aboutsummaryrefslogtreecommitdiffstats
path: root/security/portaudit
diff options
context:
space:
mode:
authoreik <eik@FreeBSD.org>2004-06-24 00:01:38 +0800
committereik <eik@FreeBSD.org>2004-06-24 00:01:38 +0800
commit2b51aad50e5298adf7d994607aee643e9aefa72d (patch)
treeb575967a16e072cb2c6d70d52eae51ef8ad36ecd /security/portaudit
parenta80a1799bc3bb9cb8ade38a8cc0e7ebb89ed07fd (diff)
downloadfreebsd-ports-gnome-2b51aad50e5298adf7d994607aee643e9aefa72d.tar.gz
freebsd-ports-gnome-2b51aad50e5298adf7d994607aee643e9aefa72d.tar.zst
freebsd-ports-gnome-2b51aad50e5298adf7d994607aee643e9aefa72d.zip
Update to version 0.4, with a new `-f' option.
To check which of the current ports have known vulnerabilities, do portaudit -f /usr/ports/INDEX This port requires pkg_install(-devel)>=20040623
Diffstat (limited to 'security/portaudit')
-rw-r--r--security/portaudit/Makefile34
-rw-r--r--security/portaudit/files/portaudit-cmd.sh16
-rw-r--r--security/portaudit/files/portaudit.functions83
3 files changed, 91 insertions, 42 deletions
diff --git a/security/portaudit/Makefile b/security/portaudit/Makefile
index 89bdd6b68862..dfd4f458b03c 100644
--- a/security/portaudit/Makefile
+++ b/security/portaudit/Makefile
@@ -6,7 +6,7 @@
#
PORTNAME= portaudit
-PORTVERSION= 0.3.3
+PORTVERSION= 0.4
CATEGORIES= security
DISTFILES=
@@ -18,19 +18,27 @@ MAN1= portaudit.1
PERIODICDIR?= ${PREFIX}/etc/periodic
DATABASEDIR?= /var/db/portaudit
+PKGREQ= ${WRKDIR}/pkg-req
PKGINSTALL= ${WRKDIR}/pkg-install
PKGDEINSTALL= ${WRKDIR}/pkg-deinstall
PLIST_SUB+= PERIODICDIR="${PERIODICDIR:S,^${PREFIX}/,,}" \
DATABASEDIR="${DATABASEDIR}"
-SED_SCRIPT= -e 's,%%PREFIX%%,${PREFIX},g' \
- -e 's,%%DATABASEDIR%%,${DATABASEDIR},g'
+REQPKGVER= 20040623
+
+SED_SCRIPT= -e 's|%%PREFIX%%|${PREFIX}|g' \
+ -e 's|%%LOCALBASE%%|${LOCALBASE}|g' \
+ -e "s|%%DATADIR%%|${DATADIR}|g" \
+ -e "s|%%DATABASEDIR%%|${DATABASEDIR}|g" \
+ -e "s|%%PORTVERSION%%|${PORTVERSION}|g" \
+ -e "s|%%REQPKGVER%%|${REQPKGVER}|g" \
+ -e "s|%%BZIP2_CMD%%|${BZIP2_CMD}|g" \
PKG_INFO_BASE?= /usr/sbin/pkg_info
BASEPKGVER!= ${PKG_INFO_BASE} -qP 2>/dev/null || ${TRUE}
-.if ${BASEPKGVER} < 20040125
+.if ${BASEPKGVER} < ${REQPKGVER}
RUN_DEPENDS= ${LOCALBASE}/sbin/pkg_info:${PORTSDIR}/sysutils/pkg_install-devel
.endif
@@ -42,22 +50,24 @@ RUN_DEPENDS+= bzip2:${PORTSDIR}/archivers/bzip2
do-build:
.for f in portaudit-cmd.sh portaudit.sh fetchaudit.sh portaudit.functions portaudit.1 portaudit.conf
- @${SED} -e "s|%%DATADIR%%|${DATADIR}|g" \
- -e "s|%%DATABASEDIR%%|${DATABASEDIR}|g" \
- -e "s|%%PREFIX%%|${PREFIX}|g" \
- -e "s|%%LOCALBASE%%|${LOCALBASE}|g" \
- -e "s|%%PORTVERSION%%|${PORTVERSION}|g" \
- -e "s|%%BZIP2_CMD%%|${BZIP2_CMD}|g" \
- ${FILESDIR}/${f} > ${WRKDIR}/${f}
+ @${SED} ${SED_SCRIPT} ${FILESDIR}/${f} > ${WRKDIR}/${f}
.endfor
post-build:
