From bitdealer at gmail.com Sat Feb 14 18:01:18 2009 From: bitdealer at gmail.com (Stephan Kleine) Date: Sat, 14 Feb 2009 18:01:18 +0100 Subject: [Openvas-distro] openvas-libraries 2.0.1 is broken on Mandriva 2009 Message-ID: Hi. Since version 2.0.1 openvas-libraries doesn't build anymore on Mandriva 2009 because their default LDFLAGS definition defines e.g. "-Wl,--no-undefined" which causes the build to fail because of undefined references to the gnutls libraries. See http://pastebin.be/16668 for a Mandriva 2009 build log. Note line #709 where the standard LDFLAGS are printed and line #711 which is the proof that they have successfully been modified so it should theoretically work but, as you can see in line #831, this change isn't respected. Which actually reminds me to pester you once again that the Makefiles for openvas-libraries are somehow broken since, without the attached patch, a normal "make && make install" would compile the stuff _3_ times. First for make, then for make install and make install of the 2 different actual libraries which shouldn't happen as well since the Makefile should notice that there is no need to compile the stuff over and over. Also CFLAGS is only respected during the first compilation run - which could be related to the non working override of LDFLAGS. Could you therefore please review & fix those Makefiles (or whatever causes those issues)? I can work around the unnecessary compilation runs with said patch (which 1. is a pretty crude hack and 2. shouldn't be necessary in the first place) but until you fix them in a way that respect overridden LDFLAGS there wont be any Mandriva 2009 builds (plain rpmbuild on a real Mandriva 2009 system fails with exactly the same error so it isn't an issue with the chroot). Regards, Stephan -------------- next part -------------- A non-text attachment was scrubbed... Name: openvas-libraries-Makefile-2.0.0.patch Type: text/x-patch Size: 1852 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-distro/attachments/20090214/e637db76/openvas-libraries-Makefile-2.0.0.bin From michael.wiegand at intevation.de Mon Feb 16 10:48:36 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Mon, 16 Feb 2009 10:48:36 +0100 Subject: [Openvas-distro] openvas-libraries 2.0.1 is broken on Mandriva 2009 In-Reply-To: References: Message-ID: <20090216094836.GE14767@intevation.de> * Stephan Kleine [14. Feb 2009]: > Which actually reminds me to pester you once again that the Makefiles > for openvas-libraries are somehow broken since, without the attached > patch, a normal "make && make install" would compile the stuff _3_ > times. First for make, then for make install and make install of the 2 > different actual libraries which shouldn't happen as well since the > Makefile should notice that there is no need to compile the stuff over > and over. Also CFLAGS is only respected during the first compilation > run - which could be related to the non working override of LDFLAGS. This does indeed sound weird and useless, thanks for reporting this issue once again. ;) I agree that this issue deserves further investigation. Could you do me a favor and file a bug report against openvas-libraries on http://bugs.openvas.org/ and collect your observations there? That way we could make sure the information does not get buried in the mailing list and the bug tracker would do the pestering for you. :) Regards, Michael -- Michael Wiegand | OpenPGP key: D7D049EC | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 206 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-distro/attachments/20090216/98f4f4f7/attachment.pgp From scott at atomicrocketturtle.com Mon Feb 16 16:08:57 2009 From: scott at atomicrocketturtle.com (Scott R. Shinn) Date: Mon, 16 Feb 2009 10:08:57 -0500 Subject: [Openvas-distro] Release Announcement: Openvas-libnasl 2.0.1 RPM packages Message-ID: <1234796937.17259.1781.camel@winona> openvas-libnasl 2.0.1 has been updated in the atomic rpm repository for: * CentOS 4 * CentOS 5 * RHEL 4 * RHEL 5 * Fedora 4-10 available for both i386 and x86_64 platforms. The atomic yum repository is available at: http://www.atomicrocketturtle.com -Scott From jan-oliver.wagner at intevation.de Mon Feb 16 22:08:38 2009 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Mon, 16 Feb 2009 22:08:38 +0100 Subject: [Openvas-distro] Release Announcement: Openvas-libnasl 2.0.1 RPM packages In-Reply-To: <1234796937.17259.1781.camel@winona> References: <1234796937.17259.1781.camel@winona> Message-ID: <200902162208.38903.jan-oliver.wagner@intevation.de> On Monday 16 February 2009 16:08:57 Scott R. Shinn wrote: > openvas-libnasl 2.0.1 has been updated in the atomic rpm repository for: > > * CentOS 4 > * CentOS 5 > * RHEL 4 > * RHEL 5 > * Fedora 4-10 > > available for both i386 and x86_64 platforms. The atomic yum repository > is available at: http://www.atomicrocketturtle.com cool. Thanks a lot! Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335 08 30 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From njtaylor at asterisk.demon.co.uk Tue Feb 17 03:01:15 2009 From: njtaylor at asterisk.demon.co.uk (Nigel J. Taylor) Date: Tue, 17 Feb 2009 02:01:15 +0000 Subject: [Openvas-distro] OpenBSD port OpenVAS v2 Message-ID: <499A1A6B.5000100@asterisk.demon.co.uk> For anyone interested attached is a port for OpenBSD. (Also sent to ports at openbsd.org). to build the complete set of packages. extract the port into /usr/ports/security in the ports tree. cd /usr/ports/security/openvas make package This port includes opevas-libraries 2.0.1 openvas-libnasl 2.0.1 openvas-server 2.0.0 openvas-plugins 1.0.5 split into openvas-plugins - just .nes files. openvas-plugins-scripts - arch independent/optional. openvas-nvt-sync can be used to download instead. openvas-client 2.0.1 sladinstaller 1.1.2 The patch files show the changes made. Some notes I made are below. Regards Nigel Taylor Running openvas on OpenBSD nikto.nasl - searches for nikto.pl, openbsd this is installed just as nikto, nikto.pl doesn't exist. (Temporary workaround is to add a soft link). Relocation of OpenVAS directories for OpenBSD. 1. /var/openvas is used rather than /var/lib/openvas, /var/lib is not normally present on OpenBSD, Nessus used /var/nessus. 2. /var/openvas/plugins is used for openvas-nvt-sync and openvasd /usr/local/lib/openvas/plugins still used for openvas-plugins, expected to copy from there into /var/openvas/plugins, and then run openvas-nvt-sync, also allows package install, deinstall without issues because openvas-nvt-sync updated files after the install, also already present on LiveCD. Only want /usr updated when package or OS changes. 3. /usr/local/share/doc/openvas-manual changed to /usr/local/share/doc/openvas. 4. /usr/local/share/examples/openvas added and openvas-services placed in the directory and expected to be copied to /var/openvas. Packages should not overwrite the running previous installed configuration. OpenBSD Porting - v1.0/v2.0 (Note openvasd v2 crashes if /var/openvas/plugins/.desc is not removed if v1 had been used). uname -o is used in a couple of Makefile's (openvas-client / sladinstaller), the -o option is not supported under OpenBSD, changed to uname. Should this be handled in configure not using uname in Makefiles. /bin/bash used in openvas-nvt-sync, changed to /bin/sh, bash is not in the base OS, not adding bash package just for the sake of one script. $Id$ used in openvas-nvt-sync, causes problem with cvs/rcs (only because it gets included in a patch). openvas-adduser - chmod 700 /var/openvas (was /var/lib/openvas) changed to chmod 700 /var/openvas/users (not sure this should even be required should have been set on installation). required for openvas-nvt-sync to work under a different user to root prefer to download under unprivileged account, /var/openvas should be 750 then /var/openvas/plugins can have owner other than root. Issue using account other than root openvas-nvt-sync is unable to signal openvasd to reload plugins. server / openvas.tmpl.in - issue with include directories during compiles missed out /usr/local/include. openvas-check-singnature.c - getopt.h include missing compile failed. (v1.0) openvas-nvt-sync.in - findcmd SRCH added extra directories to search # whence rsync /usr/local/bin/rsync # whence md5 /bin/md5 md5sum replaced by md5, --status removed on command line and -q added before -c. (would it be better just to configure once in /etc/openvas/.) openvas-plugins delivered as two packages openvas-plugins-scripts contains all nasl scripts, inc files and is arch independant (also not necessary to deliver scripts if openvas-nvt-sync is run). openvas-plugins the rest just the .nes files. (Should .nasl,.inc be put in directories separate from the .nes files, and openvasd given multiple locatations to search for plugins .nes files). libnasl nasl/Makefile