summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorsnj <snj>2006-04-18 22:52:44 +0000
committersnj <snj>2006-04-18 22:52:44 +0000
commite91f1b8265977ec0d948ac2d6c06ba621f1f7a75 (patch)
treec7effec0730edba1bb5d21f0f51c2a03d7b34d90
parentcef42897d0849c7ed8422b634c39bb83f2caee39 (diff)
downloadpkgsrc-e91f1b8265977ec0d948ac2d6c06ba621f1f7a75.tar.gz
Pullup ticket 1389 - requested by salo
sync audit-packages with HEAD Revisions pulled up: - pkgsrc/security/audit-packages/Makefile 1.65-1.66 - pkgsrc/security/audit-packages/files/audit-packages 1.27 - pkgsrc/security/audit-packages/files/audit-packages.0 1.13 - pkgsrc/security/audit-packages/files/audit-packages.8 1.18 Module Name: pkgsrc Committed By: salo Date: Sat Apr 15 15:02:10 UTC 2006 Modified Files: pkgsrc/security/audit-packages: Makefile pkgsrc/security/audit-packages/files: audit-packages audit-packages.0 audit-packages.8 Log Message: Version 1.42 - Remove the "ignore vulnerabilities" stuff which was backed out from pkgsrc infrastructure months ago. We are back at format 1.0.0. --- Module Name: pkgsrc Committed By: salo Date: Sun Apr 16 16:15:01 UTC 2006 Modified Files: pkgsrc/security/audit-packages: Makefile Log Message: Remove unused variable, SKIP_AUDIT_PACKAGES.
Diffstat
-rw-r--r--security/audit-packages/Makefile6
-rwxr-xr-xsecurity/audit-packages/files/audit-packages58
-rw-r--r--security/audit-packages/files/audit-packages.013
-rw-r--r--security/audit-packages/files/audit-packages.814
4 files changed, 12 insertions, 79 deletions
diff --git a/security/audit-packages/Makefile b/security/audit-packages/Makefile
index 76c0a4a45d8..f8426d3aac7 100644
--- a/security/audit-packages/Makefile
+++ b/security/audit-packages/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.64 2005/12/29 23:47:55 agc Exp $
+# $NetBSD: Makefile,v 1.64.2.1 2006/04/18 22:52:44 snj Exp $
-DISTNAME= audit-packages-1.41
+DISTNAME= audit-packages-1.42
CATEGORIES= security pkgtools
MASTER_SITES= # empty
DISTFILES= # empty
@@ -20,8 +20,6 @@ NO_CHECKSUM= yes
OWN_DIRS= ${PKGVULNDIR}
INSTALLATION_DIRS= man/cat8 man/man8 sbin
-SKIP_AUDIT_PACKAGES= yes
-
.include "../../mk/bsd.prefs.mk"
.if ${OPSYS} == "DragonFly"
diff --git a/security/audit-packages/files/audit-packages b/security/audit-packages/files/audit-packages
index 31309cb6d03..613a9873dd6 100755
--- a/security/audit-packages/files/audit-packages
+++ b/security/audit-packages/files/audit-packages
@@ -1,6 +1,6 @@
#! @SH@
#
-# $NetBSD: audit-packages,v 1.26 2005/11/21 10:39:50 agc Exp $
+# $NetBSD: audit-packages,v 1.26.4.1 2006/04/18 22:52:44 snj Exp $
#
# Copyright (c) 2000-2003 Alistair Crooks. All rights reserved.
#
@@ -41,19 +41,15 @@ ERR_PKGINSTALL="Please upgrade pkgtools/pkg_install to the newest version."
FORMAT_MAJOR=1
FORMAT_MINOR=0
-FORMAT_TEENY=1
+FORMAT_TEENY=0
PKG_INSTALL_REQUIRED=20050530
usage() {
argv0="${1##*/}"
cat <<EOF
$2
-Usage: $argv0 [-dv] [-i vulnid:id|pkgpat:pattern]
- [-K pkg_dbdir] [-p package]
+Usage: $argv0 [-dv] [-K pkg_dbdir] [-p package]
-d : Run download-vulnerability-list before anything else.
- -i : Ignore packages matching one of the specified vulnerabilities,
- or matching one of the provided patterns.
- Repeated -i options add to the ignore list.
-K : Use pkg_dbdir as PKG_DBDIR.
-p : Check a specific package for vulnerabilities.
