portaudit-db generates a portaudit database from a current

ports tree. It also features a file `database/portaudit.txt' where UUIDs for vulnerabilities can be allocated quickly before they are moved to the VuXML database. Call `packaudit' after upgrading your ports tree.
author: Oliver Eikemeier <eik@FreeBSD.org> 2004-06-12 22:43:44 +0000
committer: Oliver Eikemeier <eik@FreeBSD.org> 2004-06-12 22:43:44 +0000
commit: 53ec7442a9325113735ee05e7835d4ac9f2b4c7c (patch)
tree: df3c2f585996309f1dd45175706e6ec349c8c84f /ports-mgmt
parent: Fix build with gcc34 (diff)
10 files changed, 644 insertions, 0 deletions
diff --git a/ports-mgmt/portaudit-db/Makefile b/ports-mgmt/portaudit-db/Makefile
new file mode 100644
index 000000000000..2a48688047d5
--- /dev/null
+++ b/ports-mgmt/portaudit-db/Makefile
@@ -0,0 +1,41 @@
+# New ports collection makefile for:	portaudit-db
+# Date created:				12 Jun 2004
+# Whom:					Oliver Eikemeier
+#
+# $FreeBSD$
+#
+
+PORTNAME=	portaudit-db
+PORTVERSION=	0.1
+CATEGORIES=	security
+DISTFILES=
+
+MAINTAINER=	eik@FreeBSD.org
+COMMENT=	Creates a portaudit database from a current ports tree
+
+RUN_DEPENDS=	xsltproc:${PORTSDIR}/textproc/libxslt
+
+DATABASEDIR?=	${AUDITFILE:H}
+
+PLIST_SUB+=	DATABASEDIR="${DATABASEDIR}"
+
+SED_SCRIPT=	-e 's,%%PREFIX%%,${PREFIX},g' \
+		-e "s|%%DATADIR%%|${DATADIR}|g" \
+		-e "s|%%LOCALBASE%%|${LOCALBASE}|g" \
+		-e "s|%%PORTSDIR%%|${PORTSDIR}|g" \
+		-e "s|%%PORTVERSION%%|${PORTVERSION}|g" \
+		-e "s|%%DATABASEDIR%%|${DATABASEDIR}|g"
+
+do-build:
+	@for f in packaudit.sh packaudit.conf; do \
+		${SED} ${SED_SCRIPT} "${FILESDIR}/$$f" > "${WRKDIR}/$$f"; \
+	done
+
+do-install:
+	@${INSTALL_SCRIPT} ${WRKDIR}/packaudit.sh ${PREFIX}/bin/packaudit
+	@${INSTALL_DATA} ${WRKDIR}/packaudit.conf ${PREFIX}/etc/packaudit.conf.sample
+	@${MKDIR} ${DATADIR}
+	@${INSTALL_DATA} ${FILESDIR}/vuxml2html.xslt ${FILESDIR}/vuxml2portaudit.xslt ${DATADIR}
+	@${MKDIR} ${DATABASEDIR}
+
+.include <bsd.port.mk>
diff --git a/ports-mgmt/portaudit-db/database/portaudit.txt b/ports-mgmt/portaudit-db/database/portaudit.txt
new file mode 100644
index 000000000000..7d3a72b5aff2
--- /dev/null
+++ b/ports-mgmt/portaudit-db/database/portaudit.txt
@@ -0,0 +1,7 @@
+# portaudit text based database
+# $FreeBSD$
+smtpproxy<=1.1.3|http://0xbadc0ded.org/advisories/0402.txt|remotely exploitable format string vulnerability|1abf65f9-bc9d-11d8-916c-000347dd607f
+apache<1.3.31_1|http://www.apacheweek.com/features/security-13|mod_proxy buffer overflow (CAN-2004-0492)|5bcd500c-bc9d-11d8-916c-000347dd607f
+apache+mod_ssl<1.3.31+2.8.18_3|http://www.apacheweek.com/features/security-13|mod_proxy buffer overflow (CAN-2004-0492)|5bcd500c-bc9d-11d8-916c-000347dd607f
+apache<2.0.49_1|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0488|mod_ssl stack-based buffer overflow|662cd99e-bc9d-11d8-916c-000347dd607f
+apache+mod_ssl*<1.3.31+2.8.18_4|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0488|mod_ssl stack-based buffer overflow|662cd99e-bc9d-11d8-916c-000347dd607f
diff --git a/ports-mgmt/portaudit-db/database/portaudit.xlist b/ports-mgmt/portaudit-db/database/portaudit.xlist
new file mode 100644
