pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc Update audit-packages to 1.25.



details:   https://anonhg.NetBSD.org/pkgsrc/rev/b454c30b31c7
branches:  trunk
changeset: 462881:b454c30b31c7
user:      agc <agc%pkgsrc.org@localhost>
date:      Sat Oct 18 10:16:57 2003 +0000

description:
Update audit-packages to 1.25.

+ get rid of unnecessary awk invocation in audit-packages, use shell
  construction instead, pointed out by enami tsugutomo. Cuts system and
  user execution times for audit-packages in half.
+ add (4-clause) licences to audit-packages and download-vulnerability-list
+ check integrity of pkg-vulnerabilities file in audit-packages by using
  the same construct as in download-vulnerability-list
+ CSE in error checking in audit-packages
+ properly terminate a case expression in download-vulnerability-list

diffstat:

 doc/CHANGES                                               |    3 +-
 security/audit-packages/Makefile                          |    4 +-
 security/audit-packages/files/audit-packages              |  103 +++++++++++--
 security/audit-packages/files/download-vulnerability-list |   34 ++++-
 4 files changed, 122 insertions(+), 22 deletions(-)

diffs (191 lines):

diff -r d61fb267f905 -r b454c30b31c7 doc/CHANGES
--- a/doc/CHANGES       Sat Oct 18 10:12:09 2003 +0000
+++ b/doc/CHANGES       Sat Oct 18 10:16:57 2003 +0000
@@ -1,4 +1,4 @@
-$NetBSD: CHANGES,v 1.3704 2003/10/18 08:58:51 jmmv Exp $
+$NetBSD: CHANGES,v 1.3705 2003/10/18 10:17:38 agc Exp $
 
 Changes to the packages collection and infrastructure in 2003:
 
@@ -4218,3 +4218,4 @@
        Updated gossip to 0.5nb2 [jmmv 2003-10-18]
        Updated gaim to 0.71 [jmmv 2003-10-18]
        Updated kopete to 0.7.3 [jmmv 2003-10-18]
+       Updated audit-packages to 1.25 [agc 2003-10-18]
diff -r d61fb267f905 -r b454c30b31c7 security/audit-packages/Makefile
--- a/security/audit-packages/Makefile  Sat Oct 18 10:12:09 2003 +0000
+++ b/security/audit-packages/Makefile  Sat Oct 18 10:16:57 2003 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.33 2003/10/17 09:45:28 agc Exp $
+# $NetBSD: Makefile,v 1.34 2003/10/18 10:16:57 agc Exp $
 
-DISTNAME=      audit-packages-1.24
+DISTNAME=      audit-packages-1.25
 WRKSRC=                ${WRKDIR}
 CATEGORIES=    security pkgtools
 MASTER_SITES=  # empty
diff -r d61fb267f905 -r b454c30b31c7 security/audit-packages/files/audit-packages
--- a/security/audit-packages/files/audit-packages      Sat Oct 18 10:12:09 2003 +0000
+++ b/security/audit-packages/files/audit-packages      Sat Oct 18 10:16:57 2003 +0000
@@ -1,26 +1,93 @@
 #! @SH@
-
-# $NetBSD: audit-packages,v 1.13 2003/10/17 09:45:28 agc Exp $
+#
+# $NetBSD: audit-packages,v 1.14 2003/10/18 10:16:57 agc Exp $
+#
+# Copyright (c) 2000-2003 Alistair Crooks.  All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+# 3. All advertising materials mentioning features or use of this software
+#    must display the following acknowledgement:
+#      This product includes software developed by Alistair Crooks
+#      for the NetBSD project.
+# 4. The name of the author may not be used to endorse or promote
+#    products derived from this software without specific prior written
+#    permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
+# OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+# GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
 
 : ${PKGVULNDIR=@PKGVULNDIR@}
 
-if [ ! -f ${PKGVULNDIR}/pkg-vulnerabilities ]; then
-       echo "** Missing ${PKGVULNDIR}/pkg-vulnerabilities" 1>&2
-       echo "** run download-vulnerability-list" 1>&2
-       exit 1
-fi
+vuls=${PKGVULNDIR}/pkg-vulnerabilities 
+
+errmsg=""
+
+# check for missing vulnerabilities file
+[ ! -f $vuls ] && errmsg="** Missing $vuls"
+
+case "$errmsg" in
+"")    # check for old vulnerabilities file
+       [ -n "$(find $vuls -ctime +7)" ] && errmsg="** $vuls more than a week old"
+       ;;
+esac
 
