summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorwiz <wiz@pkgsrc.org>2003-06-12 06:59:30 +0000
committerwiz <wiz@pkgsrc.org>2003-06-12 06:59:30 +0000
commit6dacb668a8b35d810c491076f625dabd390e8790 (patch)
treeaba1b22678c7c3738e75ced2cb59d4d1a66f650e /security
parentafef40e1c05e37d9d41292792e779067960966aa (diff)
downloadpkgsrc-6dacb668a8b35d810c491076f625dabd390e8790.tar.gz
Add man page supplied by Jeremy C. Reed in PR 21865, with some fixes by me.
Bump to 1.16.
Diffstat (limited to 'security')
-rw-r--r--security/audit-packages/Makefile27
-rw-r--r--security/audit-packages/PLIST6
-rw-r--r--security/audit-packages/files/audit-packages.8161
3 files changed, 188 insertions, 6 deletions
diff --git a/security/audit-packages/Makefile b/security/audit-packages/Makefile
index 7bacb8665c0..3ecff052dd4 100644
--- a/security/audit-packages/Makefile
+++ b/security/audit-packages/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.20 2003/05/21 14:07:45 seb Exp $
+# $NetBSD: Makefile,v 1.21 2003/06/12 06:59:30 wiz Exp $
-DISTNAME= audit-packages-1.15
+DISTNAME= audit-packages-1.16
WRKSRC= ${WRKDIR}
CATEGORIES= security pkgtools
MASTER_SITES= # empty
@@ -10,22 +10,39 @@ MAINTAINER= agc@netbsd.org
COMMENT= tools to show vulnerabilities in installed packages
NO_CHECKSUM= yes
-NO_BUILD= yes
NO_MTREE= yes
-do-configure:
- @for f in audit-packages download-vulnerability-list; do \
+.include "../../mk/bsd.prefs.mk"
+
+.if ${OPSYS} == "SunOS"
+# This doesn't create readable manual pages. "mandoc" should be added
+# to zoularis.
+NROFF= nroff -man
+.else
+NROFF= nroff -mandoc
+.endif
+
+do-build:
+ @for f in audit-packages audit-packages.8 \
+ download-vulnerability-list; do \
${SED} -e 's|@PKGVULNDIR@|${PKGVULNDIR}|g' \
-e 's|@AWK@|${AWK}|g' \
-e 's|@FETCH_CMD@|${FETCH_CMD}|g' \
+ -e 's|@FETCH_CMD_SHORT@|${FETCH_CMD:T}|g' \
+ -e 's|@PKGSRCDIR@|${_PKGSRCDIR}|g' \
-e 's|@PKG_TOOLS_BIN@|${PKG_TOOLS_BIN}|g' \
-e 's|@SH@|${SH}|g' \
${FILESDIR}/$$f > ${WRKSRC}/$$f; \
done
+ ${NROFF} ${WRKSRC}/audit-packages.8 >${WRKSRC}/audit-packages.0
do-install:
@for f in audit-packages download-vulnerability-list; do \
${INSTALL_SCRIPT} ${WRKSRC}/$$f ${PREFIX}/sbin; \
done
+ ${INSTALL_MAN} ${WRKSRC}/audit-packages.0 ${PREFIX}/man/cat8
+ ${INSTALL_MAN} ${WRKSRC}/audit-packages.8 ${PREFIX}/man/man8
+ ${LN} -s audit-packages.0 ${PREFIX}/man/cat8/download-vulnerability-list.0
+ ${LN} -s audit-packages.8 ${PREFIX}/man/man8/download-vulnerability-list.8
.include "../../mk/bsd.pkg.mk"
diff --git a/security/audit-packages/PLIST b/security/audit-packages/PLIST
index 61622f44783..c337d07a7df 100644
--- a/security/audit-packages/PLIST
+++ b/security/audit-packages/PLIST
@@ -1,3 +1,7 @@
-@comment $NetBSD: PLIST,v 1.1 2001/11/01 01:16:32 zuntum Exp $
+@comment $NetBSD: PLIST,v 1.2 2003/06/12 06:59:30 wiz Exp $
+man/cat8/audit-packages.0
+man/cat8/download-vulnerability-list.0
+man/man8/audit-packages.8
+man/man8/download-vulnerability-list.8
sbin/audit-packages
sbin/download-vulnerability-list
diff --git a/security/audit-packages/files/audit-packages.8 b/security/audit-packages/files/audit-packages.8
new file mode 100644
index 00000000000..ddb6e235330
--- /dev/null
+++ b/security/audit-packages/files/audit-packages.8
@@ -0,0 +1,161 @@
+.\" $NetBSD: audit-packages.8,v 1.1 2003/06/12 06:59:31 wiz Exp $
+.Dd June 11, 2003
+.Os
+.Dt AUDIT-PACKAGES 8
+.Sh NAME
+.Nm audit-packages ,
+.Nm download-vulnerability-list
+.Nd show vulnerabilities in installed packages
+.Sh SYNOPSIS
+.Nm
+.Nm download-vulnerability-list
+.Sh DESCRIPTION
+The
+.Nm
+program compares the installed packages with the
+.Pa vulnerabilities
+file and reports any known security issues to standard output.
