pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/audit-packages Update audit-packages to versi...
details: https://anonhg.NetBSD.org/pkgsrc/rev/5aedde7d0e40
branches: trunk
changeset: 501296:5aedde7d0e40
user: agc <agc%pkgsrc.org@localhost>
date: Thu Oct 20 10:26:54 2005 +0000
description:
Update audit-packages to version 1.39
Give the audit-pacakges a "-d" option to download the vulnerabilities file
with downloaad-vulnerability-list before scanning the installed packages.
Update the documentation accordingly.
Get rid of some inconsistent style problems in the audit-packages script.
diffstat:
security/audit-packages/Makefile | 5 +-
security/audit-packages/files/audit-packages | 27 ++--
security/audit-packages/files/audit-packages.0 | 81 +++++++-------
security/audit-packages/files/audit-packages.8 | 9 +-
security/audit-packages/files/download-vulnerability-list | 3 +-
5 files changed, 69 insertions(+), 56 deletions(-)
diffs (259 lines):
diff -r da65e7318974 -r 5aedde7d0e40 security/audit-packages/Makefile
--- a/security/audit-packages/Makefile Thu Oct 20 10:06:46 2005 +0000
+++ b/security/audit-packages/Makefile Thu Oct 20 10:26:54 2005 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.59 2005/08/04 12:02:59 rillig Exp $
+# $NetBSD: Makefile,v 1.60 2005/10/20 10:26:54 agc Exp $
-DISTNAME= audit-packages-1.38
+DISTNAME= audit-packages-1.39
CATEGORIES= security pkgtools
MASTER_SITES= # empty
DISTFILES= # empty
@@ -30,6 +30,7 @@
-e 's|@FETCH_CMD_SHORT@|${FETCH_CMD:T}|g' \
-e 's|@PKGSRCDIR@|${PKGSRCDIR}|g' \
-e 's|@PKG_TOOLS_BIN@|${PKG_TOOLS_BIN}|g' \
+ -e 's|@PREFIX@|${PREFIX}|g' \
-e 's|@SH@|${SH}|g' \
-e 's|@DIGEST@|${DIGEST}|g' \
-e 's|@CHMOD@|${CHMOD}|g' \
diff -r da65e7318974 -r 5aedde7d0e40 security/audit-packages/files/audit-packages
--- a/security/audit-packages/files/audit-packages Thu Oct 20 10:06:46 2005 +0000
+++ b/security/audit-packages/files/audit-packages Thu Oct 20 10:26:54 2005 +0000
@@ -1,6 +1,6 @@
#! @SH@
#
-# $NetBSD: audit-packages,v 1.22 2005/08/04 12:02:59 rillig Exp $
+# $NetBSD: audit-packages,v 1.23 2005/10/20 10:26:54 agc Exp $
#
# Copyright (c) 2000-2003 Alistair Crooks. All rights reserved.
#
@@ -50,19 +50,28 @@
vuls="${PKGVULNDIR}/pkg-vulnerabilities"
+download=no
verbose=no
while [ $# -gt 0 ]; do
case "$1" in
+ -d) download=yes ;;
-v) verbose=yes ;;
esac
shift
done
+# try to download vulnerability list, as requested
+# the integrity of the list is checked below
+# so just issue a warning if there was a failure
+case "$download" in
+yes) @PREFIX@/sbin/download-vulnerability-list || \
+ echo "***WARNING***: download-vulnerability-list failure" 1>&2;;
+esac
+
errmsg=""
# check for missing vulnerabilities file
-if [ ! -f "$vuls" ]
-then
+if [ ! -f "$vuls" ]; then
errmsg="Missing vulnerabilities file $vuls"
errsolution="$ERR_DOWNLOAD"
fi
@@ -78,8 +87,7 @@
case "$errmsg" in
"") # check that pkg_info is new enough (supports ranges)
- if [ `@PKG_TOOLS_BIN@/pkg_info -V` -lt "$PKG_INSTALL_REQUIRED" ]
- then
+ if [ `@PKG_TOOLS_BIN@/pkg_info -V` -lt "$PKG_INSTALL_REQUIRED" ]; then
errmsg='Installed pkg_info is too old.'
errsolution="$ERR_PKGINSTALL"
fi
@@ -90,15 +98,12 @@
"") # check format version of vulnerabilities file
file_major=`@AWK@ '$1 == "#FORMAT" { split($2, a, "\\\\."); print a[1] }' "$vuls"`
file_minor=`@AWK@ '$1 == "#FORMAT" { split($2, a, "\\\\."); print a[2] }' "$vuls"`
- if [ "x$file_major" = "x" -o "x$file_minor" = "x" ]
- then
+ if [ "x$file_major" = "x" -o "x$file_minor" = "x" ]; then
errmsg="No file format version found in $vuls"
errsolution="$ERR_DOWNLOAD"
- elif [ "$file_major" -ne "$FORMAT_MAJOR" -o "$file_minor" -gt "$FORMAT_MINOR" ]
- then
+ elif [ "$file_major" -ne "$FORMAT_MAJOR" -o "$file_minor" -gt "$FORMAT_MINOR" ]; then
errmsg="Unsupported file format version $file_major.$file_minor in $vuls (supported version: $FORMAT_MAJOR.$FORMAT_MINOR)."
