diff options
author | Oliver Eikemeier <eik@FreeBSD.org> | 2004-09-03 20:30:54 +0000 |
---|---|---|
committer | Oliver Eikemeier <eik@FreeBSD.org> | 2004-09-03 20:30:54 +0000 |
commit | e8a614288894d7ba6bb207828955d395a798f1ff (patch) | |
tree | 18c5f05837be258aaf5439a25987ac33b145549a | |
parent | 67b40246dd1d3b221861530b6dbda651ec89b31b (diff) | |
download | ports-e8a614288894d7ba6bb207828955d395a798f1ff.tar.gz ports-e8a614288894d7ba6bb207828955d395a798f1ff.zip |
- update to version 0.5.9
(first attempts to check the base system for vulnerabilities)
Notes
Notes:
svn path=/head/; revision=118082
-rw-r--r-- | ports-mgmt/portaudit/Makefile | 2 | ||||
-rw-r--r-- | ports-mgmt/portaudit/files/portaudit-cmd.sh | 43 | ||||
-rw-r--r-- | ports-mgmt/portaudit/files/portaudit.conf | 3 | ||||
-rw-r--r-- | security/portaudit/Makefile | 2 | ||||
-rw-r--r-- | security/portaudit/files/portaudit-cmd.sh | 43 | ||||
-rw-r--r-- | security/portaudit/files/portaudit.conf | 3 |
6 files changed, 68 insertions, 28 deletions
diff --git a/ports-mgmt/portaudit/Makefile b/ports-mgmt/portaudit/Makefile index 0cd98ab8b5ed..30dd814c3c29 100644 --- a/ports-mgmt/portaudit/Makefile +++ b/ports-mgmt/portaudit/Makefile @@ -6,7 +6,7 @@ # PORTNAME= portaudit -PORTVERSION= 0.5.4 +PORTVERSION= 0.5.9 CATEGORIES= security DISTFILES= diff --git a/ports-mgmt/portaudit/files/portaudit-cmd.sh b/ports-mgmt/portaudit/files/portaudit-cmd.sh index f69a7269bd84..9f0650544283 100644 --- a/ports-mgmt/portaudit/files/portaudit-cmd.sh +++ b/ports-mgmt/portaudit/files/portaudit-cmd.sh @@ -33,13 +33,15 @@ portaudit_confs() { - portaudit_dir=${portaudit_dir:-"%%DATABASEDIR%%"} - portaudit_filename=${portaudit_filename:-"auditfile.tbz"} + : ${portaudit_dir="%%DATABASEDIR%%"} + : ${portaudit_filename="auditfile.tbz"} - portaudit_fetch_env=${portaudit_fetch_env:-} - portaudit_fetch_cmd=${portaudit_fetch_cmd:-"fetch -1mp"} + : ${portaudit_fetch_env=""} + : ${portaudit_fetch_cmd="fetch -1mp"} - portaudit_sites=${portaudit_sites:-"http://www.FreeBSD.org/ports/"} + : ${portaudit_sites="http://www.FreeBSD.org/ports/"} + + : ${portaudit_fixed=""} if [ -r %%PREFIX%%/etc/portaudit.conf ]; then . %%PREFIX%%/etc/portaudit.conf @@ -126,16 +128,27 @@ portaudit_prerequisites() audit_installed() { local rc=0 + local osversion=`sysctl -n kern.osreldate` + + fixedre=`echo -n $portaudit_fixed | tr -c '[:alnum:]- \t\n' 'x' | tr -s ' \t\n' '|'` extract_auditfile | awk -F\| "$PRINTAFFECTED_AWK"' - BEGIN { vul=0 } + BEGIN { vul=0; fixedre="'"$fixedre"'" } /^(#|\$)/ { next } $2 !~ /'"$opt_restrict"'/ { next } + $1 ~ /^FreeBSD[<=>!]/ { + if (fixedre && $2 ~ fixedre) next + if (!system("'"$pkg_version"' -T \"FreeBSD-'"$osversion"'\" \"" $1 "\"")) { + print_affected("FreeBSD-'"$osversion"'", \ + "To disable this check add the uuid to \`portaudit_fixed'"'"' in %%PREFIX%%/etc/portaudit.conf") + } + next + } { cmd="'"$pkg_info"' -E \"" $1 "\"" while((cmd | getline pkg) > 0) { vul++ - print_affected(pkg) + print_affected(pkg, "") } close(cmd) } @@ -186,7 +199,7 @@ audit_file() if ($2 !