index 000000000000..48700b58868a
--- /dev/null
+++ b/ports-mgmt/portaudit-db/database/portaudit.xlist
@@ -0,0 +1,4 @@
+# portaudit exclude list
+# $FreeBSD$
+3362f2c1-8344-11d8-a41f-0020ed76ef5a
+5e7f58c3-b3f8-4258-aeb8-795e5e940ff8
diff --git a/ports-mgmt/portaudit-db/database/portaudit.xml b/ports-mgmt/portaudit-db/database/portaudit.xml
new file mode 100644
index 000000000000..ae616f4cbf7e
--- /dev/null
+++ b/ports-mgmt/portaudit-db/database/portaudit.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+This file is in the public domain.
+  $FreeBSD$
+-->
+<!DOCTYPE vuxml PUBLIC "-//vuxml.org//DTD VuXML 1.1//EN" "http://www.vuxml.org/dtd/vuxml-1/vuxml-11.dtd">
+<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+
+  <vuln vid="42e330ab-82a4-11d8-868e-000347dd607f">
+    <topic>MPlayer remotely exploitable buffer overflow in the ASX parser</topic>
+    <affects>
+      <package>
+        <name>mplayer</name>
+        <name>mplayer-esound</name>
+        <name>mplayer-gtk</name>
+        <name>mplayer-gtk-esound</name>
+        <range><lt>0.92</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+        <p>A remotely exploitable buffer overflow vulnerability was found in
+          MPlayer. A malicious host can craft a harmful ASX header,
+          and trick MPlayer into executing arbitrary code upon parsing that header.</p>
+      </body>
+    </description>
+    <references>
+      <url>http://www.mplayerhq.hu/</url>
+      <url>http://www.securityfocus.com/archive/1/339330</url>
+      <url>http://www.securityfocus.com/archive/1/339193</url>
+      <cvename>CAN-2003-0835</cvename>
+      <bid>8702</bid>
+    </references>
+    <dates>
+      <discovery>2003-09-24</discovery>
+      <entry>2004-03-30</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="d8c46d74-8288-11d8-868e-000347dd607f">
+    <topic>MPlayer remotely exploitable buffer overflow in the HTTP parser</topic>
+    <affects>
+      <package>
+        <name>mplayer</name>
+        <name>mplayer-esound</name>
+        <name>mplayer-gtk</name>
+        <name>mplayer-gtk-esound</name>
+        <range><lt>0.92.1</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+        <p>A remotely exploitable buffer overflow vulnerability was found in
+          MPlayer. A malicious host can craft a harmful HTTP header (&quot;Location:&quot;),
+          and trick MPlayer into executing arbitrary code upon parsing that header.</p>
+      </body>
+    </description>
+    <references>
+      <url>http://www.mplayerhq.hu/</url>
+      <url>http://www.securityfocus.com/archive/1/359029</url>
+      <url>http://www.securityfocus.com/archive/1/359025</url>
+    </references>
+    <dates>
+      <discovery>2004-03-29</discovery>
+      <entry>2004-03-30</entry>
+    </dates>
+  </vuln>
+
+</vuxml>
diff --git a/ports-mgmt/portaudit-db/files/packaudit.conf b/ports-mgmt/portaudit-db/files/packaudit.conf
new file mode 100644
index 000000000000..6b952effc14f
--- /dev/null
+++ b/ports-mgmt/portaudit-db/files/packaudit.conf
@@ -0,0 +1,9 @@
+#
+# $FreeBSD$
+#
+# packaudit.conf sample file
+#
+
+# avoid network access
+export SGML_CATALOG_FILES="%%LOCALBASE%%/share/xml/catalog"
