Hello community,
here is the log from the commit of package openvas-scanner for openSUSE:Factory
checked in at Mon May 2 09:19:54 CEST 2011.
--------
--- openvas-scanner/openvas-scanner.changes 2011-02-23 19:52:26.000000000 +0100
+++ /mounts/work_src_done/STABLE/openvas-scanner/openvas-scanner.changes 2011-04-11 20:07:18.000000000 +0200
@@ -1,0 +2,13 @@
+Mon Apr 11 17:25:46 UTC 2011 - bitshuffler@opensuse.org
+
+- Updated to 3.2.3
+ * Fixed: Three potential resource leaks.
+ * Fixed: Generation of code documentation.
+ * Updated: Feed synchronization scripts.
+ * Changed: The openvas-nvt-sync script will now perform the initial feed
+ synchronization via HTTP instead of rsync.
+ * Changed: The openvas-nvt-sync script will now default to synchronize into the
+ NVT directory used by the OpenVAS Scanner instead of the one defined at
+ compile time.
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
Old:
----
openvas-scanner-3.2.2.tar.gz
New:
----
openvas-scanner-3.2.3.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openvas-scanner.spec ++++++
--- /var/tmp/diff_new_pack.l38kE7/_old 2011-05-02 09:19:22.000000000 +0200
+++ /var/tmp/diff_new_pack.l38kE7/_new 2011-05-02 09:19:22.000000000 +0200
@@ -19,7 +19,7 @@
Name: openvas-scanner
-Version: 3.2.2
+Version: 3.2.3
Release: 1
License: GPLv2
Group: Productivity/Networking/Security
++++++ debian.changelog ++++++
--- /var/tmp/diff_new_pack.l38kE7/_old 2011-05-02 09:19:22.000000000 +0200
+++ /var/tmp/diff_new_pack.l38kE7/_new 2011-05-02 09:19:22.000000000 +0200
@@ -1,3 +1,17 @@
+openvas-scanner (3.2.3-1) UNRELEASED; urgency=low
+
+ * New upstream release
+ - Fixed: Three potential resource leaks.
+ - Fixed: Generation of code documentation.
+ - Updated: Feed synchronization scripts.
+ - Changed: The openvas-nvt-sync script will now perform the initial feed
+ synchronization via HTTP instead of rsync.
+ - Changed: The openvas-nvt-sync script will now default to synchronize into the
+ NVT directory used by the OpenVAS Scanner instead of the one defined at
+ compile time.
+
+ -- Stephan Kleine Mon, 11 Apr 2011 19:26:36 +0200
+
openvas-scanner (3.2.2-1) UNRELEASED; urgency=low
* New upstream release
++++++ openvas-scanner-3.2.2.tar.gz -> openvas-scanner-3.2.3.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvas-scanner-3.2.2/CHANGES new/openvas-scanner-3.2.3/CHANGES
--- old/openvas-scanner-3.2.2/CHANGES 2011-02-21 10:40:34.000000000 +0100
+++ new/openvas-scanner-3.2.3/CHANGES 2011-04-11 09:29:40.000000000 +0200
@@ -1,3 +1,26 @@
+openvas-scanner 3.2.3 (2011-04-11)
+
+This is the third maintenance release of the openvas-scanner 3.2 module for the
+Open Vulnerability Assessment System release 4 (OpenVAS-4).
+
+This release features a number of minor improvements to the build process and to
+the synchronization scripts. It also close three potential resource leaks
+discovered by Henri Doreau.
+
+Many thanks to everyone who has contributed to this release:
+Henri Doreau and Michael Wiegand.
+
+Main changes compared to 3.2.2:
+* Fixed: Three potential resource leaks.
+* Fixed: Generation of code documentation.
+* Updated: Feed synchronization scripts.
+* Changed: The openvas-nvt-sync script will now perform the initial feed
+ synchronization via HTTP instead of rsync.
+* Changed: The openvas-nvt-sync script will now default to synchronize into the
+ NVT directory used by the OpenVAS Scanner instead of the one defined at
+ compile time.
+
+
openvas-scanner 3.2.2 (2011-02-21)
This is the second maintenance release of the openvas-scanner 3.2 module for the
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvas-scanner-3.2.2/CMakeLists.txt new/openvas-scanner-3.2.3/CMakeLists.txt
--- old/openvas-scanner-3.2.2/CMakeLists.txt 2011-02-21 10:40:34.000000000 +0100
+++ new/openvas-scanner-3.2.3/CMakeLists.txt 2011-04-11 09:29:40.000000000 +0200
@@ -79,7 +79,7 @@
set (CPACK_TOPLEVEL_TAG "")
set (CPACK_PACKAGE_VERSION_MAJOR "3")
set (CPACK_PACKAGE_VERSION_MINOR "2")
-set (CPACK_PACKAGE_VERSION_PATCH "2${SVN_REVISION}")
+set (CPACK_PACKAGE_VERSION_PATCH "3${SVN_REVISION}")
set (CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}")
set (CPACK_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}")
set (CPACK_SOURCE_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}")
@@ -270,6 +270,9 @@
install (DIRECTORY DESTINATION ${OPENVAS_NVT_DIR})
install (DIRECTORY DESTINATION ${OPENVAS_CACHE_DIR})
+install (DIRECTORY
+ DESTINATION ${OPENVAS_SYSCONF_DIR}/gnupg
+ DIRECTORY_PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE)
## Tests
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvas-scanner-3.2.2/ChangeLog new/openvas-scanner-3.2.3/ChangeLog
--- old/openvas-scanner-3.2.2/ChangeLog 2011-02-21 10:40:34.000000000 +0100
+++ new/openvas-scanner-3.2.3/ChangeLog 2011-04-11 09:29:40.000000000 +0200
@@ -1,3 +1,102 @@
+2011-04-11 Michael Wiegand
+
+ Preparing the openvas-scanner 3.2.3 release.
