From 39ac2723041399f6d1aef1651ca357b0b79bb3ff Mon Sep 17 00:00:00 2001 From: pav Date: Mon, 5 Feb 2007 01:08:46 +0000 Subject: Populate a new ports-mgmt category. List of moved ports: devel/portcheckout -> ports-mgmt/portcheckout devel/portlint -> ports-mgmt/portlint devel/portmk -> ports-mgmt/portmk devel/porttools -> ports-mgmt/porttools misc/instant-tinderbox -> ports-mgmt/instant-tinderbox misc/porteasy -> ports-mgmt/porteasy misc/portell -> ports-mgmt/portell misc/portless -> ports-mgmt/portless misc/tinderbox -> ports-mgmt/tinderbox security/jailaudit -> ports-mgmt/jailaudit security/portaudit -> ports-mgmt/portaudit security/portaudit-db -> ports-mgmt/portaudit-db security/vulnerability-test-port -> ports-mgmt/vulnerability-test-port sysutils/barry -> ports-mgmt/barry sysutils/bpm -> ports-mgmt/bpm sysutils/kports -> ports-mgmt/kports sysutils/managepkg -> ports-mgmt/managepkg sysutils/newportsversioncheck -> ports-mgmt/newportsversioncheck sysutils/pib -> ports-mgmt/pib sysutils/pkgfe -> ports-mgmt/pkgfe sysutils/pkg-orphan -> ports-mgmt/pkg-orphan sysutils/pkg_cutleaves -> ports-mgmt/pkg_cutleaves sysutils/pkg_install -> ports-mgmt/pkg_install sysutils/pkg_install-devel -> ports-mgmt/pkg_install-devel sysutils/pkg_remove -> ports-mgmt/pkg_remove sysutils/pkg_rmleaves -> ports-mgmt/pkg_rmleaves sysutils/pkg_trackinst -> ports-mgmt/pkg_trackinst sysutils/pkg_tree -> ports-mgmt/pkg_tree sysutils/portbrowser -> ports-mgmt/portbrowser sysutils/portconf -> ports-mgmt/portconf sysutils/portdowngrade -> ports-mgmt/portdowngrade sysutils/portcheck -> ports-mgmt/portcheck sysutils/portmanager -> ports-mgmt/portmanager sysutils/portmaster -> ports-mgmt/portmaster sysutils/portscout -> ports-mgmt/portscout sysutils/portsearch -> ports-mgmt/portsearch sysutils/portsman -> ports-mgmt/portsman sysutils/portsnap -> ports-mgmt/portsnap sysutils/portsopt -> ports-mgmt/portsopt sysutils/portupgrade -> ports-mgmt/portupgrade sysutils/portupgrade-devel -> ports-mgmt/portupgrade-devel sysutils/port-authoring-tools -> ports-mgmt/port-authoring-tools sysutils/port-maintenance-tools -> ports-mgmt/port-maintenance-tools sysutils/psearch -> ports-mgmt/psearch sysutils/p5-FreeBSD-Portindex -> ports-mgmt/p5-FreeBSD-Portindex sysutils/qtpkg -> ports-mgmt/qtpkg textproc/p5-FreeBSD-Ports -> ports-mgmt/p5-FreeBSD-Ports Repocopies by: marcus --- security/Makefile | 4 - security/jailaudit/Makefile | 34 - security/jailaudit/distinfo | 3 - security/jailaudit/pkg-descr | 20 - security/jailaudit/pkg-plist | 11 - security/portaudit-db/Makefile | 44 - security/portaudit-db/database/portaudit.txt | 84 -- security/portaudit-db/database/portaudit.xlist | 26 - security/portaudit-db/database/portaudit.xml | 1107 --------------------- security/portaudit-db/database/portaudit2vuxml.pl | 149 --- security/portaudit-db/files/packaudit.conf | 9 - security/portaudit-db/files/packaudit.sh | 142 --- security/portaudit-db/files/portaudit2vuxml.awk | 95 -- security/portaudit-db/files/vuxml2html.xslt | 329 ------ security/portaudit-db/files/vuxml2portaudit.xslt | 92 -- security/portaudit-db/pkg-descr | 16 - security/portaudit-db/pkg-plist | 8 - security/portaudit/Makefile | 82 -- security/portaudit/files/portaudit-cmd.sh | 478 --------- security/portaudit/files/portaudit.1 | 175 ---- security/portaudit/files/portaudit.conf | 19 - security/portaudit/files/portaudit.sh | 61 -- security/portaudit/pkg-deinstall | 19 - security/portaudit/pkg-descr | 16 - security/portaudit/pkg-install | 36 - security/portaudit/pkg-plist | 7 - security/portaudit/pkg-req | 32 - security/vulnerability-test-port/Makefile | 35 - security/vulnerability-test-port/pkg-descr | 20 - 29 files changed, 3153 deletions(-) delete mode 100644 security/jailaudit/Makefile delete mode 100644 security/jailaudit/distinfo delete mode 100644 security/jailaudit/pkg-descr delete mode 100644 security/jailaudit/pkg-plist delete mode 100644 security/portaudit-db/Makefile delete mode 100644 security/portaudit-db/database/portaudit.txt delete mode 100644 security/portaudit-db/database/portaudit.xlist delete mode 100644 security/portaudit-db/database/portaudit.xml delete mode 100644 security/portaudit-db/database/portaudit2vuxml.pl delete mode 100644 security/portaudit-db/files/packaudit.conf delete mode 100644 security/portaudit-db/files/packaudit.sh delete mode 100644 security/portaudit-db/files/portaudit2vuxml.awk delete mode 100644 security/portaudit-db/files/vuxml2html.xslt delete mode 100644 security/portaudit-db/files/vuxml2portaudit.xslt delete mode 100644 security/portaudit-db/pkg-descr delete mode 100644 security/portaudit-db/pkg-plist delete mode 100644 security/portaudit/Makefile delete mode 100644 security/portaudit/files/portaudit-cmd.sh delete mode 100644 security/portaudit/files/portaudit.1 delete mode 100644 security/portaudit/files/portaudit.conf delete mode 100644 security/portaudit/files/portaudit.sh delete mode 100644 security/portaudit/pkg-deinstall delete mode 100644 security/portaudit/pkg-descr delete mode 100644 security/portaudit/pkg-install delete mode 100644 security/portaudit/pkg-plist delete mode 100644 security/portaudit/pkg-req delete mode 100644 security/vulnerability-test-port/Makefile delete mode 100644 security/vulnerability-test-port/pkg-descr (limited to 'security') diff --git a/security/Makefile b/security/Makefile index 733b82ba21c2..bd1a627dad6e 100644 --- a/security/Makefile +++ b/security/Makefile @@ -197,7 +197,6 @@ SUBDIR += isakmpd SUBDIR += isnprober SUBDIR += its4 - SUBDIR += jailaudit SUBDIR += jce_policy14 SUBDIR += john SUBDIR += kedpm @@ -557,8 +556,6 @@ SUBDIR += pktsuckers SUBDIR += poc SUBDIR += poly1305aes - SUBDIR += portaudit - SUBDIR += portaudit-db SUBDIR += portscanner SUBDIR += portsentry SUBDIR += ppars @@ -716,7 +713,6 @@ SUBDIR += vpnc SUBDIR += vpnd SUBDIR += vscan - SUBDIR += vulnerability-test-port SUBDIR += vuxml SUBDIR += vxquery SUBDIR += webfwlog diff --git a/security/jailaudit/Makefile b/security/jailaudit/Makefile deleted file mode 100644 index bc9738dc4a98..000000000000 --- a/security/jailaudit/Makefile +++ /dev/null @@ -1,34 +0,0 @@ -# New ports collection makefile for: jailaudit -# Date created: 21 October 2005 -# Whom: cryx -# -# $FreeBSD$ -# - -PORTNAME= jailaudit -PORTVERSION= 1.2 -CATEGORIES= security -MASTER_SITES= http://outpost.h3q.com/software/jailaudit/ - -MAINTAINER= cryx-ports@h3q.com -COMMENT= Script to generate portaudit reports for jails - -RUN_DEPENDS= ${LOCALBASE}/sbin/portaudit:${PORTSDIR}/security/portaudit - -USE_BZIP2= yes - -PERIODICDIR?= ${PREFIX}/etc/periodic -REPORTDIR?= ${PREFIX}/jailaudit/reports -TMPDIR?= ${PREFIX}/jailaudit/tmp - -PLIST_SUB+= PERIODICDIR="${PERIODICDIR:S,^${PREFIX}/,,}" \ - REPORTDIR="${REPORTDIR:S,^${PREFIX}/,,}" \ - TMPDIR="${TMPDIR:S,^${PREFIX}/,,}" - -.include - -.if ( ${OSVERSION} < 501000 ) -IGNORE= needs the jls utility which was added in FreeBSD 5.1 -.endif - -.include diff --git a/security/jailaudit/distinfo b/security/jailaudit/distinfo deleted file mode 100644 index 804a685dae44..000000000000 --- a/security/jailaudit/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -MD5 (jailaudit-1.2.tar.bz2) = 42ba69b07906ebfc29bf3d31c07e88bf -SHA256 (jailaudit-1.2.tar.bz2) = 5cf7f3a75f5b13cf617ed432eb90453cc2bc152685a0146329e828bea8840689 -SIZE (jailaudit-1.2.tar.bz2) = 2599 diff --git a/security/jailaudit/pkg-descr b/security/jailaudit/pkg-descr deleted file mode 100644 index 0933960c9516..000000000000 --- a/security/jailaudit/pkg-descr +++ /dev/null @@ -1,20 +0,0 @@ -This port contains a script to generate portaudit reports for jails -running on a FreeBSD system. - -Normally portaudit just creates reports for the Host-system or the jail -it is installed in. With a large number of jails running on a system, -installing and updating portaudit in every jail is time-consuming and -error-prone. Jailaudit uses the portaudit installed in the Host-system -to create a report for every jail. - -The reports are appended to the daily security run and can be sent to a -specific mail address, which allows the Host-system administrator to -dispatch portaudit reports to the owners of jails, keeping them informed -about potential security advisories of their installed ports. - -Jailaudit can be used on FreeBSD 5.1 or larger. - -WWW: https://anonsvn.h3q.com/projects/jailaudit/ - -- cryx -Philipp Wuensche diff --git a/security/jailaudit/pkg-plist b/security/jailaudit/pkg-plist deleted file mode 100644 index 43a7a083dd0d..000000000000 --- a/security/jailaudit/pkg-plist +++ /dev/null @@ -1,11 +0,0 @@ -bin/jailaudit -etc/jailaudit.conf.sample -%%PERIODICDIR%%/security/410.jailaudit -@dirrmtry %%PERIODICDIR%%/security -@dirrmtry %%PERIODICDIR%% -@exec mkdir -p %D/%%REPORTDIR%% -@dirrmtry %%REPORTDIR%% -@exec mkdir -p %D/%%TMPDIR%% -@dirrmtry %%TMPDIR%% -@unexec rmdir %DPDIR%% 2>/dev/null || true -@dirrmtry jailaudit diff --git a/security/portaudit-db/Makefile b/security/portaudit-db/Makefile deleted file mode 100644 index db754b90df57..000000000000 --- a/security/portaudit-db/Makefile +++ /dev/null @@ -1,44 +0,0 @@ -# New ports collection makefile for: portaudit-db -# Date created: 12 Jun 2004 -# Whom: Oliver Eikemeier -# -# $FreeBSD$ -# - -PORTNAME= portaudit-db -PORTVERSION= 0.2.3 -CATEGORIES= security -DISTFILES= - -MAINTAINER= secteam@FreeBSD.org -COMMENT= Creates a portaudit database from a current ports tree - -RUN_DEPENDS= xsltproc:${PORTSDIR}/textproc/libxslt - -DEPENDS_ARGS+= WITHOUT_PYTHON=yes - -DATABASEDIR?= ${AUDITFILE:H} - -PLIST_SUB+= DATABASEDIR="${DATABASEDIR}" - -SED_SCRIPT= -e 's,%%PREFIX%%,${PREFIX},g' \ - -e "s|%%DATADIR%%|${DATADIR}|g" \ - -e "s|%%LOCALBASE%%|${LOCALBASE}|g" \ - -e "s|%%PORTSDIR%%|${PORTSDIR}|g" \ - -e "s|%%PORTVERSION%%|${PORTVERSION}|g" \ - -e "s|%%DATABASEDIR%%|${DATABASEDIR}|g" - -do-build: - @for f in packaudit.sh packaudit.conf; do \ - ${SED} ${SED_SCRIPT} "${FILESDIR}/$$f" > "${WRKDIR}/$$f"; \ - done - -do-install: - @${INSTALL_SCRIPT} ${WRKDIR}/packaudit.sh ${PREFIX}/bin/packaudit - @${INSTALL_DATA} ${WRKDIR}/packaudit.conf ${PREFIX}/etc/packaudit.conf.sample - @${MKDIR} ${DATADIR} - @${INSTALL_SCRIPT} ${FILESDIR}/portaudit2vuxml.awk ${DATADIR} - @${INSTALL_DATA} ${FILESDIR}/vuxml2html.xslt ${FILESDIR}/vuxml2portaudit.xslt ${DATADIR} - @${MKDIR} ${DATABASEDIR} - -.include diff --git a/security/portaudit-db/database/portaudit.txt b/security/portaudit-db/database/portaudit.txt deleted file mode 100644 index ccb7b401f54c..000000000000 --- a/security/portaudit-db/database/portaudit.txt +++ /dev/null @@ -1,84 +0,0 @@ -# portaudit text based database -# $FreeBSD$ -apache>=2.