| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
explicitly specified in a Phase-1 proposal statement.
Patch sent to sakane@kame.net.
|
|
What is new in Nessus 1.0.4 :
changes by Christoph Puppe (pluto at defcom-sec.com) :
added "Sort by Port" to the report window.
Reports are sorted first by holes, then by warnings, then by notes.
Previous version only sorted by holes.
changes by Renaud Deraison (renaud at nessus.org) :
ftp related checks : the user can now supply a login/password for the ftp
checks, and relies on the ftp banner if nessusd can't log into
the ftp server (requested by Jens.Oeser at connector.de).
libnessus : ftp_log_in() would sometime fail against some ftp servers
better handling of large reports on the client side
tests are saved on the server side and can be restored. Note that this is
experimental and disabled by default. Do
./configure --enable-save-sessions
to enable this feature, and read doc/session_saving.txt for details.
better handling of targets with multiple web servers running
continue to launch the DoS if the state of the remote host can not be
determined
fixed a bug in smb_login_as_users.nasl, and improved
smb_accessible_shares.nasl
added checks for unpassworded MySQLs and PostgreSQL databases
nessusd uses less memory
changes by Pavel Kankovsky (peak at argo.troja.mff.cuni.cz) :
fixed a possible deadlock in the nessusd internal communication
fixed a problem in the client that would make it crash if it received
a malformed message from the server
the client would not detect the death of the server when run in batch
mode
possible header confusion (with regex.h) fixed
possible signal deadlock when exiting fixed
Other changes :
fixed a problem in the function is_cgi_installed() that may sometime
not work against odd clients (Thomas Reinke (reinke at
e-softinc.com))
fixed a bug in snmp_default_communities.nasl (Lionel Cons
(lionel.cons at cern.ch))
fixed showmount.nasl (Paul Ewing Jr. (ewing at ima.umn.edu))
typo in showmount.nasl would prevent it to work over udp (ctor at
krixor.xy.org)
|
|
link against libintl.so, update the dependency on gettext to >=0.10.35nb1.
|
|
- improvements in multiple address case
- sync with improvements in INET2000 bakeoff
|
|
the SUBDIR entries.
|
|
Main change is the splitup into libnasl, nessus-libraries, nessus-core
and nessus-plugins.
Too many changes come with 1.0.3, but most noteable the number of checked
security vulnerabilities increased and got updated.
This is based on work Hubert Feyrer did on some former version.
|
|
Security Scanner. Based on work Hubert Feyrer did on some former version.
|
|
Network security scanner. Based on work Hubert Feyrer did on some former
version.
|
|
Security Scanner. Based on work from Hubert Feyrer for some former version.
|
|
Based on work Hubert Feyrer did for some former version.
|
|
|
|
|
|
Taken from PR#10394 by Dave Burgess <burgess@neonramp.com> with
modifications.
|
|
|
|
a working /dev/urandom if it's found not to work.
|
|
RESTRICT="foo; bar"
Fix by s/;/,/
|
|
Also default to "start" command if run with no arguments.
|
|
|
|
and PLIST.
|
|
Package changes:
* Factor out common post-install code from PLIST and package Makefile
into files/INSTALL.
* Enhance files/sshd.sh to handle start/stop/restart/status.
* Check for usable installed version of OpenSSL. This bit possibly
closes the following PRs: 10404, 10501, 10593
Changes from 2.1.1p3:
* allow multiple whitespace but only one '=' between tokens
* close can fail on AFS
* allow leading whitespace in configuration files
* Always create ~/.ssh with mode 700
|
|
appropriate variables instead.
|
|
|
|
changes: basically, result from TAHI 2nd interop test (www.tahi.org)
- phase 1/2 SA removal corrections
- remove possible memory leak
- no notify message on information exchange
- correct isakmp payload manipulation on duplicated payload types
|
|
changes:
- RFC2367 conformance for SADB_[AE]ALG_xxx.
- implement initial contact
- runs in background by default
- delete notification
- improve error handling
|
|
Patch provided by Gabriel Rosenkoetter <gr@eclipsed.net>.
|
|
|
|
correctly)
|
|
|
|
|
|
|
|
have been integrated.
Relevant Changes:
* Fixed expiration handling of encryption keys.
* Add an experimental feature to do unattended key generation.
