From 31c76e0d605b171c4a5e5bf737ac7ff697453452 Mon Sep 17 00:00:00 2001
From: Timo Pollmeier <timo.pollmeier@greenbone.net>
Date: Tue, 22 Aug 2023 11:02:14 +0200
Subject: [PATCH 1/5] Add: New cleanup-tls-certificate-encoding optimize option

The --optimize command line parameter now has the option
"cleanup-tls-certificate-encoding", which cleans up TLS certificates
where the subject or issuer DN is not valid UTF-8.

This can be used to fix old database where certificates with invalid
DNs were imported before escaping was added.
---
 INSTALL.md                        |  5 ++++
 doc/gvmd.8                        |  2 +-
 doc/gvmd.8.xml                    |  4 +--
 doc/gvmd.html                     |  4 +--
 src/gvmd.c                        |  3 +-
 src/manage_sql.c                  | 16 +++++++++++
 src/manage_sql_tls_certificates.c | 46 +++++++++++++++++++++++++++++++
 src/manage_sql_tls_certificates.h |  3 ++
 8 files changed, 77 insertions(+), 6 deletions(-)

diff --git a/INSTALL.md b/INSTALL.md
index 393491040..455a2a4cf 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -437,6 +437,11 @@ supported values for `<name>` are:
   This cleans up id sequences that are likely to run out due to regular feed
   updates like the ids for config preferences.
 
+- `cleanup-tls-certificate-encoding`
+
+  This cleans up TLS certificates where the subject or issuer DN is not
+  valid UTF-8.
+
 - `migrate-relay-sensors`
 
   If relays are active, this can be used to make sure all sensor type
diff --git a/doc/gvmd.8 b/doc/gvmd.8
index a9c0794bc..7ee10b1b4 100644
--- a/doc/gvmd.8
+++ b/doc/gvmd.8
@@ -137,7 +137,7 @@ Modify user's password and exit.
 Modify user's password and exit.
 .TP
 \fB--optimize=\fINAME\fB\f1
-Run an optimization: vacuum, add-feed-permissions, analyze, cleanup-config-prefs, cleanup-feed-permissions, cleanup-port-names, cleanup-report-formats, cleanup-result-nvts, cleanup-result-severities, cleanup-schedule-times, cleanup-sequences, migrate-relay-sensors, rebuild-report-cache or update-report-cache.
+Run an optimization: vacuum, add-feed-permissions, analyze, cleanup-config-prefs, cleanup-feed-permissions, cleanup-port-names, cleanup-report-formats, cleanup-result-nvts, cleanup-result-severities, cleanup-schedule-times, cleanup-sequences, cleanup-tls-certificate-encoding, migrate-relay-sensors, rebuild-report-cache or update-report-cache.
 .TP
 \fB--osp-vt-update=\fISCANNER-SOCKET\fB\f1
 Unix socket for OSP NVT update. Defaults to the path of the 'OpenVAS Default' scanner if it is an absolute path.
diff --git a/doc/gvmd.8.xml b/doc/gvmd.8.xml
index ab873160d..fc27b39c9 100644
--- a/doc/gvmd.8.xml
+++ b/doc/gvmd.8.xml
@@ -324,8 +324,8 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
            cleanup-config-prefs, cleanup-feed-permissions,
            cleanup-port-names, cleanup-report-formats, cleanup-result-nvts,
            cleanup-result-severities, cleanup-schedule-times, cleanup-sequences,
-           migrate-relay-sensors, rebuild-report-cache
-           or update-report-cache.</p>
+           cleanup-tls-certificate-encoding, migrate-relay-sensors,
+           rebuild-report-cache or update-report-cache.</p>
       </optdesc>
     </option>
     <option>
diff --git a/doc/gvmd.html b/doc/gvmd.html
index 6eda9e925..f708bbcc6 100644
--- a/doc/gvmd.html
+++ b/doc/gvmd.html
@@ -278,8 +278,8 @@ <h2>Options</h2>
            cleanup-config-prefs, cleanup-feed-permissions,
            cleanup-port-names, cleanup-report-formats, cleanup-result-nvts,
            cleanup-result-severities, cleanup-schedule-times, cleanup-sequences,
-           migrate-relay-sensors, rebuild-report-cache
-           or update-report-cache.</p>
+           cleanup-tls-certificate-encoding, migrate-relay-sensors,
+           rebuild-report-cache or update-report-cache.</p>
       