*<2.0.49_1|http://www.osvdb.org/6472 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0488|mod_ssl stack-based buffer overflow|662cd99e-bc9d-11d8-916c-000347dd607f -apache+mod_ssl*<1.3.31+2.8.18|http://www.osvdb.org/6472 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0488|mod_ssl stack-based buffer overflow|662cd99e-bc9d-11d8-916c-000347dd607f -ru-apache+mod_ssl<1.3.31+30.20+2.8.18|http://www.osvdb.org/6472 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0488|mod_ssl stack-based buffer overflow|662cd99e-bc9d-11d8-916c-000347dd607f -apache<1.3.31_1|http://www.osvdb.org/6839 http://www.apacheweek.com/features/security-13|mod_proxy buffer overflow (CAN-2004-0492)|5bcd500c-bc9d-11d8-916c-000347dd607f -apache+mod_ssl*<1.3.31+2.8.18_4|http://www.osvdb.org/6839 http://www.apacheweek.com/features/security-13|mod_proxy buffer overflow (CAN-2004-0492)|5bcd500c-bc9d-11d8-916c-000347dd607f -ru-apache+mod_ssl<=1.3.31+30.20+2.8.18|http://www.osvdb.org/6839 http://www.apacheweek.com/features/security-13|mod_proxy buffer overflow (CAN-2004-0492)|5bcd500c-bc9d-11d8-916c-000347dd607f -dbmail{-mysql,-postgresql}<1.2.8a|http://mailman.fastxs.net/pipermail/dbmail/2004-June/004960.html|DBMail: remote exploitable buffer overflow|3b9b196e-bd12-11d8-b071-00e08110b673 -smtpproxy<=1.1.3|http://0xbadc0ded.org/advisories/0402.txt|smtpproxy: remotely exploitable format string vulnerability|1abf65f9-bc9d-11d8-916c-000347dd607f -subversion{,-perl,-python}<1.0.5|http://www.osvdb.org/6935 http://subversion.tigris.org/security/CAN-2004-0413-advisory.txt|subversion: remote exploitable buffer overflow in 'svn://' parser|4616bc3b-bd0f-11d8-a252-02e0185c0b53 -imp<3.2.4|http://article.gmane.org/gmane.comp.horde.imp/14421/|imp: XSS hole exploited via the Content-type header of malicious emails|911f1b19-bd20-11d8-84f9-000bdb1444a4 -chora<1.2.2|http://article.gmane.org/gmane.comp.horde.chora/610/|chora: hole in the diff code that allowed malicious input|9e09399d-bd21-11d8-84f9-000bdb1444a4 -squirrelmail<1.4.3a|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0519 http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt|SquirrelMail XSS vulnerability|89a0de27-bf66-11d8-a252-02e0185c0b53 -ja-squirrelmail<1.4.3a,1|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0519 http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt|SquirrelMail XSS vulnerability|89a0de27-bf66-11d8-a252-02e0185c0b53 -webmin<1.150|http://www.webmin.com/changes-1.150.html http://www.osvdb.org/6729 http://www.osvdb.org/6730|Multiple vulnerabilities in Webmin|ab61715f-c027-11d8-b00e-000347a4fa7d -racoon<20040617a|http://lists.netsys.com/pipermail/full-disclosure/2004-June/022617.html http://www.securityfocus.com/archive/1/366023 http://securitytracker.com/alerts/2004/Jun/1010495.html http://orange.kame.net/dev/cvsweb.cgi/kame/kame/kame/racoon/crypto_openssl.c#rev1.86 http://www.securityfocus.com/bid/10546 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0607|Racoon may validate invalid certificates|a96c1d37-c033-11d8-b00e-000347a4fa7d -ircd-hybrid<=7.0_1|http://lists.netsys.com/pipermail/full-disclosure/2004-June/022820.html http://www.securityfocus.com/archive/1/366486 http://www.osvdb.org/7242|ircd-hybrid-7 low-bandwidth DoS|23aafa20-c28a-11d8-864c-02e0185c0b53 -ircd-hybrid-ru<=7.1_2|http://lists.netsys.com/pipermail/full-disclosure/2004-June/022820.html http://www.securityfocus.com/archive/1/366486 http://www.osvdb.org/7242|ircd-hybrid-7 low-bandwidth DoS|23aafa20-c28a-11d8-864c-02e0185c0b53 -{,??-}aspell<=0.50.5_2|http://nettwerked.mg2.org/advisories/wlc http://marc.theaimsgroup.com/?l=bugtraq&m=108761564006503&w=2 http://www.securityfocus.com/bid/10497|Buffer overflow in word-list-compress|b7b03bab-c296-11d8-bfb2-000bdb1444a4 -linux-aspell<=0.50.4.1|http://nettwerked.mg2.org/advisories/wlc http://marc.theaimsgroup.com/?l=bugtraq&m=108761564006503&w=2 http://www.securityfocus.com/bid/10497|Buffer overflow in word-list-compress|b7b03bab-c296-11d8-bfb2-000bdb1444a4 -bnbt<7.5b3|http://www.osvdb.org/6336|BNBT Authorization Header DoS|0f9b3542-c35f-11d8-8898-000d6111a684 -scorched3d<0.37.2|http://marc.theaimsgroup.com/?l=bugtraq&m=108152473130133&w=2 http://www.osvdb.org/5086 http://www.freebsd.org/cgi/query-pr.cgi?pr=67541 http://secunia.com/advisories/11319 http://security.gentoo.org/glsa/glsa-200404-12.xml|Scorched 3D server chat box format string vulnerability|36808860-c363-11d8-8898-000d6111a684 -super<3.23.0|http://www.secunia.com/advisories/11899 http://www.debian.org/security/2004/dsa-522 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0579|super format string vulnerability|fae06c04-c38c-11d8-8898-000d6111a684 -mailman<2.1.5|http://mail.python.org/pipermail/mailman-announce/2004-May/000072.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0412 http://www.osvdb.org/6422|mailman allows 3rd parties to retrieve member passwords|2a405a43-c396-11d8-8898-000d6111a684 -roundup<0.7.3|http://www.osvdb.org/6691 http://secunia.com/advisories/11801 http://xforce.iss.net/xforce/xfdb/16350 http://securityfocus.com/bid/10495 http://mail.python.org/pipermail/python-announce-list/2004-May/003126.html|Roundup remote file disclosure vulnerability|40800696-c3b0-11d8-864c-02e0185c0b53 -sqwebmail<4.0.5|http://www.securityfocus.com/archive/1/366595|Sqwebmail XSS vulnerability|c3e56efa-c42f-11d8-864c-02e0185c0b53 -isc-dhcp3<3.0.1.r11|http://www.cert.org/advisories/CA-2003-01.html http://www.kb.cert.org/vuls/id/284857 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0026|ISC DHCPD minires library contains multiple buffer overflows|f71745cd-c509-11d8-8898-000d6111a684 -isc-dhcp3<3.0.1.r11_1|http://www.kb.cert.org/vuls/id/149953 http://www.securityfocus.com/bid/6628 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0039|ISC "dhcrelay" fails to limit hop count when malicious bootp packet is received|02957734-c50b-11d8-8898-000d6111a684 -icecast2<2.0.1,1|http://secunia.com/advisories/11578 http://www.osvdb.org/6075|Icecast remote DoS vulnerability|8de7cf18-c5ca-11d8-8898-000d6111a684 -rssh<2.2.1|http://secunia.com/advisories/11926 http://www.securityfocus.com/archive/1/366691 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0609 http://www.securityfocus.com/bid/10574 http://www.osvdb.org/7239|rssh file existence information disclosure weakness|a4815970-c5cc-11d8-8898-000d6111a684 -sup<=2.0|http://secunia.com/advisories/11898 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0451|CMU SUP logging format string vulnerabilities|238ea8eb-c5cf-11d8-8898-000d6111a684 -rlpr<2.04_1|http://secunia.com/advisories/11906 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0454 http://www.osvdb.org/7194 http://www.osvdb.org/7195 http://securitytracker.com/id?1010545 http://www.securityfocus.com/archive/1/367045|rlpr "msg()" buffer overflow and format string vulnerabilities|29a72da5-c5ea-11d8-8898-000d6111a684 -pure-ftpd<1.0.19|http://www.pureftpd.org/ http://www.osvdb.org/7415|Pure-FTPd DoS when maximum number of connections is reached|ec5cf461-c691-11d8-8898-000d6111a684 -libxine<1.0.r4|http://www.xinehq.de/index.php/security/XSA-2004-3 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0433 http://secunia.com/advisories/11500|xine-lib RTSP handling vulnerabilities|83cbd52c-c8e8-11d8-8898-000d6111a684 -apache>=2.*<2.0.49_3|http://www.guninski.com/httpd1.html http://www.apacheweek.com/features/security-20 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493 http://secunia.com/advisories/11956 http://www.osvdb.org/7269|Apache input header folding DoS vulnerability|81a8c9c2-c94f-11d8-8898-000d6111a684 -isakmpd<20040611|http://lists.netsys.com/pipermail/full-disclosure/2004-June/022399.html http://www.osvdb.org/6951 http://www.secunia.com/advisories/11827 http://www.securityfocus.com/bid/10496|isakmpd security association deletion vulnerability|9a73a5b4-c9b5-11d8-95ca-02e081301d81 -krb5<1.3.4|http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-001-an_to_ln.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0523 http://www.osvdb.org/6846 http://secunia.com/advisories/11753 http://www.kb.cert.org/vuls/id/686862 http://www.securityfocus.com/bid/10448|MIT Kerberos 5 krb5_aname_to_localname() buffer overflow|5177b6e5-c9b7-11d8-95ca-02e081301d81 -png<1.2.5_6|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1363 http://rhn.redhat.com/errata/RHSA-2003-006.html http://www.osvdb.org/7191 http://www.securityfocus.com/bid/6431|libpng row buffer overflow|1b78d43f-d32b-11d8-b479-02e0185c0b53 -linux-png<1.0.14_3|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1363 http://rhn.redhat.com/errata/RHSA-2003-006.html http://www.osvdb.org/7191 http://www.securityfocus.com/bid/6431|libpng row buffer overflow|1b78d43f-d32b-11d8-b479-02e0185c0b53 -{ja-,}bugzilla<2.16.6|http://www.bugzilla.org/security/2.16.5/ http://secunia.com/advisories/12057 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0705 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0707 http://www.securityfocus.com/bid/10698|multiple vulnerabilities in Bugzilla|672975cb-d526-11d8-b479-02e0185c0b53 -wv<=1.0.0_1|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0645 http://www.idefense.com/application/poi/display?id=115&type=vulnerabilities&flashstatus=false http://secunia.com/advisories/12040 http://www.osvdb.org/7761|wv library datetime field buffer overflow|7a5430df-d562-11d8-b479-02e0185c0b53 -ru-apache+mod_ssl<1.3.31+30.20+2.8.19|http://www.mail-archive.com/modssl-users@modssl.org/msg16853.html http://www.mail-archive.com/modssl-users@modssl.org/msg16855.html http://secunia.com/advisories/12077 http://www.osvdb.org/7929|mod_ssl format string vulnerability|a3b7cb56-d8a7-11d8-9b0a-000347a4fa7d -apache+mod_ssl*<1.3.31+2.8.19|http://www.mail-archive.com/modssl-users@modssl.org/msg16853.html http://www.mail-archive.com/modssl-users@modssl.org/msg16855.html http://secunia.com/advisories/12077 http://www.osvdb.org/7929|mod_ssl format string vulnerability|a3b7cb56-d8a7-11d8-9b0a-000347a4fa7d -subversion<1.0.6|http://subversion.tigris.org/security/mod_authz_svn-copy-advisory.txt http://secunia.com/advisories/12079 http://www.osvdb.org/8239|mod_authz_svn access control bypass|cc35a97d-da35-11d8-9b0a-000347a4fa7d -subversion-{perl,python}<1.0.6|http://subversion.tigris.org/security/mod_authz_svn-copy-advisory.txt http://secunia.com/advisories/12079 http://www.osvdb.org/8239|mod_authz_svn access control bypass|cc35a97d-da35-11d8-9b0a-000347a4fa7d -phpbb<2.0.10|http://secunia.com/advisories/12114 http://www.phpbb.com/support/documents.php?mode=changelog#209 http://www.osvdb.org/8164 http://www.osvdb.org/8165 http://www.osvdb.org/8166|phpBB cross site scripting vulnerabilities|c59dbaf0-dbe1-11d8-9b0a-000347a4fa7d -l2tpd<=0.69_2|http://www.securityfocus.com/archive/1/365211 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0649 http://www.osvdb.org/6726 http://secunia.com/advisories/11788|l2tpd BSS-based buffer overflow|807b9ddd-dc11-11d8-9b0a-000347a4fa7d -dropbear<0.43|http://matt.ucc.asn.au/dropbear/dropbear.html http://secunia.com/advisories/12153|Dropbear DSS verification vulnerability|0316f983-dfb6-11d8-9b0a-000347a4fa7d -nessus<2.0.12|http://www.osvdb.org/8167 http://secunia.com/advisories/12127 http://www.securityfocus.com/bid/10784|Nessus "adduser" race condition vulnerability|054e4aad-dfb6-11d8-9b0a-000347a4fa7d -nessus-devel>=2.