-.for text in pkg-install pkg-deinstall
+.for text in pkg-req pkg-install pkg-deinstall
@if [ -f ${PKGDIR}/${text} ]; then \
${SED} ${SED_SCRIPT} ${PKGDIR}/${text} >${WRKDIR}/${text}; \
fi
.endfor
+pre-install:
+ @if [ -f ${PKGREQ} ]; then \
+ ${SETENV} "PKG_PREFIX=${PREFIX}" ${SH} ${PKGREQ} ${PKGNAME} INSTALL; \
+ fi
+ @if [ -f ${PKGINSTALL} ]; then \
+ ${SETENV} "PKG_PREFIX=${PREFIX}" ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL; \
+ fi
+
do-install:
@${INSTALL_SCRIPT} ${WRKDIR}/portaudit-cmd.sh ${PREFIX}/bin/portaudit
@${INSTALL_MAN} ${WRKDIR}/portaudit.1 ${MAN1PREFIX}/man/man1
diff --git a/security/portaudit/files/portaudit-cmd.sh b/security/portaudit/files/portaudit-cmd.sh
index 2df9a0fc4533..54c1f02952ec 100644
--- a/security/portaudit/files/portaudit-cmd.sh
+++ b/security/portaudit/files/portaudit-cmd.sh
@@ -37,17 +37,18 @@ portaudit_confs
opt_audit=false
opt_auditcwd=false
opt_audittree=false
-opt_verbose=false
-opt_version=false
opt_dbversion=false
opt_fetch=false
+opt_file=
opt_quiet=false
+opt_verbose=false
+opt_version=false
if [ $# -eq 0 ] ; then
opt_audit=true
fi
-while getopts aACvVdFq opt; do
+while getopts aACdf:FqvV opt; do
case "$opt" in
a)
opt_audit=true;;
@@ -57,6 +58,8 @@ while getopts aACvVdFq opt; do
opt_auditcwd=true;;
d)
opt_dbversion=true;;
+ f)
+ opt_file=$OPTARG;;
F)
opt_fetch=true;;
q)
@@ -66,7 +69,7 @@ while getopts aACvVdFq opt; do
V)
opt_version=true;;
?)
- echo "Usage: $0 -aACvVdFq"
+ echo "Usage: $0 -aACvVdFq [-f file]"
exit 2;;
esac
done
@@ -143,3 +146,8 @@ if $opt_audittree; then
echo "${VULCNT} ports with unmarked vulnerabilities."
fi
+
+if [ -n "$opt_file" ]; then
+ portaudit_prerequisites
+ audit_file "$opt_file"
+fi
diff --git a/security/portaudit/files/portaudit.functions b/security/portaudit/files/portaudit.functions
index fd0f6c4ea610..f3b6e21db458 100644
--- a/security/portaudit/files/portaudit.functions
+++ b/security/portaudit/files/portaudit.functions
@@ -116,7 +116,7 @@ portaudit_prerequisites()
fi
PKG_INSTALL_VER=`${PKG_INFO} -qP 2>/dev/null`
- if [ -z "${PKG_INSTALL_VER}" -o "${PKG_INSTALL_VER}" -lt 20040125 ]; then
+ if [ -z "${PKG_INSTALL_VER}" -o "${PKG_INSTALL_VER}" -lt %%REQPKGVER%% ]; then
echo "${PKG_INFO} is too old, please update port sysutils/pkg_install-devel"
return 1
fi
@@ -139,28 +139,59 @@ portaudit_prerequisites()
audit_installed()
{
- extract_auditfile | /usr/bin/awk -F\| "
+ extract_auditfile | /usr/bin/awk -F\| '
BEGIN { vul=0 }
/^(#|\$)/ { next }
{
- cmd=\"${PKG_INFO} -E \\\"\" \$1 \"\\\"\"
+ cmd="'"${PKG_INFO}"' -E \"" $1 "\""
while((cmd | getline pkg) > 0) {
vul++
- print \"Affected package: \" pkg \"\\n\" \
- \"Type of problem: \" \$3 \".\\n\" \
- \"Reference: <\" \$2 \">\\n\"
+ split($2, ref, / /)
+ print "Affected package: " pkg
+ print "Type of problem: " $3 "."
+ for (r in ref)
+ print "Reference: <" ref[r] ">"
+ print ""
}
close(cmd)
}
END {
- print vul \" problem(s) in your installed packages found.\"
+ print vul " problem(s) in your installed packages found."
if (vul > 0) {
- print \"\nYou are advised to update or deinstall\" \
- \" the affected package(s) immediately.\"
+ print "\nYou are advised to update or deinstall" \
+ " the affected package(s) immediately."
exit(1)
}
}
- "
+ '
+}
+
+audit_file()
+{
+ extract_auditfile | /usr/bin/awk -F\| '
+ BEGIN { vul=0 }
+ /^(#|\$)/ { next }
+ {
+ cmd="'"${PKG_VERSION}"' -T - \"" $1 "\" <\"'"${1}"'\""
+ while((cmd | getline pkg) > 0) {
+ vul++
+ split($2, ref, / /)
+ split(pkg, p)
+ print "Affected package: " p[1]
+ print "Type of problem: " $3 "."
+ for (r in ref)
+ print "Reference: <" ref[r] ">"
+ print ""
+ }
+ close(cmd)
+ }
+ END {
+ print vul " problem(s) in found."
+ if (vul > 0) {
+ exit(1)
+ }
+ }
+ '
}
audit_cwd()
@@ -174,22 +205,22 @@ audit_cwd()
FORBIDDEN=`echo "${PKGSTATE}" | /usr/bin/sed -ne '2p'`
PKGORIGIN=`echo "${PKGSTATE}" | /usr/bin/sed -ne '3p'`
- VLIST=`extract_auditfile | /usr/bin/awk -F\| " \
- /^[^#]/ { \
- if (!system(\"${PKG_VERSION} -T '${PKGNAME}' '\" \\$1 \"'\")) \
- print \"- <\" \\$2 \">\" \
- } \
- "`
-
- if [ -n "${VLIST}" -a -z "${FORBIDDEN}" ]; then
- echo
- echo "Port ${PKGNAME} (${PKGORIGIN}) should be marked FORBIDDEN:"
- echo "${VLIST}"
- VULCNT=$((${VULCNT}+1))
- elif $opt_verbose && [ -n "${VLIST}" ]; then
- echo
- echo "Good: port ${PKGNAME} (${PKGORIGIN}) is marked FORBIDDEN: ${FORBIDDEN}"
- echo "${VLIST}"
+ if VLIST=`extract_auditfile | /usr/bin/grep -v '^#' | ${PKG_VERSION} -T "${PKGNAME}" -`; then
+ if [ -z "${FORBIDDEN}" ]; then
+ echo
+ echo "Port ${PKGNAME} (${PKGORIGIN}) should be marked FORBIDDEN:"
+ VULCNT=$((${VULCNT}+1))
+ elif $opt_verbose; then
+ echo
+ echo "Good: port ${PKGNAME} (${PKGORIGIN}) is marked FORBIDDEN: ${FORBIDDEN}"
+ fi
+ if [ -z "${FORBIDDEN}" ] || $opt_verbose; then
+ echo "${VLIST}" | /usr/bin/awk -F\| '{
+ split($2, ref, / /)
+ for (r in ref)
+ print "- <" ref[r] ">"
+ }'
+ fi
fi
}