Commit cd40d9f4 authored by Lorenzo "Palinuro" Faletra's avatar Lorenzo "Palinuro" Faletra Committed by Nong Hoang Tu
Browse files

Import Debian changes 21.4.3-1parrot1

openvas-scanner (21.4.3-1parrot1) parrot-updates; urgency=medium
.
  * Import new Debian release.
.
openvas-scanner (21.4.3-1) unstable; urgency=medium
.
  * New upstream version 21.4.3
  * debian/rules: use upstream defaults parameters
  * Update minimal required version to libgvm-dev
  * Bump Standards-Version to 4.6.0 (no changes)
.
openvas-scanner (21.4.2-1) unstable; urgency=medium
.
  * Update debian/copyright
  * New upstream version 21.4.2
  * Build-dep: update minimal required version of libgvm-dev
  * Bump Standards-Version to 4.5.1 (no change)
  * Import upstream patch to fix segfault in tests
  * Update dependencies
  * Refresh patches
.
openvas-scanner (20.8.0-2) unstable; urgency=medium
.
  [ Sophie Brun ]
  * Add a patch to fix test failure (Closes: #976712)
.
  [ Raphael Hertzog ]
  * Update patch meta-data
  * Add some lintian overrides
.
openvas-scanner (20.8.0-1) unstable; urgency=medium
.
  * Team upload.
.
  [ Sophie Brun ]
  * New upstream version 20.8.0
  * Update debian/copyright
  * Change required version of libgvm-dev: 20.8.0
  * Refresh patches
  * Add a comment about OPENVAS_RUN_DIR in debian/rules
  * Update debian/rules with correct run dir and feed lock path
.
  [ SZ Lin (林上智) ]
  * Update copyright information
  * I am no longer using this package, and thus remove my name from the
    uploaders field due to time constraints
.
openvas-scanner (7.0.1-4) unstable; urgency=medium
.
  * Team upload.
  * Don't build and run tests on ppc64el and s390x due to lack of cgreen
.
openvas-scanner (7.0.1-3) unstable; urgency=medium
.
  * Team upload
.
  [ Sophie Brun ]
  * Add upstream patch and Debian patch to improve greenbone-nvt-sync
.
openvas-scanner (7.0.1-2) unstable; urgency=medium
.
  * Team upload
.
  [ Sophie Brun ]
  * Optimized redis-openvas.conf as upstream advises (Closes: #966641)
  * Add Replaces and Conflicts on openvas-nasl and libopenvas-dev
.
openvas-scanner (7.0.1-1) unstable; urgency=medium
.
  * Team upload
.
  [ SZ Lin (林上智) ]
  * Add libcgreen1-dev to B-D for unit test
  * Compile the unit test program
  * Remove unit test with autopktest
.
  [ Raphaël Hertzog ]
  * Remove obsolete field Name from debian/upstream/metadata (already present
    in machine-readable debian/copyright).
  * Add NEWS file to warn about the rename of OpenVAS to GVM
.
openvas-scanner (7.0.1-1~exp1) experimental; urgency=medium
.
  [ Sophie Brun ]
  * Add --force-badname option in postinst
  * Add _gvm in redis group to have access to the redis socket
  * User _gvm owns /var/lib/openvas/gnupg and /var/lib/openvas/plugins
  * New upstream version 7.0.1
  * Update minimal required version of libgvm11
  * Change OPENVAS_RUN_DIR to /var/lib/openvas
  * Update debian/openvas-scanner.logrotate for user _gvm
.
  [ SZ Lin (林上智) ]
  * Add autopkgtest test case
  * Bump debhelper-compat to 13
.
openvas-scanner (7.0.0-1~exp1) experimental; urgency=medium
.
  [ Samuel Henrique ]
  * Add salsa-ci.yml
.
  [ Sophie Brun ]
  * New upstream version 7.0.0
  * Update for new name of other tools (gvm*)
  * Add missing build-dep bison
  * Disable dh_auto_test: it requires cgreen, not in Debian
  * Update debian/copyright
  * Replace openvassd by openvas and openvas dirs by gvm dirs
  * openvas scanner does no longer run as a service
  * Update CMAKE_BUILD_TYPE in debian/rules
  * Update Homepage
  * Bump Standards-Version to 4.5.0 (no changes)
.
  [ SZ Lin (林上智) ]
  * Configure git-buildpackage for Debian
  * Create an account "_gvm" for use by greenbone-nvt-sync
  * Set Rules-Requires-Root: no
  * Apply debhelper-compat to remove d/compat
  * Add missing files in GPL-2+ license
  * Update metadata
.
openvas-scanner (5.1.3-2) unstable; urgency=medium
.
  * Team upload.
  * Bump minimal version of libopenvas-dev to 9.0.3
.
openvas-scanner (5.1.3-1) unstable; urgency=medium
.
  * Import new upstream release
  * Add upstream metadata
  * d/control:
    - Bump Standards-Version to 4.2.1
  * d/copyright:
    - Replace "http" with "https" in URL
  * d/changelog:
    - Remove trailing whitespace
.
openvas-scanner (5.1.2-1) unstable; urgency=medium
.
  [ Sophie Brun ]
  * Team upload.
  * Update debian/watch and debian/control with new upstream github repository
  * Import new usptream release
  * Update minimal required version of libopenvas-dev
.
  [ Raphaël Hertzog ]
  * Bump Standards-Version to 4.1.5.
  * Drop lintian override for debian-watch-uses-insecure-uri which is no
    longer needed with the move to GitHub.
.
openvas-scanner (5.1.1-4) unstable; urgency=medium
.
  * Team upload.
.