*<2.1.1|http://www.osvdb.org/8167 http://secunia.com/advisories/12127 http://www.securityfocus.com/bid/10784|Nessus "adduser" race condition vulnerability|054e4aad-dfb6-11d8-9b0a-000347a4fa7d -pavuk<=0.9.28_5|http://www.securityfocus.com/archive/1/370248 http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1119.html http://secunia.com/advisories/12152 http://www.osvdb.org/8242 http://www.securityfocus.com/bid/10797 http://www.gentoo.org/cgi-bin/viewcvs.cgi/net-misc/pavuk/files/pavuk-0.9.28-digest_auth.c.patch|pavuk digest auth buffer overflow|f67ea071-dfb8-11d8-9b0a-000347a4fa7d -lcdproc<0.4.5|http://sourceforge.net/project/shownotes.php?release_id=230910 http://secunia.com/advisories/11333 http://www.securityfocus.com/archive/1/360209 http://www.securityfocus.com/bid/10085 http://www.osvdb.org/5157 http://www.osvdb.org/5158 http://www.osvdb.org/5159 http://www.osvdb.org/5160|LCDProc buffer overflow/format string vulnerabilities|62d23317-e072-11d8-9a79-000347dd607f -dansguardian<2.8.0.1|http://secunia.com/advisories/12191 http://www.securityfocus.com/archive/1/370346 http://www.osvdb.org/8270|DansGuardian banned extension filter bypass vulnerability|f6fd9200-e20e-11d8-9b0a-000347a4fa7d -imp<3.2.5|http://www.greymagic.com/security/advisories/gm005-mc/ http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.389.2.106&r2=1.389.2.109&ty=h http://secunia.com/advisories/12202|XSS hole in the HTML viewer - This vulnerability only exists when using the Internet Explorer to access IMP and only when using the inline MIME viewer for HTML messages.|49189b47-e24d-11d8-9f75-000bdb1444a4 -phpMyAdmin<2.5.7.1|http://www.securityfocus.com/archive/1/367486 http://www.securityfocus.com/bid/10629 http://secunia.com/SA11974 http://www.osvdb.org/7314 http://www.osvdb.org/7315|phpMyAdmin configuration manipulation and code injection|56648b44-e301-11d8-9b0a-000347a4fa7d -gnutls<1.0.17|http://www.hornik.sk/SA/SA-20040802.txt http://secunia.com/advisories/12156|GnuTLS certificate chain verification DoS|84ab58cf-e4ac-11d8-9b0a-000347a4fa7d -gnutls-devel>=1.1.*<1.1.12|http://www.hornik.sk/SA/SA-20040802.txt http://secunia.com/advisories/12156|GnuTLS certificate chain verification DoS|84ab58cf-e4ac-11d8-9b0a-000347a4fa7d -{linux-,}opera<7.54|http://www.opera.com/freebsd/changelogs/754/ http://www.greymagic.com/security/advisories/gm008-op/ http://secunia.com/advisories/12233 http://www.osvdb.org/8331|Opera "location" object write access vulnerability|0deed2ce-e6f5-11d8-9a79-000347dd607f -putty<0.55|http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html http://www.coresecurity.com/common/showdoc.php?idx=417&idxseccion=10 http://www.osvdb.org/8299 http://secunia.com/advisories/12212|modified server can execute commands on the client|4424f4db-e697-11d8-bf04-000c763e9a47 -cfengine2<2.1.8|http://www.coresecurity.com/common/showdoc.php?idx=387&idxseccion=10 http://secunia.com/advisories/12251|cfengine authentication heap corruption|f2a1dc8b-ea66-11d8-9440-000347a4fa7d -sympa<4.1.2|http://secunia.com/advisories/12286 http://www.sympa.org/release.html http://xforce.iss.net/xforce/xfdb/16984 http://www.securityfocus.com/bid/10941|Sympa unauthorized list creation|4a160c54-ed46-11d8-81b0-000347a4fa7d -phpgedview<2.65.5|http://sourceforge.net/forum/forum.php?forum_id=344342 http://secunia.com/advisories/10602 http://www.osvdb.org/3473 http://www.osvdb.org/3474 http://www.osvdb.org/3475 http://www.osvdb.org/3476 http://www.osvdb.org/3477 http://www.osvdb.org/3478 http://www.osvdb.org/3479 http://www.osvdb.org/3480 http://www.osvdb.org/3481 http://www.osvdb.org/3482 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0067 http://www.securityfocus.com/archive/1/349698|phpGedView: muliple vulnerabilities|c35d4cae-eed0-11d8-81b0-000347a4fa7d -{ja-,}phpgroupware<0.9.14.007|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0016 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0017 http://www.securityfocus.com/bid/9386 http://www.securityfocus.com/bid/9387 http://xforce.iss.net/xforce/xfdb/13489 http://xforce.iss.net/xforce/xfdb/14846 http://www.osvdb.org/2691 http://www.osvdb.org/6857 http://secunia.com/advisories/10046|phpGroupWare calendar and infolog SQL injection, calendar server side script execution|96fc0f03-ef13-11d8-81b0-000347a4fa7d -{ja-,}phpgroupware<0.9.16.002|http://freshmeat.net/releases/168144 http://www.osvdb.org/8354 http://xforce.iss.net/xforce/xfdb/16970|phpGroupWare stores passwords in plain text|82f16a40-ef12-11d8-81b0-000347a4fa7d -gallery<1.4.4.1|http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0757.html http://xforce.iss.net/xforce/xfdb/17021 http://www.osvdb.org/9019 http://secunia.com/advisories/12316 http://www.securityfocus.com/bid/10968|Gallery arbitrary PHP file upload|031663de-f0a6-11d8-81b0-000347a4fa7d -apache>=2.*<2.0.50_2|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751 http://issues.apache.org/bugzilla/show_bug.cgi?id=30134 http://issues.apache.org/bugzilla/show_bug.cgi?id=27945 http://issues.apache.org/bugzilla/show_bug.cgi?id=29690|potential security flaws in mod_ssl|0e08f539-f151-11d8-81b0-000347a4fa7d -a2ps-{a4,letter,letterdj}<4.13b_2|http://www.freebsd.org/cgi/query-pr.cgi?pr=70618 http://secunia.com/advisories/12375 http://www.osvdb.org/9176 http://www.securityfocus.com/bid/11025|a2ps: Possible execution of shell commands as local user|8091fcea-f35e-11d8-81b0-000347a4fa7d -{ja-,}xv<=3.10a_3|http://secunia.com/advisories/12352 http://www.securityfocus.com/archive/1/372345 http://www.osvdb.org/9115 http://www.osvdb.org/9118 http://www.osvdb.org/9119 http://www.osvdb.org/9120 http://www.securityfocus.com/bid/10985|multiple buffer overflows in xv|34c453ba-f686-11d8-81b0-000347a4fa7d -nss<3.9|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0564 http://secunia.com/advisories/11096 http://www.osvdb.org/4197|Mozilla / NSS S/MIME DoS vulnerability|65532ad9-f69b-11d8-81b0-000347a4fa7d -{ja-,ru-,}gaim<0.82|http://www.osvdb.org/9261 http://www.osvdb.org/9262 http://www.osvdb.org/9263 http://www.osvdb.org/9264 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0754 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0785 http://www.securityfocus.com/bid/11056 http://gaim.sourceforge.net/security/index.php|multiple vulnerabilities in gaim|8b29b312-fa6e-11d8-81b0-000347a4fa7d -{ja-,}samba<2.2.11.*|http://www.samba.org/samba/history/samba-2.2.11.html http://secunia.com/advisories/12397 http://www.osvdb.org/9362|samba printer change notification request DoS|d8ce23a5-fadc-11d8-81b0-000347a4fa7d -squid>=2.5.*<2.5.6_7|http://secunia.com/advisories/12444 http://www.squid-cache.org/bugs/show_bug.cgi?id=1045 http://www.securityfocus.com/bid/11098|Squid NTLM authentication helper DoS|7c351421-fdbd-11d8-81b0-000347a4fa7d -FreeBSD>=502120<503000|http://secunia.com/advisories/11129 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0797 http://www.osvdb.org/9360 http://www.osvdb.org/9361 http://www.securityfocus.com/bid/11051|zlib DoS vulnerability|1b98165f-fdd9-11d8-81b0-000347a4fa7d -FreeBSD>=600000<600001|http://secunia.com/advisories/11129 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0797 http://www.osvdb.org/9360 http://www.osvdb.org/9361 http://www.securityfocus.com/bid/11051|zlib DoS vulnerability|1b98165f-fdd9-11d8-81b0-000347a4fa7d -{ja-,}phpgroupware<0.9.16.003|http://secunia.com/advisories/12466 http://phpgroupware.org/ http://www.osvdb.org/9729 http://freshmeat.net/releases/171909|XSS vulnerability in phpGroupWare wiki module|64726098-00aa-11d9-81b0-000347a4fa7d -star>=1.5.*<1.5.a.46|http://lists.berlios.de/pipermail/star-users/2004-August/000239.html http://secunia.com/advisories/12484|Vulnerability in star versions that support ssh for remote tape access|6a5b2998-01c0-11d9-81b0-000347a4fa7d -multi-gnome-terminal<=1.6.2_1|http://www.gentoo.org/security/en/glsa/glsa-200409-10.xml http://cvs.sourceforge.net/viewcvs.py/multignometerm/multignometerm/gnome-terminal/enhanced_gui.c?r1=text&tr1=1.252&r2=text&tr2=1.253&diff_format=u http://www.osvdb.org/9752|Possible information leak in multi-gnome-terminal|cad7a2f4-01c2-11d9-81b0-000347a4fa7d -usermin<1.090|http://secunia.com/advisories/12488 http://www.webmin.com/uchanges.html http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html http://www.osvdb.org/9775 http://www.osvdb.org/9776|Usermin remote shell command injection and insecure installation vulnerability|9ef2a3cf-01c3-11d9-81b0-000347a4fa7d -mpg123<=0.59r_13|http://secunia.com/advisories/12478 http://www.osvdb.org/9748 http://www.alighieri.org/advisories/advisory-mpg123.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0805|mpg123 layer 2 decoder buffer overflow|780671ac-01e0-11d9-81b0-000347a4fa7d -imp<3.2.6|http://thread.gmane.org/gmane.comp.horde.imp/15488 http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.389.2.109&r2=1.389.2.111&ty=h|XSS hole in the HTML viewer - The script vulnerabilities can only be exposed with certain browsers and allow XSS attacks when viewing HTML messages with the HTML MIME viewer.|efc4819b-0b2d-11d9-bfe1-000bdb1444a4 -koffice<1.3.2_1,1|http://kde.org/info/security/advisory-20041021-1.txt|Multiple integer overflow and integer arithmetic flaws in imported xpdf code|ecf6713f-2549-11d9-945e-00e018f69096 -kdegraphics>=3.2.0<3.3.0_1|http://kde.org/info/security/advisory-20041021-1.txt|Multiple integer overflow and integer arithmetic flaws in imported xpdf code|6a04bf0e-254b-11d9-945e-00e018f69096 -horde{-php5}=3.0|http://thread.gmane.org/gmane.comp.horde.user/10059|Horde: two XSS vulnerabilities can be exposed by making an authenticated user click on a specially crafted URL and allows to execute JavaScript code in the context of Horde.|338d1723-5f03-11d9-92a7-000bdb1444a4 diff --git a/security/portaudit-db/database/portaudit.xlist b/security/portaudit-db/database/portaudit.xlist deleted file mode 100644 index 034472c025f7..000000000000 --- a/security/portaudit-db/database/portaudit.xlist +++ /dev/null @@ -1,26 +0,0 @@ -# portaudit exclude list -# $FreeBSD$ -3362f2c1-8344-11d8-a41f-0020ed76ef5a -5e7f58c3-b3f8-4258-aeb8-795e5e940ff8 -4aec9d58-ce7b-11d8-858d-000d610a3b12 -78348ea2-ec91-11d8-b913-000c41e2cdad -641859e8-eca1-11d8-b913-000c41e2cdad -603fe36d-ec9d-11d8-b913-000c41e2cdad -2de14f7a-dad9-11d8-b59a-00061bc2ad93 -7a9d5dfe-c507-11d8-8898-000d6111a684 -3a408f6f-9c52-11d8-9366-0020ed76ef5a -e5e2883d-ceb9-11d8-8898-000d6111a684 -74d06b67-d2cf-11d8-b479-02e0185c0b53 -265c8b00-d2d0-11d8-b479-02e0185c0b53 -4764cfd6-d630-11d8-b479-02e0185c0b53 -730db824-e216-11d8-9b0a-000347a4fa7d -f9e3e60b-e650-11d8-9b0a-000347a4fa7d -abe47a5a-e23c-11d8-9b0a-000347a4fa7d -a713c0f9-ec54-11d8-9440-000347a4fa7d -5b8f9a02-ec93-11d8-b913-000c41e2cdad -65a17a3f-ed6e-11d8-aff1-00061bc2ad93 -e811aaf1-f015-11d8-876f-00902714cc7c -ebffe27a-f48c-11d8-9837-000c41e2cdad -0d3a5148-f512-11d8-9837-000c41e2cdad -b6cad7f3-fb59-11d8-9837-000c41e2cdad -d2102505-f03d-11d8-81b0-000347a4fa7d diff --git a/security/portaudit-db/database/portaudit.xml b/security/portaudit-db/database/portaudit.xml deleted file mode 100644 index 61aac6d73564..000000000000 --- a/security/portaudit-db/database/portaudit.xml +++ /dev/null @@ -1,1107 +0,0 @@ - - - - - - - MPlayer remotely exploitable buffer overflow in the ASX parser - - - mplayer{,-gtk}{,-esound} - 0.92 - - - - -

