update to 0.2:

- new command line tool - new man page - reworked database update code, incorporating feedback from Max Khon <fjoe>, Radim Kolar <hsn@netmag.cz> (PR 63066) and Ion-Mihai Tetcu <itetcu@apropo.ro> (PR 62655)
author: Oliver Eikemeier <eik@FreeBSD.org> 2004-02-21 21:19:41 +0000
committer: Oliver Eikemeier <eik@FreeBSD.org> 2004-02-21 21:19:41 +0000
commit: dd190f52fe548fc53c347207f55deacb01c69830 (patch)
tree: 2a078cd42e9e3643ed6e1d88c51f33ed5db9c860 /security
parent: Update to 0.22.1. The code is no longer optimized upon install, as it was (diff)
8 files changed, 480 insertions, 126 deletions
diff --git a/security/portaudit/Makefile b/security/portaudit/Makefile
index ff09854b21e3..b19fbd408c21 100644
--- a/security/portaudit/Makefile
+++ b/security/portaudit/Makefile
@@ -6,13 +6,15 @@
 #
 
 PORTNAME=	portaudit
-PORTVERSION=	0.1
+PORTVERSION=	0.2
 CATEGORIES=	security
 DISTFILES=
 
 MAINTAINER=	eik@FreeBSD.org
 COMMENT=	Checks installed ports against a list of security vulnerabilities
 
+MAN1=		portaudit.1
+
 PERIODICDIR?=	${PREFIX}/etc/periodic
 DATABASEDIR?=	/var/db/portaudit
 
@@ -33,13 +35,18 @@ IGNORE=		"You need tar with bzip support to run portaudit"
 .endif
 
 do-build:
-.for f in portaudit.sh fetchaudit.sh portaudit.functions
+.for f in portaudit-cmd.sh portaudit.sh fetchaudit.sh portaudit.functions portaudit.1
 	@${SED} -e "s|%%DATADIR%%|${DATADIR}|g" \
 		-e "s|%%DATABASEDIR%%|${DATABASEDIR}|g" \
+		-e "s|%%PREFIX%%|${PREFIX}|g" \
+		-e "s|%%LOCALBASE%%|${LOCALBASE}|g" \
+		-e "s|%%PORTVERSION%%|${PORTVERSION}|g" \
 		${FILESDIR}/${f} > ${WRKDIR}/${f}
 .endfor
 
 do-install:
+	@${INSTALL_SCRIPT} ${WRKDIR}/portaudit-cmd.sh ${PREFIX}/bin/portaudit
+	@${INSTALL_MAN} ${WRKDIR}/portaudit.1 ${MAN1PREFIX}/man/man1
 	@${MKDIR} ${PERIODICDIR}/security
 	@${INSTALL_SCRIPT} ${WRKDIR}/portaudit.sh ${PERIODICDIR}/security/910.portaudit
 	@${MKDIR} ${PERIODICDIR}/daily
diff --git a/security/portaudit/files/fetchaudit.sh b/security/portaudit/files/fetchaudit.sh
index d7137ca6875d..7a6ed53bf698 100644
--- a/security/portaudit/files/fetchaudit.sh
+++ b/security/portaudit/files/fetchaudit.sh
@@ -1,12 +1,38 @@
 #!/bin/sh
-
+#
+# Copyright (c) 2004 Oliver Eikemeier. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#  1. Redistributions of source code must retain the above copyright notice
+#     this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the author nor the names of its contributors may be
+#    used to endorse or promote products derived from this software without
+#    specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 # $FreeBSD$
 #
 