+XSLTPROC_EXTRA_ARGS="--catalogs --nonet"
diff --git a/ports-mgmt/portaudit-db/files/packaudit.sh b/ports-mgmt/portaudit-db/files/packaudit.sh
new file mode 100644
index 000000000000..ff8ebd767625
--- /dev/null
+++ b/ports-mgmt/portaudit-db/files/packaudit.sh
@@ -0,0 +1,112 @@
+#!/bin/sh -e
+#
+# Copyright (c) 2004 Oliver Eikemeier. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+# 1. Redistributions of source code must retain the above copyright notice
+#    this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the author nor the names of its contributors may be
+#    used to endorse or promote products derived from this software without
+#    specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+AWK=/usr/bin/awk
+BASENAME=/usr/bin/basename
+CAT=/bin/cat
+DATE=/bin/date
+ENV=/usr/bin/env
+MD5=/sbin/md5
+MKTEMP=/usr/bin/mktemp
+RM=/bin/rm
+SED=/usr/bin/sed
+TAR=/usr/bin/tar
+XSLTPROC=%%LOCALBASE%%/bin/xsltproc
+
+PORTSDIR="${PORTSDIR:-%%PORTSDIR%%}"
+VUXMLDIR="${VUXMLDIR:-$PORTSDIR/security/vuxml}"
+PORTAUDITDBDIR="${PORTAUDITDBDIR:-$PORTSDIR/security/portaudit-db}"
+
+DATABASEDIR="${DATABASEDIR:-%%DATABASEDIR%%}"
+
+STYLESHEET="%%DATADIR%%/vuxml2portaudit.xslt"
+
+PUBLIC_HTML="${PUBLIC_HTML:-$HOME/public_html/portaudit}"
+HTMLSHEET="%%DATADIR%%/vuxml2html.xslt"
+BASEURL="http://people.freebsd.org/~eik/portaudit/"
+
+[ -r "%%PREFIX%%/etc/packaudit.conf" ] && . "%%PREFIX%%/etc/packaudit.conf"
+
+VULVER=`$SED -En -e '/^.*\\$FreeBSD\: [^$ ]+,v ([0-9]+(\.[0-9]+)+) [^$]+\\$.*$/{s//\1/p;q;}' "$VUXMLDIR/vuln.xml"`
+VULURL="http://cvsweb.freebsd.org/ports/security/vuxml/vuln.xml?rev=$VULVER"
+
+if [ -d "$PUBLIC_HTML" ]; then
+  VULNMD5=`$CAT "$VUXMLDIR/vuln.xml" "$PORTAUDITDBDIR/database/portaudit.xml" | $MD5`
+  if [ -f "$PUBLIC_HTML/portaudit.md5" ]; then
+    VULNMD5_OLD=`$CAT "$PUBLIC_HTML/portaudit.md5"`
+  fi
+  if [ "$VULNMD5" != "$VULNMD5_OLD" ]; then
+    echo -n "$VULNMD5" > "$PUBLIC_HTML/portaudit.md5"
+    $XSLTPROC $XSLTPROC_EXTRA_ARGS --stringparam vulurl "$VULURL" --stringparam extradoc "$PORTAUDITDBDIR/database/portaudit.xml" \
+      -o "$PUBLIC_HTML/" "$HTMLSHEET" "$VUXMLDIR/vuln.xml"
+  fi
+fi
+
+TMPNAME=`$BASENAME "$0"`
+TMPDIR=`$MKTEMP -d -t "$TMPNAME.$$"` || exit 1
+
+TESTPORT="vulnerability-test-port>=2000<`$DATE -u +%Y.%m.%d`"
+TESTURL="http://cvsweb.freebsd.org/ports/security/vulnerability-test-port/"
+TESTREASON="Not vulnerable, just a test port (database: `$DATE -u +%Y-%m-%d`)"
+
+XLIST_FILE="$PORTAUDITDBDIR/database/portaudit.xlist"
+
+cd "$TMPDIR" || exit 1
+{
+  $DATE -u "+#CREATED: %Y-%m-%d %H:%M:%S"
+  echo "# Created by packaudit %%PORTVERSION%%"
+  echo "$TESTPORT|$TESTURL|$TESTREASON"
+  echo "# Please refer to the original document for copyright information:"
+  echo "# $VULURL"
+  $XSLTPROC $XSLTPROC_EXTRA_ARGS --stringparam baseurl "$BASEURL" "$STYLESHEET" "$VUXMLDIR/vuln.xml"
+  echo "# This part is in the public domain"
+  $XSLTPROC $XSLTPROC_EXTRA_ARGS --stringparam baseurl "$BASEURL" "$STYLESHEET" "$PORTAUDITDBDIR/database/portaudit.xml"
+  $CAT "$PORTAUDITDBDIR/database/portaudit.txt"
+} | $AWK -F\| -v XLIST_FILE="$XLIST_FILE" '
+  BEGIN {
