This also includes changes offered in pr pkg/18734 and pr pkg/20796
submitted by Adrian Portelli. Thanks & Sorry that it took that long to
pick them up.
2.0.6 :
. changes by Renaud Deraison (deraison@cvs.nessus.org)
- Support for the keyword 'default' as a port range in nmap_wrapper.nes
- Fixed a zombie issue in nmap_wrapper.nes
- Fixed various issues which could allow a NASL script to crash the
NASL interpretor
- Improved the process management in find_services.nes
2.0.5 :
. changes by Renaud Deraison (deraison@cvs.nessus.org)
- Fixed a rare race condition which may make the scan hang
- Fixed SMB related issues
- Entering "default" as the port range will make nessusd scan the ports
listed in the Nessus services file.
- Even more sigs in find_services.nes
. changes by Julien Bordet (zejames@greyhats.org)
- Added over 3,000 signatures to smtpscan.nasl (thanks to the data
provided by the Nessus team)
2.0.4 :
. changes by Renaud Deraison (deraison@cvs.nessus.org)
- fixed the SIGCHLD handler which would not work properly and leave zombies
on the system
- fixed a race condition when testing a great number of hosts which would
cause a testing process to slow down a whole audit or even hang it
totally
- When a great number of host names is passed to nessusd as a target, they
are resolved by chunks of 64 instead of trying to resolve everything then
starting the test
- RedHat 9 support (in spite of their attempt to make their distro incompatible
with everyone else)
. changes by Gabriel L. Somlo <somlo@acns.colostate.edu>
- The nessus can save the reports to stdout and read them from stdin
2.0.3 :
- fixed a compilation error which would prevent find_services from working
properly
2.0.2 :
. changes by Michel Arboi (arboi@alussinan.org)
- NASL port of smtpscan (original Perl program by Julien Bordet)
- Nasty bug made loop stop prematurely on rare cases
. changes by Renaud Deraison (deraison@cvs.nessus.org)
- Re-wrote webmirror.nasl from scratch. The new version has a real parser
built-in and is much faster
- Added checks for older Microsoft Advisories
- SMB plugins now use NTMLv1 authentication, ie: they don't send passwords
in clear text over the network any more
- Added new crypto functions, taken from samba, in libnasl/
- Repaired detached scans
- Fixed IP ranges notation (10.1.1-9.1-254 did not work any more)
- Minor bug fixes and enhancements : #234, #233, #230, #229, #228, #225, #222,
#220, #218, #217, #216, #215, #213, #212, #211, #207, #206, #205
- nessus-update-plugins properly calls chown under FreeBSD, no matter how
many plugins there are
- find_services.nes recognizes even more protocols
. changes by Xueyong Zhi <zhi@mail.eecis.udel.edu>
- Added NTLMv2 authentication
. changes by Frank Migge (frank.migge@oracle.com)
- nessus-mkcert-client creates the auth/rules file properly
2.0.1 :
. changes by Renaud Deraison (deraison@cvs.nessus.org)
- Minor bugfixes (bugs #180, #183, #185, #188, #189, #195, #197, #202, #203, #204)
- Fixed the "pink" graphical report issue
- Added http keep-alive support in the CGI related plugins
- Fixed a bug in the function get_kb_list() which would not always work
properly
- Fixed an issue where in some situations, some HTTP services would not
be tested for flaws if they have not been port-scanned first
- Added new signatures in find_services.nes
. changes by Stephen Friedl (steve@unixwiz.net)
- Fixed bugs and warnings in nessus-libraries
2.0.0 :
. changes by Michel Arboi (arboi@alussinan.org)
- NASL2 : Implement >!< "strings don't match" operator
- NASL2 : fixed a vicious case of freed memory copy.
. changes by Renaud Deraison (deraison@cvs.nessus.org)
- Fixed a small bug in the plugin scheduler
- Ported to IRIX
- Several small bugfixes
. changes by Xueyong Zhi <zhi@mail.eecis.udel.edu>
- Added nmap_osfingerprint
1.3.4 :
. changes by Renaud Deraison (deraison@cvs.nessus.org)
- Re-written the process manager for the hosts
- Lots of bugfixes in the plugins text store manager
- New port scanner "synscan" which uses the RTT of the packets to do
its job.