* The user is now asked for the reason of revocation as required by
the new OpenPGP draft.
* There is a ~/.gnupg/random_seed file now which saves the state of
the internal RNG and increases system performance somewhat. This
way the full entropy source is only used in cases were it is really
required. Use the option --no-random-seed-file to disable this
feature.
* New options --ignore-time-conflict and --lock-never.
* Encryption is now much faster: About 2 times for 1k bit keys and 8
times for 4k keys.
* New encryption keys are generated in a way which allows a much
faster decryption.
* New command --export-secret-subkeys which outputs the _primary_
key with it's secret parts deleted. This is useful for automated
decryption/signature creation as it allows to keep the real secret
primary key offline and thereby protecting the key certificates and
allowing to create revocations for the subkeys. See the FAQ for a
procedure to install such secret keys.
* Keygeneration now writes to the first writeable keyring or as
default to the one in the homedirectory. Prior versions ignored all
--keyring options.
* New option --command-fd to take user input from a file descriptor;
to be used with --status-fd by software which uses GnuPG as a
backend.
* There is a new status PROGRESS which is used to show progress during
key generation.
* Support for the new MDC encryption packets. To create them either
--force-mdc must be use or cipher algorithm with a blocksize other
than 64 bits is to be used. --openpgp currently disables MDC
packets entirely. This option should not yet be used.
* New option --no-auto-key-retrieve to disable retrieving of a missing
public key from a keyerver, when a keyerver has been set.
* Danish, Esperanto, Japanese, Dutch, and Swedish translations
|
|
depend on openssl >= 0.9.5. see PR 10593.
--- 2.1.1p2 -> 2.1.1p3
20000712
- (djm) Remove -lresolve for Reliant Unix
- (djm) OpenBSD CVS Updates:
- deraadt@cvs.openbsd.org 2000/07/11 02:11:34
[session.c sshd.c ]
make MaxStartups code still work with -d; djm
- deraadt@cvs.openbsd.org 2000/07/11 13:17:45
[readconf.c ssh_config]
disable FallBackToRsh by default
- (djm) Replace in_addr_t with u_int32_t in bsd-inet_aton.c. Report from
Ben Lindstrom <mouring@pconline.com>
- (djm) Make building of X11-Askpass and GNOME-Askpass optional in RPM
spec file.
- (djm) Released 2.1.1p3
20000711
- (djm) Fixup for AIX getuserattr() support from Tom Bertelson
<tbert@abac.com>
- (djm) ReliantUNIX support from Udo Schweigert <ust@cert.siemens.de>
- (djm) NeXT: dirent structures to get scp working from Ben Lindstrom
<mouring@pconline.com>
- (djm) Fix broken inet_ntoa check and ut_user/ut_name confusion, report
from Jim Watt <jimw@peisj.pebio.com>
- (djm) Replaced bsd-snprintf.c with one from Mutt source tree, it is known
to compile on more platforms (incl NeXT).
- (djm) Added bsd-inet_aton and configure support for NeXT
- (djm) Misc NeXT fixes from Ben Lindstrom <mouring@pconline.com>
- (djm) OpenBSD CVS updates:
- markus@cvs.openbsd.org 2000/06/26 03:22:29
[authfd.c]
cleanup, less cut&paste
- markus@cvs.openbsd.org 2000/06/26 15:59:19
[servconf.c servconf.h session.c sshd.8 sshd.c]
MaxStartups: limit number of unauthenticated connections, work by
theo and me
- deraadt@cvs.openbsd.org 2000/07/05 14:18:07
[session.c]
use no_x11_forwarding_flag correctly; provos ok
- provos@cvs.openbsd.org 2000/07/05 15:35:57
[sshd.c]
typo
- aaron@cvs.openbsd.org 2000/07/05 22:06:58
[scp.1 ssh-agent.1 ssh-keygen.1 sshd.8]
Insert more missing .El directives. Our troff really should identify
these and spit out a warning.
- todd@cvs.openbsd.org 2000/07/06 21:55:04
[auth-rsa.c auth2.c ssh-keygen.c]
clean code is good code
- deraadt@cvs.openbsd.org 2000/07/07 02:14:29
[serverloop.c]
sense of port forwarding flag test was backwards
- provos@cvs.openbsd.org 2000/07/08 17:17:31
[compat.c readconf.c]
replace strtok with strsep; from David Young <dyoung@onthejob.net>
- deraadt@cvs.openbsd.org 2000/07/08 19:21:15
[auth.h]
KNF
- ho@cvs.openbsd.org 2000/07/08 19:27:33
[compat.c readconf.c]
Better conditions for strsep() ending.