+    while((getline < XLIST_FILE) > 0)
+      if(!/^(#|$)/)
+        ignore[$1]=1
+  }
+  /^(#|$)/ {
+    print
+    next
+  }
+  {
+    if (!ignore[$4])
+      print $1 "|" $2 "|" $3
+  }' > auditfile
+echo "#CHECKSUM: MD5 `$MD5 < auditfile`" >> auditfile
+$TAR -jcf "$DATABASEDIR/auditfile.tbz" auditfile
+cd
+$RM -Rf "$TMPDIR"
diff --git a/ports-mgmt/portaudit-db/files/vuxml2html.xslt b/ports-mgmt/portaudit-db/files/vuxml2html.xslt
new file mode 100644
index 000000000000..75a5e4cfc48b
--- /dev/null
+++ b/ports-mgmt/portaudit-db/files/vuxml2html.xslt
@@ -0,0 +1,287 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+  $FreeBSD$
+
+Copyright (c) 2004 Oliver Eikemeier. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice,
+   this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+3. Neither the name of the author nor the names of its contributors may be
+   used to endorse or promote products derived from this software without
+   specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+VuXML to HTML converter.
+
+Usage:
+  xsltproc -o html/ vuxml2html.xslt vuxml.xml
+
+-->
+<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:xhtml="http://www.w3.org/1999/xhtml" xmlns:vuxml="http://www.vuxml.org/apps/vuxml-1" xmlns="http://www.w3.org/1999/xhtml" exclude-result-prefixes="xhtml vuxml" version="1.0">
+  <xsl:output method="xml"/>
+  <xsl:strip-space elements="vuxml:affects vuxml:package vuxml:name vuxml:range" />
+<!-- whole vuxml file -->
+  <xsl:template match="vuxml:vuxml">
+<!-- index page, xhtml strict -->
+    <xsl:document href="index.html" method="xml" indent="yes" encoding="UTF-8" doctype-public="-//W3C//DTD XHTML 1.0 Strict//EN" doctype-system="http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+      <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+        <head>
+          <title>portaudit: Vulnerability list</title>
+          <xsl:call-template name="css"/>
+        </head>
+        <body>
+          <div>
+            <xsl:call-template name="bar"/>
+          </div>
+          <h1>Vulnerabilities</h1>
+          <table>
+            <xsl:for-each select="vuxml:vuln | document($extradoc)/vuxml:vuxml/vuxml:vuln">
+              <xsl:sort select="(vuxml:dates/vuxml:modified | vuxml:dates/vuxml:entry)[1]" order="descending"/>
+              <tr>
+                <td>
+                  <xsl:value-of select="(vuxml:dates/vuxml:modified | vuxml:dates/vuxml:entry)[1]"/>
+                </td>
+                <td>
+                  <a href="{translate(@vid, 'ABCDEF', 'abcdef')}.html">
+                    <xsl:value-of select="vuxml:topic"/>
+                  </a>
+                </td>
+              </tr>
+            </xsl:for-each>
+          </table>
+          <p>
+            <a href="index-pkg.html">[Sorted by package name]</a>
+          </p>
+          <xsl:call-template name="foo"/>
+        </body>
+      </html>
+    </xsl:document>
+<!-- index page by packages, xhtml strict -->
+    <xsl:document href="index-pkg.html" method="xml" indent="yes" encoding="UTF-8" doctype-public="-//W3C//DTD XHTML 1.0 Strict//EN" doctype-system="http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+      <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+        <head>
