS is now ready for prime time, just in time for the holidays. :) This release affects openvas-libraries, openvas-libnasl, openvas-server and openvas-client. Not affected are openvas-plugins and openvas-compendium. Please report any bugs which you think need to be fixed before 2.0.0 to the OpenVAS bug tracker at http://bugs.openvas.org/ and let me know if you have problems with the proposed schedule. Translators, Distro Packagers: Please make sure you contributions are in the SVN repository at least one day before the release so we can include the in 2.0.0. Many thanks once again to everybody who has contributed on the way to 2.0. Feel free to contact me if you have any questions or suggestions. Regards, Michael -- Michael Wiegand | OpenPGP key: D7D049EC | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From waja at cyconet.org Sun Dec 14 13:07:32 2008 From: waja at cyconet.org (Jan Wagner) Date: Sun, 14 Dec 2008 13:07:32 +0100 Subject: [Openvas-distro] Fwd: [Openvas-distro-deb] openvas-plugins_1.0.4-1_i386.changes REJECTED Message-ID: <200812141307.38469.waja@cyconet.org> He guys ... maybe you want to have a look into it! :) ---------- Forwarded Message ---------- Subject: [Openvas-distro-deb] openvas-plugins_1.0.4-1_i386.changes REJECTED Date: Sunday 14 December 2008 11:14 From: Thomas Viehmann To: Joey Schulze , Debian OpenVAS Maintainers Cc: Debian Installer Hi Joey, unfortunately openvas-plugins package seems to need some major work auditing copyrights and licenses for each and every file. Most likely upstream wants to look into what the ship, "THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF" ... might not align with their free software ideas, either. If you have influence on upstream, I'd also recommend bookkepping of GPL2 vs. GPL2+ vs. Same as Perl vs. GPL3 licenses. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-distro/attachments/20081214/d13d2c02/attachment.pgp From jan-oliver.wagner at intevation.de Sun Dec 14 22:49:13 2008 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Sun, 14 Dec 2008 22:49:13 +0100 Subject: [Openvas-distro] Fwd: [Openvas-distro-deb] openvas-plugins_1.0.4-1_i386.changes REJECTED In-Reply-To: <200812141307.38469.waja@cyconet.org> References: <200812141307.38469.waja@cyconet.org> Message-ID: <200812142249.13623.> On Sunday 14 December 2008 13:07:32 Jan Wagner wrote: > He guys ... maybe you want to have a look into it! :) 3 lines below the stange "PRORIETARY" line the file (plugins/objectserver/objectserver.c) says: " /* The contents of this file may be disclosed to third */ /* parties, copied and duplicated in any form, in whole */ /* or in part, without the prior written consent of LSD. */ " and later on #define COPYRIGHT "Original code by LSD. Modified by Renaud Deraison" The plugin is about some IRIX object server, CVE-2000-0245. Should we simply remove this plugin? Yes, we try book keeping of Licenses. We won't be able to make situation perfect in short time though. Are we hence out of business with Debian? Best Jan > > ---------- Forwarded Message ---------- > > Subject: [Openvas-distro-deb] openvas-plugins_1.0.4-1_i386.changes REJECTED > Date: Sunday 14 December 2008 11:14 > From: Thomas Viehmann > To: Joey Schulze , Debian OpenVAS Maintainers > > Cc: Debian Installer > > Hi Joey, > > unfortunately openvas-plugins package seems to need some major > work auditing copyrights and licenses for each and every file. > Most likely upstream wants to look into what the ship, > "THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF" ... > might not align with their free software ideas, either. > If you have influence on upstream, I'd also recommend > bookkepping of GPL2 vs. GPL2+ vs. Same as Perl vs. GPL3 > licenses. From bchandra at secpod.com Mon Dec 15 14:20:22 2008 From: bchandra at secpod.com (Chandrashekhar B) Date: Mon, 15 Dec 2008 18:50:22 +0530 Subject: [Openvas-distro] Fwd: [Openvas-distro-deb]openvas-plugins_1.0.4-1_i386.changes REJECTED In-Reply-To: <200812142249.13623.> References: <200812141307.38469.waja@cyconet.org> <200812142249.13623.