summaryrefslogtreecommitdiff
path: root/security/libnasl
diff options
context:
space:
mode:
authorfrueauf <frueauf@pkgsrc.org>2002-05-10 13:18:44 +0000
committerfrueauf <frueauf@pkgsrc.org>2002-05-10 13:18:44 +0000
commit397d7ff205922a963633cc276e01ffe57de9db5b (patch)
treed77dcad8dbad19fb70a26e83cad2c791792802fb /security/libnasl
parent9b8b61fe505eaec505f14b45bebb491914380973 (diff)
downloadpkgsrc-397d7ff205922a963633cc276e01ffe57de9db5b.tar.gz
Update libnasl, nessus{-core,-libraries,-plugins} to 1.2.0.
1.1.15/1.2.0 : . changes by Nicolas Dubee (ndubee@secway.com) : - Better support for AF_UNIX sockets . changes by Brian (bmc@snort.org) : - CVE references - several bugfixes in the plugins . changes by Peter Gründl (pgrundl@kpmg.dk) and Carsten Joergensen (carstenjoergensen@kpmg.dk) : - Extensive review of the plugins and therefore numerous fixes . changes by Axel Nennker (Axel.Nennker@t-systems.com) - FD leak in save_kb.c fixed . changes by Renaud Deraison (deraison at nessus.org) - It is now possible to upload files to the server when using the command line client - lrand48() portability problems worked around - fixed a bug in the report window that would make it crash randomly 1.1.14 : . changes by Renaud Deraison (deraison at nessus.org) - SMB fixes (thanks to Michael Scheidell) - When the safe checks option is enabled, dangerous tests with no alternate code (ie: plugins of type ACT_DESTRUCTIVE_ATTACK and ACT_DENIAL) are disabled - Hosts can be designated by their MAC address of instead of their IP address (mostly useful for DHCP networks) - Fixed a bug in the report generation which would replace newlines (\n) by semi-columns (;) - Fixed a bug in the export of some types of reports, where open ports with no data associated would not be saved - Integrated THC's Hydra as a Nessus plugin - Added new NT security checks (related to user management) - Plugins of type ACT_SETTINGS can not be disabled - Fixed a bug which would make nessusd hang when a scanner was reporting too many open ports (as when a UDP scan reports all UDP ports as being open) . changes by Dion Stempfley (dion at riptech.com) - The client can now filter on category . changes by Axel Nennker (Axel.Nennker@t-systems.com) - Fixed some plugins causing error messages in some circumstances (dns_xfer.nasl, snmp_processes.nasl...) - Stylish changes to prevent gcc -Wall from whining in some files - XML NG output is now XML compliant - Bug fixes . changes by Jenni Scott (jenni.scott@guardent.com) and Michael Slifcak (michael.slifcak@guardent.com) : - Improved the reporting of the plugins (better consistency, better wording) 1.1.13 : . changes by Michel Arboi (arboi at algoriel.fr) - New family ACT_SETTINGS dedicated to plugins which just let the user enter some preferences - Optional NIDS evasion techniques (url encoding, tcp slicing) . changes by Renaud Deraison (deraison at nessus.org) - Fixed a bug in the command line client which would make it ignore some preferences - SMB checks can now log into a Windows domain - NIDS evasion techniques (data injection, short ttl) - Fixed a bug which would randomly stall the scan 1.1.12 : . changes by Renaud Deraison (deraison at nessus.org) - Workarounds on FreeBSD to prevent a kernel panic (thanks to Michael Scheidell and Stefan Esser) - nessus can export reports as other file formats again 1.1.11 : . changes by Renaud Deraison (deraison at nessus.org) - Fixed a bug regarding the saving of reports from the GUI - Improved the backend in many ways (speed-wise, content-wise) - Changes in the protocol - More messages are sent between the server and the client (timestamps, plugins version, ...) - New .nbe file format, which looks like .nsr but has more information in it - Plugins now have versions numbers. - The user can upload his plugins to the nessusd server from the client - It is now possible to upload files to the server (ie: nmap's results) in command-line mode - Fixed false positives in SNMP plugins when launched against a non-configured Solaris snmpd . changes by Guillaume Valadon (guillaume at valadon.net) - New XML output (the XML layout was defined by Lionel Cons [lionel.cons at cern.ch]) 1.1.10 : . changes by Renaud Deraison (deraison at nessus.org) - Fixed a bug introduced in 1.1.9 which would sometimes prevent a user from aborting an on-going test - Fixed a bug in the client which would prevent the user from setting a port range longer than 255 chars - Fixed bugs in pcap_next() (thanks to Richard van den Berg). Also, pcap_next() is now more flexible. - Fixed a bug in the command line client which would make it close the communication too early when the client - server communication is not ciphered - Added an "auto-load dependencies