+          <title>portaudit: Vulnerability list by packages</title>
+          <xsl:call-template name="css"/>
+        </head>
+        <body>
+          <div>
+            <xsl:call-template name="bar"/>
+          </div>
+          <h1>Vulnerabilities</h1>
+          <table>
+            <xsl:for-each select="//vuxml:affects/vuxml:package/vuxml:name | document($extradoc)//vuxml:affects/vuxml:package/vuxml:name">
+              <xsl:sort select="translate(., 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz')"/>
+              <xsl:sort select="(ancestor-or-self::vuxml:vuln/vuxml:dates/vuxml:modified | ancestor-or-self::vuxml:vuln/vuxml:dates/vuxml:entry)[1]" order="descending"/>
+              <tr>
+                <td>
+                  <xsl:value-of select="."/>
+                </td>
+                <td>
+                  <a href="{translate(ancestor-or-self::vuxml:vuln/@vid, 'ABCDEF', 'abcdef')}.html">
+                    <xsl:value-of select="ancestor-or-self::vuxml:vuln/vuxml:topic"/>
+                  </a>
+                </td>
+              </tr>
+            </xsl:for-each>
+          </table>
+          <p>
+            <a href="index.html">[Sorted by last modification]</a>
+          </p>
+          <xsl:call-template name="foo"/>
+        </body>
+      </html>
+    </xsl:document>
+<!-- individual pages, xhtml strict -->
+    <xsl:for-each select="vuxml:vuln | document($extradoc)/vuxml:vuxml/vuxml:vuln">
+      <xsl:document href="{translate(@vid, 'ABCDEF', 'abcdef')}.html" method="xml" indent="yes" encoding="UTF-8" doctype-public="-//W3C//DTD XHTML 1.0 Strict//EN" doctype-system="http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+        <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+          <head>
+            <title>portaudit: <xsl:value-of select="vuxml:topic"/></title>
+            <xsl:call-template name="css"/>
+          </head>
+          <body>
+            <div>
+              <xsl:call-template name="bar"/>
+            </div>
+            <h1>
+              <xsl:value-of select="vuxml:topic"/>
+            </h1>
+            <h2>Description:</h2>
+            <xsl:copy-of select="vuxml:description/xhtml:body/*"/>
+            <h2>References:</h2>
+            <ul>
+              <xsl:apply-templates select="vuxml:references"/>
+            </ul>
+            <h2>Affects:</h2>
+            <ul>
+              <xsl:for-each select="vuxml:affects/vuxml:package">
+                <xsl:for-each select="vuxml:name">
+                  <xsl:variable name="name" select="."/>
+                  <xsl:for-each select="../vuxml:range">
+                    <li>
+                      <xsl:value-of select="$name"/>
+                      <xsl:apply-templates/>
+                    </li>
+                  </xsl:for-each>
+                </xsl:for-each>
+              </xsl:for-each>
+              <xsl:for-each select="vuxml:affects/vuxml:system">
+                <xsl:for-each select="vuxml:name">
+                  <xsl:variable name="name" select="."/>