 # defaults
 daily_status_portaudit_enable="YES"
-portaudit_dir="%%DATABASEDIR%%"
 
 # If there is a global system configuration file, suck it in.
 #
@@ -17,65 +43,19 @@ then
 fi
 
 . %%DATADIR%%/portaudit.functions
+portaudit_confs
 
-MASTER_SITE_LOCAL="
-	${MASTER_SITE_LOCAL}
-	ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
-	ftp://ftp.se.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
-	ftp://ftp.uk.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
-	ftp://ftp.ru.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
-	ftp://ftp.jp.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
-	ftp://ftp.tw.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
-	"
-
-MASTER_SITE_SUBDIR=eik
-
-DISTNAME=auditfile
-EXTRACT_SUFX=.tbz
-
-portaudit_file="${portaudit_dir}/${DISTNAME}${EXTRACT_SUFX}"
-
-# site sort order is not overly smart
-LOCATIONS=`echo "${MASTER_SITE_LOCAL}" | awk "
-		BEGIN { srand() }
-		/^[ \t]*\$/ { next }
-		{
-			gsub(/[ \t]/, \\"\\")
-			gsub(/%SUBDIR%/, \\"${MASTER_SITE_SUBDIR}\\")
-			print rand() \\"\t\\" \\$0 \\"${DISTNAME}${EXTRACT_SUFX}\\"
-		}
-	" | sort -n | cut -f 2`
-
+rc=0
 case "$daily_status_portaudit_enable" in
 	""|[Yy][Ee][Ss])
-		if [ ! -f "${portaudit_file}" ] || checkexpiry_auditfile 5; then
+		if [ ! -f "${portaudit_dir}/${portaudit_filename}" ] || ! checkexpiry_auditfile 3; then
 			echo ""
 			echo "Updating audit database."
-			cd "${portaudit_dir}"
-			fetch -1am ${LOCATIONS}
-			if [ ! $? ]; then
-				echo "Couldn't fetch database."
-				rc=2
-			elif [ ! -f "${portaudit_file}" ] ; then
-				echo "no database."
-				rc=2
-			elif checksum_auditfile; then
-				echo "database corrupt."
-				rc=2
-			elif checkexpiry_auditfile 7; then
-				echo "database too old."
-				rc=2
-			else
-				echo "done"
-				rc=1
-			fi
-		else
-			rc=0
+			fetch_auditfile && rc=1 || rc=2
 		fi
-	;;
+		;;
 	*)
-		rc=0
-	;;
+		;;
 esac
 