- if [ "$file_major" -le "$FORMAT_MAJOR" ]
- then
+ if [ "$file_major" -le "$FORMAT_MAJOR" ]; then
errsolution="$ERR_DOWNLOAD"
else
errsolution="$ERR_UPGRADE"
diff -r da65e7318974 -r 5aedde7d0e40 security/audit-packages/files/audit-packages.0
--- a/security/audit-packages/files/audit-packages.0 Thu Oct 20 10:06:46 2005 +0000
+++ b/security/audit-packages/files/audit-packages.0 Thu Oct 20 10:26:54 2005 +0000
@@ -1,11 +1,11 @@
AUDIT-PACKAGES(8) NetBSD System Manager's Manual AUDIT-PACKAGES(8)
N�NA�AM�ME�E
- a�au�ud�di�it�t-�-p�pa�ac�ck�ka�ag�ge�es�s, d�do�ow�wn�nl�lo�oa�ad�d-�-v�vu�ul�ln�ne�er�ra�ab�bi�il�li�it�ty�y-�-l�li�is�st�t - show vulnerabilities in
+ a�au�ud�di�it�t-�-p�pa�ac�ck�ka�ag�ge�es�s, d�do�ow�wn�nl�lo�oa�ad�d-�-v�vu�ul�ln�ne�er�ra�ab�bi�il�li�it�ty�y-�-l�li�is�st�t -- show vulnerabilities in
installed packages
S�SY�YN�NO�OP�PS�SI�IS�S
- a�au�ud�di�it�t-�-p�pa�ac�ck�ka�ag�ge�es�s [-�-v�v]
+ a�au�ud�di�it�t-�-p�pa�ac�ck�ka�ag�ge�es�s [-�-d�dv�v]
d�do�ow�wn�nl�lo�oa�ad�d-�-v�vu�ul�ln�ne�er�ra�ab�bi�il�li�it�ty�y-�-l�li�is�st�t
D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
@@ -14,7 +14,9 @@
dard output. This output contains the name and version of the package,
the type of vulnerability, and an URL for further information for each
vulnerable package. If the -�-v�v option is specified, a�au�ud�di�it�t-�-p�pa�ac�ck�ka�ag�ge�es�s will
- warn when the vulnerabilities file is more than a week old.
+ warn when the vulnerabilities file is more than a week old. The -�-d�d
+ option will attempt to download this vulnerabilities file before scanning
+ the installed packages for vulnerabilities.
The d�do�ow�wn�nl�lo�oa�ad�d-�-v�vu�ul�ln�ne�er�ra�ab�bi�il�li�it�ty�y-�-l�li�is�st�t program downloads this file from
_�f_�t_�p_�:_�/_�/_�f_�t_�p_�._�N_�e_�t_�B_�S_�D_�._�o_�r_�g_�/_�p_�u_�b_�/_�N_�e_�t_�B_�S_�D_�/_�p_�a_�c_�k_�a_�g_�e_�s_�/_�d_�i_�s_�t_�f_�i_�l_�e_�s_�/_�p_�k_�g_�-_�v_�u_�l_�n_�e_�r_�a_�b_�i_�l_�i_�t_�i_�e_�s
@@ -25,40 +27,40 @@
Each line lists the package and vulnerable versions, the type of exploit,
and an Internet address for further information. The type of exploit can
be any text, although some common types of exploits listed are:
- o�o cross-site-html
- o�o cross-site-scripting
- o�o denial-of-service
- o�o file-permissions
- o�o local-access
- o�o local-code-execution
- o�o local-file-read
- o�o local-file-removal
- o�o local-file-write
- o�o local-root-file-view
- o�o local-root-shell
- o�o local-symlink-race
- o�o local-user-file-view
- o�o local-user-shell
- o�o privacy-leak
- o�o remote-code-execution
- o�o remote-command-inject
- o�o remote-file-creation
- o�o remote-file-read
- o�o remote-file-view
- o�o remote-file-write
- o�o remote-key-theft
- o�o remote-root-access
- o�o remote-root-shell
- o�o remote-script-inject
- o�o remote-server-admin
- o�o remote-use-of-secret
- o�o remote-user-access
- o�o remote-user-file-view
- o�o remote-user-shell
- o�o unknown
- o�o weak-authentication
- o�o weak-encryption
- o�o weak-ssl-authentication
+ +�+�o�o cross-site-html
+ +�+�o�o cross-site-scripting
+ +�+�o�o denial-of-service
+ +�+�o�o file-permissions
+ +�+�o�o local-access
+ +�+�o�o local-code-execution
+ +�+�o�o local-file-read
+ +�+�o�o local-file-removal
+ +�+�o�o local-file-write
+ +�+�o�o local-root-file-view
+ +�+�o�o local-root-shell
+ +�+�o�o local-symlink-race
+ +�+�o�o local-user-file-view
+ +�+�o�o local-user-shell
+ +�+�o�o privacy-leak
+ +�+�o�o remote-code-execution
+ +�+�o�o remote-command-inject
+ +�+�o�o remote-file-creation
+ +�+�o�o remote-file-read
+ +�+�o�o remote-file-view
+ +�+�o�o remote-file-write
+ +�+�o�o remote-key-theft
+ +�+�o�o remote-root-access
+ +�+�o�o remote-root-shell
+ +�+�o�o remote-script-inject
+ +�+�o�o remote-server-admin
+ +�+�o�o remote-use-of-secret
+ +�+�o�o remote-user-access
+ +�+�o�o remote-user-file-view
+ +�+�o�o remote-user-shell
+ +�+�o�o unknown
+ +�+�o�o weak-authentication
+ +�+�o�o weak-encryption
+ +�+�o�o weak-ssl-authentication
By default, the vulnerabilities file is stored in the @PKGVULNDIR@ direc-
tory. This can be changed by defining the environment variable
@@ -123,8 +125,7 @@
Update the _�p_�k_�g_�t_�o_�o_�l_�s_�/_�p_�k_�g_�__�i_�n_�s_�t_�a_�l_�l package.
S�SE�EE�E A�AL�LS�SO�O
- pkg_info(1), mk.conf(5), packages(7), @PKGSRCDIR@/mk/defaults/mk.conf
- and
+ pkg_info(1), mk.conf(5), packages(7), @PKGSRCDIR@/mk/defaults/mk.conf and
_�D_�o_�c_�u_�m_�e_�n_�t_�a_�t_�i_�o_�n _�o_�n _�t_�h_�e _�N_�e_�t_�B_�S_�D _�P_�a_�c_�k_�a_�g_�e _�S_�y_�s_�t_�e_�m. @PKGSRCDIR@/doc/pkgsrc.txt
@@ -134,4 +135,4 @@
September 19, 2000. The original idea came from Roland Dowdeswell and
Bill Sommerfeld.
-NetBSD 2.0.2 June 9, 2005 NetBSD 2.0.2
+NetBSD 3.0 June 9, 2005 NetBSD 3.0
diff -r da65e7318974 -r 5aedde7d0e40 security/audit-packages/files/audit-packages.8
--- a/security/audit-packages/files/audit-packages.8 Thu Oct 20 10:06:46 2005 +0000
+++ b/security/audit-packages/files/audit-packages.8 Thu Oct 20 10:26:54 2005 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: audit-packages.8,v 1.14 2005/08/02 00:23:31 reed Exp $
+.\" $NetBSD: audit-packages.8,v 1.15 2005/10/20 10:26:54 agc Exp $
.\"
.\" Copyright (c) 2003 Jeremy C. Reed. All rights reserved.
.\"
@@ -39,7 +39,7 @@
.Nd show vulnerabilities in installed packages
.Sh SYNOPSIS
.Nm
-.Op Fl v
+.Op Fl dv
.Nm download-vulnerability-list
.Sh DESCRIPTION
The
@@ -55,6 +55,11 @@
option is specified,
.Nm
will warn when the vulnerabilities file is more than a week old.
+The
+.Fl d
+option will attempt to download this vulnerabilities
+file before scanning
+the installed packages for vulnerabilities.
.Pp
The
.Nm download-vulnerability-list
diff -r da65e7318974 -r 5aedde7d0e40 security/audit-packages/files/download-vulnerability-list
--- a/security/audit-packages/files/download-vulnerability-list Thu Oct 20 10:06:46 2005 +0000
+++ b/security/audit-packages/files/download-vulnerability-list Thu Oct 20 10:26:54 2005 +0000
@@ -1,6 +1,6 @@
#! @SH@
-# $NetBSD: download-vulnerability-list,v 1.26 2005/02/11 16:51:16 agc Exp $
+# $NetBSD: download-vulnerability-list,v 1.27 2005/10/20 10:26:54 agc Exp $
#
# Copyright (c) 2000-2003 Alistair Crooks. All rights reserved.
#
@@ -39,6 +39,7 @@
NEW_VUL_LIST=pkg-vulnerabilities.$$
EXIST_VUL_LIST=pkg-vulnerabilities
+# pick up any settings in audit-packages.conf
if [ -r @PKG_SYSCONFDIR@/audit-packages.conf ]; then
echo "Reading settings from @PKG_SYSCONFDIR@/audit-packages.conf"
. @PKG_SYSCONFDIR@/audit-packages.conf
Home |
Main Index |
Thread Index |
Old Index