LINK = $(LIBTOOL) --mode=link added COMPILE changed to include --mode=compile --mode install changed to --mode=install --mode=final removed (creating a package so not required). nasl/lsearch added config.h include, reintroduced #ifndef HAVE_LFIND as included in standard libraries on OpenBSD. nasl.tmpl.in - GNUTLS library not being included -lgnutls added, needs more work, temporary workaround. libraries ftp_funcs.c - #include added. hg_dns_axfr.c - added hg_get16 as per mail list. ids_send.c - #include added. pcap.c - #include removed (OpenBSD doesn't use resolv lib any more). #include - added #include - added #include "pcap_openvas.h" - removed. plugutils.c - #include changed to #include (V1.0) popen.c #include .h added (V1.0) #include added system.c #include "config.h" added www_funcs.c #include added libraries/configure.in - pcap library routine pcap_restart doesn't exist in pcap lib - change to AC_HAVE_LIBRARY, resolv libraries do not exist any more depreciated changed to AC_HAVE_LIBRARY some issue with gnutls library (v2.0.0) - temporary fix. (patch for configure included, no need to rerun autoconf for the port). libopenvas, libopenvas_hg - Makefile libtool changed to --mode= -------------- next part -------------- A non-text attachment was scrubbed... Name: openvas2.0.tgz Type: application/octet-stream Size: 48347 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-distro/attachments/20090217/b8359e8a/openvas2.0-0001.obj From bitdealer at gmail.com Fri Feb 6 17:53:50 2009 From: bitdealer at gmail.com (Stephan Kleine) Date: Fri, 6 Feb 2009 17:53:50 +0100 Subject: [Openvas-distro] Regarding openvas-libraries 2.0.1 Message-ID: Hi folks. I just build RPMs for openvas-libraries 2.0.1 and run into a few issues I would like to share with you: 1. "make && make install" still compiles the stuff _3_ times (I already reported this but received no response and since it still isn't fixed ...). First during "make" and then for "make install" for libopenvas & libopenvas_hg and then again from the global "make install" (last but not least only the first compilation run respects any modified %CFLAGS). See the attached build.log for details. The attached patch fixes this by removing the dependencies from the "install" targets but normally this shouldn't be necessary since it should notice that the stuff is already build so the problem might be somewhere else. 2. I got 2 warnings regarding your code: I: A function overflows or underflows an array access. This could be a real error, but occasionaly this condition is also misdetected due to loop unrolling or strange pointer handling. So this is warning only, please review. W: openvas-libraries arraysubscript bpf_share.c:46 (I guess this would be "bad" for i==NUM_CLIENTS since it would access the array out of bounds.) I: Program is likely to break with new gcc. Try -fno-strict-aliasing. W: openvas-libraries strict-aliasing-punning pcap.c:350 3. For some unknown reason the Mandriva 2009 build is no longer able to find the gnutls includes: 32bit log: https://build.opensuse.org/package/live_build_log?arch=i586&package=openvas-libraries&project=security%3Aopenvas%3AUNSTABLE&repository=Mandriva_2009 To reproduce this locally do: "osc co security:openvas:UNSTABLE openvas-libraries" and then cd into the directory and run "osc build Mandriva_2009 i586 openvas-libraries.spec" Please have a look at those issues. Regards, Stephan -------------- next part -------------- A non-text attachment was scrubbed... Name: build.log Type: text/x-log Size: 108136 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-distro/attachments/20090206/620e4da4/build-0001.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: openvas-libraries-Makefile-2.0.0.patch Type: text/x-patch Size: 1852 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-distro/attachments/20090206/620e4da4/openvas-libraries-Makefile-2.0.0-0001.bin From michael.wiegand at intevation.de Tue Feb 17 11:29:04 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Tue, 17 Feb 2009 11:29:04 +0100 Subject: [Openvas-distro] OpenBSD port OpenVAS v2 In-Reply-To: <499A1A6B.5000100@asterisk.demon.co.uk> References: <499A1A6B.5000100@asterisk.demon.co.uk> Message-ID: <20090217102904.GC29628@intevation.de> * Nigel J. Taylor [17. Feb 2009]: > For anyone interested attached is a port for OpenBSD. (Also sent to > ports at openbsd.org). Thank you very much! It looks like you put a lot of work into porting OpenVAS to OpenBSD, I'm sure the patches you created will be useful elsewhere as well. I will go through the patches and merge them into the OpenVAS repository if they are useful for other platforms as well. I won't be able to allocate much time for this over the next few weeks, so any help is appreciated. If you want to, feel free to join our IRC channel #openvas at irc.oftc.net. Again, thank you very much! Regards, Michael -- Michael Wiegand | OpenPGP key: D7D049EC | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 206 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-distro/attachments/20090217/357e963f/attachment.pgp From jfs at computer.org Tue Feb 17 19:55:10 2009 From: jfs at computer.org (Javier Fernandez-Sanguino) Date: Tue, 17 Feb 2009 19:55:10 +0100 Subject: [Openvas-distro] openvas-server_1.0.2-4_i386.changes ACCEPTED In-Reply-To: <20081214190453.GE2621@carelia.home.infodrom.org> References: <20081214190453.GE2621@carelia.home.infodrom.org> Message-ID: Was this being hold by the moderation filters in the list? I have received it today and it was sent two months ago! Regards Javier 2008/12/14 Joey Schulze : > There's not only bad news about OpenVAS in Debian but also good news. > After the last rejection of openvas-server I've fixed all (but one > *sigh*) issues Thomas pointed out to me and built new packages that > were uploaded again. From timb at nth-dimension.org.uk Tue Feb 17 22:02:59 2009 From: timb at nth-dimension.org.uk (Tim Brown) Date: Tue, 17 Feb 2009 21:02:59 +0000 Subject: [Openvas-distro] openvas-server_1.0.2-4_i386.changes ACCEPTED In-Reply-To: References: <20081214190453.GE2621@carelia.home.infodrom.org> Message-ID: <200902172103.00802.timb@nth-dimension.org.uk> On Tuesday 17 February 2009 18:55:10 Javier Fernandez-Sanguino wrote: > Was this being hold by the moderation filters in the list? I have > received it today and it was sent two months ago! > It was, I found it when I was clearing out spam earlier today. Tim -- Tim Brown From njtaylor at asterisk.demon.co.uk Thu Feb 19 02:10:14 2009 From: njtaylor at asterisk.demon.co.uk (Nigel J. Taylor) Date: Thu, 19 Feb 2009 01:10:14 +0000 Subject: [Openvas-distro] OpenBSD port OpenVAS v2 In-Reply-To: <20090217102904.GC29628@intevation.de> References: <499A1A6B.5000100@asterisk.demon.co.uk> <20090217102904.GC29628@intevation.de> Message-ID: <499CB176.5080708@asterisk.demon.co.uk> Thanks, I may join you on IRC. I don't have access when at work, so might be limitations. I have completed v2.0.1 port of the openvas-server just released, I have just mailed this the ports at openbsd.org. A minor update is included for openvas-libraries, two of the include files where left out, spotted this when building the openvas-server. I haven't sent the port to this list, not enough has been changed, but can do if interested. I will be testing out the port more full over next week or so as I get time. Regards Nigel Taylor Michael Wiegand wrote: > * Nigel J. Taylor [17. Feb 2009]: >> For anyone interested attached is a port for OpenBSD. (Also sent to >> ports at openbsd.org). > > Thank you very much! It looks like you put a lot of work into porting > OpenVAS to OpenBSD, I'm sure the patches you created will be useful > elsewhere as well. > > I will go through the patches and merge them into the OpenVAS repository > if they are useful for other platforms as well. I won't be able to > allocate much time for this over the next few weeks, so any help is > appreciated. > > If you want to, feel free to join our IRC channel #openvas at > irc.oftc.net. > > Again, thank you very much! > > Regards, > > Michael > From scott at atomicrocketturtle.com Thu Feb 26 15:17:41 2009 From: scott at atomicrocketturtle.com (Scott R. Shinn) Date: Thu, 26 Feb 2009 09:17:41 -0500 Subject: [Openvas-distro] Release Announcement: Openvas-server 2.0.1 RPM packages Message-ID: <1235657861.11494.52.camel@winona> openvas-server 2.0.1 has been updated in the [atomic] rpm repository for: * CentOS 4 * CentOS 5 * RHEL 4 * RHEL 5 * Fedora 4-10 available for both i386 and x86_64 platforms. The atomic yum repository is available at: http://www.atomicrocketturtle.com Short Installation instructions: Step 1) Configure the repository for your system using the installer wget -q -O - http://www.atomicorp.com/installers/atomic |sh Step 2) Install openvas-server yum install openvas-server openvas-plugins -Scott