summaryrefslogtreecommitdiff
path: root/security/portaudit/files
diff options
context:
space:
mode:
authorOliver Eikemeier <eik@FreeBSD.org>2004-09-03 20:30:54 +0000
committerOliver Eikemeier <eik@FreeBSD.org>2004-09-03 20:30:54 +0000
commite8a614288894d7ba6bb207828955d395a798f1ff (patch)
tree18c5f05837be258aaf5439a25987ac33b145549a /security/portaudit/files
parentUpgrade eclipse pmd plugin to support eclipse3. (diff)
- update to version 0.5.9
(first attempts to check the base system for vulnerabilities)
Notes
Notes: svn path=/head/; revision=118082
Diffstat (limited to 'security/portaudit/files')
-rw-r--r--security/portaudit/files/portaudit-cmd.sh43
-rw-r--r--security/portaudit/files/portaudit.conf3
2 files changed, 33 insertions, 13 deletions
diff --git a/security/portaudit/files/portaudit-cmd.sh b/security/portaudit/files/portaudit-cmd.sh
index f69a7269bd84..9f0650544283 100644
--- a/security/portaudit/files/portaudit-cmd.sh
+++ b/security/portaudit/files/portaudit-cmd.sh
@@ -33,13 +33,15 @@
portaudit_confs()
{
- portaudit_dir=${portaudit_dir:-"%%DATABASEDIR%%"}
- portaudit_filename=${portaudit_filename:-"auditfile.tbz"}
+ : ${portaudit_dir="%%DATABASEDIR%%"}
+ : ${portaudit_filename="auditfile.tbz"}
- portaudit_fetch_env=${portaudit_fetch_env:-}
- portaudit_fetch_cmd=${portaudit_fetch_cmd:-"fetch -1mp"}
+ : ${portaudit_fetch_env=""}
+ : ${portaudit_fetch_cmd="fetch -1mp"}
- portaudit_sites=${portaudit_sites:-"http://www.FreeBSD.org/ports/"}
+ : ${portaudit_sites="http://www.FreeBSD.org/ports/"}
+
+ : ${portaudit_fixed=""}
if [ -r %%PREFIX%%/etc/portaudit.conf ]; then
. %%PREFIX%%/etc/portaudit.conf
@@ -126,16 +128,27 @@ portaudit_prerequisites()
audit_installed()
{
local rc=0
+ local osversion=`sysctl -n kern.osreldate`
+
+ fixedre=`echo -n $portaudit_fixed | tr -c '[:alnum:]- \t\n' 'x' | tr -s ' \t\n' '|'`
extract_auditfile | awk -F\| "$PRINTAFFECTED_AWK"'
- BEGIN { vul=0 }
+ BEGIN { vul=0; fixedre="'"$fixedre"'" }
/^(#|\$)/ { next }
$2 !~ /'"$opt_restrict"'/ { next }
+ $1 ~ /^FreeBSD[<=>!]/ {
+ if (fixedre && $2 ~ fixedre) next
+ if (!system("'"$pkg_version"' -T \"FreeBSD-'"$osversion"'\" \"" $1 "\"")) {
+ print_affected("FreeBSD-'"$osversion"'", \
+ "To disable this check add the uuid to \`portaudit_fixed'"'"' in %%PREFIX%%/etc/portaudit.conf")
+ }
+ next
+ }
{
cmd="'"$pkg_info"' -E \"" $1 "\""
while((cmd | getline pkg) > 0) {
vul++
- print_affected(pkg)
+ print_affected(pkg, "")
}
close(cmd)
}
@@ -186,7 +199,7 @@ audit_file()
if ($2 !~ /'"$opt_restrict"'/)
continue
vul++
- print_affected(pkg)
+ print_affected(pkg, "")
}
close(cmd)
}
@@ -223,7 +236,7 @@ audit_args()
' | $pkg_version -T "$1" -`; then
VULCNT=$(($VULCNT+1))
echo "$VLIST" | awk -F\| "$PRINTAFFECTED_AWK"'
- { print_affected("'"$1"'") }
+ { print_affected("'"$1"'", "") }
'
fi
;;
@@ -256,7 +269,7 @@ audit_cwd()
{ print }
' | $pkg_version -T "$PKGNAME" -`; then
echo "$VLIST" | awk -F\| "$PRINTAFFECTED_AWK"'
- { print_affected("'"$PKGNAME"'") }
+ { print_affected("'"$PKGNAME"'", "") }
'
return 1
fi
@@ -400,31 +413,35 @@ prerequisites_checked=false
if $opt_quiet; then
PRINTAFFECTED_AWK='
- function print_affected(apkg) {
+ function print_affected(apkg, note) {
print apkg
}
'
elif $opt_verbose; then
PRINTAFFECTED_AWK='
- function print_affected(apkg) {
+ function print_affected(apkg, note) {
split(apkg, thepkg)
print "Affected package: " thepkg[1] " (matched by " $1 ")"
print "Type of problem: " $3 "."
split($2, ref, / /)
for (r in ref)
print "Reference: <" ref[r] ">"
+ if (note)
+ print "Note: " note
print ""
}
'
else
PRINTAFFECTED_AWK='
- function print_affected(apkg) {
+ function print_affected(apkg, note) {
split(apkg, thepkg)
print "Affected package: " thepkg[1]
print "Type of problem: " $3 "."
split($2, ref, / /)
for (r in ref)
print "Reference: <" ref[r] ">"
+ if (note)
+ print "Note: " note
print ""
}
'
diff --git a/security/portaudit/files/portaudit.conf b/security/portaudit/files/portaudit.conf
index 68fbe9f23888..f9362ccb6a3a 100644
--- a/security/portaudit/files/portaudit.conf
+++ b/security/portaudit/files/portaudit.conf
@@ -14,3 +14,6 @@
# specify a local mirror that generates databases with portaudit-db here
#portaudit_sites="http://www.FreeBSD.org/ports/"
+
+# this vulnerability has been fixed in you FreeBSD version
+#portaudit_fixed="d2102505-f03d-11d8-81b0-000347a4fa7d"