  [ Raphaël Hertzog ]
  * Update team maintainer address to Debian Security Tools
    <team+pkg-security@tracker.debian.org>
  * Update Vcs-Git and Vcs-Browser for the move to salsa.debian.org
  * Fix the path of the unix socket also for the SystemV init script
  * Drop debconf support as nothing uses the data of the debconf question
  * Switch to debhelper compat 11
  * Drop git-dpm file as we don't use git-dpm
  * Drop prerm script, it's not doing anything useful
  * Configure a redis-server for openvas using systemd's multi-instance
    support.  openvas-scanner.service requires redis-server@openvas.service
    which will bring into life a new redis-server using our
    /etc/redis/redis-openvas.conf (Closes: #863240)
  * Improve sysv initscript and document its limitations in README.Debian
    (Closes: #865445)
  * Bump Standards-Version to 4.1.3
.
  [ Jonathan Landis ]
  * Fix the path of the --unix-socket argument in openvas-scanner.service
    (Closes: #863240)
.
openvas-scanner (5.1.1-3) unstable; urgency=medium
.
  [ Javier Fernández-Sanguino Peña ]
  * Add previous changelog entries from openvas-server (Closes: #873968)
.
  [ SZ Lin (林上智) ]
  * d/po: Add ru.po from Lev Lamberov (Closes: #883141)
  * d/control: Bump standards version to 4.1.2
  * d/control: Bump version of "debhelper" to 10
  * d/compat: Bump compat version to 10
.
openvas-scanner (5.1.1-2) unstable; urgency=medium
.
  * Move package from experimental to sid archive
  * Bump standards version to 4.0.0
.
openvas-scanner (5.1.1-1~exp2) experimental; urgency=medium
.
  * Add libgcrypt20-dev in build-depending (Closes: #864126)
  * Remove libgcrypt11-dev transition package in build-depending
.
openvas-scanner (5.1.1-1~exp1) experimental; urgency=medium
.
  [ Gianfranco Costamagna ]
  * Team upload.
  * Add es.po from jathan (Closes: #855612, #856245)
.
  [ SZ Lin (林上智) ]
  * Add pt.po from Traduz (Closes: #858750)
  * Move it to experimental archive
.
  [ Gavin Lai ]
  * Import new upstream release
.
openvas-scanner (5.1.0-1) UNRELEASED; urgency=medium
.
  * Import new upstream release
  * Add German debconf templates translation (Closes: #843771)
.
openvas-scanner (5.0.7-2) unstable; urgency=medium
.
  * Fix typo in zh_TW.po
  * Add French debconf templates translation (Closes: #843625)
  * Add lsb-base dependency
.
openvas-scanner (5.0.7-1) unstable; urgency=medium
.
  * Import upstream version to Debian (Closes: #838124)
.
openvas-scanner (5.0.5-0kali1) kali-experimental; urgency=medium
.
  * Import new upstream release
.
openvas-scanner (5.0.4-0kali1) kali-dev; urgency=medium
.
  * Import new upstream release
.
openvas-scanner (5.0.1-0kali3) kali-dev; urgency=medium
.
  * Enable systemd postinst snippets.
.
openvas-scanner (5.0.1-0kali2) kali-dev; urgency=medium
.
  * Add a proper systemd service file.
.
openvas-scanner (5.0.1-0kali1) kali; urgency=medium
.
  * Import new upstream release
  * Add redis-server (>= 2.4.0) as depends
  * Add .examples to install examples files for redis-server
  * Update debian/copyright
.
openvas-scanner (4.0.2-0kali4) kali-dev; urgency=medium
.
  * Rebuild in kali-dev for libgcrypt11/gnutls28 transition.
.
openvas-scanner (4.0.2-0kali3) kali; urgency=medium
.
  * Don't start/stop/restart the init script in maintainer scripts as it tends
    to not work when not properly configured.
.
openvas-scanner (4.0.2-0kali2) kali; urgency=medium
.
  * Fix init script by dropping "-q".
.
openvas-scanner (4.0.2-0kali1) kali; urgency=medium
.
  * New upstream release
  * Add file debian/copyright
  * Add file debian/source/format
  * Update debian/rules to use debhelper 9
  * Add "Default stop" 1 in .init
.
openvas-scanner (3.4.0-0kali1) kali; urgency=low
.
  * New upsteam release.
  * Update build dependencies.
.
openvas-scanner (3.3.1-1kali1) kali; urgency=low
.
  * Version bump
.
openvas-scanner (3.3.1-1kali0) kali; urgency=low
.
  [ Stephan Kleine ]
  * New upstream release
    - NVT management code has been updated to reflect the updated openvas-libraries
      API.
    - The optional use of the external tool "ovaldi" has been made more secure.
    - OpenVAS Scanner now uses UTC internally.
    - The greenbone-nvt-sync script has been updated.
    - Changed: Do not force execution of ACT_INIT category.
    - Fixed: A number of potential resource leaks.
    - Fixed: A number of compiler warnings when compiling with gcc 4.6.
    - Fixed: Usage of the mktemp template in openvas-nvt-sync.
    - Removed: Support for shared sockets.
    - New: The scanner options "network_scan" and "report_host_details" have been
      added to the default scanner options.
.
  [ Mati Aharoni ]
  * Version update
.
openvas-scanner (3.2.5-1) UNRELEASED; urgency=low
.
  * New upstream release
    - The optional use of the external tool "ovaldi" has been made more secure.
.
openvas-scanner (3.2.4-1) UNRELEASED; urgency=low
.
  * New upstream release
    - Fixed: Two potential resource leaks.
    - Fixed: A number of compiler warning when compiling with gcc 4.6.
