diff options
| author | eik <eik@FreeBSD.org> | 2004-06-23 16:01:38 +0000 |
|---|---|---|
| committer | eik <eik@FreeBSD.org> | 2004-06-23 16:01:38 +0000 |
| commit | 2b51aad50e5298adf7d994607aee643e9aefa72d (patch) | |
| tree | b575967a16e072cb2c6d70d52eae51ef8ad36ecd /security/portaudit | |
| parent | a80a1799bc3bb9cb8ade38a8cc0e7ebb89ed07fd (diff) | |
| download | FreeBSD-ports-2b51aad50e5298adf7d994607aee643e9aefa72d.zip FreeBSD-ports-2b51aad50e5298adf7d994607aee643e9aefa72d.tar.gz | |
Update to version 0.4, with a new `-f' option.
To check which of the current ports have known vulnerabilities, do
portaudit -f /usr/ports/INDEX
This port requires pkg_install(-devel)>=20040623
Diffstat (limited to 'security/portaudit')
| -rw-r--r-- | security/portaudit/Makefile | 34 | ||||
| -rw-r--r-- | security/portaudit/files/portaudit-cmd.sh | 16 | ||||
| -rw-r--r-- | security/portaudit/files/portaudit.functions | 83 |
3 files changed, 91 insertions, 42 deletions
diff --git a/security/portaudit/Makefile b/security/portaudit/Makefile index 89bdd6b..dfd4f45 100644 --- a/security/portaudit/Makefile +++ b/security/portaudit/Makefile @@ -6,7 +6,7 @@ # PORTNAME= portaudit -PORTVERSION= 0.3.3 +PORTVERSION= 0.4 CATEGORIES= security DISTFILES= @@ -18,19 +18,27 @@ MAN1= portaudit.1 PERIODICDIR?= ${PREFIX}/etc/periodic DATABASEDIR?= /var/db/portaudit +PKGREQ= ${WRKDIR}/pkg-req PKGINSTALL= ${WRKDIR}/pkg-install PKGDEINSTALL= ${WRKDIR}/pkg-deinstall PLIST_SUB+= PERIODICDIR="${PERIODICDIR:S,^${PREFIX}/,,}" \ DATABASEDIR="${DATABASEDIR}" -SED_SCRIPT= -e 's,%%PREFIX%%,${PREFIX},g' \ - -e 's,%%DATABASEDIR%%,${DATABASEDIR},g' +REQPKGVER= 20040623 + +SED_SCRIPT= -e 's|%%PREFIX%%|${PREFIX}|g' \ + -e 's|%%LOCALBASE%%|${LOCALBASE}|g' \ + -e "s|%%DATADIR%%|${DATADIR}|g" \ + -e "s|%%DATABASEDIR%%|${DATABASEDIR}|g" \ + -e "s|%%PORTVERSION%%|${PORTVERSION}|g" \ + -e "s|%%REQPKGVER%%|${REQPKGVER}|g" \ + -e "s|%%BZIP2_CMD%%|${BZIP2_CMD}|g" \ PKG_INFO_BASE?= /usr/sbin/pkg_info BASEPKGVER!= ${PKG_INFO_BASE} -qP 2>/dev/null || ${TRUE} -.if ${BASEPKGVER} < 20040125 +.if ${BASEPKGVER} < ${REQPKGVER} RUN_DEPENDS= ${LOCALBASE}/sbin/pkg_info:${PORTSDIR}/sysutils/pkg_install-devel .endif @@ -42,22 +50,24 @@ RUN_DEPENDS+= bzip2:${PORTSDIR}/archivers/bzip2 do-build: .for f in portaudit-cmd.sh portaudit.sh fetchaudit.sh portaudit.functions portaudit.1 portaudit.conf - @${SED} -e "s|%%DATADIR%%|${DATADIR}|g" \ - -e "s|%%DATABASEDIR%%|${DATABASEDIR}|g" \ - -e "s|%%PREFIX%%|${PREFIX}|g" \ - -e "s|%%LOCALBASE%%|${LOCALBASE}|g" \ - -e "s|%%PORTVERSION%%|${PORTVERSION}|g" \ - -e "s|%%BZIP2_CMD%%|${BZIP2_CMD}|g" \ - ${FILESDIR}/${f} > ${WRKDIR}/${f} + @${SED} ${SED_SCRIPT} ${FILESDIR}/${f} > ${WRKDIR}/${f} .endfor post-build: -.for text in pkg-install pkg-deinstall +.for text in pkg-req pkg-install pkg-deinstall @if [ -f ${PKGDIR}/${text} ]; then \ ${SED} ${SED_SCRIPT} ${PKGDIR}/${text} >${WRKDIR}/${text}; \ fi .endfor +pre-install: + @if [ -f ${PKGREQ} ]; then \ + ${SETENV} "PKG_PREFIX=${PREFIX}" ${SH} ${PKGREQ} ${PKGNAME} INSTALL; \ + fi + @if [ -f ${PKGINSTALL} ]; then \ + ${SETENV} "PKG_PREFIX=${PREFIX}" ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL; \ + fi + do-install: @${INSTALL_SCRIPT} ${WRKDIR}/portaudit-cmd.sh ${PREFIX}/bin/portaudit @${INSTALL_MAN} ${WRKDIR}/portaudit.1 ${MAN1PREFIX}/man/man1 diff --git a/security/portaudit/files/portaudit-cmd.sh b/security/portaudit/files/portaudit-cmd.sh index 2df9a0f..54c1f02 100644 --- a/security/portaudit/files/portaudit-cmd.sh +++ b/security/portaudit/files/portaudit-cmd.sh @@ -37,17 +37,18 @@ portaudit_confs opt_audit=false opt_auditcwd=false opt_audittree=false -opt_verbose=false -opt_version=false opt_dbversion=false opt_fetch=false +opt_file= opt_quiet=false +opt_verbose=false +opt_version=false if [ $# -eq 0 ] ; then