-v : Verbose mode
@@ -71,18 +67,11 @@ vuls="${PKGVULNDIR}/pkg-vulnerabilities"
download=no
verbose=no
-ignore_list=
-pkg_patterns=
-vulnids=
one_package=
while [ $# -gt 0 ]; do
case "$1" in
-d) download=yes ;;
-v) verbose=yes ;;
- -i)
- ignore_list="$ignore_list $2"
- shift
- ;;
-p)
one_package="$2"
shift
@@ -106,18 +95,6 @@ yes) case "$settingsmsg" in
;;
esac
-for ign in $ignore_list ; do
- case "$ign" in
- pkgpat:*)
- ign="${ign#*:}"
- pkg_patterns="$pkg_patterns $ign"
- ;;
- *)
- vulnids="$vulnids $ign"
- ;;
- esac
-done
-
# try to download vulnerability list, as requested
# the integrity of the list is checked below
# so just issue a warning if there was a failure
@@ -215,22 +192,6 @@ while read pat type url; do
\#*|'') continue;;
esac
- vulnid=unknown
- if [ $file_teeny -gt 0 ] ; then
- vulnid=${type%%,*}
- type=${type#*,}
-
- skipit=0
- for ign in $vulnids; do
- if [ "$ign" = "$vulnid" ] ; then
- skipit=1
- fi
- done
- if [ $skipit -eq 1 ] ; then
- continue;
- fi
- fi
-
if [ -z "$one_package" ] ; then
vulnpkgs=`@PKG_TOOLS_BIN@/pkg_info -e "$pat"`
else
@@ -240,19 +201,8 @@ while read pat type url; do
fi
fi
for pkg in $vulnpkgs ; do
- skipit=0
- for ign in $pkg_patterns; do
- ign="${ign#*:}"
- if @PKG_TOOLS_BIN@/pkg_admin pmatch "${ign}" "$pkg" ; then
- skipit=1
- break
- fi
- done
- if [ $skipit -eq 1 ] ; then
- continue
- fi
echo "Package $pkg has a" \
- "$type vulnerability (vulnid:$vulnid), see $url"
+ "$type vulnerability, see $url"
done
done < "$vuls"
diff --git a/security/audit-packages/files/audit-packages.0 b/security/audit-packages/files/audit-packages.0
index 36ff25fbd00..c89746b9421 100644
--- a/security/audit-packages/files/audit-packages.0
+++ b/security/audit-packages/files/audit-packages.0
@@ -5,7 +5,7 @@ NNAAMMEE
installed packages
SSYYNNOOPPSSIISS
- aauuddiitt--ppaacckkaaggeess [--ddvv] [--ii _i_g_n_o_r_e_-_l_i_s_t] [--KK _p_k_g___d_b_d_i_r] [--pp _p_a_c_k_a_g_e]
+ aauuddiitt--ppaacckkaaggeess [--ddvv] [--KK _p_k_g___d_b_d_i_r] [--pp _p_a_c_k_a_g_e]
ddoowwnnllooaadd--vvuullnneerraabbiilliittyy--lliisstt
DDEESSCCRRIIPPTTIIOONN
@@ -21,13 +21,6 @@ DDEESSCCRRIIPPTTIIOONN
file before scanning the installed packages for vulnerabil-
ities.
- --ii [vvuullnniidd::_v_u_l_n_i_d|ppkkggppaatt::_p_a_t_t_e_r_n]
- Specify a list of vulnerabilities or packages to ignore.
- Packages can be specified using package wildcards (see
- pkg_info(1)). Vulnerabilities can be specified with the
- form vvuullnniidd::_v_u_l_n_i_d. Vulnerability ids are only present in
- file format 1.0.1 or higher.
-
--KK _p_k_g___d_b_d_i_r Use package database directory _p_k_g___d_b_d_i_r.
--pp _p_a_c_k_a_g_e Check only the package _p_a_c_k_a_g_e for vulnerabilities.
@@ -44,7 +37,7 @@ DDEESSCCRRIIPPTTIIOONN
Each line lists the package and vulnerable versions, the type of exploit,
and an Internet address for further information:
- <package pattern> <vulnid>,<type> <url>
+ <package pattern> <type> <url>
The type of exploit can be any text, although some common types of
exploits listed are:
@@ -157,4 +150,4 @@ HHIISSTTOORRYY
September 19, 2000. The original idea came from Roland Dowdeswell and
Bill Sommerfeld.
-NetBSD 3.0 November 16, 2005 NetBSD 3.0
+NetBSD 3.0 April 15, 2006 NetBSD 3.0
diff --git a/security/audit-packages/files/audit-packages.8 b/security/audit-packages/files/audit-packages.8
index 83fa26875f4..cc6bde42347 100644
--- a/security/audit-packages/files/audit-packages.8
+++ b/security/audit-packages/files/audit-packages.8
@@ -1,4 +1,4 @@
-.\" $NetBSD: audit-packages.8,v 1.17 2005/11/16 22:54:58 wiz Exp $
+.\" $NetBSD: audit-packages.8,v 1.17.4.1 2006/04/18 22:52:44 snj Exp $
.\"
.\" Copyright (c) 2003 Jeremy C. Reed. All rights reserved.
.\"
@@ -30,7 +30,7 @@
.\" NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
.\" SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd November 16, 2005
+.Dd April 15, 2006
.Os
.Dt AUDIT-PACKAGES 8
.Sh NAME
@@ -40,7 +40,6 @@
.Sh SYNOPSIS
.Nm
.Op Fl dv
-.Op Fl i Ar ignore-list
.Op Fl K Ar pkg_dbdir
.Op Fl p Ar package
.Nm download-vulnerability-list
@@ -61,13 +60,6 @@ The following flags are supported:
will attempt to download the vulnerabilities
file before scanning
the installed packages for vulnerabilities.
-.It Fl i Oo Cm vulnid: Ns Ar vulnid Ns | Ns Cm pkgpat: Ns Ar pattern Oc
-Specify a list of vulnerabilities or packages to ignore.
-Packages can be specified using package wildcards (see
-.Xr pkg_info 1 ) .
-Vulnerabilities can be specified with the form
-.Cm vulnid: Ns Ar vulnid .
-Vulnerability ids are only present in file format 1.0.1 or higher.
.It Fl K Ar pkg_dbdir
Use package database directory
.Ar pkg_dbdir .
@@ -97,7 +89,7 @@ and an Internet address for further information:
.Bl -item
.It
.Aq package pattern
-.Ao vulnid Ac Ns , Ns Aq type
+.Aq type
.Aq url
.El
.Pp
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-14 09:40:49 +0000