A remotely exploitable buffer overflow vulnerability was found in - MPlayer. A malicious host can craft a harmful ASX header, - and trick MPlayer into executing arbitrary code upon parsing that header.

- - - - http://www.mplayerhq.hu/ - http://www.securityfocus.com/archive/1/339330 - http://www.securityfocus.com/archive/1/339193 - CAN-2003-0835 - 8702 - - - 2003-09-24 - 2004-03-30 - - - - - MPlayer remotely exploitable buffer overflow in the HTTP parser - - - mplayer{,-gtk}{,-esound} - 0.92.1 - - - - -

A remotely exploitable buffer overflow vulnerability was found in - MPlayer. A malicious host can craft a harmful HTTP header ("Location:"), - and trick MPlayer into executing arbitrary code upon parsing that header.

- - - - http://www.mplayerhq.hu/ - http://www.securityfocus.com/archive/1/359029 - http://www.securityfocus.com/archive/1/359025 - CAN-2004-0386 - - - 2004-03-29 - 2004-03-30 - - - - - - - - - - - - - SSLtelnet remote format string vulnerability - - - SSLtelnet - 0.13_1 - - - - -

SSLtelnet contains a format string vulnerability - that could allow remote code execution.

- - - - http://lists.freebsd.org/pipermail/freebsd-ports/2004-June/013878.html - http://www.idefense.com/application/poi/display?id=114&type=vulnerabilities&flashstatus=false - CAN-2004-0640 - http://www.osvdb.org/7594 - http://secunia.com/advisories/12032 - - - 2003-04-03 - 2004-06-30 - - - - - - - - - - - - - - - - - - - - - Acrobat Reader handling of malformed uuencoded pdf files - - - acroread - 5.09 - - - - -

Remote exploitation of an input validation error in the uudecoding - feature of Adobe Acrobat Reader (Unix) 5.0 allows an attacker to execute - arbitrary code.

- - - - http://www.osvdb.org/7429 - http://freshmeat.net/releases/164883 - CAN-2004-0630 - CAN-2004-0631 - http://secunia.com/advisories/12285 - http://xforce.iss.net/xforce/xfdb/16972 - http://xforce.iss.net/xforce/xfdb/16973 - http://www.idefense.com/application/poi/display?id=124&type=vulnerabilities&flashstatus=false - http://www.idefense.com/application/poi/display?id=125&type=vulnerabilities&flashstatus=false - http://www.osvdb.org/8654 - http://www.osvdb.org/8655 - 10931 - 10932 - - - 2004-03-30 - 2004-08-04 - - - - - - - - - - - - - KDElibs temporary directory vulnerability - - - kdelibs - 3.2.3_5 - - - - -

In some cases the - integrity of symlinks used by KDE are not ensured and that - these symlinks can be pointing to stale locations. This can - be abused by a local attacker to create or truncate arbitrary - files or to prevent KDE applications from functioning - correctly (Denial of Service).

- - - - http://www.kde.org/info/security/advisory-20040811-1.txt - CAN-2004-0689 - http://www.osvdb.org/8589 - http://secunia.com/advisories/12276 - - - 2004-06-23 - 2004-08-12 - 2004-08-13 - - - - - DCOPServer Temporary Filename Vulnerability - - - kdelibs - 3.2.3_4 - - - - -

KDE's DCOPServer creates - temporary files in an insecure manner. Since the temporary - files are used for authentication related purposes this can - potentially allow a local attacker to compromise the account of - any user which runs a KDE application.

- - - - http://www.kde.org/info/security/advisory-20040811-2.txt - CAN-2004-0690 - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261386 - http://www.osvdb.org/8590 - http://secunia.com/advisories/12276 - - - 2004-07-25 - 2004-08-12 - 2004-08-13 - - - - - - - - - Konqueror frame injection vulnerability - - - kdebase - 3.2.3_1 - - - kdelibs - 3.2.3_3 - - - - -

The Konqueror webbrowser allows websites to load webpages into - a frame of any other frame-based webpage that the user may have open.

- - - - http://www.kde.org/info/security/advisory-20040811-3.txt - CAN-2004-0721 - http://secunia.com/advisories/11978 - http://www.heise.de/newsticker/meldung/48793 - http://bugs.kde.org/show_bug.cgi?id=84352 - - - 2004-07-01 - 2004-08-11 - 2004-08-13 - - - - - Multiple Potential Buffer Overruns in Samba - - - samba - 3.*3.0.5,1 - 2.2.10 - - - ja-samba - 2.2.10.* - - - - -

Evgeny Demidov discovered that the Samba server has a - buffer overflow in the Samba Web Administration Tool (SWAT) - on decoding Base64 data during HTTP Basic Authentication. - Versions 3.0.2 through 3.0.4 are affected.

-

Another buffer overflow bug has been found in the code - used to support the "mangling method = hash" smb.conf - option. The default setting for this parameter is "mangling - method = hash2" and therefore not vulnerable. Versions - between 2.2.0 through 2.2.9 and 3.0.0 through 3.0.4 are affected. -

- - - - CAN-2004-0600 - CAN-2004-0686 - http://www.securityfocus.com/archive/1/369698 - http://www.securityfocus.com/archive/1/369706 - http://www.samba.org/samba/whatsnew/samba-3.0.5.html - http://www.samba.org/samba/whatsnew/samba-2.2.10.html - http://www.osvdb.org/8190 - http://www.osvdb.org/8191 - http://secunia.com/advisories/12130 - - - 2004-07-14 - 2004-07-21 - 2004-07-22 - - - - - isc-dhcp3-server buffer overflow in logging mechanism - - - isc-dhcp3-{relay,server} - 3.0.1.r123.0.1.r14 - - - - -

A buffer overflow exists in the logging functionality - of the DHCP daemon which could lead to Denial of Service - attacks and has the potential to allow attackers to - execute arbitrary code.

- - - - CAN-2004-0460 - http://www.osvdb.org/7237 - TA04-174A - 317350 - http://www.securityfocus.com/archive/1/366801 - http://www.securityfocus.com/archive/1/367286 - - - 2004-06-22 - 2004-06-25 - 2004-06-28 - - - - - libpng denial-of-service - - - linux-png - 1.0.14_3 - 1.2.*1.2.2 - - - png - 1.2.5_4 - - - - -

Steve Grubb reports a buffer read overrun in - libpng's png_format_buffer function. A specially - constructed PNG image processed by an application using - libpng may trigger the buffer read overrun and possibly - result in an application crash.

- - - - CAN-2004-0421 - http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120508 - http://rhn.redhat.com/errata/RHSA-2004-181.html - http://secunia.com/advisories/11505 - http://www.osvdb.org/5726 - 10244 - http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7 - - - 2004-04-29 - 2004-05-02 - 2004-08-10 - - - - - MySQL authentication bypass / buffer overflow - - - mysql-server - 4.1.*4.1.3 - 5.*5.0.0_2 - - - - -

By submitting a carefully crafted authentication packet, it is possible - for an attacker to bypass password authentication in MySQL 4.1. Using a - similar method, a stack buffer used in the authentication mechanism can - be overflowed.

- - - - http://www.nextgenss.com/advisories/mysql-authbypass.txt - http://dev.mysql.com/doc/mysql/en/News-4.1.3.html - http://secunia.com/advisories/12020 - http://www.osvdb.org/7475 - http://www.osvdb.org/7476 - http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0003.html - CAN-2004-0627 - CAN-2004-0628 - 184030 - 645326 - - - 2004-07-01 - 2004-07-05 - - - - - multiple vulnerabilities in ethereal - - - ethereal{,-lite} - tethereal{,-lite} - 0.10.4 - - - - -

Issues have been discovered in multiple protocol dissectors.

- - - - http://www.ethereal.com/appnotes/enpa-sa-00014.html - CAN-2004-0504 - CAN-2004-0505 - CAN-2004-0506 - CAN-2004-0507 - http://secunia.com/advisories/11608 - 10347 - http://www.osvdb.org/6131 - http://www.osvdb.org/6132 - http://www.osvdb.org/6133 - http://www.osvdb.org/6134 - - - 2004-05-13 - 2004-07-11 - - - - - multiple vulnerabilities in ethereal - - - ethereal{,-lite} - tethereal{,-lite} - 0.10.5 - - - - -

Issues have been discovered in multiple protocol dissectors.

- - - - http://www.ethereal.com/appnotes/enpa-sa-00015.html - CAN-2004-0633 - CAN-2004-0634 - CAN-2004-0635 - http://secunia.com/advisories/12024 - 10672 - http://www.osvdb.org/7536 - http://www.osvdb.org/7537 - http://www.osvdb.org/7538 - - - 2004-07-06 - 2004-07-11 - - - - - PHP memory_limit and strip_tags() vulnerabilities - - - php4 - php4-{cgi,cli,dtc,horde,nms} - mod_php4-twig - 4.3.8 - - - mod_php4 - 4.3.8,1 - - - php5 - php5-{cgi,cli} - 5.0.0 - - - mod_php5 - 5.0.0,1 - - - - -

Stefan Esser has reported two vulnerabilities in PHP, which can - be exploited by malicious people to bypass security functionality - or compromise a vulnerable system. An error within PHP's memory_limit - request termination allows remote code execution on PHP servers - with activated memory_limit. A binary safety problem within PHP's - strip_tags() function may allow injection of arbitrary tags in - Internet Explorer and Safari browsers.

- - - - http://www.php.net/ChangeLog-4.php - http://www.php.net/ChangeLog-5.php - http://security.e-matters.de/advisories/112004.html - http://security.e-matters.de/advisories/122004.html - http://secunia.com/advisories/12064 - http://www.osvdb.org/7870 - http://www.osvdb.org/7871 - CAN-2004-0594 - CAN-2004-0595 - - - 2007-07-07 - 2004-07-15 - - - - - Mozilla / Firefox user interface spoofing vulnerability - - - firefox - 0.9.1_1 - - - linux-mozilla - 1.7.1 - - - linux-mozilla-devel - 1.7.1 - - - mozilla - 1.7.1,2 - 1.8.*,21.8.a2,2 - - - mozilla-gtk1 - 1.7.1_1 - - - - -

A vulnerability has been reported in Mozilla and Firefox, - allowing malicious websites to spoof the user interface.

- - - - http://bugzilla.mozilla.org/show_bug.cgi?id=252198 - http://www.nd.edu/~jsmith30/xul/test/spoof.html - http://secunia.com/advisories/12188 - 10832 - CAN-2004-0764 - - - 2004-07-19 - 2004-07-30 - - - - - libpng stack-based buffer overflow and other code concerns - - - png - 1.2.5_7 - - - linux-png - 1.0.14_3 - 1.2.*1.2.2 - - - firefox - 0.9.3 - - - thunderbird - 0.7.3 - - - linux-mozilla - 1.7.2 - - - linux-mozilla-devel - 1.7.2 - - - mozilla - 1.7.2,2 - 1.8.*,21.8.a2,2 - - - mozilla-gtk1 - 1.7.2 - - - netscape-{communicator,navigator} - 4.78 - - - linux-netscape-{communicator,navigator} - {ja,ko}-netscape-{communicator,navigator}-linux - 4.8 - - - {,ja-}netscape7 - 7.1 - - - {de-,fr-,pt_BR-}netscape7 - 7.02 - - - - -

Chris Evans has discovered multiple vulnerabilities in libpng, - which can be exploited by malicious people to compromise a - vulnerable system or cause a DoS (Denial of Service).

- - - - http://www.securityfocus.com/archive/1/370853 - http://scary.beasts.org/security/CESA-2004-001.txt - http://www.osvdb.org/8312 - http://www.osvdb.org/8313 - http://www.osvdb.org/8314 - http://www.osvdb.org/8315 - http://www.osvdb.org/8316 - CAN-2004-0597 - CAN-2004-0598 - CAN-2004-0599 - 388984 - 236656 - 160448 - 477512 - 817368 - 286464 - http://secunia.com/advisories/12219 - http://secunia.com/advisories/12232 - http://bugzilla.mozilla.org/show_bug.cgi?id=251381 - http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.2 - TA04-217A - http://dl.sourceforge.net/sourceforge/libpng/ADVISORY.txt - - - 2004-08-04 - 2004-08-04 - 2004-08-12 - - - - - Mozilla certificate spoofing - - - firefox - 0.9.10.9.2 - - - linux-mozilla - 1.7.2 - - - linux-mozilla-devel - 1.7.2 - - - mozilla - 1.7.2,2 - 1.8.*,21.8.a2,2 - - - mozilla-gtk1 - 1.7.2 - - - - -

Mozilla and Mozilla Firefox contains a flaw that may - allow a malicious user to spoof SSL certification.

- - - - http://www.securityfocus.com/archive/1/369953 - http://www.cipher.org.uk/index.php?p=advisories/Certificate_Spoofing_Mozilla_FireFox_25-07-2004.advisory - http://secunia.com/advisories/12160 - http://bugzilla.mozilla.org/show_bug.cgi?id=253121 - http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.2 - http://www.osvdb.org/8238 - 10796 - CAN-2004-0763 - - - 2004-07-25 - 2004-07-30 - 2004-08-05 - - - - - ImageMagick png and bmp vulnerabilities - - - ImageMagick{,-nox11} - 6.0.6 - - - - -

Glenn Randers-Pehrson has contributed a fix for the png - vulnerabilities discovered by Chris Evans.

-

Furthermore, Marcus Meissner has discovered and patched a buffer - overrun associated with decoding runlength-encoded BMP images.

- - - - http://studio.imagemagick.org/pipermail/magick-users/2004-August/013218.html - http://studio.imagemagick.org/pipermail/magick-developers/2004-August/002011.html - http://freshmeat.net/releases/169228 - http://secunia.com/advisories/12236 - http://secunia.com/advisories/12479 - http://www.freebsd.org/ports/portaudit/f9e3e60b-e650-11d8-9b0a-000347a4fa7d.html - - - 2004-08-04 - 2004-08-04 - 2004-09-03 - - - - - CVStrac remote code execution vulnerability - - - cvstrac - 1.1.4 - - - - -

CVStrac contains a flaw that may allow a remote attacker - to execute arbitrary commands.