     
     
diff --git a/src/gvmd.c b/src/gvmd.c
index eee28049b..4ef638845 100644
--- a/src/gvmd.c
+++ b/src/gvmd.c
@@ -2101,7 +2101,8 @@ gvmd (int argc, char** argv, char *env[])
           " cleanup-config-prefs, cleanup-feed-permissions,"
           " cleanup-port-names, cleanup-report-formats, cleanup-result-encoding,"
           " cleanup-result-nvts, cleanup-result-severities,"
-          " cleanup-schedule-times, cleanup-sequences, migrate-relay-sensors,"
+          " cleanup-schedule-times, cleanup-sequences,"
+          " cleanup-tls-certificate-encoding, migrate-relay-sensors,"
           " rebuild-report-cache or update-report-cache.",
           "<name>" },
         { "osp-vt-update", '\0', 0, G_OPTION_ARG_STRING,
diff --git a/src/manage_sql.c b/src/manage_sql.c
index 80d86329c..f688bee7b 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -56836,6 +56836,22 @@ manage_optimize (GSList *log_config, const db_conn_info_t *database,
                                           " Cleaned up id sequences.");
         }
     }
+  else if (strcasecmp (name, "cleanup-tls-certificate-encoding") == 0)
+    {
+      int changes;
+      sql_begin_immediate ();
+
+      g_debug ("%s: Cleaning up encoding of TLS certificate DNs",
+               __func__);
+
+      changes = cleanup_tls_certificate_encoding ();
+
+      sql_commit ();
+
+      success_text = g_strdup_printf ("Optimized: Cleaned up encoding"
+                                      " of %d TLS certificate(s).",
+                                      changes);
+    }
   else if (strcasecmp (name, "migrate-relay-sensors") == 0)
     {
       if (get_relay_mapper_path ())
diff --git a/src/manage_sql_tls_certificates.c b/src/manage_sql_tls_certificates.c
index 0403ca61d..6443d7cc6 100644
--- a/src/manage_sql_tls_certificates.c
+++ b/src/manage_sql_tls_certificates.c
@@ -1713,3 +1713,49 @@ tls_certificate_host_asset_id (const char *host_ip, const char *origin_id)
                     host_ip,
                     origin_id);
 }
+
+/**
+ * @brief Clean up DNs of TLS Certificates that are not valid UTF-8.
+ * 
+ * @return The number of TLS certificates updated.
+ */
+int
+cleanup_tls_certificate_encoding ()
+{
+  int changes = 0;
+  iterator_t iterator;
+  
+  init_iterator (&iterator,
+                 "SELECT id, subject_dn, issuer_dn"
+                 " FROM tls_certificates"
+                 " WHERE subject_dn ~ '[\\x80-\\xFF]'"
+                 "   OR issuer_dn ~ '[\\x80-\\xFF]'");
+  
+  while (next (&iterator))
+    {
+      tls_certificate_t tls_certificate;
+      const char *subject_dn, *issuer_dn;
+  
+      tls_certificate = iterator_int64 (&iterator, 0);
+      subject_dn = iterator_string (&iterator, 1);
+      issuer_dn = iterator_string (&iterator, 2);
+
+      if (g_utf8_validate (subject_dn, -1, NULL) == FALSE
+          || g_utf8_validate (issuer_dn, -1, NULL) == FALSE)
+        {
+          gchar *quoted_subject_dn = sql_ascii_escape_and_quote (subject_dn);
+          gchar *quoted_issuer_dn = sql_ascii_escape_and_quote (issuer_dn);
+          
+          sql ("UPDATE tls_certificates"
+               " SET subject_dn = '%s', issuer_dn = '%s'"
+               " WHERE id = %llu",
+               quoted_subject_dn, quoted_issuer_dn, tls_certificate);
+          changes ++;
+
+          g_free (quoted_subject_dn);
+          g_free (quoted_issuer_dn);
+        }
+    }
+  cleanup_iterator (&iterator);
+  return changes;
+}
diff --git a/src/manage_sql_tls_certificates.h b/src/manage_sql_tls_certificates.h
index 934f852a7..9daa1ef17 100644
--- a/src/manage_sql_tls_certificates.h
+++ b/src/manage_sql_tls_certificates.h
@@ -52,4 +52,7 @@ add_tls_certificates_from_report_host (report_host_t,
                                        const char*,
                                        const char*);
 