    - Fixed: Usage of the mktemp template in openvas-nvt-sync.
.
openvas-scanner (3.2.3-1) UNRELEASED; urgency=low
.
  * New upstream release
    - Fixed: Three potential resource leaks.
    - Fixed: Generation of code documentation.
    - Updated: Feed synchronization scripts.
    - Changed: The openvas-nvt-sync script will now perform the initial feed
      synchronization via HTTP instead of rsync.
    - Changed: The openvas-nvt-sync script will now default to synchronize into the
      NVT directory used by the OpenVAS Scanner instead of the one defined at
      compile time.
.
openvas-scanner (3.2.2-1) UNRELEASED; urgency=low
.
  * New upstream release
    - The last bashism has been removed from the openvas-nvt-sync synchronization
      script.
    - The greenbone-nvt-sync script now logs additional information during
      synchronization.
    - An unimplemented and superfluous function declaration has been removed.
    - The openvassd man page has been updated.
    - The build environment has been consolidated.
    - The greenbone-nvt-sync script has been improved.
    - OpenVAS Scanner now sets a default value for the "unscanned_closed"
      preference.
.
openvas-scanner (3.2.0-1) UNRELEASED; urgency=low
.
  * New upstream release
    - The sync scripts have been updated.
    - OpenVAS Scanner now uses pkg-config to find libraries.
    - Installation of the openvas-services file has been moved to openvas-libraries.
    - Filesystem Hierarchy Standard (FHS 2.3) compliance has been improved.
.
openvas-scanner (3.1.99.2-1) UNRELEASED; urgency=low
.
  * New upstream release
    - Improved output of --version
    - Comprehensive code cleanup
    - Binary (.nes) plugins we moved to libraries and turned into builtin
      NASL methods.
    - Removed handling of binary plugins as we don't want to have them ever
      again.
    - Added preferences for the vhost feature so that clients get them
      and can offer them to the user. In other words: unhide the vhost feature.
    - Default port is now 9391 where the OpenVAS Manager expects the
      Scanner by default.
    - Command line options "--dump-cfg" and "--gen-config" are removed.
    - openvassd does not need anymore a "openvassd.conf" file. It uses
      its defaults and a possibly present conf-file can overwrite settings.
    - openvas-mkcert got a additional switch "-f" to force overwriting
      certificates.
    - openvas-mkcert does not create a openvassd.conf anymore as it shares
      the defaults with openvassd.
.
openvas-scanner (3.1.99.1-1) UNRELEASED; urgency=low
.
  * New upstream release
    - Debug messages during the use of shared sockets are no longer logged unless
      requested during compile time.
    - A number of compiler warnings from gcc 4.4 has been addressed.
    - Hardening flags are now enabled during compile time to increase code quality.
    - openvas-scanner now listens on an IPv4 socket by default, even when IPv6
      support is present.
.
openvas-scanner (3.1.98.2-1) UNRELEASED; urgency=low
.
  * New upstream release
    - A compiler warning regarding an incorrect function declaration in
      openvas_tcp_scanner has been addressed.
    - A compiler warning regarding incorrect pointer casts in find_service has been
      addressed.
    - A compiler warning regarding the type of a return value in openvassd has been
      addressed.
    - An issue which caused openvassd to refuse to scan certain hosts even when
      permitted by rules has been fixed.
    - An issue which caused openvassd to abort the scan process prematurely under
      certain circumstances has been fixed.
.
openvas-scanner (3.1.98.1-1) UNRELEASED; urgency=low
.
  * New upstream release
    - Network level scan support.
    - Removed unnecessary log entries.
    - Include paths have been updated to match with openvas-libraries 4.0.
.
openvas-scanner (3.1.1-1) UNRELEASED; urgency=low
.
  * New upstream release
    - The code documentation infrastructure has been improved.
    - The license situation of the individual source code files has been clarified.
    - Obsolete support for systems without entropy generation has been removed.
    - A bug which caused the client certificate generation to fail under certain
      circumstances has been fixed.
.
openvas-scanner (3.1.0-1) UNRELEASED; urgency=low
.
  * New upstream release
    - Support for storing scanner passwords in plaintext has been removed.
    - Support for dropping privileges in NASL and NES NVTs had been added.
    - Support for scanning virtual web hosts has been added.
    - The handling of NVTs with an invalid timestamp has been improved.
    - A bug in the openvas-nvt-sync script which prevented synchronization via http
      under certain circumstances has been fixed.
    - Support for retrieving the version of the NVT collection has been added to the
      openvas-nvt-sync and greenbone-nvt-sync scripts.
    - Support for soft pausing of scans has been added.
    - Support for automatically installing generated certificate file has been added
      to the openvas-mkcert-client script.
    - The obsolete C based NVT "ssl_cipher" has been removed from the
      openvas-scanner module. It has been replaced by the NASL implementation
      "secpod_ssl_ciphers.nasl".
    - Support for storing an uploaded preference file in memory instead of on disk
      has been added.
.
openvas-scanner (3.1.0.rc3-1) UNRELEASED; urgency=low
.
  * New upstream release
    - Support for storing scanner passwords in plaintext has been removed.
.
openvas-scanner (3.1.0.rc2-1) UNRELEASED; urgency=low
.
  * New upstream release
    - The support scripts for feed synchronization have been updated.
    - Support for dropping privileges in NASL and NES NVTs had been added.
    - Support for scanning virtual web hosts has been added.
    - The handling of NVTs with an invalid timestamp has been improved.
.
openvas-scanner (3.1.0.rc1-1) UNRELEASED; urgency=low
.