- - - - http://www.securityfocus.com/archive/1/370955 - http://secunia.com/advisories/12090 - http://www.osvdb.org/8373 - http://www.cvstrac.org/cvstrac/chngview?cn=316 - - - 2004-08-05 - 2004-08-13 - - - - - gaim remotely exploitable vulnerabilities in MSN component - - - {ja-,ru-,}gaim - 0.81_1 - - - - -

Sebastian Krahmer discovered several remotely exploitable - buffer overflow vulnerabilities in the MSN component of - gaim.

- - - - CAN-2004-0500 - http://secunia.com/advisories/12125 - http://www.osvdb.org/8382 - http://www.osvdb.org/8961 - http://www.osvdb.org/8962 - http://www.suse.com/de/security/2004_25_gaim.html - 10865 - - - 2004-08-12 - 2004-08-12 - 2004-08-30 - - - - - jftpgw remote syslog format string vulnerability - - - jftpgw - 0.13.5 - - - - -

Remote authenticated users can execute arbitrary code by - passing a malicious string containing format specifiers.

- - - - CAN-2004-0448 - 10438 - http://secunia.com/advisories/11732 - http://www.debian.org/security/2004/dsa-510 - - - 2004-05-29 - 2004-08-13 - - - - - - - - - ruby CGI::Session insecure file creation - - - ruby{,_r,_static} - 1.6.8.2004.07.28 - 1.8.*1.8.2.p2 - - - - -

Rubys CGI session management store session information insecurely, - which can be exploited by a local attacker to take over a session.

- - - - CAN-2004-0755 - http://secunia.com/advisories/12290 - http://www.debian.org/security/2004/dsa-537 - http://www.ruby-lang.org/cgi-bin/cvsweb.cgi/ruby/ChangeLog?rev=1.2673.2.410 - http://www.osvdb.org/8845 - - - 2004-07-22 - 2004-08-16 - 2004-08-16 - - - - - - - - - Qt 3.x BMP heap-based overflow, GIF and XPM DoS NULL pointer dereference - - - qt - 3.*3.3.3 - - - - -

Chris Evans has discovered flaws in th handling of various bitmap - formats, allowing the execution of arbitrary code or causing a DoS.

- - - - http://scary.beasts.org/security/CESA-2004-004.txt - http://secunia.com/advisories/12325 - CAN-2004-0691 - CAN-2004-0692 - CAN-2004-0693 - http://www.osvdb.org/9026 - http://xforce.iss.net/xforce/xfdb/17040 - http://xforce.iss.net/xforce/xfdb/17041 - http://xforce.iss.net/xforce/xfdb/17042 - - - 2004-08-18 - 2004-08-20 - - - - - - - - - SpamAssassin DoS vulnerability - - - p5-Mail-SpamAssassin - 2.64 - - - - -

Unspecified malformed messages can be used to - cause a DoS (Denial of Service).

- - - - http://secunia.com/advisories/12255 - http://marc.theaimsgroup.com/?l=spamassassin-announce&m=109168121628767&w=2 - CAN-2004-0796 - 10957 - - - 2004-08-05 - 2004-08-10 - - - - - vpopmail multiple vulnerabilities - - - vpopmail - 5.4.6 - - - vpopmail-devel - 5.5.0 - - - - -

Inter7 vpopmail (vchkpw) versions 5.4.2 and earlier contain - buffer overflows and format string vulnerabilities in the file vsybase.c

-

The buffer overflows are not fixed in versions 5.4.6/5.5.0, but are - believed to be very hard to exploit, and only by administrators able to add users.

- - - - http://www.osvdb.org/9146 - http://www.osvdb.org/9147 - http://www.osvdb.org/9148 - 10962 - http://secunia.com/advisories/12441 - http://cvs.sourceforge.net/viewcvs.py/vpopmail/vpopmail/vsybase.c?r1=1.9.2.1&r2=1.9.2.2 - http://www.kupchino.org.ru/unl0ck/advisories/vpopmail.txt - http://www.securityfocus.com/archive/1/372257 - http://www.securityfocus.com/archive/1/372468 - http://xforce.iss.net/xforce/xfdb/17016 - http://xforce.iss.net/xforce/xfdb/17017 - http://security.gentoo.org/glsa/glsa-200409-01.xml - - - 2004-08-17 - 2004-09-03 - - - - - multiple vulnerabilities in the cvs server code - - - cvs+ipv6 - 1.11.17 - - - FreeBSD - 491101 - 500000502114 - - - - -

Stefan Esser reports multiple remote exploitable vulnerabilites - in the cvs code base.

-

Additionaly there exists an undocumented switch to the history - command allows an attacker to determine whether arbitrary files - exist and whether the CVS process can access them.

- - - - CAN-2004-0414 - CAN-2004-0416 - CAN-2004-0417 - CAN-2004-0418 - CAN-2004-0778 - http://secunia.com/advisories/11817 - http://secunia.com/advisories/12309 - http://security.e-matters.de/advisories/092004.html - http://www.idefense.com/application/poi/display?id=130&type=vulnerabilities&flashstatus=false - https://ccvs.cvshome.org/source/browse/ccvs/NEWS?rev=1.116.2.104 - http://www.osvdb.org/6830 - http://www.osvdb.org/6831 - http://www.osvdb.org/6832 - http://www.osvdb.org/6833 - http://www.osvdb.org/6834 - http://www.osvdb.org/6835 - http://www.osvdb.org/6836 - http://www.packetstormsecurity.org/0405-exploits/cvs_linux_freebsd_HEAP.c - 10499 - - - 2004-05-20 - 2004-08-17 - - - - - multiple vulnerabilities in LHA - - - lha - 1.14i_4 - - - - -

Multiple vulnerabilities have been found in the LHA code by Lukasz Wojtow - and Thomas Biege.

-

Successful exploitation may allow execution of arbitrary code.

- - - - http://secunia.com/advisories/12435 - CAN-2004-0694 - CAN-2004-0745 - CAN-2004-0769 - CAN-2004-0771 - http://www.securityfocus.com/archive/1/365386 - http://www.securityfocus.com/archive/1/363418 - http://lw.ftw.zamosc.pl/lha-exploit.txt - http://www.osvdb.org/9519 - http://www.osvdb.org/9520 - http://www.osvdb.org/9521 - http://www.osvdb.org/9522 - 10354 - 11093 - http://rhn.redhat.com/errata/RHSA-2004-323.html - - - 2004-05-19 - 2004-09-03 - - - - - cdrtools local privilege escalation - - - cdrtools - 2.0.3_4 - - - cdrtools-cjk - 2.0.3.20030714_4 - - - cdrtools-devel - 2.01a38 - - - - -

Max Vozeler found a flaw in in cdrecord allowing a local root exploit

- - - - ftp://ftp.berlios.de/pub/cdrecord/alpha/AN-2.01a38 - http://www.osvdb.org/9395 - CAN-2004-0806 - http://lists.debian.org/debian-devel-changes/2004/08/msg03421.html - 11075 - http://secunia.com/advisories/12481 - - - 2004-08-28 - 2004-08-30 - - - diff --git a/security/portaudit-db/database/portaudit2vuxml.pl b/security/portaudit-db/database/portaudit2vuxml.pl deleted file mode 100644 index d352bb2f8661..000000000000 --- a/security/portaudit-db/database/portaudit2vuxml.pl +++ /dev/null @@ -1,149 +0,0 @@ -#!/usr/bin/perl -w -# -# Copyright (c) 2004 Oliver Eikemeier. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are -# met: -# -# 1. Redistributions of source code must retain the above copyright notice -# this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# 3. Neither the name of the author nor the names of its contributors may be -# used to endorse or promote products derived from this software without -# specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# -# $FreeBSD$ -# -# portaudit to VuXML converter, use with -# portaudit2vuxml.pl -# and edit the entry to suit your needs. -# - -require 5.005; -use strict; -use Cwd 'abs_path'; - -my $portsdir = $ENV{PORTSDIR} ? $ENV{PORTSDIR} : '/usr/ports'; - -my $portauditdb = "$portsdir/security/portaudit-db/database/portaudit.txt"; - -my $uuid = $ARGV[0]; - -$#ARGV == 0 && $uuid =~ /^[0-9a-f]{8}(?:-[0-9a-f]{4}){4}[0-9a-f]{8}$/ - or die "usage: $0 $uuid \n"; - -my $today=`date -u +%Y-%m-%d`; -chomp $today; - -my @pkg; -my $url; -my $topic; - -open PORTAUDITDB, "<$portauditdb" - or die "Can't open $portauditdb: $!\n"; - -while () { - chomp; - next if /^(?:#|$)/; - my @line = split /\|/; - next if $#line < 3 || $line[3] ne $uuid; - push @pkg, $line[0]; - $url = $line[1]; - $topic = $line[2]; -} - -close PORTAUDITDB; - -$url =~ s//>/g; -$url =~ s/&/&/g; - -$topic =~ s//>/g; -$topic =~ s/&/&/g; - -my %oper = ( - '<' => 'lt', - '<=' => 'le', - '=' => 'eq', - '>=' => 'ge', - '>' => 'gt' -); - -if (@pkg) { - print " \n"; - print " $topic\n"; - print " \n"; - foreach (@pkg) { - my @vers = split /((?:<|>)=?|=)/; - my $pkgname = shift @vers; - print " \n"; - print " $pkgname\n"; - if (@vers) { - print " "; - while (@vers) { - my $op = $oper{shift @vers}; - my $v = shift @vers; - print "<$op>$v"; - } - print "\n"; - } - print " \n"; - } - print " \n"; - - print " \n"; - print " \n"; - print "

Please contact\n"; - print " the FreeBSD Security Team for more information.