- Fixed several small issues in nasl and nessusd (bug fixes, code cleanup)
- Added cryptographic hashing functions in NASL
- Added the function get_kb_list() which returns the content of a KB
without forking the plugin
- Updated the manpages of nessusd and nasl
. changes by Michel Arboi (arboi@alussinan.org)
- Fixed scanner_get_port() when running in standalone mode
- Fixed possible uninitiliazed memory issues in libnasl
- Started to write the NASL2 reference guide (to be found in libnasl/doc/)
1.3.3 :
. changes by Michel Arboi (arboi@alussinan.org)
- Implement bit xor, logical & aithmetic right shift, power
- Fix operator precedence
- Added new NASL functions
. changes by Renaud Deraison (deraison@cvs.nessus.org)
- The plugin texts are not loaded in memory any more, thus reducing
the consumption of the nessus daemon of two megs. This also speeds up
the loading of nessusd.
- Fixed a bug in the plugins scheduler (if optimizations were enabled,
the scan would sometime hang)
- Added a new NASL function (int())
- Fixed strings substraction to handle null values properly
- find_services.nes runs in parallel mode, for improved speed
- new plugin (synscan) which should perform well against firewalled
hosts (computes the RTT before the scan)
1.3.2 :
. changes by Renaud Deraison (deraison@cvs.nessus.org)
- Added fixes so that nessus-core/nessusd/pluginscheduler.c compiles with
the latest version of GCC
- Fixed a bug in nessus-libraries/libnessus/bpf_share.c : a timer would not
be reset, causing plugins which call bpf_next() to sometimes crash
- Set the timer of bpf_share.c to a much lower value, thus making it work
much better
- Improved tcp_ping()
- Fixed two bugs in the plugins scheduler :
- If the option "enable dependencies at runtime" is set,
it would enable ALL the plugins which are depended on, instead
of only those we use ;
- In some cases, it may terminate too early, thus preventing a scan
from being complete
- DESTDIR support
1.3.1 :
. changes by Renaud Deraison (deraison@cvs.nessus.org)
- Rewrote the plugins scheduler (which determines the order in which
the plugins are to be launched). The new one is much more efficient
but as a result, it is not possible to accurately determine the
order in which the plugins will be ran, so the 'plugin name' in
the client is now totally bogus
- Fixed various issues with NASL scripts so that they work better
with NASL2
- Fixed bugs relative to the creation of icmp and udp packets in nasl
- Fixed some fatal bugs in the bpf sharer
- NASL scripts do not read /dev/urandom any more, and use time() as a
random seed instead. As a result, the loading and execution of nasl
scripts if faster on systems where /dev/urandom can be blocking
- Fixed the tcp NIDS evasion techniques on BSD systems
- Full support for Bugtraq IDs
- The HTML reports add links for URLs, and show the ID number of
the plugin that issues the report.
- Speed up the calls to arg_get_value() by using a hash of the name
being searched for.
- Changed the licence of NASL2 to the GPLv2 (with the consent of Michel Arboi)
. changes by Michel Arboi (arboi@alussinan.org)
- Better handling of the arrays in NASL2
. changes by Erik Anderson (eanders@carmichaelsecurity.com)
- CVE and bugtraq cross references
. changes by Jay (jay@kinetic.org)
- Fixed multiple typos in the plugins
. changes by Javier Fernandez-Sanguino (jfernandez@germinus.com)
- Nessus now ships Hydra 2.2
- Fixed various compilation scritps (see bug#63)
1.3.0 :
. changes by Michel Arboi (arboi@alussinan.org)
- Use our own nessus-services file (re-generated at first start to include
/etc/services and nmap-services)
- Added new families of plugins (ACT_KILL_HOST and ACT_END)
- Rewrote libnasl
. changes by Renaud Deraison (deraison@cvs.nessus.org)
- The 'cancel' button of several file selection dialogs is now working
- Optimized several plugins :
- Web-related checks now use http_recv() instead of recv()
- open_priv_sock_tcp() has a lower timeout
- RPC related checks now use get_rpc_port(), a function equivalent
to libc's getrpcport() but with a much smaller timeout
- Decreased the default value of checks_read_timeout from 15 to 5
- Fixed a bug in the plugin selection GUI which would not refresh
the list of plugins of a given family properly (bug#3)
- Fixed memory leaks in NASL
- Fixed a bug in nessusd which would make it leak memory when receiving a SIGHUP
(bug#10)
- Fixed a compatibility problem with Nmap 3.10ALPHA (bug#11)
- Nessus now accepts nmap's U: and T: notation for the port range (bug#5)
- Helped Michel Arboi to give the last touches to the new libnasl
. changes by Erik Anderson (eanders@pobox.com)
- Added CVE and BID links, added urls and removed dead links from the plugins
. changes by Michel Scheidell (scheidell@secnap.net)
- Improved several SMB-related checks
. changes by Rodolfo Baader (rbaader@activesec.biz)
- Quotes and apostrophes are properly escaped in the XML output report
* dlfcn.c, spec_notes.txt, dladdr.3, Makefile.in, dlopen.3.in:
reformat ascii diagram, cleanup, avoid a deadlock if _init or _fini
routines attempt to call dl* functions, just exits the app right
now. Update the manpages. Finally made the decision to keep dlfunc
out until I see a port which needs it, or it becomes part of the
spec. Removed RTLD_SELF for similar reasons.