  * New upstream release
    - A bug in the openvas-nvt-sync script which prevented synchronization via http
      under certain circumstances has been fixed.
    - The build environment for C based NVTs has been cleaned up.
    - Code formatting has been improved in a number of files to match the coding
      style.
    - Support for retrieving the version of the NVT collection has been added to the
      openvas-nvt-sync and greenbone-nvt-sync scripts.
    - Support for soft pausing of scans has been added.
    - Support for automatically installing generated certificate file has been added
      to the openvas-mkcert-client script.
    - The obsolete C based NVT "ssl_cipher" has been removed from the
      openvas-scanner module. It has been replaced by the NASL implementation
      "secpod_ssl_ciphers.nasl".
    - Support for storing an uploaded preference file in memory instead of on disk
      has been added.
.
openvas-scanner (3.0.2-1) UNRELEASED; urgency=low
.
  * New upstream release
.
openvas-scanner (3.0.1-1) UNRELEASED; urgency=low
.
  * New upstream release
.
openvas-scanner (3.0.0-1) UNRELEASED; urgency=low
.
  * New upstream release
.
openvas-server (2.0.3-6) unstable; urgency=low
.
  * debian/openvas-server.config: Change the template names to openvas-server
    which prevents an installation error for users running on 'medium' or lower
    debconf priority (Closes: #674612)
  * debian/openvas-server.postrm: Remove cache directory after purge
    (Closes: #608734)
.
openvas-server (2.0.3-5) unstable; urgency=low
.
  * debian/control:
     - Add a reference to nessus in the package description (Closes: #580252)
     - Update references to VCS
  * _Really_ include the translation updates promised in the previous
    version (Closes: #581744, #597312)
  * debian/README.Debian: Update the name of the openvas-plugins script
    (Closes: #580528, #662647)
  [ Changes by Jan Wagner <waja@cyconet.org> ]
  * Add gettext-base as dependency for openvas-server (LP: #511981)
.
openvas-server (2.0.3-4.1) unstable; urgency=low
.
  * Non-maintainer upload.
  * Fix pending l10n issues. Debconf translations:
    - Brazilian Portuguese (Eder L. Marques).  Closes: #629116
    - Dutch; (Jeroen Schot).  Closes: #655719
    - Slovak (Ivan Masár).  Closes: #656527
    - Danish (Joe Hansen).  Closes: #656747
    - Spanish; (Javier Fernández-Sanguino).  Closes: #656405
.
openvas-server (2.0.3-4) unstable; urgency=low
.
  * Update for PO-debconf translation updates:
    - Updated Brazilian Portuguese Translation, provided by Eder L. Marques
      (Closes: #581744)
    - Updated Italian translation, provided by Vincenzo Campanella (Closes:
      #597312)
.
openvas-server (2.0.3-3.2) UNRELEASED; urgency=low
.
  * Stop providing the openvas-nvt-sync script since this will be
    provided by a new openvas-plugins package. (Closes: #546746)
    (Removed patches 11_openvas-nvt-sync.dpatch 12_openvas_nvt-sync-var.dpatch)
    Note: This is required since there are some plugins that
    are required for proper OpenVAS operation.
  * Add debian/README.source to describe patch management
  * Adjust dependencies (Depends: on openvas-plugins and remove the
    Recommends of tools which are related to plugins)
.
openvas-server (2.0.3-3) unstable; urgency=low
.
  * Add README.source
  * Raise build-dep of libopenvas2-dev to (>= 2.0.4-2), which should fix build
    issues on mips
  * Fix 10_bashism.dpatch, which broke the scripts
  * Fix Vcs location
  * Remove openvas-nvt-sync, which moved to openvas-plugins-base
    (Closes: #546746)
    - Drop 11_openvas-nvt-sync.dpatch and 12_openvas_nvt-sync-var.dpatch
    - Remove Recommands: rsync, nmap, smbclient
    - Remove Suggests: snmp, pnscan, strobe, ike-scan
  * Add Recommends: openvas-plugins-base
  * Add Suggests: openvas-plugins-dfsg
.
openvas-server (2.0.3-2) unstable; urgency=low
.
  * Add 11_openvas-nvt-sync.dpatch and 12_openvas_nvt-sync-var.dpatch to patch
    list (Closes: #534846, #532937)
  * Fix typo in 11_openvas-nvt-sync.dpatch
  * Adjust 11_openvas-nvt-sync.dpatch to work with latest upstream release
.
openvas-server (2.0.3-1) unstable; urgency=low
.
  * New upstream release
  * Raise build-dep of libopenvas2-dev to (>= 2.0.4) and libopenvasnasl2-dev
    to (>= 2.0.2)
  * Bump Standards-Version to 3.8.3, no changes needed
  * Move /usr/bin/openvasd-config back to openvas-server-dev
.
openvas-server (2.0.2-2) unstable; urgency=low
.
  * really add the watch file
.
openvas-server (2.0.2-1) unstable; urgency=low
.
  [ Jan Wagner ]
  * New upstream release
  * Bump Standards-Version to 3.8.2, no changes needed
  * removing absolute path calling rm in postinst, lintian fix.
  * add checkbashisms check for /usr/*bin/openvas-* and add devscripts as
    build-dep
  * add it.po, thanks to Vincenzo Campanella (Closes: #513361)
  * updates ja.po, thanks to Hideki Yamane (Closes: #538253)
  * add dpatch infrastructure
  * add 10_bashism.dpatch to get rid of bashism in upstream shell scripts,
    thanks to Raphael Geissert (Closes: #530156)
  * relicense packaging to GPL-3
.