\n"; - print " \n"; - print " \n"; - print " \n"; - - foreach (split ' ', $url) { - if (m'^http://cve\.mitre\.org/cgi-bin/cvename\.cgi\?name=(.+)$') { - print " $1\n" - } - elsif (m'^(http://www\.securityfocus\.com/archive/.+)$') { - print " $1\n" - } - elsif (m'^http://www\.securityfocus\.com/bid/(.+)$') { - print " $1\n" - } - elsif (m'^(http://(?:article\.gmane\.org|lists\.netsys\.com|marc\.theaimsgroup\.com)/.+)$') { - print " $1\n" - } - elsif (m'^http://www\.kb\.cert\.org/vuls/id/(.+)$') { - print " $1\n" - } - elsif (m'^http://www\.cert\.org/advisories/(.+)\.html$') { - print " $1\n" - } - else { - print " $_\n"; - } - } - - print " \n"; - print " \n"; - print " 2000-00-00\n"; - print " $today\n"; - print " \n"; - print " \n"; -} diff --git a/security/portaudit-db/files/packaudit.conf b/security/portaudit-db/files/packaudit.conf deleted file mode 100644 index 6b952effc14f..000000000000 --- a/security/portaudit-db/files/packaudit.conf +++ /dev/null @@ -1,9 +0,0 @@ -# -# $FreeBSD$ -# -# packaudit.conf sample file -# - -# avoid network access -export SGML_CATALOG_FILES="%%LOCALBASE%%/share/xml/catalog" -XSLTPROC_EXTRA_ARGS="--catalogs --nonet" diff --git a/security/portaudit-db/files/packaudit.sh b/security/portaudit-db/files/packaudit.sh deleted file mode 100644 index 4d0e245da6a8..000000000000 --- a/security/portaudit-db/files/packaudit.sh +++ /dev/null @@ -1,142 +0,0 @@ -#!/bin/sh -e -# -# Copyright (c) 2004 Oliver Eikemeier. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are -# met: -# -# 1. Redistributions of source code must retain the above copyright notice -# this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# 3. Neither the name of the author nor the names of its contributors may be -# used to endorse or promote products derived from this software without -# specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# -# $FreeBSD$ -# - -AWK=/usr/bin/awk -BASENAME=/usr/bin/basename -CAT=/bin/cat -DATE=/bin/date -ENV=/usr/bin/env -MD5=/sbin/md5 -MKDIR="/bin/mkdir -p" -MKTEMP=/usr/bin/mktemp -RM=/bin/rm -SED=/usr/bin/sed -TAR=/usr/bin/tar -XSLTPROC=%%LOCALBASE%%/bin/xsltproc - -PORTSDIR="${PORTSDIR:-%%PORTSDIR%%}" -VUXMLDIR="${VUXMLDIR:-$PORTSDIR/security/vuxml}" -PORTAUDITDBDIR="${PORTAUDITDBDIR:-$PORTSDIR/security/portaudit-db}" - -DATABASEDIR="${DATABASEDIR:-%%DATABASEDIR%%}" - -STYLESHEET="%%DATADIR%%/vuxml2portaudit.xslt" - -PUBLIC_HTML="${PUBLIC_HTML:-$HOME/public_html/portaudit}" -HTMLSHEET="%%DATADIR%%/vuxml2html.xslt" -BASEURL="${BASEURL:-http://www.freebsd.org/ports/portaudit/}" - -PORTAUDIT2VUXML="%%DATADIR%%/portaudit2vuxml.awk" - -[ -d "$DATABASEDIR" ] || $MKDIR "$DATABASEDIR" - -if [ ! -w "$DATABASEDIR" ]; then - echo "$DATABASEDIR is not writable by you, exiting." - exit 1 -fi - -TMPNAME=`$BASENAME "$0"` - -VULVER=`$SED -En -e '/^.*\\$FreeBSD\: [^$ ]+,v ([0-9]+(\.[0-9]+)+) [^$]+\\$.*$/{s//\1/p;q;}' "$VUXMLDIR/vuln.xml"` -VULURL="http://cvsweb.freebsd.org/ports/security/vuxml/vuln.xml?rev=$VULVER" - -[ -r "%%PREFIX%%/etc/packaudit.conf" ] && . "%%PREFIX%%/etc/packaudit.conf" - -if [ -d "$PUBLIC_HTML" -a -w "$PUBLIC_HTML" ]; then - VULNMD5=`$CAT "$VUXMLDIR/vuln.xml" "$PORTAUDITDBDIR/database/portaudit.xml" "$PORTAUDITDBDIR/database/portaudit.txt" | $MD5` - if [ -f "$PUBLIC_HTML/portaudit.md5" ]; then - VULNMD5_OLD=`$CAT "$PUBLIC_HTML/portaudit.md5"` - fi - if [ "$VULNMD5" != "$VULNMD5_OLD" ]; then - echo -n "$VULNMD5" > "$PUBLIC_HTML/portaudit.md5" - TMPXML=`$MKTEMP -t "$TMPNAME.$$"` || exit 1 - $PORTAUDIT2VUXML "$PORTAUDITDBDIR/database/portaudit.txt" "$PORTAUDITDBDIR/database/portaudit.xml" > "$TMPXML" - $XSLTPROC $XSLTPROC_EXTRA_ARGS --stringparam vulurl "$VULURL" --stringparam extradoc "$TMPXML" \ - -o "$PUBLIC_HTML/" "$HTMLSHEET" "$VUXMLDIR/vuln.xml" - $RM "$TMPXML" - fi -fi - -TMPDIR=`$MKTEMP -d -t "$TMPNAME.$$"` || exit 1 - -TESTPORT="vulnerability-test-port>=2000<`$DATE -u +%Y.%m.%d`" -TESTURL="http://cvsweb.freebsd.org/ports/security/vulnerability-test-port/" -TESTREASON="Not vulnerable, just a test port (database: `$DATE -u +%Y-%m-%d`)" - -XLIST_FILE="$PORTAUDITDBDIR/database/portaudit.xlist" - -cd "$TMPDIR" || exit 1 -{ - $DATE -u "+#CREATED: %Y-%m-%d %H:%M:%S" - echo "# Created by packaudit %%PORTVERSION%%" - echo "$TESTPORT|$TESTURL|$TESTREASON" - echo "# Please refer to the original document for copyright information:" - echo "# $VULURL" - $XSLTPROC $XSLTPROC_EXTRA_ARGS --stringparam baseurl "$BASEURL" "$STYLESHEET" "$VUXMLDIR/vuln.xml" \ - | $AWK -F\| -v XLIST_FILE="$XLIST_FILE" ' - BEGIN { - while((getline < XLIST_FILE) > 0) - if(!/^(#|$)/) - ignore[$1]=1 - } - /^(#|$)/ || !($4 in ignore) { - print - } - ' - echo "# This part is in the public domain" - $XSLTPROC $XSLTPROC_EXTRA_ARGS --stringparam baseurl "$BASEURL" "$STYLESHEET" "$PORTAUDITDBDIR/database/portaudit.xml" - $AWK -F\| ' - /^(#|$)/ { - print - next - } - { - if ($4) - print $1 FS "'"$BASEURL"'" $4 ".html" FS $3 FS $4 - else - print - } - ' "$PORTAUDITDBDIR/database/portaudit.txt" -} | $AWK -F\| -v XLIST_FILE="$XLIST_FILE" ' - /^(#|$)/ { - print - next - } - { - print $1 "|" $2 "|" $3 - } -' > auditfile -echo "#CHECKSUM: MD5 `$MD5 < auditfile`" >> auditfile -$TAR -jcf "$DATABASEDIR/auditfile.tbz" auditfile -cd -$RM -Rf "$TMPDIR" diff --git a/security/portaudit-db/files/portaudit2vuxml.awk b/security/portaudit-db/files/portaudit2vuxml.awk deleted file mode 100644 index c02929077d0a..000000000000 --- a/security/portaudit-db/files/portaudit2vuxml.awk +++ /dev/null @@ -1,95 +0,0 @@ -#!/usr/bin/awk -f - - BEGIN { - XMLFILE=ARGV[2] - delete ARGV[2] - while (getline < XMLFILE) { - if (/<\/vuxml>/) - break - print - } - XML=$0 - FS="|" - } - - /^(#|$)/ { next } - - { - if (PKG[$4]) - PKG[$4]=PKG[$4] FS $1 - else - PKG[$4]=$1 - gsub(//, ">") - gsub(/&/, "&") - URL[$4]=$2 - TOPIC[$4]=$3 - } - - END { - OPN["<"]="lt" - OPN["<="]="le" - OPN["="]="eq" - OPN[">="]="ge" - OPN[">"]="gt" - - for (UUID in PKG) { - print " " - print " " TOPIC[UUID] "" - - print " " - split(PKG[UUID], APKG) - for (TPKG in APKG) { - VERS=APKG[TPKG] - print " " - if (match(VERS, /(<|>)=?|=/) > 0) { - print " " substr(VERS, 1, RSTART-1) "" - printf " " - do { - OP=substr(VERS, RSTART, RLENGTH) - LEN=length(VERS) - VERS=substr(VERS, RSTART+RLENGTH, LEN+1-RSTART-RLENGTH) - NEXTRANGE=match(VERS, /(<|>)=?|=/) - if (NEXTRANGE > 0) - printf "<%s>%s", OPN[OP], substr(VERS, 1, RSTART-1), OPN[OP] - else - printf "<%s>%s", OPN[OP], VERS, OPN[OP] - } while (NEXTRANGE > 0) - printf "\n" - } - else { - print " " VERS "" - } - print " " - } - print " " - - print " " - print " " - print "

Please contact" - print " the FreeBSD Security Team for more information.

" - print " " - print " " - print " " - - split(URL[UUID], URLS, / /) - for (U in URLS) { - if (!URLS[U]) - continue - print " " URLS[U] "" - } - - print " " - print " " - print " 2000-00-00" - print " 2000-00-00" - print " " - print " " - print "" - } - print XML - while (getline < XMLFILE) { - print - } - close(XMLFILE) - } diff --git a/security/portaudit-db/files/vuxml2html.xslt b/security/portaudit-db/files/vuxml2html.xslt deleted file mode 100644 index 2c892170292a..000000000000 --- a/security/portaudit-db/files/vuxml2html.xslt +++ /dev/null @@ -1,329 +0,0 @@ - - - - - - - - - - - - portaudit: Vulnerability list - - - -
- -
-

Vulnerabilities

- - - - - - - - -
- - - - - -
-

- [Sorted by package name] -

- - index - - - - - - - - - portaudit: Vulnerability list by packages - - - -
- -
-

Vulnerabilities

- - - - - - - - - -
- - - - - -
-

- [Sorted by last modification] -

- - index - - - - - - - - - - - - portaudit: Cancelled entry - - - portaudit: <xsl:value-of select="vuxml:topic"/> - - - - - -
- -
- - -

- Cancelled entry -

- -

References:

- - - - -

- -

-

Description:

- -

References:

-
    - -
-

Affects:

-
    - - - - -
  • - - -
    • -     -     -     - - - - -
  • - - -
    • -     -     -     -
- portaudit: <xsl:value-of select="vuxml:topic"/> - - - - - - - - - - - - - - -
  • BugTraq ID
    • -     - -
  • CERT security advisory
    • -     - -
  • CERT vulnerability note
    • -     - -
  • CVE name
    • -     - -
  • FreeBSD security advisory FreeBSD-
    • -     - -
  • FreeBSD PR
    • -     - -
  • List post: <> - (search) -
    • -     - -
  • URL: <>
    • -     - -
  • US-CERT security alert
    • -     - -
  • US-CERT technical security alert
    • -     - - - < - - - - <= - - - - > - - - - >= - - - - = - - - - - - - - - - Navigation Bar - - Top - Applications - Support - Documentation - Vendors - Search - Index - Top - Top - - - - -
    -

    Disclaimer: The data contained on this page is derived from the VuXML document, - please refer to the the original document for copyright information. The author of - portaudit makes no claim of authorship or ownership of any of the information contained herein.

    -

    - If you have found a vulnerability in a FreeBSD port not listed in the - database, please contact - the FreeBSD Security Team. Refer to - "FreeBSD Security - Information" for more information. -