+                  <xsl:for-each select="../vuxml:range">
+                    <li>
+                      <xsl:value-of select="$name"/>
+                      <xsl:apply-templates/>
+                    </li>
+                  </xsl:for-each>
+                </xsl:for-each>
+              </xsl:for-each>
+            </ul>
+            <xsl:call-template name="foo"/>
+          </body>
+        </html>
+      </xsl:document>
+    </xsl:for-each>
+<!-- end of vuxml file processing -->
+  </xsl:template>
+<!-- vulnerability references -->
+  <xsl:template match="vuxml:url">
+    <li>
+      <a href="{.}">
+        <xsl:value-of select="."/>
+      </a>
+    </li>
+  </xsl:template>
+  <xsl:template match="vuxml:cvename">
+    <li>CVE name <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name={text()}"><xsl:value-of select="text()"/></a></li>
+  </xsl:template>
+  <xsl:template match="vuxml:bid">
+    <li>BugTraq ID <a href="http://www.securityfocus.com/bid/{.}"><xsl:value-of select="."/></a></li>
+  </xsl:template>
+  <xsl:template match="vuxml:certsa">
+    <li>CERT security advisory <a href="http://www.cert.org/advisories/{.}.html"><xsl:value-of select="."/></a></li>
+  </xsl:template>
+  <xsl:template match="vuxml:certvu">
+    <li>CERT vulnerability note <a href="http://www.kb.cert.org/vuls/id/{.}"><xsl:value-of select="."/></a></li>
+  </xsl:template>
+  <xsl:template match="vuxml:freebsdsa">
+    <li>FreeBSD security advisory <a href="ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-{.}.asc">FreeBSD-<xsl:value-of select="."/></a></li>
+  </xsl:template>
+<!-- comparison operators -->
+  <xsl:template match="vuxml:lt">
+    <xsl:text> &lt;</xsl:text>
+    <xsl:value-of select="text()"/>
+  </xsl:template>
+  <xsl:template match="vuxml:le">
+    <xsl:text> &lt;=</xsl:text>
+    <xsl:value-of select="text()"/>
+  </xsl:template>
+  <xsl:template match="vuxml:gt">
+    <xsl:text> &gt;</xsl:text>
+    <xsl:value-of select="text()"/>
+  </xsl:template>
+  <xsl:template match="vuxml:ge">
+    <xsl:text> &gt;=</xsl:text>
+    <xsl:value-of select="text()"/>
+  </xsl:template>
+  <xsl:template match="vuxml:eq">
+    <xsl:text> =</xsl:text>
+    <xsl:value-of select="text()"/>
+  </xsl:template>
+<!-- style sheet -->
+  <xsl:template name="css">
+    <link rel="shortcut icon" href="http://www.freebsd.org/favicon.ico" type="image/x-icon"/>
+    <style type="text/css">
+      <xsl:comment>
+        <xsl:text>
+        body {
+          background-color : #ffffff;
+          color : #000000;
+        }
+
+        a:link { color: #0000ff }
+        a:visited { color: #840084 }
+        a:active { color: #0000ff }
+
+        h1 { color: #990000 }
+
+        img { color: white; border:none }
+
+        table {
+          border: none;
+          margin-top: 10px;
+          margin-bottom: 10px;
+        }
+
+        th {
+          text-align: left;
+          padding: 3px;
+          border: none;
+          vertical-align: top;
+        }
+
+        td {
+          padding: 3px;
+          border: none;
+          vertical-align: top;
+        }
+
+        tr.odd {
+          background: #eeeeee;
+          color: inherit;
