openvas-server 2.0.3 (2009-08-19)

This is the third maintenance release of the openvas-server module for the
Open Vulnerability Assessment System (OpenVAS) 2.0-series.

It fixes an issues concerning concurrent windows local security
checks and improves support for OVAL definitions. This release
also adds the "mandatory keys" feature in order to allow better
performance, getting into effect with future NVTs.

Effects when installing this version:

* Dependencies: openvas-server 2.0.3 requires openvas-libraries 2.0.4 and
  openvas-libnasl 2.0.2. You need to install these prior to openvas-server
  2.0.3. Please read about the effects for these two modules.

Main changes since 2.0.2:

* OVAL support has been improved.
* Support for mandatory keys in NVTs has been added in accordance with Change
  Request #39 (http://openvas.org/openvas-cr-39.html).

Bugfixes:

* Closed bug #779 (https://bugs.openvas.org/799).
  This solves serious issues that occurred when running 'parallel' checks
  against windows hosts.
* Closed a bug that prevented correct ovaldi execution in certain situations.
* Closed a bug that could lead to incorrect summary and copyright information
  of OVAL definition files.

Many thanks to everyone who has contributed to this release: Chandrashekhar
Basavanna, Thomas Reinke, Jan-Oliver Wagner, Michael Wiegand and Felix
Wolfsteller.


openvas-server 2.0.2 (2009-06-03)

This is the second maintenance release of the openvas-server module for the
Open Vulnerability Assessment System (OpenVAS) 2.0-series.

It fixes some issues discovered after the release of openvas-server
2.0.1 and introduces support for new features. Thanks to the continuing
audit of the code, a number of obsolete, unused and/or unnecessary functions
were identified and removed.

Effects when installing this version:

* The option "Silent dependencies" is now "off" by default. Previously it was
  set to "on", openvas-client >= 2.0.2 has already switched to "off" per
  default. Note that this may result in larger reports.

* Dependencies: openvas-server 2.0.2 requires openvas-libraries 2.0.2 and
  openvas-libnasl 2.0.1. You need to install these prior to openvas-server 2.0.2.

* The openvas-adduser script will no longer allow passwords in plaintext for new
  users. This means that the openvas-adduser script will refuse to add a new
  user if neither openssl nor md5sums is available.

Main changes since 2.0.1:

* OVAL support has been improved and now supports multiple definitions and
  results in one file.
* Support for per-host password based local checks has been added.
* Debian packaging files have been updated.
* Dependency searching has been improved to work better with subdirectories.
* openvas-server will now generate a warning if a NVT could not be cached.
* The openvas-adduser script will no longer create the now obsolete "plugins"
  directory in the user directory.


Many thanks to everyone who has contributed to this release: Vlatko Kosturjak,
Jan Wagner, Felix Wolfsteller and Michael Wiegand.


openvas-server 2.0.1 (2009-02-17)

This is the first maintenance release of the openvas-server module for the
Open Vulnerability Assessment System (OpenVAS) 2.0-series.

It fixes some issues discovered after the release of openvas-server
2.0.0 and introduces support for new features. Thanks to the continuing
audit of the code, a number of obsolete, unused and/or unnecessary functions
were identified and removed.

Effects when installing this version:

* Dependencies: openvas-server 2.0.1 requires openvas-libraries 2.0.1 and
openvas-libnasl 2.0.1. You need to install these prior to openvas-server 2.0.1.

* Cache files: Effects of openvas-libraries 2.0.1 are changes in the
cache file management. With 2.0.1 release of openvas-server it is
possible to specify a new location for the cache folder. If you will
use a new location, then the effects described for openvas-libraries
do not apply anymore (see also below regarding cache folder).

* New default port of the server: Please be aware that openvas-server
now listens on port 9390 by default since this port has recently been allocated
by IANA for the Openvas Transport Protocol (OTP). If you want to continue to
use the old port 1241, you have to specify the port you want openvasd to
listen on, for example by starting the server with "openvasd -p 1241".
If you don't specify this, it might happen that at next boot of your
system (or other restart of openvasd), the service is available
at a new port and you need to update the connection information
in your OpenVAS-Client.

Main changes since 2.0.0:

* Support for sub-directories in plugins_folder in accordance with
  Change Request #24 (http://www.openvas.org/openvas-cr-24.html).
* Established automated source code documentation. HTML-Version is available
  under http://www.openvas.org/src-doc/openvas-server/current/index.html
* Openvas-server now uses the IANA-assigned port 9390 for communication
  with the client.
* It is now possible to start openvas-server without root privileges. Note that
  a number of NVTs which rely on operations requiring root privileges (like
  packet forgery) will not work under these circumstances.
* The openvasd-config script now returns the values for sysconfdir, libdir and
  sbindir set at compile time.
* The new server preference "cache_folder" allows you to define the location
  of the cache ($plugins_folder/.desc in previous versions). The default value
  for this preference is /var/cache/openvas for new OpenVAS installations.
  Existing installations need to add cache_folder = /var/cache/openvas
  manually to openvasd.conf and make sure the directory exists.
* The new server preference "include_folders" allows you to specify
  search paths for the NASL include directive. This aids the use of
  subdirectories for plugins. The default value for this preference is
  $plugins_folder to be compatible with the old "flat" (all in one directory)
  structure.
* Initial support for per-target SSH credentials settings has been added. Please
  note that you will need a new client (>= 2.0.2) and a new ssh_authorization.nasl file to
  use this feature.
* Having a directory structure in $plugins_folder is now supported. openvasd
  will recurse through the subdirectories in $plugins_folder.

Note: The OpenVAS NVT feed will not use the new features for subdirectories and
include paths as long as the OpenVAS 1.0.x and OpenVAS 2.0.0 releases are
supported. An exception might be OVAL support.

Bugfixes:

* The usage of the gettext support tool in support scripts like openvas-adduser
  did expect gettext.sh to be in /usr/bin, which prevented the scripts from
  working correctly on systems where this was not the case. The gettext usage
  has been made more robust. (Solves: #860)
* During startup, openvasd will now show the correct total number of plugins
  and not count signatures and other files anymore.
* The obsolete user-specific cache (.desc in
  /var/lib/openvas/users/USER/plugins/) is not created anymore.

Many thanks to everyone who has contributed to this release: Tim Brown,
Stjepan Gros (for subdirs feature), Joey Schulze, Jan-Oliver Wagner,
Felix Wolfsteller and Michael Wiegand.


openvas-server 2.0.0 (2008-12-17)

This is the 2.0.0 release of OpenVAS.

If you have used the 2.0-beta1, -beta2 or -rc1 release, we recommend that you
update all your OpenVAS modules (openvas-libraries, openvas-libnasl,
openvas-server and openvas-client) to 2.0.0.

If you are currently using the 1.0.x branch and want to evaluate OpenVAS
2.0.0, we recommend that you install 2.0.0 separately from your OpenVAS 1.0
installation. Instructions on how to do this are available from the OpenVAS
website.

Main changes since 2.0-rc1:
* Debian packaging files have been updated.
* Obsolete code relating to the ENABLE_PLUGIN_SERVER has been removed.
* The build environment has been updated.

Main changes since 1.0.1:
* Support for the new script_tag command in NASL scripts has been added.
* 64-bit compatibility has been considerably improved.
* Support for transfering NVT signature information to the client has been added.
* Certificate checking has been improved.
* The obsolete openvas-check-signature tool has been removed.
* Support for plugin upload has been removed from OpenVAS-Server.
* Support for detached scans has been removed from OpenVAS-Server.
* Switch from Nessus Transfer Protocol 1.2 to OpenVAS Transfer Protocol (OTP) 1.0.
* Support for OVAL definitions has been added.
* Switch from Nessus plugin IDs to NVT OIDs.

Many thanks to everyone who has contributed to this release: Tim Brown, Javier
Fernandez-Sanguino, Stjepan Gros, Joey Schulze, Jan Wagner, Jan-Oliver Wagner,
Michael Wiegand and Felix Wolfsteller.


openvas-server 2.0-rc1 (2008-12-05)

This release is the first release candidate for the upcoming 2.0 release of OpenVAS.

Unless serious bugs are discovered, this release candidate will become the final
OpenVAS 2.0 release. Users are encouraged to test this release and to report
bugs to the OpenVAS bug tracker located at http://bugs.openvas.org/ .

If you have used the 2.0-beta2 release, we recommend that you update all your
OpenVAS modules (openvas-libraries, openvas-libnasl, openvas-server and
openvas-client) to 2.0-rc1.