    -
    -
    - Oliver Eikemeier <eik@FreeBSD.org> -
    -     -     diff --git a/security/portaudit-db/files/vuxml2portaudit.xslt b/security/portaudit-db/files/vuxml2portaudit.xslt deleted file mode 100644 index 60beed5ec52e..000000000000 --- a/security/portaudit-db/files/vuxml2portaudit.xslt +++ /dev/null @@ -1,92 +0,0 @@ - - - - - - - - - - - # Converted by vuxml2portaudit - - - - - - - - - - - | - - - .html - | - - | - - - - - - - - - - < - - - - <= - - - - > - - - - >= - - - - = - - - diff --git a/security/portaudit-db/pkg-descr b/security/portaudit-db/pkg-descr deleted file mode 100644 index 85b315a9d87b..000000000000 --- a/security/portaudit-db/pkg-descr +++ /dev/null @@ -1,16 +0,0 @@ -In contrast to security/portaudit, which is designed to be an -install-and-forget solution, portaudit-db requires a current -ports tree and generates a database that can be used locally -or distributed over a network. - -Furthermore committers that want to add entries to the VuXML -database may use this port to check their changes locally. -It also features a file `database/portaudit.txt' where UUIDs -for vulnerabilities can be allocated before they have been -investigated thoroughly and moved to the VuXML database by -the security officer team. - -Call `packaudit' after upgrading your ports tree. - -WWW: http://people.freebsd.org/~eik/portaudit/ -Oliver Eikemeier diff --git a/security/portaudit-db/pkg-plist b/security/portaudit-db/pkg-plist deleted file mode 100644 index 46e9b0674f4c..000000000000 --- a/security/portaudit-db/pkg-plist +++ /dev/null @@ -1,8 +0,0 @@ -bin/packaudit -etc/packaudit.conf.sample -%%DATADIR%%/portaudit2vuxml.awk -%%DATADIR%%/vuxml2html.xslt -%%DATADIR%%/vuxml2portaudit.xslt -@dirrm %%DATADIR%% -@exec mkdir -p %%DATABASEDIR%% -@unexec rmdir %%DATABASEDIR%% 2>/dev/null || true diff --git a/security/portaudit/Makefile b/security/portaudit/Makefile deleted file mode 100644 index 8d585f433cba..000000000000 --- a/security/portaudit/Makefile +++ /dev/null @@ -1,82 +0,0 @@ -# New ports collection makefile for: portaudit -# Date created: 25 Jan 2004 -# Whom: Oliver Eikemeier -# -# $FreeBSD$ -# - -PORTNAME= portaudit -PORTVERSION= 0.5.11 -CATEGORIES= security -DISTFILES= - -MAINTAINER= secteam@FreeBSD.org -COMMENT= Checks installed ports against a list of security vulnerabilities - -MAN1= portaudit.1 - -PERIODICDIR?= ${PREFIX}/etc/periodic -DATABASEDIR?= /var/db/portaudit - -PKGREQ= ${WRKDIR}/pkg-req -PKGINSTALL= ${WRKDIR}/pkg-install -PKGDEINSTALL= ${WRKDIR}/pkg-deinstall - -PLIST_SUB+= PERIODICDIR="${PERIODICDIR:S,^${PREFIX}/,,}" \ - DATABASEDIR="${DATABASEDIR}" - -REQPKGVER= 20040623 - -SED_SCRIPT= -e 's|%%PREFIX%%|${PREFIX}|g' \ - -e 's|%%LOCALBASE%%|${LOCALBASE}|g' \ - -e "s|%%PORTSDIR%%|${PORTSDIR}|g" \ - -e "s|%%INDEXFILE%%|${INDEXFILE}|g" \ - -e "s|%%DATABASEDIR%%|${DATABASEDIR}|g" \ - -e "s|%%PORTVERSION%%|${PORTVERSION}|g" \ - -e "s|%%REQPKGVER%%|${REQPKGVER}|g" \ - -e "s|%%BZIP2_CMD%%|${BZIP2_CMD}|g" \ - -.include - -.if !defined(DFOSVERSION) -.if ${OSVERSION} < 491101 || ${OSVERSION} >= 500000 && ${OSVERSION} < 502120 -RUN_DEPENDS= ${LOCALBASE}/sbin/pkg_info:${PORTSDIR}/sysutils/pkg_install-devel -.endif -.else -.if ${DFOSVERSION} < 110000 -RUN_DEPENDS= ${LOCALBASE}/sbin/pkg_info:${PORTSDIR}/sysutils/pkg_install-devel -.endif -.endif - -.if defined(BZIP2DEPENDS) -RUN_DEPENDS+= bzip2:${PORTSDIR}/archivers/bzip2 -.endif - -do-build: -.for f in portaudit-cmd.sh portaudit.sh portaudit.1 portaudit.conf - @${SED} ${SED_SCRIPT} ${FILESDIR}/${f} >${WRKDIR}/${f} -.endfor - -post-build: -.for f in pkg-req pkg-install pkg-deinstall - @${SED} ${SED_SCRIPT} ${PKGDIR}/${f} >${WRKDIR}/${f} -.endfor - -pre-install: -.if !defined(PACKAGE_BUILDING) - @${SETENV} "PKG_PREFIX=${PREFIX}" ${SH} ${PKGREQ} ${PKGNAME} INSTALL -.endif - @${SETENV} "PKG_PREFIX=${PREFIX}" ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL - -do-install: - @${INSTALL_SCRIPT} ${WRKDIR}/portaudit-cmd.sh ${PREFIX}/sbin/portaudit - @${INSTALL_DATA} ${WRKDIR}/portaudit.conf ${PREFIX}/etc/portaudit.conf.sample - @${INSTALL_MAN} ${WRKDIR}/portaudit.1 ${MAN1PREFIX}/man/man1 - @${MKDIR} ${PERIODICDIR}/security - @${INSTALL_SCRIPT} ${WRKDIR}/portaudit.sh ${PERIODICDIR}/security/410.portaudit - @${MKDIR} ${DATABASEDIR} - -post-install: - @${SETENV} "PKG_PREFIX=${PREFIX}" ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL - -.include diff --git a/security/portaudit/files/portaudit-cmd.sh b/security/portaudit/files/portaudit-cmd.sh deleted file mode 100644 index 4a303698ce4c..000000000000 --- a/security/portaudit/files/portaudit-cmd.sh +++ /dev/null @@ -1,478 +0,0 @@ -#!/bin/sh -efu -# -# Copyright (c) 2004 Oliver Eikemeier. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are -# met: -# -# 1. Redistributions of source code must retain the above copyright notice -# this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# 3. Neither the name of the author nor the names of its contributors may be -# used to endorse or promote products derived from this software without -# specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# -# $FreeBSD$ -# - -portaudit_confs() -{ - : ${portaudit_dir="%%DATABASEDIR%%"} - : ${portaudit_filename="auditfile.tbz"} - - : ${portaudit_fetch_env=""} - : ${portaudit_fetch_cmd="fetch -1mp"} - - : ${portaudit_sites="http://www.FreeBSD.org/ports/"} - - : ${portaudit_fixed=""} - - if [ -r %%PREFIX%%/etc/portaudit.conf ]; then - . %%PREFIX%%/etc/portaudit.conf - fi -} - -extract_auditfile() -{ - %%BZIP2_CMD%% -dc -- "$portaudit_dir/$portaudit_filename" | \ - tar -xOf - auditfile -} - -checksum_auditfile() -{ - chksum1=`extract_auditfile | - sed -nE -e '$s/^#CHECKSUM: *MD5 *([0-9a-f]{32})$/\1/p'` - chksum2=`extract_auditfile | sed -e '$d' | md5` - [ "$chksum1" = "$chksum2" ]; -} - -getcreated_auditfile() -{ - extract_auditfile | - sed -nE -e '1s/^#CREATED: *([0-9]{4})-?([0-9]{2})-?([0-9]{2}) *([0-9]{2}):?([0-9]{2}):?([0-9]{2}).*$/\1-\2-\3 \4:\5:\6/p' -} - -gettimestamp_auditfile() -{ - extract_auditfile | - sed -nE -e '1s/^#CREATED: *([0-9]{4})-?([0-9]{2})-?([0-9]{2}).*$/\1\2\3/p' -} - -checkexpiry_auditfile() -{ - created=`gettimestamp_auditfile` - expiry=`date -u -v-$1d '+%Y%m%d'` - [ "$created" -gt "$expiry" ]; -} - -portaudit_prerequisites() -{ - if $prerequisites_checked; then - return 0 - fi - - if [ -z "${pkg_info:-}" ]; then - if [ -x "%%LOCALBASE%%/sbin/pkg_info" ]; then - pkg_info="%%LOCALBASE%%/sbin/pkg_info" - else - pkg_info="/usr/sbin/pkg_info" - fi - fi - - if [ -z "${pkg_version:-}"]; then - case "$pkg_info" in - */*) - pkg_version="${pkg_info%/*}/pkg_version";; - *) - pkg_version="pkg_version";; - esac - fi - - PKG_INSTALL_VER=`$pkg_info -qP 2>/dev/null` - if [ -z "$PKG_INSTALL_VER" -o "$PKG_INSTALL_VER" -lt %%REQPKGVER%% ]; then - echo "$pkg_info is too old, please update port sysutils/pkg_install-devel" - return 1 - fi - - if [ ! -r "$portaudit_dir/$portaudit_filename" ]; then - echo "portaudit: Database missing, run \`portaudit -F' to update." >&2 - return 2 - elif ! checksum_auditfile; then - echo "portaudit: Corrupt database." >&2 - return 2 - elif ! checkexpiry_auditfile 14; then - echo "portaudit: Database too old." >&2 - return 2 - fi - - prerequisites_checked=true - return 0 -} - -audit_installed() -{ - local rc=0 - local osversion=`sysctl -n kern.osreldate` - - fixedre=`echo -n $portaudit_fixed | tr -c '[:alnum:]- \t\n' 'x' | tr -s ' \t\n' '|'` - installedre=`$pkg_info -aE | sed -e 's/-[^-]*$//g' | paste -s -d '|' -` - - extract_auditfile | awk -F\| "$PRINTAFFECTED_AWK"' - BEGIN { vul=0; fixedre="'"$fixedre"'" } - /^(#|\$)/ { next } - $2 !~ /'"$opt_restrict"'/ { next } - $1 ~ /^FreeBSD[<=>!]/ { - if (fixedre && $2 ~ fixedre) next - if (!system("'"$pkg_version"' -T \"FreeBSD-'"$osversion"'\" \"" $1 "\"")) { - print_affected("FreeBSD-'"$osversion"'", \ - "To disable this check add the uuid to \`portaudit_fixed'"'"' in %%PREFIX%%/etc/portaudit.conf") - } - next - } - $1 ~ /^[^{}*?]*[<=>!]/ { - if ($1 !~ "^('"$installedre"')[<=>!]") next; - } - { - cmd="'"$pkg_info"' -E \"" $1 "\"" - while((cmd | getline pkg) > 0) { - vul++ - print_affected(pkg, "") - } - close(cmd) - } - END { - if ("'$opt_quiet'" == "false") { - print vul " problem(s) in your installed packages found." - } - if (vul > 0) { - if ("'$opt_quiet'" == "false") { - print "\nYou are advised to update or deinstall" \ - " the affected package(s) immediately." - } - exit(1) - } - } - ' || rc=$? - - return $rc -} - -audit_file() -{ - local rc=0 - local TMPFILE= - - case "$1" in - -) - TMPFILE=`mktemp -t portaudit` - cat > "$TMPFILE" - FILE="$TMPFILE" - ;; - http://*|ftp://*|https://*|file://*) - echo "portaudit: Can't audit remote file $1" >&2 - return 2 - ;; - *) - if [ -r "$1" ]; then - FILE="$1" - else - echo "portaudit: Can't read $1" >&2 - return 2 - fi - ;; - esac - - extract_auditfile | awk -F\| "$PRINTAFFECTED_AWK"' - BEGIN { vul=0 } - /^(#|\$)/ { next } - { - cmd="'"$pkg_version"' -T - \"" $1 "\" <\"'"$FILE"'\"" - while((cmd | getline pkg) > 0) { - if ($2 !~ /'"$opt_restrict"'/) - continue - vul++ - print_affected(pkg, "") - } - close(cmd) - } - END { - print vul " problem(s) found." - if (vul > 0) { - exit(1) - } - } - ' || rc=$? - - if [ -n "$TMPFILE" ]; then - rm "$TMPFILE" - fi - return $rc -} - -audit_args() -{ - local VULCNT=0 - while [ $# -gt 0 ]; do - case "$1" in - /*|-) - echo "portaudit: $1 is a file, please use the -f option" >&2 - ;; - http://*|ftp://*|https://*|file://*) - echo "portaudit: Can't audit remote file $1" >&2 - ;; - *) - if VLIST=`extract_auditfile | awk -F\| ' - /^(#|\$)/ { next } - $2 !~ /'"$opt_restrict"'/ { next } - { print } - ' | $pkg_version -T "$1" -`; then - VULCNT=$(($VULCNT+1)) - echo "$VLIST" | awk -F\| "$PRINTAFFECTED_AWK"' - { print_affected("'"$1"'", "") } - ' - fi - ;; - esac - shift - done - $opt_quiet || echo "$VULCNT problem(s) found." - if [ $VULCNT -gt 0 ]; then - return 1 - fi -} - -audit_cwd() -{ - if [ ! -r "Makefile" ]; then - echo "portaudit: No Makefile here" >&2 - return 2 - fi - - PKGNAME=`make -VPKGNAME 2>/dev/null || true"` - - if [ -z "$PKGNAME" ]; then - echo "portaudit: Can't determine the package name" >&2 - return 2 - fi - - if VLIST=`extract_auditfile | awk -F\| ' - /^(#|\$)/ { next } - $2 !~ /'"$opt_restrict"'/ { next } - { print } - ' | $pkg_version -T "$PKGNAME" -`; then - echo "$VLIST" | awk -F\| "$PRINTAFFECTED_AWK"' - { print_affected("'"$PKGNAME"'", "") } - ' - return 1 - fi -} - -fetch_auditfile() -{ - local rc=2 - - if [ ! -d "$portaudit_dir" ]; then - if ! mkdir -p "$portaudit_dir"; then - echo "Couldn't create $portaudit_dir, try running \`portaudit -F' as root" >&2 - return 2 - fi - fi - if [ ! -w "$portaudit_dir" ]; then - echo "Couldn't write to $portaudit_dir, try running \`portaudit -F' as root" >&2 - return 2 - - fi - cd "$portaudit_dir" - if [ -r "$portaudit_filename" ]; then - cp -f "$portaudit_filename" "$portaudit_filename.old" - fi - - $opt_verbose && echo "Attempting to fetch from $portaudit_sites." - urls=`echo "$portaudit_sites" | tr -s ' \t' '\n' | sed -E -e "s/?\$/$portaudit_filename"` - - if ! env $portaudit_fetch_env $portaudit_fetch_cmd $urls; then - echo "Couldn't fetch database." >&2 - elif [ ! -f "$portaudit_dir/$portaudit_filename" ] ; then - echo "portaudit: No database." >&2 - elif ! checksum_auditfile; then - echo "portaudit: Database corrupt." >&2 - elif ! checkexpiry_auditfile 7; then - echo "portaudit: Database too old." >&2 - else - $opt_quiet || echo "New database installed." - rc=0 - break - fi - - if [ -f "$portaudit_filename.old" ]; then - if [ $rc -eq 0 ]; then - rm -f "$portaudit_filename.old" - else - mv -f "$portaudit_filename.old" "$portaudit_filename" - $opt_quiet || echo "Old database restored." - fi - fi - if [ -f "$portaudit_filename" ]; then - chmod a=r "$portaudit_filename" - fi - - return $rc -} - -portaudit_confs - -opt_audit=false -opt_auditcwd=false -opt_dbversion=false -opt_fetch=false -opt_file= -opt_quiet=false -opt_restrict= -opt_verbose=false -opt_version=false -opt_expiry= - -if [ $# -eq 0 ] ; then - opt_audit=true -fi - -while getopts aCdf:Fqr:vVX: opt; do - case "$opt" in - a) - opt_audit=true;; - C) - opt_auditcwd=true;; - d) - opt_dbversion=true;; - f) - opt_file="$OPTARG";; - F) - opt_fetch=true;; - q) - opt_quiet=true;; - r) - opt_restrict="$OPTARG";; - v) - opt_verbose=true;; - V) - opt_version=true;; - X) - opt_expiry="$OPTARG";; - ?) - echo "Usage: $0 -aCdFVvq [-X days] [-r pattern] [-f file] [pkg-name ...]" - exit 2;; - esac -done - -shift $(($OPTIND-1)) - -ret=0 - -if $opt_version; then - echo "portaudit version %%PORTVERSION%%" -fi - -if $opt_fetch; then - if ! fetch_auditfile; then - echo "portaudit: Download failed." >&2 - exit 2 - fi -elif [ -n "$opt_expiry" ]; then - if [ ! -r "$portaudit_dir/$portaudit_filename" ] || ! checkexpiry_auditfile "$opt_expiry"; then - $opt_quiet || echo "Downloading fresh database." - if ! fetch_auditfile; then - echo "portaudit: Download failed." >&2 - exit 2 - fi - ret=1 - fi -fi - -if $opt_dbversion; then - if [ ! -f "$portaudit_dir/$portaudit_filename" ]; then - echo "portaudit: Database missing, run \`portaudit -F' to update." >&2 - exit 2 - fi - if ! checksum_auditfile; then - echo "portaudit: Database corrupt." >&2 - exit 2 - fi - created=`getcreated_auditfile` - echo "Database created: `date -j -f '%Y-%m-%d %H:%M:%S %Z' \"$created GMT\"`" -fi - -prerequisites_checked=false - -if $opt_quiet; then - PRINTAFFECTED_AWK=' - function print_affected(apkg, note) { - print apkg - } - ' -elif $opt_verbose; then - PRINTAFFECTED_AWK=' - function print_affected(apkg, note) { - split(apkg, thepkg) - print "Affected package: " thepkg[1] " (matched by " $1 ")" - print "Type of problem: " $3 "." - split($2, ref, / /) - for (r in ref) - print "Reference: <" ref[r] ">" - if (note) - print "Note: " note - print "" - } - ' -else - PRINTAFFECTED_AWK=' - function print_affected(apkg, note) { - split(apkg, thepkg) - print "Affected package: " thepkg[1] - print "Type of problem: " $3 "." - split($2, ref, / /) - for (r in ref) - print "Reference: <" ref[r] ">" - if (note) - print "Note: " note - print "" - } - ' -fi - -if $opt_audit; then - portaudit_prerequisites - audit_installed || ret=$? -fi - -if $opt_auditcwd; then - portaudit_prerequisites - audit_cwd || ret=$? -fi - -if [ -n "$opt_file" ]; then - portaudit_prerequisites - audit_file "$opt_file" || ret=$? -fi - -if [ $# -gt 0 ]; then - portaudit_prerequisites - audit_args "$@" || ret=$? -fi - -exit $ret diff --git a/security/portaudit/files/portaudit.1 b/security/portaudit/files/portaudit.1 deleted file mode 100644 index da683a2a6e8b..000000000000 --- a/security/portaudit/files/portaudit.1 +++ /dev/null @@ -1,175 +0,0 @@ -.