+int
+cleanup_tls_certificate_encoding ();
+
 #endif /* not _GVMD_MANAGE_SQL_TLS_CERTIFICATES_H */

From 6262b3e4e2e3aa278f6d38cc94b5d35a3a6d7ffc Mon Sep 17 00:00:00 2001
From: Timo Pollmeier <timo.pollmeier@greenbone.net>
Date: Tue, 22 Aug 2023 16:09:30 +0200
Subject: [PATCH 2/5] Fix: Remove extra "gvmd: " from process titles

The "gvmd: " prefix is removed from the text passed to calls to
setproctitle.

The function will add a prefix of the executable name on its own,
so it now no longer adds a superfluous one.
---
 src/gvmd.c                      | 62 ++++++++++++++++-----------------
 src/manage.c                    | 10 +++---
 src/manage_sql.c                |  8 ++---
 src/manage_sql_report_formats.c |  2 +-
 src/manage_sql_secinfo.c        | 22 ++++++------
 5 files changed, 52 insertions(+), 52 deletions(-)

diff --git a/src/gvmd.c b/src/gvmd.c
index 4ef638845..09be3186d 100644
--- a/src/gvmd.c
+++ b/src/gvmd.c
@@ -600,7 +600,7 @@ accept_and_maybe_fork (int server_socket, sigset_t *sigmask_current)
           init_sentry ();
           is_parent = 0;
 
-          setproctitle ("gvmd: Serving client");
+          setproctitle ("Serving client");
 
           /* Restore the sigmask that was blanked for pselect. */
           pthread_sigmask (SIG_SETMASK, sigmask_current, NULL);
@@ -736,7 +736,7 @@ fork_connection_internal (gvm_connection_t *client_connection,
         /* Child.  Serve the scheduler GMP, then exit. */
 
         init_sentry ();
-        setproctitle ("gvmd: Serving GMP internally");
+        setproctitle ("Serving GMP internally");
 
         parent_client_socket = sockets[0];
 
@@ -834,7 +834,7 @@ fork_connection_internal (gvm_connection_t *client_connection,
 
         g_debug ("%s: %i forked %i", __func__, getpid (), pid);
 
-        setproctitle ("gvmd: Requesting GMP internally");
+        setproctitle ("Requesting GMP internally");
 
         /* This process is returned as the child of
          * fork_connection_for_scheduler so that the returned parent can wait
@@ -1105,7 +1105,7 @@ handle_sigabrt_simple (int signal)
 static int
 update_nvt_cache_osp (const gchar *update_socket)
 {
-  setproctitle ("gvmd: OSP: Updating NVT cache");
+  setproctitle ("OSP: Updating NVT cache");
 
   return manage_update_nvts_osp (update_socket);
 }
@@ -1121,7 +1121,7 @@ update_nvt_cache_osp (const gchar *update_socket)
 static int
 update_nvt_cache_retry ()
 {
-  setproctitle ("gvmd: Reloading NVTs");
+  setproctitle ("Reloading NVTs");
 
   /* Don't ignore SIGCHLD, in order to wait for child process. */
   setup_signal_handler (SIGCHLD, SIG_DFL, 0);
@@ -1216,7 +1216,7 @@ fork_update_nvt_cache ()
         /* Child.   */
 
         init_sentry ();
-        setproctitle ("gvmd: Updating NVT cache");
+        setproctitle ("Updating NVT cache");
 
         /* Clean up the process. */
 
@@ -1327,7 +1327,7 @@ fork_feed_sync ()
         /* Child.   */
 
         init_sentry ();
-        setproctitle ("gvmd: Synchronizing feed data");
+        setproctitle ("Synchronizing feed data");
 
         /* Clean up the process. */
 
@@ -2379,7 +2379,7 @@ gvmd (int argc, char** argv, char *env[])
   /* Set process title. */
 
   setproctitle_init (argc, argv, env);
-  setproctitle ("gvmd: Initializing");
+  setproctitle ("Initializing");
 
   /* Setup initial signal handlers. */
 
@@ -2574,7 +2574,7 @@ gvmd (int argc, char** argv, char *env[])
           return EXIT_FAILURE;
         }
 
-      setproctitle ("gvmd: Migrating database");
+      setproctitle ("Migrating database");
 
       g_info ("   Migrating database.");
 
@@ -2659,7 +2659,7 @@ gvmd (int argc, char** argv, char *env[])
     {
       int ret;
 
-      setproctitle ("gvmd: Optimizing");
+      setproctitle ("Optimizing");
 
       if (option_lock (&lockfile_checking))
         return EXIT_FAILURE;
@@ -2675,7 +2675,7 @@ gvmd (int argc, char** argv, char *env[])
     {
       int ret;
 
-      setproctitle ("gvmd: --rebuild");
+      setproctitle ("--rebuild");
 
       if (option_lock (&lockfile_checking))
         return EXIT_FAILURE;
@@ -2697,7 +2697,7 @@ gvmd (int argc, char** argv, char *env[])
       
       error_msg = NULL;
 
-      setproctitle ("gvmd: --rebuild-gvmd-data");
+      setproctitle ("--rebuild-gvmd-data");
 
       if (option_lock (&lockfile_checking))
         return EXIT_FAILURE;
@@ -2722,7 +2722,7 @@ gvmd (int argc, char** argv, char *env[])
     {
       int ret;
 
-      setproctitle ("gvmd: --rebuild-scap");
+      setproctitle ("--rebuild-scap");
 
       if (option_lock (&lockfile_checking))
         return EXIT_FAILURE;
@@ -2741,7 +2741,7 @@ gvmd (int argc, char** argv, char *env[])
     {
       int ret;
 
-      setproctitle ("gvmd: --dump-vt-verification");
+      setproctitle ("--dump-vt-verification");
   
       if (option_lock (&lockfile_checking))
         return EXIT_FAILURE;
@@ -2764,7 +2764,7 @@ gvmd (int argc, char** argv, char *env[])
 
       /* Create the scanner and then exit. */
 
-      setproctitle ("gvmd: Creating scanner");
+      setproctitle ("Creating scanner");
 
       if (option_lock (&lockfile_checking))
         return EXIT_FAILURE;
@@ -2816,7 +2816,7 @@ gvmd (int argc, char** argv, char *env[])
 
       /* Modify the scanner and then exit. */
 
-      setproctitle ("gvmd: Modifying scanner");
+      setproctitle ("Modifying scanner");
 
       if (option_lock (&lockfile_checking))
         return EXIT_FAILURE;
@@ -2860,7 +2860,7 @@ gvmd (int argc, char** argv, char *env[])
     {
       int ret;
 
-      setproctitle ("gvmd: Checking alerts");
+      setproctitle ("Checking alerts");
 
       if (option_lock (&lockfile_checking))
         return EXIT_FAILURE;
@@ -2875,7 +2875,7 @@ gvmd (int argc, char** argv, char *env[])
   if (create_encryption_key)
     {
       int ret;
-      setproctitle ("gvmd: Creating encryption key");
+      setproctitle ("Creating encryption key");
       
       if (option_lock (&lockfile_checking))
         return EXIT_FAILURE;
@@ -2890,7 +2890,7 @@ gvmd (int argc, char** argv, char *env[])
   if (set_encryption_key)
     {
       int ret;
-      setproctitle ("gvmd: Setting encryption key");
+      setproctitle ("Setting encryption key");
       
       if (option_lock (&lockfile_checking))
         return EXIT_FAILURE;
@@ -2907,7 +2907,7 @@ gvmd (int argc, char** argv, char *env[])
     {
       int ret;
 
-      setproctitle ("gvmd: Creating user");
+      setproctitle ("Creating user");
 
       if (option_lock (&lockfile_checking))
         return EXIT_FAILURE;
@@ -2924,7 +2924,7 @@ gvmd (int argc, char** argv, char *env[])
     {
       int ret;
 
-      setproctitle ("gvmd: Deleting user");
+      setproctitle ("Deleting user");
 
       if (option_lock (&lockfile_checking))
         return EXIT_FAILURE;
@@ -2940,7 +2940,7 @@ gvmd (int argc, char** argv, char *env[])
     {
       int ret;
 
-      setproctitle ("gvmd: Getting roles");
+      setproctitle ("Getting roles");
 
       if (option_lock (&lockfile_checking))
         return EXIT_FAILURE;
@@ -2956,7 +2956,7 @@ gvmd (int argc, char** argv, char *env[])
     {
       int ret;
 
-      setproctitle ("gvmd: Getting users");
+      setproctitle ("Getting users");
 
       if (option_lock (&lockfile_checking))
         return EXIT_FAILURE;
@@ -2972,7 +2972,7 @@ gvmd (int argc, char** argv, char *env[])
     {
       int ret;
 
-      setproctitle ("gvmd: Getting scanners");
+      setproctitle ("Getting scanners");
 
       if (option_lock (&lockfile_checking))
         return EXIT_FAILURE;
@@ -2988,7 +2988,7 @@ gvmd (int argc, char** argv, char *env[])
     {
       int ret;
 
-      setproctitle ("gvmd: Deleting scanner");
+      setproctitle ("Deleting scanner");
 
       if (option_lock (&lockfile_checking))
         return EXIT_FAILURE;
@@ -3004,7 +3004,7 @@ gvmd (int argc, char** argv, char *env[])
     {
       int ret;
 
-      setproctitle ("gvmd: Verifying scanner");
+      setproctitle ("Verifying scanner");
 
       if (option_lock (&lockfile_checking))
         return EXIT_FAILURE;
@@ -3020,7 +3020,7 @@ gvmd (int argc, char** argv, char *env[])
     {
       int ret;
 
-      setproctitle ("gvmd: Modifying user password");
+      setproctitle ("Modifying user password");
 
       if (option_lock (&lockfile_checking))
         return EXIT_FAILURE;
@@ -3036,7 +3036,7 @@ gvmd (int argc, char** argv, char *env[])
     {
       int ret;
 
-      setproctitle ("gvmd: Modifying setting");
+      setproctitle ("Modifying setting");
 
       if (option_lock (&lockfile_checking))
         return EXIT_FAILURE;
@@ -3053,7 +3053,7 @@ gvmd (int argc, char** argv, char *env[])
     {
       int ret;
 
-      setproctitle ("gvmd: Encrypting all credentials");
+      setproctitle ("Encrypting all credentials");
 
       if (option_lock (&lockfile_checking))
         return EXIT_FAILURE;
@@ -3069,7 +3069,7 @@ gvmd (int argc, char** argv, char *env[])
     {
       int ret;
 
-      setproctitle ("gvmd: Decrypting all credentials");
+      setproctitle ("Decrypting all credentials");
 
       if (option_lock (&lockfile_checking))
         return EXIT_FAILURE;
@@ -3320,7 +3320,7 @@ gvmd (int argc, char** argv, char *env[])
 
   /* Enter the main forever-loop. */
 
-  setproctitle ("gvmd: Waiting for incoming connections");
+  setproctitle ("Waiting for incoming connections");
   serve_and_schedule ();
 
   gvm_close_sentry ();
diff --git a/src/manage.c b/src/manage.c
index 8d8d9091c..8a1bd2fe7 100644
--- a/src/manage.c
+++ b/src/manage.c
@@ -2865,7 +2865,7 @@ fork_osp_scan_handler (task_t task, target_t target, int from,
       exit (-1);
     }
 
-  setproctitle ("gvmd: OSP: Handling scan %s", report_id);
+  setproctitle ("OSP: Handling scan %s", report_id);
 
   rc = handle_osp_scan (task, global_current_report, report_id);
   g_free (report_id);
@@ -3217,7 +3217,7 @@ fork_cve_scan_handler (task_t task, target_t target)
 
   set_task_run_status (task, TASK_STATUS_RUNNING);
 
-  setproctitle ("gvmd: CVE: Handling scan %s", report_id);
+  setproctitle ("CVE: Handling scan %s", report_id);
   g_free (report_id);
 
   hosts = target_hosts (target);
@@ -4764,7 +4764,7 @@ scheduled_task_start (scheduled_task_t *scheduled_task,
 
           /* Parent.  Wait for child, to check return. */
 
-          setproctitle ("gvmd: scheduler: waiting for %i", pid);
+          setproctitle ("scheduler: waiting for %i", pid);
 
           g_debug ("%s: %i fork_connectioned %i",
                    __func__, getpid (), pid);
@@ -4865,7 +4865,7 @@ scheduled_task_start (scheduled_task_t *scheduled_task,
 
   /* Start the task. */
 
-  setproctitle ("gvmd: scheduler: starting %s", scheduled_task->task_uuid);
+  setproctitle ("scheduler: starting %s", scheduled_task->task_uuid);
 
   auth_opts = gmp_authenticate_info_opts_defaults;
   auth_opts.username = scheduled_task->owner_name;
@@ -4956,7 +4956,7 @@ scheduled_task_stop (scheduled_task_t *scheduled_task,
 
   /* Stop the task. */
 
-  setproctitle ("gvmd: scheduler: stopping %s",
+  setproctitle ("scheduler: stopping %s",
             scheduled_task->task_uuid);
 
   auth_opts = gmp_authenticate_info_opts_defaults;
diff --git a/src/manage_sql.c b/src/manage_sql.c
index f688bee7b..8fdb0a169 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -9633,7 +9633,7 @@ alert_script_exec (const char *alert_id, const char *command_args,
                 init_sentry ();
                 cleanup_manage_process (FALSE);
 
-                setproctitle ("gvmd: Running alert script");
+                setproctitle ("Running alert script");
 
                 if (setgroups (0,NULL))
                   {
@@ -10446,7 +10446,7 @@ send_to_sourcefire (const char *ip, const char *port, const char *pkcs12_64,
                 init_sentry ();
                 cleanup_manage_process (FALSE);
 
-                setproctitle ("gvmd: Sending to Sourcefire");
+                setproctitle ("Sending to Sourcefire");
 
                 if (setgroups (0,NULL))
                   {
@@ -10775,7 +10775,7 @@ send_to_verinice (const char *url, const char *username, const char *password,
               {
                 /* Child.  Drop privileges, run command, exit. */
                 init_sentry ();
-                setproctitle ("gvmd: Sending to Verinice");
+                setproctitle ("Sending to Verinice");
 
                 cleanup_manage_process (FALSE);
 