* dlfcn.c, spec_notes.txt: small changes to dlfcn.c, added some
notes about spec compliance.
* dlfcn.c, dlfcn.h: Readded dlfunc, implemented RTLD_NEXT, RTLD_SELF
and RTLD_DEFAULT for dlsym. Compiles against the freebsd 5.0 header,
but I can't grab that because it would break binary compat, reran
indent to fix problems with my use of a multitude of editors (if
only they would stop crashing).
* Makefile.in,configure.in,README,dlfcn.c,dlfnc.h,dlfcn_simple.c,dlopen.3.in:
dlopen.3 should is generated by the makefile, not configure,
dlfcn_simple.c some rewrite of the error code, preparation for
release, remove the dlfunc I added on the 20th, I need to convince
myself that it is worthwhile.
* dlfcn.c, dlfcn.h: dynamically allocate space for all needed paths,
add dlfunc, use the restric keyword for gcc >3, fix dladdr for
MH_SPLIT_SEGS, use our own NSAddImage for the search linked libs
case, as NSAddImage is stupid, and does not search DYLD_LIBRARY_PATH
or match install_names. Use NSUNLINKMODULE_OPTION_RESET_LAZY_REFERENCES
for ppc in dlclose, and NSUNLINKMODULE_OPTION_KEEP_MEMORY_MAPPED
if the object has any __mod_term_func's to avoid the bus error in
atexit(3) with c++ static destructors.
* dlfcn.c: reset the error string when an exported function is
called. Do not write off the end of the search_paths array, increase
MAX_SEARCH_PATHS to 128. This needs to be looked at again, the
search paths array should be allocated dynamically so all the paths
can be included.
* dlfcn.c: Patch from Ben Hines for better error reporting in
dlclose a non bundle.
* dlfcn.c: Checking some code that has been sitting here for months.
thread safe, removed crap code for c++ static initializer calling.
Need to add something back later.
* dlfcn_simple.c: Cleanup.
* dlfcn.c: Quick hack to get sound working in artsd.
Major bug fixes:
If only one window was open, the buddy for that window signed off,
the window was marked keep-after-signoff, and was cleaned up after
$autoclose minutes, the event handler would enter an infinite loop or
possibly cause untrackable stack corruption. Fixed.
Major feature additions:
[TOC] Default server is now toc.n.ml.org. Once AOL has fixed its
servers and/or its DNS, this host will be CNAMEd back to toc.oscar.aol.com.
argument of "--encoding", to help it to look for wide strings; plus
a few other obscure additions. Most importantly, "gas" now generates
correct code when used with gcc-3.x at high optimization levels.
(See gcc bugzilla: optimization/10877.)
Add mozilla and pango to the list of packages for which
-frename-registers triggers bug in the binutils shipped with 1.6.x
(Thanks to Frederick Bruckman for identifying the issue)
Add mozilla and pango to the list of packages for which
-frename-registers triggers bug in the binutils shipped with 1.6.x
(Thanks to Frederick Bruckman for identifying the issue)
Minor update to MIME type checking rules, to allow more legal MIME
types.
Made the multipart detection code less aggressive, in small text
messages it would mistake common ascii-graphic signatures for message
boundaries and mess up the parsing quite badly.
Made the filename checker check ALL possible file names against
each rule, instead of just checking the "default" one. If
feat_mime_files is set, then the default file-name for that mime
type will be checked as well. This is a major improvement to
security, but requires that filename rules are ordered so that
that all DROP/DEFANG/MANGLE rules precede any ACCEPT rules.
Made the sanitizer read /etc/mime.types (if it exists) to generate a
more complete list of default filenames for unnamed parts.
Treat AMD Duron as Athlon
Replace PKG_EXCLUDE_O3 with PKG_EXCLUDE_RENAME_REGISTERS as its
specifically the -frename-registers that causes problems. Set for ORBit
gnuserv allows you to attach to an already running Emacs. This allows
external programs to make use of Emacs' editing capabilities. It is
like GNU Emacs' emacsserver/server.el, but has many more features.
This is the gnuserv part of XEmacs split out for use in GNU Emacs. If
you use XEmacs you do not need this package.
learning a message without Message-Id as ham (see bugzilla #2030)
- depend on p5-IO-Socket-SSL>=0.92 because of bugs in earlier versions
- bump revision