\" Copyright (c) 2004 Oliver Eikemeier. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions are -.\" met: -.\" -.\" 1. Redistributions of source code must retain the above copyright notice -.\" this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" 3. Neither the name of the author nor the names of its contributors may be -.\" used to endorse or promote products derived from this software without -.\" specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -.\" AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -.\" COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.\" $FreeBSD$ -.\" -.Dd July 3, 2005 -.Os -.Dt PORTAUDIT \&1 "FreeBSD ports collection" -. -. -.Sh NAME -. -.Nm portaudit -.Nd system to check installed packages for known vulnerabilities -. -. -.Sh SYNOPSIS -. -.Nm -.Op Fl aCdFqvV -.Op Fl X Ar days -.Op Fl f Ar file -.Op Fl r Ar eregex -.Op Ar pkg-name ... -. -. -.Sh DESCRIPTION -. -.Nm -checks installed packages for known vulnerabilities and generates reports -including references to security advisories. -Its intended audience is system administrators and individual users. -.Pp -.Nm -uses a database maintained by port committers and the FreeBSD security team -to check if security advisories for any installed packages exist. -Note that a current ports tree (or any local copy of the ports tree) is not -required for operation. -.Pp -This package also installs a script into %%PREFIX%%/etc/periodic/security -that regularly updates this database and includes a report of vulnerable -packages in the daily security report. -.Pp -If you have a vulnerable package installed, you are advised to update or -deinstall it immediately. -. -. -.Sh OPTIONS -. -The following options are supported: -.Bl -tag -width ".Fl X" -.It Fl a -Print a vulnerability report for all installed packages. -.It Fl C -Print a vulnerability report for the port in the current working directory. -Mostly useful for port developers. -.It Fl d -Print the creation date of the database. -.It Fl F -Fetch the current database from the -.Fx -servers. -.It Fl q -Quiet mode. -.It Fl V -Show -.Nm -version number. -.It Fl v -Verbose mode. -.It Fl X Ar days -Download a fresh database when the local is at least -.Ar days -old. -.It Fl f Ar file -Check the packages listed in -.Ar file -for known vulnerabilities. -.It Fl r Ar eregex -Restrict listed vulnerabilities to those where a reference matches -.Xr egrep 1 -pattern -.Ar eregex . -Useful to test new entries. -.It Ar pkg-name ... -Test whether -.Ar pkg-name -is listed in the audit database. -.El -.Pp -If no options are given, -.Nm -prints a vulnerability report for all installed packages. -. -. -.Sh EXAMPLES -. -.Bl -item -.It -Fetch the current database and print its creation date: -.Pp -.Dl "portaudit -Fd" -.It -Print a vulnerability report for all installed packages: -.Pp -.Dl "portaudit -a" -.It -Print a vulnerability report for a remote machine: -.Pp -.Dl "ssh remote.example pkg_info | awk '{ print $1 }' | xargs portaudit" -.It -Print a vulnerability report for the local INDEX: -.Pp -.Dl "portaudit -f %%PORTSDIR%%/%%INDEXFILE%%" -.It -Print a vulnerability report for the current set of prebuild packages: -.Pp -.Dl "curl -l ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/All/ | sed -n -e 's/\.t[bg]z[[:cntrl:]]*$//p' | portaudit -f -" -.El -. -. -.Sh FILES -. -.Pa %%PREFIX%%/etc/portaudit.conf , -.Pa %%DATABASEDIR%%/auditfile.tbz -. -. -.Sh SEE ALSO -. -.Xr ports 7 , -.Xr periodic.conf 5 , -.Pa http://www.FreeBSD.org/ports/portaudit/ , -.Pa http://www.FreeBSD.org/security/#adv , -.Pa http://FreeBSD.VuXML.org/ . -. -. -.Sh BUGS -. -Sure to be some. -. -. -.Sh AUTHOR -. -.An Oliver Eikemeier Aq eik@FreeBSD.org -. -. -.Sh HISTORY -. -Package auditing first appeared in -.Nx 1.4.3 . diff --git a/security/portaudit/files/portaudit.conf b/security/portaudit/files/portaudit.conf deleted file mode 100644 index c4b7362594c8..000000000000 --- a/security/portaudit/files/portaudit.conf +++ /dev/null @@ -1,19 +0,0 @@ -# -# Sample configuration file for portaudit(1) -# -# copy to %%PREFIX%%/etc/portaudit.conf -# -# $FreeBSD$ -# - -# specify a proxy if needed, see fetch(3) -#portaudit_fetch_env="FTP_PROXY=http://ftp.proxy.sample/ HTTP_PROXY=http://http.proxy.sample:80/" - -# default fetch command -#portaudit_fetch_cmd="fetch -1amp" - -# specify a local mirror that generates databases with portaudit-db here -#portaudit_sites="http://www.FreeBSD.org/ports/" - -# this vulnerability has been fixed in your FreeBSD version -#portaudit_fixed="d2102505-f03d-11d8-81b0-000347a4fa7d" diff --git a/security/portaudit/files/portaudit.sh b/security/portaudit/files/portaudit.sh deleted file mode 100644 index 8e3b460ec750..000000000000 --- a/security/portaudit/files/portaudit.sh +++ /dev/null @@ -1,61 +0,0 @@ -#!/bin/sh -f -# -# Copyright (c) 2004 Oliver Eikemeier. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are -# met: -# -# 1. Redistributions of source code must retain the above copyright notice -# this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# 3. Neither the name of the author nor the names of its contributors may be -# used to endorse or promote products derived from this software without -# specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# -# $FreeBSD$ -# - -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ]; then - . /etc/defaults/periodic.conf - source_periodic_confs -fi - -rc=0 -case "${daily_status_security_portaudit_enable:-YES}" in - [Nn][Oo]) - ;; - *) - echo - echo "Checking for a current audit database:" - echo - %%PREFIX%%/sbin/portaudit -X "${daily_status_security_portaudit_expiry:-2}" || rc=$? - if [ $rc -lt 2 ]; then - %%PREFIX%%/sbin/portaudit -d - echo - echo "Checking for packages with security vulnerabilities:" - echo - echo %%PREFIX%%/sbin/portaudit -a | - su -fm "${daily_status_security_portaudit_user:-nobody}" || rc=$? - fi - ;; -esac - -exit "$rc" diff --git a/security/portaudit/pkg-deinstall b/security/portaudit/pkg-deinstall deleted file mode 100644 index 948c7135abb6..000000000000 --- a/security/portaudit/pkg-deinstall +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/sh -# -# $FreeBSD$ -# - -case $2 in -POST-DEINSTALL) - echo - echo "The portaudit package has been deleted." - if [ -f "%%DATABASEDIR%%/auditfile.tbz" ]; then - echo "If you're *not* upgrading and won't be using" - echo "it any longer, you may want to remove the" - echo "portaudit database:" - echo - echo " rm -Rf %%DATABASEDIR%%" - fi - echo - ;; -esac diff --git a/security/portaudit/pkg-descr b/security/portaudit/pkg-descr deleted file mode 100644 index 9dd30dd115f6..000000000000 --- a/security/portaudit/pkg-descr +++ /dev/null @@ -1,16 +0,0 @@ -portaudit provides a system to check if installed ports are listed in a -database of published security vulnerabilities. - -After installation it will update this security database automatically and -include its reports in the output of the daily security run. - -If you have found a vulnerability not listed in the database, please contact -the FreeBSD Security Officer . Refer to - - http://www.freebsd.org/security/#sec - -for more information. - -WWW: http://people.freebsd.org/~eik/portaudit/ - -Oliver Eikemeier diff --git a/security/portaudit/pkg-install b/security/portaudit/pkg-install deleted file mode 100644 index 6ee3e0433e46..000000000000 --- a/security/portaudit/pkg-install +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/sh -# -# $FreeBSD$ -# - -PREFIX="${PREFIX:-%%PREFIX%%}" - -case $2 in -PRE-INSTALL) - if egrep -qs "^(FETCH|MASTER_SITE)_" "$PREFIX/etc/portaudit.conf" ;then - echo - echo "*** WARNING ***" - echo - echo "The preference file format has changed. Please edit" - echo " $PREFIX/etc/portaudit.conf" - echo - fi - if egrep -qs "^daily_status_portaudit_" "/etc/periodic.conf" ;then - echo - echo "*** WARNING ***" - echo - echo "The periodic(8) names have changed. Please edit" - echo " /etc/periodic.conf" - echo - fi - ;; -POST-INSTALL) - if [ ! -f "%%DATABASEDIR%%/auditfile.tbz" ]; then - echo - echo "===> To check your installed ports for known vulnerabilities now, do:" - echo - echo " $PREFIX/sbin/portaudit -Fda" - echo - fi - ;; -esac diff --git a/security/portaudit/pkg-plist b/security/portaudit/pkg-plist deleted file mode 100644 index 8edf7bb6dbc8..000000000000 --- a/security/portaudit/pkg-plist +++ /dev/null @@ -1,7 +0,0 @@ -sbin/portaudit -etc/portaudit.conf.sample -%%PERIODICDIR%%/security/410.portaudit -@dirrmtry %%PERIODICDIR%%/security -@dirrmtry %%PERIODICDIR%% -@exec mkdir -p %%DATABASEDIR%% -@unexec rmdir %%DATABASEDIR%% 2>/dev/null || true diff --git a/security/portaudit/pkg-req b/security/portaudit/pkg-req deleted file mode 100644 index 5a8ba2d087db..000000000000 --- a/security/portaudit/pkg-req +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/sh -# -# $FreeBSD$ -# - -case $2 in -INSTALL) - if [ -z "${PKG_INFO}" ]; then - if [ -x "%%LOCALBASE%%/sbin/pkg_info" ]; then - PKG_INFO="%%LOCALBASE%%/sbin/pkg_info" - else - PKG_INFO="/usr/sbin/pkg_info" - fi - fi - - if [ ! -x "${PKG_INFO}" ]; then - echo "${PKG_INFO} missing, please install port sysutils/pkg_install-devel" - exit 1 - fi - - PKG_INSTALL_VER=`${PKG_INFO} -qP 2>/dev/null` - if [ -z "${PKG_INSTALL_VER}" -o "${PKG_INSTALL_VER}" -lt %%REQPKGVER%% ]; then - echo "${PKG_INFO} is too old, please update port sysutils/pkg_install-devel" - exit 1 - fi - - if [ "`echo FreeBSD | tr -s .`" != "FreeBSD" ]; then - echo "tr(1) is broken." - exit 1 - fi - ;; -esac diff --git a/security/vulnerability-test-port/Makefile b/security/vulnerability-test-port/Makefile deleted file mode 100644 index 27642976798e..000000000000 --- a/security/vulnerability-test-port/Makefile +++ /dev/null @@ -1,35 +0,0 @@ -# New ports collection makefile for: vulnerability-test-port -# Date created: 25 Jan 2004 -# Whom: Oliver Eikemeier -# -# $FreeBSD$ -# - -PORTNAME= vulnerability-test-port -PORTVERSION= ${INSTALLATION_DATE} -CATEGORIES= security -DISTFILES= - -MAINTAINER= ports@FreeBSD.org -COMMENT= Standard vulnerability test for port auditing systems - -NO_BUILD= yes - -.if defined(PARALLEL_PACKAGE_BUILD) -IGNORE= is disabled on package building systems -INSTALLATION_DATE= 2004.01.25 -.else -.ifdef INSTALLATION_DATE -MYDATE!= date -j -f "%Y.%m.%d" "${INSTALLATION_DATE}" "+%Y.%m.%d" 2>/dev/null -.if ${MYDATE} != ${INSTALLATION_DATE} -IGNORE= ": \`\`${INSTALLATION_DATE}\'\' is not a legal date. INSTALLATION_DATE must be in the form YYYY.MM.DD" -.endif -.else -INSTALLATION_DATE!= date -u "+%Y.%m.%d" -.endif -.endif - -do-install: - @${DO_NADA} - -.include diff --git a/security/vulnerability-test-port/pkg-descr b/security/vulnerability-test-port/pkg-descr deleted file mode 100644 index a07e1b34e991..000000000000 --- a/security/vulnerability-test-port/pkg-descr +++ /dev/null @@ -1,20 +0,0 @@ -This is a package to test FreeBSD port auditing systems, e.g. portaudit -and the upcoming VuXML based system. Even though it installs no files, -it is registered in the local package database. - -Its version number is automagically the installation date, so that you -can update it every day ;-) If the date is off by one day keep in mind -that the date is in UTC which may differ from your local time up to -twelve hours, depending on the time zone you live in. - -The portaudit database lists yesterday's vulnerability test port as -vulnerable so that it should appear in your security report approximately -after a week, depending on the synchronization schedule of your database. - -If you try install the port with - make INSTALLATION_DATE=`date -u -v-14d "+%Y.%m.%d"` install -the port is instantly flagged as vulnerable and the ports system should -hinder you installing it (currently not implemented), otherwise your -vulnerability database is too old. - -Oliver Eikemeier -- cgit