![](https://seccdn.libravatar.org/avatar/e2145bc5cf53dda95c308a3c75e8fef3.jpg?s=120&d=mm&r=g)
Hello community,
here is the log from the commit of package nessus-libraries
checked in at Fri Jan 26 11:23:55 CET 2007.
--------
--- nessus-libraries/nessus-libraries.changes 2006-09-04 09:49:24.000000000 +0200
+++ /mounts/work_src_done/STABLE/nessus-libraries/nessus-libraries.changes 2007-01-26 10:51:30.000000000 +0100
@@ -1,0 +2,15 @@
+Fri Jan 26 10:45:22 CET 2007 - anosek@suse.cz
+
+- updated to version 2.2.9
+ * The 'service' functions now only deal with the services file
+ provided with Nessus (instead of using a mix of /etc/services
+ and others)
+ * Fixed a NULL pointer dereferencement in the BPF server
+ * Fixed a possible memory corruption when forwarding data
+ from a process to another
+ * Fixed a bug in the PCAP handler which in turn should fix
+ synscan.nes
+- fixed compiler warning bpf_share.c:930: array subscript is above
+ array bounds [#238271] (warnings.diff)
+
+-------------------------------------------------------------------
Old:
----
nessus-libraries-2.2.6-aliasing.diff
nessus-libraries-2.2.6-configure.diff
nessus-libraries-2.2.6-fmt.diff
nessus-libraries-2.2.6-libtool.diff
nessus-libraries-2.2.6-printf.diff
nessus-libraries-2.2.6-prototypes.diff
nessus-libraries-2.2.6.tar.bz2
nessus-libraries-2.2.6-type.diff
nessus-libraries-2.2.6-uninitialized.diff
New:
----
nessus-libraries-2.2.9-aliasing.diff
nessus-libraries-2.2.9-configure.diff
nessus-libraries-2.2.9-fmt.diff
nessus-libraries-2.2.9-libtool.diff
nessus-libraries-2.2.9-printf.diff
nessus-libraries-2.2.9-prototypes.diff
nessus-libraries-2.2.9.tar.bz2
nessus-libraries-2.2.9-type.diff
nessus-libraries-2.2.9-uninitialized.diff
nessus-libraries-2.2.9-warnings.diff
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ nessus-libraries.spec ++++++
--- /var/tmp/diff_new_pack.o10980/_old 2007-01-26 11:23:43.000000000 +0100
+++ /var/tmp/diff_new_pack.o10980/_new 2007-01-26 11:23:43.000000000 +0100
@@ -1,7 +1,7 @@
#
-# spec file for package nessus-libraries (Version 2.2.6)
+# spec file for package nessus-libraries (Version 2.2.9)
#
-# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
@@ -14,12 +14,12 @@
BuildRequires: libpcap openssl-devel
%define localstatedir /var/lib
%define sharedstatedir /var
-Version: 2.2.6
-Release: 15
+Version: 2.2.9
+Release: 1
Autoreqprov: on
Group: Productivity/Networking/Security
URL: http://www.nessus.org
-License: GPL, LGPL
+License: GNU General Public License (GPL), GNU Library General Public License v. 2.0 and 2.1 (LGPL)
Summary: Powerful Security Scanner Libraries
Source: %{name}-%{version}.tar.bz2
Patch0: %{name}-%{version}-configure.diff
@@ -30,6 +30,7 @@
Patch6: %{name}-%{version}-uninitialized.diff
Patch7: %{name}-%{version}-aliasing.diff
Patch8: %{name}-%{version}-printf.diff
+Patch9: %{name}-%{version}-warnings.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -58,6 +59,7 @@
%patch6
%patch7
%patch8
+%patch9
%build
rm -rf $RPM_BUILD_ROOT
@@ -89,6 +91,9 @@
make %{?jobs:-j%jobs} install DESTDIR=$RPM_BUILD_ROOT
rm -r $RPM_BUILD_ROOT%{_sbindir}/uninstall-nessus
rm -f $RPM_BUILD_ROOT%{_includedir}/nessus/includes.h
+rm -f $RPM_BUILD_ROOT%{_libdir}/libhosts_gatherer.la
+rm -f $RPM_BUILD_ROOT%{_libdir}/libpcap-nessus.la
+rm -f $RPM_BUILD_ROOT%{_libdir}/libnessus.la
%post
%{run_ldconfig}
@@ -108,6 +113,18 @@
%{_bindir}/*
%changelog -n nessus-libraries
+* Fri Jan 26 2007 - anosek@suse.cz
+- updated to version 2.2.9
+ * The 'service' functions now only deal with the services file
+ provided with Nessus (instead of using a mix of /etc/services
+ and others)
+ * Fixed a NULL pointer dereferencement in the BPF server
+ * Fixed a possible memory corruption when forwarding data
+ from a process to another
+ * Fixed a bug in the PCAP handler which in turn should fix
+ synscan.nes
+- fixed compiler warning bpf_share.c:930: array subscript is above
+ array bounds [#238271] (warnings.diff)
* Mon Sep 04 2006 - anosek@suse.cz
- dropped Requires: nessus-core libnasl
* Wed Jan 25 2006 - mls@suse.de
++++++ nessus-libraries-2.2.6-aliasing.diff -> nessus-libraries-2.2.9-aliasing.diff ++++++
++++++ nessus-libraries-2.2.6-configure.diff -> nessus-libraries-2.2.9-configure.diff ++++++
++++++ nessus-libraries-2.2.6-fmt.diff -> nessus-libraries-2.2.9-fmt.diff ++++++
++++++ nessus-libraries-2.2.6-libtool.diff -> nessus-libraries-2.2.9-libtool.diff ++++++
++++++ nessus-libraries-2.2.6-printf.diff -> nessus-libraries-2.2.9-printf.diff ++++++
++++++ nessus-libraries-2.2.6-prototypes.diff -> nessus-libraries-2.2.9-prototypes.diff ++++++
++++++ nessus-libraries-2.2.6.tar.bz2 -> nessus-libraries-2.2.9.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/nessus-libraries/libhosts_gatherer/hg_subnet.c new/nessus-libraries/libhosts_gatherer/hg_subnet.c
--- old/nessus-libraries/libhosts_gatherer/hg_subnet.c 2003-04-07 04:10:02.000000000 +0200
+++ new/nessus-libraries/libhosts_gatherer/hg_subnet.c 2006-05-11 16:51:34.000000000 +0200
@@ -92,6 +92,8 @@
if(netmask != 31)
ret.s_addr-=2; /* skip the broadcast */
+ else
+ ret.s_addr-=1; /* skip the broadcast */
ret.s_addr = htonl(ret.s_addr);
return(ret);
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/nessus-libraries/libhosts_gatherer/hg_utils.c new/nessus-libraries/libhosts_gatherer/hg_utils.c
--- old/nessus-libraries/libhosts_gatherer/hg_utils.c 2004-01-19 21:39:48.000000000 +0100
+++ new/nessus-libraries/libhosts_gatherer/hg_utils.c 2006-03-07 14:47:27.000000000 +0100
@@ -52,6 +52,7 @@
int sz;
{
struct hostent * he = NULL;
+ int i;
he = gethostbyaddr((char *)&ip, sizeof(long), AF_INET);
@@ -60,6 +61,14 @@
else
strncpy(hostname, inet_ntoa(ip), sz - 1);
+ hostname[sz - 1] = '\0';
+ for ( i = 0 ; hostname[i] != '\0' ; i ++ )
+ {
+ if ( ! isalnum(hostname[i]) &&
+ hostname[i] != '.' &&
+ hostname[i] != '_' &&
+ hostname[i] != '-' ) hostname[i] = '?';
+ }
return 0; /* We never fail */
}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/nessus-libraries/libnessus/bpf_share.c new/nessus-libraries/libnessus/bpf_share.c
--- old/nessus-libraries/libnessus/bpf_share.c 2005-07-06 22:48:10.000000000 +0200
+++ new/nessus-libraries/libnessus/bpf_share.c 2006-10-26 15:01:45.000000000 +0200
@@ -138,11 +138,12 @@
next = bpc->next;
pcap_close(bpc->pcap);
efree(&bpc);
- if ( prev ) prev->next = bpc->next;
+ if ( prev ) prev->next = next;
else pcaps = next;
}
prev = bpc;
- bpc = bpc->next;
+ if ( bpc != NULL )
+ bpc = bpc->next;
}
}
@@ -937,7 +938,7 @@
if(iface == NULL)
iface = pcap_lookupdev(errbuf);
- ret = pcap_open_live(iface, 1500, 0, 100, errbuf);
+ ret = pcap_open_live(iface, 1500, 0, 1, errbuf);
if(ret == NULL)
{
printf("%s\n", errbuf);
@@ -974,10 +975,25 @@
{
u_char * p = NULL;
struct pcap_pkthdr head;
+ struct timeval timeout, now;
+
+ gettimeofday(&timeout, NULL);
+ timeout.tv_sec += tv->tv_sec;
+ timeout.tv_usec += tv->tv_usec;
+ while ( timeout.tv_usec >= 1000000 ) {
+ timeout.tv_sec ++;
+ timeout.tv_usec -= 1000000;
+ }
+
+ do {
+ p = (u_char*)pcap_next(pcaps[bpf], &head);
+ *caplen = head.caplen;
+ if ( p != NULL ) break;
+ gettimeofday(&now, NULL);
+ } while ( !((now.tv_sec > timeout.tv_sec) ||
+ (now.tv_sec == timeout.tv_sec && now.tv_usec >= timeout.tv_usec ) ));
+
-
- p = (u_char*)pcap_next(pcaps[bpf], &head);
- *caplen = head.caplen;
return p;
}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/nessus-libraries/libnessus/network.c new/nessus-libraries/libnessus/network.c
--- old/nessus-libraries/libnessus/network.c 2005-11-01 19:25:54.000000000 +0100
+++ new/nessus-libraries/libnessus/network.c 2006-05-22 16:14:35.000000000 +0200
@@ -2282,7 +2282,7 @@
if ( len >= sz )
{
sz = len + 1;
- buf = erealloc( buf, len );
+ buf = erealloc( buf, sz );
}
if ( len > 0 )
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/nessus-libraries/libnessus/services1.c new/nessus-libraries/libnessus/services1.c
--- old/nessus-libraries/libnessus/services1.c 2004-12-21 20:24:05.000000000 +0100
+++ new/nessus-libraries/libnessus/services1.c 2006-03-07 14:48:01.000000000 +0100
@@ -1,6 +1,8 @@
/*
* Copyright (C) 2002 Michel Arboi
*
+ * Some modifications (C) Tenable Network Security
+ *
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
@@ -18,6 +20,7 @@
* TCP/IP service functions (getservent enhancement)
*/
+
#define EXPORTING
#include "includes.h"
#include