+        }
+      </xsl:text>
+      </xsl:comment>
+    </style>
+  </xsl:template>
+<!-- xhtml elements -->
+  <xsl:template name="bar">
+    <img src="http://www.freebsd.org/gifs/bar.gif" alt="Navigation Bar" height="33" width="565" usemap="#bar"/>
+    <map id="bar" name="bar">
+      <area shape="rect" coords="1,1,111,33" href="http://www.freebsd.org/" alt="Top"/>
+      <area shape="rect" coords="112,16,196,33" href="http://www.freebsd.org/ports/index.html" alt="Applications"/>
+      <area shape="rect" coords="197,16,256,33" href="http://www.freebsd.org/support.html" alt="Support"/>
+      <area shape="rect" coords="257,16,365,33" href="http://www.freebsd.org/docs.html" alt="Documentation"/>
+      <area shape="rect" coords="366,16,424,33" href="http://www.freebsd.org/commercial/commercial.html" alt="Vendors"/>
+      <area shape="rect" coords="425,16,475,33" href="http://www.freebsd.org/search/search.html" alt="Search"/>
+      <area shape="rect" coords="476,16,516,33" href="http://www.freebsd.org/search/index-site.html" alt="Index"/>
+      <area shape="rect" coords="517,16,565,33" href="http://www.freebsd.org/" alt="Top"/>
+      <area shape="rect" coords="0,0,565,33" href="http://www.freebsd.org/" alt="Top"/>
+    </map>
+  </xsl:template>
+  <xsl:template name="foo">
+    <hr/>
+    <p><strong>Disclaimer:</strong> The data contained on this page is derived for the VuXML document,
+    please refer to the <a href="{$vulurl}">the original document</a> for copyright information. The author of
+    portaudit makes no claim of authorship or ownership of any of the information contained herein.</p>
+      <p>
+        If you have found a vulnerability in a FreeBSD port not listed in the
+        database, please <a href="mailto:security-officer@FreeBSD.org">contact the
+        FreeBSD Security Officer</a>. Refer to
+        <a href="http://www.freebsd.org/security/#sec">"FreeBSD Security
+        Information"</a> for more information.
+        </p>
+    <hr/>
+    <address title="Oliver Eikemeier">
+      Oliver Eikemeier <a href="mailto:eik@FreeBSD.org?subject=portaudit">&lt;eik@FreeBSD.org&gt;</a>
+    </address>
+  </xsl:template>
+</xsl:stylesheet>
diff --git a/ports-mgmt/portaudit-db/files/vuxml2portaudit.xslt b/ports-mgmt/portaudit-db/files/vuxml2portaudit.xslt
new file mode 100644
index 000000000000..60beed5ec52e
--- /dev/null
+++ b/ports-mgmt/portaudit-db/files/vuxml2portaudit.xslt
@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+  $FreeBSD$
+
+Copyright (c) 2004 Oliver Eikemeier. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice,
+   this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+3. Neither the name of the author nor the names of its contributors may be
+   used to endorse or promote products derived from this software without
+   specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, 
+INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND 
+FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 
+COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 
+INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+VuXML to portaudit database converter.