  [ Javier Fernandez-Sanguino Pen~a ]
  * Minor changes to the Spanish translation, it was missing the
    review done in the debian-l10n-spanish mailing list by
    Noel David Torres.
  * Small fix in the error message in the init.d script when complaining that
    there is no ca_file defined.
  * New patch (11_openvas-nvt-sync.dpatch) to include upstream's
    openvas-nvt-sync that was previously in openvas-plugins package. This
    enables admins to update their OpenVAS plugins without the need for a
    separate plugin which, anyway, upstream is not going to provide see
    Change Request #32 (http://www.openvas.org/openvas-cr-32.html,
    "Discontinuing the tarball releases of openvas-plugins")
    (Closes: #534846, #532937)
  * Add 12_openvas_nvt-sync-var.dpatch to get the plugins into /var
  * Add the following packages to Recommends: as they are needed by some
    NASL script:
  - nmap - so the server can do portscans
  - smbclient - to retrieve information from "other" environments
  * Add the following packages to Suggests: as they are needed by some
    NASL script:
  - snmp - snmpwalk is used in the snmpwalk_portscan.nasl NASL script
  - pnscan - used by the pnscan.nasl NASL script
  - strobe - used by the portscan-strobe.nasl NASL script
  - ike-scan - used by the ike-scan.nasl NASL script
.
  [ Both ]
  * add debian/watch to detect when a new version is available at
    wald.intevation.org
.
openvas-server (2.0.1-2) unstable; urgency=low
.
  * Updated Spanish translation
  * Add Japanese translation, it is, however, out of date since the templates
    have changed (Closes: 520063)
.
openvas-server (2.0.1-1) unstable; urgency=low
.
  [ Jan Wagner ]
  * New upstream release
  * rewrite Michaels changelog
.
  [ Christian Perrier ]
  * Debconf templates and debian/control reviewed by the debian-l10n-
    english team as part of the Smith review project. Closes: #512170
  * Fix extra space in debconf templates. Closes: #514451
  * [Debconf translation updates]
  * Swedish. Closes: #512667
  * Galician. Closes: #512683
  * Basque. Closes: #512752
  * Portuguese. Closes: #512790, #511271
  * Swedish. Closes: #512667
  * Czech. Closes: #513712
  * Vietnamese. Closes: #513809
  * Russian. Closes: #514047
  * French. Closes: #514312
  * Slovak. Closes: #514381
  * German. Closes: #514450
.
  [ Michael Wiegand ]
  * Lower compat to 5
  * Adjust dependencies: debhelper (>= 5), libopenvas2-dev (>= 2.0.1),
    libopenvasnasl2-dev (>= 2.0.1), libpcap-dev
  * Add openssl to Depends (Closes: #526971), thanks to Torbjörn Wictorin for
    reporting
  * Adjust package descriptions
  * Updated openvasd.conf with new preferences for the 2.0.x series and fixed
    wrong entry for dumpfile.
  * Changed the default to make openvasd listen on external interfaces as well.
  * Moved /usr/bin/openvasd-config to openvas-server
  * Creating /etc/openvas/gnupg and /var/cache/openvas
.
openvas-server (2.0.0-2) unstable; urgency=low
.
  * Brown paper bag release: Restore changes introduced from 1.0.2-2 which were
    missing in the previous package
  * Remove the openvas-plugins dependency as it is not currently in the archive. Users have
    to manually download the plugins currently. This will be restored once openvas-plugins
    is in the archive
.
openvas-server (2.0.0-1) unstable; urgency=low
.
  * New upstream release
.
openvas-server (2.0.0.beta2-1) UNRELEASED; urgency=low
.
  * New upstream release
  * Adjusted dependencies to use beta2 versions of the libraries
  * Removed reference to openvas-check-signature.1 that was removed
.
openvas-server (2.0.0.beta1-1) UNRELEASED; urgency=low
.
  * New upstream release
  * Updated copyright with details of translators
  * Adjusted dependencies to use libopenvas2-dev and libopenvasnasl2-dev
  * Updated standards version
  * Changed defaults so that it listens on 1241 on 127.0.0.1 by default
  * Updated README.Debian
  * Cleaned up the rules
.
openvas-server (1.0.2-5) unstable; urgency=low
.
  * Updated Swedish Debconf translation by Martin Bagge
.
openvas-server (1.0.2-4) unstable; urgency=low
.
  * Corrected server restart in postinst
  * Disable signature check in openvasd.conf
    (nasl_no_signature_check = yes)
  * Reworked copyright file:
    . Improved packaging log/copyright notes
    . Added list of translators
    . Adjusted GPL version to v2 which is stated in source files
    . Improved list of packagers and packaging contributors
  * Updated PO files after debconf-updatepo and adjusting new fuzzy
    translations
  * Corrected comment in openvasd(8) manpage
.
openvas-server (1.0.2-3) unstable; urgency=low
.
  * Set Debian OpenVAS Maintainers <openvas-distro-deb@wald> as maintainer
  * Add Jan Wagner, Tim Brown and me to Uploaders
  * Bump Standards-Version
  * Remove openvas-plugins from Dependencies
  * Add versioned dependency against openvas-server to openvas-server-dev
  * Add section net to openvas-server
  * Clear recommends for -dev package
  * Re-upload with full source
.
openvas-server (1.0.2-2) unstable; urgency=low
.
  * Add Intevation GmbH to debian/copyright since some of the changes
    in openvasd.c are (c) by them. This fixes the reason this package
    was REJECTED by the ftpmasters.
  * Fix package's version.
  * Add openvas.tmpl to the files to check for in debian/rules
.
openvas-server (1.0.2-1) unstable; urgency=low
.
  * New upstream release.