at runtime" option 1.1.9 : . changes by Renaud Deraison (deraison at nessus.org) - Fix in the GUI, when closing a saved report - Fixed a bug in ftp_log_in() which would prevent nasl script from logging into some FTP servers - Solaris build problems fixed - Darwin 1.4.1 build problems fixed - MkLinux DR3 build problems fixed (is anyone using it anymore ?) - GTK 1.0.x build problems fixed (the use of GTK 1.2 is recommended though) - Fixed the "wrong call to getopt" problem which would make Nessus segfault when built with cygwin, and which would prevent options from working under Solaris & FreeBSD (thanks to Udo Schweigert) - SMB checks speedup (thanks to Georges Dagousset's suggestion) - Fixed a bug in the client - server communication that would make the server close the communication when the client is idle - Better support for AF_UNIX socket for client-server communication (compile nessus-core with ./configure --enable-unix-socket) - Plugins are disabled by default in batch mode . changes by Michel Arboi (arboi at algoriel.fr) - Client now properly checks the certificate of the server . changes by Benoit Brodard (bbrodard at arkoon.net) - fixed bugs in nasl/tcp.c (checksum, handling of unsigned int) 1.1.8 : . changes by Renaud Deraison (deraison at nessus.org) - Workaround for systems with a low number of bpfs (OpenBSD, Darwin) - Added some length checks for SMB checks - No more zombies - Fixed accounts.nes - Fixed the reporting of the client (reports would be mixed) - Client removes tempfiles when exiting - Repaired ptyexecvp() which would not work on Solaris - Slight bugfix in the NASL interpretor . changes by Georges Dagousset (georges at alert4web.com) - More optimizations - Properly reloads KBs with the same value defined more than once - Fixes in some plugins dependencies . changes by Michael Slifcak <Michael.Slifcak at guardent.com> - More nmap options - Quiet mode in nessus-adduser 1.1.7 : . changes by Renaud Deraison (deraison at nessus.org) - Compiles on platforms without OpenSSL - Better Solaris support - Ported under Darwin (many thanks to Dieter Fiebelkorn (dieter at fiebelkorn.net) who actually started the port and helped me test this) - Unscanned ports can now be considered as closed or open (instead of just open), at user choice - Upgraded to libtool 1.4.2 - fixed a bug in the client which would make it display the wrong report when doing multiple scans - enhanced the plugins filter (that appear when pressing 'l' in the GUI) - fixed a serious problem in the SMB plugins which would prevent them to work against Samba and which would make them slow against Windows (pointed out by Georges Dagousset) . changes by Iouri Pletnev (Iouri.Pletnec at xacta.com) - Ported under Cygwin . changes by Michel Arboi (arboi at algoriel.fr) - Added nessus-mkrand for hosts with no /dev/random AND no EGD running 1.1.6 : . changes by Renaud Deraison (deraison at nessus.org) - EGD support for OpenSSL (do ./configure --enable-egd=/path/to/egd/socket in nessus-libraries) - KB items are now stored with individual dates instead of a global date for the whole KB file. Yes, this means you have to delete your old KB files - When an host could not be pinged, his KB is not altered (nor created) - fixed memory leaks in nessusd - nessus-mkcert checks that the certificates were really created before congratulating the user - fixed a security problem where anybody with a shell on the nessusd host could log in 1.1.5 : . changes by Georges Dagousset (georges.dagousset at alert4web.com) : - new KB entries for further "optimizations" - improved find_services.nes . changes by Renaud Deraison (deraison at nessus.org) : - cleaned up the KB - added doc/kb_entries.txt - bugfix in find_services regarding the pem password - new reporting GUI - fixed a problem which would leave some plugin run against a host considered as dead - the KB are now stored with properly escaped \n and \r chars - greatly improved tcp_ping.nasl (and tcp_ping() in libnasl) . changes by Michel Arboi (arboi at algoriel.fr) : - replaced PEKS by OpenSSL in the client/server communication . changes by H D Moore (hdm@secureaustin.com) - fixed no404.nasl 1.1.4 : . changes by Renaud Deraison (deraison at nessus.org) : - fixed find_services.nes - plugins that are slow to finish are _really_ killed by the server - the client better handles the scan of big networks - nmap_wrapper now updates its progress bar - nessus-update-plugins support proxies (with or without authentication) - monitor_backend.c and data_mining.c allow any developer to plug a database behind the client (by default flatfiles are used) - bug fixed in nmap_wrapper which would make it kill its parent process randomly - minor fix in