- ho@cvs.openbsd.org 2000/07/10 10:27:05
[readconf.c]
Get the correct message on errors. (niels@ ok)
- ho@cvs.openbsd.org 2000/07/10 10:30:25
[cipher.c kex.c servconf.c]
strtok() --> strsep(). (niels@ ok)
- (djm) Fix problem with debug mode and MaxStartups
- (djm) Don't generate host keys when $(DESTDIR) is set (e.g. during RPM
builds)
- (djm) Add strsep function from OpenBSD libc for systems that lack it
20000709
- (djm) Only enable PAM_TTY kludge for Linux. Problem report from
Kevin Steves <stevesk@sweden.hp.com>
- (djm) Match prototype and function declaration for rresvport_af.
Problem report from Niklas Edmundsson <nikke@ing.umu.se>
- (djm) Missing $(DESTDIR) on host-key target causing problems with RPM
builds. Problem report from Gregory Leblanc <GLeblanc@cu-portland.edu>
- (djm) Replace ut_name with ut_user. Patch from Jim Watt
<jimw@peisj.pebio.com>
- (djm) Fix pam sprintf fix
- (djm) Cleanup entropy collection code a little more. Split initialisation
from seeding, perform intialisation immediatly at start, be careful with
uids. Based on problem report from Jim Watt <jimw@peisj.pebio.com>
- (djm) More NeXT compatibility from Ben Lindstrom <mouring@pconline.com>
Including sigaction() et al. replacements
- (djm) AIX getuserattr() session initialisation from Tom Bertelson
<tbert@abac.com>
20000708
- (djm) Fix bad fprintf format handling in auth-pam.c. Patch from
Aaron Hopkins <aaron@die.net>
- (djm) Fix incorrect configure handling of --with-rsh-path option. Fix from
Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
- (djm) Fixed undefined variables for OSF SIA. Report from
Baars, Henk <Hendrik.Baars@nl.origin-it.com>
- (djm) Handle EWOULDBLOCK returns from read() and write() in atomicio.c
Fix from Marquess, Steve Mr JMLFDC <Steve.Marquess@DET.AMEDD.ARMY.MIL>
- (djm) Don't use inet_addr.
20000702
- (djm) Fix brace mismatch from Corinna Vinschen <vinschen@cygnus.com>
- (djm) Stop shadow expiry checking from preventing logins with NIS. Based
on fix from HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
- (djm) Use standard OpenSSL functions in auth-skey.c. Patch from
Chris, the Young One <cky@pobox.com>
- (djm) Fix scp progress meter on really wide terminals. Based on patch
from James H. Cloos Jr. <cloos@jhcloos.com>
20000701
- (djm) Fix Tru64 SIA problems reported by John P Speno <speno@isc.upenn.edu>
- (djm) Login fixes from Tom Bertelson <tbert@abac.com>
- (djm) Replace "/bin/sh" with _PATH_BSHELL. Report from Corinna Vinschen
<vinschen@cygnus.com>
- (djm) Replace "/usr/bin/login" with LOGIN_PROGRAM
- (djm) Added check for broken snprintf() functions which do not correctly
terminate output string and attempt to use replacement.
- (djm) Released 2.1.1p2
|
|
${LOCALBASE}/etc, and is the parent directory of the priv package's
user configuration data.
Modify Makefile to pick up this definition, and pass it on as an argument
to the configure script.
Modify the PLIST to include this location, and pre-process the PLIST at
install time to set the correct location.
|
|
|
|
pointed out by hubertf.
|
|
|
|
different user, into the NetBSD packages collection.
|
|
the correct printf-format. From LeRoy Miller (root@gcc.ansic.net) in PR
pkg/10478.
|
|
|
|
using inet_addr(3) failure is indicated by INADDR_NONE...