    - Upstream includes fixes introduced in previous package version
    - Fixes also a SIGSEGV when scanning with the server
  * Add a README.Debian file describing notes for users based on Nessus'
    README but with an updated content and some other adjustments.
  * Reorder the packages in debian/control so that openvas-server
    is the main package
.
openvas-server (1.0.1-1) unstable; urgency=low
.
  * New upstream release
  * Manually update the debian po files (change 'nessus-mkcert' to
    'openvas-mkcert') and unfuzzy the modified string in all languages.
  * Adjust Build-Depends to make it depend on libopenvas1-dev (>= 1.0.2)
    and libopenvasnasl1-dev (>= 1.0.1)
  * Fix the location of the runtime directory to /var/run/openvas to
    be FHS compliant (it was /var/openvas).
  * Fix wrong references in source code and documentation to /var/openvas
    when it should be /var/lib/openvas
  * Fix the main Makefile openvas-mkcert-client.in, openvas-mkcert.in,
    openvas-user.in and openvas-rmuser.in to use the proper statedirectory
    definitions.
  * Restore the openvas-mkcert-client manpage that was lost in openvas
  [ Debian specific ]
  * debian/rules:
     - Define CFLAGS and LDFLAGS before the call to configure, not afterwards
     as this confuses the configure script
     - Remove the usr/include directory from openvas-server so as to
       not distribute an empty directory
  * debian/control: Add openvas-plugins as a Dependency, add the same
    Suggests: and Recommends: to the packages as the nessus-core package had.
.
openvas-server (1.0.0-3) unstable; urgency=low
.
  [ Tim Brown ]
  * Fixed po files
  * Modified init info in openvas-server.init to include descriptions
.
  [ Jan Wagner ]
  * Split out -dev packages
  * remove traces of Nesses from openvasd.conf
.
openvas-server (1.0.0-2) unstable; urgency=low
.
  * Minor updates to control file, fixed Section, Priority and Build-Depends
  directives
.
openvas-server (1.0.0-1) unstable; urgency=low
.
  * Initial release
parent 0c5c0a29
openvas-scanner (7.0.1-1) unstable; urgency=medium
The OpenVAS tool has been renamed to GVM: Greenbone Vulnerability Manager.
The openvas-scanner package is one component of GVM. It didn't change its
name, but almost all other packages changed their names. The upgrade from
previous version can't be done automatically.
Please install the gvm package (once it's available) and read the file
/usr/share/doc/gvm/MIGRATION-FROM-9-TO-11
-- Sophie Brun <sophie@offensive-security.com> Fri, 31 Jul 2020 17:33:23 +0200
Notes about openvas-scanner in Debian
-------------------------------------
The Debian package ships a working redis configuration file
(/etc/redis/redis-openvas.conf) and an openvas-scanner configuration
file (/etc/openvas/openvas.conf) that work together by default.
Since version 10 there is no longer openvas-scanner.service.
If you are not using systemd, then it's up to you to tweak the
configuration to get it to work. One possible way to get there
is to replace /etc/redis/redis.conf by /etc/redis/redis-openvas.conf,
restart redis-server and be done with it.
This diff is collapsed.
Source: openvas-scanner
Section: admin
Priority: optional
Maintainer: Debian Security Tools <team+pkg-security@tracker.debian.org>
Uploaders: Sophie Brun <sophie@offensive-security.com>
Build-Depends: debhelper-compat (= 13),
bison,
cmake (>= 2.8),
pkg-config,
libglib2.0-dev (>= 2.32),
libgcrypt20-dev,
libgnutls28-dev,
libpcap-dev,
libgvm-dev (>= 21.4.3),
doxygen,
# Exclude those two architectures until cgreen is fixed:
# https://github.com/cgreen-devs/cgreen/issues/227
# https://github.com/cgreen-devs/cgreen/issues/239
libcgreen1-dev [!ppc64el !s390x]
Standards-Version: 4.6.0
Rules-Requires-Root: no
Homepage: https://www.greenbone.net/
Vcs-Browser: https://salsa.debian.org/pkg-security-team/openvas-scanner
Vcs-Git: https://salsa.debian.org/pkg-security-team/openvas-scanner.git
Package: openvas-scanner
Section: net
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, openssl, redis-server,
lsb-base (>= 3.0-6), adduser, rsync
Replaces: openvas-server, openvas-plugins, libopenvas-dev, openvas-nasl
Conflicts: openvas-server, openvas-plugins, libopenvas-dev, openvas-nasl
Recommends: nmap, python3-impacket
Suggests: gvm-tools, snmp, pnscan, strobe, ike-scan
Description: remote network security auditor - scanner
The Open Vulnerability Assessment System is a modular security auditing
tool, used for testing remote systems for vulnerabilities that should be
fixed.
.
It is made up of two parts: a scan server, and a client. The scanner/daemon,
openvassd, is in charge of the attacks, whereas the client,
gvm-tools, provides an X11/GTK+ user interface.
.
This package provides the scanner.