opt_audit=true fi -while getopts aACvVdFq opt; do +while getopts aACdf:FqvV opt; do case "$opt" in a) opt_audit=true;; @@ -57,6 +58,8 @@ while getopts aACvVdFq opt; do opt_auditcwd=true;; d) opt_dbversion=true;; + f) + opt_file=$OPTARG;; F) opt_fetch=true;; q) @@ -66,7 +69,7 @@ while getopts aACvVdFq opt; do V) opt_version=true;; ?) - echo "Usage: $0 -aACvVdFq" + echo "Usage: $0 -aACvVdFq [-f file]" exit 2;; esac done @@ -143,3 +146,8 @@ if $opt_audittree; then echo "${VULCNT} ports with unmarked vulnerabilities." fi + +if [ -n "$opt_file" ]; then + portaudit_prerequisites + audit_file "$opt_file" +fi diff --git a/security/portaudit/files/portaudit.functions b/security/portaudit/files/portaudit.functions index fd0f6c4..f3b6e21 100644 --- a/security/portaudit/files/portaudit.functions +++ b/security/portaudit/files/portaudit.functions @@ -116,7 +116,7 @@ portaudit_prerequisites() fi PKG_INSTALL_VER=`${PKG_INFO} -qP 2>/dev/null` - if [ -z "${PKG_INSTALL_VER}" -o "${PKG_INSTALL_VER}" -lt 20040125 ]; then + if [ -z "${PKG_INSTALL_VER}" -o "${PKG_INSTALL_VER}" -lt %%REQPKGVER%% ]; then echo "${PKG_INFO} is too old, please update port sysutils/pkg_install-devel" return 1 fi @@ -139,28 +139,59 @@ portaudit_prerequisites() audit_installed() { - extract_auditfile | /usr/bin/awk -F\| " + extract_auditfile | /usr/bin/awk -F\| ' BEGIN { vul=0 } /^(#|\$)/ { next } { - cmd=\"${PKG_INFO} -E \\\"\" \$1 \"\\\"\" + cmd="'"${PKG_INFO}"' -E \"" $1 "\"" while((cmd | getline pkg) > 0) { vul++ - print \"Affected package: \" pkg \"\\n\" \ - \"Type of problem: \" \$3 \".\\n\" \ - \"Reference: <\" \$2 \">\\n\" + split($2, ref, / /) + print "Affected package: " pkg + print "Type of problem: " $3 "." + for (r in ref) + print "Reference: <" ref[r] ">" + print "" } close(cmd) } END { - print vul \" problem(s) in your installed packages found.\" + print vul " problem(s) in your installed packages found." if (vul > 0) { - print \"\nYou are advised to update or deinstall\" \ - \" the affected package(s) immediately.\" + print "\nYou are advised to update or deinstall" \ + " the affected package(s) immediately." exit(1) } } - " + ' +} + +audit_file() +{ + extract_auditfile | /usr/bin/awk -F\| ' + BEGIN { vul=0 } + /^(#|\$)/ { next } + { + cmd="'"${PKG_VERSION}"' -T - \"" $1 "\" <\"'"${1}"'\"" + while((cmd | getline pkg) > 0) { + vul++ + split($2, ref, / /) + split(pkg, p) + print "Affected package: " p[1] + print "Type of problem: " $3 "." + for (r in ref) + print "Reference: <" ref[r] ">" + print "" + } + close(cmd) + } + END { + print vul " problem(s) in found." + if (vul > 0) { + exit(1) + } + } + ' } audit_cwd() @@ -174,22 +205,22 @@ audit_cwd() FORBIDDEN=`echo "${PKGSTATE}" | /usr/bin/sed -ne '2p'` PKGORIGIN=`echo "${PKGSTATE}" | /usr/bin/sed -ne '3p'` - VLIST=`extract_auditfile | /usr/bin/awk -F\| " \ - /^[^#]/ { \ - if (!system(\"${PKG_VERSION} -T '${PKGNAME}' '\" \\$1 \"'\")) \ - print \"- <\" \\$2 \">\" \ - } \ - "` - - if [ -n "${VLIST}" -a -z "${FORBIDDEN}" ]; then - echo - echo "Port ${PKGNAME} (${PKGORIGIN}) should be marked FORBIDDEN:" - echo "${VLIST}" - VULCNT=$((${VULCNT}+1)) - elif $opt_verbose && [ -n "${VLIST}" ]; then - echo - echo "Good: port ${PKGNAME} (${PKGORIGIN}) is marked FORBIDDEN: ${FORBIDDEN}" - echo "${VLIST}" + if VLIST=`extract_auditfile | /usr/bin/grep -v '^#' | ${PKG_VERSION} -T "${PKGNAME}" -`; then + if [ -z "${FORBIDDEN}" ]; then + echo + echo "Port ${PKGNAME} (${PKGORIGIN}) should be marked FORBIDDEN:" + VULCNT=$((${VULCNT}+1)) + elif $opt_verbose; then + echo + echo "Good: port ${PKGNAME} (${PKGORIGIN}) is marked FORBIDDEN: ${FORBIDDEN}" + fi + if [ -z "${FORBIDDEN}" ] || $opt_verbose; then + echo "${VLIST}" | /usr/bin/awk -F\| '{ + split($2, ref, / /) + for (r in ref) + print "- <" ref[r] ">" + }' + fi fi } |