 exit "${rc}"
diff --git a/security/portaudit/files/portaudit-cmd.sh b/security/portaudit/files/portaudit-cmd.sh
new file mode 100644
index 000000000000..76b43ec458ae
--- /dev/null
+++ b/security/portaudit/files/portaudit-cmd.sh
@@ -0,0 +1,67 @@
+#!/bin/sh -ef
+#
+# Copyright (c) 2004 Oliver Eikemeier. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#  1. Redistributions of source code must retain the above copyright notice
+#     this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the author nor the names of its contributors may be
+#    used to endorse or promote products derived from this software without
+#    specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+. %%DATADIR%%/portaudit.functions
+portaudit_confs
+
+if [ $# -eq 0 ] ; then
+	portaudit_prerequisites
+	audit_installed || true
+fi
+
+while [ $# -gt 0 ]; do
+	case "$1" in
+	-a)
+		portaudit_prerequisites
+		audit_installed || true
+		;;
+	-V)
+		echo "portaudit version %%PORTVERSION%%"
+		;;
+	-d)
+		if [ ! -f "${portaudit_dir}/${portaudit_filename}" ]; then
+			echo "portaudit: database missing. run \`portaudit -F' to update."
+			exit 2
+		fi
+		if ! checksum_auditfile; then
+			echo "portaudit: database corrupt."
+			exit 2
+		fi
+		echo "database created: `getcreated_auditfile`"
+		;;
+	-F)
+		fetch_auditfile || echo "failed."
+		;;
+	esac
+	shift
+done
diff --git a/security/portaudit/files/portaudit.1 b/security/portaudit/files/portaudit.1
new file mode 100644
index 000000000000..c5e6e949d18b
--- /dev/null
+++ b/security/portaudit/files/portaudit.1
@@ -0,0 +1,137 @@
+.\" Copyright (c) 2004 Oliver Eikemeier. All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions are
+.\" met:
+.\"
+.\"  1. Redistributions of source code must retain the above copyright notice
+.\"     this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the author nor the names of its contributors may be
+.\"    used to endorse or promote products derived from this software without
+.\"    specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+.\" COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.\"
+.Dd February 21, 2004
+.Os FreeBSD
+.Dt PORTAUDIT \&1 "FreeBSD ports collection"
+.
+.
+.Sh NAME
+.
+.Nm portaudit
+.Nd system to check installed packages for known vulnerabilities
+.
+.
+.Sh SYNOPSIS
+.
+.Nm
+.Op Fl a
+.Op Fl V
+.Op Fl d
+.Op Fl F
+.
+.
+.Sh DESCRIPTION
+.
+.Nm
+checks installed packages for known vulnerabilities and generates reports
+including references to security advisories. Its audience are system
+administrators or individual users.
+.Pp
+It uses a database maintained by port committers and the FreeBSD security team
+to check if security advisories for any installed packages exist. Note that a
+current ports tree (or any local copy of the ports tree) is not required for
+operation.
+.Pp
+This package also installs two scripts into %%PREFIX%%/periodic that regularly
+update this database and include the report of vulnerable packages in the
+daily security report.
+.Pp
+If you have a vulnerable package installed, you are advised to update or
+deinstalled it immediately.
+.
+.
+.Sh OPTIONS
+.
+The following options are supported:
+.Bl -tag -width ".Fl X"
+.It Fl a
+Print a vulnerability report for all installed packages
+.It Fl F
+Fetch the current database from the
+.Fx servers
+.It Fl d
+Print the creation date of the database
+.It Fl V
+Print the version of
+.Nm .
+.El
+.
+.
+.Sh EXAMPLES
+.
+.Bl -item
+.It
+Fetch the current database and print its creation date:
+.Pp
+.Dl "portaudit -F -d"
+.It
+Print a vulnerability report for all installed packages:
+.Pp
+.Dl "portaudit"
+.El
+.
+.
+.Sh FILES
+.
+.Pa %%PREFIX%%/etc/portaudit.conf ,
+.Pa %%DATABASEDIR%%/auditfile.tbz
+.
+.
+.Sh SEE ALSO
+.
+.Xr ports 7 ,
+.Xr periodic 8 ,
+.Xr periodic.conf 5 ,
+.Li Aq http://www.freebsd.org/security/#adv .
+.Li Aq http://www.vuxml.org/ .
+.
+.
+.Sh CAVEATS
+.
+.Nm
+is in develpoment and should currently not be relied upon
+as an extensive security auditing tool.
+.
+.
+.Sh BUGS
+.
+Sure to be some.
+.
+.
+.Sh AUTHOR
+.
+.An Oliver Eikemeier Aq eik@FreeBSD.org
+.
+.
+.Sh HISTORY
+.
+package auditing first appeared in
+.Nx 1.4.3 .
diff --git a/security/portaudit/files/portaudit.functions b/security/portaudit/files/portaudit.functions
index 29d09ba5fb26..1b6a0fe9992c 100644
--- a/security/portaudit/files/portaudit.functions
+++ b/security/portaudit/files/portaudit.functions
@@ -1,8 +1,69 @@
 #!/bin/sh
+#
+# Copyright (c) 2004 Oliver Eikemeier. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#  1. Redistributions of source code must retain the above copyright notice
+#     this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the author nor the names of its contributors may be
+#    used to endorse or promote products derived from this software without
+#    specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+portaudit_confs()
+{
+	portaudit_dir=${portaudit_dir:-"%%DATABASEDIR%%"}
+	portaudit_filename=${portaudit_filename:-"auditfile.tbz"}
+
+	FETCH_ENV=
+	FETCH_CMD="fetch -1am"
+	FETCH_BEFORE_ARGS=
+	FETCH_AFTER_ARGS=
+
+	MASTER_SITE_LOCAL="
+		${MASTER_SITE_LOCAL}
+		ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
+		ftp://ftp.se.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
+		ftp://ftp.uk.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
+		ftp://ftp.ru.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
+		ftp://ftp.jp.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
+		ftp://ftp.tw.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
+		"
+
+	MASTER_SITE_SUBDIR=eik
+
+	#MASTER_SORT_REGEX="\.uk[.\/]"
+	MASTER_SORT_REGEX="#"
+
+	if [ -r %%PREFIX%%/etc/portaudit.conf ]; then
+		. %%PREFIX%%/etc/portaudit.conf
+	fi
+}
 