+
+Usage:
+  xsltproc -o auditfile vuxml2portaudit.xslt vuxml.xml
+
+-->
+<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:vuxml="http://www.vuxml.org/apps/vuxml-1" version="1.0">
+  <xsl:output method="text"/>
+  <xsl:variable name="newline">
+    <xsl:text>&#010;</xsl:text>
+  </xsl:variable>
+<!-- xxx -->
+  <xsl:strip-space elements="vuxml:affects vuxml:package vuxml:name vuxml:range"/>
+  <xsl:template match="/">
+    <xsl:text># Converted by vuxml2portaudit
+</xsl:text>
+    <xsl:for-each select="vuxml:vuxml/vuxml:vuln">
+      <xsl:variable name="topic" select="normalize-space(vuxml:topic)"/>
+      <xsl:variable name="vid" select="translate(@vid, 'ABCDEF', 'abcdef')"/>
+      <xsl:for-each select="vuxml:affects/vuxml:package">
+        <xsl:for-each select="vuxml:name">
+          <xsl:variable name="name" select="."/>
+          <xsl:for-each select="../vuxml:range">
+            <xsl:value-of select="$name"/>
+            <xsl:apply-templates/>
+            <xsl:text>|</xsl:text>
+            <xsl:value-of select="$baseurl"/>
+            <xsl:value-of select="$vid"/>
+            <xsl:text>.html</xsl:text>
+            <xsl:text>|</xsl:text>
+            <xsl:value-of select="$topic"/>
+            <xsl:text>|</xsl:text>
+            <xsl:value-of select="$vid"/>
+            <xsl:value-of select="$newline"/>
+          </xsl:for-each>
+        </xsl:for-each>
+      </xsl:for-each>
+    </xsl:for-each>
+  </xsl:template>
+<!-- xxx -->
+  <xsl:template match="vuxml:lt">
+    <xsl:text>&lt;</xsl:text>
+    <xsl:value-of select="text()"/>
+  </xsl:template>
+  <xsl:template match="vuxml:le">
+    <xsl:text>&lt;=</xsl:text>
+    <xsl:value-of select="text()"/>
+  </xsl:template>
+  <xsl:template match="vuxml:gt">
+    <xsl:text>&gt;</xsl:text>
+    <xsl:value-of select="text()"/>
+  </xsl:template>
+  <xsl:template match="vuxml:ge">
+    <xsl:text>&gt;=</xsl:text>
+    <xsl:value-of select="text()"/>
+  </xsl:template>
+  <xsl:template match="vuxml:eq">
+    <xsl:text>=</xsl:text>
+    <xsl:value-of select="text()"/>
+  </xsl:template>
+</xsl:stylesheet>
diff --git a/ports-mgmt/portaudit-db/pkg-descr b/ports-mgmt/portaudit-db/pkg-descr
new file mode 100644
index 000000000000..85b315a9d87b
--- /dev/null
+++ b/ports-mgmt/portaudit-db/pkg-descr
@@ -0,0 +1,16 @@
+In contrast to security/portaudit, which is designed to be an
+install-and-forget solution, portaudit-db requires a current
+ports tree and generates a database that can be used locally
+or distributed over a network.
+
+Furthermore committers that want to add entries to the VuXML
+database may use this port to check their changes locally.
+It also features a file `database/portaudit.txt' where UUIDs
+for vulnerabilities can be allocated before they have been
+investigated thoroughly and moved to the VuXML database by
+the security officer team.
+
+Call `packaudit' after upgrading your ports tree.
+
+WWW: http://people.freebsd.org/~eik/portaudit/
+Oliver Eikemeier <eik@FreeBSD.org>
diff --git a/ports-mgmt/portaudit-db/pkg-plist b/ports-mgmt/portaudit-db/pkg-plist
new file mode 100644
index 000000000000..a5c18909f2d6
--- /dev/null
+++ b/ports-mgmt/portaudit-db/pkg-plist
@@ -0,0 +1,7 @@
+bin/packaudit
+etc/packaudit.conf.sample
+%%DATADIR%%/vuxml2html.xslt
+%%DATADIR%%/vuxml2portaudit.xslt
+@dirrm %%DATADIR%%
+@exec mkdir -p %%DATABASEDIR%%
+@unexec rmdir %%DATABASEDIR%% 2>/dev/null || true
author	Oliver Eikemeier <eik@FreeBSD.org>	2004-06-12 22:43:44 +0000
committer	Oliver Eikemeier <eik@FreeBSD.org>	2004-06-12 22:43:44 +0000
commit	53ec7442a9325113735ee05e7835d4ac9f2b4c7c (patch)
tree	df3c2f585996309f1dd45175706e6ec349c8c84f /ports-mgmt
parent	Fix build with gcc34 (diff)