-if [ -n "$(find ${PKGVULNDIR}/pkg-vulnerabilities -ctime +7)" ]; then
-       echo "** ${PKGVULNDIR}/pkg-vulnerabilities more than a week old" 1>&2
-       echo "** run download-vulnerability-list" 1>&2
-       exit 1
-fi
+case "$errmsg" in
+"")    # check integrity of vulnerabilities file
+       recordedsum=`@AWK@ '$1 == "#CHECKSUM" { print $3 }' $vuls`
+       recordedalg=`@AWK@ '$1 == "#CHECKSUM" { print $2 }' $vuls`
+       case "$recordedsum" in
+       "")     errmsg="***WARNING*** No checksum found in $vuls"
+               ;;
+       *)      case "$recordedalg" in
+               "")     errmsg="***WARNING*** No checksum algorithm found in $vuls file"
+                       ;;
+               *)      calcsum=`@AWK@ '$1 == "#CHECKSUM" || /\$NetBSD.*/ { next } { print }' $vuls | @DIGEST@ $recordedalg`
+                       if [ "$recordedsum" != "$calcsum" ]; then
+                               errmsg="***WARNING*** Checksum mismatch - recorded $recordedalg checksum \"$recordedsum\", calculated checksum \"$calcsum\""
+                       fi
+                       ;;
+               esac
+               ;;
+       esac
+       ;;
+esac
 
-@AWK@ '
-       /^#.*/ { next }
-       NF == 0 { next }
-       { cmd = sprintf("@PKG_TOOLS_BIN@/pkg_info -qe \"%s\" && echo Package \"`@PKG_TOOLS_BIN@/pkg_info -e %c%s%c`\" has a %s vulnerability, see %s ; wait", $1, 39, $1, 39, $2, $3);
-         system(cmd); }
-' ${PKGVULNDIR}/pkg-vulnerabilities
+# if we have found an error, then complain and exit
+case "$errmsg" in
+"")    ;;
+*)     echo "$errmsg" 1>&2
+       echo "** Please run download-vulnerability-list" 1>&2
+       exit 1
+       ;;
+esac
+
+# check for vulnerabilities
+while read pat type url; do
+       case "$pat" in
+       \#*|'') continue;;
+       esac
+
+       if @PKG_TOOLS_BIN@/pkg_info -qe "$pat"; then
+               echo Package `@PKG_TOOLS_BIN@/pkg_info -e "$pat"` has a \
+                       $type vulnerability, see $url
+       fi
+done < $vuls
 
 exit 0
diff -r d61fb267f905 -r b454c30b31c7 security/audit-packages/files/download-vulnerability-list
--- a/security/audit-packages/files/download-vulnerability-list Sat Oct 18 10:12:09 2003 +0000
+++ b/security/audit-packages/files/download-vulnerability-list Sat Oct 18 10:16:57 2003 +0000
@@ -1,6 +1,37 @@
 #! @SH@
 
-# $NetBSD: download-vulnerability-list,v 1.20 2003/09/16 14:47:49 grant Exp $
+# $NetBSD: download-vulnerability-list,v 1.21 2003/10/18 10:16:57 agc Exp $
+#
+# Copyright (c) 2000-2003 Alistair Crooks.  All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+# 3. All advertising materials mentioning features or use of this software
+#    must display the following acknowledgement:
+#      This product includes software developed by Alistair Crooks
+#      for the NetBSD project.
+# 4. The name of the author may not be used to endorse or promote
+#    products derived from this software without specific prior written
+#    permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
+# OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+# GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
 
 : ${PKGVULNDIR=@PKGVULNDIR@}
 
@@ -40,6 +71,7 @@
                fi
                ;;
        esac
+       ;;
 esac
 case "$errmsg" in
 "")    ;;



Home | Main Index | Thread Index | Old Index