From d55604c738992914898c53061b610eb8b2985ebd Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Mon, 18 Jul 2022 16:40:58 +0200 Subject: [PATCH 001/120] Update docker & workflows for new stable branch This updates the docker and workflow files for making the state in main the new stable branch. --- .docker/build.Dockerfile | 2 +- .docker/prod.Dockerfile | 2 +- .github/workflows/build-and-test.yml | 4 ++-- .github/workflows/build-docs.yml | 2 +- .github/workflows/codeql-analysis-c.yml | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.docker/build.Dockerfile b/.docker/build.Dockerfile index 6422a4f3b..112d84fd2 100644 --- a/.docker/build.Dockerfile +++ b/.docker/build.Dockerfile @@ -1,5 +1,5 @@ # Define ARG we use through the build -ARG VERSION=unstable +ARG VERSION=stable # We want gvm-libs to be ready so we use the build docker image of gvm-libs FROM greenbone/gvm-libs:$VERSION diff --git a/.docker/prod.Dockerfile b/.docker/prod.Dockerfile index 6d7c06874..4daa3134a 100644 --- a/.docker/prod.Dockerfile +++ b/.docker/prod.Dockerfile @@ -1,4 +1,4 @@ -ARG VERSION=unstable +ARG VERSION=stable ARG DEBIAN_FRONTEND=noninteractive FROM greenbone/gvmd-build:${VERSION} as builder diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index f04cb5078..4e93f7bbf 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -22,7 +22,7 @@ jobs: scan-build: name: scan-build (clang static analyzer) runs-on: ubuntu-latest - container: greenbone/gvmd-build:unstable + container: greenbone/gvmd-build:stable steps: - name: Check out gvmd uses: actions/checkout@v3 @@ -46,7 +46,7 @@ jobs: test-units: name: Unit Tests runs-on: ubuntu-latest - container: greenbone/gvmd-build:unstable + container: greenbone/gvmd-build:stable steps: - name: Check out gvmd uses: actions/checkout@v3 diff --git a/.github/workflows/build-docs.yml b/.github/workflows/build-docs.yml index 5cef7cafe..df28791ca 100644 --- a/.github/workflows/build-docs.yml +++ b/.github/workflows/build-docs.yml @@ -16,7 +16,7 @@ jobs: build-gmp-doc: name: Build GMP documentation runs-on: ubuntu-latest - container: greenbone/gvmd-build:latest + container: greenbone/gvmd-build:stable steps: - name: Check out gvmd uses: actions/checkout@v3 diff --git a/.github/workflows/codeql-analysis-c.yml b/.github/workflows/codeql-analysis-c.yml index 45085db6f..901e93a08 100644 --- a/.github/workflows/codeql-analysis-c.yml +++ b/.github/workflows/codeql-analysis-c.yml @@ -19,7 +19,7 @@ jobs: actions: read contents: read security-events: write - container: greenbone/gvmd-build:unstable + container: greenbone/gvmd-build:stable strategy: fail-fast: false From 804d835fd6958d0736118060b12bde84e3492501 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Ricks?= Date: Tue, 19 Jul 2022 13:09:20 +0200 Subject: [PATCH 002/120] Fix build of container --- .github/workflows/container.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index 902646664..fdc30386b 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -2,7 +2,7 @@ name: Container Image Builds on: push: - branches: [ main ] + branches: [ main, stable, oldstable ] tags: ["v*"] workflow_dispatch: repository_dispatch: From 9afd2f5c6bfe6b476ccdf559894bd9a171d40126 Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Thu, 21 Jul 2022 09:20:24 +0200 Subject: [PATCH 003/120] Change version to 22.4.0, remove old changelog --- CHANGELOG.md | 621 ----------------------------- CMakeLists.txt | 2 +- changelog/{v22.4.md => v22.4.0.md} | 4 +- 3 files changed, 3 insertions(+), 624 deletions(-) delete mode 100644 CHANGELOG.md rename changelog/{v22.4.md => v22.4.0.md} (98%) diff --git a/CHANGELOG.md b/CHANGELOG.md deleted file mode 100644 index adf04ab77..000000000 --- a/CHANGELOG.md +++ /dev/null @@ -1,621 +0,0 @@ -# Changelog - -All notable changes to this project will be documented in this file. - -The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - -## [22.4] (unreleased) - -### Added -- Add a new modification_time column to reports [#1513](https://github.com/greenbone/gvmd/pull/1513), [#1519](https://github.com/greenbone/gvmd/pull/1519), [#1590](https://github.com/greenbone/gvmd/pull/1590) -- Add basic Sentry integration and logging [#1550](https://github.com/greenbone/gvmd/pull/1550) -- Add GMP get_license and modify_license [#1642](https://github.com/greenbone/gvmd/pull/1642), [#1692](https://github.com/greenbone/gvmd/pull/1692), [#1696](https://github.com/greenbone/gvmd/pull/1696) -### Changed -- Use pg-gvm extension for C PostgreSQL functions [#1400](https://github.com/greenbone/gvmd/pull/1400), [#1453](https://github.com/greenbone/gvmd/pull/1453) -- Change report timestamp filter and iterator columns [#1512](https://github.com/greenbone/gvmd/pull/1512) -- Rename the date column of reports to creation_time [#1520](https://github.com/greenbone/gvmd/pull/1520) -- Send the script timeout to the scanner as script preferences [#1670](https://github.com/greenbone/gvmd/pull/1670) - -### Fixed -- Improve VT version handling for CVE & OVAL results [#1496](https://github.com/greenbone/gvmd/pull/1496) -- Fix migration to DB version 242 from gvmd 20.08 [#1498](https://github.com/greenbone/gvmd/pull/1498) -- Update subject alternative name in certificate generation [#1503](https://github.com/greenbone/gvmd/pull/1503) - -### Removed -- Remove Network Source Interface from gvmd [#1511](https://github.com/greenbone/gvmd/pull/1511) -- Removed OVAL definitions from gvmd [#1525](https://github.com/greenbone/gvmd/pull/1525) -- Removed OVAL definitions from GMP and gvmd documentation [1551](https://github.com/greenbone/gvmd/pull/1551) -- Removed the Business Process Map from gvmd [1627](https://github.com/greenbone/gvmd/pull/1627) -- Removed ifaces element from users [#1676](https://github.com/greenbone/gvmd/pull/1676) -- Removed OSP scanners from gvmd [#1689](https://github.com/greenbone/gvmd/pull/1689) [#1691](https://github.com/greenbone/gvmd/pull/1691) [#1694](https://github.com/greenbone/gvmd/pull/1694) [#1701](https://github.com/greenbone/gvmd/pull/1701) - -[Unreleased]: https://github.com/greenbone/gvmd/compare/stable...main - -## [21.4.4] (unreleased) -### Added -- Add --rebuild-gvmd-data command line option [#1680](https://github.com/greenbone/gvmd/pull/1680) [#1683](https://github.com/greenbone/gvmd/pull/1683) - -### Changed -### Deprecated -### Removed -### Fixed -- Ensure gvmd sends error messages if gvmcg fails [#1682](https://github.com/greenbone/gvmd/pull/1682) -- Fix resume task. - [#1679](https://github.com/greenbone/gvmd/pull/1679) - [#1695](https://github.com/greenbone/gvmd/pull/1695) -- Added a dedicated error message for the create ticket dialogue when the create permission permission is missing [#1686](https://github.com/greenbone/gvmd/pull/1686) -- Fix import of report results / errors without host [#1687](https://github.com/greenbone/gvmd/pull/1687) - -[Unreleased]: https://github.com/greenbone/gvmd/compare/v21.4.3...HEAD - - -## [21.4.3] - 2021-08-03 -### Fixed -- Fix sending prefs for whole, growing VT families [#1603](https://github.com/greenbone/gvmd/pull/1603) -- Add trash columns for target "elevate" credential [#1636](https://github.com/greenbone/gvmd/pull/1636) - -[21.4.3]: https://github.com/greenbone/gvmd/compare/v21.4.2...stable - -## [21.4.2] - 2021-06-28 -### Fixed -- Amended Test, if the ssh elevate credential is different from the ssh credential [#1586](https://github.com/greenbone/gvmd/pull/1586) -- Added the missing GMP documentation for the ssh elevate credential [#1591](https://github.com/greenbone/gvmd/pull/1591) - -[21.4.2]: https://github.com/greenbone/gvmd/compare/v21.4.1...v21.4.2 - -## [21.4.1] - 2021-06-23 - -### Added -- Add NVT tag "deprecated" [#1536](https://github.com/greenbone/gvmd/pull/1536) -- Extend GMP for new privilege escalation credential [#1535](https://github.com/greenbone/gvmd/pull/1535) -- Include new ssh elevate (escalation) credential in OSP request [#1539](https://github.com/greenbone/gvmd/pull/1539) -- Add test if the ssh elevate credential is different from the ssh credential [#1582](https://github.com/greenbone/gvmd/pull/1582) - -### Changed -- Update default log config [#1501](https://github.com/greenbone/gvmd/pull/1501) - -### Fixed -- Improve VT version handling for CVE & OVAL results [#1496](https://github.com/greenbone/gvmd/pull/1496) -- Fix migration to DB version 242 from gvmd 20.08 [#1498](https://github.com/greenbone/gvmd/pull/1498) -- Update subject alternative name in certificate generation [#1503](https://github.com/greenbone/gvmd/pull/1503) -- Fix whole-only config family selection [#1517](https://github.com/greenbone/gvmd/pull/1517) -- Migrate GMP Scanners to OSP Sensors [#1533](https://github.com/greenbone/gvmd/pull/1533) -- Solved a peformance problem for tasks after scanning lots of hosts [#1567](https://github.com/greenbone/gvmd/pull/1567) - -[21.4.1]: https://github.com/greenbone/gvmd/compare/v21.4.0...v21.4.1 - -## [21.4.0] (2021-04-16) - -### Added -- Extend GMP for extended severities [#1326](https://github.com/greenbone/gvmd/pull/1326) [#1329](https://github.com/greenbone/gvmd/pull/1329) [#1359](https://github.com/greenbone/gvmd/pull/1359) [#1371](https://github.com/greenbone/gvmd/pull/1371) [#1477](https://github.com/greenbone/gvmd/pull/1477) [#1488](https://github.com/greenbone/gvmd/pull/1488) -- Parameter `--db-user` to set a database user [#1327](https://github.com/greenbone/gvmd/pull/1327) -- Add `allow_simultaneous_ips` field for targets [#1346](https://github.com/greenbone/gvmd/pull/1346) [#1396](https://github.com/greenbone/gvmd/pull/1396) -- Speed up GET_VULNS [#1354](https://github.com/greenbone/gvmd/pull/1354) [#1355](https://github.com/greenbone/gvmd/pull/1354) -- Speed up result counting iterator [#1358](https://github.com/greenbone/gvmd/pull/1358) [#1361](https://github.com/greenbone/gvmd/pull/1361) -- Speed up result iterator [#1370](https://github.com/greenbone/gvmd/pull/1358) [#1361](https://github.com/greenbone/gvmd/pull/1370) -- Improve GMP docs around users [#1363](https://github.com/greenbone/gvmd/pull/1363) -- Cache report counts when Dynamic Severity is enabled [#1389](https://github.com/greenbone/gvmd/pull/1389) -- Detection entry detection while importing reports [#1405](https://github.com/greenbone/gvmd/pull/1405) - -### Changed -- Move EXE credential generation to a Python script [#1260](https://github.com/greenbone/gvmd/pull/1260) [#1262](https://github.com/greenbone/gvmd/pull/1262) -- Clarify documentation for --scan-host parameter [#1277](https://github.com/greenbone/gvmd/pull/1277) -- In result iterator access severity directly if possible [#1321](https://github.com/greenbone/gvmd/pull/1321) -- Change SCAP and CERT data to use "severity" consistently [#1333](https://github.com/greenbone/gvmd/pull/1333) [#1357](https://github.com/greenbone/gvmd/pull/1357) [#1365](https://github.com/greenbone/gvmd/pull/1365) [#1457](https://github.com/greenbone/gvmd/pull/1457) [#1476](https://github.com/greenbone/gvmd/pull/1476) -- Expect report format scripts to exit with code 0 [#1383](https://github.com/greenbone/gvmd/pull/1383) -- Send entire families to ospd-openvas using VT_GROUP [#1384](https://github.com/greenbone/gvmd/pull/1384) -- Limit "whole-only" config families to "growing" and "every nvt" [#1386](https://github.com/greenbone/gvmd/pull/1386) -- Access current user with an SQL function [#1399](https://github.com/greenbone/gvmd/pull/1399) -- Refactor modify_config, allowing multiple simultaneous changes [#1404](https://github.com/greenbone/gvmd/pull/1404) -- Add retry on a deadlock within sql#sql [#1460](https://github.com/greenbone/gvmd/pull/1460) -- Don't require report format plugin for XML report [#1466](https://github.com/greenbone/gvmd/pull/1466) -- Wording of `Rebuilding NVTs because integrity check failed` [1475](https://github.com/greenbone/gvmd/pull/1475) - -### Fixed -- Use GMP version with leading zero for feed dirs [#1287](https://github.com/greenbone/gvmd/pull/1287) -- Check db version before creating SQL functions [#1304](https://github.com/greenbone/gvmd/pull/1304) -- Fix severity_in_level SQL function [#1312](https://github.com/greenbone/gvmd/pull/1312) -- Fix and simplify SecInfo migration [#1331](https://github.com/greenbone/gvmd/pull/1331) -- Prevent CPE/NVD_ID from being "(null)" [#1369](https://github.com/greenbone/gvmd/pull/1369) -- Check DB versions before CERT severity updates [#1376](https://github.com/greenbone/gvmd/pull/1376) -- Add owner checks to report_count queries [#1397](https://github.com/greenbone/gvmd/pull/1397) - -### Removed -- Remove solution element from VT tags [#886](https://github.com/greenbone/gvmd/pull/886) -- Drop GMP scanners [#1269](https://github.com/greenbone/gvmd/pull/1269) -- Reduce Severity Classes [#1285](https://github.com/greenbone/gvmd/pull/1285) -- Removed Severity Classes [#1288](https://github.com/greenbone/gvmd/pull/1288) -- Remove remaining use of "Severity Class" in where_levels_auto [#1311](https://github.com/greenbone/gvmd/pull/1311) -- Remove the functionality "autofp" (Auto False Positives) [#1300](https://github.com/greenbone/gvmd/pull/1300) -- Remove severity type "debug" [#1316](https://github.com/greenbone/gvmd/pull/1316) -- Remove element "threat" of element "notes" [#1324](https://github.com/greenbone/gvmd/pull/1324) - -[21.4.0]: https://github.com/greenbone/gvmd/compare/oldstable...v21.4.0 - -## [20.8.4] - Unreleased -### Added -### Changed -* Changed defaults for installation locations [#1662](https://github.com/greenbone/gvmd/pull/1662) [#1665](https://github.com/greenbone/gvmd/pull/1665) - * SYSCONFDIR is /etc by default now - * LOCALSTATEDIR is /var by default now - * GVM_RUN_DIR is /run/gvm by default now - * OPENVAS_DEFAULT_SOCKET is /run/ospd/ospd-openvas.sock by default now - * SYSTEMD_SERVICE_DIR is /lib/systemd/system by default now - * Removed gvmd.default file and adjusted gvmd.service file accordingly - * GVM_FEED_LOCK_PATH is /var/lib/gvm/feed-update.lock by default now - -### Deprecated -### Removed -* Remove BID from GMP documentation [#1673](https://github.com/greenbone/gvmd/pull/1673) - -### Fixed -- Fixed the lack of the severities in the display of the applications [#1666](https://github.com/greenbone/gvmd/pull/1666) - -[20.8.4]: https://github.com/greenbone/gvmd/compare/v20.8.3...oldstable - - -## [20.8.3] - 2021-08-03 - -### Added -- Add --optimize add-/cleanup-feed-permissions [#1612](https://github.com/greenbone/gvmd/pull/1612) - -### Changed -- Use less report cache SQL when adding results [#1618](https://github.com/greenbone/gvmd/pull/1618) - -### Fixed -- Solved a performance problem when filtering results by tags [#1579](https://github.com/greenbone/gvmd/pull/1579) -- Fix VTs hash check and add --dump-vt-verification - [#1611](https://github.com/greenbone/gvmd/pull/1611) - [#1629](https://github.com/greenbone/gvmd/pull/1629) - [#1641](https://github.com/greenbone/gvmd/pull/1651) - [#1643](https://github.com/greenbone/gvmd/pull/1643) - [#1655](https://github.com/greenbone/gvmd/pull/1655) -- Fix memory errors in modify_permission [#1613](https://github.com/greenbone/gvmd/pull/1613) -- Fix sensor connection for performance reports on failure [#1633](https://github.com/greenbone/gvmd/pull/1633) -- Sort the "host" column by IPv4 address if possible [#1637](https://github.com/greenbone/gvmd/pull/1637) -- Fix for parse_iso_time_tz error with musl library [#1644](https://github.com/greenbone/gvmd/pull/1644) - -[20.8.3]: https://github.com/greenbone/gvmd/compare/v20.8.2...oldstable - -## [20.8.2] - 2021-06-23 - -### Added -- Add standard info elem fields for NVTs in get_info [#1426](https://github.com/greenbone/gvmd/pull/1426) -- Add --ldap-debug option [#1439](https://github.com/greenbone/gvmd/pull/1439) -- Try to install PostgreSQL extensions automatically [#1444](https://github.com/greenbone/gvmd/pull/1444) [#1483](https://github.com/greenbone/gvmd/pull/1483) -- Add auto retry on scanner connection lost during a running task [#1452](https://github.com/greenbone/gvmd/pull/1452) -- Add --feed-lock-timeout option [#1472](https://github.com/greenbone/gvmd/pull/1472) -- datetime parser for `%Y-%m-%dT%Hh%M` for keywords [1518](https://github.com/greenbone/gvmd/pull/1518) - -### Changed -- Improve report counts performance [#1438](https://github.com/greenbone/gvmd/pull/1438) -- Clean up log config, add gvm-libs log domains [#1502](https://github.com/greenbone/gvmd/pull/1502) -- Sort missing severity as lowest value in GMP get [#1508](https://github.com/greenbone/gvmd/pull/1508) -- Use passwordbasedauthentication of gvm-libs instead of auth_utils [#1505](https://github.com/greenbone/gvmd/pull/1505) -- Set file permissions in greenbone-feed-sync [#1575](https://github.com/greenbone/gvmd/pull/1575) - -### Fixed -- Also create owner WITH clause for single resources [#1406](https://github.com/greenbone/gvmd/pull/1406) -- Fix SQL escaping when adding VT references [#1429](https://github.com/greenbone/gvmd/pull/1429) -- Update report run status more consistently [#1434](https://github.com/greenbone/gvmd/pull/1434) -- Improve modify_override errors, fix no NVT case [#1435](https://github.com/greenbone/gvmd/pull/1435) -- Fix size calculation in `--optimize vacuum` [#1447](https://github.com/greenbone/gvmd/pull/1447) -- Fix report host end time check in CVE scans [#1462](https://github.com/greenbone/gvmd/pull/1462) -- Fix "not regexp ..." filters [#1482](https://github.com/greenbone/gvmd/pull/1482) -- Escape TLS certificate DNs that are invalid UTF-8 [#1486](https://github.com/greenbone/gvmd/pull/1486) -- Free alert get data in report_content_for_alert [#1526](https://github.com/greenbone/gvmd/pull/1526) -- Fix erroneous freeing of ical timezone component [#1530](https://github.com/greenbone/gvmd/pull/1530) -- Fixed the sorting / filter by username functionality for remediation tickets [#1546](https://github.com/greenbone/gvmd/pull/1546) -- The alterable indicator is now copied when cloning a task [#1553](https://github.com/greenbone/gvmd/pull/1553) -- Fix stop resume feature. [#1568](https://github.com/greenbone/gvmd/pull/1568) - -### Removed - -[20.8.2]: https://github.com/greenbone/gvmd/compare/v20.8.1...oldstable - -## [20.8.1] (2021-02-02) - -### Added -- Added ability to enter Subject Alternative Names (SAN) when generating a CSR [#1246](https://github.com/greenbone/gvmd/pull/1246) -- Add filter term 'predefined' [#1263](https://github.com/greenbone/gvmd/pull/1263) -- Add missing elements in get_nvts and get_preferences GMP doc [#1307](https://github.com/greenbone/gvmd/pull/1307) -- Add command line options db-host and db-port [#1308](https://github.com/greenbone/gvmd/pull/1308) -- Add missing config and target to modify_task GMP doc [#1310](https://github.com/greenbone/gvmd/pull/1310) -- Add version for NVTs and CVEs in make_osp_result [#1335](https://github.com/greenbone/gvmd/pull/1335) -- Add check if gvmd data feed dir exists [#1360](https://github.com/greenbone/gvmd/pull/1360) [#1362](https://github.com/greenbone/gvmd/pull/1362) - -### Changed -- Extended the output of invalid / missing --feed parameter given to greenbone-feed-sync [#1255](https://github.com/greenbone/gvmd/pull/1255) -- The xsltproc binary is now marked as mandatory [#1259](https://github.com/greenbone/gvmd/pull/1259) -- Check feed status without acquiring lock [#1266](https://github.com/greenbone/gvmd/pull/1266) -- Use timestamp in automatic sensor task names [#1390](https://github.com/greenbone/gvmd/pull/1390) -- Replace g_file_test with gvm-libs file tests [#1391](https://github.com/greenbone/gvmd/pull/1391) - -### Fixed -- Add dummy functions to allow restoring old dumps [#1251](https://github.com/greenbone/gvmd/pull/1251) -- Fix delta sorting for unusual filter sort terms [#1249](https://github.com/greenbone/gvmd/pull/1249) -- Fix SCP alert authentication and logging [#1264](https://github.com/greenbone/gvmd/pull/1264) -- Set file mode creation mask for feed lock handling [#1265](https://github.com/greenbone/gvmd/pull/1265) -- Ignore min_qod when getting single results by UUID [#1276](http://github.com/greenbone/gvmd/pull/1276) -- Fix alternative options for radio type preferences when exporting a scan_config [#1278](http://github.com/greenbone/gvmd/pull/1278) -- Replace deprecated sys_siglist with strsignal [#1280](https://github.com/greenbone/gvmd/pull/1280) -- Copy instead of moving when migrating predefined report formats [#1286](https://github.com/greenbone/gvmd/pull/1286) -- Skip DB check in helpers when main process is running [#1291](https://github.com/greenbone/gvmd/pull/1291) -- Recreate vulns after sync [#1292](https://github.com/greenbone/gvmd/pull/1292) -- Add SecInfo case to alert check in MODIFY_FILTER [#1293](https://github.com/greenbone/gvmd/pull/1293) -- For radio prefs in GMP exclude value and include default [#1296](https://github.com/greenbone/gvmd/pull/1296) -- Add permission check on host in OS host count [#1301](https://github.com/greenbone/gvmd/pull/1301) -- Auto delete at the start of scheduling so it always runs [#1302](https://github.com/greenbone/gvmd/pull/1302) -- Fix create_credential for snmpv3. [#1305](https://github.com/greenbone/gvmd/pull/1305) -- Remove extra spaces when parsing report format param type [#1309](https://github.com/greenbone/gvmd/pull/1309) -- Correct arg to alert_uuid [#1313](https://github.com/greenbone/gvmd/pull/1313) -- Switch result filter column 'task' from task ID to name task name [#1317](https://github.com/greenbone/gvmd/pull/1317) -- Correct check of get_certificate_info return [#1318](https://github.com/greenbone/gvmd/pull/1318) -- Fix GMP doc text of `active` elem for notes and overrides [#1323](https://github.com/greenbone/gvmd/pull/1323) -- Move feed object in trash checks to startup [#1325](https://github.com/greenbone/gvmd/pull/1325) -- Do not inherit settings from deleted users [#1328](https://github.com/greenbone/gvmd/pull/1328) -- Delete TLS certificate sources when deleting users [#1334](https://github.com/greenbone/gvmd/pull/1334) -- Fix SQL errors in SCAP and CERT update [#1343](https://github.com/greenbone/gvmd/pull/1343) -- Always check for 'All' when deleting selectors [#1342](https://github.com/greenbone/gvmd/pull/1342) -- Account for -1 of orphans when deleting permission [#1345](https://github.com/greenbone/gvmd/pull/1345) -- Allow config to sync even if NVT family is not available [#1347](https://github.com/greenbone/gvmd/pull/1347) -- Check private key when modifying credential [#1351](https://github.com/greenbone/gvmd/pull/1351) -- Clean up hosts strings before using them [#1352](https://github.com/greenbone/gvmd/pull/1352) -- Improve SCP username and destination path handling [#1350](https://github.com/greenbone/gvmd/pull/1350) -- Fix response memory handling in handle_osp_scan [#1364](https://github.com/greenbone/gvmd/pull/1364) -- Allow config to sync even if NVT family is not available [#1366](https://github.com/greenbone/gvmd/pull/1366) -- Delete report format dirs last when deleting a user [#1368](https://github.com/greenbone/gvmd/pull/1368) -- Fix sorting in get_aggregates and its documentation [#1375](https://github.com/greenbone/gvmd/pull/1375) -- Improve "Failed to find..." messages [#1395](https://github.com/greenbone/gvmd/pull/1395) -- Memory handling in various occasions [#1417](https://github.com/greenbone/gvmd/pull/1417) - -### Removed -- Remove DROP from vulns creation [#1281](http://github.com/greenbone/gvmd/pull/1281) - -[20.8.1]: https://github.com/greenbone/gvmd/compare/v20.8.0...gvmd-20.8.1 - -## [20.8.0] (2020-08-11) - -### Added -- Add setting "BPM Dashboard Configuration" [#764](https://github.com/greenbone/gvmd/pull/764) -- Faster SecInfo REF retrieval for GET_REPORTS [#793](https://github.com/greenbone/gvmd/pull/793) -- Improve performance of GET_REPORTS [#801](https://github.com/greenbone/gvmd/pull/801) [#811](https://github.com/greenbone/gvmd/pull/811) [#817](https://github.com/greenbone/gvmd/pull/817) -- Speed up the HELP 'brief' case [#807](https://github.com/greenbone/gvmd/pull/807) -- Faster startup [#826](https://github.com/greenbone/gvmd/pull/826) -- Add option --optimize migrate-relay-sensors [#827](https://github.com/greenbone/gvmd/pull/827) -- Add host_id filter for tls_certificates [#835](https://github.com/greenbone/gvmd/pull/835) -- Allow use of public key auth in SCP alert [#845](https://github.com/greenbone/gvmd/pull/845) -- Refuse to import config with missing NVT preference ID [#853](https://github.com/greenbone/gvmd/pull/853) [#860](https://github.com/greenbone/gvmd/pull/860) -- Add "Base" scan config [#862](https://github.com/greenbone/gvmd/pull/862) -- Add setting "BPM Data" [#915](https://github.com/greenbone/gvmd/pull/915) -- Automatically load predefined configs from the feed [#931](https://github.com/greenbone/gvmd/pull/931) [#933](https://github.com/greenbone/gvmd/pull/933) [#934](https://github.com/greenbone/gvmd/pull/934) -- Automatically load predefined port lists from the feed [#950](https://github.com/greenbone/gvmd/pull/950) [#952](https://github.com/greenbone/gvmd/pull/952) -- Automatically load predefined report formats from the feed [#968](https://github.com/greenbone/gvmd/pull/968) [#970](https://github.com/greenbone/gvmd/pull/970) -- Print UUIDs in --get-users when --verbose given [#991](https://github.com/greenbone/gvmd/pull/991) -- Add --get-roles [#992](https://github.com/greenbone/gvmd/pull/992) -- Add --rebuild [#998](https://github.com/greenbone/gvmd/pull/998) -- Lock a file around the NVT sync [#1002](https://github.com/greenbone/gvmd/pull/1002) -- Add a delay for re-requesting scan information via osp [#1012](https://github.com/greenbone/gvmd/pull/1012) -- Add --optimize option cleanup-result-encoding [#1013](https://github.com/greenbone/gvmd/pull/1013) -- Perform integrity check of VTs after updates [#1024](https://github.com/greenbone/gvmd/pull/1024) [#1035](https://github.com/greenbone/gvmd/pull/1035) -- Ensure path of listening UNIX socket exists [#1040](https://github.com/greenbone/gvmd/pull/1040) -- Add --rebuild-scap option [#1051](https://github.com/greenbone/gvmd/pull/1051) -- Stop current scheduling of task when permission denied [#1058](https://github.com/greenbone/gvmd/pull/1058) -- Trim malloc heap after updating cache [#1085](https://github.com/greenbone/gvmd/pull/1085) -- Handle QUEUED osp scan status. [#1113](https://github.com/greenbone/gvmd/pull/1113) -- Add time placeholders for SCP path [#1164](https://github.com/greenbone/gvmd/pull/1164) -- Expand detection information of results [#1182](https://github.com/greenbone/gvmd/pull/1182) -- Add filter columns for special NVT tags [#1199](https://github.com/greenbone/gvmd/pull/1199) -- Add currently_syncing for NVTs in GMP get_feeds [#1210](https://github.com/greenbone/gvmd/pull/1210) -- Add logging for ANALYZE at end of migration [#1211](https://github.com/greenbone/gvmd/pull/1211) -- Basic systemd, logrotate and config files have been added [#1240](https://github.com/greenbone/gvmd/pull/1240) - -### Changed -- Update SCAP and CERT feed info in sync scripts [#810](https://github.com/greenbone/gvmd/pull/810) -- Extend command line options for managing scanners [#815](https://github.com/greenbone/gvmd/pull/815) -- Try authentication when verifying GMP scanners [#837](https://github.com/greenbone/gvmd/pull/837) -- Try importing private keys with libssh if GnuTLS fails [#841](https://github.com/greenbone/gvmd/pull/841) -- Extend GMP API for nvt object to carry a explicit solution element [#849](https://github.com/greenbone/gvmd/pull/849) [#1143](https://github.com/greenbone/gvmd/pull/1143) -- Allow resuming OSPd-based OpenVAS tasks [#869](https://github.com/greenbone/gvmd/pull/869) -- Require PostgreSQL 9.6 as a minimum [#872](https://github.com/greenbone/gvmd/pull/872) -- Speed up the SCAP sync [#875](https://github.com/greenbone/gvmd/pull/875) [#877](https://github.com/greenbone/gvmd/pull/877) [#879](https://github.com/greenbone/gvmd/pull/879) [#881](https://github.com/greenbone/gvmd/pull/881) [#883](https://github.com/greenbone/gvmd/pull/883) [#887](https://github.com/greenbone/gvmd/pull/887) [#889](https://github.com/greenbone/gvmd/pull/889) [#890](https://github.com/greenbone/gvmd/pull/890) [#891](https://github.com/greenbone/gvmd/pull/891) [#901](https://github.com/greenbone/gvmd/pull/901) -- Change rows of built-in default filters to -2 (use "Rows Per Page" setting) [#896](https://github.com/greenbone/gvmd/pull/896) -- Force NVT update in migrate_219_to_220 [#895](https://github.com/greenbone/gvmd/pull/895) -- Use temp tables to speed up migrate_213_to_214 [#911](https://github.com/greenbone/gvmd/pull/911) -- Allow "Start Task" alert method for SecInfo events [#960](https://github.com/greenbone/gvmd/pull/960) -- New Community Feed download URL in sync tools [#982](https://github.com/greenbone/gvmd/pull/982) -- Change setting UUID to correct length [#1018](https://github.com/greenbone/gvmd/pull/1018) -- Change licence to AGPL-3.0-or-later [#1026](https://github.com/greenbone/gvmd/pull/1026) -- Count only best OS matches for OS asset hosts [#1029](https://github.com/greenbone/gvmd/pull/1029) -- Clean up NVTs set to name in cleanup-result-nvts [#1039](https://github.com/greenbone/gvmd/pull/1039) -- Improve validation of note and override ports [#1045](https://github.com/greenbone/gvmd/pull/1045) -- The internal list of current Local Security Checks for the Auto-FP feature was updated [#1054](https://github.com/greenbone/gvmd/pull/1054) -- Simplify sync lockfile handling [#1059](https://github.com/greenbone/gvmd/pull/1059) -- Do not ignore empty hosts_allow and ifaces_allow [#1064](https://github.com/greenbone/gvmd/pull/1064) -- Reduce the memory cache of NVTs [#1076](https://github.com/greenbone/gvmd/pull/1076) -- Sync SCAP using a second schema [#1111](https://github.com/greenbone/gvmd/pull/1111) -- Use error variable in osp_get_vts_version(). [#1159](https://github.com/greenbone/gvmd/pull/1159) -- Include unknown preferences when uploading or syncing configs [#1005](https://github.com/greenbone/gvmd/pull/1005) -- Set the default OSPD unix socket path to /var/run/ospd/ospd.sock [#1238](https://github.com/greenbone/gvmd/pull/1238) -- The default OSPD unix path is now configurable [#1244](https://github.com/greenbone/gvmd/pull/1244) - -### Fixed -- Add NULL check in nvts_feed_version_epoch [#768](https://github.com/greenbone/gvmd/pull/768) -- Faster counting in GET_REPORTS when ignoring pagination [#795](https://github.com/greenbone/gvmd/pull/795) -- Improve performance of GET_REPORTS [#797](https://github.com/greenbone/gvmd/pull/797) -- Consider results_trash when deleting users [#800](https://github.com/greenbone/gvmd/pull/800) -- Update to gvm-portnames-update to use new nomenclature [#802](https://github.com/greenbone/gvmd/pull/802) -- Escaping correctly the percent sign in sql statements [#818](https://github.com/greenbone/gvmd/pull/818) -- Try to get NVT preferences by id in create_config [#821](https://github.com/greenbone/gvmd/pull/821) -- Remove incorrect duplicates from config preference migrator [#830](https://github.com/greenbone/gvmd/pull/830) -- Update config preferences after updating NVTs [#832](https://github.com/greenbone/gvmd/pull/832) -- Fix order of fingerprints in get_tls_certificates [#833](https://github.com/greenbone/gvmd/pull/833) -- Fix notes XML for lean reports [#836](https://github.com/greenbone/gvmd/pull/836) -- Fix asset host details insertion SQL [#839](https://github.com/greenbone/gvmd/pull/839) -- MODIFY_USER saves comment when COMMENT is empty [#838](https://github.com/greenbone/gvmd/pull/838) -- Prevent HOSTS_ORDERING from being '(null)' [#859](https://github.com/greenbone/gvmd/pull/859) -- Fix result diff generation to ignore white space in delta reports [#861](https://github.com/greenbone/gvmd/pull/861) -- Fix resource type checks for permissions [#863](https://github.com/greenbone/gvmd/pull/863) -- Fix result_nvt for new OSP and slave results [#865](https://github.com/greenbone/gvmd/pull/865) -- Fix preference ID in "Host Discovery" config [#867](https://github.com/greenbone/gvmd/pull/867) -- Fix SQL for tickets with overrides [#871](https://github.com/greenbone/gvmd/pull/871) -- Fix result_nvt for new OSP and slave results [#873](https://github.com/greenbone/gvmd/pull/873) -- Use right format specifier for merge_ovaldef version [#874](https://github.com/greenbone/gvmd/pull/874) -- Fix creation of "Super" permissions [#892](https://github.com/greenbone/gvmd/pull/892) -- Add tags used for result NVTs to update_nvti_cache [#916](https://github.com/greenbone/gvmd/pull/916) -- Apply usage_type of tasks in get_aggregates (9.0) [#912](https://github.com/greenbone/gvmd/pull/912) -- Add target's alive test