 extract_auditfile()
 {
-	tar -jxOf "${portaudit_file}" auditfile
+	tar -jxOf "${portaudit_dir}/${portaudit_filename}" auditfile
 }
 
 checksum_auditfile()
@@ -10,14 +71,142 @@ checksum_auditfile()
 	chksum1=`extract_auditfile |
 		sed -nEe '$s/^#CHECKSUM: *MD5 *([0-9a-f]{32})$/\1/p'`
 	chksum2=`extract_auditfile | sed -e '$d' | md5`
-	[ "${chksum1}" != "${chksum2}" ];
+	[ "${chksum1}" = "${chksum2}" ];
+}
+
+getcreated_auditfile()
+{
+	extract_auditfile |
+		sed -nEe '1s/^#CREATED: *([0-9]{4})-?([0-9]{2})-?([0-9]{2}).*$/\1\2\3/p'
 }
 
 checkexpiry_auditfile()
 {
-	created=`extract_auditfile |
-		sed -nEe '1s/^#CREATED: *([0-9]{4})-?([0-9]{2})-?([0-9]{2}).*$/\1\2\3/p'`
+	created=`getcreated_auditfile`
 	expiry=`date -u -v-$1d '+%Y%m%d'`
-	[ "${created}" -lt "${expiry}" ];
+	[ "${created}" -ge "${expiry}" ];
 }
 