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: openvas-scanner
Source: https://github.com/greenbone/openvas-scanner
Files: *
Copyright: 2009-2021 Greenbone Networks GmbH
2006 Software in the Public Interest, Inc.
1998-2006 Tenable Network Security, Inc.
and others
License: GPL-2
Files: src/CMakeLists.txt
nasl/tests/*
CMakeLists.txt
cmake/GetGit.cmake
doc/CMakeLists.txt
misc/CMakeLists.txt
misc/bpf_share.h
misc/ftp_funcs.*
misc/network.*
misc/nvt_categories.h
misc/pcap.c
misc/pcap_openvas.h
misc/pcap_tests.c
misc/plugutils.*
misc/scanneraux.h
misc/support.h
misc/vendorversion.*
nasl/CMakeLists.txt
nasl/arc4.c
nasl/byteorder.h
nasl/charcnv.c
nasl/charset.h
nasl/genrand.c
nasl/hmacmd5.*
nasl/iconv.*
nasl/md4.*
nasl/nasl-lint.c
nasl/nasl_builtin_plugins.h
nasl/nasl_cert.*
nasl/nasl_isotime.*
nasl/nasl_signature.*
nasl/nasl_smb.*
nasl/nasl_snmp.*
nasl/nasl_socket.c
nasl/nasl_ssh.*
nasl/nasl_wmi.*
nasl/ntlmssp.*
nasl/openvas_smb_interface.*
nasl/openvas_wmi_interface.h
nasl/proto.h
nasl/smb.h
nasl/smb_crypt.*
nasl/smb_crypt2.c
nasl/smb_interface_stub.c
nasl/smb_signing.*
nasl/time.c
nasl/wmi_interface_stub.c
src/attack_tests.c
src/main.c
src/openvas.h
tools/greenbone-nvt-sync.in
Copyright: 2009-2020 Greenbone Networks GmbH
1998-2007 Tenable Network Security, Inc
License: GPL-2+
Files: nasl/md5.*
Copyright: None, public domain.
License: public-domain
This code was written by Colin Plumb in 1993, no copyright is claimed.
This code is in the public domain; do with it what you wish.
Files: debian/*
Copyright: 2009-2011 Stephan Kleine <bitshuffler@opensuse.org>
2012 Mati Aharoni <muts@kali.org>
2013-2015 Raphaël Hertzog <hertzog@debian.org>
2014-2021 Sophie Brun <sophie@offensive-security.com>
2016 ChangZhuo Chen (陳昌倬) <czchen@debian.org>
2016-2020 SZ Lin (林上智) <szlin@debian.org>
2017 Gavin Lai (賴建宇) <gavin09@gmail.com>
License: GPL-2
License: GPL-2
This program is free software; you can redistribute it
and/or modify it under the terms of the GNU General Public
License version 2, as published by the Free Software Foundation.
.
This program is distributed in the hope that it will be
useful, but WITHOUT ANY WARRANTY; without even the implied
warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE. See the GNU General Public License for more
details.
.
You should have received a copy of the GNU General Public
License along with this package; if not, write to the Free
Software Foundation, Inc., 51 Franklin St, Fifth Floor,
Boston, MA 02110-1301 USA
.
On Debian systems, the full text of the GNU General Public
License version 2 can be found in the file
`/usr/share/common-licenses/GPL-2'.
License: GPL-2+
This program is free software; you can redistribute it
and/or modify it under the terms of the GNU General Public
License as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later
version.
.
This program is distributed in the hope that it will be
useful, but WITHOUT ANY WARRANTY; without even the implied
warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE. See the GNU General Public License for more
details.
.
You should have received a copy of the GNU General Public
License along with this package; if not, write to the Free
Software Foundation, Inc., 51 Franklin St, Fifth Floor,
Boston, MA 02110-1301 USA
.
On Debian systems, the full text of the GNU General Public
License version 2 can be found in the file
`/usr/share/common-licenses/GPL-2'.
[DEFAULT]
debian-branch = debian/master
pristine-tar = True
[buildpackage]
sign-tags = True
[import-orig]
filter-pristine-tar = True
[pq]
patch-numbers = False
[dch]
multimaint-merge = True
var/cache/gvm
var/lib/gvm
var/log/gvm
debian/openvas.conf etc/openvas/
debian/redis-openvas.conf etc/redis/
link-to-shared-library-in-wrong-package usr/lib/libopenvas_*
package-name-doesnt-match-sonames libopenvas-misc*
/var/log/gvm/openvas.log {
missingok
notifempty
create 640 _gvm _gvm
daily
rotate 7
compress
postrotate
openvaslogs=`ls /var/log/gvm/openvas.log.*`
if [ -n "$openvaslogs" ]; then
chown _gvm:_gvm $openvaslogs
chmod 640 $openvaslogs
fi
endscript
}
#!/bin/sh
set -e
if [ -e /etc/redis/redis-openvas.conf ]; then
chown redis:redis /etc/redis/redis-openvas.conf
fi
if ! getent group _gvm >/dev/null; then
addgroup --quiet --system --force-badname _gvm
fi
if ! getent passwd _gvm >/dev/null; then
adduser --quiet --force-badname --system --ingroup _gvm --home /var/lib/openvas --no-create-home _gvm
fi
# we need to have access to the redis socket
usermod -aG redis _gvm
if ! dpkg-statoverride --list /var/lib/openvas >/dev/null 2>&1; then
dpkg-statoverride --update --add _gvm _gvm 0755 /var/lib/openvas
fi
if ! dpkg-statoverride --list /var/lib/openvas/gnupg >/dev/null 2>&1; then
dpkg-statoverride --update --add _gvm _gvm 0700 /var/lib/openvas/gnupg
fi
if ! dpkg-statoverride --list /var/lib/openvas/plugins >/dev/null 2>&1; then
dpkg-statoverride --update --add _gvm _gvm 0755 /var/lib/openvas/plugins
fi
#DEBHELPER#
exit 0
#!/bin/sh
set -e
case "$1" in
purge)
if dpkg-statoverride --list /var/lib/openvas >/dev/null 2>&1
then
dpkg-statoverride --remove /var/lib/openvas
fi
if dpkg-statoverride --list /var/lib/openvas/gnupg >/dev/null 2>&1
then
dpkg-statoverride --remove /var/lib/openvas/gnupg
fi
if dpkg-statoverride --list /var/lib/openvas/plugins >/dev/null 2>&1
then
dpkg-statoverride --remove /var/lib/openvas/plugins
fi
;;
remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
;;
*)
echo "postrm called with unknown argument \`$1'" >&2
exit 1
;;
esac
#DEBHELPER#
exit 0
# Use location matching /etc/redis/redis-openvas.conf which is
# used by systemd's redis@openvas.service
db_address = /var/run/redis-openvas/redis-server.sock
From: Sophie Brun <sophie@offensive-security.com>
Date: Fri, 7 Aug 2020 10:38:50 +0200
Subject: Explain to run command greenbone-nvt-sync with _gvm user
Forwarded: not-needed
---
tools/greenbone-nvt-sync.in | 3 +++
1 file changed, 3 insertions(+)
diff --git a/tools/greenbone-nvt-sync.in b/tools/greenbone-nvt-sync.in
index d2c0b12..4b67a90 100644
--- a/tools/greenbone-nvt-sync.in
+++ b/tools/greenbone-nvt-sync.in
@@ -168,6 +168,9 @@ if [ "`id -u`" -eq "0" ]
then
stderr_write "$0 must not be executed as privileged user root"
stderr_write
+ stderr_write "On Debian the command must be run as _gvm user. Run:"
+ stderr_write "sudo runuser -u _gvm -- greenbone-nvt-sync"
+ stderr_write
stderr_write "Unlike the actual scanner the sync routine does not need privileges."