method before starting a scan. [#947](https://github.com/greenbone/gvmd/pull/947) -- Set run status only after getting OSP-OpenVAS scan [#948](https://github.com/greenbone/gvmd/pull/948) [#951](https://github.com/greenbone/gvmd/pull/951) -- Fix get_system_reports for GMP scanners [#949](https://github.com/greenbone/gvmd/pull/949) -- Fix QoD handling in nvti cache and test_alert [#954](https://github.com/greenbone/gvmd/pull/954) -- Use stop_osp_task for SCANNER_TYPE_OSP_SENSOR [#955](https://github.com/greenbone/gvmd/pull/955) -- Add target's reverse_lookup_* options [#959](https://github.com/greenbone/gvmd/pull/959) -- Fix "Start Task" alerts by using alert owner [#957](https://github.com/greenbone/gvmd/pull/957) -- Fix Verinice ISM report format and update version [#962](https://github.com/greenbone/gvmd/pull/962) -- Always use details testing alerts with a report [#964](https://github.com/greenbone/gvmd/pull/964) -- Remove extra XML declaration in Anonymous XML [#965](https://github.com/greenbone/gvmd/pull/965) -- Fix SecInfo alert filter conditions [#971](https://github.com/greenbone/gvmd/pull/971) -- Accept expanded scheme OIDs in parse_osp_report [#984](https://github.com/greenbone/gvmd/pull/984) -- Fix SCAP update not finishing when CPEs are older [#986](https://github.com/greenbone/gvmd/pull/986) -- Move report format dirs when inheriting user [#989](https://github.com/greenbone/gvmd/pull/989) -- Delete report format dirs when deleting user [#993](https://github.com/greenbone/gvmd/pull/993) -- Put 'lean' back to 0 for GET_RESULTS [#1001](https://github.com/greenbone/gvmd/pull/1001) -- Improve handling of removed NVT prefs [#1003](https://github.com/greenbone/gvmd/pull/1003) -- Ensure parent exists when moving report format dir [#1019](https://github.com/greenbone/gvmd/pull/1019) -- Use nvti_qod instead of the old nvti_get_tag() [#1022](https://github.com/greenbone/gvmd/pull/1022) -- Remove active clause when filtering resources by tag [#1025](https://github.com/greenbone/gvmd/pull/1025) -- Add user limits on hosts and ifaces to OSP prefs [#1033](https://github.com/greenbone/gvmd/pull/1033) -- Fix order of tar options in gvm-lsc-deb-creator.sh [#1034](https://github.com/greenbone/gvmd/pull/1034) -- Fix handling of termination signals [#1034](https://github.com/greenbone/gvmd/pull/1034) -- Remove db init warning that no longer makes sense [#1044](https://github.com/greenbone/gvmd/pull/1044) -- Use correct elements to get task ID in wizards [#1004](https://github.com/greenbone/gvmd/pull/1004) [#1046](https://github.com/greenbone/gvmd/pull/1046) -- Use current row for iterator_null, instead of first row [#1047](https://github.com/greenbone/gvmd/pull/1047) -- Setup general task preferences to launch an osp openvas task. [#1055](https://github.com/greenbone/gvmd/pull/1055) -- Fix doc of get_tasks in GMP doc [#1066](https://github.com/greenbone/gvmd/pull/1066) -- Improve refs and error handling in NVTs update [#1067](https://github.com/greenbone/gvmd/pull/1067) -- Fix failure detection for xml_split command [#1074](https://github.com/greenbone/gvmd/pull/1074) -- Fix deletion of OVAL definition data [#1079](https://github.com/greenbone/gvmd/pull/1079) -- Fix feed lock in sync script [#1088](https://github.com/greenbone/gvmd/pull/1088) -- Handle removed CPEs and CVEs in SCAP sync [#1097](https://github.com/greenbone/gvmd/pull/1097) -- Fix NVTs list in CVE details [#1100](https://github.com/greenbone/gvmd/pull/1100) -- Fix handling of duplicate settings [#1106](https://github.com/greenbone/gvmd/pull/1106) -- Fix XML escaping in setting up GMP scans [#1122](https://github.com/greenbone/gvmd/pull/1122) -- Fix and simplify parse_iso_time and add tests [#1129](https://github.com/greenbone/gvmd/pull/1129) -- Fix gvm-manage-certs. [#1140](https://github.com/greenbone/gvmd/pull/1140) -- Fix CVE scanner and results handling [#1141](https://github.com/greenbone/gvmd/pull/1141) -- Remove user from tags when deleting user [#1161](https://github.com/greenbone/gvmd/pull/1161) -- Handle INTERRUPTED scans [#1146](https://github.com/greenbone/gvmd/pull/1146) -- Check hosts in MODIFY_OVERRIDE, as in CREATE_OVERRIDE [#1162](https://github.com/greenbone/gvmd/pull/1162) -- Preserve task "once" value [#1176](https://github.com/greenbone/gvmd/pull/1176) -- Check number of args to ensure period_offsets is 0 [#1175](https://github.com/greenbone/gvmd/pull/1175) -- Fix name handling when creating host assets [#1183](https://github.com/greenbone/gvmd/pull/1183) [#1214](https://github.com/greenbone/gvmd/pull/1214) -- Outdated references to "openvassd" have been updated to "openvas" [#1189](https://github.com/greenbone/gvmd/pull/1189) -- Quote identifiers in SQL functions using EXECUTE [#1192](https://github.com/greenbone/gvmd/pull/1192) -- Fix handling of interrupted tasks [#1207](https://github.com/greenbone/gvmd/pull/1207) -- Allow group access to lockfile and fix growing or empty timestamp [#1213](https://github.com/greenbone/gvmd/pull/1213) -- Ignore whitespace when checking for changed delta results [#1219](https://github.com/greenbone/gvmd/pull/1219) -- Check permissions when applying tag in filter [#1222](https://github.com/greenbone/gvmd/pull/1222) -- Add missing min_qod to FILTERS in GET_VULNS response [#1224](https://github.com/greenbone/gvmd/pull/1224) -- Improve EXE installer NSIS script generation [#1226](https://github.com/greenbone/gvmd/pull/1226) -- Add qod as name in results columns, for sorting [#1243](https://github.com/greenbone/gvmd/pull/1243) - -### Removed -- Remove support for "All SecInfo": removal of "allinfo" for type in get_info [#790](https://github.com/greenbone/gvmd/pull/790) -- Removed tag_value() by using nvti_get_tag() [#825](https://github.com/greenbone/gvmd/pull/825) -- Remove support for "MODIFY_REPORT" GMP command [#823](https://github.com/greenbone/gvmd/pull/823) -- Remove 1.3.6.1.4.1.25623.1.0.90011 from Discovery config (9.0) [#847](https://github.com/greenbone/gvmd/pull/847) -- Removed migration tool "gvm-migrate-to-postgres" including the man page [#905](https://github.com/greenbone/gvmd/pull/905) -- Remove agents [#922](https://github.com/greenbone/gvmd/pull/922) -- Remove GMP COMMANDS [#923](https://github.com/greenbone/gvmd/pull/923) -- Remove unused port names facility [#1041](https://github.com/greenbone/gvmd/pull/1041) -- Add migrator to remove dead hosts [#1071](https://github.com/greenbone/gvmd/pull/1071) -- Remove classic schedules elements from GMP [#1116](https://github.com/greenbone/gvmd/pull/1116) [#1121](https://github.com/greenbone/gvmd/pull/1121) -- Remove parallel from target options. [#1119](https://github.com/greenbone/gvmd/pull/1119) -- Remove default port list from CREATE_TARGET [#1151](https://github.com/greenbone/gvmd/pull/1151) - -[20.8.0]: https://github.com/greenbone/gvmd/compare/v9.0.0...v20.8.0 - -## [9.0.0] (2019-10-11) - -### Added -- Added TLS certificates as a new resource type [#585](https://github.com/greenbone/gvmd/pull/585) [#663](https://github.com/greenbone/gvmd/pull/663) [#673](https://github.com/greenbone/gvmd/pull/673) [#674](https://github.com/greenbone/gvmd/pull/674) [#689](https://github.com/greenbone/gvmd/pull/689) [#695](https://github.com/greenbone/gvmd/pull/695) [#703](https://github.com/greenbone/gvmd/pull/703) [#728](https://github.com/greenbone/gvmd/pull/728) [#732](https://github.com/greenbone/gvmd/pull/732) [#750](https://github.com/greenbone/gvmd/pull/750) [#752](https://github.com/greenbone/gvmd/pull/752) [#775](https://github.com/greenbone/gvmd/pull/775) [#796](https://github.com/greenbone/gvmd/pull/796) -- Update NVTs via OSP [#392](https://github.com/greenbone/gvmd/pull/392) [#609](https://github.com/greenbone/gvmd/pull/609) [#626](https://github.com/greenbone/gvmd/pull/626) [#753](https://github.com/greenbone/gvmd/pull/753) [#766](https://github.com/greenbone/gvmd/pull/766) -- Handle addition of ID to NVT preferences. [#413](https://github.com/greenbone/gvmd/pull/413) [#744](https://github.com/greenbone/gvmd/pull/744) -- Add setting 'OMP Slave Check Period' [#491](https://github.com/greenbone/gvmd/pull/491) -- Document switching between releases when using PostgreSQL. [#563](https://github.com/greenbone/gvmd/pull/563) -- Cgreen based unit tests for gvmd has been added. [#579](https://github.com/greenbone/gvmd/pull/579) -- New usage_type property to distinguish normal scan tasks and configs from compliance audits and policies [#613](https://github.com/greenbone/gvmd/pull/613) [#625](https://github.com/greenbone/gvmd/pull/625) [#633](https://github.com/greenbone/gvmd/pull/633) -- Command cleanup-report-formats for --optimize option [#652](https://github.com/greenbone/gvmd/pull/652) -- Enable SecInfo alert checks [#670](https://github.com/greenbone/gvmd/pull/670) -- Add an explicit solution column to NVTs [#681](https://github.com/greenbone/gvmd/pull/681) [#702](https://github.com/greenbone/gvmd/pull/702) [#730](https://github.com/greenbone/gvmd/pull/730) -- Document container tasks in GMP doc [#688](https://github.com/greenbone/gvmd/pull/688) -- Add explicit columns for the NVT tags "summary", "insight", "detection", "impact" and "affected" [#719](https://github.com/greenbone/gvmd/pull/719) [#746](https://github.com/greenbone/gvmd/pull/746) -- Add lean option to GET_REPORTS [#745](https://github.com/greenbone/gvmd/pull/745) -- Add scanner relays and OSP sensor scanner type [#756](https://github.com/greenbone/gvmd/pull/756) [#759](https://github.com/greenbone/gvmd/pull/759) -- Add setting "BPM Data" [#914](https://github.com/greenbone/gvmd/pull/914) - -### Changed -- Always convert iCalendar strings to use UTC. [#778](https://github.com/greenbone/gvmd/pull/778) -- Check if NVT preferences exist before inserting. [#406](https://github.com/greenbone/gvmd/pull/406) -- Raise minimum version for SQL functions. [#420](https://github.com/greenbone/gvmd/pull/420) -- Run OpenVAS scans via OSP instead of OTP. [#422](https://github.com/greenbone/gvmd/pull/422) [#584](https://github.com/greenbone/gvmd/pull/584) [#623](https://github.com/greenbone/gvmd/pull/623) [#636](https://github.com/greenbone/gvmd/pull/636) [#704](https://github.com/greenbone/gvmd/pull/704) [#729](https://github.com/greenbone/gvmd/pull/729) -- Request nvti_cache update only at very end of NVT update. [#426](https://github.com/greenbone/gvmd/pull/426) -- Consolidate NVT references into unified "refs" element. [#427](https://github.com/greenbone/gvmd/pull/427) [#739](https://github.com/greenbone/gvmd/pull/739) -- Update gvm-libs version requirements to v11.0. [#480](https://github.com/greenbone/gvmd/pull/480) -- Adjust to use new API for vt references. [#526](https://github.com/greenbone/gvmd/pull/526) -- Expect NVT sync script in bin directory. [#546](https://github.com/greenbone/gvmd/pull/546) -- Change internal handling of NVT XML to use nvti_t. [#562](https://github.com/greenbone/gvmd/pull/562) -- Change NVT references like CVEs and BID to general vt_refs. [#570](https://github.com/greenbone/gvmd/pull/570) [#574](https://github.com/greenbone/gvmd/pull/574) [#582](https://github.com/greenbone/gvmd/pull/582) -- Update SQLite to PostgreSQL migration script and documentation. [#581](https://github.com/greenbone/gvmd/pull/581) [#601](https://github.com/greenbone/gvmd/pull/601) [#604](https://github.com/greenbone/gvmd/pull/604) [#605](https://github.com/greenbone/gvmd/pull/605) -- Update result diff generation at delta reports [#650](https://github.com/greenbone/gvmd/pull/650) -- Check and create default permissions individually [#671](https://github.com/greenbone/gvmd/pull/671) -- Add -f arg to sendmail call in email alert [#676](https://github.com/greenbone/gvmd/pull/676) [#678](https://github.com/greenbone/gvmd/pull/678) -- Change get_tickets to use the status text for filtering. [#697](https://github.com/greenbone/gvmd/pull/697) -- Made checks to prevent duplicate user names stricter. [#708](https://github.com/greenbone/gvmd/pull/708) [#722](https://github.com/greenbone/gvmd/pull/722) -- Send delete command to ospd after stopping the task. [#710](https://github.com/greenbone/gvmd/pull/710) -- Check whether hosts are alive and have results when adding them in slave scans. [#717](https://github.com/greenbone/gvmd/pull/717) [#726](https://github.com/greenbone/gvmd/pull/726) [#731](https://github.com/greenbone/gvmd/pull/731) [#736](https://github.com/greenbone/gvmd/pull/736) -- Use explicit nvti timestamps [#725](https://github.com/greenbone/gvmd/pull/725) -- New columns Ports, Apps, Distance, and Auth in the CSV Hosts report format [#733](https://github.com/greenbone/gvmd/pull/733) -- The details attribute of GET_REPORTS now defaults to 0 [#747](https://github.com/greenbone/gvmd/pull/747) -- Incoming VT timestamps via OSP are now assumed to be seconds since epoch [#754](https://github.com/greenbone/gvmd/pull/754) -- Accelerate NVT feed update [#757](https://github.com/greenbone/gvmd/pull/757) -- Combine sync scripts and add GVMd data sync [#1155](https://github.com/greenbone/gvmd/pull/1155) [#1201](https://github.com/greenbone/gvmd/pull/1201) - -### Fixed -- A PostgreSQL statement order issue [#611](https://github.com/greenbone/gvmd/issues/611) has been addressed [#642](https://github.com/greenbone/gvmd/pull/642) -- Fix iCalendar recurrence and timezone handling [#654](https://github.com/greenbone/gvmd/pull/654) -- Fix issues with some scheduled tasks by using iCalendar more instead of old period fields [#656](https://github.com/greenbone/gvmd/pull/655) -- Fix an issue in getting the reports from GMP scanners [#659](https://github.com/greenbone/gvmd/pull/659) [#665](https://github.com/greenbone/gvmd/pull/665) -- Fix GET_SYSTEM_REPORTS using slave_id [#668](https://github.com/greenbone/gvmd/pull/668) -- Fix RAW_DATA when calling GET_INFO with type NVT without attributes name or info_id [#682](https://github.com/greenbone/gvmd/pull/682) -- Fix ORPHAN calculations in GET_TICKETS [#684](https://github.com/greenbone/gvmd/pull/684) [#692](https://github.com/greenbone/gvmd/pull/692) -- Fix assignment of orphaned tickets to the current user [#685](https://github.com/greenbone/gvmd/pull/685) -- Fix response from GET_VULNS when given vuln_id does not exists [#696](https://github.com/greenbone/gvmd/pull/696) -- Make bulk tagging with a filter work if the resources are already tagged [#711](https://github.com/greenbone/gvmd/pull/711) -- Check if the scan finished before deleting it and ensure that the task is set to done [#714](https://github.com/greenbone/gvmd/pull/714) -- Fix columnless search phrase filter keywords with quotes [#715](https://github.com/greenbone/gvmd/pull/715) -- Fix issues importing results or getting them from slaves if they contain "%s" [#723](https://github.com/greenbone/gvmd/pull/723) -- Fix sorting by numeric filter columns [#751](https://github.com/greenbone/gvmd/pull/751) -- Fix array index error when modifying roles and groups [#762](https://github.com/greenbone/gvmd/pull/762) -- Add NULL check in nvts_feed_version_epoch [#768](https://github.com/greenbone/gvmd/pull/768) -- Make get_settings return only one setting when setting_id is given [#780](https://github.com/greenbone/gvmd/pull/780) -- Fix percent sign escaping in report_port_count [#783](https://github.com/greenbone/gvmd/pull/783) -- If the nvt preference is "file" type, encode it into Base64 format [#784](https://github.com/greenbone/gvmd/pull/784) - -### Removed -- The handling of NVT updates via OTP has been removed. [#575](https://github.com/greenbone/gvmd/pull/575) -- Bid and xref have been removed from table nvts. [#582](https://github.com/greenbone/gvmd/pull/582) -- Database migration from revisions before 185 has been removed. [#411](https://github.com/greenbone/gvmd/pull/411) [#622](https://github.com/greenbone/gvmd/pull/622) -- Drop SQLite support [#610](https://github.com/greenbone/gvmd/pull/610) [#612](https://github.com/greenbone/gvmd/pull/612) [#614](https://github.com/greenbone/gvmd/pull/614) -- Remove create report task creation [#616](https://github.com/greenbone/gvmd/pull/616) -- Remove --backup command line option [#615](https://github.com/greenbone/gvmd/pull/615) -- Remove GET_REPORTS type "assets" [#617](https://github.com/greenbone/gvmd/pull/617) [#620](https://github.com/greenbone/gvmd/pull/620) -- Remove errors for unknown elements [#619](https://github.com/greenbone/gvmd/pull/619) -- Remove unused reports column nbefile [#675](https://github.com/greenbone/gvmd/pull/675) -- Eliminate get_tag() and parse_tags() [#743](https://github.com/greenbone/gvmd/pull/743) -- Remove helper functions and other code for handling OTP [#705](https://github.com/greenbone/gvmd/pull/705) [#709](https://github.com/greenbone/gvmd/pull/709) [#713](https://github.com/greenbone/gvmd/pull/713) [#735](https://github.com/greenbone/gvmd/pull/735) [#748](https://github.com/greenbone/gvmd/pull/748) [#749](https://github.com/greenbone/gvmd/pull/749) -- Remove stray prototype nvt_iterator_copyright [#721](https://github.com/greenbone/gvmd/pull/721) - -[9.0.0]: https://github.com/greenbone/gvmd/compare/v8.0.1...v9.0.0 - -## [8.0.1] (2019-07-17) - -### Added -- Special characters in credential login names are allowed. [#475](https://github.com/greenbone/gvmd/pull/475) -- Add type filter column to GET_CONFIGS. [#486](https://github.com/greenbone/gvmd/pull/486) -- Filter settings for groups, scanners, tickets, users and vulnerabilities have been added. [#497](https://github.com/greenbone/gvmd/pull/497) -- Multiple certificate formats for S/MIME are allowed. [#551](https://github.com/greenbone/gvmd/pull/551) - -### Changed -- Functions config_in_use, trash_config_in_use and port_list_in_use -returned a count instead of the expected 1 or 0. [#460](https://github.com/greenbone/gvmd/pull/460) -- The cache is rebuild for each chunk in CREATE_REPORT. [#469](https://github.com/greenbone/gvmd/pull/469) -- Hosts without HOST_START are added in CREATE_REPORT. [#479](https://github.com/greenbone/gvmd/pull/479) -- Use host details for login failure in ticket check. [#483](https://github.com/greenbone/gvmd/pull/483) -- In create_target() and modify_target() exclude_hosts is cleaned up to be in a consistent format like the included hosts are. [#488](https://github.com/greenbone/gvmd/pull/488). -- Check that roles exist earlier. [#493](https://github.com/greenbone/gvmd/pull/493) -- Anonymize more IPs and hostnames in Anonymous XML. [#496](https://github.com/greenbone/gvmd/pull/496) [#535](https://github.com/greenbone/gvmd/pull/535) -- Ensure that authentication always works for Start Task alerts. [#515](https://github.com/greenbone/gvmd/pull/515) -- Get content type when emailing an attached report. [#517](https://github.com/greenbone/gvmd/pull/517) -- Allow vuln_iterator_opts_from_filter filter to be NULL. [#527](https://github.com/greenbone/gvmd/pull/527) -- Wrap PostgreSQL exclusive table lock in function to prevent error messages in the PostgreSQL log if the lock is not available. [#542](https://github.com/greenbone/gvmd/pull/542) -- Trim whole report when resuming slave scans [#549](https://github.com/greenbone/gvmd/pull/549) -- Documentation has been improved. [#569](https://github.com/greenbone/gvmd/pull/569) [#567](https://github.com/greenbone/gvmd/pull/567) [#588](https://github.com/greenbone/gvmd/pull/588) -- Update command line options in gvmd man page [#565](https://github.com/greenbone/gvmd/pull/565) -- Clean special option keywords in filters. [#571](https://github.com/greenbone/gvmd/pull/571) [#578](https://github.com/greenbone/gvmd/pull/578) [#576](https://github.com/greenbone/gvmd/pull/576) -- If the schedule of a task is available, GET_TASKS will always return the -long schedule XML, not just if only the schedules are requested. [#500](https://github.com/greenbone/gvmd/pull/500) -- References to OpenVAS have been replaced with GSM [#529](https://github.com/greenbone/gvmd/pull/529) -- Buffer inserts when adding results from a slave [#641](https://github.com/greenbone/gvmd/pull/641) - -### Fixed -- Checks on 'type' in GET_FEEDS has been fixed. [#462](https://github.com/greenbone/gvmd/pull/462) -- An issue which caused a race condition using the WHERE NOT EXISTS SQL has been addressed. [#472](https://github.com/greenbone/gvmd/pull/472) -- A missing argument in check_tickets is added. [#477](https://github.com/greenbone/gvmd/pull/477) -- Add missing filter case to result_count. [#548](https://github.com/greenbone/gvmd/pull/548) -- Fix create_report cache update at end of results. [#490](https://github.com/greenbone/gvmd/pull/490) -- Fix permission checks for trash reports [#503](https://github.com/greenbone/gvmd/pull/503) -- Fix MODIFY_TAG and CREATE_TAG responses. [#520](https://github.com/greenbone/gvmd/pull/520) -- Fix MODIFY_TAG for all types when given a filter. [#523](https://github.com/greenbone/gvmd/pull/523) -- Fix email field validation in create_alert and modify_alert. [#534](https://github.com/greenbone/gvmd/pull/534) [#545](https://github.com/greenbone/gvmd/pull/545) -- Fix --slave-commit-size option. [#555](https://github.com/greenbone/gvmd/pull/555) -- Fix TippingPoint error handling [#592] (https://github.com/greenbone/gvmd/pull/592) -- Apply ignore_pagination in delta reports [#597](https://github.com/greenbone/gvmd/pull/597) -- Fix getting single unowned resources [#607](https://github.com/greenbone/gvmd/pull/607) -- Fix the "Host Authentications" section in PDF / LaTeX reports. [#640](https://github.com/greenbone/gvmd/pull/640) - -### Removed -- Remove -m SMB3 for smbclient in SMB alert, which allows changing the maximum protocol version via the smbclient config instead of forcing a particular one in the alert script. [#505](https://github.com/greenbone/gvmd/pull/505) -- Remove "slave" from valid_db_resource_type. [#558](https://github.com/greenbone/gvmd/pull/558) - -[8.0.1]: https://github.com/greenbone/gvmd/compare/v8.0.0...v8.0.1 - -## [8.0.0] (2019-04-05) - -### Added -- The new alert method "Alemba vFire" has been added. -- The file extension from the report format will now be added by SMB alerts. -- Handling of SSH private keys has been improved, allowing use of EC keys. -- The `--modify-scanner` option now also accepts UNIX sockets. -- Support for report content composition has been added. -- Remediation support has been added (GMP CREATE_TICKET, GET_TICKETS, etc). -- The --slave-commit-size option has been added, which can help prevent large updates from GMP scanners blocking the database for a long time. -- Settings "Hosts Filter" and "Operating Systems Filter" have been added. -- Performance of GET_REPORTS retrieving the results has been improved. -- A section about deprecated GMP elements has been added to the documentation. -- The Sourcefire alert now accepts a password credential for PKCS12 decryption. -- A new password-only credential type has been added -- Handling of failed/successful SNMP Authentication has been added to the HTML, LaTeX and PDF report formats. - -### Changed -- GMP CREATE_ASSET, its GMP doc and usage by GSA are now more consistent. -- The file path of SMB alerts can now be set to a directory, using the default report filename from the user's settings. -- The tag "smb-alert:file_path" on tasks will override the file path of SMB alerts. -- CREATE_TASK now requires a name. -- TEST_ALERT now also works if NVTs are missing. -- LSC errors are now logged as warnings. -- Missing data in credentials no longer prevents slave tasks from starting. Instead the scan will start without the credential. -- The GET_TASKS command now only returns the progress of individual hosts when details are requested. -- The predefined "Discovery", "Host Discovery" and "System Discovery" now mark unreachable hosts as dead. -- Users will automatically get read permission for themselves. -- Updates of the NVTs will now ignore duplicate preferences instead of failing. -- GET_REPORTS will only return Tags of results if requested with the new result_tags attribute. -- Targets now use TCP-SYN without TCP-ACK when pinging hosts when configured to do so. -- The source code and GMP documentation have been cleaned up. - -### Fixed -- An issue with deleting users has been fixed. -- An issue with GET_FEEDS returning the wrong feed types has been addressed. -- Various other code cleanups and improvements. -- Issues with the predefined report formats not handling hosts and hostnames correctly have been addressed. -- An issue with incomplete NVT info after feed updates has been addressed. -- MODIFY_SETTING now checks if text values can be decoded to valid UTF-8. -- An issue with alert emails missing a line break has been addressed. -- An issue preventing "Start Task" alerts from running has been fixed. - -### Removed -- The option `--optimize remove-open-port-results` has been removed. -- The compile-time LOG option has been removed. -- Report format special case has been removed from send_get_common [#456](https://github.com/greenbone/gvmd/pull/456) - -[8.0.0]: https://github.com/greenbone/gvmd/compare/v8.0+beta2...v8.0.0 diff --git a/CMakeLists.txt b/CMakeLists.txt index ad3000fc5..62d89c642 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -20,7 +20,7 @@ cmake_minimum_required (VERSION 3.0) message ("-- Configuring Greenbone Vulnerability Manager...") project (gvm - VERSION 22.4.1 + VERSION 22.4.0 LANGUAGES C) if (POLICY CMP0005) diff --git a/changelog/v22.4.md b/changelog/v22.4.0.md similarity index 98% rename from changelog/v22.4.md rename to changelog/v22.4.0.md index 8f1c7c1eb..5487a4a04 100644 --- a/changelog/v22.4.md +++ b/changelog/v22.4.0.md @@ -2,7 +2,7 @@ All notable changes to this project will be documented in this file. -## [22.4] - 2022-07-18 +## [22.4.0] - 2022-07-22 ## Added * -optimize option "cleanup-sequences" [7e2be3138](https://github.com/greenbone/gvmd/commit/7e2be3138) @@ -75,4 +75,4 @@ All notable changes to this project will be documented in this file. * Removed ifaces element from users [#1676](https://github.com/greenbone/gvmd/pull/1676) * Removed OSP scanners from gvmd [#1689](https://github.com/greenbone/gvmd/pull/1689) [#1691](https://github.com/greenbone/gvmd/pull/1691) [#1694](https://github.com/greenbone/gvmd/pull/1694) [#1701](https://github.com/greenbone/gvmd/pull/1701) -[22.4]: https://github.com/greenbone/gvmd/compare/22.4...22.4 +[22.4.0]: https://github.com/greenbone/gvmd/compare/v21.4.5...v22.4.0 From b86adb995a1a68caaa942c06a34353ec610468a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Ricks?= Date: Thu, 18 Aug 2022 15:32:18 +0200 Subject: [PATCH 004/120] Change: Log client command errors only as debug message Using info could spam the log when an erroneous client is used. Also when a client requests a disabled command like getting the license this is logged as info currently which confused our community users. --- src/gmp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/gmp.c b/src/gmp.c index e8c3e7940..e61be6eb5 100644 --- a/src/gmp.c +++ b/src/gmp.c @@ -26618,7 +26618,7 @@ process_gmp_client_input () g_debug (" client error: G_MARKUP_ERROR_UNKNOWN_ATTRIBUTE"); else err = -1; - g_info (" Failed to parse client XML: %s", error->message); + g_debug (" Failed to parse client XML: %s", error->message); g_error_free (error); } else @@ -26733,7 +26733,7 @@ process_gmp (gmp_parser_t *parser, const gchar *command, gchar **response) g_debug (" client error: G_MARKUP_ERROR_UNKNOWN_ATTRIBUTE"); else err = -1; - g_info (" Failed to parse client XML: %s", error->message); + g_debug (" Failed to parse client XML: %s", error->message); g_error_free (error); } else From efe372c8988aefa7da3ff9c872f1b46b43af680d Mon Sep 17 00:00:00 2001 From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com> Date: Mon, 22 Aug 2022 09:39:29 +0000 Subject: [PATCH 005/120] Change: Use docker/meta-action for container tags and labels (#1855) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Use the docker/meta-action for setting container labels and tags. This action is much more flexible then our own container-image-tags action. (cherry picked from commit e02cbf7707f7a672ac47e6c48fc963a8c227142f) Co-authored-by: Björn Ricks --- .github/workflows/container.yml | 52 ++++++++++++++++++++++++++------- 1 file changed, 41 insertions(+), 11 deletions(-) diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index fdc30386b..382617fd4 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -14,9 +14,24 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v3 - - name: Gather container image tags - id: container - uses: greenbone/actions/container-image-tags@v1 + - name: Setup container meta information + id: meta + uses: docker/metadata-action@v4 + with: + images: greenbone/gvmd + labels: | + org.opencontainers.image.vendor=Greenbone + org.opencontainers.image.base.name=debian/stable-slim + flavor: latest=false # no latest container tag for git tags + tags: | + # create container tag for git tags + type=ref,event=tag + # use latest for stable branch + type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'stable') }} + type=raw,value=stable,enable=${{ github.ref == format('refs/heads/{0}', 'stable') }} + type=raw,value=oldstable,enable=${{ github.ref == format('refs/heads/{0}', 'oldstable') }} + # use unstable for main branch + type=raw,value=unstable,enable={{is_default_branch}} - name: Login to Docker Registry uses: docker/login-action@v2 with: @@ -31,9 +46,10 @@ jobs: with: context: . push: true - tags: ${{ steps.container.outputs.image-tags }} - platforms: linux/amd64,linux/arm64 file: .docker/prod.Dockerfile + platforms: linux/amd64,linux/arm64 + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} upload-build: name: "Upload images for building gvmd" @@ -41,17 +57,30 @@ jobs: steps: - name: Checkout uses: actions/checkout@v3 - - name: Gather container image names - uses: greenbone/actions/container-image-tags@v1 - id: container + - name: Setup container meta information + id: meta + uses: docker/metadata-action@v4 with: - image-name: ${{ github.repository }}-build + images: greenbone/gvmd-build + labels: | + org.opencontainers.image.vendor=Greenbone + org.opencontainers.image.base.name=debian/stable-slim + flavor: latest=false # no latest container tag for git tags + tags: | + # create container tag for git tags + type=ref,event=tag + # use latest for stable branch + type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'stable') }} + type=raw,value=stable,enable=${{ github.ref == format('refs/heads/{0}', 'stable') }} + type=raw,value=oldstable,enable=${{ github.ref == format('refs/heads/{0}', 'oldstable') }} + # use unstable for main branch + type=raw,value=unstable,enable={{is_default_branch}} - name: Login to DockerHub uses: docker/login-action@v2 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - - run: echo "Build and push ${{ steps.container.outputs.image-tags }}" + - run: echo "Build and push ${{ steps.meta.outputs.tags }}" - name: Set up QEMU uses: docker/setup-qemu-action@v2 - name: Set up Docker Buildx @@ -61,9 +90,10 @@ jobs: with: context: . push: true - tags: ${{ steps.container.outputs.image-tags }} file: .docker/build.Dockerfile platforms: linux/amd64,linux/arm64 + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} - name: Trigger libtheia container build run: | curl -X POST https://api.github.com/repos/greenbone/libtheia/actions/workflows/container.yml/dispatches \ From 9e61d283c4fb6b074b9c0e15a794228326917c31 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Ricks?= Date: Mon, 22 Aug 2022 15:56:53 +0200 Subject: [PATCH 006/120] Change: Run container image builds also for pull requests Ensure that container builds are successfull in pull requests too. This avoids adding changes to a PR that will break the container image builds. (cherry picked from commit 2782ed8cb1f3c0710bb3340ccd01e9cee940a7ff) --- .github/workflows/container.yml | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index 382617fd4..cd3bdb88a 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -4,6 +4,8 @@ on: push: branches: [ main, stable, oldstable ] tags: ["v*"] + pull_request: + branches: [ main, stable, oldstable ] workflow_dispatch: repository_dispatch: @@ -18,7 +20,7 @@ jobs: id: meta uses: docker/metadata-action@v4 with: - images: greenbone/gvmd + images: ${{ github.repository }} labels: | org.opencontainers.image.vendor=Greenbone org.opencontainers.image.base.name=debian/stable-slim @@ -26,6 +28,7 @@ jobs: tags: | # create container tag for git tags type=ref,event=tag + type=ref,event=pr # use latest for stable branch type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'stable') }} type=raw,value=stable,enable=${{ github.ref == format('refs/heads/{0}', 'stable') }} @@ -33,6 +36,7 @@ jobs: # use unstable for main branch type=raw,value=unstable,enable={{is_default_branch}} - name: Login to Docker Registry + if: github.event_name != 'pull_request' uses: docker/login-action@v2 with: username: ${{ secrets.DOCKERHUB_USERNAME }} @@ -45,7 +49,7 @@ jobs: uses: docker/build-push-action@v3 with: context: . - push: true + push: ${{ github.event_name != 'pull_request' }} file: .docker/prod.Dockerfile platforms: linux/amd64,linux/arm64 tags: ${{ steps.meta.outputs.tags }} @@ -61,7 +65,7 @@ jobs: id: meta uses: docker/metadata-action@v4 with: - images: greenbone/gvmd-build + images: ${{ github.repository }}-build labels: | org.opencontainers.image.vendor=Greenbone org.opencontainers.image.base.name=debian/stable-slim @@ -69,6 +73,7 @@ jobs: tags: | # create container tag for git tags type=ref,event=tag + type=ref,event=pr # use latest for stable branch type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'stable') }} type=raw,value=stable,enable=${{ github.ref == format('refs/heads/{0}', 'stable') }} @@ -76,6 +81,7 @@ jobs: # use unstable for main branch type=raw,value=unstable,enable={{is_default_branch}} - name: Login to DockerHub + if: github.event_name != 'pull_request' uses: docker/login-action@v2 with: username: ${{ secrets.DOCKERHUB_USERNAME }} @@ -89,12 +95,13 @@ jobs: uses: docker/build-push-action@v3 with: context: . - push: true + push: ${{ github.event_name != 'pull_request' }} file: .docker/build.Dockerfile platforms: linux/amd64,linux/arm64 tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - name: Trigger libtheia container build + if: github.event_name != 'pull_request' run: | curl -X POST https://api.github.com/repos/greenbone/libtheia/actions/workflows/container.yml/dispatches \ -H "Accept: application/vnd.github.v3+json" \ From a1cd1769e9635bb09fc9d9e5e6eb18c1b2fda84d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Ricks?= Date: Mon, 22 Aug 2022 16:24:41 +0200 Subject: [PATCH 007/120] Rename jobs for clearer understanding of their purpose (cherry picked from commit 5f8e4d2adb426fe1660dd2392928841d2095dd50) --- .github/workflows/container.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index cd3bdb88a..26fb9a49b 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -11,7 +11,7 @@ on: jobs: images: - name: Build and upload container images + name: Production Images runs-on: ubuntu-latest steps: - name: Checkout repository @@ -55,8 +55,8 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - upload-build: - name: "Upload images for building gvmd" + build-images: + name: "Build Images" runs-on: ubuntu-latest steps: - name: Checkout From f35abf80e8d286553eee071d1c9154aaa49c57c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Ricks?= Date: Tue, 23 Aug 2022 11:08:39 +0200 Subject: [PATCH 008/120] Change: Split building build and production container images The build image really rarely needs a rebuild. Therefore split this job into an own workflow and only rebuild if the corresponding dockerfile or workflow has changed. (cherry picked from commit 16b7f19e2d6907c2925ba62117e3133aee99a84b) --- .github/workflows/build-container.yml | 73 +++++++++++++++++++++++++++ .github/workflows/container.yml | 53 ------------------- 2 files changed, 73 insertions(+), 53 deletions(-) create mode 100644 .github/workflows/build-container.yml diff --git a/.github/workflows/build-container.yml b/.github/workflows/build-container.yml new file mode 100644 index 000000000..808dfd75a --- /dev/null +++ b/.github/workflows/build-container.yml @@ -0,0 +1,73 @@ +name: Build Container Image Builds + +on: + push: + branches: [ main, stable, oldstable ] + tags: ["v*"] + paths: + - .github/workflows/build-container.yml + - .docker/build.Dockerfile + pull_request: + branches: [ main, stable, oldstable ] + paths: + - .github/workflows/build-container.yml + - .docker/build.Dockerfile + workflow_dispatch: + repository_dispatch: + schedule: + # rebuild image every sunday + - cron: "0 0 * * 0" + +jobs: + build-images: + name: "Build Images" + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Setup container meta information + id: meta + uses: docker/metadata-action@v4 + with: + images: ${{ github.repository }}-build + labels: | + org.opencontainers.image.vendor=Greenbone + org.opencontainers.image.base.name=debian/stable-slim + flavor: latest=false # no latest container tag for git tags + tags: | + # create container tag for git tags + type=ref,event=tag + type=ref,event=pr + # use latest for stable branch + type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'stable') }} + type=raw,value=stable,enable=${{ github.ref == format('refs/heads/{0}', 'stable') }} + type=raw,value=oldstable,enable=${{ github.ref == format('refs/heads/{0}', 'oldstable') }} + # use unstable for main branch + type=raw,value=unstable,enable={{is_default_branch}} + - name: Login to DockerHub + if: github.event_name != 'pull_request' + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - run: echo "Build and push ${{ steps.meta.outputs.tags }}" + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Build and push + uses: docker/build-push-action@v3 + with: + context: . + push: ${{ github.event_name != 'pull_request' }} + file: .docker/build.Dockerfile + platforms: linux/amd64,linux/arm64 + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + - name: Trigger libtheia container build + if: github.event_name != 'pull_request' + run: | + curl -X POST https://api.github.com/repos/greenbone/libtheia/actions/workflows/container.yml/dispatches \ + -H "Accept: application/vnd.github.v3+json" \ + -u greenbonebot:${{ secrets.GREENBONE_BOT_TOKEN }} \ + -d '{"ref":"main"}' diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index 26fb9a49b..55f14d8d4 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -54,56 +54,3 @@ jobs: platforms: linux/amd64,linux/arm64 tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - - build-images: - name: "Build Images" - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Setup container meta information - id: meta - uses: docker/metadata-action@v4 - with: - images: ${{ github.repository }}-build - labels: | - org.opencontainers.image.vendor=Greenbone - org.opencontainers.image.base.name=debian/stable-slim - flavor: latest=false # no latest container tag for git tags - tags: | - # create container tag for git tags - type=ref,event=tag - type=ref,event=pr - # use latest for stable branch - type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'stable') }} - type=raw,value=stable,enable=${{ github.ref == format('refs/heads/{0}', 'stable') }} - type=raw,value=oldstable,enable=${{ github.ref == format('refs/heads/{0}', 'oldstable') }} - # use unstable for main branch - type=raw,value=unstable,enable={{is_default_branch}} - - name: Login to DockerHub - if: github.event_name != 'pull_request' - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - run: echo "Build and push ${{ steps.meta.outputs.tags }}" - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - name: Build and push - uses: docker/build-push-action@v3 - with: - context: . - push: ${{ github.event_name != 'pull_request' }} - file: .docker/build.Dockerfile - platforms: linux/amd64,linux/arm64 - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - - name: Trigger libtheia container build - if: github.event_name != 'pull_request' - run: | - curl -X POST https://api.github.com/repos/greenbone/libtheia/actions/workflows/container.yml/dispatches \ - -H "Accept: application/vnd.github.v3+json" \ - -u greenbonebot:${{ secrets.GREENBONE_BOT_TOKEN }} \ - -d '{"ref":"main"}' From 5ed022205c58a63dbd1ee72aa56940be3c254dec Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Fri, 2 Sep 2022 09:08:32 +0200 Subject: [PATCH 009/120] Add task last_/first_report_created filters These are alternatives to the "first" and "last" columns added because the name "first" conflicts with the pagination offset keyword. (cherry picked from commit fe9d5754a69be187abd0a0ab04129b074bc5e94a) --- src/manage_sql.c | 21 +++++++++++++++++++-- src/schema_formats/XML/GMP.xml.in | 14 ++++++++++++-- 2 files changed, 31 insertions(+), 4 deletions(-) diff --git a/src/manage_sql.c b/src/manage_sql.c index a7ebfe25e..f729429bc 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -14610,7 +14610,8 @@ append_to_task_string (task_t task, const char* field, const char* value) "last_report", "threat", "trend", "severity", "schedule", "next_due", \ "first", "last", "false_positive", "log", "low", "medium", "high", \ "hosts", "result_hosts", "fp_per_host", "log_per_host", "low_per_host", \ - "medium_per_host", "high_per_host", "target", "usage_type", NULL } + "medium_per_host", "high_per_host", "target", "usage_type", \ + "first_report_created", "last_report_created", NULL } /** * @brief Task iterator columns. @@ -14823,7 +14824,23 @@ append_to_task_string (task_t task, const char* field, const char* value) "(SELECT name FROM targets WHERE id = target)", \ "target", \ KEYWORD_TYPE_STRING \ - } + }, \ + { \ + "(SELECT creation_time FROM reports WHERE task = tasks.id" \ + /* TODO 1 == TASK_STATUS_DONE */ \ + " AND scan_run_status = 1" \ + " ORDER BY creation_time ASC LIMIT 1)", \ + "first_report_created", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "(SELECT creation_time FROM reports WHERE task = tasks.id" \ + /* TODO 1 == TASK_STATUS_DONE */ \ + " AND scan_run_status = 1" \ + " ORDER BY creation_time DESC LIMIT 1)", \ + "last_report_created", \ + KEYWORD_TYPE_INTEGER \ + } \ /** * @brief Task iterator WHERE columns. diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in index 5074be7fa..79d7d0d73 100644 --- a/src/schema_formats/XML/GMP.xml.in +++ b/src/schema_formats/XML/GMP.xml.in @@ -19559,15 +19559,25 @@ along with this program. If not, see . Time the task is next due to run - first + first_report_created iso_time Timestamp of the first report - last + last_report_created iso_time Timestamp of the last finished report + + first + iso_time + Timestamp of the first report (deprecated, use first_report_created) + + + last + iso_time + Timestamp of the last finished report (deprecated, use last_report_created) + false_positive integer From 905c84b472149e4b9ab320aa2be99356dd2b80ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Ricks?= Date: Mon, 10 Oct 2022 10:41:50 +0200 Subject: [PATCH 010/120] Fix: Fix regex for new glib2.0 >= 2.73.2 Patch by Sophie Brun . Since glib2.0 version 2.73.2, they replace PCRE1 with PCRE2 and it seems that some functionalities are no longer supported. See https://gitlab.gnome.org/GNOME/glib/-/issues/2760 http://www.pcre.org/current/doc/html/pcre2pattern.html#SEC9 We need to place the hyphen at the end of the class. " If a minus character is required in a class, it must be escaped with a backslash or appear in a position where it cannot be interpreted as indicating a range, typically as the first or last character in the class, or immediately after a range." Bug-Kali: https://bugs.kali.org/view.php?id=7926 (cherry picked from commit e2a18410cb6f0d79221b4f9d1ab8b97d18fc4118) --- src/manage.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/manage.c b/src/manage.c index 47499c8ad..35e3218d8 100644 --- a/src/manage.c +++ b/src/manage.c @@ -5952,7 +5952,7 @@ manage_read_info (gchar *type, gchar *uid, gchar *name, gchar **result) int validate_username (const gchar * name) { - if (g_regex_match_simple ("^[[:alnum:]-_.]+$", name, 0, 0)) + if (g_regex_match_simple ("^[[:alnum:]_.-]+$", name, 0, 0)) return 0; else return 1; From 48f77b52497b1063cc1be8f6edf9546fb207ed1b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Ricks?= Date: Mon, 10 Oct 2022 11:14:48 +0200 Subject: [PATCH 011/120] Change: Escape minus in regular expressions for pcre 2 compatibility Escape all minus symbols in regular expressions to ensure the expressions are compatible with pcre 2. (cherry picked from commit 912350f7c40e47b24c121d7d1a27a2ec5bcd9754) --- src/manage_configs.c | 2 +- src/manage_port_lists.c | 2 +- src/manage_report_formats.c | 2 +- src/manage_sql.c | 8 ++++---- src/manage_sql_report_formats.c | 2 +- src/utils.c | 2 +- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/manage_configs.c b/src/manage_configs.c index f06f03f88..8ebd09617 100644 --- a/src/manage_configs.c +++ b/src/manage_configs.c @@ -316,7 +316,7 @@ should_sync_config_from_path (const char *path, gboolean rebuild, split = g_regex_split_simple (/* Full-and-Fast--daba56c8-73ec-11df-a475-002264764cea.xml */ - "^.*([0-9a-f]{8})-([0-9a-f]{4})-([0-9a-f]{4})-([0-9a-f]{4})-([0-9a-f]{12}).xml$", + "^.*([0-9a-f]{8})\\-([0-9a-f]{4})\\-([0-9a-f]{4})\\-([0-9a-f]{4})\\-([0-9a-f]{12}).xml$", path, 0, 0); if (split == NULL || g_strv_length (split) != 7) diff --git a/src/manage_port_lists.c b/src/manage_port_lists.c index f8e0a2fc8..eb8ffe8a4 100644 --- a/src/manage_port_lists.c +++ b/src/manage_port_lists.c @@ -252,7 +252,7 @@ should_sync_port_list_from_path (const char *path, gboolean rebuild, split = g_regex_split_simple (/* Full-and-Fast--daba56c8-73ec-11df-a475-002264764cea.xml */ - "^.*([0-9a-f]{8})-([0-9a-f]{4})-([0-9a-f]{4})-([0-9a-f]{4})-([0-9a-f]{12}).xml$", + "^.*([0-9a-f]{8})\\-([0-9a-f]{4})\\-([0-9a-f]{4})\\-([0-9a-f]{4})\\-([0-9a-f]{12}).xml$", path, 0, 0); if (split == NULL || g_strv_length (split) != 7) diff --git a/src/manage_report_formats.c b/src/manage_report_formats.c index b5f0fe403..d8c0b16e9 100644 --- a/src/manage_report_formats.c +++ b/src/manage_report_formats.c @@ -612,7 +612,7 @@ should_sync_report_format_from_path (const char *path, split = g_regex_split_simple (/* Full-and-Fast--daba56c8-73ec-11df-a475-002264764cea.xml */ - "^.*([0-9a-f]{8})-([0-9a-f]{4})-([0-9a-f]{4})-([0-9a-f]{4})-([0-9a-f]{12}).xml$", + "^.*([0-9a-f]{8})\\-([0-9a-f]{4})\\-([0-9a-f]{4})\\-([0-9a-f]{4})\\-([0-9a-f]{12}).xml$", path, 0, 0); if (split == NULL || g_strv_length (split) != 7) diff --git a/src/manage_sql.c b/src/manage_sql.c index f729429bc..e5127b647 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -6997,7 +6997,7 @@ validate_tippingpoint_data (alert_method_t method, const gchar *name, if (strcmp (name, "tp_sms_hostname") == 0) { - if (g_regex_match_simple ("^[0-9A-Za-z][0-9A-Za-z.-]*$", + if (g_regex_match_simple ("^[0-9A-Za-z][0-9A-Za-z.\\-]*$", *data, 0, 0) == FALSE) { @@ -49757,8 +49757,8 @@ modify_setting (const gchar *uuid, const gchar *name, */ languages_regex = g_regex_new ("^(Browser Language|" - "([a-z]{2,3})(_[A-Z]{2})?(@[[:alnum:]_-]+)?" - "(:([a-z]{2,3})(_[A-Z]{2})?(@[[:alnum:]_-]+)?)*)$", + "([a-z]{2,3})(_[A-Z]{2})?(@[[:alnum:]_\\-]+)?" + "(:([a-z]{2,3})(_[A-Z]{2})?(@[[:alnum:]_\\-]+)?)*)$", 0, 0, NULL); match = g_regex_match (languages_regex, value, 0, NULL); g_regex_unref (languages_regex); @@ -50326,7 +50326,7 @@ setting_verify (const gchar *uuid, const gchar *value, const gchar *user) if (strcmp (uuid, SETTING_UUID_LSC_DEB_MAINTAINER) == 0) { if (g_regex_match_simple - ("^([[:alnum:]-_]*@[[:alnum:]-_][[:alnum:]-_.]*)?$", + ("^([[:alnum:]\\-_]*@[[:alnum:]\\-_][[:alnum:]\\-_.]*)?$", value, 0, 0) == FALSE) return 1; } diff --git a/src/manage_sql_report_formats.c b/src/manage_sql_report_formats.c index 304d75931..1440597ad 100644 --- a/src/manage_sql_report_formats.c +++ b/src/manage_sql_report_formats.c @@ -2472,7 +2472,7 @@ validate_param_value (report_format_t report_format, case REPORT_FORMAT_PARAM_TYPE_REPORT_FORMAT_LIST: { if (g_regex_match_simple - ("^(?:[[:alnum:]-_]+)?(?:,(?:[[:alnum:]-_])+)*$", value, 0, 0) + ("^(?:[[:alnum:]\\-_]+)?(?:,(?:[[:alnum:]\\-_])+)*$", value, 0, 0) == FALSE) return 1; else diff --git a/src/utils.c b/src/utils.c index b0a40d3c1..0d936b676 100644 --- a/src/utils.c +++ b/src/utils.c @@ -339,7 +339,7 @@ parse_iso_time_tz (const char *text_time, const char *fallback_tz) epoch_time = 0; if (regex == NULL) - regex = g_regex_new ("^([0-9]{4}-[0-9]{2}-[0-9]{2})" + regex = g_regex_new ("^([0-9]{4}\\-[0-9]{2}\\-[0-9]{2})" "[T ]([0-9]{2}:[0-9]{2})" "(:[0-9]{2})?(?:\\.[0-9]+)?" "(Z|[+-][0-9]{2}:?[0-9]{2})?$", From 806eeb1692316eea7a97cdc4ae5d52acd45a4a9d Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Thu, 20 Oct 2022 13:35:35 +0200 Subject: [PATCH 012/120] Clean up old SQL functions now included in pg-gvm If the extension pg-gvm is not installed yet, gvmd will try to remove the functions now included in the extension before installing the extension. This is needed because with PostgreSQL 13.8 the extension can no longer simply overwrite the functions. (cherry picked from commit 1937eec61cff30949494838e342cce2dac7b4aa2) --- src/manage_pg.c | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/src/manage_pg.c b/src/manage_pg.c index 8ad4aa45d..952b6474f 100644 --- a/src/manage_pg.c +++ b/src/manage_pg.c @@ -2985,6 +2985,39 @@ db_extension_available (const char *name) } } +/** + * @brief Clean up old SQL functions now incliuded in the pg-gvm extension. + */ +void +cleanup_old_sql_functions () +{ + if (sql_int("SELECT count(*) FROM pg_extension WHERE extname = 'pg-gvm'")) + { + g_message ("%s: pg-gvm already installed, skipping function cleanup", + __func__); + return; + } + + g_message ("%s: cleaning up SQL functions now included in pg-gvm extension", + __func__); + + sql ("DROP FUNCTION IF EXISTS" + " hosts_contains (text, text) CASCADE;"); + + sql ("DROP FUNCTION IF EXISTS" + " max_hosts (text, text) CASCADE;"); + + sql ("DROP FUNCTION IF EXISTS" + " next_time_ical (text, bigint, text) CASCADE;"); + + sql ("DROP FUNCTION IF EXISTS" + " next_time_ical (text, bigint, text, integer) CASCADE;"); + + sql ("DROP FUNCTION IF EXISTS" + " regexp (text, text) CASCADE;"); + +} + /** * @brief Ensure all extensions are installed. * @@ -3002,6 +3035,10 @@ check_db_extensions () // Switch to superuser role and try to install extensions. sql ("SET ROLE \"%s\";", DB_SUPERUSER_ROLE); + // Clean up old functions now in pg-gvm + cleanup_old_sql_functions (); + + // Install the extensions sql ("CREATE EXTENSION IF NOT EXISTS \"uuid-ossp\""); sql ("CREATE EXTENSION IF NOT EXISTS \"pgcrypto\""); sql ("CREATE EXTENSION IF NOT EXISTS \"pg-gvm\""); From 386dc80b86b20ab5ae576e10ddc274e77a3df989 Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Thu, 20 Oct 2022 14:41:07 +0200 Subject: [PATCH 013/120] Fix migration of task_severity for versions < 245 (cherry picked from commit 60a8e38be12006b04f7453cabc08304960afc6ad) --- src/manage_pg.c | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/src/manage_pg.c b/src/manage_pg.c index 952b6474f..bb10b4dc6 100644 --- a/src/manage_pg.c +++ b/src/manage_pg.c @@ -1210,7 +1210,7 @@ manage_create_sql_functions () TASK_STATUS_DONE); } - /* result_nvt column (in OVERRIDES_SQL) was added in version 189. */ + /* if (current_db_version >= 189) */ /* column date in table reports was renamed to creation_time in version 245 */ if (current_db_version >= 245) @@ -1234,6 +1234,28 @@ manage_create_sql_functions () "$$ LANGUAGE SQL;", TASK_STATUS_DONE); } + /* result_nvt column (in OVERRIDES_SQL) was added in version 189. */ + else if (current_db_version >= 189) + { + sql ("CREATE OR REPLACE FUNCTION task_severity (integer," // task + " integer," // overrides + " integer)" // min_qod + " RETURNS double precision AS $$" + /* Calculate the severity of a task. */ + " SELECT CASE" + " WHEN (SELECT target = 0" + " FROM tasks WHERE id = $1)" + " THEN CAST (NULL AS double precision)" + " ELSE" + " (SELECT report_severity ((SELECT id FROM reports" + " WHERE task = $1" + " AND scan_run_status = %u" + " ORDER BY date DESC" + " LIMIT 1 OFFSET 0), $2, $3))" + " END;" + "$$ LANGUAGE SQL;", + TASK_STATUS_DONE); + } sql ("CREATE OR REPLACE FUNCTION task_trend (integer, integer, integer)" " RETURNS text AS $$" From 4ef482b450fef0bc3c2e07ce22eb0c22bc4ecece Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Thu, 20 Oct 2022 14:42:51 +0200 Subject: [PATCH 014/120] Change "pg-gvm already installed" level to debug (cherry picked from commit cd80636cfa06ef63b8997561187231e55e5f2c8f) --- src/manage_pg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/manage_pg.c b/src/manage_pg.c index bb10b4dc6..d38ea0927 100644 --- a/src/manage_pg.c +++ b/src/manage_pg.c @@ -3015,7 +3015,7 @@ cleanup_old_sql_functions () { if (sql_int("SELECT count(*) FROM pg_extension WHERE extname = 'pg-gvm'")) { - g_message ("%s: pg-gvm already installed, skipping function cleanup", + g_debug ("%s: pg-gvm already installed, skipping function cleanup", __func__); return; } From ef92900e536e37f595048c06a747b7e91280ba9f Mon Sep 17 00:00:00 2001 From: Jaspar S Date: Fri, 25 Nov 2022 10:51:37 +0100 Subject: [PATCH 015/120] Change: Implement new check to find WID-SEC advisories in the xml (#1874) (cherry picked from commit cba05961d922164f8036d337cada5b600b3d3bdd) --- src/manage.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/manage.c b/src/manage.c index 35e3218d8..b4e80a47e 100644 --- a/src/manage.c +++ b/src/manage.c @@ -5336,7 +5336,8 @@ get_cve_filename (char *item_id) /** * @brief Compute the filename where a given CERT-Bund Advisory can be found. * - * @param[in] item_id CERT-Bund identifier without version ("CB-K??/????"). + * @param[in] item_id CERT-Bund identifier without version + ("CB-K??/????" or "WID-SEC-????-????") * * @return A dynamically allocated string (to be g_free'd) containing the * path to the desired file or NULL on error. @@ -5350,6 +5351,11 @@ get_cert_bund_adv_filename (char *item_id) { return g_strdup_printf (CERT_BUND_ADV_FILENAME_FMT, year); } + if (sscanf (item_id, "WID-SEC-%d-%*s", &year) == 1 ) + { + // new year format is YYYY thus subtract 2000 from the int + return g_strdup_printf (CERT_BUND_ADV_FILENAME_FMT, year - 2000); + } return NULL; } From 61fe4bbf298cd35568825a90757110bab2f48e9c Mon Sep 17 00:00:00 2001 From: Christian Fischer Date: Mon, 5 Dec 2022 09:48:38 +0100 Subject: [PATCH 016/120] Minor coding style / function description update (cherry picked from commit 8a2dff8d59a7f640a01ba3472f467cd2b3daec00) --- src/manage.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/manage.c b/src/manage.c index b4e80a47e..6b2d6d2af 100644 --- a/src/manage.c +++ b/src/manage.c @@ -5336,8 +5336,8 @@ get_cve_filename (char *item_id) /** * @brief Compute the filename where a given CERT-Bund Advisory can be found. * - * @param[in] item_id CERT-Bund identifier without version - ("CB-K??/????" or "WID-SEC-????-????") + * @param[in] item_id CERT-Bund identifier without version + * ("CB-K??/????" or "WID-SEC-????-????") * * @return A dynamically allocated string (to be g_free'd) containing the * path to the desired file or NULL on error. @@ -5351,7 +5351,7 @@ get_cert_bund_adv_filename (char *item_id) { return g_strdup_printf (CERT_BUND_ADV_FILENAME_FMT, year); } - if (sscanf (item_id, "WID-SEC-%d-%*s", &year) == 1 ) + if (sscanf (item_id, "WID-SEC-%d-%*s", &year) == 1) { // new year format is YYYY thus subtract 2000 from the int return g_strdup_printf (CERT_BUND_ADV_FILENAME_FMT, year - 2000); From 919337d1ab87153ae34ca98e5508f28ef729c263 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Mon, 5 Dec 2022 10:23:33 +0100 Subject: [PATCH 017/120] Fix: buffer overrun in buffer_aggregate_xml() (#1880) When compiling with gcc on 32 bit armhf: sizeof(double) == 8, sizeof(double *) == 4 If needing a buffer for double, allocating space for a pointer is insufficient and leads to a buffer overrun when assigning a value. We shouldn't confound long int and long int* either. Signed-off-by: Heinrich Schuchardt Signed-off-by: Heinrich Schuchardt (cherry picked from commit 501700b50c330fb124cbe46e5c002aa2d2706333) --- src/gmp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/gmp.c b/src/gmp.c index e61be6eb5..5af16cb1c 100644 --- a/src/gmp.c +++ b/src/gmp.c @@ -10113,7 +10113,7 @@ buffer_aggregate_xml (GString *xml, iterator_t* aggregate, const gchar* type, = g_tree_lookup (subgroup_c_counts, subgroup_value); if (subgroup_c_count == NULL) { - subgroup_c_count = g_malloc0 (sizeof (long int*)); + subgroup_c_count = g_malloc0 (sizeof (long int)); g_tree_insert (subgroup_c_counts, g_strdup (subgroup_value), subgroup_c_count); @@ -10297,7 +10297,7 @@ buffer_aggregate_xml (GString *xml, iterator_t* aggregate, const gchar* type, if (subgroup_c_sum == NULL) { - subgroup_c_sum = g_malloc (sizeof (double *)); + subgroup_c_sum = g_malloc (sizeof (double)); *subgroup_c_sum = 0; g_tree_insert (c_sum_tree, From 36eacf9789f5b841d861c31f11d4a7cb3bacf56b Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Fri, 9 Dec 2022 11:31:32 +0100 Subject: [PATCH 018/120] Changed the compressing algorithm from xz to gz (gzip). Changed the compressing algorithm from xz to gz (gzip) because xz does not work on every system. (cherry picked from commit 93d77169c91604b98f12147ba664c7d883e4cb76) --- tools/gvm-lsc-deb-creator | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/gvm-lsc-deb-creator b/tools/gvm-lsc-deb-creator index 5f0af8f5a..87920350f 100755 --- a/tools/gvm-lsc-deb-creator +++ b/tools/gvm-lsc-deb-creator @@ -161,7 +161,7 @@ COPYRIGHT_FILE="${DOC_DATA_DIR}/copyright" # Create data archive cd "${DATA_DIR}" -tar -C "${DATA_DIR}" -acf "../data.tar.xz" "${HOME_SUBDIR}" "${DOC_SUBDIR}" +tar -C "${DATA_DIR}" -acf "../data.tar.gz" "${HOME_SUBDIR}" "${DOC_SUBDIR}" # From 51dc1caae3a187e36149073e0de9146237524f63 Mon Sep 17 00:00:00 2001 From: Johannes Helmold <83279292+jhelmold@users.noreply.github.com> Date: Fri, 9 Dec 2022 16:19:32 +0100 Subject: [PATCH 019/120] Update tools/gvm-lsc-deb-creator MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Björn Ricks (cherry picked from commit 777ab41944b7af5e9cd0d1c8e8f238afd37cf518) --- tools/gvm-lsc-deb-creator | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/gvm-lsc-deb-creator b/tools/gvm-lsc-deb-creator index 87920350f..236c541e9 100755 --- a/tools/gvm-lsc-deb-creator +++ b/tools/gvm-lsc-deb-creator @@ -161,7 +161,7 @@ COPYRIGHT_FILE="${DOC_DATA_DIR}/copyright" # Create data archive cd "${DATA_DIR}" -tar -C "${DATA_DIR}" -acf "../data.tar.gz" "${HOME_SUBDIR}" "${DOC_SUBDIR}" +tar -C "${DATA_DIR}" -acfz "../data.tar.gz" "${HOME_SUBDIR}" "${DOC_SUBDIR}" # From 6faf28e71d2ec5711cbc665e364485e773c1262d Mon Sep 17 00:00:00 2001 From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com> Date: Thu, 15 Dec 2022 13:46:35 +0000 Subject: [PATCH 020/120] Change: Update creating tags for container images (#1888) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Use new scheme for container image tags. (cherry picked from commit a035fb52d6fb10c1431bd3cd07f8710ca9c6280a) Co-authored-by: Björn Ricks --- .github/workflows/container.yml | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index 55f14d8d4..f0543cfe5 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -2,10 +2,10 @@ name: Container Image Builds on: push: - branches: [ main, stable, oldstable ] + branches: [main, stable, oldstable] tags: ["v*"] pull_request: - branches: [ main, stable, oldstable ] + branches: [main, stable, oldstable] workflow_dispatch: repository_dispatch: @@ -26,15 +26,20 @@ jobs: org.opencontainers.image.base.name=debian/stable-slim flavor: latest=false # no latest container tag for git tags tags: | - # create container tag for git tags - type=ref,event=tag + # use container tag for git tags + type=match,pattern=v(.*),group=1 + # use latest for latest tag from stable branch + type=raw,value=latest,enable=${{ github.ref_type == 'tag' && startsWith(github.ref_name, 'v22.4') }} + # use stable for latest 22.4 tag + type=raw,value=stable,enable=${{ github.ref_type == 'tag' && startsWith(github.ref_name, 'v22.4') }} + # use oldstable for latest 21.4 tag + type=raw,value=oldstable,enable=${{ github.ref_type == 'tag' && startsWith(github.ref_name, 'v21.4') }} + # use edge for default branch + type=edge + # use branch-sha otherwise for pushes to branches other then main (will not be uploaded) + type=raw,value={{branch}}-{{sha}},enable=${{ github.ref_type == 'branch' && github.event_name == 'push' && github.ref_name != 'main' }} + # use pr-$PR_ID for pull requests (will not be uploaded) type=ref,event=pr - # use latest for stable branch - type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'stable') }} - type=raw,value=stable,enable=${{ github.ref == format('refs/heads/{0}', 'stable') }} - type=raw,value=oldstable,enable=${{ github.ref == format('refs/heads/{0}', 'oldstable') }} - # use unstable for main branch - type=raw,value=unstable,enable={{is_default_branch}} - name: Login to Docker Registry if: github.event_name != 'pull_request' uses: docker/login-action@v2 @@ -49,7 +54,7 @@ jobs: uses: docker/build-push-action@v3 with: context: . - push: ${{ github.event_name != 'pull_request' }} + push: ${{ github.event_name != 'pull_request' && (github.ref_type == 'tag' || github.ref_name == 'main') }} file: .docker/prod.Dockerfile platforms: linux/amd64,linux/arm64 tags: ${{ steps.meta.outputs.tags }} From 0fb5fd022e04abce7c65c1054663c3756c7ae11a Mon Sep 17 00:00:00 2001 From: Jaspar S Date: Thu, 15 Dec 2022 16:38:36 +0100 Subject: [PATCH 021/120] Set version to 22.4.1 (#1892) --- CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 62d89c642..ad3000fc5 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -20,7 +20,7 @@ cmake_minimum_required (VERSION 3.0) message ("-- Configuring Greenbone Vulnerability Manager...") project (gvm - VERSION 22.4.0 + VERSION 22.4.1 LANGUAGES C) if (POLICY CMP0005) From f6cf217bc9dadd6f467b113426394187c1244216 Mon Sep 17 00:00:00 2001 From: Greenbone Bot Date: Thu, 15 Dec 2022 15:44:41 +0000 Subject: [PATCH 022/120] Changelog created for release to 22.4.1 --- .../site-packages/httpx/__version__.py | 3 +++ .../pip/_vendor/requests/__version__.py | 14 ++++++++++++ .../pontos/version/__version__.py | 5 +++++ changelog/v22.4.1.md | 22 +++++++++++++++++++ 4 files changed, 44 insertions(+) create mode 100644 .venv/lib/python3.9/site-packages/httpx/__version__.py create mode 100644 .venv/lib/python3.9/site-packages/pip/_vendor/requests/__version__.py create mode 100644 .venv/lib/python3.9/site-packages/pontos/version/__version__.py create mode 100644 changelog/v22.4.1.md diff --git a/.venv/lib/python3.9/site-packages/httpx/__version__.py b/.venv/lib/python3.9/site-packages/httpx/__version__.py new file mode 100644 index 000000000..36a6a14f9 --- /dev/null +++ b/.venv/lib/python3.9/site-packages/httpx/__version__.py @@ -0,0 +1,3 @@ +__title__ = "httpx" +__description__ = "A next generation HTTP client, for Python 3." +__version__ = "0.23.1" diff --git a/.venv/lib/python3.9/site-packages/pip/_vendor/requests/__version__.py b/.venv/lib/python3.9/site-packages/pip/_vendor/requests/__version__.py new file mode 100644 index 000000000..e725ada65 --- /dev/null +++ b/.venv/lib/python3.9/site-packages/pip/_vendor/requests/__version__.py @@ -0,0 +1,14 @@ +# .-. .-. .-. . . .-. .-. .-. .-. +# |( |- |.| | | |- `-. | `-. +# ' ' `-' `-`.`-' `-' `-' ' `-' + +__title__ = "requests" +__description__ = "Python HTTP for Humans." +__url__ = "https://requests.readthedocs.io" +__version__ = "2.28.1" +__build__ = 0x022801 +__author__ = "Kenneth Reitz" +__author_email__ = "me@kennethreitz.org" +__license__ = "Apache 2.0" +__copyright__ = "Copyright 2022 Kenneth Reitz" +__cake__ = "\u2728 \U0001f370 \u2728" diff --git a/.venv/lib/python3.9/site-packages/pontos/version/__version__.py b/.venv/lib/python3.9/site-packages/pontos/version/__version__.py new file mode 100644 index 000000000..6d5bbf3dd --- /dev/null +++ b/.venv/lib/python3.9/site-packages/pontos/version/__version__.py @@ -0,0 +1,5 @@ +# pylint: disable=invalid-name + +# THIS IS AN AUTOGENERATED FILE. DO NOT TOUCH! + +__version__ = "22.12.0" diff --git a/changelog/v22.4.1.md b/changelog/v22.4.1.md new file mode 100644 index 000000000..430558281 --- /dev/null +++ b/changelog/v22.4.1.md @@ -0,0 +1,22 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +## [22.4.1] - 2022-12-15 + +## Changed +* Update creating tags for container images (#1888) [6faf28e71](https://github.com/greenbone/gvmd/commit/6faf28e71) +* Implement new check to find WID-SEC advisories in the xml (backport #1874) [79964f2be](https://github.com/greenbone/gvmd/commit/79964f2be) +* Implement new check to find WID-SEC advisories in the xml (#1874) [ef92900e5](https://github.com/greenbone/gvmd/commit/ef92900e5) +* Escape minus in regular expressions for pcre 2 compatibility [48f77b524](https://github.com/greenbone/gvmd/commit/48f77b524) +* Split building build and production container images [f35abf80e](https://github.com/greenbone/gvmd/commit/f35abf80e) +* Run container image builds also for pull requests [9e61d283c](https://github.com/greenbone/gvmd/commit/9e61d283c) +* Use docker/meta-action for container tags and labels (#1855) [efe372c89](https://github.com/greenbone/gvmd/commit/efe372c89) +* Log client command errors only as debug message [b86adb995](https://github.com/greenbone/gvmd/commit/b86adb995) + +## Bug Fixes +* buffer overrun in buffer_aggregate_xml() (#1880) [919337d1a](https://github.com/greenbone/gvmd/commit/919337d1a) +* Clean up old SQL functions now included in pg-gvm [ad7cd9e5d](https://github.com/greenbone/gvmd/commit/ad7cd9e5d) +* Fix regex for new glib2.0 >= 2.73.2 [905c84b47](https://github.com/greenbone/gvmd/commit/905c84b47) + +[22.4.1]: https://github.com/greenbone/gvmd/compare/v9.0.1.post1...22.4.1 \ No newline at end of file From 181d5157976e6244eab7b7031e44c7f282d31e7b Mon Sep 17 00:00:00 2001 From: Greenbone Bot Date: Thu, 15 Dec 2022 15:44:41 +0000 Subject: [PATCH 023/120] Automatic release to 22.4.1 --- CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index ad3000fc5..2306b9f11 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -53,7 +53,7 @@ endif (NOT CMAKE_BUILD_TYPE MATCHES "Release") # Set dev version if this is a development version and not a full release, # unset (put value 0 or delete line) before a full release and reset after. -set (PROJECT_DEV_VERSION 1) +set (PROJECT_DEV_VERSION 0) # If PROJECT_DEV_VERSION is set, the version string will be set to: # "major.minor.patch~dev${PROJECT_DEV_VERSION}${GIT_REVISION}" From dd22e5d5cbc8c90d71d0fcf7e4a91d99886ce175 Mon Sep 17 00:00:00 2001 From: Greenbone Bot Date: Thu, 15 Dec 2022 15:44:43 +0000 Subject: [PATCH 024/120] Automatic adjustments after release * Update to version 22.4.2 --- CMakeLists.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 2306b9f11..8b8f720a8 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -20,7 +20,7 @@ cmake_minimum_required (VERSION 3.0) message ("-- Configuring Greenbone Vulnerability Manager...") project (gvm - VERSION 22.4.1 + VERSION 22.4.2 LANGUAGES C) if (POLICY CMP0005) @@ -53,7 +53,7 @@ endif (NOT CMAKE_BUILD_TYPE MATCHES "Release") # Set dev version if this is a development version and not a full release, # unset (put value 0 or delete line) before a full release and reset after. -set (PROJECT_DEV_VERSION 0) +set (PROJECT_DEV_VERSION 1) # If PROJECT_DEV_VERSION is set, the version string will be set to: # "major.minor.patch~dev${PROJECT_DEV_VERSION}${GIT_REVISION}" From f3e6f5eb2c96ffbd62fe0e873d1e95890b943f13 Mon Sep 17 00:00:00 2001 From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com> Date: Fri, 13 Jan 2023 07:42:42 +0000 Subject: [PATCH 025/120] Fix: The number of results in triggered alerts. (#1895) (#1896) * Fixed the number of results in triggered alerts. Now the number of results for automatically triggered alerts and manually triggered alerts are the same. * Fixed small memory bug. * Use selected report for manually triggered alert. Now the selected report is used for the manually triggered alert. Previously only the latest report (not the selected one) was used for the alert. * Refactoring of the first solution. * Added the header comment for the function "init_alert_get_data". (cherry picked from commit ea67ea30227cae36d8252e3076db33948a5939ff) Co-authored-by: Johannes Helmold <83279292+jhelmold@users.noreply.github.com> --- src/gmp.c | 38 ++++++++++++++++++++++++++++++++++++-- src/manage.h | 3 +++ src/manage_sql.c | 6 +++--- 3 files changed, 42 insertions(+), 5 deletions(-) diff --git a/src/gmp.c b/src/gmp.c index 5af16cb1c..1d24f2fa2 100644 --- a/src/gmp.c +++ b/src/gmp.c @@ -13977,6 +13977,41 @@ handle_get_preferences (gmp_parser_t *gmp_parser, GError **error) set_client_state (CLIENT_AUTHENTIC); } +/** + * @brief Init some data of the get_data_t structure of an alert. + * + * @param[in] alert_id Id of the alert the get_data_t structure + * belongs to. + * @param[in] get The get_data_t structure where some components + * are to be initialized + */ +static void +init_alert_get_data(const char *alert_id, get_data_t *get) +{ + alert_t alert = 0; + alert_method_t method; + char *to_free; + + /* Always enable details when using a report to test an alert. */ + get->details = 1; + get->ignore_pagination = 0; + + if (get->filter == NULL) + return; + if (strstr(get->filter, " rows=")) + return; + if (find_alert_with_permission (alert_id, &alert, "get_alerts")) + return; + if (alert == 0) + return; + + method = alert_method (alert); + to_free = get->filter; + get->filter = g_strdup_printf ("%s rows=%d", get->filter, + method == ALERT_METHOD_EMAIL ? 1000 : -1); + g_free(to_free); +} + /** * @brief Handle end of GET_REPORTS element. * @@ -14377,9 +14412,8 @@ handle_get_reports (gmp_parser_t *gmp_parser, GError **error) if (request_report) cleanup_iterator (&reports); - /* Always enable details when using a report to test an alert. */ if (get_reports_data->alert_id) - get_reports_data->get.details = 1; + init_alert_get_data(get_reports_data->alert_id, &get_reports_data->get); ret = manage_send_report (report, delta_report, diff --git a/src/manage.h b/src/manage.h index 03a11b83d..903ed7053 100644 --- a/src/manage.h +++ b/src/manage.h @@ -638,6 +638,9 @@ event_name (event_t); gchar* event_description (event_t, const void *, const char *); +alert_method_t +alert_method (alert_t alert); + const char* alert_method_name (alert_method_t); diff --git a/src/manage_sql.c b/src/manage_sql.c index e5127b647..09e1fdfa7 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -8047,7 +8047,7 @@ alert_condition (alert_t alert) * * @return Method. */ -static alert_method_t +alert_method_t alert_method (alert_t alert) { return sql_int ("SELECT method FROM alerts WHERE id = %llu;", @@ -12580,7 +12580,7 @@ escalate_2 (alert_t alert, task_t task, report_t report, event_t event, * anyway, to make it easier for the compiler to see. */ filter = 0; ret = report_content_for_alert - (alert, 0, task, get, + (alert, report, task, get, "notice_report_format", NULL, /* TXT fallback */ @@ -12660,7 +12660,7 @@ escalate_2 (alert_t alert, task_t task, report_t report, event_t event, * anyway, to make it easier for the compiler to see. */ filter = 0; ret = report_content_for_alert - (alert, 0, task, get, + (alert, report, task, get, "notice_attach_format", NULL, /* TXT fallback */ From ad0971a8945496ed7055a11f87e5af52c7f3ef7b Mon Sep 17 00:00:00 2001 From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com> Date: Fri, 13 Jan 2023 08:04:30 +0000 Subject: [PATCH 026/120] Change Use release action (#1890) (#1897) (cherry picked from commit 79caa6dacc166a9d0e6d1e92c50136e39c8db10f) Co-authored-by: Jaspar S --- .github/workflows/release-pontos-manually.yml | 75 +++++-------------- 1 file changed, 19 insertions(+), 56 deletions(-) diff --git a/.github/workflows/release-pontos-manually.yml b/.github/workflows/release-pontos-manually.yml index a63770706..5d40900f1 100644 --- a/.github/workflows/release-pontos-manually.yml +++ b/.github/workflows/release-pontos-manually.yml @@ -1,64 +1,27 @@ -name: Manually release gvm-libs with pontos +name: Manually release gvmd with pontos on: workflow_dispatch: + inputs: + branch: + description: "Branch" + required: true + default: "main" jobs: build-and-release: - env: - GITHUB_USER: ${{ secrets.GREENBONE_BOT }} - GITHUB_MAIL: ${{ secrets.GREENBONE_BOT_MAIL }} - GITHUB_TOKEN: ${{ secrets.GREENBONE_BOT_TOKEN }} - GPG_KEY: ${{ secrets.GPG_KEY }} - GPG_FINGERPRINT: ${{ secrets.GPG_FINGERPRINT }} - GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} name: Build and release with pontos - runs-on: 'ubuntu-latest' + runs-on: "ubuntu-latest" steps: - - uses: actions/checkout@v3 - with: - persist-credentials: false - - name: Set up Python - uses: actions/setup-python@v4 - with: - python-version: 3.8 - - name: Install pontos - run: | - apt-get update && apt-get --assume-yes install python3-venv - python3 -m venv .venv - . .venv/bin/activate - python -m pip install --upgrade pip - python -m pip install --upgrade pontos - - name: Tell git who I am - run: | - git config --global user.name "${{ env.GITHUB_USER }}" - git config --global user.email "${{ env.GITHUB_MAIL }}" - git remote set-url origin https://${{ env.GITHUB_TOKEN }}@github.com/${{ github.repository }} - - name: Print base branch - # we always should've checked out the correct branch' - run: echo "Current Branch is $GITHUB_BASE_REF" - - name: Prepare patch release with pontos - run: | - . .venv/bin/activate - pontos-release prepare --patch - echo "VERSION=$(pontos-version show)" >> $GITHUB_ENV - - name: Release with pontos - run: | - . .venv/bin/activate - pontos-release release - - name: Import key from secrets - run: | - echo -e "${{ env.GPG_KEY }}" >> tmp.file - gpg \ - --pinentry-mode loopback \ - --passphrase ${{ env.GPG_PASSPHRASE }} \ - --import tmp.file - rm tmp.file - - name: Sign with pontos-release sign - run: | - echo "Signing assets for ${{env.VERSION}}" - . .venv/bin/activate - pontos-release sign \ - --signing-key ${{ env.GPG_FINGERPRINT }} \ - --passphrase ${{ env.GPG_PASSPHRASE }} \ - --release-version ${{ env.VERSION }} + - name: Release with release action + uses: greenbone/actions/release@v2 + with: + conventional-commits: true + ref: ${{ github.event.inputs.branch }} + github-user: ${{ secrets.GREENBONE_BOT }} + github-user-mail: ${{ secrets.GREENBONE_BOT_MAIL }} + github-user-token: ${{ secrets.GREENBONE_BOT_TOKEN }} + gpg-key: ${{ secrets.GPG_KEY }} + gpg-fingerprint: ${{ secrets.GPG_FINGERPRINT }} + gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }} + strategy: calendar From 56f5f25914bc4055073d236d51fe2302ed1e8ca8 Mon Sep 17 00:00:00 2001 From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com> Date: Fri, 13 Jan 2023 08:14:35 +0000 Subject: [PATCH 027/120] Fixing the strategy of the action (#1891) (#1898) (cherry picked from commit 1470e091101d0ac5642302f2de39e70b79522187) # Conflicts: # .github/workflows/release-pontos-manually.yml Co-authored-by: Jaspar S --- .github/workflows/release-pontos-manually.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/release-pontos-manually.yml b/.github/workflows/release-pontos-manually.yml index 5d40900f1..a717c35e4 100644 --- a/.github/workflows/release-pontos-manually.yml +++ b/.github/workflows/release-pontos-manually.yml @@ -24,4 +24,3 @@ jobs: gpg-key: ${{ secrets.GPG_KEY }} gpg-fingerprint: ${{ secrets.GPG_FINGERPRINT }} gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }} - strategy: calendar From ec73dd14364f112635d17086be2a58456240cfbe Mon Sep 17 00:00:00 2001 From: Greenbone Bot Date: Fri, 13 Jan 2023 08:21:14 +0000 Subject: [PATCH 028/120] Changelog created for release to 22.4.2 --- .venv/lib/python3.9/site-packages/httpx/__version__.py | 2 +- .../site-packages/pontos/version/__version__.py | 2 +- changelog/v22.4.2.md | 10 ++++++++++ 3 files changed, 12 insertions(+), 2 deletions(-) create mode 100644 changelog/v22.4.2.md diff --git a/.venv/lib/python3.9/site-packages/httpx/__version__.py b/.venv/lib/python3.9/site-packages/httpx/__version__.py index 36a6a14f9..c8823f368 100644 --- a/.venv/lib/python3.9/site-packages/httpx/__version__.py +++ b/.venv/lib/python3.9/site-packages/httpx/__version__.py @@ -1,3 +1,3 @@ __title__ = "httpx" __description__ = "A next generation HTTP client, for Python 3." -__version__ = "0.23.1" +__version__ = "0.23.3" diff --git a/.venv/lib/python3.9/site-packages/pontos/version/__version__.py b/.venv/lib/python3.9/site-packages/pontos/version/__version__.py index 6d5bbf3dd..3b1dc90f0 100644 --- a/.venv/lib/python3.9/site-packages/pontos/version/__version__.py +++ b/.venv/lib/python3.9/site-packages/pontos/version/__version__.py @@ -2,4 +2,4 @@ # THIS IS AN AUTOGENERATED FILE. DO NOT TOUCH! -__version__ = "22.12.0" +__version__ = "23.1.0" diff --git a/changelog/v22.4.2.md b/changelog/v22.4.2.md new file mode 100644 index 000000000..2a2ce5321 --- /dev/null +++ b/changelog/v22.4.2.md @@ -0,0 +1,10 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +## [22.4.2] - 2023-01-13 + +## Bug Fixes +* The number of results in triggered alerts. (#1895) (#1896) [f3e6f5eb2](https://github.com/greenbone/gvmd/commit/f3e6f5eb2) + +[22.4.2]: https://github.com/greenbone/gvmd/compare/v9.0.1.post1...22.4.2 \ No newline at end of file From 513f0d73bf2e2457e1b6bb7440c3102acf07b07c Mon Sep 17 00:00:00 2001 From: Greenbone Bot Date: Fri, 13 Jan 2023 08:21:14 +0000 Subject: [PATCH 029/120] Automatic release to 22.4.2 --- CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 8b8f720a8..0022d6a1c 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -53,7 +53,7 @@ endif (NOT CMAKE_BUILD_TYPE MATCHES "Release") # Set dev version if this is a development version and not a full release, # unset (put value 0 or delete line) before a full release and reset after. -set (PROJECT_DEV_VERSION 1) +set (PROJECT_DEV_VERSION 0) # If PROJECT_DEV_VERSION is set, the version string will be set to: # "major.minor.patch~dev${PROJECT_DEV_VERSION}${GIT_REVISION}" From 4f0b9b7af1ff203ed211f5912e72aedecbd1f8b0 Mon Sep 17 00:00:00 2001 From: Greenbone Bot Date: Fri, 13 Jan 2023 08:21:16 +0000 Subject: [PATCH 030/120] Automatic adjustments after release * Update to version 22.4.3 --- CMakeLists.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 0022d6a1c..4813d05ac 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -20,7 +20,7 @@ cmake_minimum_required (VERSION 3.0) message ("-- Configuring Greenbone Vulnerability Manager...") project (gvm - VERSION 22.4.2 + VERSION 22.4.3 LANGUAGES C) if (POLICY CMP0005) @@ -53,7 +53,7 @@ endif (NOT CMAKE_BUILD_TYPE MATCHES "Release") # Set dev version if this is a development version and not a full release, # unset (put value 0 or delete line) before a full release and reset after. -set (PROJECT_DEV_VERSION 0) +set (PROJECT_DEV_VERSION 1) # If PROJECT_DEV_VERSION is set, the version string will be set to: # "major.minor.patch~dev${PROJECT_DEV_VERSION}${GIT_REVISION}" From 9e9a39150755b4a7c8fd3afdb5b97bd29e27f929 Mon Sep 17 00:00:00 2001 From: Christian Fischer Date: Tue, 31 Jan 2023 10:40:41 +0100 Subject: [PATCH 031/120] Fix: Escape CMakeLists argument with double quotes (cherry picked from commit 0194b768778ea69e65740ac10d61fc278ffc80aa) --- src/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 7e815c7de..3b9d351cc 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -45,7 +45,7 @@ find_package (PostgreSQL REQUIRED) if (NOT PostgreSQL_FOUND) message (SEND_ERROR "The PostgreSQL library is required.") endif (NOT PostgreSQL_FOUND) -string (REGEX MATCH "^[ \t]*\([0-9]+\)\\.\([0-9]+\)\(.*\)" TEMP ${PostgreSQL_VERSION_STRING}) +string (REGEX MATCH "^[ \t]*\([0-9]+\)\\.\([0-9]+\)\(.*\)" TEMP "${PostgreSQL_VERSION_STRING}") if (NOT CMAKE_MATCH_1) message (SEND_ERROR "Error matching PostgreSQL version.") elseif ((CMAKE_MATCH_1 EQUAL 9 AND CMAKE_MATCH_2 LESS 6) From d07a25f6025387ab42f848cba47cb69b61fa5c78 Mon Sep 17 00:00:00 2001 From: Christian Fischer Date: Wed, 8 Feb 2023 07:50:26 +0100 Subject: [PATCH 032/120] Fix typo in function description (cherry picked from commit 8399e1fde06ca3ac7efe67bb6f55e9c0a52bf9c9) --- src/manage_pg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/manage_pg.c b/src/manage_pg.c index d38ea0927..95fd82230 100644 --- a/src/manage_pg.c +++ b/src/manage_pg.c @@ -3008,7 +3008,7 @@ db_extension_available (const char *name) } /** - * @brief Clean up old SQL functions now incliuded in the pg-gvm extension. + * @brief Clean up old SQL functions now included in the pg-gvm extension. */ void cleanup_old_sql_functions () From 47da9a93f5eff354d8e44c5cb410c504057bd636 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Ricks?= Date: Thu, 9 Feb 2023 12:54:09 +0100 Subject: [PATCH 033/120] Change: Use a single workflow file for releases Merge manual and automatic releases (via PR label) into a single CI workflow. Note: strategy calendar must be changed to patch for the stable branch. (cherry picked from commit 9ee45340dd08b46b241f4e47464543ef4a7bafa9) --- .github/workflows/release-pontos-manually.yml | 26 -------------- .github/workflows/release-pontos.yml | 34 +++++++++++++++++++ 2 files changed, 34 insertions(+), 26 deletions(-) delete mode 100644 .github/workflows/release-pontos-manually.yml create mode 100644 .github/workflows/release-pontos.yml diff --git a/.github/workflows/release-pontos-manually.yml b/.github/workflows/release-pontos-manually.yml deleted file mode 100644 index a717c35e4..000000000 --- a/.github/workflows/release-pontos-manually.yml +++ /dev/null @@ -1,26 +0,0 @@ -name: Manually release gvmd with pontos - -on: - workflow_dispatch: - inputs: - branch: - description: "Branch" - required: true - default: "main" - -jobs: - build-and-release: - name: Build and release with pontos - runs-on: "ubuntu-latest" - steps: - - name: Release with release action - uses: greenbone/actions/release@v2 - with: - conventional-commits: true - ref: ${{ github.event.inputs.branch }} - github-user: ${{ secrets.GREENBONE_BOT }} - github-user-mail: ${{ secrets.GREENBONE_BOT_MAIL }} - github-user-token: ${{ secrets.GREENBONE_BOT_TOKEN }} - gpg-key: ${{ secrets.GPG_KEY }} - gpg-fingerprint: ${{ secrets.GPG_FINGERPRINT }} - gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }} diff --git a/.github/workflows/release-pontos.yml b/.github/workflows/release-pontos.yml new file mode 100644 index 000000000..85da7c555 --- /dev/null +++ b/.github/workflows/release-pontos.yml @@ -0,0 +1,34 @@ +name: Release gvmd with pontos + +on: + pull_request: + types: [closed] + workflow_dispatch: + +jobs: + build-and-release: + name: Create a new release with pontos + # If the event is a workflow_dispatch or the label 'make release' is set and PR is closed because of a merge + if: (github.event_name == 'workflow_dispatch') || (contains( github.event.pull_request.labels.*.name, 'make release') && github.event.pull_request.merged == true) + runs-on: "ubuntu-latest" + steps: + - name: Setting the Reference + run: | + if [[ "${{ github.event_name }}" = "workflow_dispatch" ]]; then + echo "RELEASE_REF=${{ github.ref_name }}" >> $GITHUB_ENV + else + echo "RELEASE_REF=${{ github.base_ref }}" >> $GITHUB_ENV + fi + - name: Release with release action + uses: greenbone/actions/release@v2 + with: + python-version: "3.10" + conventional-commits: true + github-user: ${{ secrets.GREENBONE_BOT }} + github-user-mail: ${{ secrets.GREENBONE_BOT_MAIL }} + github-user-token: ${{ secrets.GREENBONE_BOT_TOKEN }} + gpg-key: ${{ secrets.GPG_KEY }} + gpg-fingerprint: ${{ secrets.GPG_FINGERPRINT }} + gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }} + strategy: calendar + ref: ${{ env.RELEASE_REF }} From 3f4af1e6a8b00bbd2107b20085b401d0c37272e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Ricks?= Date: Thu, 9 Feb 2023 13:08:34 +0100 Subject: [PATCH 034/120] Use release strategy patch in stable branch --- .github/workflows/release-pontos.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-pontos.yml b/.github/workflows/release-pontos.yml index 85da7c555..f381334d5 100644 --- a/.github/workflows/release-pontos.yml +++ b/.github/workflows/release-pontos.yml @@ -30,5 +30,5 @@ jobs: gpg-key: ${{ secrets.GPG_KEY }} gpg-fingerprint: ${{ secrets.GPG_FINGERPRINT }} gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }} - strategy: calendar + strategy: patch ref: ${{ env.RELEASE_REF }} From b81929ec9242dc02f2300ba77bd2acd445328add Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Ricks?= Date: Thu, 9 Feb 2023 12:55:51 +0100 Subject: [PATCH 035/120] Change: Use default Greenbone PR template Remove own PR template in favor of the one from the Greenbone GitHub organization. (cherry picked from commit e5d9ed38d26a12104a8635d47030ac3a41be5470) --- .github/PULL_REQUEST_TEMPLATE.md | 31 ------------------------------- 1 file changed, 31 deletions(-) delete mode 100644 .github/PULL_REQUEST_TEMPLATE.md diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md deleted file mode 100644 index e669d5a65..000000000 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ /dev/null @@ -1,31 +0,0 @@ -**What**: - - - -**Why**: - - - -**How did you test it**: - - - -**Checklist**: - - - - - -- [ ] Tests -- [ ] PR merge commit message adjusted From ef748169bb8eeb3ac43891bfeb9f6184a483fcc6 Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Fri, 27 Jan 2023 09:48:37 +0100 Subject: [PATCH 036/120] Avoid frequent re-authentication. Suppressed the permanent new authentication process by extending the auth_cache logic. (cherry picked from commit 232ef0ced1f02f0f9bd56c38bca337c16a062701) --- src/CMakeLists.txt | 2 +- src/gmp.c | 19 +++++++++- src/gmp_logout.c | 88 ++++++++++++++++++++++++++++++++++++++++++++++ src/gmp_logout.h | 29 +++++++++++++++ src/gvmd.c | 9 +++++ src/manage.c | 31 ++++++++++++++++ src/manage.h | 8 +++++ src/manage_sql.c | 63 ++++++++++++++++++++++++++++++--- 8 files changed, 242 insertions(+), 7 deletions(-) create mode 100644 src/gmp_logout.c create mode 100644 src/gmp_logout.h diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 3b9d351cc..c62487ec3 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -263,7 +263,7 @@ add_executable (gvmd sql_pg.c manage_pg.c lsc_user.c lsc_crypt.c utils.c gmp.c gmp_base.c gmp_configs.c gmp_delete.c gmp_get.c - gmp_license.c + gmp_license.c gmp_logout.c gmp_port_lists.c gmp_report_formats.c gmp_tickets.c gmp_tls_certificates.c) diff --git a/src/gmp.c b/src/gmp.c index 1d24f2fa2..08eb350d4 100644 --- a/src/gmp.c +++ b/src/gmp.c @@ -89,6 +89,7 @@ #include "gmp_get.h" #include "gmp_configs.h" #include "gmp_license.h" +#include "gmp_logout.h" #include "gmp_port_lists.h" #include "gmp_report_formats.h" #include "gmp_tickets.h" @@ -4322,6 +4323,7 @@ typedef enum CLIENT_GET_VERSION_AUTHENTIC, CLIENT_GET_VULNS, CLIENT_HELP, + CLIENT_LOGOUT, CLIENT_MODIFY_ALERT, CLIENT_MODIFY_ALERT_ACTIVE, CLIENT_MODIFY_ALERT_COMMENT, @@ -5696,6 +5698,10 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context, &help_data->type); set_client_state (CLIENT_HELP); } + else if (strcasecmp ("LOGOUT", element_name) == 0) + { + set_client_state (CLIENT_LOGOUT); + } else if (strcasecmp ("MODIFY_ALERT", element_name) == 0) { modify_alert_data->event_data = make_array (); @@ -7684,6 +7690,10 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context, set_read_over (gmp_parser); break; + case CLIENT_LOGOUT: + logout_element_start (gmp_parser, element_name, + attribute_names, attribute_values); + break; case CLIENT_MODIFY_LICENSE: modify_license_element_start (gmp_parser, element_name, attribute_names, attribute_values); @@ -22191,7 +22201,14 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context, } set_client_state (CLIENT_AUTHENTIC); break; - + case CLIENT_LOGOUT: + { + if (logout_element_end (gmp_parser, error, element_name)) + { + set_client_state (CLIENT_TOP); + } + break; + } case CLIENT_MODIFY_ALERT: { event_t event; diff --git a/src/gmp_logout.c b/src/gmp_logout.c new file mode 100644 index 000000000..a06adfe12 --- /dev/null +++ b/src/gmp_logout.c @@ -0,0 +1,88 @@ +/* Copyright (C) 2021-2022 Greenbone Networks GmbH + * + * SPDX-License-Identifier: AGPL-3.0-or-later + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +/** + * @file gmp_logout.c + * @brief GVM GMP layer: Logout handling + * + * This includes functions for GMP handling of the user logout. + */ + +#include "gmp_logout.h" +#include "manage.h" + +typedef struct +{ + context_data_t *context; ///< XML parser context. +} do_logout_t; + +static do_logout_t logout_data; + +/** + * @brief Start element. + * + * @param[in] gmp_parser GMP parser. + * @param[in] name Element name. + * @param[in] attribute_names All attribute names. + * @param[in] attribute_values All attribute values. + */ +void +logout_element_start (gmp_parser_t *gmp_parser, + const gchar *name, + const gchar **attribute_names, + const gchar **attribute_values) +{ + xml_handle_start_element (logout_data.context, name, + attribute_names, attribute_values); +} + +/** + * @brief Execute command. + * + * @param[in] gmp_parser GMP parser. + * @param[in] error Error parameter. + */ +static void +logout_run (gmp_parser_t *gmp_parser, + GError **error) +{ + logout_user (); +} + +/** + * @brief End element. + * + * @param[in] gmp_parser GMP parser. + * @param[in] error Error parameter. + * @param[in] name Element name. + * + * @return 0 success, 1 command finished. + */ +int +logout_element_end (gmp_parser_t *gmp_parser, + GError **error, + const gchar *name) +{ + xml_handle_end_element (logout_data.context, name); + if (logout_data.context->done) + { + logout_run (gmp_parser, error); + return 1; + } + return 0; +} diff --git a/src/gmp_logout.h b/src/gmp_logout.h new file mode 100644 index 000000000..efeb26e16 --- /dev/null +++ b/src/gmp_logout.h @@ -0,0 +1,29 @@ +/* Copyright (C) 2021-2022 Greenbone Networks GmbH + * + * SPDX-License-Identifier: AGPL-3.0-or-later + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +#include "gmp_base.h" + +#include +#include + +void +logout_element_start (gmp_parser_t *, const gchar *, + const gchar **, const gchar **); + +int +logout_element_end (gmp_parser_t *, GError **, const gchar *); diff --git a/src/gvmd.c b/src/gvmd.c index 80fe5919a..9adf06c4f 100644 --- a/src/gvmd.c +++ b/src/gvmd.c @@ -1822,6 +1822,7 @@ gvmd (int argc, char** argv, char *env[]) { /* Process options. */ + static int auth_timeout = 15; static gboolean check_alerts = FALSE; static gboolean migrate_database = FALSE; static gboolean encrypt_all_credentials = FALSE; @@ -1895,6 +1896,11 @@ gvmd (int argc, char** argv, char *env[]) GOptionContext *option_context; static GOptionEntry option_entries[] = { + { "auth-timeout", '\0', 0, G_OPTION_ARG_INT, + &auth_timeout, + "Sets the authentication timeout time for the cached authentication." + " Defaults to 15 minutes.", + "" }, { "broker-address", '\0', 0, G_OPTION_ARG_STRING, &broker_address, "Sets the address for the publish-subscribe message (MQTT) broker." @@ -2266,6 +2272,9 @@ gvmd (int argc, char** argv, char *env[]) client_watch_interval = 0; } + /* Set authentication cache timeout */ + set_auth_timeout (auth_timeout); + /* Set broker address */ set_broker_address (broker_address ? broker_address diff --git a/src/manage.c b/src/manage.c index 6b2d6d2af..db2b77a50 100644 --- a/src/manage.c +++ b/src/manage.c @@ -162,6 +162,12 @@ */ #define MAX_HOSTS_DEFAULT "20" +/** + * @brief Number of minutes until the authentication cache is deleted + * if the session is idle. + */ +static int auth_timeout = 0; + /** * @brief Address of the broker used for publish-subscribe messaging (MQTT). */ @@ -5997,6 +6003,31 @@ manage_gvmd_data_feed_dirs_exist () && report_formats_feed_dir_exists (); } +/** + * @brief Get the authentication cache timeout. + * + * @return The current timeout in minutes. + */ +int +get_auth_timeout () +{ + return auth_timeout; +} + +/** + * @brief Set the authentication cache timeout. + * + * @param new_timeout The new timeout in minutes. + */ +void +set_auth_timeout (int new_timeout) +{ + if (new_timeout < 1) + auth_timeout = 1; + else + auth_timeout = new_timeout; +} + /** * @brief Get the publish-subscribe messaging (MQTT) broker address. * diff --git a/src/manage.h b/src/manage.h index 903ed7053..62031f9a7 100644 --- a/src/manage.h +++ b/src/manage.h @@ -199,6 +199,8 @@ extern credentials_t current_credentials; int authenticate (credentials_t*); +void +logout_user (); /* Database. */ @@ -3614,6 +3616,12 @@ manage_gvmd_data_feed_dir_exists (const char *); gboolean manage_gvmd_data_feed_dirs_exist (); +int +get_auth_timeout (); + +void +set_auth_timeout (int); + const gchar * get_broker_address (); diff --git a/src/manage_sql.c b/src/manage_sql.c index 09e1fdfa7..3b3f22b1f 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -16653,6 +16653,8 @@ manage_reset_currents () { global_current_report = 0; current_scanner_task = (task_t) 0; + sql ("RESET \"gvmd.user.id\";"); + sql ("RESET \"gvmd.tz_override\";"); free_credentials (¤t_credentials); } @@ -16924,8 +16926,8 @@ auth_cache_find (const char *username, const char *password, int method) quoted_username = sql_quote (username); hash = sql_string ("SELECT hash FROM auth_cache WHERE username = '%s'" - " AND method = %i AND creation_time >= m_now () - 300;", - quoted_username, method); + " AND method = %i AND creation_time >= m_now () - %d;", + quoted_username, method, get_auth_timeout()*60); g_free (quoted_username); if (!hash) return -1; @@ -16968,7 +16970,33 @@ auth_cache_insert (const char *username, const char *password, int method) sql ("INSERT INTO auth_cache (username, hash, method, creation_time)" " VALUES ('%s', '%s', %i, m_now ());", quoted_username, hash, method); /* Cleanup cache */ - sql ("DELETE FROM auth_cache WHERE creation_time < m_now () - 300"); + sql ("DELETE FROM auth_cache WHERE creation_time < m_now () - %d", + get_auth_timeout()*60); +} + +/** + * @brief Delete the credentials of a user from the authentication + * cache. + * + * @param[in] username Username. + */ +static void +auth_cache_delete (const char *username) +{ + sql ("DELETE from auth_cache WHERE username = '%s'", username); +} + +/** + * @brief Refresh the authentication of a user in the authentication + * cache. + * + * @param[in] username Username. + */ +static void +auth_cache_refresh (const char *username) +{ + sql ("UPDATE auth_cache SET creation_time = m_now() WHERE username = '%s'", + username); } /** @@ -16999,7 +17027,10 @@ authenticate_any_method (const gchar *username, const gchar *password, *auth_method = AUTHENTICATION_METHOD_LDAP_CONNECT; /* Search the LDAP authentication cache first. */ if (auth_cache_find (username, password, 0) == 0) - return 0; + { + auth_cache_refresh (username); + return 0; + } manage_get_ldap_info (NULL, &host, &authdn, &allow_plaintext, &cacert); info = ldap_auth_info_new (host, authdn, allow_plaintext); @@ -17021,7 +17052,10 @@ authenticate_any_method (const gchar *username, const gchar *password, *auth_method = AUTHENTICATION_METHOD_RADIUS_CONNECT; if (auth_cache_find (username, password, 1) == 0) - return 0; + { + auth_cache_refresh (username); + return 0; + } manage_get_radius_info (NULL, &host, &key); ret = radius_authenticate (host, key, username, password); @@ -17032,6 +17066,11 @@ authenticate_any_method (const gchar *username, const gchar *password, return ret; } *auth_method = AUTHENTICATION_METHOD_FILE; + if (auth_cache_find (username, password, 2) == 0) + { + auth_cache_refresh (username); + return 0; + } hash = manage_user_hash (username); ret = manage_authentication_verify(hash, password); switch(ret){ @@ -17043,9 +17082,11 @@ authenticate_any_method (const gchar *username, const gchar *password, hash = manage_authentication_hash(password); sql ("UPDATE users SET password = '%s', modification_time = m_now () WHERE name = '%s';", hash, username); + auth_cache_insert (username, password, 2); ret = 0; break; case GMA_SUCCESS: + auth_cache_insert (username, password, 2); ret = 0; break; default: @@ -17131,6 +17172,18 @@ authenticate (credentials_t* credentials) return 1; } +/** + * @brief Perform actions necessary at user logout + * + * @param[in] username Username. + */ +void +logout_user () +{ + auth_cache_delete(current_credentials.username); + manage_reset_currents (); +} + /** * @brief Return number of resources of a certain type for current user. * From 199811329f17dd6c9be3e5924b54cca975bb9b7c Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Fri, 27 Jan 2023 11:37:41 +0100 Subject: [PATCH 037/120] Resolve Test failure. (cherry picked from commit c680e8041d883a70a821ba11875732e478b74580) --- src/CMakeLists.txt | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index c62487ec3..67b95dbde 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -127,7 +127,7 @@ add_executable (manage-utils-test sql_pg.c manage_pg.c lsc_user.c lsc_crypt.c utils.c gmp.c gmp_base.c gmp_configs.c gmp_delete.c gmp_get.c - gmp_license.c + gmp_license.c gmp_logout.c gmp_port_lists.c gmp_report_formats.c gmp_tickets.c gmp_tls_certificates.c) @@ -154,7 +154,7 @@ add_executable (manage-test sql_pg.c manage_pg.c lsc_user.c lsc_crypt.c utils.c gmp.c gmp_base.c gmp_configs.c gmp_delete.c gmp_get.c - gmp_license.c + gmp_license.c gmp_logout.c gmp_port_lists.c gmp_report_formats.c gmp_tickets.c gmp_tls_certificates.c) @@ -181,7 +181,7 @@ add_executable (manage-sql-test sql_pg.c manage_pg.c lsc_user.c lsc_crypt.c utils.c gmp.c gmp_base.c gmp_configs.c gmp_delete.c gmp_get.c - gmp_license.c + gmp_license.c gmp_logout.c gmp_port_lists.c gmp_report_formats.c gmp_tickets.c gmp_tls_certificates.c) @@ -208,7 +208,7 @@ add_executable (gmp-tickets-test sql_pg.c manage_pg.c lsc_user.c lsc_crypt.c utils.c gmp.c gmp_base.c gmp_configs.c gmp_delete.c gmp_get.c - gmp_license.c + gmp_license.c gmp_logout.c gmp_port_lists.c gmp_report_formats.c gmp_tls_certificates.c) add_test (gmp-tickets-test gmp-tickets-test) @@ -234,7 +234,7 @@ add_executable (utils-test sql_pg.c manage_pg.c lsc_user.c lsc_crypt.c gmp.c gmp_base.c gmp_configs.c gmp_delete.c gmp_get.c - gmp_license.c + gmp_license.c gmp_logout.c gmp_port_lists.c gmp_report_formats.c gmp_tickets.c gmp_tls_certificates.c) From 5540f2fb96672ec4be9101e92632b224b4b6016b Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Wed, 1 Feb 2023 15:00:57 +0100 Subject: [PATCH 038/120] Amend xml-handling for logout command. (cherry picked from commit 3b9c1077161cb4d51a2f5eb75ceca52863be8093) --- src/gmp.c | 3 +++ src/gmp_logout.c | 39 +++++++++++++++++++++++++++++++++++++-- src/gmp_logout.h | 5 +++++ 3 files changed, 45 insertions(+), 2 deletions(-) diff --git a/src/gmp.c b/src/gmp.c index 08eb350d4..c8ddbe097 100644 --- a/src/gmp.c +++ b/src/gmp.c @@ -5700,6 +5700,9 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context, } else if (strcasecmp ("LOGOUT", element_name) == 0) { + logout_start (gmp_parser, + attribute_names, + attribute_values); set_client_state (CLIENT_LOGOUT); } else if (strcasecmp ("MODIFY_ALERT", element_name) == 0) diff --git a/src/gmp_logout.c b/src/gmp_logout.c index a06adfe12..8cc221610 100644 --- a/src/gmp_logout.c +++ b/src/gmp_logout.c @@ -29,9 +29,42 @@ typedef struct { context_data_t *context; ///< XML parser context. -} do_logout_t; +} logout_t; -static do_logout_t logout_data; +static logout_t logout_data; + +/* + * @brief Reset command data. + */ +static void +logout_reset () +{ + if (logout_data.context->first) + { + free_entity (logout_data.context->first->data); + g_slist_free_1 (logout_data.context->first); + } + g_free (logout_data.context); + memset (&logout_data, 0, sizeof (logout_t)); +} + +/** + * @brief Start a command. + * + * @param[in] gmp_parser GMP parser. + * @param[in] attribute_names All attribute names. + * @param[in] attribute_values All attribute values. + */ +void +logout_start (gmp_parser_t *gmp_parser, + const gchar **attribute_names, + const gchar **attribute_values) +{ + memset (&logout_data, 0, sizeof (logout_t)); + logout_data.context = g_malloc0 (sizeof (context_data_t)); + logout_element_start (gmp_parser, "logout", + attribute_names, attribute_values); +} /** * @brief Start element. @@ -62,6 +95,8 @@ logout_run (gmp_parser_t *gmp_parser, GError **error) { logout_user (); + SEND_TO_CLIENT_OR_FAIL (""); + logout_reset (); } /** diff --git a/src/gmp_logout.h b/src/gmp_logout.h index efeb26e16..2be7900e7 100644 --- a/src/gmp_logout.h +++ b/src/gmp_logout.h @@ -21,6 +21,11 @@ #include #include +void +logout_start (gmp_parser_t *, + const gchar **, + const gchar **); + void logout_element_start (gmp_parser_t *, const gchar *, const gchar **, const gchar **); From 5e39e7d5527a43b6a96559585e6169cb0535f1d8 Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Tue, 17 Jan 2023 12:11:26 +0100 Subject: [PATCH 039/120] Encrypting and decrypting of the RADIUS server secret key. Now the RADIUS server secret key is encrypted and no longer stored in the database as plain text. The key is also no longer send to GSA in the response, instead a placeholder is send. (cherry picked from commit a8e8714cdb64a096d0e0bccc33cdc64dea7b4ff0) --- CMakeLists.txt | 2 +- cmake/FindPostgreSQL.cmake | 2 +- src/gmp.c | 3 ++- src/lsc_crypt.c | 2 +- src/lsc_crypt.h | 2 +- src/manage_migrators.c | 50 ++++++++++++++++++++++++++++++++++++++ src/manage_sql.c | 24 ++++++++++++++---- 7 files changed, 75 insertions(+), 10 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 4813d05ac..7901282cd 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -96,7 +96,7 @@ include (CPack) ## Variables -set (GVMD_DATABASE_VERSION 250) +set (GVMD_DATABASE_VERSION 251) set (GVMD_SCAP_DATABASE_VERSION 19) diff --git a/cmake/FindPostgreSQL.cmake b/cmake/FindPostgreSQL.cmake index 1970b26a3..a9f3fbc27 100644 --- a/cmake/FindPostgreSQL.cmake +++ b/cmake/FindPostgreSQL.cmake @@ -87,7 +87,7 @@ set(PostgreSQL_ROOT_DIR_MESSAGE "Set the PostgreSQL_ROOT system variable to wher set(PostgreSQL_KNOWN_VERSIONS ${PostgreSQL_ADDITIONAL_VERSIONS} - "13" "12" "11" "10" "9.6" "9.5" "9.4" "9.3" "9.2" "9.1" "9.0" "8.4" "8.3" "8.2" "8.1" "8.0") + "14" "13" "12" "11" "10" "9.6" "9.5" "9.4" "9.3" "9.2" "9.1" "9.0" "8.4" "8.3" "8.2" "8.1" "8.0") # Define additional search paths for root directories. set( PostgreSQL_ROOT_DIRECTORIES diff --git a/src/gmp.c b/src/gmp.c index c8ddbe097..c03352ab7 100644 --- a/src/gmp.c +++ b/src/gmp.c @@ -18677,7 +18677,8 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context, "%s" "" "", - radius_enabled ? "true" : "false", radius_host, radius_key); + radius_enabled ? "true" : "false", radius_host, + "ThisIsAPlaceholderSecretKey!"); g_free (radius_host); g_free (radius_key); } diff --git a/src/lsc_crypt.c b/src/lsc_crypt.c index d8927d3c4..504c3586a 100644 --- a/src/lsc_crypt.c +++ b/src/lsc_crypt.c @@ -634,7 +634,7 @@ lsc_crypt_encrypt (lsc_crypt_ctx_t ctx, const char *first_name, ...) * has not been called. If no value is available NULL is * returned. */ -const char * +char * lsc_crypt_decrypt (lsc_crypt_ctx_t ctx, const char *ciphertext, const char *name) { diff --git a/src/lsc_crypt.h b/src/lsc_crypt.h index 153170e74..1a690ffa1 100644 --- a/src/lsc_crypt.h +++ b/src/lsc_crypt.h @@ -43,7 +43,7 @@ void lsc_crypt_flush (lsc_crypt_ctx_t); char *lsc_crypt_encrypt (lsc_crypt_ctx_t, const char *, ...) G_GNUC_NULL_TERMINATED; -const char *lsc_crypt_decrypt (lsc_crypt_ctx_t, const char *, const char *); +char *lsc_crypt_decrypt (lsc_crypt_ctx_t, const char *, const char *); const char *lsc_crypt_get_password (lsc_crypt_ctx_t, const char *); const char *lsc_crypt_get_private_key (lsc_crypt_ctx_t, const char *); diff --git a/src/manage_migrators.c b/src/manage_migrators.c index b3c3ee2e2..11c0acdb3 100644 --- a/src/manage_migrators.c +++ b/src/manage_migrators.c @@ -2942,6 +2942,55 @@ migrate_249_to_250 () return 0; } +/** + * @brief Migrate the database from version 250 to version 251. + * + * @return 0 success, -1 error. + */ +int +migrate_250_to_251 () +{ + sql_begin_immediate (); + + /* Ensure that the database is currently version 249. */ + + if (manage_db_version () != 250) + { + sql_rollback (); + return -1; + } + + /* Update the database. */ + + char *secret_key = NULL; + + secret_key = sql_string ("SELECT value FROM meta WHERE name = 'radius_key';"); + + if (secret_key) + { + char *secret; + char *quoted; + lsc_crypt_ctx_t crypt_ctx; + crypt_ctx = lsc_crypt_new (); + + sql ("DELETE FROM meta WHERE name LIKE 'radius_key';"); + secret = lsc_crypt_encrypt (crypt_ctx, "secret_key", secret_key, NULL); + quoted = sql_quote (secret); + sql ("INSERT INTO meta (name, value) VALUES ('radius_key', '%s');", quoted); + g_free (secret); + g_free (quoted); + g_free (secret_key); + } + + /* Set the database version to 251. */ + + set_db_version (251); + + sql_commit (); + + return 0; +} + #undef UPDATE_DASHBOARD_SETTINGS /** @@ -2998,6 +3047,7 @@ static migrator_t database_migrators[] = { {248, migrate_247_to_248}, {249, migrate_248_to_249}, {250, migrate_249_to_250}, + {251, migrate_250_to_251}, /* End marker. */ {-1, NULL}}; diff --git a/src/manage_sql.c b/src/manage_sql.c index 3b3f22b1f..e67465f0b 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -53348,6 +53348,8 @@ manage_set_ldap_info (int enabled, gchar *host, gchar *authdn, void manage_get_radius_info (int *enabled, char **host, char **key) { + char *secret; + if (enabled) *enabled = radius_auth_enabled (); @@ -53355,9 +53357,15 @@ manage_get_radius_info (int *enabled, char **host, char **key) if (!*host) *host = g_strdup ("127.0.0.1"); - *key = sql_string ("SELECT value FROM meta WHERE name = 'radius_key';"); - if (!*key) - *key = g_strdup ("testing123"); + secret = sql_string ("SELECT value FROM meta WHERE name = 'radius_key';"); + if (!secret) + *key = g_strdup ("ThisIsAPlaceholderSecretKey!"); + else + { + lsc_crypt_ctx_t crypt_ctx; + crypt_ctx = lsc_crypt_new (); + *key = lsc_crypt_decrypt (crypt_ctx, secret, "secret_key"); + } } /** @@ -53390,12 +53398,18 @@ manage_set_radius_info (int enabled, gchar *host, gchar *key) g_free (quoted); } - if (key) + if (key && strcmp (key, "ThisIsAPlaceholderSecretKey!")) { + char *secret; + lsc_crypt_ctx_t crypt_ctx; + crypt_ctx = lsc_crypt_new (); + sql ("DELETE FROM meta WHERE name LIKE 'radius_key';"); - quoted = sql_quote (key); + secret = lsc_crypt_encrypt (crypt_ctx, "secret_key", key, NULL); + quoted = sql_quote (secret); sql ("INSERT INTO meta (name, value) VALUES ('radius_key', '%s');", quoted); + g_free (secret); g_free (quoted); } From 1e32e2bfac892f4848e14399ee4e3a5533bfeed8 Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Wed, 15 Feb 2023 09:43:39 +0100 Subject: [PATCH 040/120] Some improvements and amendments. (cherry picked from commit fc466a2e6a84f32e029beb2c27b49fb022be5004) --- src/gmp.c | 9 +++++++-- src/lsc_crypt.c | 2 +- src/lsc_crypt.h | 2 +- src/manage_sql.c | 11 ++++++++--- 4 files changed, 17 insertions(+), 7 deletions(-) diff --git a/src/gmp.c b/src/gmp.c index c03352ab7..caa4acf48 100644 --- a/src/gmp.c +++ b/src/gmp.c @@ -18658,10 +18658,15 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context, if (gvm_auth_radius_enabled ()) { - char *radius_host, *radius_key; + char *radius_host = NULL; + char *radius_key = NULL; + char *key = ""; int radius_enabled; manage_get_radius_info (&radius_enabled, &radius_host, &radius_key); + if (radius_key && strlen(radius_key)) + key = "********"; + SENDF_TO_CLIENT_OR_FAIL ("" "" @@ -18678,7 +18683,7 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context, "" "", radius_enabled ? "true" : "false", radius_host, - "ThisIsAPlaceholderSecretKey!"); + key); g_free (radius_host); g_free (radius_key); } diff --git a/src/lsc_crypt.c b/src/lsc_crypt.c index 504c3586a..d8927d3c4 100644 --- a/src/lsc_crypt.c +++ b/src/lsc_crypt.c @@ -634,7 +634,7 @@ lsc_crypt_encrypt (lsc_crypt_ctx_t ctx, const char *first_name, ...) * has not been called. If no value is available NULL is * returned. */ -char * +const char * lsc_crypt_decrypt (lsc_crypt_ctx_t ctx, const char *ciphertext, const char *name) { diff --git a/src/lsc_crypt.h b/src/lsc_crypt.h index 1a690ffa1..153170e74 100644 --- a/src/lsc_crypt.h +++ b/src/lsc_crypt.h @@ -43,7 +43,7 @@ void lsc_crypt_flush (lsc_crypt_ctx_t); char *lsc_crypt_encrypt (lsc_crypt_ctx_t, const char *, ...) G_GNUC_NULL_TERMINATED; -char *lsc_crypt_decrypt (lsc_crypt_ctx_t, const char *, const char *); +const char *lsc_crypt_decrypt (lsc_crypt_ctx_t, const char *, const char *); const char *lsc_crypt_get_password (lsc_crypt_ctx_t, const char *); const char *lsc_crypt_get_private_key (lsc_crypt_ctx_t, const char *); diff --git a/src/manage_sql.c b/src/manage_sql.c index e67465f0b..d2fdd149c 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -53359,12 +53359,17 @@ manage_get_radius_info (int *enabled, char **host, char **key) secret = sql_string ("SELECT value FROM meta WHERE name = 'radius_key';"); if (!secret) - *key = g_strdup ("ThisIsAPlaceholderSecretKey!"); + *key = g_strdup (""); else { + const char *decrypted; lsc_crypt_ctx_t crypt_ctx; crypt_ctx = lsc_crypt_new (); - *key = lsc_crypt_decrypt (crypt_ctx, secret, "secret_key"); + decrypted = g_strdup (lsc_crypt_decrypt (crypt_ctx, secret, "secret_key")); + if (decrypted) + *key = g_strdup (decrypted); + lsc_crypt_release (crypt_ctx); + g_free (secret); } } @@ -53398,7 +53403,7 @@ manage_set_radius_info (int enabled, gchar *host, gchar *key) g_free (quoted); } - if (key && strcmp (key, "ThisIsAPlaceholderSecretKey!")) + if (key && strlen (key)) { char *secret; lsc_crypt_ctx_t crypt_ctx; From 7d23d21595f58a0540e69df4e2f1df05f5bf58cb Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Wed, 15 Feb 2023 10:06:43 +0100 Subject: [PATCH 041/120] Small addition. (cherry picked from commit 49dfd26ddba7b96c425d7ef4b3de5c9ee8750b19) --- src/manage_sql.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/manage_sql.c b/src/manage_sql.c index d2fdd149c..d27dd5c42 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -53416,6 +53416,7 @@ manage_set_radius_info (int enabled, gchar *host, gchar *key) quoted); g_free (secret); g_free (quoted); + lsc_crypt_release(crypt_ctx); } sql_commit (); From 7acc2d97539477c606987c9d885bfbe7d5465544 Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Wed, 15 Feb 2023 11:41:29 +0100 Subject: [PATCH 042/120] Small amendment. (cherry picked from commit 1d9e7ae97db2f076d7ece15f2cb8a94d7a6cdc18) --- src/manage_sql.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/manage_sql.c b/src/manage_sql.c index d27dd5c42..86205f53b 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -53365,7 +53365,7 @@ manage_get_radius_info (int *enabled, char **host, char **key) const char *decrypted; lsc_crypt_ctx_t crypt_ctx; crypt_ctx = lsc_crypt_new (); - decrypted = g_strdup (lsc_crypt_decrypt (crypt_ctx, secret, "secret_key")); + decrypted = lsc_crypt_decrypt (crypt_ctx, secret, "secret_key"); if (decrypted) *key = g_strdup (decrypted); lsc_crypt_release (crypt_ctx); From d6525c97eb36fa75d45403ee1f80820408737e3b Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Wed, 15 Feb 2023 17:22:04 +0100 Subject: [PATCH 043/120] Small amendment. (cherry picked from commit ecbb4d2c0e395af45fe603751ec81f8143558cd2) --- src/manage_sql.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/manage_sql.c b/src/manage_sql.c index 86205f53b..a57faee16 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -53368,6 +53368,8 @@ manage_get_radius_info (int *enabled, char **host, char **key) decrypted = lsc_crypt_decrypt (crypt_ctx, secret, "secret_key"); if (decrypted) *key = g_strdup (decrypted); + else + *key = g_strdup (""); lsc_crypt_release (crypt_ctx); g_free (secret); } From 4874a93d85f498f2941037ec3a52f03c4e6e8c66 Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Thu, 16 Feb 2023 14:03:31 +0100 Subject: [PATCH 044/120] Small amendment. (cherry picked from commit c92283b9c4f5026910da5c745a86e14e32d390dc) --- src/manage_sql.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/src/manage_sql.c b/src/manage_sql.c index a57faee16..fe7f998da 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -53413,11 +53413,15 @@ manage_set_radius_info (int enabled, gchar *host, gchar *key) sql ("DELETE FROM meta WHERE name LIKE 'radius_key';"); secret = lsc_crypt_encrypt (crypt_ctx, "secret_key", key, NULL); - quoted = sql_quote (secret); - sql ("INSERT INTO meta (name, value) VALUES ('radius_key', '%s');", - quoted); - g_free (secret); - g_free (quoted); + if (secret) + { + quoted = sql_quote (secret); + sql ("INSERT INTO meta (name, value) VALUES ('radius_key', '%s');", + quoted); + g_free (secret); + secret = NULL; + g_free (quoted); + } lsc_crypt_release(crypt_ctx); } From fed4016a67633165c377e7c4a295eb6473eef2f6 Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Tue, 21 Feb 2023 10:01:34 +0100 Subject: [PATCH 045/120] Small amendment. (cherry picked from commit c3496ac043e09433a5bb340ae375b56b768aa618) --- src/manage_migrators.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/manage_migrators.c b/src/manage_migrators.c index 11c0acdb3..12ad5af1e 100644 --- a/src/manage_migrators.c +++ b/src/manage_migrators.c @@ -2975,10 +2975,15 @@ migrate_250_to_251 () sql ("DELETE FROM meta WHERE name LIKE 'radius_key';"); secret = lsc_crypt_encrypt (crypt_ctx, "secret_key", secret_key, NULL); - quoted = sql_quote (secret); - sql ("INSERT INTO meta (name, value) VALUES ('radius_key', '%s');", quoted); - g_free (secret); - g_free (quoted); + if (secret) + { + quoted = sql_quote (secret); + sql ("INSERT INTO meta (name, value) VALUES ('radius_key', '%s');", quoted); + g_free (secret); + secret = NULL; + g_free (quoted); + } + lsc_crypt_release(crypt_ctx); g_free (secret_key); } From 96e210b1dd18de56886e0cdc9642c3148a810d61 Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Fri, 17 Feb 2023 15:58:34 +0100 Subject: [PATCH 046/120] Changed the order of options in tar command. Changed the order of options in tar command because the option "z" must not be the last option. (cherry picked from commit 100ec9ab0d1409aa689abb9d04c03561bc12c916) --- tools/gvm-lsc-deb-creator | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/gvm-lsc-deb-creator b/tools/gvm-lsc-deb-creator index 236c541e9..8970a3ec2 100755 --- a/tools/gvm-lsc-deb-creator +++ b/tools/gvm-lsc-deb-creator @@ -161,7 +161,7 @@ COPYRIGHT_FILE="${DOC_DATA_DIR}/copyright" # Create data archive cd "${DATA_DIR}" -tar -C "${DATA_DIR}" -acfz "../data.tar.gz" "${HOME_SUBDIR}" "${DOC_SUBDIR}" +tar -C "${DATA_DIR}" -z -cf "../data.tar.gz" "${HOME_SUBDIR}" "${DOC_SUBDIR}" # From 867c6f140456248d0b2d2b9c7ac463554b72cda0 Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Wed, 1 Mar 2023 16:17:08 +0100 Subject: [PATCH 047/120] Add smb_max_protocol option for SMB alert (cherry picked from commit 24c237484c06857b8e494a7d6615ba006b171d96) --- src/alert_methods/SMB/alert | 39 ++++++++++++++++++++++--------------- src/manage_sql.c | 22 +++++++++++++++------ 2 files changed, 39 insertions(+), 22 deletions(-) diff --git a/src/alert_methods/SMB/alert b/src/alert_methods/SMB/alert index 886a594d3..197b16a27 100755 --- a/src/alert_methods/SMB/alert +++ b/src/alert_methods/SMB/alert @@ -32,8 +32,9 @@ def smb_error_print(message, stdout, stderr): print(stdout, file=sys.stderr) -def smb_call(auth_path, share, command): - args = ["smbclient", "-A", auth_path, share, "-c", command] +def smb_call(auth_path, share, command, extra_args): + args = ["smbclient"] + extra_args + ["-A", auth_path, share, "-c", command] + retries = 10 stdout = '' stderr = '' @@ -74,9 +75,9 @@ def smb_call(auth_path, share, command): sys.exit(1) -def smb_dir_exists(auth_path, share, check_dir): +def smb_dir_exists(auth_path, share, check_dir, extra_args): command = "cd \"%s\"" % (check_dir) - rc, stdout, stderr = smb_call(auth_path, share, command) + rc, stdout, stderr = smb_call(auth_path, share, command, extra_args) if rc == 0: return True @@ -89,12 +90,12 @@ def smb_dir_exists(auth_path, share, check_dir): sys.exit(1) -def smb_mkdir(auth_path, share, check_dir): +def smb_mkdir(auth_path, share, check_dir, extra_args): command = "mkdir \"%s\"" % (check_dir) - rc, stdout, stderr = smb_call(auth_path, share, command) + rc, stdout, stderr = smb_call(auth_path, share, command, extra_args) if rc == 0: - if not smb_dir_exists(auth_path, share, check_dir): + if not smb_dir_exists(auth_path, share, check_dir, extra_args): print("Could not create directory %s" % check_dir, file=sys.stderr) sys.exit(1) @@ -106,9 +107,9 @@ def smb_mkdir(auth_path, share, check_dir): sys.exit(1) -def smb_put(auth_path, share, report_path, dest_path): +def smb_put(auth_path, share, report_path, dest_path, extra_args): command = "put \"%s\" \"%s\"" % (report_path, dest_path) - rc, stdout, stderr = smb_call(auth_path, share, command) + rc, stdout, stderr = smb_call(auth_path, share, command, extra_args) if rc == 0: print("Report copied to directory %s" % dest_path) @@ -119,15 +120,21 @@ def smb_put(auth_path, share, report_path, dest_path): def main(): - if len(sys.argv) != 5: - print("usage: %s " + if len(sys.argv) != 6: + print("usage: %s " % sys.argv[0], file=sys.stderr) sys.exit(1) share = sys.argv[1] dest_path = sys.argv[2] - auth_path = sys.argv[3] - report_path = sys.argv[4] + + extra_args = [] + if sys.argv[3]: + extra_args.append("-m") + extra_args.append(sys.argv[3]) + + auth_path = sys.argv[4] + report_path = sys.argv[5] create_dirs = True @@ -158,16 +165,16 @@ def main(): # Find first existing path first_existing_path_index = -1 for i in range(len(dest_subpaths)-1, -1, -1): - if smb_dir_exists(auth_path, share, dest_subpaths[i]): + if smb_dir_exists(auth_path, share, dest_subpaths[i], extra_args): first_existing_path_index = i break # Create missing directories if create_dirs: for i in range(first_existing_path_index + 1, len(dest_subpaths)): - smb_mkdir(auth_path, share, dest_subpaths[i]) + smb_mkdir(auth_path, share, dest_subpaths[i], extra_args) - smb_put(auth_path, share, report_path, dest_path) + smb_put(auth_path, share, report_path, dest_path, extra_args) if __name__ == '__main__': diff --git a/src/manage_sql.c b/src/manage_sql.c index fe7f998da..5add27246 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -9987,15 +9987,17 @@ scp_to_host (const char *username, const char *password, static int smb_send_to_host (const char *password, const char *username, const char *share_path, const char *file_path, + const char *max_protocol, const char *report, gsize report_size, gchar **script_message) { - gchar *clean_share_path, *clean_file_path; + gchar *clean_share_path, *clean_file_path, *clean_max_protocol; gchar *authfile_content; gchar *command_args; int ret; - g_debug ("smb as %s to share: %s, path: %s", username, share_path, file_path); + g_debug ("smb as %s to share: %s, path: %s, max_protocol: %s", + username, share_path, file_path, max_protocol); if (password == NULL || username == NULL || share_path == NULL || file_path == NULL) @@ -10003,13 +10005,17 @@ smb_send_to_host (const char *password, const char *username, clean_share_path = g_shell_quote (share_path); clean_file_path = g_shell_quote (file_path); + clean_max_protocol = g_shell_quote (max_protocol ? max_protocol : ""); authfile_content = g_strdup_printf ("username = %s\n" "password = %s\n", username, password); - command_args = g_strdup_printf ("%s %s", - clean_share_path, clean_file_path); + command_args = g_strdup_printf ("%s %s %s", + clean_share_path, + clean_file_path, + clean_max_protocol); g_free (clean_share_path); g_free (clean_file_path); + g_free (clean_max_protocol); ret = run_alert_script ("c427a688-b653-40ab-a9d0-d6ba842a9d63", command_args, "report", report, report_size, @@ -13122,7 +13128,7 @@ escalate_2 (alert_t alert, task_t task, report_t report, event_t event, case ALERT_METHOD_SMB: { char *credential_id, *username, *password; - char *share_path, *file_path_format; + char *share_path, *file_path_format, *max_protocol; gboolean file_path_is_dir; report_format_t report_format; gchar *file_path, *report_content, *extension; @@ -13167,6 +13173,7 @@ escalate_2 (alert_t alert, task_t task, report_t report, event_t event, credential_id = alert_data (alert, "method", "smb_credential"); share_path = alert_data (alert, "method", "smb_share_path"); + max_protocol = alert_data (alert, "method", "smb_max_protocol"); file_path_format = sql_string ("SELECT value FROM tags" @@ -13207,6 +13214,7 @@ escalate_2 (alert_t alert, task_t task, report_t report, event_t event, free (credential_id); free (share_path); free (file_path_format); + free (max_protocol); g_free (report_content); g_free (extension); return ret ? ret : -1; @@ -13245,6 +13253,7 @@ escalate_2 (alert_t alert, task_t task, report_t report, event_t event, free (credential_id); free (share_path); free (file_path); + free (max_protocol); g_free (report_content); g_free (extension); return ret ? -1 : -4; @@ -13254,7 +13263,7 @@ escalate_2 (alert_t alert, task_t task, report_t report, event_t event, password = credential_encrypted_value (credential, "password"); ret = smb_send_to_host (password, username, share_path, file_path, - report_content, content_length, + max_protocol, report_content, content_length, script_message); g_free (username); @@ -13262,6 +13271,7 @@ escalate_2 (alert_t alert, task_t task, report_t report, event_t event, free (credential_id); free (share_path); free (file_path); + free (max_protocol); g_free (report_content); g_free (extension); return ret; From b691aea8b3cde368c7db6e9997e16def8fc23ee3 Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Tue, 7 Mar 2023 14:05:57 +0200 Subject: [PATCH 048/120] Add hostname to CVE scan report (cherry picked from commit 4662fa621b43ba2e2749d02bad3028e1737ec108) --- src/manage.c | 10 ++++++++++ src/manage_sql.c | 19 +++++++++++++++++++ src/manage_sql.h | 2 ++ 3 files changed, 31 insertions(+) diff --git a/src/manage.c b/src/manage.c index db2b77a50..74a734fc6 100644 --- a/src/manage.c +++ b/src/manage.c @@ -2990,9 +2990,19 @@ cve_scan_host (task_t task, report_t report, gvm_host_t *gvm_host) if (prognosis_report_host) { + gchar *hostname; + /* Complete the report_host. */ report_host_set_end_time (prognosis_report_host, time (NULL)); + + hostname = report_host_hostname (report_host); + if (hostname) { + insert_report_host_detail (report, ip, "cve", "", + "CVE Scanner", "hostname", hostname); + g_free(hostname); + } + insert_report_host_detail (report, ip, "cve", "", "CVE Scanner", "CVE Scan", "1"); update_report_modification_time (report); diff --git a/src/manage_sql.c b/src/manage_sql.c index 5add27246..2479bc201 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -28860,6 +28860,25 @@ report_host_ip (const char *host) return ret; } +/** + * @brief Get the hostname of a report_host. + * + * The most recent host detail takes preference. + * + * @param[in] report_host Report host. + * + * @return Newly allocated UUID if available, else NULL. + */ +gchar* +report_host_hostname (report_host_t report_host) +{ + return sql_string ("SELECT value FROM report_host_details" + " WHERE report_host = %llu" + " AND name = 'hostname'" + " ORDER BY id DESC LIMIT 1;", + report_host); +} + /** * @brief Check if a report host is alive and has at least one result. * diff --git a/src/manage_sql.h b/src/manage_sql.h index f2360ccaa..44053ef7c 100644 --- a/src/manage_sql.h +++ b/src/manage_sql.h @@ -295,6 +295,8 @@ host_nthlast_report_host (const char *, report_host_t *, int); char* report_host_ip (const char *); +gchar *report_host_hostname (report_host_t); + void trim_report (report_t); int delete_report_internal (report_t); From fe9d0a68f45e6e0270342e203bebf9642b9751e8 Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Mon, 13 Mar 2023 14:40:46 +0200 Subject: [PATCH 049/120] Correct doc (cherry picked from commit cc71199a75fae350da0a4b720ac2cac32bd0c7f5) --- src/manage_sql.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/manage_sql.c b/src/manage_sql.c index 2479bc201..823386c3d 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -28867,7 +28867,7 @@ report_host_ip (const char *host) * * @param[in] report_host Report host. * - * @return Newly allocated UUID if available, else NULL. + * @return Newly allocated hostname if available, else NULL. */ gchar* report_host_hostname (report_host_t report_host) From 350d104db355bbb888a0b9e8574085712b8fc8c1 Mon Sep 17 00:00:00 2001 From: Tom Date: Mon, 13 Mar 2023 17:04:57 +0100 Subject: [PATCH 050/120] Change Company name to Greenbone AG (cherry picked from commit 478c6c22cde99440eaaa782e43bb982ecff37fb6) --- .docker/entrypoint.sh | 2 +- .docker/start-gvmd.sh | 2 +- CMakeLists.txt | 4 ++-- README.md | 4 ++-- cmake/GetGit.cmake | 2 +- config/CMakeLists.txt | 2 +- doc/CMakeLists.txt | 2 +- doc/greenbone-certdata-sync.8.xml | 2 +- doc/greenbone-scapdata-sync.8.xml | 2 +- doc/gvmd.8.xml | 2 +- src/CMakeLists.txt | 2 +- src/alert_methods/SCP/alert | 2 +- src/alert_methods/SMB/alert | 2 +- src/alert_methods/SNMP/alert | 2 +- src/alert_methods/Send/alert | 2 +- src/alert_methods/Sourcefire/alert | 2 +- src/alert_methods/TippingPoint/alert | 2 +- src/alert_methods/TippingPoint/report-convert.py | 2 +- src/alert_methods/vFire/alert | 2 +- src/alert_methods/verinice/alert | 2 +- src/debug_utils.c | 2 +- src/debug_utils.h | 2 +- src/gmp.c | 2 +- src/gmp.h | 2 +- src/gmp_base.c | 2 +- src/gmp_base.h | 2 +- src/gmp_configs.c | 2 +- src/gmp_configs.h | 2 +- src/gmp_delete.c | 2 +- src/gmp_delete.h | 2 +- src/gmp_get.c | 2 +- src/gmp_get.h | 2 +- src/gmp_license.c | 2 +- src/gmp_license.h | 2 +- src/gmp_logout.c | 2 +- src/gmp_logout.h | 2 +- src/gmp_port_lists.c | 2 +- src/gmp_port_lists.h | 2 +- src/gmp_report_formats.c | 2 +- src/gmp_report_formats.h | 2 +- src/gmp_tickets.c | 2 +- src/gmp_tickets.h | 2 +- src/gmp_tickets_tests.c | 2 +- src/gmp_tls_certificates.c | 2 +- src/gmp_tls_certificates.h | 2 +- src/gmpd.c | 2 +- src/gmpd.h | 2 +- src/gvmd.c | 4 ++-- src/gvmd.h | 2 +- src/iterator.h | 2 +- src/lsc_crypt.c | 2 +- src/lsc_crypt.h | 2 +- src/lsc_user.c | 2 +- src/lsc_user.h | 2 +- src/main.c | 2 +- src/manage.c | 2 +- src/manage.h | 2 +- src/manage_acl.c | 2 +- src/manage_acl.h | 2 +- src/manage_authentication.c | 2 +- src/manage_authentication.h | 2 +- src/manage_configs.c | 2 +- src/manage_configs.h | 2 +- src/manage_get.c | 2 +- src/manage_get.h | 2 +- src/manage_license.c | 2 +- src/manage_license.h | 2 +- src/manage_migrators.c | 2 +- src/manage_migrators_219_to_220_names.h | 2 +- src/manage_pg.c | 2 +- src/manage_pg_server.c | 2 +- src/manage_port_lists.c | 2 +- src/manage_port_lists.h | 2 +- src/manage_preferences.c | 2 +- src/manage_preferences.h | 2 +- src/manage_report_formats.c | 2 +- src/manage_report_formats.h | 2 +- src/manage_sql.c | 2 +- src/manage_sql.h | 2 +- src/manage_sql_configs.c | 2 +- src/manage_sql_configs.h | 2 +- src/manage_sql_nvts.c | 2 +- src/manage_sql_nvts.h | 2 +- src/manage_sql_port_lists.c | 2 +- src/manage_sql_port_lists.h | 2 +- src/manage_sql_report_formats.c | 2 +- src/manage_sql_report_formats.h | 2 +- src/manage_sql_secinfo.c | 2 +- src/manage_sql_secinfo.h | 2 +- src/manage_sql_tests.c | 2 +- src/manage_sql_tickets.c | 2 +- src/manage_sql_tickets.h | 2 +- src/manage_sql_tls_certificates.c | 2 +- src/manage_sql_tls_certificates.h | 2 +- src/manage_tests.c | 2 +- src/manage_tickets.h | 2 +- src/manage_tls_certificates.c | 2 +- src/manage_tls_certificates.h | 2 +- src/manage_utils.c | 2 +- src/manage_utils.h | 2 +- src/manage_utils_tests.c | 2 +- src/schema_formats/HTML/HTML.xsl | 2 +- src/schema_formats/HTML/generate | 2 +- src/schema_formats/RNC/RNC.xsl | 2 +- src/schema_formats/RNC/generate | 2 +- src/schema_formats/XML-brief/GMP.xsl | 2 +- src/schema_formats/XML-brief/generate | 2 +- src/schema_formats/XML/GMP.xml.in | 2 +- src/schema_formats/XML/generate | 2 +- src/schema_formats/rnc.xsl | 2 +- src/sql.c | 2 +- src/sql.h | 2 +- src/sql_pg.c | 2 +- src/theia_dummy.h | 2 +- src/types.h | 2 +- src/utils.c | 2 +- src/utils.h | 2 +- src/utils_tests.c | 2 +- src/wizards/delete_task_deep.xml | 2 +- src/wizards/get_tasks_deep.xml | 2 +- src/wizards/modify_task.xml | 2 +- src/wizards/quick_auth_scan.xml | 2 +- src/wizards/quick_first_scan.xml | 2 +- src/wizards/quick_task.xml | 2 +- src/wizards/reset_task.xml | 2 +- tools/cert_bund_getbyname.xsl | 2 +- tools/cpe_getbyname.xsl | 2 +- tools/create-gvm-migrate-config | 4 ++-- tools/cve_getbyname.xsl | 2 +- tools/dfn_cert_getbyname.xsl | 2 +- tools/greenbone-certdata-sync.in | 2 +- tools/greenbone-feed-sync.in | 6 +++--- tools/greenbone-scapdata-sync.in | 2 +- tools/gvm-export-config | 2 +- tools/gvm-lsc-deb-creator | 4 ++-- tools/gvm-lsc-exe-creator | 2 +- tools/gvm-lsc-rpm-creator | 2 +- tools/gvm-manage-certs.in | 2 +- tools/gvm-migrate-config | 2 +- tools/template.nsis | 2 +- 140 files changed, 147 insertions(+), 147 deletions(-) diff --git a/.docker/entrypoint.sh b/.docker/entrypoint.sh index 96c99476d..4063de001 100644 --- a/.docker/entrypoint.sh +++ b/.docker/entrypoint.sh @@ -1,5 +1,5 @@ #!/bin/sh -# Copyright (C) 2022 Greenbone Networks GmbH +# Copyright (C) 2022 Greenbone AG # # SPDX-License-Identifier: GPL-3.0-or-later # diff --git a/.docker/start-gvmd.sh b/.docker/start-gvmd.sh index 1c29b3c0e..695e4d51b 100644 --- a/.docker/start-gvmd.sh +++ b/.docker/start-gvmd.sh @@ -1,5 +1,5 @@ #!/bin/sh -# Copyright (C) 2022 Greenbone Networks GmbH +# Copyright (C) 2022 Greenbone AG # # SPDX-License-Identifier: GPL-3.0-or-later # diff --git a/CMakeLists.txt b/CMakeLists.txt index 7901282cd..ca0fa8b59 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,4 +1,4 @@ -# Copyright (C) 2009-2022 Greenbone Networks GmbH +# Copyright (C) 2009-2022 Greenbone AG # # SPDX-License-Identifier: AGPL-3.0-or-later # @@ -85,7 +85,7 @@ set (CPACK_PACKAGE_VERSION "${PROJECT_VERSION_STRING}${PROJECT_VERSION_GIT}") set (CPACK_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") set (CPACK_SOURCE_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") -set (CPACK_PACKAGE_VENDOR "Greenbone Networks GmbH") +set (CPACK_PACKAGE_VENDOR "Greenbone AG") set (CPACK_SOURCE_IGNORE_FILES "${CMAKE_BINARY_DIR}" "/.git/" diff --git a/README.md b/README.md index 16df4ae3e..fbf1fb1ec 100644 --- a/README.md +++ b/README.md @@ -66,7 +66,7 @@ forward your issue to the Greenbone Support Portal. ## Maintainer -This project is maintained by [Greenbone Networks GmbH](https://www.greenbone.net/). +This project is maintained by [Greenbone AG](https://www.greenbone.net/). ## Contributing @@ -77,6 +77,6 @@ GitHub](https://github.com/greenbone/gvmd/issues) first. ## License -Copyright (C) 2009-2022 [Greenbone Networks GmbH](https://www.greenbone.net/) +Copyright (C) 2009-2022 [Greenbone AG](https://www.greenbone.net/) Licensed under the [GNU Affero General Public License v3.0 or later](COPYING). diff --git a/cmake/GetGit.cmake b/cmake/GetGit.cmake index 7e1957581..3391fd3f2 100644 --- a/cmake/GetGit.cmake +++ b/cmake/GetGit.cmake @@ -1,4 +1,4 @@ -# Copyright (C) 2018-2022 Greenbone Networks GmbH +# Copyright (C) 2018-2022 Greenbone AG # # SPDX-License-Identifier: GPL-2.0-or-later # diff --git a/config/CMakeLists.txt b/config/CMakeLists.txt index a27fdf7f3..a9c1ce686 100644 --- a/config/CMakeLists.txt +++ b/config/CMakeLists.txt @@ -1,4 +1,4 @@ -# Copyright (C) 2020-2022 Greenbone Networks GmbH +# Copyright (C) 2020-2022 Greenbone AG # # SPDX-License-Identifier: AGPL-3.0-or-later # diff --git a/doc/CMakeLists.txt b/doc/CMakeLists.txt index b4ee2d474..ff891190b 100644 --- a/doc/CMakeLists.txt +++ b/doc/CMakeLists.txt @@ -1,4 +1,4 @@ -# Copyright (C) 2009-2022 Greenbone Networks GmbH +# Copyright (C) 2009-2022 Greenbone AG # # SPDX-License-Identifier: AGPL-3.0-or-later # diff --git a/doc/greenbone-certdata-sync.8.xml b/doc/greenbone-certdata-sync.8.xml index d984e535a..93e028876 100644 --- a/doc/greenbone-certdata-sync.8.xml +++ b/doc/greenbone-certdata-sync.8.xml @@ -3,7 +3,7 @@ installs - Number of hosts on which OS has been detected + + Number of hosts on which OS has been detected as the best match + + integer + + + all_installs + + Number of hosts on which OS has been detected, + not necessarily as the best match + integer @@ -9469,7 +9501,9 @@ along with this program. If not, see . hosts - Hosts on which this OS has been detected + + Hosts on which this OS has been detected as the best match + asset From 0e05e964ba140c89239b0aa086807a752d9df8c8 Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Thu, 4 May 2023 15:24:41 +0200 Subject: [PATCH 082/120] Change: Drop results_autofp on NVTs rebuild If the view is left from older versions of gvmd, it will be removed on rebuild so it does not prevent replacing the nvts table. (cherry picked from commit 9f3421740aaeb1731056ebfe6f461b862c65b922) --- src/manage_sql_nvts.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/manage_sql_nvts.c b/src/manage_sql_nvts.c index 8d8f23bb4..f9fb3d5cb 100644 --- a/src/manage_sql_nvts.c +++ b/src/manage_sql_nvts.c @@ -1637,6 +1637,7 @@ update_nvts_from_vts (entity_t *get_vts_response, } if (rebuild) { + sql ("DROP VIEW IF EXISTS results_autofp;"); sql ("DROP VIEW vulns;"); sql ("DROP TABLE nvts, nvt_preferences, vt_refs, vt_severities;"); From 296e1e629ce3422da8ac7332ba63477c3c59dbb3 Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Fri, 5 May 2023 14:19:19 +0200 Subject: [PATCH 083/120] Add: Certificate info for TippingPoint SMS alerts The get_alerts command now returns additional certificate info for the TLS certificate method data of TippingPoint SMS alerts. This makes it easier to verify that the correct certificate has been set for the alert. (cherry picked from commit 885cf15933a5118a3ca509b926c81c736d8655d3) --- src/gmp.c | 63 +++++++++++++++++++++++++++++++ src/schema_formats/XML/GMP.xml.in | 6 +++ 2 files changed, 69 insertions(+) diff --git a/src/gmp.c b/src/gmp.c index e6b04469c..a663cf5b1 100644 --- a/src/gmp.c +++ b/src/gmp.c @@ -11142,6 +11142,69 @@ handle_get_alerts (gmp_parser_t *gmp_parser, GError **error) g_free (username); } } + else if (strcmp (name, "tp_sms_tls_certificate") == 0) + { + const char *certificate = alert_data_iterator_data (&data); + time_t activation_time, expiration_time; + gchar *md5_fingerprint, *sha256_fingerprint; + gchar *subject, *issuer, *serial; + + if (certificate && strcmp (certificate, "") + && get_certificate_info ((gchar*)certificate, + strlen (certificate), + &activation_time, + &expiration_time, + &md5_fingerprint, + &sha256_fingerprint, + &subject, + &issuer, + &serial, + NULL) == 0) + { + gchar *activation_time_str, *expiration_time_str; + + activation_time_str = certificate_iso_time (activation_time); + expiration_time_str = certificate_iso_time (expiration_time); + + SENDF_TO_CLIENT_OR_FAIL ( + "" + "%s" + "" + "%s" + "%s" + "%s" + "%s" + "%s" + "%s" + "%s" + "" + "%s" + "", + name, + activation_time_str, + expiration_time_str, + md5_fingerprint, + sha256_fingerprint, + subject, + issuer, + serial, + certificate); + } + else + { + SENDF_TO_CLIENT_OR_FAIL ("" + "%s" + "%s" + "", + name, + certificate); + } + g_free (md5_fingerprint); + g_free (sha256_fingerprint); + g_free (subject); + g_free (issuer); + g_free (serial); + } else { SENDF_TO_CLIENT_OR_FAIL ("" diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in index 7ad3dd10b..b7b5f7ed1 100644 --- a/src/schema_formats/XML/GMP.xml.in +++ b/src/schema_formats/XML/GMP.xml.in @@ -8768,6 +8768,7 @@ along with this program. If not, see . text name credential + certificate_info name @@ -8799,6 +8800,11 @@ along with this program. If not, see . name + + certificate_info + Certificate info if the data is a TLS certificate + certificate_info + From d83f5142f7f5cb880045c5e890e262a209a21cac Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Wed, 10 May 2023 11:32:30 +0200 Subject: [PATCH 084/120] Added debug message when captured duplicate result / host detail Added a debug message when captured a duplicate result or a duplicate host detail to retrace more easily which data is captured and omitted. (cherry picked from commit 221cfc35805dbd4401858e2ddc3b26a9cb327f0d) --- src/manage_sql.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/manage_sql.c b/src/manage_sql.c index 146aea055..c5913f456 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -29011,7 +29011,6 @@ check_osp_result_exists (report_t report, task_t task, entity_string = g_string_new (""); print_entity_to_string (r_entity, entity_string); *entity_hash_value = get_md5_hash_from_string (entity_string->str); - g_string_free(entity_string, TRUE); if (sql_int ("SELECT EXISTS" " (SELECT * FROM results" " WHERE report = %llu and hash_value = '%s');", @@ -29046,10 +29045,12 @@ check_osp_result_exists (report_t report, task_t task, { g_info ("Captured duplicate result, report: %llu hash_value: %s", report, *entity_hash_value); + g_debug ("Entity string: %s", entity_string->str); return_value = 1; } g_free (desc); } + g_string_free(entity_string, TRUE); return return_value; } @@ -29077,7 +29078,6 @@ check_host_detail_exists (report_t report, const char *host, const char *s_type, hash_string = g_strdup_printf ("%llu-%s-%s-%s-%s-%s-%s", report, host, s_type, s_name, s_desc, name, value); *detail_hash_value = get_md5_hash_from_string (hash_string); - g_free (hash_string); sql_int64 (&report_host, "SELECT id FROM report_hosts" " WHERE report = %llu AND host = '%s';", @@ -29102,10 +29102,12 @@ check_host_detail_exists (report_t report, const char *host, const char *s_type, { g_info ("Captured duplicate report host detail, report: %llu hash_value: %s", report, *detail_hash_value); + g_debug ("Hash string: %s", hash_string); return_value = 1; } g_free (quoted_s_desc); } + g_free (hash_string); return return_value; } From 1ca5e938c9d30c072f10dde7a58d0b2c63021cc1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Ricks?= Date: Wed, 17 May 2023 07:44:03 +0200 Subject: [PATCH 085/120] Add: Set required contents read permission on cc workflow To check for available conventional commits the workflow need to be able to read the contents of the repository. For public repos this isn't strictly required but maybe it elevates the permission for PRs from externals. (cherry picked from commit a6a2757675d6fdbc3a30c4853477208d160d81f4) --- .github/workflows/conventional-commits.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/conventional-commits.yml b/.github/workflows/conventional-commits.yml index 9b631f60e..036d0a537 100644 --- a/.github/workflows/conventional-commits.yml +++ b/.github/workflows/conventional-commits.yml @@ -5,6 +5,7 @@ on: permissions: pull-requests: write + contents: read jobs: conventional-commits: From d15973fdabe9dc86ecb386536d400c8f4aa8566c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Ricks?= Date: Wed, 17 May 2023 07:54:01 +0200 Subject: [PATCH 086/120] Remove: Remove old changelog related files Use the default changelog config from pontos and remove the old changelogs. The content of the old changelogs can be re-generated via pontos-changelog and is also available at the GitHub releases. (cherry picked from commit 4ac14fb4d566187e4dce7c29844651d26d5260d9) --- changelog.toml | 11 ------- changelog/v22.4.0.md | 78 -------------------------------------------- changelog/v22.4.1.md | 22 ------------- changelog/v22.4.2.md | 10 ------ 4 files changed, 121 deletions(-) delete mode 100644 changelog.toml delete mode 100644 changelog/v22.4.0.md delete mode 100644 changelog/v22.4.1.md delete mode 100644 changelog/v22.4.2.md diff --git a/changelog.toml b/changelog.toml deleted file mode 100644 index 9461b83e4..000000000 --- a/changelog.toml +++ /dev/null @@ -1,11 +0,0 @@ -commit_types = [ - { message = "^add", group = "Added"}, - { message = "^remove", group = "Removed"}, - { message = "^change", group = "Changed"}, - { message = "^fix", group = "Bug Fixes"}, - { message = "^doc", group = "Documentation"}, - { message = "^refactor", group = "Refactor"}, - { message = "^test", group = "Testing"}, -] - -changelog_dir = "changelog" diff --git a/changelog/v22.4.0.md b/changelog/v22.4.0.md deleted file mode 100644 index 5487a4a04..000000000 --- a/changelog/v22.4.0.md +++ /dev/null @@ -1,78 +0,0 @@ -# Changelog - -All notable changes to this project will be documented in this file. - -## [22.4.0] - 2022-07-22 - -## Added -* -optimize option "cleanup-sequences" [7e2be3138](https://github.com/greenbone/gvmd/commit/7e2be3138) -* Added the appliance_status response field to the get_license command [c9affb52e](https://github.com/greenbone/gvmd/commit/c9affb52e) -* package_unreliable QOD type translation [85f16f208](https://github.com/greenbone/gvmd/commit/85f16f208) -* package_unreliable QOD type translation [3f438ce22](https://github.com/greenbone/gvmd/commit/3f438ce22) -* Backtrace output when a sigsegv occurs. [8b30cd77f](https://github.com/greenbone/gvmd/commit/8b30cd77f) -* Log failing xsltproc calls as warning #1756 [ef9b4228d](https://github.com/greenbone/gvmd/commit/ef9b4228d) -* -broker-address command line option [ee6123207](https://github.com/greenbone/gvmd/commit/ee6123207) -* -rebuild-gvmd-data to man page [d7a779b8a](https://github.com/greenbone/gvmd/commit/d7a779b8a) -* -optimize add-/cleanup-feed-permissions [9e97c38d4](https://github.com/greenbone/gvmd/commit/9e97c38d4) -* -feed-lock-timeout option [a932f70fb](https://github.com/greenbone/gvmd/commit/a932f70fb) -* -ldap-debug option [b22171baf](https://github.com/greenbone/gvmd/commit/b22171baf) -* Send the script timeout to the scanner as script preferences [#1670](https://github.com/greenbone/gvmd/pull/1670) -* get_license and modify_license [#1642](https://github.com/greenbone/gvmd/pull/1642), [#1692](https://github.com/greenbone/gvmd/pull/1692), [#1696](https://github.com/greenbone/gvmd/pull/1696) -* basic Sentry integration and logging [#1550](https://github.com/greenbone/gvmd/pull/1550) -* new modification_time column for reports [#1513](https://github.com/greenbone/gvmd/pull/1513), [#1519](https://github.com/greenbone/gvmd/pull/1519), [#1590](https://github.com/greenbone/gvmd/pull/1590) - -## Changed -* Allow overriding LOG_CMD for sync script [683b7e1a8](https://github.com/greenbone/gvmd/commit/683b7e1a8) -* Don't create runtime directory with make install #1824 [198c356e3](https://github.com/greenbone/gvmd/commit/198c356e3) -* Automatically update pg-gvm in check_db_extensions [4fbc79395](https://github.com/greenbone/gvmd/commit/4fbc79395) -* Remove EnvironmentFile from gvmd.service file [f2228a320](https://github.com/greenbone/gvmd/commit/f2228a320) -* Use $TMPACCESSKEY when syncing enterprise feed [b3f4c4bf4](https://github.com/greenbone/gvmd/commit/b3f4c4bf4) -* Standardize rsync options [f6c9b66d9](https://github.com/greenbone/gvmd/commit/f6c9b66d9) -* Disable table_driven_lsc in policies [9b15dc865](https://github.com/greenbone/gvmd/commit/9b15dc865) -* Get NVT feed info via OSP [692e21c2a](https://github.com/greenbone/gvmd/commit/692e21c2a) -* Update GVMD_FEED_DIR to /var/lib/gvm/data-objects/gvmd/22.04 [6aa4b2e7a](https://github.com/greenbone/gvmd/commit/6aa4b2e7a) -* Load data objects from new feed paths [51716c88f](https://github.com/greenbone/gvmd/commit/51716c88f) -* Use new feed dir structure in sync scripts [0a769ec3c](https://github.com/greenbone/gvmd/commit/0a769ec3c) -* Improve log message for getting the feed version [0fdb01814](https://github.com/greenbone/gvmd/commit/0fdb01814) -* Improve init_preference_iterator SQL query performance [5a5cbb945](https://github.com/greenbone/gvmd/commit/5a5cbb945) -* Change some migration and OSP warnings to info [b3cced2bc](https://github.com/greenbone/gvmd/commit/b3cced2bc) -* Use GVMD_RUN_DIR instead of GVM_RUN_DIR [e53ae5731](https://github.com/greenbone/gvmd/commit/e53ae5731) -* Use full path GVMD_PID_PATH for PID files [3fea5a9f4](https://github.com/greenbone/gvmd/commit/3fea5a9f4) -* Raise required gvm-libs version to 21.10 [299946bdf](https://github.com/greenbone/gvmd/commit/299946bdf) -* Replace blocking table locks with a non-blocking retry loop [44a054ad3](https://github.com/greenbone/gvmd/commit/44a054ad3) -* Rename the date column of reports to creation_time [#1520](https://github.com/greenbone/gvmd/pull/1520) -* Change report timestamp filter and iterator columns [#1512](https://github.com/greenbone/gvmd/pull/1512) -* Use pg-gvm extension for C PostgreSQL functions [#1400](https://github.com/greenbone/gvmd/pull/1400), [#1453](https://github.com/greenbone/gvmd/pull/1453) - -## Bug Fixes -* Return the correct error message, when wrong severity input is send to overrides (#1843) [1a96ac530](https://github.com/greenbone/gvmd/commit/1a96ac530) -* Fix logging in sync script if no syslog is available [a726dfdf1](https://github.com/greenbone/gvmd/commit/a726dfdf1) -* Use g_memdup2 instead of the deprecated g_memdup [4ad2491fd](https://github.com/greenbone/gvmd/commit/4ad2491fd) -* Fix handling of SSH keys in modify_credential [7b16d2e6f](https://github.com/greenbone/gvmd/commit/7b16d2e6f) -* Trigger libtheia container build (#1817) [26bc13aa7](https://github.com/greenbone/gvmd/commit/26bc13aa7) -* Fix iCal next time calculation, use new SQL func [aa4f9a925](https://github.com/greenbone/gvmd/commit/aa4f9a925) -* Fix GMP doc for get_assets command [006c130be](https://github.com/greenbone/gvmd/commit/006c130be) -* task status overwrite when a task is stopped and quickly restarted (not resumed) #1779 [a34fa7050](https://github.com/greenbone/gvmd/commit/a34fa7050) -* Avoid closing manager socket FDs twice [12c700331](https://github.com/greenbone/gvmd/commit/12c700331) -* Initialize roles with NULL [705ce8a51](https://github.com/greenbone/gvmd/commit/705ce8a51) -* Test if location is null in cve_scan_host to prevent an assertion error [d979e4580](https://github.com/greenbone/gvmd/commit/d979e4580) -* -dump-vt-verification error message [ca30e3856](https://github.com/greenbone/gvmd/commit/ca30e3856) -* Update subject alternative name in certificate generation [#1503](https://github.com/greenbone/gvmd/pull/1503) -* Fix migration to DB version 242 from gvmd 20.08 [#1498](https://github.com/greenbone/gvmd/pull/1498) -* Improve VT version handling for CVE & OVAL results [#1496](https://github.com/greenbone/gvmd/pull/1496) - -## Refactor -* move from gvm-lib proctitle-set to libbsd setproctitle [98b537078](https://github.com/greenbone/gvmd/commit/98b537078) -* add lib version [85a1000f4](https://github.com/greenbone/gvmd/commit/85a1000f4) -* switch from tab to space [0016553a0](https://github.com/greenbone/gvmd/commit/0016553a0) -* Add libbsd to docker images [95f182dd2](https://github.com/greenbone/gvmd/commit/95f182dd2) - -### Removed -* Remove Network Source Interface from gvmd [#1511](https://github.com/greenbone/gvmd/pull/1511) -* Removed OVAL definitions from gvmd [#1525](https://github.com/greenbone/gvmd/pull/1525) -* Removed OVAL definitions from GMP and gvmd documentation [1551](https://github.com/greenbone/gvmd/pull/1551) -* Removed the Business Process Map from gvmd [1627](https://github.com/greenbone/gvmd/pull/1627) -* Removed ifaces element from users [#1676](https://github.com/greenbone/gvmd/pull/1676) -* Removed OSP scanners from gvmd [#1689](https://github.com/greenbone/gvmd/pull/1689) [#1691](https://github.com/greenbone/gvmd/pull/1691) [#1694](https://github.com/greenbone/gvmd/pull/1694) [#1701](https://github.com/greenbone/gvmd/pull/1701) - -[22.4.0]: https://github.com/greenbone/gvmd/compare/v21.4.5...v22.4.0 diff --git a/changelog/v22.4.1.md b/changelog/v22.4.1.md deleted file mode 100644 index 430558281..000000000 --- a/changelog/v22.4.1.md +++ /dev/null @@ -1,22 +0,0 @@ -# Changelog - -All notable changes to this project will be documented in this file. - -## [22.4.1] - 2022-12-15 - -## Changed -* Update creating tags for container images (#1888) [6faf28e71](https://github.com/greenbone/gvmd/commit/6faf28e71) -* Implement new check to find WID-SEC advisories in the xml (backport #1874) [79964f2be](https://github.com/greenbone/gvmd/commit/79964f2be) -* Implement new check to find WID-SEC advisories in the xml (#1874) [ef92900e5](https://github.com/greenbone/gvmd/commit/ef92900e5) -* Escape minus in regular expressions for pcre 2 compatibility [48f77b524](https://github.com/greenbone/gvmd/commit/48f77b524) -* Split building build and production container images [f35abf80e](https://github.com/greenbone/gvmd/commit/f35abf80e) -* Run container image builds also for pull requests [9e61d283c](https://github.com/greenbone/gvmd/commit/9e61d283c) -* Use docker/meta-action for container tags and labels (#1855) [efe372c89](https://github.com/greenbone/gvmd/commit/efe372c89) -* Log client command errors only as debug message [b86adb995](https://github.com/greenbone/gvmd/commit/b86adb995) - -## Bug Fixes -* buffer overrun in buffer_aggregate_xml() (#1880) [919337d1a](https://github.com/greenbone/gvmd/commit/919337d1a) -* Clean up old SQL functions now included in pg-gvm [ad7cd9e5d](https://github.com/greenbone/gvmd/commit/ad7cd9e5d) -* Fix regex for new glib2.0 >= 2.73.2 [905c84b47](https://github.com/greenbone/gvmd/commit/905c84b47) - -[22.4.1]: https://github.com/greenbone/gvmd/compare/v9.0.1.post1...22.4.1 \ No newline at end of file diff --git a/changelog/v22.4.2.md b/changelog/v22.4.2.md deleted file mode 100644 index 2a2ce5321..000000000 --- a/changelog/v22.4.2.md +++ /dev/null @@ -1,10 +0,0 @@ -# Changelog - -All notable changes to this project will be documented in this file. - -## [22.4.2] - 2023-01-13 - -## Bug Fixes -* The number of results in triggered alerts. (#1895) (#1896) [f3e6f5eb2](https://github.com/greenbone/gvmd/commit/f3e6f5eb2) - -[22.4.2]: https://github.com/greenbone/gvmd/compare/v9.0.1.post1...22.4.2 \ No newline at end of file From f834e54a71b3606fb815203602c2007968a8bd14 Mon Sep 17 00:00:00 2001 From: tuxmaster5000 <837503+tuxmaster5000@users.noreply.github.com> Date: Mon, 8 May 2023 07:59:44 +0200 Subject: [PATCH 087/120] The script name is needed by the logger before. (cherry picked from commit 3e84260e7c8aba235995a7061a30467cec03fdbc) --- tools/greenbone-feed-sync.in | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tools/greenbone-feed-sync.in b/tools/greenbone-feed-sync.in index bb06aac30..2988dd129 100644 --- a/tools/greenbone-feed-sync.in +++ b/tools/greenbone-feed-sync.in @@ -21,6 +21,10 @@ # case a access key is present) or else from the Greenbone # Community Feed. +# SCRIPT_NAME is the name the scripts will use to identify itself and to mark +# log messages. +SCRIPT_NAME="greenbone-feed-sync" + ########## LOG FUNCTIONS ########## ============= @@ -160,10 +164,6 @@ ENTERPRISE_FEED_SCAP_PATH="$ENTERPRISE_FEED_BASE_PATH/vulnerability-feed/@GMP_VE # doing. PORT=24 -# SCRIPT_NAME is the name the scripts will use to identify itself and to mark -# log messages. -SCRIPT_NAME="greenbone-feed-sync" - # LOCK_FILE is the name of the file used to lock the feed during sync or update. if [ -z "$LOCK_FILE" ] From ca2ba036f35d64b2b85eae52d16b075fea7f208a Mon Sep 17 00:00:00 2001 From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com> Date: Fri, 19 May 2023 06:57:34 +0000 Subject: [PATCH 088/120] Fix: Fixed issue while installing debian credentials (#1987) Fixed issue in .deb credential script that throws an error when running script twice for a username to replace a credential --------- Co-authored-by: Joseph Lee --- tools/gvm-lsc-deb-creator | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/tools/gvm-lsc-deb-creator b/tools/gvm-lsc-deb-creator index 22abd88ae..44d44fac3 100755 --- a/tools/gvm-lsc-deb-creator +++ b/tools/gvm-lsc-deb-creator @@ -30,6 +30,7 @@ TEMP_DIR="$3" OUTPUT_PATH=$4 MAINTAINER_EMAIL="$5" +# Verify required args if [ -z "${USERNAME}" ] then echo "No username given" >&2 @@ -38,7 +39,7 @@ fi if [ -z "${PUBKEY_FILE}" ] then - echo "No pubkey path given" >&2 + echo "No pubkey at given path" >&2 exit 1 fi @@ -54,6 +55,7 @@ then exit 1 fi +# Ensure maintainer email if [ -z "${MAINTAINER_EMAIL}" ] then MAINTAINER_HOSTNAME="$(hostname)" @@ -71,7 +73,7 @@ PACKAGE_VERSION="0.5-1" PACKAGE_NAME_VERSION="${PACKAGE_NAME}_${PACKAGE_VERSION}" MAINTAINER="Greenbone Vulnerability Manager <${MAINTAINER_EMAIL}>" PACKAGE_DATE=$(date "+%a, %d %b %Y %H:%M:%S %z") - +# Used for identifying username entry in /etc/passwd USER_COMMENT="GVM Local Security Checks" USER_COMMENT_GREP="GVM\\ Local\\ Security\\ Checks" @@ -194,6 +196,9 @@ chmod "0755" "${PREINST_FILE}" { echo "#!/bin/sh" echo "set -e # abort on errors" + echo "# Delete GVM Local Security Checks user by username and comment identifier" + echo "grep \"${USERNAME}.*${USER_COMMENT_GREP}\" /etc/passwd && userdel -fr ${USERNAME}" + echo "# GVM Local Security Checks user and create home directory" echo "useradd -c \"${USER_COMMENT}\" -d /home/${USERNAME} -m -s /bin/bash ${USERNAME}" } > "${PREINST_FILE}" @@ -204,6 +209,7 @@ chmod "0755" "${POSTINST_FILE}" { echo "#!/bin/sh" echo "set -e # abort on errors" + echo "# Change file permissions" echo "chown -R ${USERNAME}:${USERNAME} /home/${USERNAME}" echo "chmod 500 /home/${USERNAME}/.ssh" echo "chmod 400 /home/${USERNAME}/.ssh/authorized_keys" @@ -215,13 +221,15 @@ touch "${POSTRM_FILE}" chmod "0755" "${POSTRM_FILE}" { echo "#!/bin/sh" - echo "# Remove user only if it was created by this package." + echo "# Remove user only if it was created by this package and only" + echo "# if postrm is not called when reinstalling the same package." echo "# The debian package will run the postun script in case of errors" echo "# (e.g. user already existed)." echo "# Delete the user only if /etc/passwd lists content that suggests" echo "# that the user was created by this package." # echo "set -e # abort on errors" - echo "grep \"${USERNAME}.*${USER_COMMENT_GREP}\" /etc/passwd && userdel -fr ${USERNAME}" + echo "if [ \$1 != \"upgrade\" ]; then grep \"${USERNAME}.*${USER_COMMENT_GREP}\" /etc/passwd && userdel -fr ${USERNAME}; fi" + echo "exit 0" } > "${POSTRM_FILE}" # Calculate md5 checksums From aa2d13b52d8bbbee704b9f58524640f7bbaa3ff6 Mon Sep 17 00:00:00 2001 From: dvppvd <119556950+dvppvd@users.noreply.github.com> Date: Tue, 23 May 2023 10:36:28 +0700 Subject: [PATCH 089/120] Add column hash_value to the tables results and report_host_details (cherry picked from commit 1531dd8f50235d4dea6e13982a009e85bf38d180) --- src/manage_pg.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/manage_pg.c b/src/manage_pg.c index 41b7a4988..afcbe9129 100644 --- a/src/manage_pg.c +++ b/src/manage_pg.c @@ -2489,7 +2489,8 @@ create_tables () " owner integer REFERENCES users (id) ON DELETE RESTRICT," " date integer," " hostname text," - " path text);"); + " path text," + " hash_value text);"); sql ("CREATE TABLE IF NOT EXISTS results_trash" " (id SERIAL PRIMARY KEY," @@ -2619,7 +2620,8 @@ create_tables () " source_name text," " source_description text," " name text," - " value text);"); + " value text," + " hash_value text);"); create_tables_nvt (""); From 4099b5e1cc8de2fbe29d80ffbcfa888b4cddb236 Mon Sep 17 00:00:00 2001 From: rizlas Date: Tue, 30 May 2023 15:04:42 +0200 Subject: [PATCH 090/120] Add Enabled certificates generation for container (#1993) * Enabled certificates generation before gvmd start * Moved certificate generation in start-gvmd script and made it optional (cherry picked from commit 14544a5ec17dbdeb296ce11126b59d9733da86e2) --- .docker/prod.Dockerfile | 4 ++++ .docker/start-gvmd.sh | 5 +++++ 2 files changed, 9 insertions(+) diff --git a/.docker/prod.Dockerfile b/.docker/prod.Dockerfile index 7b7010101..3e312853f 100644 --- a/.docker/prod.Dockerfile +++ b/.docker/prod.Dockerfile @@ -67,6 +67,9 @@ ARG DEBIAN_FRONTEND=noninteractive # Loading scap and cert data # xml-twig-tools +# Required for set up certificates for GVM +# gnutls-bin + RUN apt-get update && \ apt-get install -y --no-install-recommends \ dpkg \ @@ -75,6 +78,7 @@ RUN apt-get update && \ gosu \ gnupg \ gpgsm \ + gnutls-bin \ libbsd0 \ libgpgme11 \ libical3 \ diff --git a/.docker/start-gvmd.sh b/.docker/start-gvmd.sh index 695e4d51b..c4ced08d3 100644 --- a/.docker/start-gvmd.sh +++ b/.docker/start-gvmd.sh @@ -24,6 +24,11 @@ [ -z "$GVMD_USER" ] && GVMD_USER="gvmd" [ -z "$PGRES_DATA"] && PGRES_DATA="/var/lib/postgresql" +if [ -n "$GVM_CERTS" ] && [ "$GVM_CERTS" = true ]; then + echo "Generating certs" + gvm-manage-certs -a +fi + # check for psql connection FILE=$PGRES_DATA/started until test -f "$FILE"; do From eadb1a33a945d3ce66f406a2e91f38db7c9abef9 Mon Sep 17 00:00:00 2001 From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com> Date: Wed, 31 May 2023 10:23:07 +0000 Subject: [PATCH 091/120] Add: Added to fork_cve_scan_handler() cleanup so it matches fork_osp_scan_handler() (#1998) (greenbone/gvmd/issues/1979) (cherry picked from commit 33ae8f7842784f8eb31ca6e6e9a136e042dfaa4a) Co-authored-by: Kevin Hester --- src/manage.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/manage.c b/src/manage.c index cdf705bf1..9a444f1cf 100644 --- a/src/manage.c +++ b/src/manage.c @@ -3089,9 +3089,12 @@ fork_cve_scan_handler (task_t task, target_t target) set_report_scan_run_status (global_current_report, TASK_STATUS_INTERRUPTED); global_current_report = (report_t) 0; + current_scanner_task = 0; return -9; default: /* Parent, successfully forked. */ + global_current_report = 0; + current_scanner_task = 0; g_debug ("%s: %i forked %i", __func__, getpid (), pid); return 0; } From 8e3828772584a59c9670acceaee64597ea1eaa2d Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Tue, 30 May 2023 09:46:26 +0200 Subject: [PATCH 092/120] Corrected the used index in an iterator access function. Corrected the used index in the iterator access function "config_iterator_usage_type(...)". (cherry picked from commit afa3bc48a302550d6ebbf75f117d441a2c46f782) --- src/manage_sql_configs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/manage_sql_configs.c b/src/manage_sql_configs.c index abc63a844..26a1f51be 100644 --- a/src/manage_sql_configs.c +++ b/src/manage_sql_configs.c @@ -3255,7 +3255,7 @@ config_iterator_nvts_growing (iterator_t* iterator) * @return The usage type of the config, or NULL if iteration is complete. * Freed by cleanup_iterator. */ -DEF_ACCESS (config_iterator_usage_type, GET_ITERATOR_COLUMN_COUNT + 8); +DEF_ACCESS (config_iterator_usage_type, GET_ITERATOR_COLUMN_COUNT + 6); /** * @brief Get predefined status from a config iterator. From de66510491c352bb445493e53f403b4680a47aa1 Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Wed, 17 May 2023 16:02:21 +0200 Subject: [PATCH 093/120] Fix: Handle undefined direction in alerts In alerts with the "Filter count changed" condition, the check now always falls back to checking if the count increased if the "direction" condition data is not defined. Without the fix having it undefined could cause a segmentation fault. (cherry picked from commit d861d4555da46c2a9a6b35172d39aa0e67f4f4e2) --- src/manage_sql.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/src/manage_sql.c b/src/manage_sql.c index c5913f456..941cc55fb 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -14322,7 +14322,10 @@ condition_met (task_t task, report_t report, alert_t alert, { /* Same as "increased". */ if (cmp >= count) - return 1; + { + free (filter_id); + return 1; + } } else if (((strcasecmp (direction, "changed") == 0) && (abs (cmp) >= count)) @@ -14341,7 +14344,16 @@ condition_met (task_t task, report_t report, alert_t alert, g_debug ("direction: %s", direction); g_debug ("last_count: %i", last_count); g_debug ("second_last_count NULL"); - if (((strcasecmp (direction, "changed") == 0) + if (direction == NULL) + { + /* Same as "increased". */ + if (last_count > 0) + { + free (filter_id); + return 1; + } + } + else if (((strcasecmp (direction, "changed") == 0) || (strcasecmp (direction, "increased") == 0)) && (last_count > 0)) { From 2454931ff5214f83d8aae835b7f1c1d3ad4be487 Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Tue, 25 Apr 2023 11:37:48 +0200 Subject: [PATCH 094/120] Use osp_get_vts_ext_str for update/rebuild (cherry picked from commit 3b8b81ce9a69133a7ae69b6484a9686740264f78) --- src/manage_sql_nvts.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/src/manage_sql_nvts.c b/src/manage_sql_nvts.c index f9fb3d5cb..1830667c2 100644 --- a/src/manage_sql_nvts.c +++ b/src/manage_sql_nvts.c @@ -1886,10 +1886,11 @@ update_nvt_cache_osp (const gchar *update_socket, gchar *db_feed_version, { osp_connection_t *connection; GSList *scanner_prefs; - entity_t vts; + element_t vts; osp_get_vts_opts_t get_vts_opts; time_t old_nvts_last_modified; int ret; + char *str; if (rebuild || db_feed_version == NULL @@ -1915,17 +1916,28 @@ update_nvt_cache_osp (const gchar *update_socket, gchar *db_feed_version, get_vts_opts.filter = g_strdup_printf ("modification_time>%s", db_feed_version); else get_vts_opts.filter = NULL; - if (osp_get_vts_ext (connection, get_vts_opts, &vts)) + + if (osp_get_vts_ext_str (connection, get_vts_opts, &str)) { g_warning ("%s: failed to get VTs", __func__); g_free (get_vts_opts.filter); + g_free (str); return -1; } + g_free (get_vts_opts.filter); + if (parse_element (str, &vts)) + { + g_warning ("%s: failed to parse VTs", __func__); + g_free (str); + return -1; + } + osp_connection_close (connection); ret = update_nvts_from_vts (&vts, scanner_feed_version, rebuild); - free_entity (vts); + element_free (vts); + g_free (str); if (ret) return ret; From 09f331c5cb748a9c4ec2a071310f594a80dd1a08 Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Tue, 25 Apr 2023 11:43:52 +0200 Subject: [PATCH 095/120] Adjust get_vts users from entity to element (cherry picked from commit 4bc58aa1ef3244737c82bad5c51776f9ca718d7b) --- src/manage_sql_nvts.c | 174 +++++++++++++++++++++--------------------- 1 file changed, 86 insertions(+), 88 deletions(-) diff --git a/src/manage_sql_nvts.c b/src/manage_sql_nvts.c index 1830667c2..61886d990 100644 --- a/src/manage_sql_nvts.c +++ b/src/manage_sql_nvts.c @@ -1217,35 +1217,34 @@ set_nvts_check_time (int count_new, int count_modified) * @return 0 success, -1 error. */ static int -update_preferences_from_vt (entity_t vt, const gchar *oid, GList **preferences) +update_preferences_from_vt (element_t vt, const gchar *oid, GList **preferences) { - entity_t params, param; - entities_t children; + element_t params, param; assert (preferences); - params = entity_child (vt, "params"); + params = element_child (vt, "params"); if (params == NULL) return 0; - children = params->entities; - while ((param = first_entity (children))) + param = element_first_child (params); + while (param) { - if (strcasecmp (entity_name (param), "param") == 0) + if (strcasecmp (element_name (param), "param") == 0) { const gchar *type, *id; - entity_t name, def; + element_t name, def; - type = entity_attribute (param, "type"); - id = entity_attribute (param, "id"); - name = entity_child (param, "name"); - def = entity_child (param, "default"); + type = element_attribute (param, "type"); + id = element_attribute (param, "id"); + name = element_child (param, "name"); + def = element_child (param, "default"); if (type == NULL) { GString *debug = g_string_new (""); g_warning ("%s: PARAM missing type attribute", __func__); - print_entity_to_string (param, debug); + print_element_to_string (param, debug); g_warning ("%s: PARAM: %s", __func__, debug->str); g_string_free (debug, TRUE); } @@ -1253,7 +1252,7 @@ update_preferences_from_vt (entity_t vt, const gchar *oid, GList **preferences) { GString *debug = g_string_new (""); g_warning ("%s: PARAM missing id attribute", __func__); - print_entity_to_string (param, debug); + print_element_to_string (param, debug); g_warning ("%s: PARAM: %s", __func__, debug->str); g_string_free (debug, TRUE); } @@ -1261,7 +1260,7 @@ update_preferences_from_vt (entity_t vt, const gchar *oid, GList **preferences) { GString *debug = g_string_new (""); g_warning ("%s: PARAM missing NAME", __func__); - print_entity_to_string (param, debug); + print_element_to_string (param, debug); g_warning ("%s: PARAM: %s", __func__, debug->str); g_string_free (debug, TRUE); } @@ -1274,20 +1273,20 @@ update_preferences_from_vt (entity_t vt, const gchar *oid, GList **preferences) oid, id, type, - entity_text (name)); + element_text (name)); blank_control_chars (full_name); preference = g_malloc0 (sizeof (preference_t)); preference->name = full_name; if (def) - preference->value = g_strdup (entity_text (def)); + preference->value = g_strdup (element_text (def)); else preference->value = g_strdup (""); *preferences = g_list_prepend (*preferences, preference); } } - children = next_entities (children); + param = element_next (param); } return 0; @@ -1301,18 +1300,18 @@ update_preferences_from_vt (entity_t vt, const gchar *oid, GList **preferences) * @return The NVTI object on success (needs to be free'd), NULL on error. */ static nvti_t * -nvti_from_vt (entity_t vt) +nvti_from_vt (element_t vt) { nvti_t *nvti = nvti_new (); const char *id; - entity_t name, summary, insight, affected, impact, detection, solution; - entity_t creation_time, modification_time; - entity_t refs, ref, custom, family, category, deprecated; - entity_t severities, severity; + element_t name, summary, insight, affected, impact, detection, solution; + element_t creation_time, modification_time; + element_t refs, ref, custom, family, category, deprecated; + element_t severities, severity; - entities_t children; + // FIX must free element_text,_attr nvti_set_name_use - id = entity_attribute (vt, "id"); + id = element_attribute (vt, "id"); if (id == NULL) { g_warning ("%s: VT missing id attribute", __func__); @@ -1321,74 +1320,74 @@ nvti_from_vt (entity_t vt) } nvti_set_oid (nvti, id); - name = entity_child (vt, "name"); + name = element_child (vt, "name"); if (name == NULL) { g_warning ("%s: VT missing NAME", __func__); nvti_free (nvti); return NULL; } - nvti_set_name (nvti, entity_text (name)); + nvti_set_name (nvti, element_text (name)); - summary = entity_child (vt, "summary"); + summary = element_child (vt, "summary"); if (summary) - nvti_set_summary (nvti, entity_text (summary)); + nvti_set_summary (nvti, element_text (summary)); - insight = entity_child (vt, "insight"); + insight = element_child (vt, "insight"); if (insight) - nvti_set_insight (nvti, entity_text (insight)); + nvti_set_insight (nvti, element_text (insight)); - affected = entity_child (vt, "affected"); + affected = element_child (vt, "affected"); if (affected) - nvti_set_affected (nvti, entity_text (affected)); + nvti_set_affected (nvti, element_text (affected)); - impact = entity_child (vt, "impact"); + impact = element_child (vt, "impact"); if (impact) - nvti_set_impact (nvti, entity_text (impact)); + nvti_set_impact (nvti, element_text (impact)); - creation_time = entity_child (vt, "creation_time"); + creation_time = element_child (vt, "creation_time"); if (creation_time) - nvti_set_creation_time (nvti, strtol (entity_text (creation_time), + nvti_set_creation_time (nvti, strtol (element_text (creation_time), NULL, 10)); - modification_time = entity_child (vt, "modification_time"); + modification_time = element_child (vt, "modification_time"); if (modification_time) - nvti_set_modification_time (nvti, strtol (entity_text (modification_time), + nvti_set_modification_time (nvti, strtol (element_text (modification_time), NULL, 10)); - detection = entity_child (vt, "detection"); + detection = element_child (vt, "detection"); if (detection) { const gchar *qod; - nvti_set_detection (nvti, entity_text (detection)); + nvti_set_detection (nvti, element_text (detection)); - qod = entity_attribute (detection, "qod"); + qod = element_attribute (detection, "qod"); if (qod == NULL) - nvti_set_qod_type (nvti, entity_attribute (detection, "qod_type")); + nvti_set_qod_type (nvti, element_attribute (detection, "qod_type")); else nvti_set_qod (nvti, qod); } - solution = entity_child (vt, "solution"); + solution = element_child (vt, "solution"); if (solution) { const gchar *type, *method; - nvti_set_solution (nvti, entity_text (solution)); + nvti_set_solution (nvti, element_text (solution)); - type = entity_attribute (solution, "type"); + type = element_attribute (solution, "type"); if (type == NULL) g_debug ("%s: SOLUTION missing type", __func__); else nvti_set_solution_type (nvti, type); - method = entity_attribute (solution, "method"); + method = element_attribute (solution, "method"); if (method) nvti_set_solution_method (nvti, method); } - severities = entity_child (vt, "severities"); + severities = element_child (vt, "severities"); if (severities == NULL) { g_warning ("%s: VT missing SEVERITIES", __func__); @@ -1396,89 +1395,89 @@ nvti_from_vt (entity_t vt) return NULL; } - children = severities->entities; - while ((severity = first_entity (children))) + severity = element_first_child (severities); + while (severity) { const gchar *severity_type; - severity_type = entity_attribute (severity, "type"); + severity_type = element_attribute (severity, "type"); if (severity_type == NULL) { GString *debug = g_string_new (""); g_warning ("%s: SEVERITY missing type attribute", __func__); - print_entity_to_string (severity, debug); + print_element_to_string (severity, debug); g_warning ("%s: severity: %s", __func__, debug->str); g_string_free (debug, TRUE); } else { - entity_t value; + element_t value; - value = entity_child (severity, "value"); + value = element_child (severity, "value"); if (!value) { GString *debug = g_string_new (""); g_warning ("%s: SEVERITY missing value element", __func__); - print_entity_to_string (severity, debug); + print_element_to_string (severity, debug); g_warning ("%s: severity: %s", __func__, debug->str); g_string_free (debug, TRUE); } else { - entity_t origin, severity_date; + element_t origin, severity_date; double cvss_base_dbl; gchar * cvss_base; time_t parsed_severity_date; cvss_base_dbl - = get_cvss_score_from_base_metrics (entity_text (value)); + = get_cvss_score_from_base_metrics (element_text (value)); origin - = entity_child (severity, "origin"); + = element_child (severity, "origin"); severity_date - = entity_child (severity, "date"); + = element_child (severity, "date"); if (severity_date) - parsed_severity_date = strtol (entity_text (severity_date), + parsed_severity_date = strtol (element_text (severity_date), NULL, 10); else parsed_severity_date = nvti_creation_time (nvti); nvti_add_vtseverity (nvti, vtseverity_new (severity_type, - origin ? entity_text (origin) : NULL, + origin ? element_text (origin) : NULL, parsed_severity_date, cvss_base_dbl, - entity_text (value))); + element_text (value))); - nvti_add_tag (nvti, "cvss_base_vector", entity_text (value)); + nvti_add_tag (nvti, "cvss_base_vector", element_text (value)); cvss_base = g_strdup_printf ("%.1f", - get_cvss_score_from_base_metrics (entity_text (value))); + get_cvss_score_from_base_metrics (element_text (value))); nvti_set_cvss_base (nvti, cvss_base); g_free (cvss_base); } } - children = next_entities (children); + severity = element_next (severity); } - refs = entity_child (vt, "refs"); + refs = element_child (vt, "refs"); if (refs) { - children = refs->entities; - while ((ref = first_entity (children))) + ref = element_first_child (refs); + while (ref) { const gchar *ref_type; - ref_type = entity_attribute (ref, "type"); + ref_type = element_attribute (ref, "type"); if (ref_type == NULL) { GString *debug = g_string_new (""); g_warning ("%s: REF missing type attribute", __func__); - print_entity_to_string (ref, debug); + print_element_to_string (ref, debug); g_warning ("%s: ref: %s", __func__, debug->str); g_string_free (debug, TRUE); } @@ -1486,12 +1485,12 @@ nvti_from_vt (entity_t vt) { const gchar *ref_id; - ref_id = entity_attribute (ref, "id"); + ref_id = element_attribute (ref, "id"); if (ref_id == NULL) { GString *debug = g_string_new (""); g_warning ("%s: REF missing id attribute", __func__); - print_entity_to_string (ref, debug); + print_element_to_string (ref, debug); g_warning ("%s: ref: %s", __func__, debug->str); g_string_free (debug, TRUE); } @@ -1501,11 +1500,11 @@ nvti_from_vt (entity_t vt) } } - children = next_entities (children); + ref = element_next (ref); } } - custom = entity_child (vt, "custom"); + custom = element_child (vt, "custom"); if (custom == NULL) { g_warning ("%s: VT missing CUSTOM", __func__); @@ -1513,28 +1512,28 @@ nvti_from_vt (entity_t vt) return NULL; } - family = entity_child (custom, "family"); + family = element_child (custom, "family"); if (family == NULL) { g_warning ("%s: VT/CUSTOM missing FAMILY", __func__); nvti_free (nvti); return NULL; } - nvti_set_family (nvti, entity_text (family)); + nvti_set_family (nvti, element_text (family)); - category = entity_child (custom, "category"); + category = element_child (custom, "category"); if (category == NULL) { g_warning ("%s: VT/CUSTOM missing CATEGORY", __func__); nvti_free (nvti); return NULL; } - nvti_set_category (nvti, atoi (entity_text (category))); + nvti_set_category (nvti, atoi (element_text (category))); - deprecated = entity_child (custom, "deprecated"); + deprecated = element_child (custom, "deprecated"); if (deprecated) { - nvti_add_tag (nvti, "deprecated", entity_text (deprecated)); + nvti_add_tag (nvti, "deprecated", element_text (deprecated)); } return nvti; @@ -1550,12 +1549,11 @@ nvti_from_vt (entity_t vt) * @return 0 success, 1 VT integrity check failed, -1 error */ static int -update_nvts_from_vts (entity_t *get_vts_response, +update_nvts_from_vts (element_t *get_vts_response, const gchar *scanner_feed_version, int rebuild) { - entity_t vts, vt; - entities_t children; + element_t vts, vt; GList *preferences; int count_modified_vts, count_new_vts; time_t feed_version_epoch; @@ -1566,14 +1564,14 @@ update_nvts_from_vts (entity_t *get_vts_response, feed_version_epoch = nvts_feed_version_epoch(); - vts = entity_child (*get_vts_response, "vts"); + vts = element_child (*get_vts_response, "vts"); if (vts == NULL) { g_warning ("%s: VTS missing", __func__); return -1; } - osp_vt_hash = entity_attribute (vts, "sha256_hash"); + osp_vt_hash = element_attribute (vts, "sha256_hash"); sql_begin_immediate (); @@ -1604,8 +1602,8 @@ update_nvts_from_vts (entity_t *get_vts_response, * To solve both cases, we remove all nvt_preferences. */ sql ("TRUNCATE nvt_preferences;"); - children = vts->entities; - while ((vt = first_entity (children))) + vt = element_first_child (vts); + while (vt) { nvti_t *nvti = nvti_from_vt (vt); @@ -1633,7 +1631,7 @@ update_nvts_from_vts (entity_t *get_vts_response, g_list_free_full (preferences, g_free); nvti_free (nvti); - children = next_entities (children); + vt = element_next (vt); } if (rebuild) { From d40f37925914389d66ec3ab917df460185a1c299 Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Mon, 1 May 2023 11:54:13 +0200 Subject: [PATCH 096/120] Free element_attribute returns (cherry picked from commit 5060d20af79c7c6948411dc4dc751708f015b258) --- src/manage_sql_nvts.c | 41 ++++++++++++++++++++++++++++++----------- 1 file changed, 30 insertions(+), 11 deletions(-) diff --git a/src/manage_sql_nvts.c b/src/manage_sql_nvts.c index 61886d990..d7051ac39 100644 --- a/src/manage_sql_nvts.c +++ b/src/manage_sql_nvts.c @@ -1232,7 +1232,7 @@ update_preferences_from_vt (element_t vt, const gchar *oid, GList **preferences) { if (strcasecmp (element_name (param), "param") == 0) { - const gchar *type, *id; + gchar *type, *id; element_t name, def; type = element_attribute (param, "type"); @@ -1284,6 +1284,9 @@ update_preferences_from_vt (element_t vt, const gchar *oid, GList **preferences) preference->value = g_strdup (""); *preferences = g_list_prepend (*preferences, preference); } + + g_free (type); + g_free (id); } param = element_next (param); @@ -1303,13 +1306,13 @@ static nvti_t * nvti_from_vt (element_t vt) { nvti_t *nvti = nvti_new (); - const char *id; + gchar *id; element_t name, summary, insight, affected, impact, detection, solution; element_t creation_time, modification_time; element_t refs, ref, custom, family, category, deprecated; element_t severities, severity; - // FIX must free element_text,_attr nvti_set_name_use + // FIX must free element_text nvti_set_*_use id = element_attribute (vt, "id"); if (id == NULL) @@ -1319,6 +1322,7 @@ nvti_from_vt (element_t vt) return NULL; } nvti_set_oid (nvti, id); + g_free (id); name = element_child (vt, "name"); if (name == NULL) @@ -1358,21 +1362,27 @@ nvti_from_vt (element_t vt) detection = element_child (vt, "detection"); if (detection) { - const gchar *qod; + gchar *qod; nvti_set_detection (nvti, element_text (detection)); qod = element_attribute (detection, "qod"); - if (qod == NULL) - nvti_set_qod_type (nvti, element_attribute (detection, "qod_type")); + if (qod == NULL) { + gchar *qod_type; + + qod_type = element_attribute (detection, "qod_type"); + nvti_set_qod_type (nvti, qod_type); + g_free (qod_type); + } else nvti_set_qod (nvti, qod); + g_free (qod); } solution = element_child (vt, "solution"); if (solution) { - const gchar *type, *method; + gchar *type, *method; nvti_set_solution (nvti, element_text (solution)); @@ -1381,10 +1391,12 @@ nvti_from_vt (element_t vt) g_debug ("%s: SOLUTION missing type", __func__); else nvti_set_solution_type (nvti, type); + g_free (type); method = element_attribute (solution, "method"); if (method) nvti_set_solution_method (nvti, method); + g_free (method); } severities = element_child (vt, "severities"); @@ -1398,7 +1410,7 @@ nvti_from_vt (element_t vt) severity = element_first_child (severities); while (severity) { - const gchar *severity_type; + gchar *severity_type; severity_type = element_attribute (severity, "type"); @@ -1459,6 +1471,8 @@ nvti_from_vt (element_t vt) nvti_set_cvss_base (nvti, cvss_base); g_free (cvss_base); } + + g_free (severity_type); } severity = element_next (severity); @@ -1470,7 +1484,7 @@ nvti_from_vt (element_t vt) ref = element_first_child (refs); while (ref) { - const gchar *ref_type; + gchar *ref_type; ref_type = element_attribute (ref, "type"); if (ref_type == NULL) @@ -1483,7 +1497,7 @@ nvti_from_vt (element_t vt) } else { - const gchar *ref_id; + gchar *ref_id; ref_id = element_attribute (ref, "id"); if (ref_id == NULL) @@ -1497,7 +1511,10 @@ nvti_from_vt (element_t vt) else { nvti_add_vtref (nvti, vtref_new (ref_type, ref_id, NULL)); + g_free (ref_id); } + + g_free (ref_type); } ref = element_next (ref); @@ -1557,7 +1574,7 @@ update_nvts_from_vts (element_t *get_vts_response, GList *preferences; int count_modified_vts, count_new_vts; time_t feed_version_epoch; - const char *osp_vt_hash; + char *osp_vt_hash; count_modified_vts = 0; count_new_vts = 0; @@ -1691,6 +1708,7 @@ update_nvts_from_vts (element_t *get_vts_response, " does not match the one from the scanner (%s).", __func__, db_vts_hash, osp_vt_hash); + g_free (osp_vt_hash); g_free (db_vts_hash); return 1; } @@ -1701,6 +1719,7 @@ update_nvts_from_vts (element_t *get_vts_response, g_warning ("%s: No SHA-256 hash received from scanner, skipping check.", __func__); + g_free (osp_vt_hash); return 0; } From 6b3d6c0f6a91654fed746a5a90e59a5e8d5f43d2 Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Mon, 1 May 2023 14:50:33 +0200 Subject: [PATCH 097/120] Free or use element_text returns (cherry picked from commit 90d7ae2cac5e7b92d42497bfdc689f4332ff73ab) --- src/manage_sql_nvts.c | 85 +++++++++++++++++++++++++++---------------- 1 file changed, 54 insertions(+), 31 deletions(-) diff --git a/src/manage_sql_nvts.c b/src/manage_sql_nvts.c index d7051ac39..ce2f5f850 100644 --- a/src/manage_sql_nvts.c +++ b/src/manage_sql_nvts.c @@ -1266,20 +1266,22 @@ update_preferences_from_vt (element_t vt, const gchar *oid, GList **preferences) } else { - gchar *full_name; + gchar *full_name, *text; preference_t *preference; + text = element_text (name); full_name = g_strdup_printf ("%s:%s:%s:%s", oid, id, type, - element_text (name)); + text); + g_free (text); blank_control_chars (full_name); preference = g_malloc0 (sizeof (preference_t)); preference->name = full_name; if (def) - preference->value = g_strdup (element_text (def)); + preference->value = element_text (def); else preference->value = g_strdup (""); *preferences = g_list_prepend (*preferences, preference); @@ -1306,14 +1308,12 @@ static nvti_t * nvti_from_vt (element_t vt) { nvti_t *nvti = nvti_new (); - gchar *id; + gchar *id, *category_text; element_t name, summary, insight, affected, impact, detection, solution; element_t creation_time, modification_time; element_t refs, ref, custom, family, category, deprecated; element_t severities, severity; - // FIX must free element_text nvti_set_*_use - id = element_attribute (vt, "id"); if (id == NULL) { @@ -1331,40 +1331,48 @@ nvti_from_vt (element_t vt) nvti_free (nvti); return NULL; } - nvti_set_name (nvti, element_text (name)); + nvti_put_name (nvti, element_text (name)); summary = element_child (vt, "summary"); if (summary) - nvti_set_summary (nvti, element_text (summary)); + nvti_put_summary (nvti, element_text (summary)); insight = element_child (vt, "insight"); if (insight) - nvti_set_insight (nvti, element_text (insight)); + nvti_put_insight (nvti, element_text (insight)); affected = element_child (vt, "affected"); if (affected) - nvti_set_affected (nvti, element_text (affected)); + nvti_put_affected (nvti, element_text (affected)); impact = element_child (vt, "impact"); if (impact) - nvti_set_impact (nvti, element_text (impact)); + nvti_put_impact (nvti, element_text (impact)); creation_time = element_child (vt, "creation_time"); - if (creation_time) - nvti_set_creation_time (nvti, strtol (element_text (creation_time), - NULL, 10)); + if (creation_time) { + gchar *text; + + text = element_text (creation_time); + nvti_set_creation_time (nvti, strtol (text, NULL, 10)); + g_free (text); + } modification_time = element_child (vt, "modification_time"); - if (modification_time) - nvti_set_modification_time (nvti, strtol (element_text (modification_time), - NULL, 10)); + if (modification_time) { + gchar *text; + + text = element_text (modification_time); + nvti_set_modification_time (nvti, strtol(text, NULL, 10)); + g_free (text); + } detection = element_child (vt, "detection"); if (detection) { gchar *qod; - nvti_set_detection (nvti, element_text (detection)); + nvti_put_detection (nvti, element_text (detection)); qod = element_attribute (detection, "qod"); if (qod == NULL) { @@ -1384,7 +1392,7 @@ nvti_from_vt (element_t vt) { gchar *type, *method; - nvti_set_solution (nvti, element_text (solution)); + nvti_put_solution (nvti, element_text (solution)); type = element_attribute (solution, "type"); if (type == NULL) @@ -1440,36 +1448,45 @@ nvti_from_vt (element_t vt) { element_t origin, severity_date; double cvss_base_dbl; - gchar * cvss_base; + gchar *cvss_base, *value_text, *origin_text; time_t parsed_severity_date; + value_text = element_text (value); + cvss_base_dbl - = get_cvss_score_from_base_metrics (element_text (value)); + = get_cvss_score_from_base_metrics (value_text); origin = element_child (severity, "origin"); severity_date = element_child (severity, "date"); - if (severity_date) - parsed_severity_date = strtol (element_text (severity_date), - NULL, 10); + if (severity_date) { + gchar *text; + + text = element_text (severity_date); + parsed_severity_date = strtol (text, NULL, 10); + g_free (text); + } else parsed_severity_date = nvti_creation_time (nvti); + origin_text = origin ? element_text (origin) : NULL, nvti_add_vtseverity (nvti, vtseverity_new (severity_type, - origin ? element_text (origin) : NULL, + origin_text, parsed_severity_date, cvss_base_dbl, - element_text (value))); + value_text)); + g_free (origin_text); - nvti_add_tag (nvti, "cvss_base_vector", element_text (value)); + nvti_add_tag (nvti, "cvss_base_vector", value_text); cvss_base = g_strdup_printf ("%.1f", - get_cvss_score_from_base_metrics (element_text (value))); + get_cvss_score_from_base_metrics (value_text)); nvti_set_cvss_base (nvti, cvss_base); g_free (cvss_base); + g_free (value_text); } g_free (severity_type); @@ -1536,7 +1553,7 @@ nvti_from_vt (element_t vt) nvti_free (nvti); return NULL; } - nvti_set_family (nvti, element_text (family)); + nvti_put_family (nvti, element_text (family)); category = element_child (custom, "category"); if (category == NULL) @@ -1545,12 +1562,18 @@ nvti_from_vt (element_t vt) nvti_free (nvti); return NULL; } - nvti_set_category (nvti, atoi (element_text (category))); + category_text = element_text (category); + nvti_set_category (nvti, atoi (category_text)); + g_free (category_text); deprecated = element_child (custom, "deprecated"); if (deprecated) { - nvti_add_tag (nvti, "deprecated", element_text (deprecated)); + gchar *text; + + text = element_text (deprecated); + nvti_add_tag (nvti, "deprecated", text); + g_free (text); } return nvti; From 06b5f958369da0487d71ecac8ad266fe44bd4ea9 Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Tue, 16 May 2023 14:55:25 +0200 Subject: [PATCH 098/120] Use new columns to speed up check_preference_names (cherry picked from commit bbf7177df2ce2aae44c6ec3247b2430f38a11a5f) --- src/manage_sql_nvts.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/src/manage_sql_nvts.c b/src/manage_sql_nvts.c index ce2f5f850..d28a34fa5 100644 --- a/src/manage_sql_nvts.c +++ b/src/manage_sql_nvts.c @@ -1787,7 +1787,10 @@ check_preference_names (int trash, time_t modification_time) init_iterator (&prefs, "WITH new_pref_matches AS" " (SELECT substring (nvt_preferences.name," - " '^([^:]*:[^:]*)') || ':%%' AS match," + " '^([^:]*):') AS pref_nvt," + " CAST (substring (nvt_preferences.name," + " '^[^:]*:([^:]*):')" + " AS integer) AS pref_id," " name AS new_name" " FROM nvt_preferences" " WHERE substr (name, 0, position (':' IN name))" @@ -1797,7 +1800,8 @@ check_preference_names (int trash, time_t modification_time) " configs%s.uuid AS config_id" " FROM config_preferences%s AS c_prefs" " JOIN new_pref_matches" - " ON c_prefs.name LIKE new_pref_matches.match" + " ON c_prefs.pref_nvt = new_pref_matches.pref_nvt" + " AND c_prefs.pref_id = new_pref_matches.pref_id" " JOIN configs%s ON configs%s.id = c_prefs.config" " WHERE c_prefs.name != new_name;", modification_time, @@ -1809,13 +1813,14 @@ check_preference_names (int trash, time_t modification_time) while (next (&prefs)) { resource_t preference; - const char *old_name, *new_name, *config_id; - gchar *quoted_new_name; + const char *old_name, *new_name, *config_id, *new_pref_name; + gchar *quoted_new_name, *quoted_new_pref_name; preference = iterator_int64 (&prefs, 0); old_name = iterator_string (&prefs, 1); new_name = iterator_string (&prefs, 2); config_id = iterator_string (&prefs, 3); + new_pref_name = iterator_string (&prefs, 4); g_message ("Preference '%s' of %sconfig %s changed to '%s'", old_name, @@ -1824,15 +1829,18 @@ check_preference_names (int trash, time_t modification_time) new_name); quoted_new_name = sql_quote (new_name); + quoted_new_pref_name = sql_quote (new_pref_name); sql ("UPDATE config_preferences%s" - " SET name = '%s'" + " SET name = '%s', pref_name = '%s'" " WHERE id = %llu", trash ? "_trash " : "", quoted_new_name, + quoted_new_pref_name, preference); g_free (quoted_new_name); + g_free (quoted_new_pref_name); } sql_commit (); From f424db4253b6d546019b7af6ac8296706df059c1 Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Tue, 16 May 2023 15:07:51 +0200 Subject: [PATCH 099/120] Add columns to config_preferences (cherry picked from commit 9e6812a634654e8688e1f50f79436e5c5bd2ba8d) --- CMakeLists.txt | 2 +- src/manage_migrators.c | 67 ++++++++++++++++++++++++++++++++++++++++++ src/manage_pg.c | 12 ++++++-- 3 files changed, 78 insertions(+), 3 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 57a65417c..ef01678a0 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -98,7 +98,7 @@ include (CPack) ## Variables -set (GVMD_DATABASE_VERSION 253) +set (GVMD_DATABASE_VERSION 254) set (GVMD_SCAP_DATABASE_VERSION 20) diff --git a/src/manage_migrators.c b/src/manage_migrators.c index 011d1b2d8..4e63ba829 100644 --- a/src/manage_migrators.c +++ b/src/manage_migrators.c @@ -3059,6 +3059,72 @@ migrate_252_to_253 () } +/** + * @brief Alter and update for migrate_253_to_254. + * + * @param[in] trash Whether to alter trash tables. + */ +static void +migrate_253_to_254_alter (int trash) +{ + sql ("ALTER TABLE config_preferences%s ADD COLUMN pref_nvt text;", + trash ? "_trash" : ""); + sql ("UPDATE config_preferences%s" + " SET pref_nvt = substring (name, '^([^:]*)');", + trash ? "_trash" : ""); + + sql ("ALTER TABLE config_preferences%s ADD COLUMN pref_id integer;", + trash ? "_trash" : ""); + sql ("UPDATE config_preferences%s" + " SET pref_id = CAST (substring (name, '^[^:]*:([^:]*)') AS integer);", + trash ? "_trash" : ""); + + sql ("ALTER table config_preferences%s ADD COLUMN pref_type text;", + trash ? "_trash" : ""); + sql ("UPDATE config_preferences%s" + " SET pref_type = substring (name, '^[^:]*:[^:]*:([^:]*):');", + trash ? "_trash" : ""); + + sql ("ALTER table config_preferences%s ADD COLUMN pref_name text;", + trash ? "_trash" : ""); + sql ("UPDATE config_preferences%s" + " SET pref_name = substring (name, '^[^:]*:[^:]*:[^:]*:(.*)');", + trash ? "_trash" : ""); +} + +/** + * @brief Migrate the database from version 253 to version 254. + * + * @return 0 success, -1 error. + */ +int +migrate_253_to_254 () +{ + sql_begin_immediate (); + + /* Ensure that the database is currently version 253. */ + + if (manage_db_version () != 253) + { + sql_rollback (); + return -1; + } + + /* Update the database. */ + + migrate_253_to_254_alter(0); + migrate_253_to_254_alter(1); + + /* Set the database version to 254. */ + + set_db_version (254); + + sql_commit (); + + return 0; +} + + #undef UPDATE_DASHBOARD_SETTINGS /** @@ -3118,6 +3184,7 @@ static migrator_t database_migrators[] = { {251, migrate_250_to_251}, {252, migrate_251_to_252}, {253, migrate_252_to_253}, + {254, migrate_253_to_254}, /* End marker. */ {-1, NULL}}; diff --git a/src/manage_pg.c b/src/manage_pg.c index afcbe9129..5a3777f2b 100644 --- a/src/manage_pg.c +++ b/src/manage_pg.c @@ -2339,7 +2339,11 @@ create_tables () " type text," " name text," " value text," - " default_value text);"); + " default_value text," + " pref_nvt text," + " pref_id integer," + " pref_type text," + " pref_name text);"); sql ("CREATE TABLE IF NOT EXISTS config_preferences_trash" " (id SERIAL PRIMARY KEY," @@ -2347,7 +2351,11 @@ create_tables () " type text," " name text," " value text," - " default_value text);"); + " default_value text," + " pref_nvt text," + " pref_id integer," + " pref_type text," + " pref_name text);"); sql ("CREATE TABLE IF NOT EXISTS schedules" " (id SERIAL PRIMARY KEY," From c29775e9dd8419d08afba63daa2b7b1f5f17bcf4 Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Tue, 16 May 2023 15:11:57 +0200 Subject: [PATCH 100/120] Remove unused function (cherry picked from commit 34a1fa02b59829d1a40673b1b1760b1067bc5aaa) --- src/manage_configs.h | 4 ---- src/manage_sql_configs.c | 50 ---------------------------------------- 2 files changed, 54 deletions(-) diff --git a/src/manage_configs.h b/src/manage_configs.h index 442ab7989..a97f515ad 100644 --- a/src/manage_configs.h +++ b/src/manage_configs.h @@ -168,10 +168,6 @@ config_timeout_iterator_nvt_name (iterator_t *); const char* config_timeout_iterator_value (iterator_t *); -void -update_config_preference (const char *, const char *, const char *, - const char *, gboolean); - gboolean configs_feed_dir_exists (); diff --git a/src/manage_sql_configs.c b/src/manage_sql_configs.c index 26a1f51be..e269f87dc 100644 --- a/src/manage_sql_configs.c +++ b/src/manage_sql_configs.c @@ -4159,56 +4159,6 @@ DEF_ACCESS (config_timeout_iterator_nvt_name, 2); */ DEF_ACCESS (config_timeout_iterator_value, 3); -/** - * @brief Update or optionally insert a NVT preference. - * - * @param[in] config_id UUID of the config to set the preference in - * @param[in] type Type of the preference, e.g. "PLUGINS_PREFS" - * @param[in] preference_name Full name of the preference - * @param[in] new_value The new value to set - * @param[in] insert Whether to insert the preference if missing - */ -void -update_config_preference (const char *config_id, - const char *type, - const char *preference_name, - const char *new_value, - gboolean insert) -{ - gchar *quoted_config_id = sql_quote (config_id); - gchar *quoted_type = sql_quote (type); - gchar *quoted_name = sql_quote (preference_name); - gchar *quoted_value = sql_quote (new_value); - - if (sql_int ("SELECT count (*) FROM config_preferences" - " WHERE config = (SELECT id FROM configs WHERE uuid = '%s')" - " AND type = '%s'" - " AND name = '%s';", - quoted_config_id, quoted_type, quoted_name) == 0) - { - if (insert) - { - sql ("INSERT INTO config_preferences (config, type, name, value)" - " VALUES ((SELECT id FROM configs WHERE uuid = '%s')," - " '%s', '%s', '%s');", - quoted_config_id, quoted_type, quoted_name, quoted_value); - } - } - else - { - sql ("UPDATE config_preferences SET value = '%s'" - " WHERE config = (SELECT id FROM configs WHERE uuid = '%s')" - " AND type = '%s'" - " AND name = '%s';", - quoted_value, quoted_config_id, quoted_type, quoted_name); - } - - g_free (quoted_config_id); - g_free (quoted_type); - g_free (quoted_name); - g_free (quoted_value); -} - /** * @brief Update the cached count and growing information in a config. * From f375cc592953329846b20a4245c2059f041c2d9a Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Tue, 16 May 2023 15:16:05 +0200 Subject: [PATCH 101/120] Also insert new columns into config_preferences (cherry picked from commit d8d9f02087c09a2aad727b6bc203a3c7cfd3f95d) --- src/manage_sql.c | 6 ++++-- src/manage_sql_configs.c | 45 ++++++++++++++++++++++++++++++++-------- 2 files changed, 40 insertions(+), 11 deletions(-) diff --git a/src/manage_sql.c b/src/manage_sql.c index 941cc55fb..eb09ea305 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -46348,8 +46348,10 @@ manage_restore (const char *id) config = sql_last_insert_id (); sql ("INSERT INTO config_preferences" - " (config, type, name, value, default_value)" - " SELECT %llu, type, name, value, default_value" + " (config, type, name, value, default_value, pref_nvt, pref_id," + " pref_type, pref_name)" + " SELECT %llu, type, name, value, default_value, pref_nvt, pref_id," + " pref_type, pref_name" " FROM config_preferences_trash WHERE config = %llu;", config, resource); diff --git a/src/manage_sql_configs.c b/src/manage_sql_configs.c index e269f87dc..6b30902cc 100644 --- a/src/manage_sql_configs.c +++ b/src/manage_sql_configs.c @@ -2366,14 +2366,20 @@ config_insert_preferences (config_t config, /* NVT preference */ /* OID:PrefID:PrefType:PrefName value */ sql ("INSERT INTO config_preferences" - " (config, type, name, value)" - " VALUES (%llu, 'PLUGINS_PREFS', '%s:%s:%s:%s', '%s');", + " (config, type, name, value, pref_nvt, pref_id, pref_type," + " pref_name)" + " VALUES (%llu, 'PLUGINS_PREFS', '%s:%s:%s:%s', '%s', %i," + " '%s', '%s', '%s');", config, quoted_nvt_oid, quoted_preference_id, quoted_type, quoted_preference_name, - quoted_value); + quoted_value, + quoted_nvt_oid, + atoi (preference->id), + quoted_type, + quoted_preference_name); g_free (quoted_nvt_oid); g_free (quoted_preference_name); @@ -2861,8 +2867,10 @@ copy_config (const char* name, const char* comment, const char *config_id, sql ("UPDATE configs SET predefined = 0 WHERE id = %llu;", new); sql ("INSERT INTO config_preferences (config, type, name, value," - " default_value)" - " SELECT %llu, type, name, value, default_value" + " default_value, pref_nvt, pref_id," + " pref_type, pref_name)" + " SELECT %llu, type, name, value, default_value, pref_nvt, pref_id," + " pref_type, pref_name" " FROM config_preferences" " WHERE config = %llu;", new, old); @@ -3041,8 +3049,10 @@ delete_config (const char *config_id, int ultimate) trash_config = sql_last_insert_id (); sql ("INSERT INTO config_preferences_trash" - " (config, type, name, value, default_value)" - " SELECT %llu, type, name, value, default_value" + " (config, type, name, value, default_value, pref_nvt, pref_id," + " pref_type, pref_name)" + " SELECT %llu, type, name, value, default_value, pref_nvt, pref_id," + " pref_type, pref_name" " FROM config_preferences WHERE config = %llu;", trash_config, config); @@ -3515,8 +3525,12 @@ modify_config_preference (config_t config, const char* nvt, const char* name, const char* value_64) { gchar *quoted_name, *quoted_value, *value, **splits; + gchar *quoted_pref_nvt, *quoted_pref_type, *quoted_pref_name; + int pref_id; quoted_name = sql_quote (name); + quoted_pref_nvt = quoted_pref_type = quoted_pref_name = NULL; + pref_id = 0; if (strlen (value_64)) { @@ -3543,6 +3557,11 @@ modify_config_preference (config_t config, const char* nvt, return 2; } + quoted_pref_nvt = g_strdup (splits[0]); + pref_id = atoi (splits[1]); + quoted_pref_type = g_strdup (splits[2]); + quoted_pref_name = g_strdup (splits[3]); + /* A radio. Put the new value on the front of the list of options. */ old_value = sql_string ("SELECT value FROM config_preferences" @@ -3605,9 +3624,17 @@ modify_config_preference (config_t config, const char* nvt, nvt ? "= 'PLUGINS_PREFS'" : "= 'SERVER_PREFS'", quoted_name); sql ("INSERT INTO config_preferences" - " (config, type, name, value) VALUES (%llu, %s, '%s', '%s');", + " (config, type, name, value, pref_nvt, pref_id, pref_type, pref_name)" + " VALUES (%llu, %s, '%s', '%s', '%s', %i, '%s', '%s');", config, nvt ? "'PLUGINS_PREFS'" : "'SERVER_PREFS'", quoted_name, - quoted_value); + quoted_value, quoted_pref_nvt, pref_id, quoted_pref_type, + quoted_pref_name); + + g_free (quoted_value); + g_free (quoted_name); + g_free (quoted_pref_nvt); + g_free (quoted_pref_type); + g_free (quoted_pref_name); return 0; } From 3301f6c29bd77a21eeebaac78866af4ebe05d114 Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Mon, 22 May 2023 15:10:20 +0200 Subject: [PATCH 102/120] Correct specifier order (cherry picked from commit 1709a056cad761b474c10e96703fcf4a1d0c1af5) --- src/manage_sql_configs.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/manage_sql_configs.c b/src/manage_sql_configs.c index 6b30902cc..006f107ca 100644 --- a/src/manage_sql_configs.c +++ b/src/manage_sql_configs.c @@ -2368,8 +2368,8 @@ config_insert_preferences (config_t config, sql ("INSERT INTO config_preferences" " (config, type, name, value, pref_nvt, pref_id, pref_type," " pref_name)" - " VALUES (%llu, 'PLUGINS_PREFS', '%s:%s:%s:%s', '%s', %i," - " '%s', '%s', '%s');", + " VALUES (%llu, 'PLUGINS_PREFS', '%s:%s:%s:%s', '%s', '%s'," + " %i, '%s', '%s');", config, quoted_nvt_oid, quoted_preference_id, From 1b649ab8c5e65cb726c68535174126ce45319e98 Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Mon, 5 Jun 2023 15:52:34 +0200 Subject: [PATCH 103/120] Actually quote new values (cherry picked from commit fe274607afb6e69bd2ff1a8e4837d0881feda58f) --- src/manage_sql_configs.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/manage_sql_configs.c b/src/manage_sql_configs.c index 006f107ca..865de17db 100644 --- a/src/manage_sql_configs.c +++ b/src/manage_sql_configs.c @@ -3557,10 +3557,10 @@ modify_config_preference (config_t config, const char* nvt, return 2; } - quoted_pref_nvt = g_strdup (splits[0]); + quoted_pref_nvt = sql_quote (splits[0]); pref_id = atoi (splits[1]); - quoted_pref_type = g_strdup (splits[2]); - quoted_pref_name = g_strdup (splits[3]); + quoted_pref_type = sql_quote (splits[2]); + quoted_pref_name = sql_quote (splits[3]); /* A radio. Put the new value on the front of the list of options. */ From 306628dc06f09bd3bf43ec1db396ce10571e1584 Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Mon, 5 Jun 2023 17:27:55 +0200 Subject: [PATCH 104/120] Use specifier for sql_giveup, to be safe --- src/manage_sql.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/manage_sql.c b/src/manage_sql.c index 28eda61b9..8e31c2532 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -24229,7 +24229,7 @@ cache_report_counts (report_t report, int override, int min_qod, if (i) { g_string_append_printf (insert, ";"); - ret = sql_giveup (insert->str); + ret = sql_giveup ("%s", insert->str); if (ret) { g_string_free (insert, TRUE); From a930465eb7166624cd4c3de55afd5ff0f91d4acc Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Mon, 5 Jun 2023 22:29:18 +0200 Subject: [PATCH 105/120] Add --vt-ref-insert-size --- src/gvmd.c | 10 +++++++++- src/manage_sql_nvts.c | 28 ++++++++++++++++++++-------- src/manage_sql_nvts.h | 8 ++++++++ 3 files changed, 37 insertions(+), 9 deletions(-) diff --git a/src/gvmd.c b/src/gvmd.c index a07e1f953..c5d73a51b 100644 --- a/src/gvmd.c +++ b/src/gvmd.c @@ -1886,6 +1886,7 @@ gvmd (int argc, char** argv, char *env[]) static gchar *broker_address = NULL; static gchar *feed_lock_path = NULL; static int feed_lock_timeout = 0; + static int vt_ref_insert_size = VT_REF_INSERT_SIZE_DEFAULT; static gchar *vt_verification_collation = NULL; GString *full_disable_commands = g_string_new (""); @@ -2210,6 +2211,11 @@ gvmd (int argc, char** argv, char *env[]) &print_version, "Print version and exit.", NULL }, + { "vt-ref-insert-size", '\0', 0, G_OPTION_ARG_INT, + &vt_ref_insert_size, + "Max number of VT refs to insert per statement during VT update," + " 0 for unlimited, default: " + G_STRINGIFY (VT_REF_INSERT_SIZE_DEFAULT), "" }, { "vt-verification-collation", '\0', 0, G_OPTION_ARG_STRING, &vt_verification_collation, "Set collation for VT verification to , omit or leave" @@ -2293,10 +2299,12 @@ gvmd (int argc, char** argv, char *env[]) /* Set the connection auto retry */ set_scanner_connection_retry (scanner_connection_retry); - /* Set SecInfo update commit size */ + /* Set SQL sizes */ set_secinfo_commit_size (secinfo_commit_size); + set_vt_ref_insert_size (vt_ref_insert_size); + /* Set VT verification collation override */ set_vt_verification_collation (vt_verification_collation); diff --git a/src/manage_sql_nvts.c b/src/manage_sql_nvts.c index 956a4a495..9cd32cb35 100644 --- a/src/manage_sql_nvts.c +++ b/src/manage_sql_nvts.c @@ -50,13 +50,6 @@ */ #define G_LOG_DOMAIN "md manage" -/** - * @brief Rows per statement when inserting VT refs for update/rebuild. - * - * There are about 500k vt_refs. - */ -#define VT_REFS_BATCH_SIZE 50000 - /* Headers from backend specific manage_xxx.c file. */ @@ -66,6 +59,11 @@ create_tables_nvt (const gchar *); /* NVT related global options */ +/** + * @brief Max number of rows inserted per statement. + */ +static int vt_ref_insert_size = VT_REF_INSERT_SIZE_DEFAULT; + /** * @brief File socket for OSP NVT update. */ @@ -129,6 +127,20 @@ check_osp_vt_update_socket () /* NVT's. */ +/** + * @brief Set the VT ref insert size. + * + * @param new_size New size. + */ +void +set_vt_ref_insert_size (int new_size) +{ + if (new_size < 0) + vt_ref_insert_size = 0; + else + vt_ref_insert_size = new_size; +} + /** * @brief Ensures the sanity of nvts cache in DB. */ @@ -1721,7 +1733,7 @@ update_nvts_from_vts (element_t *get_vts_response, * To solve both cases, we remove all nvt_preferences. */ sql ("TRUNCATE nvt_preferences;"); - vt_refs_batch = batch_start (VT_REFS_BATCH_SIZE); + vt_refs_batch = batch_start (vt_ref_insert_size); vt = element_first_child (vts); while (vt) { diff --git a/src/manage_sql_nvts.h b/src/manage_sql_nvts.h index 2e58fb6f4..117b2a779 100644 --- a/src/manage_sql_nvts.h +++ b/src/manage_sql_nvts.h @@ -97,6 +97,14 @@ { NULL, NULL, KEYWORD_TYPE_UNKNOWN } \ } +/** + * @brief Default for vt_ref_insert_size. + */ +#define VT_REF_INSERT_SIZE_DEFAULT 50000 + +void +set_vt_ref_insert_size (int); + const char * get_osp_vt_update_socket (); From d26371a258631275e1639a31233a129d610a87b7 Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Mon, 5 Jun 2023 22:29:28 +0200 Subject: [PATCH 106/120] Handle --vt-ref-insert-size 0 case --- src/manage_sql_nvts.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/manage_sql_nvts.c b/src/manage_sql_nvts.c index 9cd32cb35..0a74b4554 100644 --- a/src/manage_sql_nvts.c +++ b/src/manage_sql_nvts.c @@ -325,6 +325,9 @@ batch_check (batch_t *b) // First time, caller must init sql. return 1; + if (b->max == 0) + return 0; + if (b->size > b->max) { sql ("%s", b->sql->str); From 592b8906fb8eb45ba2a5dfe924a28d4ec128af74 Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Tue, 6 Jun 2023 15:47:19 +0200 Subject: [PATCH 107/120] Move target_credential SQL into TARGET_ITERATOR_COLUMNS --- src/manage_sql.c | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/src/manage_sql.c b/src/manage_sql.c index eb09ea305..83c76c3bc 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -32101,40 +32101,45 @@ modify_target (const char *target_id, const char *name, const char *hosts, { \ "(SELECT name FROM credentials" \ " WHERE credentials.id" \ - " = target_credential (targets.id, 0," \ - " CAST ('ssh' AS text)))", \ + " = (SELECT credential FROM targets_login_data" \ + " WHERE target = targets.id" \ + " AND type = CAST ('ssh' AS text)))", \ "ssh_credential", \ KEYWORD_TYPE_STRING \ }, \ { \ "(SELECT name FROM credentials" \ " WHERE credentials.id" \ - " = target_credential (targets.id, 0," \ - " CAST ('smb' AS text)))", \ + " = (SELECT credential FROM targets_login_data" \ + " WHERE target = targets.id" \ + " AND type = CAST ('smb' AS text)))", \ "smb_credential", \ KEYWORD_TYPE_STRING \ }, \ { \ "(SELECT name FROM credentials" \ " WHERE credentials.id" \ - " = target_credential (targets.id, 0," \ - " CAST ('esxi' AS text)))", \ + " = (SELECT credential FROM targets_login_data" \ + " WHERE target = targets.id" \ + " AND type = CAST ('esxi' AS text)))", \ "esxi_credential", \ KEYWORD_TYPE_STRING \ }, \ { \ "(SELECT name FROM credentials" \ " WHERE credentials.id" \ - " = target_credential (targets.id, 0," \ - " CAST ('snmp' AS text)))", \ + " = (SELECT credential FROM targets_login_data" \ + " WHERE target = targets.id" \ + " AND type = CAST ('snmp' AS text)))", \ "snmp_credential", \ KEYWORD_TYPE_STRING \ }, \ { \ "(SELECT name FROM credentials" \ " WHERE credentials.id" \ - " = target_credential (targets.id, 0," \ - " CAST ('elevate' AS text)))", \ + " = (SELECT credential FROM targets_login_data" \ + " WHERE target = targets.id" \ + " AND type = CAST ('elevate' AS text)))", \ "ssh_elevate_credential", \ KEYWORD_TYPE_STRING \ }, \ From 8b234ce51392a1b62d21363accf03c653490c16b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Ricks?= Date: Thu, 8 Jun 2023 13:55:09 +0200 Subject: [PATCH 108/120] Ensure venv doesn't get added to the repo again Don't add the Python virtual environment to the repo. --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 4a7968117..d927b79eb 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ build/ tags .ccls .vscode +.venv From 9ab187d46eb0ccec7a00af0dcb5d7fd9079045a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Ricks?= Date: Thu, 8 Jun 2023 13:57:02 +0200 Subject: [PATCH 109/120] Update version to 22.5.0 for next semver release --- CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index ef01678a0..8bf433fae 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -20,7 +20,7 @@ cmake_minimum_required (VERSION 3.0) message ("-- Configuring Greenbone Vulnerability Manager...") project (gvm - VERSION 22.4.3 + VERSION 22.5.0 LANGUAGES C) if (POLICY CMP0005) From f10fb52e3603f40dbc5a4e972fec7eda383033de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Ricks?= Date: Thu, 8 Jun 2023 13:30:02 +0200 Subject: [PATCH 110/120] Change: Adjust building the build container image for semver releases The gvmd repository will use semver in future as the scanner repos do now too. Therefore adjust the workflow for building and uploading the gvmd build image. --- .docker/build.Dockerfile | 2 +- .github/workflows/build-container.yml | 29 ++++++++++++++++++--------- 2 files changed, 20 insertions(+), 11 deletions(-) diff --git a/.docker/build.Dockerfile b/.docker/build.Dockerfile index e9e53c04b..112d84fd2 100644 --- a/.docker/build.Dockerfile +++ b/.docker/build.Dockerfile @@ -1,5 +1,5 @@ # Define ARG we use through the build -ARG VERSION=edge +ARG VERSION=stable # We want gvm-libs to be ready so we use the build docker image of gvm-libs FROM greenbone/gvm-libs:$VERSION diff --git a/.github/workflows/build-container.yml b/.github/workflows/build-container.yml index b72900665..104b599fc 100644 --- a/.github/workflows/build-container.yml +++ b/.github/workflows/build-container.yml @@ -2,13 +2,15 @@ name: Build Container Image Builds on: push: - branches: [ main, stable, oldstable ] + branches: + - main tags: ["v*"] paths: - .github/workflows/build-container.yml - .docker/build.Dockerfile pull_request: - branches: [ main, stable, oldstable ] + branches: + - main paths: - .github/workflows/build-container.yml - .docker/build.Dockerfile @@ -25,6 +27,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v3 + - uses: greenbone/actions/is-latest-tag@v2 + id: latest - name: Setup container meta information id: meta uses: docker/metadata-action@v4 @@ -35,15 +39,20 @@ jobs: org.opencontainers.image.base.name=debian/stable-slim flavor: latest=false # no latest container tag for git tags tags: | - # create container tag for git tags - type=ref,event=tag + # use version, major.minor and major for tags + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + + # use edge for default branch + type=edge + + # set label for non-published pull request builds type=ref,event=pr - # use latest for stable branch - type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'stable') }} - type=raw,value=stable,enable=${{ github.ref == format('refs/heads/{0}', 'stable') }} - type=raw,value=oldstable,enable=${{ github.ref == format('refs/heads/{0}', 'oldstable') }} - # use unstable for main branch - type=raw,value=unstable,enable={{is_default_branch}} + + # when a new git tag is created set stable and a latest tags + type=raw,value=latest,enable=${{ steps.latest.outputs.is-latest-tag == 'true' }} + type=raw,value=stable,enable=${{ steps.latest.outputs.is-latest-tag == 'true' }} - name: Login to DockerHub if: github.event_name != 'pull_request' uses: docker/login-action@v2 From 0e9787bdab65d4eb811427a707faea84e22b2c2a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Ricks?= Date: Wed, 7 Jun 2023 15:46:14 +0200 Subject: [PATCH 111/120] Change: Adjust release workflow for new release process The gvmd repository will use semantic versioning similar to the scanner repos in near future too. Therefore adjust the release workflow to support this versioning. --- .github/workflows/container.yml | 31 +++++++++-------- .github/workflows/release-pontos.yml | 52 +++++++++++++++++++--------- 2 files changed, 53 insertions(+), 30 deletions(-) diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index b122911a5..86bb54f07 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -2,12 +2,13 @@ name: Container Image Builds on: push: - branches: [main, stable, oldstable] + branches: + - main tags: ["v*"] pull_request: - branches: [main, stable, oldstable] + branches: + - main workflow_dispatch: - repository_dispatch: jobs: images: @@ -16,6 +17,8 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v3 + - uses: greenbone/actions/is-latest-tag@v2 + id: latest - name: Setup container meta information id: meta uses: docker/metadata-action@v4 @@ -26,20 +29,20 @@ jobs: org.opencontainers.image.base.name=debian/stable-slim flavor: latest=false # no latest container tag for git tags tags: | - # use container tag for git tags - type=match,pattern=v(.*),group=1 - # use latest for latest tag from stable branch - type=raw,value=latest,enable=${{ github.ref_type == 'tag' && startsWith(github.ref_name, 'v22.4') }} - # use stable for latest 22.4 tag - type=raw,value=stable,enable=${{ github.ref_type == 'tag' && startsWith(github.ref_name, 'v22.4') }} - # use oldstable for latest 21.4 tag - type=raw,value=oldstable,enable=${{ github.ref_type == 'tag' && startsWith(github.ref_name, 'v21.4') }} + # use version, major.minor and major for tags + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + # use edge for default branch type=edge - # use branch-sha otherwise for pushes to branches other then main (will not be uploaded) - type=raw,value={{branch}}-{{sha}},enable=${{ github.ref_type == 'branch' && github.event_name == 'push' && github.ref_name != 'main' }} - # use pr-$PR_ID for pull requests (will not be uploaded) + + # set label for non-published pull request builds type=ref,event=pr + + # when a new git tag is created set stable and a latest tags + type=raw,value=latest,enable=${{ steps.latest.outputs.is-latest-tag == 'true' }} + type=raw,value=stable,enable=${{ steps.latest.outputs.is-latest-tag == 'true' }} - name: Login to Docker Registry if: github.event_name != 'pull_request' uses: docker/login-action@v2 diff --git a/.github/workflows/release-pontos.yml b/.github/workflows/release-pontos.yml index 85da7c555..00a2ca726 100644 --- a/.github/workflows/release-pontos.yml +++ b/.github/workflows/release-pontos.yml @@ -1,34 +1,54 @@ -name: Release gvmd with pontos +name: Release gvmd on: pull_request: types: [closed] workflow_dispatch: + inputs: + release-type: + type: choice + description: What kind of release do you want to do (pontos --release-type argument)? + options: + - patch + - minor + - major + release-version: + type: string + description: Set an explicit version, that will overwrite release-type. Fails if version is not compliant. jobs: build-and-release: - name: Create a new release with pontos - # If the event is a workflow_dispatch or the label 'make release' is set and PR is closed because of a merge - if: (github.event_name == 'workflow_dispatch') || (contains( github.event.pull_request.labels.*.name, 'make release') && github.event.pull_request.merged == true) - runs-on: "ubuntu-latest" + name: Create a new release + # If the event is a workflow_dispatch or on of the labels 'pre release', + # 'patch release', 'minor release' or 'major release' is set and PR is + # closed because of a merge + # NOTE: priority of set labes will be alpha > release-candidate > patch > minor > major, + # so if 'major' and 'patch' labes are set, it will create a patch release. + if: | + ( github.event_name == 'workflow_dispatch') || ( + ( contains(github.event.pull_request.labels.*.name, 'alpha release') || + contains(github.event.pull_request.labels.*.name, 'rc release') || + contains(github.event.pull_request.labels.*.name, 'patch release') || + contains(github.event.pull_request.labels.*.name, 'minor release') || + contains(github.event.pull_request.labels.*.name, 'major release')) && + github.event.pull_request.merged == true ) + runs-on: 'ubuntu-latest' steps: - - name: Setting the Reference - run: | - if [[ "${{ github.event_name }}" = "workflow_dispatch" ]]; then - echo "RELEASE_REF=${{ github.ref_name }}" >> $GITHUB_ENV - else - echo "RELEASE_REF=${{ github.base_ref }}" >> $GITHUB_ENV - fi + - name: Selecting the Release type + id: release-type + uses: greenbone/actions/release-type@v2 + with: + release-type-input: ${{ inputs.release-type }} - name: Release with release action uses: greenbone/actions/release@v2 with: - python-version: "3.10" - conventional-commits: true github-user: ${{ secrets.GREENBONE_BOT }} github-user-mail: ${{ secrets.GREENBONE_BOT_MAIL }} github-user-token: ${{ secrets.GREENBONE_BOT_TOKEN }} gpg-key: ${{ secrets.GPG_KEY }} gpg-fingerprint: ${{ secrets.GPG_FINGERPRINT }} gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }} - strategy: calendar - ref: ${{ env.RELEASE_REF }} + release-type: ${{ steps.release-type.outputs.release-type }} + release-version: ${{ inputs.release-version }} + ref: ${{ steps.release-type.outputs.release-ref }} + versioning-scheme: "semver" From cb7c640dbd81fb211dc9b93920d42445baf3d87c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Ricks?= Date: Wed, 7 Jun 2023 16:06:00 +0200 Subject: [PATCH 112/120] Change: Adjust used build images for semantic versioning We need to use different base images for building the container image with the new semantic versioning based releases. --- .docker/prod.Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.docker/prod.Dockerfile b/.docker/prod.Dockerfile index b1641270e..239bf0331 100644 --- a/.docker/prod.Dockerfile +++ b/.docker/prod.Dockerfile @@ -1,5 +1,5 @@ -ARG VERSION=unstable -ARG GVM_LIBS_VERSION=edge +ARG VERSION=edge +ARG GVM_LIBS_VERSION=stable ARG DEBIAN_FRONTEND=noninteractive FROM greenbone/gvmd-build:${VERSION} as builder From aebcaf8d76bc93f28fd99d763575f0b2ed6c433a Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Mon, 12 Jun 2023 14:28:01 +0200 Subject: [PATCH 113/120] Inline remaining target_credential cases in TARGET_ITERATOR_COLUMNS --- src/manage_sql.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/src/manage_sql.c b/src/manage_sql.c index 83c76c3bc..94696ee93 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -32054,13 +32054,17 @@ modify_target (const char *target_id, const char *name, const char *hosts, { \ GET_ITERATOR_COLUMNS (targets), \ { "hosts", NULL, KEYWORD_TYPE_STRING }, \ - { "target_credential (id, 0, CAST ('ssh' AS text))", \ + { "(SELECT credential FROM targets_login_data" \ + " WHERE target = targets.id" \ + " AND type = CAST ('ssh' AS text))", \ NULL, \ KEYWORD_TYPE_INTEGER }, \ { "target_login_port (id, 0, CAST ('ssh' AS text))", \ "ssh_port", \ KEYWORD_TYPE_INTEGER }, \ - { "target_credential (id, 0, CAST ('smb' AS text))", \ + { "(SELECT credential FROM targets_login_data" \ + " WHERE target = targets.id" \ + " AND type = CAST ('smb' AS text))", \ NULL, \ KEYWORD_TYPE_INTEGER }, \ { "port_list", NULL, KEYWORD_TYPE_INTEGER }, \ @@ -32083,15 +32087,21 @@ modify_target (const char *target_id, const char *name, const char *hosts, { "reverse_lookup_only", NULL, KEYWORD_TYPE_INTEGER }, \ { "reverse_lookup_unify", NULL, KEYWORD_TYPE_INTEGER }, \ { "alive_test", NULL, KEYWORD_TYPE_INTEGER }, \ - { "target_credential (id, 0, CAST ('esxi' AS text))", \ + { "(SELECT credential FROM targets_login_data" \ + " WHERE target = targets.id" \ + " AND type = CAST ('esxi' AS text))", \ NULL, \ KEYWORD_TYPE_INTEGER }, \ { "0", NULL, KEYWORD_TYPE_INTEGER }, \ - { "target_credential (id, 0, CAST ('snmp' AS text))", \ + { "(SELECT credential FROM targets_login_data" \ + " WHERE target = targets.id" \ + " AND type = CAST ('snmp' AS text))", \ NULL, \ KEYWORD_TYPE_INTEGER }, \ { "0", NULL, KEYWORD_TYPE_INTEGER }, \ - { "target_credential (id, 0, CAST ('elevate' AS text))", \ + { "(SELECT credential FROM targets_login_data" \ + " WHERE target = targets.id" \ + " AND type = CAST ('elevate' AS text))", \ NULL, \ KEYWORD_TYPE_INTEGER }, \ { "0", NULL, KEYWORD_TYPE_INTEGER }, \ From 9fe19b8361a7d6be10c6583c2068cf32428e49cb Mon Sep 17 00:00:00 2001 From: Joseph Lee Date: Thu, 15 Jun 2023 01:38:42 -0400 Subject: [PATCH 114/120] Fix: Fix 0-byte credential creator issue (#2011) Fixed issue in .deb credential script that throws an error when running script twice for a username to replace a credential Fixing issues with tar by correcting paths required to create the data archive before compiling the .deb Fixing a bug in the EXE credential creator resulting from syntax error in the ExecWait commands. Setting "_topdir" in the rpmbuild config is required to prevent the rpmbuild process from attempting to access the gvm user's home directory, (which does not exist) resulting in a 0-byte user credential creator .rpm package. --- tools/gvm-lsc-deb-creator | 4 +--- tools/gvm-lsc-rpm-creator | 2 ++ tools/template.nsis | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/tools/gvm-lsc-deb-creator b/tools/gvm-lsc-deb-creator index 44d44fac3..7b9bf955e 100755 --- a/tools/gvm-lsc-deb-creator +++ b/tools/gvm-lsc-deb-creator @@ -162,9 +162,7 @@ COPYRIGHT_FILE="${DOC_DATA_DIR}/copyright" } > "${COPYRIGHT_FILE}" # Create data archive -cd "${DATA_DIR}" -tar -C "${DATA_DIR}" -z -cf "../data.tar.gz" "${HOME_SUBDIR}" "${DOC_SUBDIR}" - +tar -P -z -cf "${TEMP_DIR}/data.tar.gz" "${PACKAGE_BASE_DIR}/${HOME_DATA_SUBDIR}" "${PACKAGE_BASE_DIR}/${DOC_DATA_SUBDIR}" # # Create control files diff --git a/tools/gvm-lsc-rpm-creator b/tools/gvm-lsc-rpm-creator index 813fe3695..474bf57ff 100755 --- a/tools/gvm-lsc-rpm-creator +++ b/tools/gvm-lsc-rpm-creator @@ -130,6 +130,8 @@ SPEC_FILE="${SPEC_DIR}/${PACKAGE_NAME_VERSION}.spec" echo "BuildArch: noarch" # Put output in current directory echo "%define _rpmdir %(pwd)" + # Set _topdir + echo "%define _topdir ${TEMP_DIR}" # Create description section echo "%description" diff --git a/tools/template.nsis b/tools/template.nsis index 5b9b5a2b0..7149fc2e7 100644 --- a/tools/template.nsis +++ b/tools/template.nsis @@ -65,9 +65,9 @@ Section ; Create user and add it to the Administrators group DetailPrint `Creating user ${__USERNAME__}` SetDetailsPrint none - ExecWait `cmd /C net user ${__USERNAME__} "${__PASSWORD__}" /add /active:yes` + ExecWait 'cmd /C net user ${__USERNAME__} "${__PASSWORD__}" /add /active:yes' SetDetailsPrint both - ExecWait `cmd /C net localgroup $ADMINGROUPNAME %COMPUTERNAME%\${__USERNAME__} /add` + ExecWait 'cmd /C net localgroup $ADMINGROUPNAME %COMPUTERNAME%\${__USERNAME__} /add' ; Remove temporary files for localized admin group names Delete $TEMPVBSFILE @@ -81,7 +81,7 @@ SectionEnd ; Uninstaller section Section Uninstall - ExecWait "net user ${__USERNAME__} /delete" + ExecWait 'net user ${__USERNAME__} /delete' ; Display message that everything seems to be fine MessageBox MB_OK "A user has been removed. You can now safely remove the uninstaller from your Desktop." From 2707a7baf72d3bd791dfed61aec6a2c4599eb53e Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Thu, 15 Jun 2023 10:52:02 +0200 Subject: [PATCH 115/120] Change: Use gvm-libs:oldstable images The oldstable tag of gvm-libs is used for compatibility of the debian package dependencies. --- .docker/build.Dockerfile | 2 +- .docker/prod.Dockerfile | 2 +- .github/workflows/build-container.yml | 2 +- .github/workflows/container.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.docker/build.Dockerfile b/.docker/build.Dockerfile index 112d84fd2..e3ad4e154 100644 --- a/.docker/build.Dockerfile +++ b/.docker/build.Dockerfile @@ -1,5 +1,5 @@ # Define ARG we use through the build -ARG VERSION=stable +ARG VERSION=oldstable # We want gvm-libs to be ready so we use the build docker image of gvm-libs FROM greenbone/gvm-libs:$VERSION diff --git a/.docker/prod.Dockerfile b/.docker/prod.Dockerfile index 239bf0331..375062b76 100644 --- a/.docker/prod.Dockerfile +++ b/.docker/prod.Dockerfile @@ -1,5 +1,5 @@ ARG VERSION=edge -ARG GVM_LIBS_VERSION=stable +ARG GVM_LIBS_VERSION=oldstable ARG DEBIAN_FRONTEND=noninteractive FROM greenbone/gvmd-build:${VERSION} as builder diff --git a/.github/workflows/build-container.yml b/.github/workflows/build-container.yml index 104b599fc..60c216f0d 100644 --- a/.github/workflows/build-container.yml +++ b/.github/workflows/build-container.yml @@ -36,7 +36,7 @@ jobs: images: ${{ github.repository }}-build labels: | org.opencontainers.image.vendor=Greenbone - org.opencontainers.image.base.name=debian/stable-slim + org.opencontainers.image.base.name=greenbone/gvm-libs flavor: latest=false # no latest container tag for git tags tags: | # use version, major.minor and major for tags diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index 86bb54f07..1d0b7f4e7 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -26,7 +26,7 @@ jobs: images: ${{ github.repository }} labels: | org.opencontainers.image.vendor=Greenbone - org.opencontainers.image.base.name=debian/stable-slim + org.opencontainers.image.base.name=greenbone/gvm-libs flavor: latest=false # no latest container tag for git tags tags: | # use version, major.minor and major for tags From 2a93ac3c8bc397446c985660b2c4d35bc7ecfd52 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Ricks?= Date: Thu, 15 Jun 2023 15:43:24 +0200 Subject: [PATCH 116/120] Fix: Support building against PostgeSQL 15 Add PostgreSQL 15 to the known versions. This allows building gvmd against the lastest PostgeSQL release which is also shipped with Debian 12 (bookworm). --- cmake/FindPostgreSQL.cmake | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmake/FindPostgreSQL.cmake b/cmake/FindPostgreSQL.cmake index a9f3fbc27..6be1ae9f5 100644 --- a/cmake/FindPostgreSQL.cmake +++ b/cmake/FindPostgreSQL.cmake @@ -87,7 +87,7 @@ set(PostgreSQL_ROOT_DIR_MESSAGE "Set the PostgreSQL_ROOT system variable to wher set(PostgreSQL_KNOWN_VERSIONS ${PostgreSQL_ADDITIONAL_VERSIONS} - "14" "13" "12" "11" "10" "9.6" "9.5" "9.4" "9.3" "9.2" "9.1" "9.0" "8.4" "8.3" "8.2" "8.1" "8.0") + "15" "14" "13" "12" "11" "10" "9.6" "9.5" "9.4" "9.3" "9.2" "9.1" "9.0" "8.4" "8.3" "8.2" "8.1" "8.0") # Define additional search paths for root directories. set( PostgreSQL_ROOT_DIRECTORIES From 41bd8129117721997f13e7a1c15d42ffdc055e07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Ricks?= Date: Thu, 15 Jun 2023 16:24:09 +0200 Subject: [PATCH 117/120] Fix: Fix linking to gpgme Use pkg-config to search for gpgme linker flags. The gpgme-config tool is deprecated and removed in a newer gpgme version. The gpgme package comes already with a gpgme.pc file for pkg-config on Debian bullseye. --- src/CMakeLists.txt | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 187577d51..d4eaa7644 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -34,6 +34,7 @@ pkg_check_modules (GNUTLS REQUIRED gnutls>=3.2.15) pkg_check_modules (GLIB REQUIRED glib-2.0>=2.42) pkg_check_modules (LIBBSD REQUIRED libbsd) pkg_check_modules (LIBICAL REQUIRED libical>=1.00) +pkg_check_modules (GPGME REQUIRED gpgme) message (STATUS "Looking for PostgreSQL...") find_program (PG_CONFIG_EXECUTABLE pg_config DOC "pg_config") @@ -70,19 +71,22 @@ else (NOT XSLTPROC_EXECUTABLE) message (STATUS "Looking for xsltproc... ${XSLTPROC_EXECUTABLE}") endif (NOT XSLTPROC_EXECUTABLE) -message (STATUS "Looking for gpgme...") -find_library (GPGME gpgme) -if (NOT GPGME) - message (SEND_ERROR "The gpgme library is required.") -else (NOT GPGME) - message (STATUS "Looking for gpgme... ${GPGME}") - execute_process (COMMAND gpgme-config --cflags - OUTPUT_VARIABLE GPGME_CFLAGS - OUTPUT_STRIP_TRAILING_WHITESPACE) - execute_process (COMMAND gpgme-config --libs - OUTPUT_VARIABLE GPGME_LDFLAGS - OUTPUT_STRIP_TRAILING_WHITESPACE) -endif (NOT GPGME) +if (NOT GPGME_FOUND) + # fallback for older gpgme versions without gpgme.pc file + message (STATUS "Looking for gpgme...") + find_library (GPGME gpgme) + if (NOT GPGME) + message (SEND_ERROR "The gpgme library is required.") + else (NOT GPGME) + message (STATUS "Looking for gpgme... ${GPGME}") + execute_process (COMMAND gpgme-config --cflags + OUTPUT_VARIABLE GPGME_CFLAGS + OUTPUT_STRIP_TRAILING_WHITESPACE) + execute_process (COMMAND gpgme-config --libs + OUTPUT_VARIABLE GPGME_LDFLAGS + OUTPUT_STRIP_TRAILING_WHITESPACE) + endif (NOT GPGME) +endif (NOT GPGME_FOUND) if (WITH_LIBTHEIA) find_package(Theia 1.0.0 REQUIRED) From e7f38d81a92f576d4a28c14e4805e1d3fe30d4f4 Mon Sep 17 00:00:00 2001 From: Greenbone Bot Date: Fri, 16 Jun 2023 09:51:55 +0000 Subject: [PATCH 118/120] Automatic release to 22.5.0 --- CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 8bf433fae..1f74b5e36 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -55,7 +55,7 @@ endif (NOT CMAKE_BUILD_TYPE MATCHES "Release") # Set dev version if this is a development version and not a full release, # unset (put value 0 or delete line) before a full release and reset after. -set (PROJECT_DEV_VERSION 1) +set (PROJECT_DEV_VERSION 0) # If PROJECT_DEV_VERSION is set, the version string will be set to: # "major.minor.patch~dev${PROJECT_DEV_VERSION}${GIT_REVISION}" From b61d145ffd3a2c2bc03160dd12cb24d83311dbad Mon Sep 17 00:00:00 2001 From: Greenbone Bot Date: Fri, 16 Jun 2023 09:51:57 +0000 Subject: [PATCH 119/120] Automatic adjustments after release * Update to version 22.5.1-dev1 --- CMakeLists.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 1f74b5e36..5094cd240 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -20,7 +20,7 @@ cmake_minimum_required (VERSION 3.0) message ("-- Configuring Greenbone Vulnerability Manager...") project (gvm - VERSION 22.5.0 + VERSION 22.5.1 LANGUAGES C) if (POLICY CMP0005) @@ -55,7 +55,7 @@ endif (NOT CMAKE_BUILD_TYPE MATCHES "Release") # Set dev version if this is a development version and not a full release, # unset (put value 0 or delete line) before a full release and reset after. -set (PROJECT_DEV_VERSION 0) +set (PROJECT_DEV_VERSION 1) # If PROJECT_DEV_VERSION is set, the version string will be set to: # "major.minor.patch~dev${PROJECT_DEV_VERSION}${GIT_REVISION}" From b5f99eb6b749cacbb7bd364c0a8dfe451b7b5aaa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Ricks?= Date: Fri, 16 Jun 2023 12:47:02 +0200 Subject: [PATCH 120/120] Fix: Fix running `gvmd --migrate` Create lock function based files in the GVM_STATE_DIR and not in the GVM_RUN_DIR. The GVM_RUN_DIR is only available when `gvmd` is actually running. This is not the case when a database migration is needed. In that case GVM_RUN_DIR does not exist and the `gvm-create-functions` lock file can't be created. But that lock file is required to run `gvmd --migrate` and without the migration `gvmd` wont start as a service. --- src/utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/utils.c b/src/utils.c index bfe51af68..83c55f7fd 100644 --- a/src/utils.c +++ b/src/utils.c @@ -570,7 +570,7 @@ lock_internal (lockfile_t *lockfile, const gchar *lockfile_name, if (name_is_full_path) full_name = g_strdup (lockfile_name); else - full_name = g_build_filename (GVMD_RUN_DIR, lockfile_name, NULL); + full_name = g_build_filename (GVMD_STATE_DIR, lockfile_name, NULL); old_umask = umask (0); fd = open (full_name, O_RDWR | O_CREAT,