+
+ * CHANGES: Updated.
+
+2011-04-08 Michael Wiegand
+
+ * tools/openvas-nvt-sync.in: Use feed.openvas.org instead of
+ rsync.openvas.org in the feed URL.
+
+2011-04-08 Michael Wiegand
+
+ * tools/openvas-nvt-sync.in: Ensure openvas-nvt-sync syncs into the
+ NVT directory configured in the scanner by default. Remove obsolete
+ comment.
+
+2011-03-31 Michael Wiegand
+
+ * tools/openvas-nvt-sync.in: Do not use rsync as the default when no
+ feed is present, i.e. we are doing the initial sync. Use http (wget or
+ curl) instead.
+
+2011-03-29 Michael Wiegand
+
+ * tools/greenbone-nvt-sync: Enable BatchMode in ssh during rsync.
+
+2011-03-28 Michael Wiegand
+
+ * tools/greenbone-nvt-sync: Add support for specifying an arbitrary
+ port for synchronization.
+
+2011-03-28 Michael Wiegand
+
+ * tools/greenbone-nvt-sync: Add support for reading configuration from
+ $sysconfdir/openvas/greenbone-nvt-sync.conf.
+
+2011-03-28 Michael Wiegand
+
+ * tools/greenbone-nvt-sync: Add support for reading feed information
+ from the plugin_feed_info.inc. Rename FEED_PROVIDER to FEED_VENDOR for
+ consistency.
+
+2011-03-28 Michael Wiegand
+
+ * tools/openvas-nvt-sync.in: Make indentation consistent, flush
+ trailing spaces.
+
+2011-03-25 Michael Wiegand
+
+ * tools/openvas-nvt-sync.in: Add support for reading feed information
+ from the plugin_feed_info.inc. Rename FEED_PROVIDER to FEED_VENDOR
+ for consistency.
+
+2011-03-16 Henri Doreau
+
+ * src/locks.c (file_lock): fixed coding style mismatch from previous
+ commit.
+
+2011-03-16 Henri Doreau
+
+ * src/locks.c (file_lock, file_locked): Close file descriptors before
+ return.
+
+ * src/save_kb.c (save_kb_load_kb): Close stream before return.
+
+2011-03-10 Michael Wiegand
+
+ * tools/greenbone-nvt-sync: Fix conditionals so that they are
+ evaluated as intended.
+
+2011-03-07 Michael Wiegand
+
+ * tools/openvas-nvt-sync.in: Removed last bashism from
+ openvas-nvt-sync a second time: Drop SIG prefix when referring to
+ signal as it is a bashism as well.
+
+2011-03-04 Michael Wiegand
+
+ * CMakeLists.txt: Ensure that a "gnupg" directory is created in the
+ OpenVAS configuration directory with the correct permissions as a
+ preparation for signature verifications.
+
+2011-03-02 Michael Wiegand
+
+ Enable the generation of code documentation. Spotted by Michael Meyer.
+
+ * doc/CMakeLists.txt: New. Add to enable the generation of code
+ documentation.
+
+ * doc/Doxyfile.in, doc/Doxyfile_full.in: Fix value of INPUT to match
+ the current paths.
+
+2011-02-21 Michael Wiegand
+
+ Post release version bump.
+
+ * CMakeLists.txt: Set to version to 3.2.3.
+
2011-02-21 Michael Wiegand
Preparing the openvas-scanner 3.2.2 release.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvas-scanner-3.2.2/doc/CMakeLists.txt new/openvas-scanner-3.2.3/doc/CMakeLists.txt
--- old/openvas-scanner-3.2.2/doc/CMakeLists.txt 1970-01-01 01:00:00.000000000 +0100
+++ new/openvas-scanner-3.2.3/doc/CMakeLists.txt 2011-04-11 09:29:40.000000000 +0200
@@ -0,0 +1,62 @@
+# OpenVAS
+# $Id$
+# Description: CMakefile for the OpenVAS Scanner documentation
+#
+# Authors:
+# Matthew Mundell
+# Michael Wiegand
+#
+# Copyright:
+# Copyright (C) 2011 Greenbone Networks GmbH
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Library General Public
+# License as published by the Free Software Foundation; either
+# version 2 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Library General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+
+## build
+
+set_directory_properties (PROPERTIES CLEAN_NO_CUSTOM true)
+set_directory_properties (PROPERTIES ADDITIONAL_MAKE_CLEAN_FILES ".built-html;.built-html_full")
+
+include (FindDoxygen)
+
+if (NOT DOXYGEN_EXECUTABLE)
+ message (STATUS "WARNING: Doxygen is required to build the HTML docs.")
+else (NOT DOXYGEN_EXECUTABLE)
+ set (DOC_FILES
+ ../src/attack.c ../src/auth.c ../src/comm.c ../src/hosts.c
+ ../src/locks.c ../src/log.c ../src/nasl_plugins.c ../src/ntp_11.c
+ ../src/openvassd.c ../src/otp_1_0.c ../src/oval_plugins.c ../src/parser.c
+ ../src/piic.c ../src/pluginlaunch.c ../src/pluginload.c
+ ../src/pluginscheduler.c ../src/plugs_hash.c ../src/plugs_req.c
+ ../src/preferences.c ../src/processes.c ../src/rules.c ../src/save_kb.c
+ ../src/shared_socket.c ../src/sighand.c ../src/users.c ../src/utils.c
+ ../README ../INSTALL)
+
+ add_custom_target (doc COMMENT "Building documentation..."
+ DEPENDS Doxyfile .built-html)
+
+ add_custom_target (doc-full COMMENT "Building documentation..."
+ DEPENDS Doxyfile_full .built-html_full)
+endif (NOT DOXYGEN_EXECUTABLE)
+
+add_custom_command (OUTPUT .built-html
+ COMMAND sh
+ ARGS -c \"cd .. && ${DOXYGEN_EXECUTABLE} doc/Doxyfile && touch doc/.built-html\;\"
+ DEPENDS Doxyfile ${DOC_FILES})
+
+add_custom_command (OUTPUT .built-html_full
+ COMMAND sh
+ ARGS -c \"cd .. && ${DOXYGEN_EXECUTABLE} doc/Doxyfile_full && touch doc/.built-html_full\;\"
+ DEPENDS Doxyfile_full ${DOC_FILES})
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvas-scanner-3.2.2/doc/Doxyfile.in new/openvas-scanner-3.2.3/doc/Doxyfile.in
--- old/openvas-scanner-3.2.2/doc/Doxyfile.in 2011-02-21 10:40:34.000000000 +0100
+++ new/openvas-scanner-3.2.3/doc/Doxyfile.in 2011-04-11 09:29:40.000000000 +0200
@@ -459,7 +459,7 @@
# directories like "/usr/src/myproject". Separate the files or directories
# with spaces.
-INPUT = openvassd include
+INPUT = src
# If the value of the INPUT tag contains directories, you can use the
# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvas-scanner-3.2.2/doc/Doxyfile_full.in new/openvas-scanner-3.2.3/doc/Doxyfile_full.in
--- old/openvas-scanner-3.2.2/doc/Doxyfile_full.in 2011-02-21 10:40:34.000000000 +0100
+++ new/openvas-scanner-3.2.3/doc/Doxyfile_full.in 2011-04-11 09:29:40.000000000 +0200
@@ -459,7 +459,7 @@
# directories like "/usr/src/myproject". Separate the files or directories
# with spaces.
-INPUT = openvassd include
+INPUT = src
# If the value of the INPUT tag contains directories, you can use the
# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvas-scanner-3.2.2/src/locks.c new/openvas-scanner-3.2.3/src/locks.c
--- old/openvas-scanner-3.2.2/src/locks.c 2011-02-21 10:40:34.000000000 +0100
+++ new/openvas-scanner-3.2.3/src/locks.c 2011-04-11 09:29:40.000000000 +0200
@@ -1,5 +1,5 @@
/* OpenVAS
-* $Id: locks.c 9864 2011-01-03 19:48:27Z jan $
+* $Id: locks.c 10561 2011-03-16 09:58:33Z hdoreau $
* Description: Deals with file locking.
*
* Authors: - Renaud Deraison (Original pre-fork develoment)
@@ -77,7 +77,10 @@
bzero (buf, sizeof (buf));
snprintf (buf, sizeof (buf), "%d", getpid ());
if (write (fd, buf, strlen (buf)) < 0)
- return -1;
+ {
+ close (fd);
+ return -1;
+ }
close (fd);
return 0;
}
@@ -120,6 +123,7 @@
log_write ("Could not determine if the file %s is locked: Failed to read %s\n",
name, lock);
efree (&lock);
+ close (fd);
return 0;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvas-scanner-3.2.2/src/save_kb.c new/openvas-scanner-3.2.3/src/save_kb.c
--- old/openvas-scanner-3.2.2/src/save_kb.c 2011-02-21 10:40:34.000000000 +0100
+++ new/openvas-scanner-3.2.3/src/save_kb.c 2011-04-11 09:29:40.000000000 +0200
@@ -1,5 +1,5 @@
/* OpenVAS
-* $Id: save_kb.c 9983 2011-01-17 17:46:44Z jan $
+* $Id: save_kb.c 10560 2011-03-16 08:56:04Z hdoreau $
* Description: Saves the currently used knowledge base.
*
* Authors: - Renaud Deraison (Original pre-fork develoment)
@@ -647,6 +647,7 @@
log_write ("user %s : Could not read %s - kb won't be restored for %s\n",
(char *) arg_get_value (globals, "user"), fname, hostname);
efree (&fname);
+ fclose (f);
return NULL;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvas-scanner-3.2.2/tools/greenbone-nvt-sync new/openvas-scanner-3.2.3/tools/greenbone-nvt-sync
--- old/openvas-scanner-3.2.2/tools/greenbone-nvt-sync 2011-02-21 10:40:34.000000000 +0100
+++ new/openvas-scanner-3.2.3/tools/greenbone-nvt-sync 2011-04-11 09:29:40.000000000 +0200
@@ -49,9 +49,6 @@
# Script and feed information which will be made available to user through
# command line options and automated tools.
SCRIPT_NAME="greenbone-nvt-sync"
-FEED_NAME="Greenbone Security Feed"
-FEED_PROVIDER="Greenbone Networks GmbH"
-FEED_HOME="http://www.greenbone.net/solutions/gbn_feed.html"
RESTRICTED=1
# Result of selftest () is stored here. If it is not 0, the selftest has failed
@@ -61,13 +58,16 @@
# Verbosity flag for rsync. "-q" means a quiet rsync, "-v" a verbose rsync.
RSYNC_VERBOSE="-q"
+# Port to use for synchronization. Default value is 24.
+PORT=24
+
if [ ! -w $LOGDIR ]
then
NOLOG=1
fi
log_write(){
- if [ -n $NOLOG ]
+ if [ -n "$NOLOG" ]
then
echo "LOG: [`date -R`] $1" > /dev/stderr
else
@@ -107,6 +107,8 @@
sysconfdir=`$SCANNER_BINARY --sysconfdir`
+ [ -r $sysconfdir/openvas/greenbone-nvt-sync.conf ] && . $sysconfdir/openvas/greenbone-nvt-sync.conf
+
if [ -z $NVT_DIR ]
then
NVT_DIR=`$SCANNER_BINARY -s | grep plugins_folder | sed 's/plugins\_folder\ *=\ *//'`
@@ -127,16 +129,36 @@
exit 1
fi
fi
+
+ INFOFILE="$NVT_DIR/plugin_feed_info.inc"
+ if [ -r $INFOFILE ] ; then
+ FEED_VERSION=`grep PLUGIN_SET $INFOFILE | sed -e 's/[^0-9]//g'`
+ FEED_NAME=`awk -F\" '/PLUGIN_FEED/ { print $2 }' $INFOFILE`
+ FEED_VENDOR=`awk -F\" '/FEED_VENDOR/ { print $2 }' $INFOFILE`
+ FEED_HOME=`awk -F\" '/FEED_HOME/ { print $2 }' $INFOFILE`
+ FEED_PRESENT=1
+ else
+ FEED_PRESENT=0
+ fi
+
+ if [ -z "$FEED_NAME" ] ; then
+ FEED_NAME="Greenbone Security Feed"
+ fi
+
+ if [ -z "$FEED_VENDOR" ] ; then
+ FEED_VENDOR="Greenbone Networks GmbH"
+ fi
+
+ if [ -z "$FEED_HOME" ] ; then
+ FEED_HOME="http://www.greenbone.net/solutions/gbn_feed.html"
+ fi
}
sync_nvts(){
log_write "Synchronizing NVTs from the Greenbone Security Feed into $NVT_DIR..."
- VERSIONFILE="$NVT_DIR/plugin_feed_info.inc"
- if [ -r $VERSIONFILE ] ; then
- FEEDVERSION=`grep PLUGIN_SET $VERSIONFILE | sed -e 's/[^0-9]//g'`
- FEEDNAME=`grep PLUGIN_FEED $VERSIONFILE | awk -F\" '{print $(NF-1)}'`
+ if [ $FEED_PRESENT -eq 1 ] ; then
FEEDCOUNT=`grep -E "nasl$|inc$" $NVT_DIR/md5sums | wc -l`
- log_write "Current status: Using $FEEDNAME at version $FEEDVERSION ($FEEDCOUNT NVTs)"
+ log_write "Current status: Using $FEED_NAME at version $FEED_VERSION ($FEEDCOUNT NVTs)"
else
log_write "Current status: No feed installed."
fi
@@ -170,9 +192,9 @@
fi
if [ "$gsmproxy" = "proxy_feed" ] || [ -z $gsmproxy ]
then
- rsync -e "ssh -p 24 -i $sysconfdir/openvas/gsf-access-key" -ltrP $RSYNC_VERBOSE --protocol=29 $RSYNC_DELETE $feeduser $NVT_DIR
+ rsync -e "ssh -o \"BatchMode=yes\" -p $PORT -i $sysconfdir/openvas/gsf-access-key" -ltrP $RSYNC_VERBOSE --protocol=29 $RSYNC_DELETE $feeduser $NVT_DIR
else
- rsync -e "ssh -o \"ProxyCommand corkscrew $gsmproxy %h %p\" -p 24 -i $sysconfdir/openvas/gsf-access-key" -ltrP $RSYNC_VERBOSE --protocol=29 $RSYNC_DELETE $feeduser $NVT_DIR
+ rsync -e "ssh -o \"BatchMode=yes\" -o \"ProxyCommand corkscrew $gsmproxy %h %p\" -p $PORT -i $sysconfdir/openvas/gsf-access-key" -ltrP $RSYNC_VERBOSE --protocol=29 $RSYNC_DELETE $feeduser $NVT_DIR
fi
if [ $? -ne 0 ] ; then
stderr_write "== greenbone-nvt-sync $VERSION ================================================"
@@ -189,7 +211,7 @@
fi
eval "cd \"$NVT_DIR\" ; md5sum -c --status \"$NVT_DIR/md5sums\""
if [ $? -ne 0 ] ; then
- if [ -n $retried ]
+ if [ -n "$retried" ]
then
stderr_write "== greenbone-nvt-sync $VERSION ================================================"
stderr_write "The feed integrity check failed two times in a row. This may indicate a serious"
@@ -217,11 +239,10 @@
fi
done
log_write "Synchronization with the Greenbone Security Feed successful."
- if [ -r $VERSIONFILE ] ; then
- FEEDVERSION=`grep PLUGIN_SET $VERSIONFILE | sed -e 's/[^0-9]//g'`
- FEEDNAME=`grep PLUGIN_FEED $VERSIONFILE | awk -F\" '{print $(NF-1)}'`
+ init_sync
+ if [ $FEED_PRESENT -eq 1 ] ; then
FEEDCOUNT=`grep -E "nasl$|inc$" $NVT_DIR/md5sums | wc -l`
- log_write "Current status: Using $FEEDNAME at version $FEEDVERSION ($FEEDCOUNT NVTs)"
+ log_write "Current status: Using $FEED_NAME at version $FEED_VERSION ($FEEDCOUNT NVTs)"
else
log_write "Current status: No feed installed."
fi
@@ -240,7 +261,7 @@
}
update_openvasmd (){
- if [ -n $NOINIT ] ; then
+ if [ -n "$NOINIT" ] ; then
return
fi
log_write "Updating OpenVAS Manager"
@@ -307,8 +328,11 @@
do_describe ()
{
+ if [ -z $NVT_DIR ] ; then
+ init_sync
+ fi
echo "This script synchronizes an NVT collection with the '$FEED_NAME'."
- echo "The '$FEED_NAME' is provided by '$FEED_PROVIDER'."
+ echo "The '$FEED_NAME' is provided by '$FEED_VENDOR'."
echo "Online information about this feed: '$FEED_HOME'."
}
@@ -316,12 +340,10 @@
if [ -z $NVT_DIR ] ; then
init_sync
fi
- VERSIONFILE="$NVT_DIR/plugin_feed_info.inc"
- if [ -r $VERSIONFILE ] ; then
- FEEDVERSION=`grep PLUGIN_SET $VERSIONFILE | sed -e 's/[^0-9]//g'`
- echo $FEEDVERSION
+ if [ $FEED_PRESENT -eq 1 ] ; then
+ echo $FEED_VERSION
else
- stderr_write "The file containing the feed version ($VERSIONFILE) could not be found."
+ stderr_write "The file containing the feed version could not be found."
exit 1
fi
}
@@ -343,6 +365,7 @@
exit 0
;;
--identify)
+ init_sync
echo "NVTSYNC|$SCRIPT_NAME|$VERSION|$FEED_NAME|$RESTRICTED|NVTSYNC"
exit 0
;;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvas-scanner-3.2.2/tools/openvas-nvt-sync.in new/openvas-scanner-3.2.3/tools/openvas-nvt-sync.in
--- old/openvas-scanner-3.2.2/tools/openvas-nvt-sync.in 2011-02-21 10:40:34.000000000 +0100
+++ new/openvas-scanner-3.2.3/tools/openvas-nvt-sync.in 2011-04-11 09:29:40.000000000 +0200
@@ -12,7 +12,7 @@
# Vlatko Kosturjak
# Michael Wiegand
#
-# Script is complete rewrite of original sync script by
+# Script is complete rewrite of original sync script by
# Lukas Grunwald
# Jan-Oliver Wagner
#
@@ -32,66 +32,89 @@
# if you need to debug script
# set -x
-# these locations should be correct if standard ./configure had
-# been applied.
-
# configure NVT_DIR where we will sync NVTs
if [ -z "$NVT_DIR" ]; then
- NVT_DIR="@OPENVAS_NVT_DIR@"
+ OPENVASSD=`which openvassd`
+ if [ -z "$OPENVASSD" ] ; then
+ echo "[e] Error: openvassd is not in the path, could not determine NVT directory."
+ exit 1
+ else
+ NVT_DIR=`openvassd -s | awk -F" = " '/^plugins_folder/ { print $2 }'`
+ fi
+fi
+
+# Script and feed information which will be made available to user through
+# command line options and automated tools.
+SCRIPT_NAME="openvas-nvt-sync"
+VERSION=@OPENVASSD_VERSION@
+RESTRICTED=0
+
+INFOFILE="$NVT_DIR/plugin_feed_info.inc"
+if [ -r $INFOFILE ] ; then
+ FEED_VERSION=`grep PLUGIN_SET $INFOFILE | sed -e 's/[^0-9]//g'`
+ FEED_NAME=`grep PLUGIN_FEED $INFOFILE | sed 's/PLUGIN_FEED\s*\=\s*\"\([^"]\+\)\";/\1/'`
+ FEED_VENDOR=`grep FEED_VENDOR $INFOFILE | sed 's/FEED_VENDOR\s*\=\s*\"\([^"]\+\)\";/\1/'`
+ FEED_HOME=`grep FEED_HOME $INFOFILE | sed 's/FEED_HOME\s*\=\s*\"\([^"]\+\)\";/\1/'`
+ FEED_PRESENT=1
+else
+ FEED_PRESENT=0
+fi
+
+if [ -z "$FEED_NAME" ] ; then
+ FEED_NAME="OpenVAS NVT Feed"
+fi
+
+if [ -z "$FEED_VENDOR" ] ; then
+ FEED_VENDOR="The OpenVAS Project"
+fi
+
+if [ -z "$FEED_HOME" ] ; then
+ FEED_HOME="http://www.openvas.org/openvas-nvt-feed.html"
fi
# The URL of the plugin feed
if [ -z "$OV_RSYNC_FEED" ]; then
- OV_RSYNC_FEED=rsync://rsync.openvas.org:/nvt-feed
- # An alternative syntax which might work if the above doesn't:
- # OV_RSYNC_FEED=rsync@rsync.openvas.org::nvt-feed
+ OV_RSYNC_FEED=rsync://feed.openvas.org:/nvt-feed
+ # An alternative syntax which might work if the above doesn't:
+ # OV_RSYNC_FEED=rsync@feed.openvas.org::nvt-feed
fi
if [ -z "$OV_HTTP_FEED" ]; then
- OV_HTTP_FEED=http://www.openvas.org/openvas-nvt-feed-current.tar.bz2
+ OV_HTTP_FEED=http://www.openvas.org/openvas-nvt-feed-current.tar.bz2
fi
if [ -z "$TMPDIR" ]; then
- SYNC_TMP_DIR=/tmp
-# If we have mktemp, create a temporary dir (safer)
- if [ -n "`which mktemp`" ]; then
- SYNC_TMP_DIR=`mktemp -d openvas-nvt-sync.XXXXXXXXXX -t` || { echo "ERROR: Cannot create temporary directory for file download" >&2; exit 1 ; }
- trap "rm -rf $SYNC_TMP_DIR" EXIT SIGHUP SIGINT SIGTRAP SIGTERM
- fi
+ SYNC_TMP_DIR=/tmp
+ # If we have mktemp, create a temporary dir (safer)
+ if [ -n "`which mktemp`" ]; then
+ SYNC_TMP_DIR=`mktemp -d openvas-nvt-sync.XXXXXXXXXX -t` || { echo "ERROR: Cannot create temporary directory for file download" >&2; exit 1 ; }
+ trap "rm -rf $SYNC_TMP_DIR" EXIT HUP INT TRAP TERM
+ fi
else
- SYNC_TMP_DIR="$TMPDIR"
+ SYNC_TMP_DIR="$TMPDIR"
fi
-# Script and feed information which will be made available to user through
-# command line options and automated tools.
-SCRIPT_NAME="openvas-nvt-sync"
-VERSION=@OPENVASSD_VERSION@
-FEED_NAME="OpenVAS NVT Feed"
-FEED_PROVIDER="The OpenVAS Project"
-FEED_HOME="http://www.openvas.org/openvas-nvt-feed.html"
-RESTRICTED=0
-
do_help () {
- echo "$0: Sync NVTs using different protocols"
- echo " --rsync sync with rsync (default)"
- echo " --wget sync with wget"
- echo " --curl sync with curl"
- echo " --check just checksum check"
- echo "OpenVAS administrator functions:"
- echo " --selftest perform self-test"
- echo " --identify display information"
- echo " --version display version"
- echo " --describe display current feed info"
- echo " --nvt-dir <dir> directory of the NVT collection"
- echo ""
- echo "Environment variables:"
- echo "NVT_DIR where to extract plugins (absolute path)"
- echo "OV_RSYNC_FEED URL of rsync feed"
- echo "OV_HTTP_FEED URL of http feed"
- echo "TMPDIR temporary directory used to download the files"
- echo "Note that you can use standard ones as well (e.g. http_proxy) for wget/curl"
- echo ""
- exit 0
+ echo "$0: Sync NVTs using different protocols"
+ echo " --rsync sync with rsync (default)"
+ echo " --wget sync with wget"
+ echo " --curl sync with curl"
+ echo " --check just checksum check"
+ echo "OpenVAS administrator functions:"
+ echo " --selftest perform self-test"
+ echo " --identify display information"
+ echo " --version display version"
+ echo " --describe display current feed info"
+ echo " --nvt-dir <dir> directory of the NVT collection"
+ echo ""
+ echo "Environment variables:"
+ echo "NVT_DIR where to extract plugins (absolute path)"
+ echo "OV_RSYNC_FEED URL of rsync feed"
+ echo "OV_HTTP_FEED URL of http feed"
+ echo "TMPDIR temporary directory used to download the files"
+ echo "Note that you can use standard ones as well (e.g. http_proxy) for wget/curl"
+ echo ""
+ exit 0
}
CMD_RSYNC=`which rsync`
@@ -101,141 +124,143 @@
TMP_NVT="$SYNC_TMP_DIR/openvas-feed-`date +%F`-$$.tar.bz2"
chk_system_tools () {
- echo "[i] Searching for required system tools (look for warnings)..."
+ echo "[i] Searching for required system tools (look for warnings)..."
- if [ -z "$CMD_MD5SUM" ]; then
- SELFTEST_FAIL=1
- echo "[w] Warning: MD5SUM not found";
- fi
+ if [ -z "$CMD_MD5SUM" ]; then
+ SELFTEST_FAIL=1
+ echo "[w] Warning: MD5SUM not found";
+ fi
- if [ -z "$CMD_RSYNC" ]; then
- echo "[w] Warning: RSYNC not found";
- fi
+ if [ -z "$CMD_RSYNC" ]; then
+ echo "[w] Warning: RSYNC not found";
+ fi
- if [ -z "$CMD_WGET" ]; then
- echo "[w] Warning: wget not found";
- fi
+ if [ -z "$CMD_WGET" ]; then
+ echo "[w] Warning: wget not found";
+ fi
- if [ -z "$CMD_CURL" ]; then
- echo "[w] Warning: curl not found";
- fi
+ if [ -z "$CMD_CURL" ]; then
+ echo "[w] Warning: curl not found";
+ fi
- if [ -z "$CMD_RSYNC" -a -z "$CMD_WGET" -a -z "$CMD_CURL" ]; then
- SELFTEST_FAIL=1
- fi
+ if [ -z "$CMD_RSYNC" -a -z "$CMD_WGET" -a -z "$CMD_CURL" ]; then
+ SELFTEST_FAIL=1
+ fi
- echo "[i] If you did not get any warnings, that means you have all tools required"
+ echo "[i] If you did not get any warnings, that means you have all tools required"
- echo "[i] Note that it is recommended to have md5sum and one of the following: rsync, wget or curl."
+ echo "[i] Note that it is recommended to have md5sum and one of the following: rsync, wget or curl."
}
do_rsync () {
- if [ -z "$CMD_RSYNC" ]; then
- echo "[w] rsync not found!"
- else
- echo "[i] Using rsync: $CMD_RSYNC"
- echo "[i] Configured NVT rsync feed: $OV_RSYNC_FEED"
- mkdir -p "$NVT_DIR"
- eval "$CMD_RSYNC -ltvrP \"$OV_RSYNC_FEED\" \"$NVT_DIR\""
- if [ $? -ne 0 ] ; then
- echo "Error: rsync failed. Your NVT collection might be broken now."
- exit 1
- fi
- fi
+ if [ -z "$CMD_RSYNC" ]; then
+ echo "[w] rsync not found!"
+ else
+ echo "[i] Using rsync: $CMD_RSYNC"
+ echo "[i] Configured NVT rsync feed: $OV_RSYNC_FEED"
+ mkdir -p "$NVT_DIR"
+ eval "$CMD_RSYNC -ltvrP \"$OV_RSYNC_FEED\" \"$NVT_DIR\""
+ if [ $? -ne 0 ] ; then
+ echo "Error: rsync failed. Your NVT collection might be broken now."
+ exit 1
+ fi
+ fi
}
do_wget () {
- if [ -z "$CMD_WGET" ]; then
- echo "[w] GNU wget not found!"
- else
- echo "[i] Using GNU wget: $CMD_WGET"
- echo "[i] Configured NVT http feed: $OV_HTTP_FEED"
- echo "[i] Downloading to: $TMP_NVT"
- mkdir -p "$NVT_DIR" \
- && wget "$OV_HTTP_FEED" -O $TMP_NVT \
- && cd "$NVT_DIR" \
- && tar xvjf $TMP_NVT \
- && rm -f $TMP_NVT \
- && echo "[i] Download complete"
- fi
+ if [ -z "$CMD_WGET" ]; then
+ echo "[w] GNU wget not found!"
+ else
+ echo "[i] Using GNU wget: $CMD_WGET"
+ echo "[i] Configured NVT http feed: $OV_HTTP_FEED"
+ echo "[i] Downloading to: $TMP_NVT"
+ mkdir -p "$NVT_DIR" \
+ && wget "$OV_HTTP_FEED" -O $TMP_NVT \
+ && cd "$NVT_DIR" \
+ && tar xvjf $TMP_NVT \
+ && rm -f $TMP_NVT \
+ && echo "[i] Download complete"
+ fi
}
do_curl () {
- if [ -z "$CMD_CURL" ]; then
- echo "[w] curl not found!"
- else
- echo "[i] Using curl: $CMD_CURL"
- echo "[i] Configured NVT http feed: $OV_HTTP_FEED"
- echo "[i] Downloading to: $TMP_NVT"
- mkdir -p "$NVT_DIR" \
- && curl "$OV_HTTP_FEED" -o $TMP_NVT \
- && cd "$NVT_DIR" \
- && tar xvjf $TMP_NVT \
- && rm -f $TMP_NVT \
- && echo "[i] Download complete"
- fi
+ if [ -z "$CMD_CURL" ]; then
+ echo "[w] curl not found!"
+ else
+ echo "[i] Using curl: $CMD_CURL"
+ echo "[i] Configured NVT http feed: $OV_HTTP_FEED"
+ echo "[i] Downloading to: $TMP_NVT"
+ mkdir -p "$NVT_DIR" \
+ && curl "$OV_HTTP_FEED" -o $TMP_NVT \
+ && cd "$NVT_DIR" \
+ && tar xvjf $TMP_NVT \
+ && rm -f $TMP_NVT \
+ && echo "[i] Download complete"
+ fi
}
do_check_md5 () {
- if [ -z "CMD_MD5SUM" ]; then
- echo "[w] md5sum utility not found, cannot check NVT checksums! You've been warned!"
- else
- echo -n "[i] Checking dir: "
- eval "cd \"$NVT_DIR\""
- if [ $? -ne 0 ] ; then
- echo "not ok"
- echo "Check your NVT dir for existence and permissions!"
- exit 1
- else
- echo "ok"
- fi
- echo -n "[i] Checking MD5 checksum: "
- eval "cd \"$NVT_DIR\" ; $CMD_MD5SUM -c --status \"$NVT_DIR/md5sums\""
- if [ $? -ne 0 ] ; then
- echo "not ok"
- echo "Error: md5sums not correct. Your NVT collection might be broken now."
- echo "Please try this for details: cd \"$NVT_DIR\" ; $CMD_MD5SUM -c \"$NVT_DIR/md5sums\" | less"
- exit 1
- fi
- echo "ok"
- fi
+ if [ -z "CMD_MD5SUM" ]; then
+ echo "[w] md5sum utility not found, cannot check NVT checksums! You've been warned!"
+ else
+ echo -n "[i] Checking dir: "
+ eval "cd \"$NVT_DIR\""
+ if [ $? -ne 0 ] ; then
+ echo "not ok"
+ echo "Check your NVT dir for existence and permissions!"
+ exit 1
+ else
+ echo "ok"
+ fi
+ echo -n "[i] Checking MD5 checksum: "
+ eval "cd \"$NVT_DIR\" ; $CMD_MD5SUM -c --status \"$NVT_DIR/md5sums\""
+ if [ $? -ne 0 ] ; then
+ echo "not ok"
+ echo "Error: md5sums not correct. Your NVT collection might be broken now."
+ echo "Please try this for details: cd \"$NVT_DIR\" ; $CMD_MD5SUM -c \"$NVT_DIR/md5sums\" | less"
+ exit 1
+ fi
+ echo "ok"
+ fi
}
do_self_test () {
- chk_system_tools
+ chk_system_tools
}
do_describe () {
echo "This script synchronizes an NVT collection with the '$FEED_NAME'."
- echo "The '$FEED_NAME' is provided by '$FEED_PROVIDER'."
+ echo "The '$FEED_NAME' is provided by '$FEED_VENDOR'."
echo "Online information about this feed: '$FEED_HOME'."
}
do_feedversion () {
- VERSIONFILE="$NVT_DIR/plugin_feed_info.inc"
- if [ -r $VERSIONFILE ] ; then
- FEEDVERSION=`grep PLUGIN_SET $VERSIONFILE | sed -e 's/[^0-9]//g'`
- echo $FEEDVERSION
+ if [ $FEED_PRESENT -eq 1 ] ; then
+ echo $FEED_VERSION
fi
}
show_intro () {
echo "[i] This script synchronizes an NVT collection with the '$FEED_NAME'."
- echo "[i] The '$FEED_NAME' is provided by '$FEED_PROVIDER'."
+ echo "[i] The '$FEED_NAME' is provided by '$FEED_VENDOR'."
echo "[i] Online information about this feed: '$FEED_HOME'."
echo "[i] NVT dir: $NVT_DIR"
}
do_sync () {
- if [ -z "$CMD_RSYNC" ]; then
- echo "[w] rsync not found!"
- if [ -z "$CMD_WGET"]; then
+ if [ -z "$CMD_RSYNC" ] || [ $FEED_PRESENT -eq 0 ] ; then
+ if [ $FEED_PRESENT -eq 0 ] ; then
+ echo "[i] rsync not is recommended for the initial sync. Falling back on http."
+ else
+ echo "[w] rsync not found!"
+ fi
+ if [ -z "$CMD_WGET" ]; then
echo "[w] GNU wget not found!"
- if [ -z "$CMD_CURL"]; then
+ if [ -z "$CMD_CURL" ]; then
echo "[w] curl not found!"
- echo -n "[e] no utility available in PATH environment variable to download plugins"
+ echo -n "[e] no utility available in PATH environment variable to download plugins"
exit 1
else
echo "[i] Will use curl"
@@ -252,59 +277,59 @@
}
if [ -n "$1" ]; then
- while test $# -gt 0; do
- case "$1" in
- --help)
- do_help
- exit 0
- ;;
- --rsync)
- do_rsync
- do_check_md5
- exit 0
- ;;
- --wget)
- do_wget
- do_check_md5
- exit 0
- ;;
- --curl)
- do_curl
- do_check_md5
- exit 0
- ;;
- --check)
- do_check_md5
- exit 0
- ;;
- --version)
- echo $VERSION
- exit 0
- ;;
- --identify)
- echo "NVTSYNC|$SCRIPT_NAME|$VERSION|$FEED_NAME|$RESTRICTED|NVTSYNC"
- exit 0
- ;;
- --selftest)
- SELFTEST_FAIL=0
- do_self_test
- exit $SELFTEST_FAIL
- ;;
- --describe)
- do_describe
- exit 0
- ;;
- --feedversion)
- do_feedversion
- exit 0
- ;;
- --nvt-dir)
- NVT_DIR="$2"
- shift
- ;;
- esac
- shift
- done
+ while test $# -gt 0; do
+ case "$1" in
+ --help)
+ do_help
+ exit 0
+ ;;
+ --rsync)
+ do_rsync
+ do_check_md5
+ exit 0
+ ;;
+ --wget)
+ do_wget
+ do_check_md5
+ exit 0
+ ;;
+ --curl)
+ do_curl
+ do_check_md5
+ exit 0
+ ;;
+ --check)
+ do_check_md5
+ exit 0
+ ;;
+ --version)
+ echo $VERSION
+ exit 0
+ ;;
+ --identify)
+ echo "NVTSYNC|$SCRIPT_NAME|$VERSION|$FEED_NAME|$RESTRICTED|NVTSYNC"
+ exit 0
+ ;;
+ --selftest)
+ SELFTEST_FAIL=0
+ do_self_test
+ exit $SELFTEST_FAIL
+ ;;
+ --describe)
+ do_describe
+ exit 0
+ ;;
+ --feedversion)
+ do_feedversion
+ exit 0
+ ;;
+ --nvt-dir)
+ NVT_DIR="$2"
+ shift
+ ;;
+ esac
+ shift
+ done
fi
show_intro
++++++ openvas-scanner.dsc ++++++
--- /var/tmp/diff_new_pack.l38kE7/_old 2011-05-02 09:19:22.000000000 +0200
+++ /var/tmp/diff_new_pack.l38kE7/_new 2011-05-02 09:19:22.000000000 +0200
@@ -2,13 +2,13 @@
Source: openvas-scanner
Binary: openvas-scanner
Architecture: any
-Version: 3.2.2-1
+Version: 3.2.3-1
Maintainer: Stephan Kleine
Homepage: http://www.openvas.org/
Standards-Version: 3.8.0
Build-Depends: debhelper (>= 6), devscripts, dpatch, cmake, hardening-wrapper, libopenvas4-dev, libwrap0-dev, pkg-config, po-debconf
Files:
- 776ce4e1000137c9aec7863372c8c876 373800 openvas-scanner-3.2.2.orig.tar.gz
- 131e6720b0526ade9405eade0d9150ac 56625 openvas-scanner-3.2.2.diff.gz
+ 776ce4e1000137c9aec7863372c8c876 373800 openvas-scanner-3.2.3.orig.tar.gz
+ 131e6720b0526ade9405eade0d9150ac 56625 openvas-scanner-3.2.3.diff.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org