stderr_write "Accidental execution as root would prevent later overwriting of"
stderr_write "files with a non-privileged user."
From: Sophie Brun <sophie@offensive-security.com>
Date: Mon, 21 Dec 2020 15:18:23 +0100
Subject: Fix test failure
Do not test if interface is not available (case of ipv6 only machine)
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976712
---
misc/pcap_tests.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/misc/pcap_tests.c b/misc/pcap_tests.c
index dbe91db..3c5c407 100644
--- a/misc/pcap_tests.c
+++ b/misc/pcap_tests.c
@@ -150,8 +150,10 @@ Ensure (pcap, routethrough_src_globalsource_set)
interface = routethrough (&dst, &src);
/* dependent on local environment */
// assert_that ((interface = routethrough (&dst, &src)), is_not_null);
- assert_that (interface, is_not_equal_to_string ("lo"));
- assert_that ((src.s_addr != INADDR_ANY));
+ if (interface != NULL) {
+ assert_that (interface, is_not_equal_to_string ("lo"));
+ assert_that ((src.s_addr != INADDR_ANY));
+ }
g_socket_use_real = true;
}
Explain-to-run-command-greenbone-nvt-sync-with-_gvm-user.patch
Fix-test-failure.patch
This diff is collapsed.
--- /etc/redis/redis.conf 2018-04-02 21:37:12.000000000 +0200
+++ debian/redis-openvas.conf 2018-04-05 21:10:40.118896475 +0200
@@ -89,7 +89,7 @@
# Accept connections on the specified port, default is 6379 (IANA #815344).
# If port 0 is specified Redis will not listen on a TCP socket.
-port 6379
+port 0
# TCP listen() backlog.
#
@@ -106,8 +106,8 @@
# incoming connections. There is no default, so Redis will not listen
# on a unix socket when not specified.
#
-# unixsocket /var/run/redis/redis-server.sock
-# unixsocketperm 700
+unixsocket /var/run/redis-openvas/redis-server.sock
+unixsocketperm 700
# Close the connection after a client is idle for N seconds (0 to disable)
timeout 0
@@ -155,7 +155,7 @@
#
# Creating a pid file is best effort: if Redis is not able to create it
# nothing bad happens, the server will start and run normally.
-pidfile /var/run/redis/redis-server.pid
+pidfile /var/run/redis-openvas/redis-server.pid
# Specify the server verbosity level.
# This can be one of:
@@ -168,7 +168,7 @@
# Specify the log file name. Also the empty string can be used to force
# Redis to log on the standard output. Note that if you use standard
# output for logging but daemonize, logs will be sent to /dev/null
-logfile /var/log/redis/redis-server.log
+logfile /var/log/redis/redis-server-openvas.log
# To enable logging to the system logger, just set 'syslog-enabled' to yes,
# and optionally update the other syslog parameters to suit your needs.
@@ -250,7 +250,7 @@
rdbchecksum yes
# The filename where to dump the DB
-dbfilename dump.rdb
+dbfilename openvas-dump.rdb
# The working directory.
#
@@ -673,7 +673,7 @@
# The name of the append only file (default: "appendonly.aof")
-appendfilename "appendonly.aof"
+appendfilename "openvas-appendonly.aof"
# The fsync() call tells the Operating System to actually write data on disk
# instead of waiting for more data in the output buffer. Some OS will really flush
#!/usr/bin/make -f
DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
%:
dh $@
override_dh_auto_configure:
# set OPENVAS_FEED_LOCK_PATH to /var/lib/openvas/feed-update.lock
# and not to /var/run/... # because /var/run is created by the gvm
# services and does not exist when we run greenbone-nvt-sync
dh_auto_configure -- -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=Release
override_dh_missing:
dh_missing --fail-missing
override_dh_auto_build:
dh_auto_build
if [ -e /usr/include/cgreen/cgreen.h ]; then \
cd $(CURDIR)/obj-$(DEB_HOST_GNU_TYPE) && make tests; \
fi
override_dh_auto_test:
if [ -e /usr/include/cgreen/cgreen.h ]; then \
dh_auto_test; \
fi
---
include:
- https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
- https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment