diff options
author | Stefan Eßer <se@FreeBSD.org> | 2017-10-12 11:00:49 +0000 |
---|---|---|
committer | Stefan Eßer <se@FreeBSD.org> | 2017-10-12 11:00:49 +0000 |
commit | 7bd275a7c67a9c0b199144868cca3d9cd8b6714c (patch) | |
tree | 2a18d5f0b1e2453e27c14cce2579135dcf49fc5c /security/cvechecker/files | |
parent | a0e2d9766140959701f297f0029aea7020af01f4 (diff) | |
download | ports-7bd275a7c67a9c0b199144868cca3d9cd8b6714c.tar.gz ports-7bd275a7c67a9c0b199144868cca3d9cd8b6714c.zip |
Check installed packages for vulnerabilities recorded in the CVE database.
Approved by: antoine (mentor)
Notes
Notes:
svn path=/head/; revision=451847
Diffstat (limited to 'security/cvechecker/files')
-rw-r--r-- | security/cvechecker/files/patch-scripts_cverules | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/security/cvechecker/files/patch-scripts_cverules b/security/cvechecker/files/patch-scripts_cverules new file mode 100644 index 000000000000..d5fb28415300 --- /dev/null +++ b/security/cvechecker/files/patch-scripts_cverules @@ -0,0 +1,37 @@ +--- scripts/cverules.orig 2017-10-11 10:44:44 UTC ++++ scripts/cverules +@@ -19,26 +19,11 @@ then + fi + + +-if [ -f /etc/gentoo-release ]; +-then +- cd /var/db/pkg; +- for CAT in *; +- do +- cd ${CAT}; +- for PKG in *; +- do +- echo "!!!! Checking ${PKG}"; +- typeset PKGNAME=$(echo ${PKG} | sed -e 's:\(.*\)-[0-9][0-9]*.*:\1:g'); +- typeset PKGVERSION=$(echo ${PKG} | sed -e 's:.*-\([0-9][0-9]*.*\):\1:g' | sed -e 's:-r[0-9]*$::g' | sed -e 's:\.:\\.:g'); +- export IGNORESTRINGS="tmp/portage"; +- qlist ${PKG} | egrep '(bin/|\.so)' | cvegenversdat ${PKGNAME} ${PKGVERSION} ${CONFFILE} breakon; +- done +- cd .. +- done +-else +- echo "Could not deduce if this system is a supported distribution or platform."; +- echo "Currently supported platforms are: Gentoo." +- echo "If you wish to help expand the supported distributions or platforms, please"; +- echo "do not hesitate to contact the author at sven.vermeulen@siphos.be."; +- exit 1; +-fi ++for PKG in $(pkg info -q) ++do ++ echo "!!!! Checking ${PKG}" ++ set -- $(echo ${PKG} | sed -e 's:,[0-9][0-9]*$::; s:_[0-9][0-9]*$::; s:\(.*\)-r\{0,1\}\([0-9][0-9]*.*\):\1 \2:; s:\.:\\.:g') ++ PKGNAME=$1 ++ PKGVERSION=$2 ++ pkg list ${PKG} | egrep '(/bin/|/sbin/|/libexec/|\.so\.|\.so$)' | cvegenversdat ${PKGNAME} ${PKGVERSION} ${CONFFILE} breakon ++done |