@@ -20905,7 +20905,7 @@ create_report (array_t *results, const char *task_id, const char *in_assets,
         }
     }
 
-  setproctitle ("gvmd: Importing results");
+  setproctitle ("Importing results");
 
   /* Add the results. */
 
diff --git a/src/manage_sql_report_formats.c b/src/manage_sql_report_formats.c
index f9f837c1d..155cc5079 100644
--- a/src/manage_sql_report_formats.c
+++ b/src/manage_sql_report_formats.c
@@ -3416,7 +3416,7 @@ run_report_format_script (gchar *report_format_id,
               /* Child.  Drop privileges, run command, exit. */
 
               init_sentry ();
-              setproctitle ("gvmd: Generating report");
+              setproctitle ("Generating report");
 
               cleanup_manage_process (FALSE);
 
diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c
index 143312d10..9d893b8f9 100644
--- a/src/manage_sql_secinfo.c
+++ b/src/manage_sql_secinfo.c
@@ -3228,7 +3228,7 @@ manage_sync_cert (sigset_t *sigmask_current)
 {
   sync_secinfo (sigmask_current,
                 sync_cert,
-                "gvmd: Syncing CERT");
+                "Syncing CERT");
 }
 
 
@@ -3426,7 +3426,7 @@ update_scap_end ()
   sql ("ANALYZE scap.affected_products;");
 
   g_info ("%s: Updating SCAP info succeeded", __func__);
-  setproctitle ("gvmd: Syncing SCAP: done");
+  setproctitle ("Syncing SCAP: done");
 
   return 0;
 }
@@ -3473,7 +3473,7 @@ try_load_csv ()
       /* Add the indexes and constraints, now that the data is ready. */
 
       g_debug ("%s: add indexes", __func__);
-      setproctitle ("gvmd: Syncing SCAP: Adding indexes");
+      setproctitle ("Syncing SCAP: Adding indexes");
 
       if (manage_db_init_indexes ("scap"))
         {
@@ -3482,7 +3482,7 @@ try_load_csv ()
         }
 
       g_debug ("%s: add constraints", __func__);
-      setproctitle ("gvmd: Syncing SCAP: Adding constraints");
+      setproctitle ("Syncing SCAP: Adding constraints");
 
       if (manage_db_add_constraints ("scap"))
         {
@@ -3535,7 +3535,7 @@ update_scap (gboolean reset_scap_db)
 
           if (last_scap_update == last_feed_update)
             {
-              setproctitle ("gvmd: Syncing SCAP: done");
+              setproctitle ("Syncing SCAP: done");
               return 0;
             }
 
@@ -3564,7 +3564,7 @@ update_scap (gboolean reset_scap_db)
   /* Add the indexes and constraints. */
 
   g_debug ("%s: add indexes", __func__);
-  setproctitle ("gvmd: Syncing SCAP: Adding indexes");
+  setproctitle ("Syncing SCAP: Adding indexes");
 
   if (manage_db_init_indexes ("scap"))
     {
@@ -3585,13 +3585,13 @@ update_scap (gboolean reset_scap_db)
   g_info ("%s: Updating data from feed", __func__);
 
   g_debug ("%s: update cpes", __func__);
-  setproctitle ("gvmd: Syncing SCAP: Updating CPEs");
+  setproctitle ("Syncing SCAP: Updating CPEs");
 
   if (update_scap_cpes () == -1)
     return -1;
 
   g_debug ("%s: update cves", __func__);
-  setproctitle ("gvmd: Syncing SCAP: Updating CVEs");
+  setproctitle ("Syncing SCAP: Updating CVEs");
 
   if (update_scap_cves () == -1)
     return -1;
@@ -3602,12 +3602,12 @@ update_scap (gboolean reset_scap_db)
   /* Do calculations that need all data. */
 
   g_debug ("%s: update max cvss", __func__);
-  setproctitle ("gvmd: Syncing SCAP: Updating max CVSS");
+  setproctitle ("Syncing SCAP: Updating max CVSS");
 
   update_scap_cvss ();
 
   g_debug ("%s: update placeholders", __func__);
-  setproctitle ("gvmd: Syncing SCAP: Updating placeholders");
+  setproctitle ("Syncing SCAP: Updating placeholders");
 
   update_scap_placeholders ();
 