Addresses: pkg/10526
|
|
openssl. From: Bernd.Ernesti@security.kpnqwest.com (Bernd Ernesti)
|
|
(listens to IPv4 and IPv6 for GENERIC kernel)
|
|
--- recent changelogs
20000701
- (djm) Fix Tru64 SIA problems reported by John P Speno <speno@isc.upenn.edu>
- (djm) Login fixes from Tom Bertelson <tbert@abac.com>
- (djm) Replace "/bin/sh" with _PATH_BSHELL. Report from Corinna Vinschen
<vinschen@cygnus.com>
- (djm) Replace "/usr/bin/login" with LOGIN_PROGRAM
- (djm) Added check for broken snprintf() functions which do not correctly
terminate output string and attempt to use replacement.
- (djm) Released 2.1.1p2
20000628
- (djm) Fixes to lastlog code for Irix
- (djm) Use atomicio in loginrec
- (djm) Patch from Michael Stone <mstone@cs.loyola.edu> to add support for
Irix 6.x array sessions, project id's, and system audit trail id.
- (djm) Added 'distprep' make target to simplify packaging
- (djm) Added patch from Chris Adams <cmadams@hiwaay.net> to add OSF SIA
support. Enable using "USE_SIA=1 ./configure [options]"
20000627
- (djm) Fixes to login code - not setting li->uid, cleanups
- (djm) Formatting
20000626
- (djm) Better fix to aclocal tests from Garrick James <garrick@james.net>
- (djm) Account expiry support from Andreas Steinmetz <ast@domdv.de>
- (djm) Added password expiry checking (no password change support)
- (djm) Make EGD failures non-fatal if OpenSSL's entropy pool is still OK
based on patch from Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
- (djm) Fix fixed EGD code.
- OpenBSD CVS update
- provos@cvs.openbsd.org 2000/06/25 14:17:58
[channels.c]
correct check for bad channel ids; from Wei Dai <weidai@eskimo.com>
20000623
- (djm) Use sa_family_t in prototype for rresvport_af. Patch from
Svante Signell <svante.signell@telia.com>
- (djm) Autoconf logic to define sa_family_t if it is missing
- OpenBSD CVS Updates:
- markus@cvs.openbsd.org 2000/06/22 10:32:27
[sshd.c]
missing atomicio; report from Steve.Marquess@DET.AMEDD.ARMY.MIL
- djm@cvs.openbsd.org 2000/06/22 17:55:00
[auth-krb4.c key.c radix.c uuencode.c]
Missing CVS idents; ok markus
20000622
- (djm) Automatically generate host key during "make install". Suggested
by Gary E. Miller <gem@rellim.com>
- (djm) Paranoia before kill() system call
- OpenBSD CVS Updates:
- markus@cvs.openbsd.org 2000/06/18 18:50:11
[auth2.c compat.c compat.h sshconnect2.c]
make userauth+pubkey interop with ssh.com-2.2.0
- markus@cvs.openbsd.org 2000/06/18 20:56:17
[dsa.c]
mem leak + be more paranoid in dsa_verify.
- markus@cvs.openbsd.org 2000/06/18 21:29:50
[key.c]
cleanup fingerprinting, less hardcoded sizes
- markus@cvs.openbsd.org 2000/06/19 19:39:45
[atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
[auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h]
[buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h]
[clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h]
[deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c]
[kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c]
[nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c]
[rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c]
[ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h]
OpenBSD tag
- markus@cvs.openbsd.org 2000/06/21 10:46:10
sshconnect2.c missing free; nuke old comment
20000620
- (djm) Replace use of '-o' and '-a' logical operators in configure tests
with '||' and '&&'. As suggested by Jim Knoble <jmknoble@pint-stowp.cx>
to fix SCO Unixware problem reported by Gary E. Miller <gem@rellim.com>
- (djm) Typo in loginrec.c
20000618
- (djm) Add summary of configure options to end of ./configure run
- (djm) Not all systems define RUSAGE_SELF & RUSAGE_CHILDREN. Report from
Michael Stone <mstone@cs.loyola.edu>
- (djm) rusage is a privileged operation on some Unices (incl.
Solaris 2.5.1). Report from Paul D. Smith <pausmith@nortelnetworks.com>
- (djm) Avoid PAM failures when running without a TTY. Report from
Martin Petrak <petrak@spsknm.schools.sk>
- (djm) Include sys/types.h when including netinet/in.h in configure tests.
