openvas-plugins 1.0.2 (2008-06-23)

Maintenance release with some fixes,
new scripts and cleanups.
It is recommended to update your installation with
this release to get rid of a ugly behaviour of the
snychronisation routine (see below).

Apart from this, Nikto users will get a improved
and updated NASL script to confortably run
Nikto via OpenVAS.


Main changes are:

* Bugfix in "openvas-nvt-sync": Wrong quoting in this script
  created strange directory structure in OpenVAS server installation.
  This is fixed now.
  In case you started this script as shipped by openvas-plugins 1.0.1,
  you should manually remove the directory, e.g.:
  # cd /usr/lib/openvas
  # ls -l             (watch-out for the directory named '"')
  # rm -rf \"

* 8 new Debian Local Security Checks
  contributed by www.securityspace.com

* 6 new Windows Local Security Checks and generic
  Linux Security Checks, by DN-Systems.

* Updated integration of Nikto: Adaptions for new Nikto 2.0
  and further improvements to run Nikto via OpenVAS (nikto.nasl).
  Also, the obsolete C-Plugin for Nikto (nikto.nes) has now been finally
  removed.

* Improvemed framework for Windows Local Security
  Checks based in smbclient.

* Various other small fixes.


openvas-plugins 1.0.1 (2008-06-04)

Maintenance release with several new
scripts, some package restructuring
and packaging support.

Outstanding is the up-to-date Debian
Local Security Checks, the newly developed
base funcationality for writing Windows
Local Security Checks and the new base
functionality for generic software version
tests.


Main changes are:

* 118 additional Debian Local Security Checks
  Contributed by www.securityspace.com

* New: Windows local security checks via smbclient
  added. The new base library is smbcl_func.inc.
  A sample test is win_CVE-2007-0043.nasl.
  The old Nessus Windows Local Security Checks
  were removed because the base library was under a propritary
  license.

* New methodology to test for software
  version on a remote host by asking the
  actual software rather than the RPM/DEB
  package database (version_func.inc).
  clamav-CB-A08-0001.nasl (CVE 2007-6335,
  CVE 2007-6336, CVE 2007-6337) as a sample
  how this is works.
  This makes it possible to check for tools
  that were not installed via the package
  management (typical for many services).
  Additionally, the tests are to some extend
  independent of the operating system of the
  targets.

* openvas-nvt-sync now less verbose. PID file location fixed.

* Debian packaging files moved from debian/ to packagig/debian.

* New: sample RPM spec files for SUSE and Fedora.

* Several bug fixes in .nasl and .inc files.

* Removed several obsolete files and docs
  (e.g. "nessus-update-plugins.in").

* Plugin Factory removed. See also:
  http://www.openvas.org/openvas-cr-3.html
  Packagers: You do not need to consider
  the plugin factory installation files/dirs.

* Several .inc NASL files from older Nessus
  distributions added (the old versions were under
  GNU GPL while the new ones are not in OpenVAS
  because they switched to a proprietary license).

openvas-plugins 1.0.0 (2008-02-05)

First stable release with only minimal changes
compared to latest 0.9 version (except for extensive
updates on NASL scripts).
Almost no problems or any sort of issues have been
reported for over two months now.
This release is done basically
to reach the mentally important version 1.0,
there is no technical need to replace openvas-plugins
for a running installation in case the OpenVAS NVT
feed is used to retrieve new NASL scripts (NVTs).


Notes for upgrading from previous versions:

The old NVT files debian_DSA* are not automatically removed
from your installation during synchronization with the feed
and neither with installing this new release.

They do no other harm than doubling the number of alerts during
a scan. Simply remove the files from your installation
(located by default in /usr/lib/openvas/plugins). In doubt,
please contact the OpenVAS developers mailing list.


Main changes are:

* Removed any old debian_DSA-*.nasl NVTs and replaced by new
  deb_*.nasl as provided by SecuritySpace. In contrast
  to the old set, the new one is complete and uptodate (DSA 1478).
* Some new generic NASL routines to support the Debian local
  security checks.
* Sync-routine for OpenVAS NVT Feed improved to be independent
  of the current working directory.
* Minor improvement of internal licensing auditing routine of
  the package files.


openvas-plugins 0.9.1 (2007-11-07)

Comprehensive cleanup and completion release: Cleanup Network Vulnerability
Tests (NVTs) regarding legal issues, add feed service
synchronization script and ensure the NVT group "Debian
Local Security Checks" works.

Main changes are:

* Added a fetch tool to retrieve updated NVTs from
  a feed server: "openvas-nvt-sync"
* Ensured that the group of Debian local security
  checks can execute (replaced any non-free component
  by a GPLed one).
* Updated Debian local security checks from
  nessus-plugins 2.2.10 (upto DSA 1320).
* Removed any .nasl and .inc script which is
  or might be non-free.
* Added NVTs to manage SLAD (Security Local Auditing).
* Internal audit shell script to test whether non-free
  scripts remain and which scripts to not execute
  anymore due to missing (because non-free) .inc files.
* Debian packaging files added.
* Extended package configuration routine to check for
  minimum versions of openvas-libraries and openvas-server.
* Minor fixes in Makefiles.

openvas-plugins 0.9.0 (2007-07-28)

The first initial release of openvas-plugins
after the fork from Nessus 2.2.x.

Main changes are:

* Many improvements to the plugins
* Some changes necessary in the frame migration from
  OpenSSL to GNU/TLS
* Many cleanups of ancient remains (still many to come)
* Lots of renaming to avoid conflicts with parallel
  Nessus installation