> Message-ID: <3CC9D1472F1B4C84B615F37640FFC3E3@bchandra> It is a very old vulnerability; I think we can remove that. Chandra. -----Original Message----- From: openvas-distro-bounces at wald.intevation.org [mailto:openvas-distro-bounces at wald.intevation.org] On Behalf Of Jan-Oliver Wagner Sent: Monday, December 15, 2008 3:19 AM To: openvas-distro at wald.intevation.org Subject: Re: [Openvas-distro] Fwd: [Openvas-distro-deb]openvas-plugins_1.0.4-1_i386.changes REJECTED On Sunday 14 December 2008 13:07:32 Jan Wagner wrote: > He guys ... maybe you want to have a look into it! :) 3 lines below the stange "PRORIETARY" line the file (plugins/objectserver/objectserver.c) says: " /* The contents of this file may be disclosed to third */ /* parties, copied and duplicated in any form, in whole */ /* or in part, without the prior written consent of LSD. */ " and later on #define COPYRIGHT "Original code by LSD. Modified by Renaud Deraison" The plugin is about some IRIX object server, CVE-2000-0245. Should we simply remove this plugin? Yes, we try book keeping of Licenses. We won't be able to make situation perfect in short time though. Are we hence out of business with Debian? Best Jan > > ---------- Forwarded Message ---------- > > Subject: [Openvas-distro-deb] openvas-plugins_1.0.4-1_i386.changes REJECTED > Date: Sunday 14 December 2008 11:14 > From: Thomas Viehmann > To: Joey Schulze , Debian OpenVAS Maintainers > > Cc: Debian Installer > > Hi Joey, > > unfortunately openvas-plugins package seems to need some major > work auditing copyrights and licenses for each and every file. > Most likely upstream wants to look into what the ship, > "THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF" ... > might not align with their free software ideas, either. > If you have influence on upstream, I'd also recommend > bookkepping of GPL2 vs. GPL2+ vs. Same as Perl vs. GPL3 > licenses. _______________________________________________ Openvas-distro mailing list Openvas-distro at wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-distro From michael.wiegand at intevation.de Mon Dec 15 14:41:49 2008 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Mon, 15 Dec 2008 14:41:49 +0100 Subject: [Openvas-distro] objectserver.c In-Reply-To: <3CC9D1472F1B4C84B615F37640FFC3E3@bchandra> References: <200812141307.38469.waja@cyconet.org> <3CC9D1472F1B4C84B615F37640FFC3E3@bchandra> Message-ID: <20081215134149.GA12551@intevation.de> * Chandrashekhar B [15. Dec 2008]: > > It is a very old vulnerability; I think we can remove that. Adding to this is the fact that objectserver.c is one of the disabled plugins, it returns -1 on plugin_init(). This means it will not load under any circumstances and has been this way since the start of the OpenVAS SVN repository. Afaict the last IRIX version affected by this vulnerability is 6.2 which is not supported anymore. So this vulnerability is indeed very old (it was discovered in 2000) and could safely be retired IMHO. Regards, Michael -- Michael Wiegand | OpenPGP key: D7D049EC | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From bitdealer at gmail.com Mon Dec 15 14:52:41 2008 From: bitdealer at gmail.com (Stephan Kleine) Date: Mon, 15 Dec 2008 14:52:41 +0100 Subject: [Openvas-distro] Feedback for RC1 In-Reply-To: <20081208151519.GD11603@intevation.de> References: <20081208151519.GD11603@intevation.de> Message-ID: > As far as I understand your mail, these issues do not break > functionality, but rather force more or less ugly workarounds, correct? I don't know if it breaks functionality (my guess it doesn't since it builds with said workarounds) but my point simply is that you are currently abusing your build system (as in using it somehow wrong) which normally is a sure way to make it blow up right in your face one the next most unfavourable occasion. > Unfortunately, I have neither the time nor the experience right now to > propose a good solution to this problem, so Neither do I, but since it worked just fine for earlier (1.x) releases it has to be some change you introduced since then. And, since you need only log2(#of commits) - e.g. 1024 commits for -libraries since the latest 1.x release woud require you to check only 10 different revisions - it shouldn't take long to narrow it down to one patchset that broke it. IMHO you better invest that time now instead of having to do it after it completely broke. Besides that, the only thing I noticed is that for some reason appending "-I../libopenvas" to libtool's / gcc's parameters does erase the $CFLAGS variable. Perhaps this helps somehow. regards Stephan From bitdealer at gmail.com Thu Dec 18 13:29:02 2008 From: bitdealer at gmail.com (Stephan Kleine) Date: Thu, 18 Dec 2008 13:29:02 +0100 Subject: [Openvas-distro] Feedback for 2.0.0 Message-ID: Hello. Bellow are the issues I had with the 2.0.0 packages (builds for all distros aren't finished yet so perhaps there comes more): 1. openvas-libnasl still doesn't work with configure --disable-static (same error / problem as in other beta / rc releases) 2. openvas-server doesn't respect $CFLAGS - patch to fix this is attached but I'm not sure if that is the correct solution so please review it. 3. openvas-client fails with "error while opening "src/gui/ssh_key_info_dialog.c" for reading: No such file or directory" because the file isn't in the archive. Full build log is available at http://rafb.net/p/bLPcpP34.html The libtools trouble in openvas-libraries apparently is fixed. Thanks for that :) regards, Stephan -------------- next part -------------- A non-text attachment was scrubbed... Name: openvas-server-CFLAGS-2.0.0.patch Type: text/x-patch Size: 561 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-distro/attachments/20081218/6f79bf11/openvas-server-CFLAGS-2.0.0.bin From timb at nth-dimension.org.uk Thu Dec 18 13:52:03 2008 From: timb at nth-dimension.org.uk (Tim Brown) Date: Thu, 18 Dec 2008 12:52:03 +0000 Subject: [Openvas-distro] Feedback for 2.0.0 In-Reply-To: References: Message-ID: <200812181252.04295.timb@nth-dimension.org.uk> On Thursday 18 December 2008 12:29:02 Stephan Kleine wrote: > Hello. > > Bellow are the issues I had with the 2.0.0 packages (builds for all > distros aren't finished yet so perhaps there comes more): > > 1. openvas-libnasl still doesn't work with configure --disable-static > (same error / problem as in other beta / rc releases) *scratches head* Has a bug been opened for it? > 2. openvas-server doesn't respect $CFLAGS - patch to fix this is > attached but I'm not sure if that is the correct solution so please > review it. Commited. > 3. openvas-client fails with "error while opening > "src/gui/ssh_key_info_dialog.c" for reading: No such file or > directory" because the file isn't in the archive. Full build log is > available at http://rafb.net/p/bLPcpP34.html Michael beat me to fix this in trunk :(. > The libtools trouble in openvas-libraries apparently is fixed. Thanks > for that :) Excellent news! Tim -- Tim Brown From michael.wiegand at intevation.de Thu Dec 18 13:57:47 2008 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Thu, 18 Dec 2008 13:57:47 +0100 Subject: [Openvas-distro] Feedback for 2.0.0 In-Reply-To: References: Message-ID: <20081218125747.GC13612@intevation.de> * Stephan Kleine [18. Dec 2008]: > 1. openvas-libnasl still doesn't work with configure --disable-static > (same error / problem as in other beta / rc releases) I was hoping this was a libtool issue as well, guess not. I will look into that if time permits. > 2. openvas-server doesn't respect $CFLAGS - patch to fix this is > attached but I'm not sure if that is the correct solution so please > review it. Fixed. > 3. openvas-client fails with "error while opening > "src/gui/ssh_key_info_dialog.c" for reading: No such file or > directory" because the file isn't in the archive. Full build log is > available at http://rafb.net/p/bLPcpP34.html Fixed. > The libtools trouble in openvas-libraries apparently is fixed. Thanks > for that :) Well, at least something. Thank you for your contributions, keep on bug hunting! :) Regards, Michael -- Michael Wiegand | OpenPGP key: D7D049EC | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From spage at cgsinc.ca Thu