+portaudit_prerequisites()
+{
+	if [ -z "${PKG_INFO}" ]; then
+		if [ -x %%LOCALBASE%%/sbin/pkg_info ]; then
+			PKG_INFO=%%LOCALBASE%%/sbin/pkg_info
+		else
+			PKG_INFO=/usr/sbin/pkg_info
+		fi
+	fi
+
+	if [ ! -x "${PKG_INFO}" ]; then
+		echo "${PKG_INFO} missing, please install port sysutils/pkg_install-devel"
+		return 1
+	fi
+
+	PKG_INSTALL_VER=`${PKG_INFO} -qP 2>/dev/null`
+	if [ -z "${PKG_INSTALL_VER}" -o "${PKG_INSTALL_VER}" -lt 20040125 ]; then
+		echo "${PKG_INFO} is too old, please update port sysutils/pkg_install-devel"
+		return 1
+	fi
+
+	if [ ! -r "${portaudit_dir}/${portaudit_filename}" ]; then
+		echo "portaudit: database missing, run \`portaudit -F' to update."
+		return 1
+	fi
+	if ! checksum_auditfile; then
+		echo "portaudit: corrupt database."
+		return 1
+	fi
+	if ! checkexpiry_auditfile 14; then
+		echo "portaudit: database too old."
+		return 1
+	fi
+
+	return 0
+}
+
+audit_installed()
+{
+	extract_auditfile | awk -F\| "
+		BEGIN { vul=0 }
+		/^(#|\$)/ { next }
+		{
+			cmd=\"${PKG_INFO} -E \\\"\" \$1 \"\\\"\"
+			while((cmd | getline pkg) > 0) {
+				vul++
+				print \"Affected package: \" pkg \"\\n\" \
+					\"Type of problem: \" \$3 \".\\n\" \
+					\"Reference: <\" \$2 \">\\n\"
+			}
+			close(cmd)
+		}
+		END {
+			print vul \" problem(s) in your installed packages found.\"
+			if (vul > 0) {
+				print \"\nYou are advised to update or deinstall\" \
+					\" the affected package(s) immediately.\"
+				exit(1)
+			}
+		}
+	"
+}
+
+fetch_locations()
+{
+	# site sort order is not overly smart
+	echo "${MASTER_SITE_LOCAL}" | awk "
+		BEGIN { RS=\"[ \\t\\n]\"; IGNORECASE=1; srand() }
+		/^$/ { next }
+		{
+			if (\$0 ~ /${MASTER_SORT_REGEX}/ ) rank=0; else rank=rand()
+			gsub(/%SUBDIR%/, \"${MASTER_SITE_SUBDIR}\")
+			print rank \"\\t\" \$0
+		}
+	" | sort -n | cut -f 2
+}
+
+fetch_auditfile()
+{
+	rc=1
+
+	if [ ! -d "${portaudit_dir}" ]; then
+		mkdir -p "${portaudit_dir}"
+	fi
+	if [ ! -w "${portaudit_dir}" ]; then
+		echo "Couldn't write to ${portaudit_dir}"
+		return 1
+
+	fi
+	cd "${portaudit_dir}"
+	if [ -r "${portaudit_filename}" ]; then
+		cp "${portaudit_filename}" "${portaudit_filename}.old"
+	fi
+
+	for site in `fetch_locations`; do
+		echo ">> Attempting to fetch from ${site}."
+		args="${site}/${portaudit_filename}"
+		env ${FETCH_ENV} ${FETCH_CMD} ${FETCH_BEFORE_ARGS} ${args} ${FETCH_AFTER_ARGS}
+		if [ $? -ne 0 ]; then
+			echo "Couldn't fetch database."
+		elif [ ! -f "${portaudit_dir}/${portaudit_filename}" ] ; then
+			echo "no database fetched."
+		elif ! checksum_auditfile; then
+			echo "fetched database corrupt."
+		elif ! checkexpiry_auditfile 7; then
+			echo "fetched database too old."
+		else
+			echo "new database installed."
+			rc=0
+			break
+		fi
+        done
+        if [ -f "${portaudit_filename}.old" ]; then
+        	if [ ${rc} -eq 0 ]; then
+			rm -f "${portaudit_filename}.old"
+		else
+			mv -f "${portaudit_filename}.old" "${portaudit_filename}"
+			echo "old database restored."
+		fi
+	fi
+	chmod a=r "${portaudit_filename}"
+	return ${rc}
+}
diff --git a/security/portaudit/files/portaudit.sh b/security/portaudit/files/portaudit.sh
index e4cab249aa65..9747444be77f 100644
--- a/security/portaudit/files/portaudit.sh
+++ b/security/portaudit/files/portaudit.sh
@@ -1,12 +1,38 @@
 #!/bin/sh
-
+#
+# Copyright (c) 2004 Oliver Eikemeier. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#  1. Redistributions of source code must retain the above copyright notice
+#     this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the author nor the names of its contributors may be
+#    used to endorse or promote products derived from this software without
+#    specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 # $FreeBSD$
 #
 
 # defaults
 daily_status_portaudit_enable="YES"
-portaudit_dir="%%DATABASEDIR%%"
 
 # If there is a global system configuration file, suck it in.
 #
@@ -17,8 +43,7 @@ then
 fi
 
 . %%DATADIR%%/portaudit.functions
-
-portaudit_file="${portaudit_dir}/auditfile.tbz"
+portaudit_confs
 
 rc=0
 case "$daily_status_portaudit_enable" in
@@ -27,58 +52,11 @@ case "$daily_status_portaudit_enable" in
 		echo "Checking for packages with security vulnerabilities:"
 		echo ""
 