If you are currently using the stable 1.0.x branch and want to take part in
testing this release candidate, we recommend that you install 2.0-rc1 separately
from your OpenVAS 1.0 installation. Instructions on how to do this are available
from the OpenVAS website.

Main changes since 2.0-beta2:
* Support for the new script_tag command in NASL scripts has been added.
* Code quality has been improved, a potential buffer overflow due to
  insufficient memory allocation has been fixed.
* Debian packaging files have been updated.
* Minor bugfixes.

Many thanks to everyone who has contributed to this release: Tim Brown, Joey
Schulze, Felix Wolfsteller and Michael Wiegand.


openvas-server 2.0-beta2 (2008-11-14)

This release is the second beta version of the upcoming 2.0 release of OpenVAS.
It contains improved 64-bit compatibility, improved OVAL support, support for
transferring NVT signature information to the client and various improvements.

This release is intended to contain all features intended for the final OpenVAS
2.0 release. Users are encouraged to test this release and to report bugs to the
OpenVAS bug tracker located at http://bugs.openvas.org/ .

If you have used the 2.0-beta1 release, we recommend that you update all your
OpenVAS modules (openvas-libraries, openvas-libnasl, openvas-server and
openvas-client) to 2.0-beta2.

If you are currently using the stable 1.0.x branch and want to take part in the
beta phase for 2.0, we recommend that you install 2.0-beta2 separately from your
OpenVAS 1.0 installation. Instructions on how to do this are available from the
OpenVAS website.

Main changes since 2.0-beta1:
* 64-bit compatibility has been considerably improved.
* Debian packaging files have been updated.
* Support for transfering NVT signature information to the client has been added.
* Certificate checking has been improved.
* OVAL support has been improved.
* The obsolete openvas-check-signature tool has been removed.
* Bugfixes.
* Various code cleanups.

Many thanks to everyone who has contributed to this release: Tim Brown, Stjepan
Gros, Michael Wiegand and Felix Wolfsteller.


openvas-server 2.0-beta1 (2008-09-25)

This release is a first beta version of the upcoming 2.0 release of OpenVAS.
It introduces support for the cleaned up and improved OpenVAS Transport Protocol
(OTP, replacing NTP), the new OpenVAS NVT OID scheme and support for the Open
Vulnerability and Assessment Language (OVAL).
The protocol cleanup also removed some features that were considered unsecure,
unneeded or wrongly placed.

OpenVAS 2.0 will introduce a full set of new modules for OpenVAS Server
(openvas-libraries, openvas-libnasl and openvas-server) and a new
OpenVAS-Client. The only  module OpenVAS 1.0 and OpenVAS 2.0 will  share is
openvas-plugins. This means that the OpenVAS NVT Feed is compatible with both
generations of OpenVAS.

However, in case you plan to try out the new generation of OpenVAS, you should
install it separately from OpenVAS 1.0 installation. Instructions on how to do
this will be added to the OpenVAS homepage after all relevant modules are
released as 2.0-beta1. A separate announcement will officially start the beta
testing phase for OpenVAS 2.0.

Main changes in this release (compared to release 1.0.1):

* Updated packaging files for Debian.
* Support for plugin upload has been removed from OpenVAS-Server.
* Support for detached scans has been removed from OpenVAS-Server.
* Switch from Nessus Transport Protocol 1.2 to OpenVAS Transport Protocol (OTP) 1.0.
* New command line parsing implementation for openvasd (internal change).
* Fix for memory management issues in plugin scheduler that resulted in aborted
  scan sessions under certain circumstances.
* Updated scripts for user management; this fixes issues with new users being
  unable to login under certain circumstances.
* Initial support for OVAL definitions.
* Updated documentation.
* Switch from Nessus plugin IDs to NVT OIDs (internal change, also applies for OTP)

Many thanks to everyone who has contributed to this release: Tim Brown, Javier
Fernandez-Sanguino, Jan Wagner, Jan-Oliver Wagner and Michael Wiegand

openvas-server 1.0.1 (2008-07-03)

This release contains new and improved packaging files for various distributions
as well as bug fixes and cleanups. It also adds syslog support to openvas-server
and contains a first draft for the upcoming OpenVAS Transport Protocol.

Please note that this version requires openvas-libraries 1.0.2 or newer and
openvas-libnasl 1.0.1 or newer.

Please be aware that the plugin upload feature has been disabled in
openvas-server due to security concerns as described in
http://www.openvas.org/openvas-cr-4.html . This functionality is now deprecated
and will be removed in future versions of openvas-server. If your existing
installation depends on this feature, we recommend that you do not update to 
1.0.1.

* Added syslog support to openvasd logging facility.
* Fixed memory leaks in plugin scheduler.
* Added and improved packaging files for Debian, OpenSUSE and Fedora.
* Changed version requirements for openvas-libraries from 0.9.2 to 1.0.2 due to
  API extension for OpenVAS OIDs.
* Changed version requirements for openvas-libnasl from 0.9.1 to 1.0.1 due to
  API extension for OpenVAS OIDs.
* Disabled plugin upload feature due to security concerns.
* Fixed possible buffer overflow in user authentication.
* Fixed a configuration issue that broke the build process on certain 64bit
  installations.
* Added a first draft of the specification for the upcoming OpenVAS Transport
  Protocol.
* Various code cleanups.

Many thanks to everyone who has contributed to this release: Bernhard Herzog,
Jan Wagner, Jan-Oliver Wagner, Michael Wiegand and others.

openvas-server 1.0.0 (2008-01-31)

First stable release with only minimal changes
compared to latest 0.9 version.
No problems or any sort of issues have been
reported for over two months now.
This release is done basically
to reach the mentally important version 1.0,
there is no technical need to replace openvas-server
for a running installation.

Main changes are:

* Minor cleanups in package files.
* openvasd does not do any (useless) version check
  for -libraries and -libnasl anymore.

openvas-server 0.9.2 (2007-11-07)

Legal and minor technical fixes release.

Main changes are:

* Fixed tool "openvas-config" to output correct version
  of OpenVAS server (openvasd)
* During  installation routine, now a "gnupg" directory
  is created where the other configuration files of
  OpenVAS are located. This is the place for feed certificates.
* Removed some non-free documents (README_SSL, doc/WARNING.En
  and doc/WARNING.Fr).

openvas-server 0.9.1 (2007-10-17)

Minor cleanup release.

Main changes are:

* Version checking for openvas-libaries and openvas-libnasl
  at package configure time.
* Some code cleanups.
* Internal code refactoring.

openvas-server 0.9.0 (2007-07-27)

The first initial release of openvas-server
after the fork from Nessus 2.2.x.

Main changes are:

* Removed the client from this package.
* Replace OpenSSL by GNU/TLS (therefore it is allowed now to distribute
  binary packages with SSL-support)
* SSL now mandatory.
* Many cleanups of ancient remains (still many to come)
* Removed various W32-specific elements, because W32 isn't
  a taget system anyway.
* Lots of renaming to avoid conflicts with parallel
  Nessus installation


Old Changes information from the Nessus times:

2.2.5 :

. changes by Renaud Deraison :

- Faster scan startup speed (at the expense of a slightly bigger memory usage)
- nessus-fetch now calls nessus-update-plugins upon registration
- Fixed the use of an uninitialized buffer in the shared socket code
- Fixed some uninitialized variables in nessus_tcp_scanner
- Fixed several null pointer dereferencement in libnasl
- New NASL function 'send_capture()'
- Rotate nessusd.messages on startup if the file is too big

. changes by Michel Arboi :

- nessus_tcp_scanner now tracks down more statistics about the remote ports 
  (filtered vs. closed)

. changes by Beirne Kornarksi : 

- Fixed bug#1224

2.2.4 :

. changes by Renaud Deraison :

- Fixed a bug in nessusd when killing slow plugins, which may result
  in a hang of the scan
- Fixed a bug in find_services.nes which would prevent it from exiting
  properly when receiving a SIGTERM message
- Fixed a bug in libnessus/network.c which may result in incompletes
  SSL reads
- Fixed proxy support in nessus-fetch
- Reduced CPU usage
- Brand new SMB API
- The nessus-fetch man page is now installed
- Updated os_fingerprint.nasl with all the newest signatures

. changes by Michel Arboi :

- More gentle nessus_tcp_scanner

2.2.3 :

. changes by Renaud Deraison :

- Added the 'silent dependencies' option (suggested by Nicolas Pouvesle)
- Added a new 'Credentials' Tab to put SSH and SMB credentials
- Removed some un-recommended options from the GUI (detached scan)
- Fixed a NULL-ptr dereferencement in libnasl

. changes by Michel Arboi :

- Call setrlimit() without any limits when calling popen()

. changes by Nicolas Pouvesle :

- Replaced the functions in libnasl/nasl/smb_crypt.* by crypt_func.nasl

2.2.2 :

. changes by Renaud Deraison :

- Fixed HTTPS-over-proxy in nessus-fetch
- Fixed a build issue on Solaris in nessus-fetch
- Fixed the detached scans

2.2.1 :

. changes by Renaud Deraison :

- Turn on buffering for every TCP sockets to reduce the number of system calls
(only HTTP-related sockets would have a buffered input)

- Fixed bug#1065 which would make nessusd do an endless stream of calls
to gethostbyname() when testing a non-existant host name 

- Fixed a bug in the TCP socket buffering which would cause 
read_stream_connection() to perform a short read under some circumstances

- Added nessus-fetch(1), a utility which retrieves plugins from
www.nessus.org.

- Rewrote nessus-update-plugins to use nessus-fetch instead
of wget/lynx/fetch/curl

- Fixed bug#1076 (support for bash 3.0)

. changes by Michel Arboi :

- New TCP port scanner (nessus_tcp_portscan.nes)
- Better Hydra integration through multiple nasl scripts

2.2.0 :

- Fixed a couple of memory leaks (thanks to Lance Uyehara)

2.2.0RC1 :

. changes by Renaud Deraison :

- Fixed a bug in the client which would not make it 'remember' the scanner selection
- Each plugin can have a bigger number of cross-references associated to it
- Starting nessusd displays the current status of the plugins beeing loaded

. changes by Boris Wolf :

- Increased the buffer size on the client side to receive bigger reports

2.1.3 :

. changes by Renaud Deraison :

- Shared sockets: NASL scripts can share a socket between each others, instead
  of re-establishing the connection
- New system calls in NASL - get_kb_fresh_item() and replace_kb_item()
- The SSH checks now use a shared socket instead of re-logging into the
  remote host 
- The plugin selection in the client GUI is much faster


2.1.2 :

. changes by Renaud Deraison :

- nessus-update-plugins makes sure that the plugin archive has been properly
signed before uncompressing it

. changes by Michel Arboi :

- fixed a memory leak in NASL2
- wrote nmap.nasl, snmpwalk_portscan.nasl and nikto.nasl to replace the
  equivalent .nes plugins
- fixed the pread() NASL function

. changes by Nicolas Pouvesle :

- Improved SSH compatibility with non-OpenSSH servers

2.1.1 :

. changes by Renaud Deraison :

- Scripts can be cryptographically signed. A signed script gets access to
more NASL functions

- Restricted the access to the nasl functions pem_to_rsa(), pem_to_dsa(), 
rsa_sign() and dsa_do_sign() to signed NASL scripts

- The nasl functions pread() and find_in_path() are accessible to
signed NASL scripts and allow the execution of local commands
 

2.1.0 :

. changes by Nicolas Pouvesle :

- SSH implementation in NASL

. changes by Renaud Deraison :

- Added support for local security checks on remote hosts, over SSH
  (support for FreeBSD, MacOS X, RHEL2.1 and RHEL3)

- Wrote a clean internal API to let Nessus communicate with its sons

- Re-wrote the KB API to use a hash table instead of a slow linked list and
to support KB items of arbitrary length


2.0.12 :

. changes by Renaud Deraison (deraison@cvs.nessus.org)

- Fixed a bug in ./configure which would sometimes assume that GTK is not 
installed whereas it actually is
- Fixed a race condition in nessus-adduser for users who do not configure
their TMPDIR variable (thanks to Cyrille Barthelemy)
- Fixed a bug in nessus-update-plugins which would not update the plugins 
properly on all systems
- Fixed the installer to compile Nessus with GTK support if gtk-config OR
pkg-config is installed.


2.0.11 : 

. changes by Renaud Deraison (deraison@cvs.nessus.org)

- Fixed Solaris portability issue introduced in 2.0.11
- Fixed a bug in the HTML with graphs output which would make it
  loop indefinitely
- Proper GTK+2.x support (GTK+ 1.2 is still supported)
- Fixed nessus-update-plugins for FreeBSD

2.0.10 : [maintenance release only]

. changes by Renaud Deraison (deraison@cvs.nessus.org)

- Fixed MacOS X portability issues
- Non-intrusive OS-fingerprinting (based on xprobe's techniques)
- DNS fingerprinting
- killall -1 nessusd does not restart the bpf server on BSD systems
- longer connect() timeout for TCP sockets
- Fixed hydra.nes

. changes by Michel Arboi (mikhail@nessus.org)

- WWW fingerprinting
- partially fixed hydra.nes

. changes by (galt@fiberpimp.net)

- IP addresses are now sorted in EVERY reports 

. changes by Laurent FACQ (facq@u-bordeaux.fr)

- Automagically rewrite banners to handle distributions which do
  backporting of security fixes (ie: Debian)


2.0.9 :

. changes by Renaud Deraison (deraison@cvs.nessus.org)

- The bpf sharing system now works fine on BSD systems, so Nessus
  now only requires one /dev/bpf to work correctly, no matter how many
  hosts are being tested

- Minor bug fixes

- A bug in tcp_ping() would make some probes have a source port set to 0


. changes by Michel Arboi (arboi@alussinan.org)

- Added functions in libnasl (join_multicast_group(), unixtime(), and
  more...)
- All SSL operations now use non-blocking sockets instead of the alarm()
  trick to handle timeouts

. Changes by Pavel Kankovky 

- Minimize the number of pixmaps that need to be created in the Nessus 
  client by re-using them

2.0.8 :

. changes by Renaud Deraison (deraison@cvs.nessus.org)

- Improved plugins dependencies
- Improved some plugins performances
- Better default values for nessusd.conf and .nessusrc
- Fixed insert_ip_options() which was broken

2.0.7 :

. changes by Renaud Deraison (deraison@cvs.nessus.org)

- Fixed bad performances issues when pinging dead hosts
- Fixed a bug which would prevent to store items larger than 2kb in the KB
- NFS and SMB file-related functions completed (open, read and cwd are
  implemented)
- Plugins support for Windows 2003
- Network IPs can now be evenly sliced instead of being scanned
  sequentially
- User-definable source-IP(s) for the checks (nessusd -S)
- Fixed a possible message corruption problem if a plugin was to send a too
  long message back to nessusd
- Fixed a possible plugin corruption problem when the client overwrites
  existing plugins
- Fixed various false positives and wording issues in several plugins

2.0.6 :

. changes by Renaud Deraison (deraison@cvs.nessus.org)

- Support for the keyword 'default' as a port range in nmap_wrapper.nes
- Fixed a zombie issue in nmap_wrapper.nes
- Fixed various issues which could allow a NASL script to crash the
  NASL interpretor
- Improved the process management in find_services.nes

2.0.5 :

. changes by Renaud Deraison (deraison@cvs.nessus.org)

- Fixed a rare race condition which may make the scan hang
- Fixed SMB related issues
- Entering "default" as the port range will make nessusd scan the ports
  listed in the Nessus services file.
- Even more sigs in find_services.nes

. changes by Julien Bordet (zejames@greyhats.org)

- Added over 3,000 signatures to smtpscan.nasl (thanks to the data
  provided by the Nessus team)



2.0.4 :

. changes by Renaud Deraison (deraison@cvs.nessus.org)

- fixed the SIGCHLD handler which would not work properly and leave zombies
  on the system

- fixed a race condition when testing a great number of hosts which would
  cause a testing process to slow down a whole audit or even hang it
  totally

- When a great number of host names is passed to nessusd as a target, they
  are resolved by chunks of 64 instead of trying to resolve everything then
  starting the test

- RedHat 9 support (in spite of their attempt to make their distro incompatible
  with everyone else)

. changes by Gabriel L. Somlo <somlo@acns.colostate.edu>

- The nessus can save the reports to stdout and read them from stdin




2.0.3 :

- fixed a compilation error which would prevent find_services from working
  properly

2.0.2 :


. changes by Michel Arboi (arboi@alussinan.org)

- NASL port of smtpscan (original Perl program by Julien Bordet)

- Nasty bug made loop stop prematurely on rare cases


. changes by Renaud Deraison (deraison@cvs.nessus.org)

- Re-wrote webmirror.nasl from scratch. The new version has a real parser 
  built-in and is much faster

- Added checks for older Microsoft Advisories

- SMB plugins now use NTMLv1 authentication, ie: they don't send passwords
  in clear text over the network any more

- Added new crypto functions, taken from samba, in libnasl/

- Repaired detached scans

- Fixed IP ranges notation (10.1.1-9.1-254 did not work any more)

- Minor bug fixes and enhancements : #234, #233, #230, #229, #228, #225, #222, 
  #220, #218, #217, #216, #215, #213, #212, #211, #207, #206, #205

- nessus-update-plugins properly calls chown under FreeBSD, no matter how
  many plugins there are 

- find_services.nes recognizes even more protocols

. changes by Xueyong Zhi <zhi@mail.eecis.udel.edu>

- Added NTLMv2 authentication

. changes by Frank Migge (frank.migge@oracle.com)

- nessus-mkcert-client creates the auth/rules file properly


2.0.1 :

. changes by Renaud Deraison (deraison@cvs.nessus.org)

- Minor bugfixes (bugs #180, #183, #185, #188, #189, #195, #197, #202, #203, #204)
- Fixed the "pink" graphical report issue
- Added http keep-alive support in the CGI related plugins
- Fixed a bug in the function get_kb_list() which would not always work
  properly
- Fixed an issue where in some situations, some HTTP services would not
  be tested for flaws if they have not been port-scanned first
- Added new signatures in find_services.nes

. changes by Stephen Friedl (steve@unixwiz.net)

- Fixed bugs and warnings in nessus-libraries


2.0.0 :

. changes by Michel Arboi (arboi@alussinan.org)

- NASL2 : Implement >!< "strings don't match" operator 
- NASL2 : fixed a vicious case of freed memory copy.

. changes by Renaud Deraison (deraison@cvs.nessus.org)
  
- Fixed a small bug in the plugin scheduler
- Ported to IRIX
- Several small bugfixes

. changes by Xueyong Zhi <zhi@mail.eecis.udel.edu>

- Added nmap_osfingerprint



1.3.4 :

. changes by Renaud Deraison (deraison@cvs.nessus.org)

- Re-written the process manager for the hosts
- Lots of bugfixes in the plugins text store manager
- New port scanner "synscan" which uses the RTT of the packets to do
  its job. 
- Fixed several small issues in nasl and nessusd (bug fixes, code cleanup)
- Added cryptographic hashing functions in NASL
- Added the function get_kb_list() which returns the content of a KB
  without forking the plugin
- Updated the manpages of nessusd and nasl

. changes by Michel Arboi (arboi@alussinan.org)

- Fixed scanner_get_port() when running in standalone mode
- Fixed possible uninitiliazed memory issues in libnasl
- Started to write the NASL2 reference guide (to be found in libnasl/doc/)



1.3.3 :

. changes by Michel Arboi (arboi@alussinan.org)

- Implement bit xor, logical & aithmetic right shift, power
- Fix operator precedence
- Added new NASL functions

. changes by Renaud Deraison (deraison@cvs.nessus.org)

- The plugin texts are not loaded in memory any more, thus reducing
  the consumption of the nessus daemon of two megs. This also speeds up
  the loading of nessusd.

- Fixed a bug in the plugins scheduler (if optimizations were enabled, 
  the scan would sometime hang)

- Added a new NASL function (int())

- Fixed strings substraction to handle null values properly

- find_services.nes runs in parallel mode, for improved speed

- new plugin (synscan) which should perform well against firewalled
  hosts (computes the RTT before the scan)

1.3.2 : 

. changes by Renaud Deraison (deraison@cvs.nessus.org)

- Added fixes so that nessus-core/nessusd/pluginscheduler.c compiles with
  the latest version of GCC

- Fixed a bug in nessus-libraries/libnessus/bpf_share.c : a timer would not
  be reset, causing plugins which call bpf_next() to sometimes crash

- Set the timer of bpf_share.c to a much lower value, thus making it work
  much better

- Improved tcp_ping()

- Fixed two bugs in the plugins scheduler :
	- If the option "enable dependencies at runtime" is set, 
	  it would enable ALL the plugins which are depended on, instead
	  of only those we use ;

	- In some cases, it may terminate too early, thus preventing a scan
	  from being complete

- DESTDIR support

1.3.1 :

. changes by Renaud Deraison (deraison@cvs.nessus.org)

- Rewrote the plugins scheduler (which determines the order in which
  the plugins are to be launched). The new one is much more efficient
  but as a result, it is not possible to accurately determine the
  order in which the plugins will be ran, so the 'plugin name' in
  the client is now totally bogus
  
- Fixed various issues with NASL scripts so that they work better
  with NASL2

- Fixed bugs relative to the creation of icmp and udp packets in nasl
  
- Fixed some fatal bugs in the bpf sharer

- NASL scripts do not read /dev/urandom any more, and use time() as a
  random seed instead. As a result, the loading and execution of nasl
  scripts if faster on systems where /dev/urandom can be blocking

- Fixed the tcp NIDS evasion techniques on BSD systems

- Full support for Bugtraq IDs 

- The HTML reports add links for URLs, and show the ID number of
  the plugin that issues the report.

- Speed up the calls to arg_get_value() by using a hash of the name
  being searched for.

- Changed the licence of NASL2 to the GPLv2 (with the consent of Michel Arboi)

. changes by Michel Arboi (arboi@alussinan.org)

- Better handling of the arrays in NASL2

. changes by Erik Anderson (eanders@carmichaelsecurity.com) 

- CVE and bugtraq cross references

. changes by Jay (jay@kinetic.org)

- Fixed multiple typos in the plugins

. changes by Javier Fernandez-Sanguino (jfernandez@germinus.com)

- Nessus now ships Hydra 2.2
- Fixed various compilation scritps (see bug#63)

1.3.0 :


. changes by Michel Arboi (arboi@alussinan.org)

- Use our own nessus-services file (re-generated at first start to include
  /etc/services and nmap-services)
- Added new families of plugins (ACT_KILL_HOST and ACT_END)
- Rewrote libnasl

. changes by Renaud Deraison (deraison@cvs.nessus.org)

- The 'cancel' button of several file selection dialogs is now working
- Optimized several plugins :
	- Web-related checks now use http_recv() instead of recv()
	- open_priv_sock_tcp() has a lower timeout
	- RPC related checks now use get_rpc_port(), a function equivalent
	  to libc's getrpcport() but with a much smaller timeout
	- Decreased the default value of checks_read_timeout from 15 to 5
- Fixed a bug in the plugin selection GUI which would not refresh
  the list of plugins of a given family properly (bug#3)
- Fixed memory leaks in NASL
- Fixed a bug in nessusd which would make it leak memory when receiving a SIGHUP
  (bug#10)
- Fixed a compatibility problem with Nmap 3.10ALPHA (bug#11)
- Nessus now accepts nmap's U: and T: notation for the port range (bug#5)
- Helped Michel Arboi to give the last touches to the new libnasl
  
. changes by Erik Anderson (eanders@pobox.com)

- Added CVE and BID links, added urls and removed dead links from the plugins

. changes by Michel Scheidell (scheidell@secnap.net)

- Improved several SMB-related checks

. changes by Rodolfo Baader (rbaader@activesec.biz)

- Quotes and apostrophes are properly escaped in the XML output report


1.2.6 :


. changes by Michael Slifcak (Michael.Slifcak@guardent.com)

- Added Bugtraq cross reference in the plugins
- Added support for BID in nessusd (this has yet to be done on the
  client side)

. changes by Axel Nennker (Axel.Nennker@t-systems.com)

- fixed the xml and html outputs
- fixed array issues in a couple of plugins

. changes by Michel Arboi (arboi@alussinan.org)

- find_service now detects services protected by TCP wrappers or ACL
- find_service detects gnuserv
- ptyexecvp() replaced by nessus_popen() (*)
  
. changes by Renaud Deraison (deraison@cvs.nessus.org)

- Fixed a bug which may make nasl interpret backquoted strings
  (\n and \r) received from the network (problem noted by Pavel Kankovsky)
- nmap_wrapper.nes calls _exit() instead of exit() (*)
- Solved the lack of bpf's on Free/Open/NetBSD and MacOSX by
  sharing _one_ among all the Nessus processes. As a result, Nessus's
  ping is much more effective on these platforms
- bugfix in plug_set_key() which would eventually make some scripts
  take too long when writing in the KB
- Plugins of family ACT_SETTINGS are run *after* plugins of family
  ACT_SCANNERS
- replaced the implementation of md5 which was used when OpenSSL is disabled
  by the one from RSA (the old one would not work on a big-endian host)
- Fixed plugins build issues on MacOS X
- The nessus client compiles and links against GTK+-2.0. Of course, it will
  be horrible and instable, as the GTK team does not care about backward
  compatibility


(*) These two modifications solve the problems of nmap hanging under FreeBSD
  
  
1.2.5 :

. changes by Michel Arboi (arboi@alussinan.org)

- find_service now displays unknown services that run on assigned ports
- read_stream_connection smarter (smaller timeout)
- find_service sometimes declared IDENT as "unknown"

. changes by Renaud Deraison (deraison@cvs.nessus.org)

- Fixed a deadlock that would prevent some plugins from completing
- Fixed a possible (although rare) corruption issue in the reports
  (the script IDs could under some circumstances be random)
- Fixed a potential segfault in the execution of nasl scripts

1.2.4 :

. changes by Renaud Deraison (deraison@cvs.nessus.org)

- Reverted back to autoconf 2.13. 
- Bug fix in nessus-core/nessusd/pluginlaunch.c - under some circumstances,
  data might have be lost in the reports
- Fixed a bug in several plugins for web checks (under some circumstances,
  a plugin would do N x N checks against the remote web servers (where
  N equals to the number of web servers running on the remote host)


1.2.3 :


. changes by Isaac Dawson (idawson@securitymanagementpartners.com)

- New html output layout.

. changes by Pasi Eronen (pasi.eronen@nixu.com)

- fix in nmap_wrapper

. changes by Renaud Deraison (deraison@cvs.nessus.org)

- Fixed a bug which could make, under some circumstances, make nessusd
  crash the host it is running on.
- If the option log_whole_attack is set to "no", then only the begining
  and the end of the attack is logged (and not the time each plugin takes)
- Improved no404.nasl to further reduce false positives
- Bug fix in nessusd - under some rare circumstances, report data could
  be lost (if many many plugins were enabled at the same time and were
  sending data at the same time).
- UDP packets are resent while we wait for a reply (avoids to loose packets
  en route)
- Fixed the option "auto_enable_dependencies" which would not always work
- Sending a SIGTERM to the nessus client during a command line scan
  forces it to save its result to the current test file
- Non-printables characters are not shown in the report any more


1.2.2 :

. changes by Renaud Deraison (deraison@cvs.nessus.org)

- In the GUI, while running a scan, plugins names are only updated once 
  in a while (saves CPU)
- Bugfix in the client : some host names would make the client crash 
- Repaired the '-P' switch in the client

1.2.1 :


. changes by Simon Law (sfllaw@engmail.uwaterloo.ca)

- Made a manpage for nessus-mkcert-client(1) and have it installed by
  the Makefile
- Revised most other manpages for missing information and to increase
  clarity


. changes by Renaud Deraison (deraison@cvs.nessus.org)

- Fixed the -i switch of nessus-update-plugins
- Fixed a bug in the server which would, in some circumstances, not make it 
  announce the proper order of the plugins being run
- More CVE cross references
- get_host_name() always return a FQDN
- User-configurable third party domain for SMTP relay checks
- Repaired hydra.nes
- Fixed MacOS X specific problems (dlcompat vs NSCreateObjectFileImageFromFile)
- Plugins dependencies appear in the GUI
- Fixed nessus-mkcert so that long email addresses are accepted
- Re-generated the 'configure' scripts with autconf 2.53

. changes by Michael Scheidell (scheidell@fdma.com)

- Added some bound checkings in some SMB plugins to reduce
  noise in nessusd.messages

. changes by Michel Arboi (arboi@alussinan.org)

- ping_host.nasl pings on multiple ports


1.1.15/1.2.0 :

. changes by Nicolas Dubee (ndubee@secway.com) :

- Better support for AF_UNIX sockets 


. changes by Brian (bmc@snort.org) :

- CVE references
- several bugfixes in the plugins

. changes by Peter Grndl (pgrundl@kpmg.dk) and
  Carsten Joergensen (carstenjoergensen@kpmg.dk) :
  
- Extensive review of the plugins and therefore numerous fixes

. changes by Axel Nennker (Axel.Nennker@t-systems.com)

- FD leak in save_kb.c fixed

. changes by Renaud Deraison (deraison at nessus.org)

- It is now possible to upload files to the server when using
  the command line client 

- lrand48() portability problems worked around

- fixed a bug in the report window that would make it crash
  randomly
  


  
1.1.14 :

. changes by Renaud Deraison (deraison at nessus.org)

- SMB fixes (thanks to Michael Scheidell)
- When the safe checks option is enabled, dangerous tests with no 
  alternate code (ie: plugins of type ACT_DESTRUCTIVE_ATTACK and
  ACT_DENIAL) are disabled
- Hosts can be designated by their MAC address of instead of their
  IP address (mostly useful for DHCP networks)
- Fixed a bug in the report generation which would replace newlines (\n)
  by semi-columns (;)
- Fixed a bug in the export of some types of reports, where open ports
  with no data associated would not be saved
- Integrated THC's Hydra as a Nessus plugin
- Added new NT security checks (related to user management)
- Plugins of type ACT_SETTINGS can not be disabled
- Fixed a bug which would make nessusd hang when a scanner was reporting
  too many open ports (as when a UDP scan reports all UDP ports as
  being open)

. changes by Dion Stempfley (dion at riptech.com)

- The client can now filter on category

. changes by Axel Nennker (Axel.Nennker@t-systems.com)

- Fixed some plugins causing error messages in some circumstances
  (dns_xfer.nasl, snmp_processes.nasl...)
- Stylish changes to prevent gcc -Wall from whining in some files
- XML NG output is now XML compliant
- Bug fixes


. changes by Jenni Scott (jenni.scott@guardent.com) and
  Michael Slifcak (michael.slifcak@guardent.com) :

- Improved the reporting of the plugins (better consistency, better
  wording)
1.1.13 :

. changes by Michel Arboi (arboi@alussinan.org)

- New family ACT_SETTINGS dedicated to plugins which just let the user
  enter some preferences

- Optional NIDS evasion techniques (url encoding, tcp slicing)

. changes by Renaud Deraison (deraison at nessus.org)

- Fixed a bug in the command line client which would make it ignore
  some preferences

- SMB checks can now log into a Windows domain

- NIDS evasion techniques (data injection, short ttl)

- Fixed a bug which would randomly stall the scan

1.1.12 :

. changes by Renaud Deraison (deraison at nessus.org)

- Workarounds on FreeBSD to prevent a kernel panic
  (thanks to Michael Scheidell and Stefan Esser)

- nessus can export reports as other file formats again



1.1.11 :

. changes by Renaud Deraison (deraison at nessus.org)

- Fixed a bug regarding the saving of reports from the GUI
- Improved the backend in many ways (speed-wise, content-wise)
- Changes in the protocol
- More messages are sent between the server and the client (timestamps,
  plugins version, ...)
- New .nbe file format, which looks like .nsr but has more information
  in it
- Plugins now have versions numbers.
- The user can upload his plugins to the nessusd server from the client
- It is now possible to upload files to the server (ie: nmap's results) in 
  command-line mode
- Fixed false positives in SNMP plugins when launched against a non-configured
  Solaris snmpd

. changes by Guillaume Valadon (guillaume at valadon.net)

- New XML output (the XML layout was defined by Lionel Cons [lionel.cons at cern.ch])

1.1.10 :

. changes by Renaud Deraison (deraison at nessus.org)

- Fixed a bug introduced in 1.1.9 which would sometimes prevent a user from 
  aborting an on-going test
- Fixed a bug in the client which would prevent the user from setting a port
  range longer than 255 chars
- Fixed bugs in pcap_next() (thanks to Richard van den Berg). Also, pcap_next()   is now more flexible.
- Fixed a bug in the command line client which would make it close the 
  communication too early when the client - server communication is not
  ciphered
- Added an "auto-load dependencies at runtime" option

1.1.9 :


. changes by Renaud Deraison (deraison at nessus.org)

- Fix in the GUI, when closing a saved report
- Fixed a bug in ftp_log_in() which would prevent nasl script from
  logging into some FTP servers 
- Solaris build problems fixed
- Darwin 1.4.1 build problems fixed
- MkLinux DR3 build problems fixed  (is anyone using it anymore ?)
- GTK 1.0.x build problems fixed (the use of GTK 1.2 is recommended though)
- Fixed the "wrong call to getopt" problem which would make Nessus
  segfault when built with cygwin, and which would prevent options
  from working under Solaris & FreeBSD (thanks to Udo Schweigert)
- SMB checks speedup (thanks to Georges Dagousset's suggestion)
- Fixed a bug in the client - server communication that would make the
  server close the communication when the client is idle
- Better support for AF_UNIX socket for client-server communication
  (compile nessus-core with ./configure --enable-unix-socket)
- Plugins are disabled by default in batch mode

. changes by Michel Arboi (arboi@alussinan.org)

- Client now properly checks the certificate of the server

. changes by Benoit Brodard (bbrodard at arkoon.net)

- fixed bugs in nasl/tcp.c (checksum, handling of unsigned int)


1.1.8 :

. changes by Renaud Deraison (deraison at nessus.org)

- Workaround for systems with a low number of bpfs (OpenBSD, Darwin)
- Added some length checks for SMB checks
- No more zombies
- Fixed accounts.nes
- Fixed the reporting of the client (reports would be mixed)
- Client removes tempfiles when exiting
- Repaired ptyexecvp() which would not work on Solaris
- Slight bugfix in the NASL interpretor

. changes by Georges Dagousset (georges at alert4web.com)

- More optimizations
- Properly reloads KBs with the same value defined more than once
- Fixes in some plugins dependencies

. changes by Michael Slifcak <Michael.Slifcak at guardent.com>

- More nmap options
- Quiet mode in nessus-adduser

1.1.7 :

. changes by Renaud Deraison (deraison at nessus.org)

- Compiles on platforms without OpenSSL
- Better Solaris support
- Ported under Darwin (many thanks to Dieter Fiebelkorn 
  (dieter at fiebelkorn.net) who actually started the port and helped
  me test this)
- Unscanned ports can now be considered as closed or open (instead of
  just open), at user choice
- Upgraded to libtool 1.4.2
- fixed a bug in the client which would make it display the wrong report
  when doing multiple scans
- enhanced the plugins filter (that appear when pressing 'l' in the GUI)
- fixed a serious problem in the SMB plugins which would prevent them to work
  against Samba and which would make them slow against Windows (pointed out
  by Georges Dagousset)

. changes by Iouri Pletnev (Iouri.Pletnec at xacta.com)

- Ported under Cygwin

. changes by Michel Arboi (arboi@alussinan.org)

- Added nessus-mkrand for hosts with no /dev/random AND no EGD
  running




1.1.6 :

. changes by Renaud Deraison (deraison at nessus.org)

- EGD support for OpenSSL (do ./configure --enable-egd=/path/to/egd/socket
  in nessus-libraries)
- KB items are now stored with individual dates instead of a global
  date for the whole KB file. Yes, this means you have to delete your
  old KB files
- When an host could not be pinged, his KB is not altered (nor created)
- fixed memory leaks in nessusd
- nessus-mkcert checks that the certificates were really created
  before congratulating the user 
- fixed a security problem where anybody with a shell on the nessusd
  host could log in


1.1.5 :

. changes by Georges Dagousset (georges.dagousset at alert4web.com) :

- new KB entries for further "optimizations"
- improved find_services.nes

. changes by Renaud Deraison (deraison at nessus.org) :

- cleaned up the KB
- added doc/kb_entries.txt
- bugfix in find_services regarding the pem password
- new reporting GUI
- fixed a problem which would leave some plugin run against a host
  considered as dead
- the KB are now stored with properly escaped \n and \r chars
- greatly improved tcp_ping.nasl (and tcp_ping() in libnasl)

. changes by Michel Arboi (arboi@alussinan.org) :

- replaced PEKS by OpenSSL in the client/server communication


. changes by H D Moore (hdm@secureaustin.com)

- fixed no404.nasl



1.1.4 :

. changes by Renaud Deraison (deraison at nessus.org) :

- fixed find_services.nes
- plugins that are slow to finish are _really_ killed by the server
- the client better handles the scan of big networks
- nmap_wrapper now updates its progress bar 
- nessus-update-plugins support proxies (with or without authentication)
- monitor_backend.c and data_mining.c allow any developer to plug
  a database behind the client (by default flatfiles are used)
- bug fixed in nmap_wrapper which would make it kill its parent
  process randomly
- minor fix in the tcp_ping() function of NASL (ack would be set
  to non-zero for a syn packet)
- fixed Alexis's ftp_write_dirs.nes & ftp_bounce_scan.nes

. changes by Michel Arboi (arboi@alussinan.org) :

- find_services accepts password-protected .pem files
- patches in the way files were transmitted between the client 
  and the server (which could end up in a deadlock)

. changes by Alexis de Bernis <alexisb at tpfh.org) :

- fixed ftp_write_dirs.nes

1.1.3 :

. changes by Renaud Deraison (deraison at nessus.org) :

- added the plugin 'torturecgis.nasl' which supplies bogus args to
  the remote CGIs, in order to find the most blantantly broken
  ones
- webmirror.nasl now retrieves the list of arguments of each
  CGI.
- added filter support in the client. Use the key 'l' to filter
  out plugins you don't want to see.
- added the 'safe checks' option which allow the user to not disturb
  the network (but which weakens the Nessus tests)
- disabled backward support for port 3001 - the official port
  is 1241 now.

1.1.2 :

. changes by Renaud Deraison (deraison at nessus.org) :

- added the plugin 'webmirror.nasl', which extracts the list of
  CGIs used by a remote web server (and will do much more).
- fixed a problem in NASL due to the SSL patch that would cause
  a fd leak with some plugins.
- added a new plugin category (ACT_DESTRUCTIVE_ATTACK) for plugins
  that may harm the remote host.
- SSL certificates & key can be imported
- corrected a bug introduced in 1.1.0 that would make the client not display
  the name of the plugin currently being run.
- sending signal SIGUSR1 to nessusd makes the grandfather process (the one
  who listens on tcp ports) die without killing its children, thus 
  allowing a smooth upgrade of nessusd
- updated config.guess and config.sub
  
1.1.1 :

. changes by Renaud Deraison (deraison at nessus.org) :

- fixed mem leaks in NASL
- fixed a bug introduced in 1.1.0 regarding recv_line()
- fixed a bug introduced in 1.1.0 in the process management of the plugins 
  (all the KB would not be filled, resulting in incomplete tests)
- smb_sid2user.nasl is twice as fast ;)

1.1.0 :

. changes by Devin Kowatch (devink at SDSC.EDU) :

- fixed communication problem between client and server
- user-defined timing policy in nmap
- nessus-update-plugins uses wget (or any user-supplied command at
  compilation time) if available.

. changes by Michel Arboi (arboi@alussinan.org) :

- support for the -T option of nmap
- SSL support

. changes by Zorgon (zorgon at antionline.org) :

- support for the --os_guess option of nmap


. changes by Renaud Deraison (deraison at nessus.org) :

- the user can upload files to plugins through the client (ie: it is possible
  to upload nmap's results directly to the nmap plugin)
- tests can be run in parallel now
- each user is now granted a home by nessus-adduser
- added nessus-rmuser
- per users plugins

1.0.7 :

. changes by Jordan Hrycaj (jordan at nessus.org) :

- added support for iana port 1241 while 3001 open at the
  same time, nin-compat mode (disabling 3001) as an experimantal
  configure option

- nessus-adduser allows to create local users with immediate
  key exchange (no passphrase procedure needed)

- nessusd allows to specify user logins with netmasks (as with
  the public key tags and passwords) in the nessusd.users file

- some options added to nessus, and nessusd

- you can force the compilation/installation of the getopt_long()
  function(s) by a configure option

. changes by Renaud Deraison (deraison at nessus.org) :

- http virtual hosts can now be tested

- user-modifiable per-plugin timeout

- detached scans can now be stopped from the client

- fixed issues in detached scan

- implemented plugins_reload() which loads new plugins in memory

- get_host_name() returns the name of host, as entered by the user
  (and not a resolve(ip(name_of_host)))

- added the function cgibin() in NASL, which returns the paths
  to use to get to the CGIs (default : /cgi-bin)

. changes by Loren Bandiera (lorenb at shelluser.net) :

- XML output improved



1.0.6 :

. changes by Renaud Deraison (deraison at nessus.org) :

- detached scans can send their result to a given email address (experimental,
 see http://www.nessus.org/doc/detached_scan.html)

- diff scan (experimental - see http://www.nessus.org/doc/diff_scan.html)

- probably fixed a bug which would prevent, under rare circumstances, a
  scan to finish

- NASL plugins can have no timeout

- minor change in the LaTeX report

- Support for Sun Workshop 5 compiler

- IRIX 6.2 support

- HP/UX 10.20 support

- Fixed a problem in report saving (saving as HTML would produce an XML
  file) - thanks to Scott Nichols (Scott.Nichols at globalintegrity.com)


. changes by Jordan Hrycaj (jordan@mjh.teddy-net.com)

- Fixed a problem in the random number generator

1.0.5 :

. changes by Loren Bandiera (lorenb at shelluser.net) :

- XML output in the Nessus client. 

. changes by Renaud Deraison (deraison at nessus.org) :

- added experimental KB saving, to prevent the audit to restart
  from scratch between two tests. See http://www.nessus.org/doc/kb_saving.html
  for details

- added experimental detached scans. 
  See http://www.nessus.org/doc/detached_scan.html for details

- bug in the test of DoS attacks fixed (thanks to Christophe Grenier,
  (Christophe.Grenier at esiea.fr))

- minor changes in nessus-adduser

- scripts that open a UDP socket read the result of a UDP scan first

- when it receives a SIGHUP, nessusd first frees memory. It also closes
  and re-opens the nessusd.messages file

- the plugin timeout is now user definable, in nessusd.conf

- 64 bit compatible (nessusd would produce warnings when running
  on some 64 bit architectures). Thanks to the SuSE (http://www.suse.de) team
  for having given me access to an IA-64 to compile and try Nessus.

- libnasl : better error reporting, minor bugs fixed


. Changes by Jordan Hrycaj (jordan at mjh.teddy-net.com) 

- faster cipher layer


. changes by Cyril Leclerc (cleclerc at boreal-com.fr)

- a GTK error would sometime be produced when the client is run in
  batch mode (Cyril Leclerc (cleclerc at boreal-com.fr))

1.0.4 :

. changes by Christoph Puppe (pluto at defcom-sec.com) :

- added "Sort by Port" to the report window. Saving of this is not finished.

- arglist_insert sorts first by holes, then by warnings, then by
  notes. Previous version only sorted by holes.

. changes by Renaud Deraison (renaud at nessus.org) :

- ftp related checks : the user can now supply a login/password
  for the ftp checks, and relies on the ftp banner if nessusd can't
  log into the ftp server (requested by Jens.Oeser at connector.de).

- libnessus : ftp_log_in() would sometime fail against some ftp
  servers

- better handling of large reports

- tests are saved on the server side and can be restored. Note that
  this is experimental and disabled by default. Do 
  ./configure --enable-save-sessions to enable this experimental
  feature, and read doc/session_saving.txt for details.

- better handling of targets with multiple web servers running

- continue to launch the DoS if the state of the remote host can not
  be determined

- fixed a bug in smb_login_as_users.nasl, and improved
  smb_accessible_shares.nasl

- added checks for unpassworded MySQLs and PostgreSQL databases

- nessusd uses less memory

. changes by Pavel Kankovsky (peak at argo.troja.mff.cuni.cz) :

- fixed a possible deadlock in the nessusd internal communication

- fixed a problem in the client that would make it crash if it received
  a malformed message from the server

- the client would not detect the death of the server when run in batch mode

- possible header confusion (with regex.h) fixed

- possible signal deadlock when exiting fixed
  
. Other changes :

- fixed a problem in the function is_cgi_installed() that may sometime
  not work against odd clients (Thomas Reinke (reinke at e-softinc.com))

- fixed a bug in snmp_default_communities.nasl (Lionel Cons (lionel.cons at cern.ch))
  
- fixed showmount.nasl (Paul Ewing Jr. (ewing at ima.umn.edu))

- typo in showmount.nasl would prevent it to work over udp (ctor at krixor.xy.org)


1.0.3 :

. changes by Renaud Deraison (renaud at nessus.org) :

- fixed various small problems in various plugins
- fixed a nasty bug in libnasl that would prevent raw packets from being
  read
- compiles under Solaris
- possible segfault in the client fixed


1.0.2 :

. changes by Christoph Puppe (christoph.puppe at defcom-sec.com) :

- Unified the naming of Vulnerability, Warning, Note in ASCII and HTML.

- latex_report_category seems like an oversimplification to me. What
  if we have a large network with lots of small holes, is this saver
  than a network with only one big? I've made a try on weighted
  rules. Hosts with holes get elevated to *10, warnings to *5 and
  notes stay where they are.

- added Level Note, it has it's own dot and is meant to be used for
  notes and notifications. The tex file is updated.

- changed smalies in various functions, to be easier to read, faster
  or more generic.

- plugins: finger.nasl was buggy

. changes by Renaud Deraison (renaud at nessus.org) : 
 
- possible hang at report time fixed in the client

- fixed a bug in the way the command-line client handles the plugins
  preferences

- fixed a problem in the detection of the servers that do not reply
  with a 404 error code when request an inexistant page

- fixed various compilations errors occuring on various
  platforms

- libnasl : fixed a bug that would occur in standalone mode

- nessus-libraries : takes the presence of the shared libraries
  of the system into account
  
- SMB and DCE/RPC over SMB issues :

   . smb_login.nasl : fixed an error (would always want
     to access IPC$ to declare that a login is valid)  

   . netbios_name_get.nasl : fixed an error which would
     prevent the SMB tests to work against Windows 2000

   . smb_dom2sid.nasl : LsarQueryInfoPolicy() now obtains the
     host sid, rather than the sid of the domain, so that local accounts
     are shown and tested (instead of the domain accounts only)

   . smb_enum_services.nasl : Lists the services that are running
     on the remote host

- new security checks added


. changes by Jordan Hrycaj (jordan at nessus.org) : 

- libpeks now uses the libgmp that comes with the operating system 
  if any, and does the same for libz
  
- fixed a bug that would prevent the client from working properly
  under OpenBSD
  
1.0.1 :

- nessusd : if the --enable-tcpwrappers flag is given to 
  ./configure, then nessusd is compiled with tcpwrappers support

- nessus : Pies and charts under Win32 too

- nessus : fixed errors when generating pies and charts which would
  cause horrible graphics (thanks to John Q. Public (tpublic at dimensional.com)
  for pointing this out)    

- nasl : memory leaks fixed, performance improved, bug in 
  forge_tcp_packet() fixed

- nessus-update-plugins : somehow improved

- plugins : more SMB checks, rewritten showmount in nasl, tons of new security
  checks (for a total of 435, whatever that means)

- plugins : fixed snmp_default_communities which was bugged. Thanks to
  W. Mark Herrick, Jr. (markh at va.rr.com) for pointing this out.

- gmp 3.0 is used by libpeks (vs 2.0.2)  

1.0.0 :

- nessus : fixed problems with the "spiffy" HTML export

- nasl : fixed various minor issues

- nasl : added the function ereg_replace()

- libhosts_gatherer : fixed a problem in the reverse lookups issues

- plugins : nearly 20 new security checks (including SMB checks)

- hinting to NESSUSHOME if ~/.nessusrc is not available (jh)

1.0.0pre3 :

- added the utility nessus-update-plugins(8). See the man
  page for security notes

- nessus : HTML reports now include links to the CVE entries

- nessus-adduser / libpeks : it is now possible to declare 
  from which host a user can connect to nessusd 
  
- plugins : better behavior of the CGI tests against hosts
  which do not issue 404 error codes

- security : nessusd.users would sometime be in mode 0644 (due
  to nessus-adduser), accounts.nes would let nessusd users read
  arbitrary files on the system

- nessusd : sends an error to the client when it attempts to scan
  a host it's not allowed to (suggested by Hermann Himmelbauer 
  <dusty@violin-kan.dyndns.org>)

- nessusd and nessus : error at loading time when the peks library was
  compiled with a special ./configure flag (thanks to 
  Bradley M Alexander <storm@tux.org>)

- nessusd and nessus : can be compiled with the --disable-cipher flags

- plugins : ftp_overflow.nasl : fixed a false positive pointed out
  by Jean-Paul Le Fevre <J-P.LeFevre@cea.fr>

- plugins : a dozen of new plugins have been added (piranha, uw imap
  overflow, Ken!, htimage.exe, lcdproc overflow, real server DoS, and 
  more...)

- nasl : added open_priv_sock_{udp,tcp} to open a socket with a priviledged
  port

  
1.0.0pre2 :


- nessusd : stop the current plugin when the user hits 'stop'

- nessusd : the rules now accept the keyword 'client_ip'  (suggested
  by  Hermann Himmelbauer <dusty@violin-kan.dyndns.org>)  

- nessusd : logs the name of the plugins that are loaded (suggested 
  by Matthias Andree <ma@dt.e-technik.uni-dortmund.de>)  
- nessus : the 'reverse lookup' option now works

- nessus : typo would prevent to compile nessus with gtk 1.0 (thanks to
  mike <michael.seeger@mchh.siemens.de> for pointing this out)

- nessus : changed the .nsr file format to something more easily parseable
  which contains the ID of the plugins which generate security warnings
  or holes

- nessus : error dialog makes more sense when nessusd is killed in the middle
  of a test (pointed out by Matthias Andree <ma@dt.e-technik.uni-dortmund.de>)

- nessus : fixed a segmentation fault that could occur during the login
  (Stefan Rapp s.rapp@hrz.uni-dortmund.de)

- nessus : the user now has the ability to select all the plugins
  except the dangerous ones

- nessus : fixed the busy waiting loop in the password dialog. For real
  this time. Thanks to Matthias Andree <ma@dt.e-technik.uni-dortmund.de>
  for pointing this out again.

- nessus : other cosmetics things have been fixed

- nasl : now supports user-defined functions (see the documentation
  for more details)  

- plugins : ssh_insertion.nasl : fixed a typo which would cause the plugin
  to yell when the user was using OpenSSH 1.2.2 (which is immune to this
  problem). Thanks to R. Pickett <emerson@hayseed.net> for pointing this out

- plugins : lot of new security checks (thanks to  Roelof Temmingh
    <roelof@sensepost.com> for pointing out some missing IIS checks)

- all : version check at startup, as suggested by Scott Adkins <sadkins@voyager2.cns.ohiou.edu>


1.0.0pre1 :

- nessus-adduser : utility to add easily a nessusd user

- nessus : remembers the username

- nessus : warns the user that the host key has been saved

- nessus : fixed a busy waiting in the passphrase requester (thanks to
  Matthias Andree <ma@dt.e-technik.uni-dortmund.de> for pointing
  this out)

- nessus : fixed a segmentation fault that would occur when
  the user close the test window during a test

- nessus : saves the preferences of each plugin

- nessusd : fixed a problem in the rules which ended up being
  too restrictive

- nessusd : killall -1 nessusd now works  

- plugins : nmap_wrapper.nes : compatible with the new output of nmap

- traditional netmasks (255.255.255.0) are now accepted

- will not scan broadcast addresses (ie: 192.168.1.1/255.255.255.0 will scan 
  from 192.168.1.1 to 192.168.1.254)  


- Compatible with FreeBSD 4

0.99.10 :

- nessus : polished the GUI

- nessus : GTK 1.0 compatible (Eduardo Urrea <eduardou@hispasecurity.com>)

- nessusd : fixed a problem which could make the client see what was
  happening a few seconds later the event happened. (this was occuring
  when doing few tests against a great number of hosts)    

- nessusd.conf goes back to ${sysconfdir}/nessus/ (and not
  ${sysconfdir}/)

- nessusd CPU usage : dropped from 100% to much fewer [thanks to
  Ryan Mooney <ryanm@mhpcc.edu> who pointed this out]

- nessus and nessusd : the target file may have an unlimited size
  (it was cut down to 2047 bytes in the past) [many thanks to 
  Boris Wesslowski <Boris.Wesslowski@RUS.Uni-Stuttgart.DE> for pointing
  this out]

- nasl : fixed a bug in recv() which would make nasl crash when reading data
  from a non-socket

- nasl : close the sockets opened by a script in nasl_exit()

- nasl : fixed a bug in egrep()  

- nasl : init_telnet() behaves well against a tcp-wrapped telnet  

- plugins : nmap_wrapper : ability to use nmap's ping.
  
0.99.9 :


- nasl : added support for \xNN translation (Sebastian Andersson <sa@hogia.net>)

- nasl : cleaner compilation process

- nessusd : removed warnings during compilation

- nessusd : fixed a possible segmentation fault / logfile corruption that could
  occur when the user was manually stopping a test

- nessusd : fixed typos that would prevent the compilation without the cipher
  layer

- libnessus : timeout in recv_line()

- nessus : fixed a dumb segmentation fault in the client when all the plugins
  are activated

- nessus :  disable all / enable all buttons

- nessus : nicer xpms for error and warnings dialogs 

- nessus : fixed a bug that could make the client crash during plugin 
  selection

- plugins : read_accounts : fixed a problem that would disable  this plugin

- plugins : read_accounts : better handling of BSD telnet

- plugins : queso : fixed a problem which would disable this plugin

- plugins : stacheldraht : fixed a typo

- plugins : added acc.nasl, netscape_wp_bug.nasl 

- added nasl_version() and nessuslib_version(), as suggested
  by Scott Adkins <sadkins@voyager2.cns.ohiou.edu>

- nessus-core : better support for sysconfdir Keith Amidon  (camalot@picnicpark.org)


0.99.8 :

- OpenBSD portability

- HP/UX shl_* support

- re-attributed the plugins category, thanks to the lists made by
  Jeff Odegard <jeff@digitaldefense.net> who divided the plugins
  into three categories : begnign, intrusive and potentially destructive

- the client disable all the potentially destructive plugins if they
  are not in ~/.nessusrc, and puts a warning sign in front of them

- plugins have been attributed a unique ID

- plugins are CVE compatible

- NASL now supports regular expressions through the ereg() function. The
  syntax of the regexps is egrep-style, that I personnaly like.

- several bugfixes

- several new plugins

- 'nasl' is a standalone NASL interpretor that can be used to debug 
  Nessus scripts and/or write independants ones.

- the nasl guide has been updated and comes with libnasl/  

0.99.7 :

- fixed a 'file descriptor bomb' which would prevent nessusd to test
  big networks

- fixed a problem in nessusd which would make it slow down then crawl when
  it was testing big networks

0.99.6 :

- many segmentation faults corrected

- fixed a problem in the client <-> server communication which would make
  the server "forget" to send some data to the client

0.99.5 :

- New HTML export with pies and graphs

- Handles the HTTP redirects (thanks to  
  Andreas J. Koenig <andreas.koenig@anima.de> for requesting it)

- behaves well when the same service is detected more than once on the target
  side. Ie: if the target is running 2 web servers, then all the security checks
  will be performed on both

- Nicer client GUI

- Communication between the client and the server's children done in a
  cleaner way
- Corrected a bug in the client that would prevent it to work
  when not compiled with the cipher layer
  
- Added a inetd friendly option

- The quiet mode of the client will produce HTML, LaTeX, text or 
  .nsr files regarding the file suffix given as argument
  
- ASCII text output

- report can be saved to stdout

- kept-alive connection between the client and the server (no need to
  log in again between two tests)  

0.99.4 :

- Speedup

- Several segmentation faults fixed

- The user can now select the timeout value of the security checks read()
  function

- The client can specify an alternate configuration file

- Client : fixed problems regarding when to use the GUI

Previous versions :

- Corrected a problem regarding the list of checks selected by the user

- ${prefix}/var/nessus is created

- Corrected a typo in the code that would generate the preferences
  file

- Changed the behaviour of the nessus client, when it is started in the
  background and a pass phrase is wanted as input.  If available,
  the client terminates while complaining to the stderr.

- Added long options to the nessus client; as a side effect, the command
  line version works under windows, too

- OpenBSD portability issues

- Fixed the process tracker on cipher layer to meet the io thread
  table overflow

- Updated the process mgmnt, provided a general pty interface for
  subprocesses like nmap

- Reduced memory consumption by 50%

- Nessus can now use nmap(1). Thanks to Phil Brutsche <pbrutsch@creighton.edu>
  who helped me to figure out how to do this.

- Configuration files now installed in ${prefix}/etc/nessus/

- Man pages for nasl-config, nessus-config, nessus-build, as well
  as patches to problems that may occur during the installation
  by Josip Rodin <joy@cibalia.gkvk.hr>
  
- More efficient way to determine whether a DoS was successful or not.  
  Thanks to Michel Arboi <arboi@alussinan.org> for the suggestion
  (does not work well yet)

- The communication errors : 'out of threads already' and 'no cookie
  for received packets' have been fixed.

- All the newest security tests  