Dec 18 15:15:50 2008 From: spage at cgsinc.ca (Scott Page) Date: Thu, 18 Dec 2008 10:15:50 -0400 Subject: [Openvas-distro] openvas-client rpm build Message-ID: <494A5B16.4070404@cgsinc.ca> Hi As i was attempting to build a client rpm i discovered that the POTFILES contained src/gui/ssh_key_info_dialog.c which does not exist. I changed it to read src/gui/ssh_key_info_form.c and the rpm seems to build and run fine. Scott Page From michael.wiegand at intevation.de Thu Dec 18 15:18:06 2008 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Thu, 18 Dec 2008 15:18:06 +0100 Subject: [Openvas-distro] openvas-client rpm build In-Reply-To: <494A5B16.4070404@cgsinc.ca> References: <494A5B16.4070404@cgsinc.ca> Message-ID: <20081218141806.GE13612@intevation.de> * Scott Page [18. Dec 2008]: > Hi > > As i was attempting to build a client rpm i discovered that the > POTFILES contained src/gui/ssh_key_info_dialog.c which does not exist. I > changed it to read src/gui/ssh_key_info_form.c and the rpm seems to > build and run fine. Thank you for spotting this. This bug has been fixed already, the bugfix will be included in openvas-client 2.0.1 scheduled for release tomorrow. Regards, Michael -- Michael Wiegand | OpenPGP key: D7D049EC | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From spage at cgsinc.ca Thu Dec 18 15:18:21 2008 From: spage at cgsinc.ca (Scott Page) Date: Thu, 18 Dec 2008 10:18:21 -0400 Subject: [Openvas-distro] openvas-client rpm build In-Reply-To: <494A5B16.4070404@cgsinc.ca> References: <494A5B16.4070404@cgsinc.ca> Message-ID: <494A5BAD.2060101@cgsinc.ca> Hi All Opps. Sorry for the redundant post. Stephan Kleine seems/ /to have beat me to it. On 12/18/2008 10:15 AM, Scott Page wrote: > Hi > > As i was attempting to build a client rpm i discovered that the > POTFILES contained src/gui/ssh_key_info_dialog.c which does not exist. > I changed it to read src/gui/ssh_key_info_form.c and the rpm seems to > build and run fine. > > Scott Page > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.wald.intevation.org/pipermail/openvas-distro/attachments/20081218/cbe3cb55/attachment.htm From bitdealer at gmail.com Thu Dec 18 20:11:29 2008 From: bitdealer at gmail.com (Stephan Kleine) Date: Thu, 18 Dec 2008 20:11:29 +0100 Subject: [Openvas-distro] More fun with openvas-libraries Message-ID: Looking over the logfile for the openvas-libraries builds I noticed that it gets actually build 3 time: 1. upon calling make which is as it should be 2. upon calling make install in the global makefile since the install target depends on the compile target 3. by the make install targets in libopenvas & libopenvas_hg since those also depend on the compile target Also $CFLAGS is only respected / used during the first run but not in the later ones. See http://rafb.net/p/Z6ItFO80.html for the full build log. E.g. plugutils.c gets build in line 677, 825 and 954. The only time my additional $CFLAGS are used is #677. Attached is a patch that removes the dependency on the compile targets for the install targets in the main Makefile as well as in the ones in libopenvas & libopenvas_hg. AFAIK it does what it is supposed to do (as in stuff gets compiled with $CFLAGS and only one time) but e.g. calling "make install" wont trigger any compilation anymore so one has to manually run "make" first (which is what I would expect in the first place). Please review it and apply it to trunk if the solution is correct. regards, Stephan -------------- next part -------------- A non-text attachment was scrubbed... Name: openvas-libraries-Makefile-2.0.0.patch Type: text/x-patch Size: 1841 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-distro/attachments/20081218/f34684e0/openvas-libraries-Makefile-2.0.0.bin From michael.wiegand at intevation.de Fri Dec 19 16:03:19 2008 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Fri, 19 Dec 2008 16:03:19 +0100 Subject: [Openvas-distro] Feedback for 2.0.0 In-Reply-To: References: Message-ID: <20081219150319.GG16832@intevation.de> * Stephan Kleine [18. Dec 2008]: > 1. openvas-libnasl still doesn't work with configure --disable-static > (same error / problem as in other beta / rc releases) I think I might have found a solution. Could you apply the attached patch to openvas-libnasl and let me know if it works? Thanks! Regards, Michael -- Michael Wiegand | OpenPGP key: D7D049EC | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: disable-static.patch Type: text/x-diff Size: 516 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-distro/attachments/20081219/91259b25/disable-static.bin From bitdealer at gmail.com Fri Dec 19 18:33:45 2008 From: bitdealer at gmail.com (Stephan Kleine) Date: Fri, 19 Dec 2008 18:33:45 +0100 Subject: [Openvas-distro] Feedback for 2.0.0 In-Reply-To: <20081219150319.GG16832@intevation.de> References: <20081219150319.GG16832@intevation.de> Message-ID: > I think I might have found a solution. Could you apply the attached > patch to openvas-libnasl and let me know if it works? Thanks! Thanks, that fix did it :) From bitdealer at gmail.com Mon Dec 22 13:56:22 2008 From: bitdealer at gmail.com (Stephan Kleine) Date: Mon, 22 Dec 2008 13:56:22 +0100 Subject: [Openvas-distro] Repository location changed Message-ID: Hello. I finally moved the repository out of my home to its new location: http://download.opensuse.org/repositories/security:/openvas:/ so you perhaps want to update the links. It contains full builds for * Fedora 8, 9, 10 * Mandriva 2007, 2008 (2009 will come when the chroot is fixed) * openSUSE 10.2, 10.3, 11.0, 11.1 & Factory Only the client gets build for CentOS 5, RHEL 5, SLE 10. The server can't be build because those either don't have gpgme (RHEL & CentOS) or an older version (1.0.3 is in SLE 10 iirc). SLE 9 & RHEL 4 only have glib2 2.2 & 2.4 iirc so nothing can be build for them. Is there any chance you get rid of the gpgme requirement in -libnasl so it probably / perhaps / hopefully could be build for CentOS, SLE & RHEL as well? regards, Stephan From michael.wiegand at intevation.de Mon Dec 22 14:12:22 2008 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Mon, 22 Dec 2008 14:12:22 +0100 Subject: [Openvas-distro] Repository location changed In-Reply-To: References: Message-ID: <20081222131221.GB5295@intevation.de> * Stephan Kleine [22. Dec 2008]: > Hello. > > I finally moved the repository out of my home to its new location: > > http://download.opensuse.org/repositories/security:/openvas:/ > Those replace http://download.opensuse.org/repositories/home:/bitshuffler:/openvas/ , correct? > so you perhaps want to update the links. Sure thing. > It contains full builds for > > * Fedora 8, 9, 10 > * Mandriva 2007, 2008 (2009 will come when the chroot is fixed) > * openSUSE 10.2, 10.3, 11.0, 11.1 & Factory Thanks a lot! > Only the client gets build for CentOS 5, RHEL 5, SLE 10. The server > can't be build because those either don't have gpgme (RHEL & CentOS) > or an older version (1.0.3 is in SLE 10 iirc). > > SLE 9 & RHEL 4 only have glib2 2.2 & 2.4 iirc so nothing can be build for them. > > Is there any chance you get rid of the gpgme requirement in -libnasl > so it probably / perhaps / hopefully could be build for CentOS, SLE & > RHEL as well? We use gpgme for the NASL signatures; a server without gpgme would not be able to check signature information among other things. I don't think this is desirable, what do others think? Regards, Michael -- Michael Wiegand | OpenPGP key: D7D049EC | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From randy at procyonlabs.com Tue Dec 23 08:58:31 2008 From: randy at procyonlabs.com (Randal T. Rioux) Date: Tue, 23 Dec 2008 02:58:31 -0500 (EST) Subject: [Openvas-distro] resolv error during configuration step of openvas-libraries source install In-Reply-To: <200806172215.13007.jan-oliver.wagner@intevation.de> References: <4857D792.2010808@ucr.edu> <200806172215.13007.jan-oliver.wagner@intevation.de> Message-ID: <69c0b4176d3b1b48893b5004278a9c07.squirrel@192.168.3.3> Thread awakening! Moved here to -distro from -discuss. See comments inline. > On Tuesday 17 June 2008 17:26, Jonathan Glenn L. Ocab wrote: >> I was looking into installing Openvas under Solaris 10 x86. I had >> already gotten Nessus 2.2.11 compiled and built on that same box, but >> wanted to give Openvas a whirl since it is more maintained than the >> older Nessus 2 branch. >> >> Unfortunately, during the compile of the openvas-libraries package, I >> have been stonewalled with this error during the configuration: >> >> checking for __dn_expand in -lresolv... no >> configure: error: you need to install resolve library with development >> files Same error on SPARC platform here. On Tue, June 17, 2008 3:14 pm, Jan-Oliver Wagner wrote: > seems this check does not work on Solaris. > Perhaps some of the other Solaris guys around can help. > I do not have a Solaris at hand to play with. I just created the following bug report: [#857] configure failure on Solaris 10 SPARC If anybody else has an idea, let me know. Otherwise I'll fudge with it more. Thanks, Randy From randy at procyonlabs.com Tue Dec 23 09:31:18 2008 From: randy at procyonlabs.com (Randal T. Rioux) Date: Tue, 23 Dec 2008 03:31:18 -0500 (EST) Subject: [Openvas-distro] resolv error during configuration step of openvas-libraries source install In-Reply-To: <69c0b4176d3b1b48893b5004278a9c07.squirrel@192.168.3.3> References: <4857D792.2010808@ucr.edu> <200806172215.13007.jan-oliver.wagner@intevation.de> <69c0b4176d3b1b48893b5004278a9c07.squirrel@192.168.3.3> Message-ID: On Tue, December 23, 2008 2:58 am, Randal T. Rioux wrote: > Thread awakening! Moved here to -distro from -discuss. See comments > inline. > >> On Tuesday 17 June 2008 17:26, Jonathan Glenn L. Ocab wrote: >>> I was looking into installing Openvas under Solaris 10 x86. I had >>> already gotten Nessus 2.2.11 compiled and built on that same box, but >>> wanted to give Openvas a whirl since it is more maintained than the >>> older Nessus 2 branch. >>> >>> Unfortunately, during the compile of the openvas-libraries package, I >>> have been stonewalled with this error during the configuration: >>> >>> checking for __dn_expand in -lresolv... no >>> configure: error: you need to install resolve library with development >>> files > > Same error on SPARC platform here. > > On Tue, June 17, 2008 3:14 pm, Jan-Oliver Wagner wrote: >> seems this check does not work on Solaris. >> Perhaps some of the other Solaris guys around can help. >> I do not have a Solaris at hand to play with. > > I just created the following bug report: > > [#857] configure failure on Solaris 10 SPARC > > If anybody else has an idea, let me know. Otherwise I'll fudge with it > more. ACK! Fixed last week in svn - same problem on Macs (BSD issue?). Closed the ticket.. moving on :-) Thanks, Randy From michael.wiegand at intevation.de Tue Dec 23 10:22:21 2008 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Tue, 23 Dec 2008 10:22:21 +0100 Subject: [Openvas-distro] Repository location changed In-Reply-To: References: Message-ID: <20081223092221.GA10744@intevation.de> * Stephan Kleine [22. Dec 2008]: > Only the client gets build for CentOS 5, RHEL 5, SLE 10. The server > can't be build because those either don't have gpgme (RHEL & CentOS) > or an older version (1.0.3 is in SLE 10 iirc). > > SLE 9 & RHEL 4 only have glib2 2.2 & 2.4 iirc so nothing can be build for them. > > Is there any chance you get rid of the gpgme requirement in -libnasl > so it probably / perhaps / hopefully could be build for CentOS, SLE & > RHEL as well? One more thing: I just noticed the person responsible for http://www.atomicorp.com/channels/atomic/ seems to have succeeded in building rpms for RHEL 4 and 5, CentOS 4 and 5 and Fedora 4-10. I am no rpm expert, but you two might want to consider coordinating your efforts. Regards, Michael -- Michael Wiegand | OpenPGP key: D7D049EC | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From joey at infodrom.org Sat Dec 13 14:15:39 2008 From: joey at infodrom.org (Joey Schulze) Date: Sat, 13 Dec 2008 13:15:39 -0000 Subject: [Openvas-distro] OpenVAS Plugins Licenses Message-ID: <20081213111518.GF3019@carelia.home.infodrom.org> Moin! In the openvas-plugins packges a lot of licenses don't match our (or rather other people's) expectations with regards to the GPLv2 tarball extracted from the old Nessus project. The licenses need to be unified at least before the package can go into the Debian archive. I'm currently discussing this in person with the ftpmaster who is processing NEW and we'll get another rejection. That'll also mean that the new version 1.0.5 will be out of luck as well. In 1.0.6 we should have resolved all license problems. Unfortunately this requires us to wade through all source and plugin files and check each and every license/license statement for their compatibility with the overall license that is used (GPLv2). For a quite bad example of a mismatch, please take a look at this example: http://wald.intevation.org/plugins/scmsvn/viewcvs.php/*checkout*/trunk/openvas-plugins/plugins/objectserver/objectserver.c?content-type=text%2Fplain&rev=212&root=openvas Regards, Joey -- Ten years and still binary compatible. -- XFree86 Please always Cc to me when replying to me on the lists. From joey at infodrom.org Sun Dec 14 22:58:41 2008 From: joey at infodrom.org (Joey Schulze) Date: Sun, 14 Dec 2008 21:58:41 -0000 Subject: [Openvas-distro] Fwd: [Openvas-distro-deb] openvas-plugins_1.0.4-1_i386.changes REJECTED In-Reply-To: <200812141307.38469.waja@cyconet.org> References: <200812141307.38469.waja@cyconet.org> Message-ID: <20081214183800.GA2621@carelia.home.infodrom.org> Jan Wagner wrote: > He guys ... maybe you want to have a look into it! :) Thanks for forwarding Thomas' mail. > ---------- Forwarded Message ---------- > unfortunately openvas-plugins package seems to need some major > work auditing copyrights and licenses for each and every file. > Most likely upstream wants to look into what the ship, > "THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF" ... > might not align with their free software ideas, either. Thomas showed me the file in particular before (see other mail). This is from plugins/objectserver/objectserver.c > If you have influence on upstream, I'd also recommend > bookkepping of GPL2 vs. GPL2+ vs. Same as Perl vs. GPL3 > licenses. This will require somebody go through each and every file and check their respective copyright and license statements. This could result in several files being removed from the package. This mail from the acting ftpmaster also shows that we have don't have any chance of getting OpenVAS plugins included in any Debian release until these problems are resolved. It would be nice if this could happen before the 2.0.0 release. Regards, Joey -- Ten years and still binary compatible. -- XFree86 Please always Cc to me when replying to me on the lists. From joey at infodrom.org Sun Dec 14 22:58:41 2008 From: joey at infodrom.org (Joey Schulze) Date: Sun, 14 Dec 2008 21:58:41 -0000 Subject: [Openvas-distro] openvas-server_1.0.2-4_i386.changes ACCEPTED Message-ID: <20081214190453.GE2621@carelia.home.infodrom.org> There's not only bad news about OpenVAS in Debian but also good news. After the last rejection of openvas-server I've fixed all (but one *sigh*) issues Thomas pointed out to me and built new packages that were uploaded again. Today he accepted the new package, so openvas-server is now finally part of Debian GNU/Linux. It won't be part of the upcoming stable release 5.0, though. However, after the release it should automatically migrate into testing and backports could be provided. ----- Forwarded message from Debian Installer ----- Accepted: openvas-server-dev_1.0.2-4_i386.deb to pool/main/o/openvas-server/openvas-server-dev_1.0.2-4_i386.deb openvas-server_1.0.2-4.diff.gz to pool/main/o/openvas-server/openvas-server_1.0.2-4.diff.gz openvas-server_1.0.2-4.dsc to pool/main/o/openvas-server/openvas-server_1.0.2-4.dsc openvas-server_1.0.2-4_i386.deb to pool/main/o/openvas-server/openvas-server_1.0.2-4_i386.deb openvas-server_1.0.2.orig.tar.gz to pool/main/o/openvas-server/openvas-server_1.0.2.orig.tar.gz [..] Announcing to debian-devel-changes at lists.debian.org ----- End forwarded message ----- Regards, Joey -- Ten years and still binary compatible. -- XFree86 Please always Cc to me when replying to me on the lists.