diff options
-rw-r--r-- | security/cvechecker/Makefile | 47 | ||||
-rw-r--r-- | security/cvechecker/distinfo | 3 | ||||
-rw-r--r-- | security/cvechecker/files/patch-scripts_cverules | 37 | ||||
-rw-r--r-- | security/cvechecker/pkg-deinstall | 13 | ||||
-rw-r--r-- | security/cvechecker/pkg-descr | 11 | ||||
-rw-r--r-- | security/cvechecker/pkg-plist | 21 |
6 files changed, 132 insertions, 0 deletions
diff --git a/security/cvechecker/Makefile b/security/cvechecker/Makefile new file mode 100644 index 000000000000..aa6a924d76cf --- /dev/null +++ b/security/cvechecker/Makefile @@ -0,0 +1,47 @@ +# Created by: Stefan Esser <se@FreeBSD.org> +# $FreeBSD$ + +PORTNAME= cvechecker +PORTVERSION= 3.8 +CATEGORIES= security + +MAINTAINER= se@FreeBSD.org +COMMENT= Check CVE database for vulnerabilities affecting installed packages + +LICENSE= GPLv3 + +LIB_DEPENDS= libargp.so:devel/argp-standalone \ + libconfig.so:devel/libconfig +RUN_DEPENDS= bash:shells/bash + +MAKE_ENV+= LDADD=-largp + +USES= autoreconf pkgconfig shebangfix + +SHEBANG_FILES= scripts/cverules scripts/cvegenversdat + +GNU_CONFIGURE= yes +CONFIGURE_ARGS= --localstatedir=/var/db + +bash_OLD_CMD+= /bin/sh + +OPTIONS_MULTI= DB +OPTIONS_MULTI_DB= MYSQL SQLITE +OPTIONS_DEFAULT= SQLITE +DB_DESC= CVE Database + +MYSQL_USES= mysql ssl +MYSQL_CONFIGURE_ENABLE= mysql + +SQLITE_USES= sqlite +SQLITE_CONFIGURE_ENABLE= sqlite3 + +USE_GITHUB= yes +GH_ACCOUNT= sjvermeu +GH_PROJECT= cvechecker +GH_TAGNAME= v${PORTVERSION} + +post-stage: + ${MV} ${STAGEDIR}${PREFIX}/etc/cvechecker.conf ${STAGEDIR}${PREFIX}/etc/cvechecker.conf.sample + +.include <bsd.port.mk> diff --git a/security/cvechecker/distinfo b/security/cvechecker/distinfo new file mode 100644 index 000000000000..e3e57d1cf02c --- /dev/null +++ b/security/cvechecker/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1507628153 +SHA256 (sjvermeu-cvechecker-3.8-v3.8_GH0.tar.gz) = 53a2f0edab34ea75d3d33b8c840f27c60464f0433c2b82bc8b02298306c53268 +SIZE (sjvermeu-cvechecker-3.8-v3.8_GH0.tar.gz) = 3329220 diff --git a/security/cvechecker/files/patch-scripts_cverules b/security/cvechecker/files/patch-scripts_cverules new file mode 100644 index 000000000000..d5fb28415300 --- /dev/null +++ b/security/cvechecker/files/patch-scripts_cverules @@ -0,0 +1,37 @@ +--- scripts/cverules.orig 2017-10-11 10:44:44 UTC ++++ scripts/cverules +@@ -19,26 +19,11 @@ then + fi + + +-if [ -f /etc/gentoo-release ]; +-then +- cd /var/db/pkg; +- for CAT in *; +- do +- cd ${CAT}; +- for PKG in *; +- do +- echo "!!!! Checking ${PKG}"; +- typeset PKGNAME=$(echo ${PKG} | sed -e 's:\(.*\)-[0-9][0-9]*.*:\1:g'); +- typeset PKGVERSION=$(echo ${PKG} | sed -e 's:.*-\([0-9][0-9]*.*\):\1:g' | sed -e 's:-r[0-9]*$::g' | sed -e 's:\.:\\.:g'); +- export IGNORESTRINGS="tmp/portage"; +- qlist ${PKG} | egrep '(bin/|\.so)' | cvegenversdat ${PKGNAME} ${PKGVERSION} ${CONFFILE} breakon; +- done +- cd .. +- done +-else +- echo "Could not deduce if this system is a supported distribution or platform."; +- echo "Currently supported platforms are: Gentoo." +- echo "If you wish to help expand the supported distributions or platforms, please"; +- echo "do not hesitate to contact the author at sven.vermeulen@siphos.be."; +- exit 1; +-fi ++for PKG in $(pkg info -q) ++do ++ echo "!!!! Checking ${PKG}" ++ set -- $(echo ${PKG} | sed -e 's:,[0-9][0-9]*$::; s:_[0-9][0-9]*$::; s:\(.*\)-r\{0,1\}\([0-9][0-9]*.*\):\1 \2:; s:\.:\\.:g') ++ PKGNAME=$1 ++ PKGVERSION=$2 ++ pkg list ${PKG} | egrep '(/bin/|/sbin/|/libexec/|\.so\.|\.so$)' | cvegenversdat ${PKGNAME} ${PKGVERSION} ${CONFFILE} breakon ++done diff --git a/security/cvechecker/pkg-deinstall b/security/cvechecker/pkg-deinstall new file mode 100644 index 000000000000..030fa9b88d3c --- /dev/null +++ b/security/cvechecker/pkg-deinstall @@ -0,0 +1,13 @@ +#!/bin/sh + +[ "$2" = DEINSTALL ] && cat <<***EOM +------------------------------------------------------------------------------ + +If you are no longer using the $1 port, then manually delete +the following directory: + + /var/db/cvechecker + +------------------------------------------------------------------------------ +***EOM +exit 0 diff --git a/security/cvechecker/pkg-descr b/security/cvechecker/pkg-descr new file mode 100644 index 000000000000..1b5d083d87d8 --- /dev/null +++ b/security/cvechecker/pkg-descr @@ -0,0 +1,11 @@ +------------------------------------------------------------------------------ +The goal of cvechecker is to report about possible vulnerabilities on your +system, by scanning a list of installed software and matching results with +the CVE database. + +This is not a bullet-proof method and you may have many false positives (ie: +vulnerability is fixed with a revision-release, but the tool isn't able to +detect the revision itself), yet it is still better than nothing, especially +if you are running a distribution with little security coverage. + +WWW: https://github.com/sjvermeu/cvechecker/wiki diff --git a/security/cvechecker/pkg-plist b/security/cvechecker/pkg-plist new file mode 100644 index 000000000000..019778f5eb22 --- /dev/null +++ b/security/cvechecker/pkg-plist @@ -0,0 +1,21 @@ +bin/cvechecker +bin/cvegenversdat +bin/cvereport +bin/cverules +bin/pullcves +@sample %%ETCDIR%%.conf.sample +man/man1/cvechecker.1.gz +man/man1/cvegenversdat.1.gz +man/man1/cvereport.1.gz +man/man1/cverules.1.gz +man/man1/pullcves.1.gz +%%DATADIR%%/csv2xml.awk +%%DATADIR%%/cvereport.xsl +%%DATADIR%%/mysql_cvechecker.sql +%%DATADIR%%/nvdcve2simple.xsl +%%DATADIR%%/report.css +%%PORTDOCS%%%%DOCSDIR%%/acknowledgements.xml +%%PORTDOCS%%%%DOCSDIR%%/userguide.xml +@dir /var/db/cvechecker/cache +@dir /var/db/cvechecker/local +@dir /var/db/cvechecker |