-		if [ -z "${PKG_INFO}" ]; then
-			if [ -x /usr/local/sbin/pkg_info ]; then
-				PKG_INFO=/usr/local/sbin/pkg_info
-			else
-				PKG_INFO=/usr/sbin/pkg_info
-			fi
-		fi
-
-		if [ ! -x "${PKG_INFO}" ]; then
-			echo "${PKG_INFO} missing, please install port sysutils/pkg_install-devel"
-			exit 2
-		fi
-
-		PKG_INSTALL_VER=`${PKG_INFO} -qP 2>/dev/null`
-		if [ -z "${PKG_INSTALL_VER}" -o "${PKG_INSTALL_VER}" -lt 20040125 ]; then
-			echo "${PKG_INFO} is too old, please update port sysutils/pkg_install-devel"
-			exit 2
-		fi
-
-		if [ ! -f "${portaudit_file}" ]; then
-			echo "portaudit: database missing."
-			echo "           run fetchaudit to update."
-			exit 2
-		fi
-		if checksum_auditfile; then
-			echo "portaudit: corrupt database."
-			exit 2
-		fi
-		if checkexpiry_auditfile 14; then
-			echo "portaudit: database too old."
-			echo ""
+		if portaudit_prerequisites; then
+			audit_installed || rc=1
+		else
 			rc=2
 		fi
-
-		extract_auditfile | awk -F\| "
-			BEGIN { vul=0 }
-			/^(#|\$)/ { next }
-			{
-				cmd=\"${PKG_INFO} -E \\\"\" \$1 \"\\\"\"
-				while((cmd | getline pkg) > 0) {
-					vul++
-					print \"Affected package: \" pkg \"\\n\" \
-						\"Type of problem: \" \$3 \".\\n\" \
-						\"Reference: <\" \$2 \">\\n\"
-				}
-				close(cmd)
-			}
-			END {
-				print vul \" problem(s) in your installed packages found.\"
-				if (vul > 0) exit(1)
-			}
-		" || rc=1
 		;;
 	*)
 		;;
diff --git a/security/portaudit/pkg-descr b/security/portaudit/pkg-descr
index f42c45dc97fb..8c6e9abdfbcc 100644
--- a/security/portaudit/pkg-descr
+++ b/security/portaudit/pkg-descr
@@ -1,16 +1,11 @@
-portaudit provides a list of published security vulnerabilities
-of FreeBSD ports and tools to check if installed ports are listed.
+portaudit provides a system to check if installed ports are listed in a 
+database of published security vulnerabilities.
 
-After installation it will update the security database automatically
-and include its reports in the output of the daily security run.
+After installation it will update this security database automatically and 
+include its reports in the output of the daily security run.
 
-Since this is a prerelease version, it is mostly usable for
-committers that want to contribute to the project, and can currently
-not be relied upon as an extensive security auditing tool.
-
-Credits go to Roland Dowdeswell <elric@NetBSD.org> and Bill
-Sommerfeld <sommerfeld@NetBSD.org> for the idea and Alistair
-Crooks <agc@NetBSD.org>  for the initial implementation.
+Since this system is in development it can currently not be relied upon as an 
+extensive security auditing tool.
 
 WWW: http://sourceforge.net/projects/portaudit/
 
diff --git a/security/portaudit/pkg-plist b/security/portaudit/pkg-plist
index f91562cb8cc8..4262caf1153c 100644
--- a/security/portaudit/pkg-plist
+++ b/security/portaudit/pkg-plist
@@ -1,3 +1,4 @@
+bin/portaudit
 %%PERIODICDIR%%/security/910.portaudit
 %%PERIODICDIR%%/daily/330.fetchaudit
 %%DATADIR%%/portaudit.functions
author	Oliver Eikemeier <eik@FreeBSD.org>	2004-02-21 21:19:41 +0000
committer	Oliver Eikemeier <eik@FreeBSD.org>	2004-02-21 21:19:41 +0000
commit	dd190f52fe548fc53c347207f55deacb01c69830 (patch)
tree	2a078cd42e9e3643ed6e1d88c51f33ed5db9c860 /security
parent	Update to 0.22.1. The code is no longer optimized upon install, as it was (diff)