+This output contains the name and version of the package, the
+type of vulnerability, and an URL for further information for each
+vulnerable package.
+.Pp
+The
+.Nm download-vulnerability-list
+program downloads this file from
+.Pa ftp://ftp.netbsd.org/pub/NetBSD/packages/distfiles/vulnerabilities
+using
+.Xr @FETCH_CMD_SHORT@ 1 .
+This vulnerabilities file documents all known security issues in
+pkgsrc packages and is kept up-to-date by the
+.Nx
+packages team.
+.Pp
+Each line lists the package and vulnerable versions, the type of exploit,
+and an Internet address for further information.
+Commonly, the types of exploits listed are:
+.Bl -bullet -compact -offset indent
+.It
+cross-site-html
+.It
+cross-site-scripting
+.It
+denial-of-service
+.It
+file-permissions
+.It
+local-access
+.It
+local-code-execution
+.It
+local-file-read
+.It
+local-file-removal
+.It
+local-file-write
+.It
+local-root-file-view
+.It
+local-root-shell
+.It
+local-symlink-race
+.It
+local-user-file-view
+.It
+local-user-shell
+.It
+privacy-leak
+.It
+remote-code-execution
+.It
+remote-command-inject
+.It
+remote-file-creation
+.It
+remote-file-read
+.It
+remote-file-view
+.It
+remote-file-write
+.It
+remote-key-theft
+.It
+remote-root-access
+.It
+remote-root-shell
+.It
+remote-script-inject
+.It
+remote-server-admin
+.It
+remote-use-of-secret
+.It
+remote-user-access
+.It
+remote-user-file-view
+.It
+remote-user-shell
+.It
+unknown
+.It
+weak-authentication
+.It
+weak-encryption
+.It
+weak-ssl-authentication
+.El
+.Pp
+By default, the vulnerabilities file is stored in the
+.Pa @PKGVULNDIR@
+directory.
+This can be changed by defining the environment variable
+.Ev PKGVULNDIR
+to the directory containing the vulnerabilities file.
+.Sh ENVIRONMENT
+.Bl -tag -width PKGVULNDIR
+.It Ev PKGVULNDIR
+Specifies the directory containing the
+.Pa vulnerabilities
+file.
+.El
+.Sh FILES
+.Pa @PKGVULNDIR@/vulnerabilities
+.\" .Sh EXAMPLES
+.Sh EXAMPLES
+The
+.Nm download-vulnerability-list
+command can be run via
+.Xr cron 8
+to update the
+.Pa vulnerabilities
+daily.
+And
+.Nm
+can be run via
+.Xr cron 8
+(or with
+.Nx Ns 's
+.Pa /etc/security.local
+daily security script).
+.Sh SEE ALSO
+.Xr pkg_info 1 ,
+.Xr mk.conf 5 ,
+.Xr packages 7 ,
+.Pa @PKGSRCDIR@/mk/bsd.pkg.defaults.mk
+and
+.Rs
+.%T "Documentation on the NetBSD Package System"
+.Re
+.Pa @PKGSRCDIR@/Packages.txt
+.Sh HISTORY
+The
+.Nm
+and
+.Nm download-vulnerability-list
+commands were originally implemented and added to
+.Nx Ns 's
+pkgsrc by
+.An Alistair Crooks
+on September 19, 2000.
+The original idea came from Roland Dowdeswell and Bill Sommerfeld.
+.\" .Sh AUTHORS
+.\" .Sh SECURITY CONSIDERATIONS