@@ -3635,7 +3635,7 @@ manage_sync_scap (sigset_t *sigmask_current)
 {
   sync_secinfo (sigmask_current,
                 sync_scap,
-                "gvmd: Syncing SCAP");
+                "Syncing SCAP");
 }
 
 /**

From 7adf183fc0f72e0396db77201fd44da3148a88d1 Mon Sep 17 00:00:00 2001
From: Matt Mundell <matt@mundell.me>
Date: Tue, 22 Aug 2023 19:09:53 +0200
Subject: [PATCH 3/5] Add: index config_preferences_by_config

---
 src/manage_pg.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/manage_pg.c b/src/manage_pg.c
index 34fcd7c62..d2c68e45d 100644
--- a/src/manage_pg.c
+++ b/src/manage_pg.c
@@ -2886,6 +2886,9 @@ create_tables ()
 
   /* Create indexes. */
 
+  sql ("SELECT create_index ('config_preferences_by_config',"
+       "                     'config_preferences', 'config');");
+
   sql ("SELECT create_index ('host_details_by_host',"
        "                     'host_details', 'host');");
 

From bdb02231ca497c1e9ca52b5e74441a6e917fc19a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Ricks?= <bjoern.ricks@greenbone.net>
Date: Fri, 1 Sep 2023 12:44:26 +0200
Subject: [PATCH 4/5] Fix: Require gvm-libs 22.7 for credentials excerpt_size

The credentials excerpt_size got introduced with https://github.com/greenbone/gvm-libs/commit/19d347c0
and was released with gvm-libs 22.7.0. Since https://github.com/greenbone/gvmd/commit/81b9aaaf8
it is used in gvmd. The change was released with gvmd 22.7.0.

Closes #2073
---
 src/CMakeLists.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 02f314aaa..d7fc449d7 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -26,7 +26,7 @@ find_package (Threads)
 ## list and throw an error, otherwise long install-cmake-install-cmake cycles
 ## might occur.
 
-pkg_check_modules (LIBGVM_BASE REQUIRED libgvm_base>=22.6)
+pkg_check_modules (LIBGVM_BASE REQUIRED libgvm_base>=22.7)
 pkg_check_modules (LIBGVM_UTIL REQUIRED libgvm_util>=22.6)
 pkg_check_modules (LIBGVM_OSP REQUIRED libgvm_osp>=22.6)
 pkg_check_modules (LIBGVM_GMP REQUIRED libgvm_gmp>=22.6)

From 037816579daaaaf6d6d882565ff958cabcdaad92 Mon Sep 17 00:00:00 2001
From: Johannes Helmold <johannes.helmold@greenbone.net>
Date: Fri, 1 Sep 2023 13:09:06 +0200
Subject: [PATCH 5/5] Fix: Fixed infinite loop at the end of scans.

When the scan progress of a scan was at 100% some times the
processing of the data in gvmd got into an infinite loop. That
problem is fixed now.
---
 src/manage_sql.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/manage_sql.c b/src/manage_sql.c
index 8fdb0a169..0eb7005d3 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -48006,7 +48006,10 @@ hosts_set_identifiers (report_t report)
           GString *select;
 
           if (report_host_noticeable (report, ip) == 0)
-            continue;
+            {
+              host_index++;
+              continue;
+            }
 
           quoted_host_name = sql_quote (ip);