Patch from Jun-ichiro itojun Hagino <itojun@iijlab.net>
- (djm) Started merge of Ben Lindstrom's <mouring@pconline.com> NeXT support
- OpenBSD CVS updates:
- deraadt@cvs.openbsd.org 2000/06/17 09:58:46
[channels.c]
everyone says "nix it" (remove protocol 2 debugging message)
- markus@cvs.openbsd.org 2000/06/17 13:24:34
[sshconnect.c]
allow extended server banners
- markus@cvs.openbsd.org 2000/06/17 14:30:10
[sshconnect.c]
missing atomicio, typo
- jakob@cvs.openbsd.org 2000/06/17 16:52:34
[servconf.c servconf.h session.c sshd.8 sshd_config]
add support for ssh v2 subsystems. ok markus@.
- deraadt@cvs.openbsd.org 2000/06/17 18:57:48
[readconf.c servconf.c]
include = in WHITESPACE; markus ok
- markus@cvs.openbsd.org 2000/06/17 19:09:10
[auth2.c]
implement bug compatibility with ssh-2.0.13 pubkey, server side
- markus@cvs.openbsd.org 2000/06/17 21:00:28
[compat.c]
initial support for ssh.com's 2.2.0
- markus@cvs.openbsd.org 2000/06/17 21:16:09
[scp.c]
typo
- markus@cvs.openbsd.org 2000/06/17 22:05:02
[auth-rsa.c auth2.c serverloop.c session.c auth-options.c auth-options.h]
split auth-rsa option parsing into auth-options
add options support to authorized_keys2
- markus@cvs.openbsd.org 2000/06/17 22:42:54
[session.c]
typo
20000613
- (djm) Fixes from Andrew McGill <andrewm@datrix.co.za>:
- Platform define for SCO 3.x which breaks on /dev/ptmx
- Detect and try to fix missing MAXPATHLEN
- (djm) Fix short copy in loginrec.c (based on patch from Phill Camp
<P.S.S.Camp@ukc.ac.uk>
20000612
- (djm) Glob manpages in RPM spec files to catch compressed files
- (djm) Full license in auth-pam.c
- (djm) Configure fixes from SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp>
- (andre) AIX, lastlog, configure fixes from Tom Bertelson <tbert@abac.com>:
- Don't try to retrieve lastlog from wtmp/wtmpx if DISABLE_LASTLOG is
def'd
- Set AIX to use preformatted manpages
20000610
- (djm) Minor doc tweaks
- (djm) Fix for configure on bash2 from Jim Knoble <jmknoble@jmknoble.cx>
20000609
- (djm) Patch from Kenji Miyake <kenji@miyake.org> to disable utmp usage
(in favour of utmpx) on Solaris 8
20000606
- (djm) Cleanup of entropy.c. Reorganised code, removed second pass through
list of commands (by default). Removed verbose debugging (by default).
- (djm) Increased command entropy estimates and default entropy collection
timeout
- (djm) Remove duplicate headers from loginrec.c
- (djm) Don't add /usr/local/lib to library search path on Irix
- (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts III
<tibbs@math.uh.edu>
- (djm) Warn user if grabs fail in GNOME askpass. Patch from Zack Weinberg
<zack@wolery.cumb.org>
- (djm) OpenBSD CVS updates:
- todd@cvs.openbsd.org
[sshconnect2.c]
teach protocol v2 to count login failures properly and also enable an
explanation of why the password prompt comes up again like v1; this is NOT
crypto
- markus@cvs.openbsd.org
[readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8]
xauth_location support; pr 1234
[readconf.c sshconnect2.c]
typo, unused
[session.c]
allow use_login only for login sessions, otherwise remote commands are
execed with uid==0
[sshd.8]
document UseLogin better
[version.h]
OpenSSH 2.1.1
[auth-rsa.c]
fix match_hostname() logic for auth-rsa: deny access if we have a
negative match or no match at all
[channels.c hostfile.c match.c]
don't panic if mkdtemp fails for authfwd; jkb@yahoo-inc.com via
kris@FreeBSD.org
|
|
|
|
changes from 6/14:
- improved internal data garbage collection
- avoid sending packet that constitutes invalid exchange
- "non_auth" setting will avoid negotiating ESP authentication
- improve notify message
|
|
|
|
|
|
update_dat script for downloading new dat files.
|