~ /'"$opt_restrict"'/) continue vul++ - print_affected(pkg) + print_affected(pkg, "") } close(cmd) } @@ -223,7 +236,7 @@ audit_args() ' | $pkg_version -T "$1" -`; then VULCNT=$(($VULCNT+1)) echo "$VLIST" | awk -F\| "$PRINTAFFECTED_AWK"' - { print_affected("'"$1"'") } + { print_affected("'"$1"'", "") } ' fi ;; @@ -256,7 +269,7 @@ audit_cwd() { print } ' | $pkg_version -T "$PKGNAME" -`; then echo "$VLIST" | awk -F\| "$PRINTAFFECTED_AWK"' - { print_affected("'"$PKGNAME"'") } + { print_affected("'"$PKGNAME"'", "") } ' return 1 fi @@ -400,31 +413,35 @@ prerequisites_checked=false if $opt_quiet; then PRINTAFFECTED_AWK=' - function print_affected(apkg) { + function print_affected(apkg, note) { print apkg } ' elif $opt_verbose; then PRINTAFFECTED_AWK=' - function print_affected(apkg) { + function print_affected(apkg, note) { split(apkg, thepkg) print "Affected package: " thepkg[1] " (matched by " $1 ")" print "Type of problem: " $3 "." split($2, ref, / /) for (r in ref) print "Reference: <" ref[r] ">" + if (note) + print "Note: " note print "" } ' else PRINTAFFECTED_AWK=' - function print_affected(apkg) { + function print_affected(apkg, note) { split(apkg, thepkg) print "Affected package: " thepkg[1] print "Type of problem: " $3 "." split($2, ref, / /) for (r in ref) print "Reference: <" ref[r] ">" + if (note) + print "Note: " note print "" } ' diff --git a/ports-mgmt/portaudit/files/portaudit.conf b/ports-mgmt/portaudit/files/portaudit.conf index 68fbe9f23888..f9362ccb6a3a 100644 --- a/ports-mgmt/portaudit/files/portaudit.conf +++ b/ports-mgmt/portaudit/files/portaudit.conf @@ -14,3 +14,6 @@ # specify a local mirror that generates databases with portaudit-db here #portaudit_sites="http://www.FreeBSD.org/ports/" + +# this vulnerability has been fixed in you FreeBSD version +#portaudit_fixed="d2102505-f03d-11d8-81b0-000347a4fa7d" diff --git a/security/portaudit/Makefile b/security/portaudit/Makefile index 0cd98ab8b5ed..30dd814c3c29 100644 --- a/security/portaudit/Makefile +++ b/security/portaudit/Makefile @@ -6,7 +6,7 @@ # PORTNAME= portaudit -PORTVERSION= 0.5.4 +PORTVERSION= 0.5.9 CATEGORIES= security DISTFILES= diff --git a/security/portaudit/files/portaudit-cmd.sh b/security/portaudit/files/portaudit-cmd.sh index f69a7269bd84..9f0650544283 100644 --- a/security/portaudit/files/portaudit-cmd.sh +++ b/security/portaudit/files/portaudit-cmd.sh @@ -33,13 +33,15 @@ portaudit_confs() { - portaudit_dir=${portaudit_dir:-"%%DATABASEDIR%%"} - portaudit_filename=${portaudit_filename:-"auditfile.tbz"} + : ${portaudit_dir="%%DATABASEDIR%%"} + : ${portaudit_filename="auditfile.tbz"} - portaudit_fetch_env=${portaudit_fetch_env:-} - portaudit_fetch_cmd=${portaudit_fetch_cmd:-"fetch -1mp"} + : ${portaudit_fetch_env=""} + : ${portaudit_fetch_cmd="fetch -1mp"} - portaudit_sites=${portaudit_sites:-"http://www.FreeBSD.org/ports/"} + : ${portaudit_sites="http://www.FreeBSD.org/ports/"} + + : ${portaudit_fixed=""} if [ -r %%PREFIX%%/etc/portaudit.conf ]; then . %%PREFIX%%/etc/portaudit.conf @@ -126,16 +128,27 @@ portaudit_prerequisites() audit_installed() { local rc=0 + local osversion=`sysctl -n kern.osreldate` + + fixedre=`echo -n $portaudit_fixed | tr -c '[:alnum:]- \t\n' 'x' | tr -s ' \t\n' '|'` extract_auditfile | awk -F\| "$PRINTAFFECTED_AWK"' - BEGIN { vul=0 } + BEGIN { vul=0; fixedre="'"$fixedre"'" } /^(#|\$)/ { next } $2 !~ /'"$opt_restrict"'/ { next } + $1 ~ /^FreeBSD[<=>!]/ { + if (fixedre && $2 ~ fixedre) next + if (!system("'"$pkg_version"' -T \"FreeBSD-'"$osversion"'\" \"" $1 "\"")) { + print_affected("FreeBSD-'"$osversion"'", \ + "To disable this check add the uuid to \`portaudit_fixed'"'"' in %%PREFIX%%/etc/portaudit.conf") + } + next + } { cmd="'"$pkg_info"' -E \"" $1 "\"" while((cmd | getline pkg) > 0) { vul++ - print_affected(pkg) + print_affected(pkg, "") } close(cmd) } @@ -186,7 +199,7 @@ audit_file() if ($2 !~ /'"$opt_restrict"'/) continue vul++ - print_affected(pkg) + print_affected(pkg, "") } close(cmd) } @@ -223,7 +236,7 @@ audit_args() ' | $pkg_version -T "$1" -`; then VULCNT=$(($VULCNT+1)) echo "$VLIST" | awk -F\| "$PRINTAFFECTED_AWK"' - { print_affected("'"$1"'") } + { print_affected("'"$1"'", "") } ' fi ;; @@ -256,7 +269,7 @@ audit_cwd() { print } ' | $pkg_version -T "$PKGNAME" -`; then echo "$VLIST" | awk -F\| "$PRINTAFFECTED_AWK"' - { print_affected("'"$PKGNAME"'") } + { print_affected("'"$PKGNAME"'", "") } ' return 1 fi @@ -400,31 +413,35 @@ prerequisites_checked=false if $opt_quiet; then PRINTAFFECTED_AWK=' - function print_affected(apkg) { + function print_affected(apkg, note) { print apkg } ' elif $opt_verbose; then PRINTAFFECTED_AWK=' - function print_affected(apkg) { + function print_affected(apkg, note) { split(apkg, thepkg) print "Affected package: " thepkg[1] " (matched by " $1 ")" print "Type of problem: " $3 "." split($2, ref, / /) for (r in ref) print "Reference: <" ref[r] ">" + if (note) + print "Note: " note print "" } ' else PRINTAFFECTED_AWK=' - function print_affected(apkg) { + function print_affected(apkg, note) { split(apkg, thepkg) print "Affected package: " thepkg[1] print "Type of problem: " $3 "." split($2, ref, / /) for (r in ref) print "Reference: <" ref[r] ">" + if (note) + print "Note: " note print "" } ' diff --git a/security/portaudit/files/portaudit.conf b/security/portaudit/files/portaudit.conf index 68fbe9f23888..f9362ccb6a3a 100644 --- a/security/portaudit/files/portaudit.conf +++ b/security/portaudit/files/portaudit.conf @@ -14,3 +14,6 @@ # specify a local mirror that generates databases with portaudit-db here #portaudit_sites="http://www.FreeBSD.org/ports/" + +# this vulnerability has been fixed in you FreeBSD version +#portaudit_fixed="d2102505-f03d-11d8-81b0-000347a4fa7d" |