Группа :: Other
Пакет: cve-manager
навигация по пакетам
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
23 мая 2019 Alexey Appolonov <alexey at altlinux.org> 0.22.1-alt1
- Fix of couple flaws of the mapping process.
- Multithreading is arranged in a more optimal way;
- 'Complete' matching is not performed for a packages that got one of the
special prefixes ('python-module', 'perl', ...); - Enhanced algorithm of the 'partial' matching;
- Package names that differ only by numerical part at the end
(so called 'relatives') is handled more wisely during mapping; - Issues that differ only in additional part of CPE is ignored;
- cve-monitor is using only senior branches (that must be specified
in the conf) in 'cure' suggestions, 'cure' suggestions is optional; - cve-monitor is placing too long lists of vulnerable versions in footnotes
of the reports.
- Compatibility with MySQL 8.*;
- Modifyed mapping process - src/bin lists of all the branches are combined
as src_united/bin_united and then processed in that combined form; - Much more intelligent approach to parallel execution of the modules,
especially two most time consuming modules - cpe-map and cve-issues; - Improved feedback in multiprocessing mode;
- 'CURE' suggestions in cve-monitor's reports.
- Use of all existing names from vulnerabilities lists instead of names
from CPE dict for mapping; - Completely redesigned mapping module: every type of mapping can be triggered
individually, results for every type of mapping are stored in the DB,
special algorithm is used for making the final mapping choice - all this
allows to created separate thread for each type of matching in auto mode; - Ability to detect and go round format faults of the packages lists;
- Consideration of excluded data sources by cve-download and cve-monitor;
- Fully implemented restoring functionality of cve-backup;
- Ability to set the number of stored backup files;
- Fixed params handling of cve-monitor;
- Output functionality is adapted for situation when modules are triggered
by cron.
- Ability to run in multiprocessing mode;
- Ability to exclude data sources;
- Modified user interface of the cve-monitor;
- Showing CVSS score in cve-monitor reports;
- Ability to order monitoring results in various ways;
- Ability to group packages with unfixed vulnerabilities in cve-monitor reports;
- All printing operations carried by Printer class, which not only makes life
easier but brings cool features like buffering the input for later mailout; - Ability to run in 'silent' mode;
- Ability to send emails with cve-monitor reports.
- Rebuilding with new libcontrol++.
- Correction of branch names validation.
- Names of avalible branches are section names of the conf;
- Each branch now have a set of params;
- Renaming 'paths' section of the conf to 'common';
- Skipping repetition of branch sections in conf;
- There is no cve-import's "--space" param anymore;
- Russian manual.
- Running downloader without 'noreplace' flag in auto mode;
- Fix of the 'cve-monitor --map' command;
- Printing with TPrinter of the libcontrol++.
- Prescribed mapping;
- Detecting 'relative' packages at the import stage
and using information about them as mapping attribute; - Handling FSTEC vulnerabilities within current cve-issues concept;
- cve-monitor is working OK within current cve-issues concept;
- Revised comparison of versions that happens at the issues-detection stage;
- Revised packages-filtering function;
- Removing duplicates of src packages names at import stage
and corresponding bin-packages names, not vice versa; - Not importing CPEs of 'hardware' part;
- Not importing Mitre list by default;
- Common bin package for conf file & common py module;
- Own config file for cve-monitor.
- Versions of vulnerable programs are now taken into account when figuring out
the 'fix' entries of *_issues table; - Ability to compare 'fix' entries of different branches;
- c7.1 and c8.1 branches are avalible for cve-manager;
- Fix of monitoring of the selected packages;
- Only members of the 'cve' group can run modules that modify
the vulnerabilities DB.
- Proper output when running with 'tee' in auto mode;
- Correction in mapping algorithm, including 1) check if there are some
CPE/FSTEC names left to map, 2) additional break condition of the mapping
loop, so there could be no infinite loop, 3) fix of the wrong behavior
emerging for a names that differ only by number at the end, 4) avoidance of
complete match for the duplicates, 5) fix of the RemoveMapDups function; - Ability to disable bin partial match;
- Filtering the package lists with distro list;
- Fix of the import of the last NVD CVE list;
- Working realisation of the 'packs' option of the cve-import;
- No more verbose output option in cve-import;
- cve-import's UI now looks more like UI of the py-modules;
- Introducing refs and const modifier wherever possible for the cve-import.
- Aligning columns for the output of existing issues;
- Ability to omit the download of the old lists;
- Fixing the 'Fixes' entries matching in cve-issues.
- Handling the situation when the DB does not exist (by all modules).
- Ability to choose mapping type (FSTEC or CPE by now);
- Reducing bin packages dict before mapping if '--packages' option is used
(similar to src list reduction).
- Correction of the cve-fixes module;
- Checking DB-users grp existence before creating it at the postinstall stage.
- Fix of the 'plain' output mode.
- Ability to state beginning and ending steps for auto mode;
- Ability to state custom '/space' path;
- Ability to retrieve 'Fixes' entries for the given packages names;
- NVD CVE lists import fix;
- cpe-map infinite loop fix that was possible with some input data;
- Improved logic for the cve-monitor's user interface.
- Correction of params for cve-issues in auto mode.
- Ability to set starting step for auto mode in main module;
- Usage examples for cve-download;
- Arguments handling fix in cve-issues;
- Only root can modify cve-manager.conf.
- New module cve-backup;
- Ability to prepare database in auto mode.
- Full integration of the FSTEC vulnerabilities list;
- Bin packages matching fix;
- Ability to use custom mapping application;
- Memory leakage fix.
- New module cve-download.py
- "Fixes" entries now stored in *_src tables;
- Importing bin lists;
- Enhanced mapping algorithm;
- Unescaping URL codes from CPE in cve-import;
- More flexibility in cve-import tables recreation;
- Ability to disable entireline output in cve-import;
- Catching run modes with cve-manager-common.py;
- Using argparse in majority of modules;
- cve-fixes new features;
- Monitoring CVE issues table and monitoring CVE descriptions for the packages;
- Single path for CVE lists and CPE dict import that specified
in configuration file.
- Improved output format;
- CPE dict names import with sections separation;
- Fixed and improved mapping algorithm;
- Fixes-extraction parts completely removed from cve-import;
- Working version of cve-linker module under new name "cve-issues.py";
- New cve-monitor functionality;
- Various fixes and improvements in py-modules.
- New cve-manager-common.py features and improvements;
- New module cve-linker.py;
- New module cve-fixes.py;
- Fixes tables structure changed;
- Error handling correction when applying configuration for cve-import module.
- Taking CPE name from "name" attribute of the "cpe-item" tag,
not from "cpe-23:cpe23-item" tag; - CPE dictionary can be imported directly, without creating CSV file,
just like NVD XML can be; - New cve-manager-common.py functionality;
- Sending cpe-packages map to the database;
- Monitoring mapped packages.
- CPE dictionary import;
- New cve-manager-common.py module with common functions and classes
used by other cve-manager py-modules; - cve-monitor rewritten with the use of cve-manager-common.py;
- CPE mapper (cpe-map.py) first draft;
- Changes in cve-manager.py debug mode.
- New version of main module written in Python;
- New module "cve-monitor";
- Minor fixes.
- common* and conf* files was removed from the project because
they are included in dynamically linked libcontrol++.
- What previously known as "cve-manager" now became
"cve-import" module of the cve-manager toolkit
with "cve-manager" script as top level module.
- Fixing usage of branches flags from configuration file;
- Changes in display output for the operations status.
- Chmod of configuration file (only system administrator
should know MySQL DB password); - MySQL authentication bug fixed;
- Handling the situation when packages lists can not be found;
- Removing formed CSV file with NVD CVE list right after import to DB.
- Initial release.