the tcp_ping() function of NASL (ack would be set to non-zero for a syn packet) - fixed Alexis's ftp_write_dirs.nes & ftp_bounce_scan.nes . changes by Michel Arboi (arboi at noos.fr) : - find_services accepts password-protected .pem files - patches in the way files were transmitted between the client and the server (which could end up in a deadlock) . changes by Alexis de Bernis <alexisb at tpfh.org) : - fixed ftp_write_dirs.nes 1.1.3 : . changes by Renaud Deraison (deraison at nessus.org) : - added the plugin 'torturecgis.nasl' which supplies bogus args to the remote CGIs, in order to find the most blantantly broken ones - webmirror.nasl now retrieves the list of arguments of each CGI. - added filter support in the client. Use the key 'l' to filter out plugins you don't want to see. - added the 'safe checks' option which allow the user to not disturb the network (but which weakens the Nessus tests) - disabled backward support for port 3001 - the official port is 1241 now. 1.1.2 : . changes by Renaud Deraison (deraison at nessus.org) : - added the plugin 'webmirror.nasl', which extracts the list of CGIs used by a remote web server (and will do much more). - fixed a problem in NASL due to the SSL patch that would cause a fd leak with some plugins. - added a new plugin category (ACT_DESTRUCTIVE_ATTACK) for plugins that may harm the remote host. - SSL certificates & key can be imported - corrected a bug introduced in 1.1.0 that would make the client not display the name of the plugin currently being run. - sending signal SIGUSR1 to nessusd makes the grandfather process (the one who listens on tcp ports) die without killing its children, thus allowing a smooth upgrade of nessusd - updated config.guess and config.sub 1.1.1 : . changes by Renaud Deraison (deraison at nessus.org) : - fixed mem leaks in NASL - fixed a bug introduced in 1.1.0 regarding recv_line() - fixed a bug introduced in 1.1.0 in the process management of the plugins (all the KB would not be filled, resulting in incomplete tests) - smb_sid2user.nasl is twice as fast ;) 1.1.0 : . changes by Devin Kowatch (devink at SDSC.EDU) : - fixed communication problem between client and server - user-defined timing policy in nmap - nessus-update-plugins uses wget (or any user-supplied command at compilation time) if available. . changes by Michel Arboi (arboi at bigfoot.com) : - support for the -T option of nmap - SSL support . changes by Zorgon (zorgon at antionline.org) : - support for the --os_guess option of nmap . changes by Renaud Deraison (deraison at nessus.org) : - the user can upload files to plugins through the client (ie: it is possible to upload nmap's results directly to the nmap plugin) - tests can be run in parallel now - each user is now granted a home by nessus-adduser - added nessus-rmuser - per users plugins Of course several new plugins were added as well.
Diffstat (limited to 'security/libnasl')
-rw-r--r--security/libnasl/PLIST6
-rw-r--r--security/libnasl/distinfo7
-rw-r--r--security/libnasl/patches/patch-aa13
3 files changed, 20 insertions, 6 deletions
diff --git a/security/libnasl/PLIST b/security/libnasl/PLIST
index c3c55aa3af6..29b52463716 100644
--- a/security/libnasl/PLIST
+++ b/security/libnasl/PLIST
@@ -1,11 +1,11 @@
-@comment $NetBSD: PLIST,v 1.2 2001/12/30 18:38:53 frueauf Exp $
+@comment $NetBSD: PLIST,v 1.3 2002/05/10 13:18:44 frueauf Exp $
bin/nasl
bin/nasl-config
include/nessus/nasl.h
lib/libnasl.a
lib/libnasl.la
lib/libnasl.so
-lib/libnasl.so.1
-lib/libnasl.so.1.10
+lib/libnasl.so.3
+lib/libnasl.so.3.0
man/man1/nasl-config.1
man/man1/nasl.1
diff --git a/security/libnasl/distinfo b/security/libnasl/distinfo
index 8846b27557b..096429ec309 100644
--- a/security/libnasl/distinfo
+++ b/security/libnasl/distinfo
@@ -1,4 +1,5 @@
-$NetBSD: distinfo,v 1.5 2001/12/30 18:38:53 frueauf Exp $
+$NetBSD: distinfo,v 1.6 2002/05/10 13:18:45 frueauf Exp $
-SHA1 (libnasl-1.0.10.tar.gz) = 369d2b792f49abe1b509f1629448c4005faf778e
-Size (libnasl-1.0.10.tar.gz) = 231011 bytes
+SHA1 (libnasl-1.2.0.tar.gz) = 2a9799cdeb6b7b494811807e97be6c1a3ad653d7
+Size (libnasl-1.2.0.tar.gz) = 277716 bytes
+SHA1 (patch-aa) = 83517b52724012be4d118c713a4e4c71da387fe7
diff --git a/security/libnasl/patches/patch-aa b/security/libnasl/patches/patch-aa
new file mode 100644
index 00000000000..fc903194c41
--- /dev/null
+++ b/security/libnasl/patches/patch-aa
@@ -0,0 +1,13 @@
+$NetBSD: patch-aa,v 1.1 2002/05/10 13:18:45 frueauf Exp $
+
+--- nasl-config.in-orig Sun Sep 12 12:08:45 1999
++++ nasl-config.in Fri May 10 13:54:17 2002
+@@ -40,7 +40,7 @@
+ exit 0
+ ;;
+ --libs)
+- echo $Xn "-L$LIBDIR -lnasl $Xc"
++ echo $Xn "-Wl,-R$LIBDIR -L$LIBDIR -lnasl $Xc"
+ ;;
+ --cflags)
+ echo $Xn "-I$INCLUDEDIR $Xc"