diff options
| author | agc <agc@pkgsrc.org> | 2003-10-18 10:16:57 +0000 |
|---|---|---|
| committer | agc <agc@pkgsrc.org> | 2003-10-18 10:16:57 +0000 |
| commit | d0013d73a706b9d649d20e7534f9993f386b1262 (patch) | |
| tree | 354b6a89bf02e3f8f30f15e5507ccf63bda2e761 /security | |
| parent | d8baa9803b20e90fefa2989d28bcce114b9848ca (diff) | |
| download | pkgsrc-d0013d73a706b9d649d20e7534f9993f386b1262.tar.gz | |
Update audit-packages to 1.25.
+ get rid of unnecessary awk invocation in audit-packages, use shell
construction instead, pointed out by enami tsugutomo. Cuts system and
user execution times for audit-packages in half.
+ add (4-clause) licences to audit-packages and download-vulnerability-list
+ check integrity of pkg-vulnerabilities file in audit-packages by using
the same construct as in download-vulnerability-list
+ CSE in error checking in audit-packages
+ properly terminate a case expression in download-vulnerability-list
Diffstat (limited to 'security')
| -rw-r--r-- | security/audit-packages/Makefile | 4 | ||||
| -rwxr-xr-x | security/audit-packages/files/audit-packages | 103 | ||||
| -rw-r--r-- | security/audit-packages/files/download-vulnerability-list | 34 |
3 files changed, 120 insertions, 21 deletions
diff --git a/security/audit-packages/Makefile b/security/audit-packages/Makefile index 2756289f921..554e7a289c8 100644 --- a/security/audit-packages/Makefile +++ b/security/audit-packages/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.33 2003/10/17 09:45:28 agc Exp $ +# $NetBSD: Makefile,v 1.34 2003/10/18 10:16:57 agc Exp $ -DISTNAME= audit-packages-1.24 +DISTNAME= audit-packages-1.25 WRKSRC= ${WRKDIR} CATEGORIES= security pkgtools MASTER_SITES= # empty diff --git a/security/audit-packages/files/audit-packages b/security/audit-packages/files/audit-packages index 8510ad8a564..2709baff137 100755 --- a/security/audit-packages/files/audit-packages +++ b/security/audit-packages/files/audit-packages @@ -1,26 +1,93 @@ #! @SH@ - -# $NetBSD: audit-packages,v 1.13 2003/10/17 09:45:28 agc Exp $ +# +# $NetBSD: audit-packages,v 1.14 2003/10/18 10:16:57 agc Exp $ +# +# Copyright (c) 2000-2003 Alistair Crooks. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. All advertising materials mentioning features or use of this software +# must display the following acknowledgement: +# This product includes software developed by Alistair Crooks +# for the NetBSD project. +# 4. The name of the author may not be used to endorse or promote +# products derived from this software without specific prior written +# permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS +# OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE +# GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# : ${PKGVULNDIR=@PKGVULNDIR@} -if [ ! -f ${PKGVULNDIR}/pkg-vulnerabilities ]; then - echo "** Missing ${PKGVULNDIR}/pkg-vulnerabilities" 1>&2 - echo "** run download-vulnerability-list" 1>&2 - exit 1 -fi +vuls=${PKGVULNDIR}/pkg-vulnerabilities + +errmsg="" + +# check for missing vulnerabilities file +[ ! -f $vuls ] && errmsg="** Missing $vuls" -if [ -n "$(find ${PKGVULNDIR}/pkg-vulnerabilities -ctime +7)" ]; then - echo "** ${PKGVULNDIR}/pkg-vulnerabilities more than a week old" 1>&2 - echo "** run download-vulnerability-list" 1>&2 +case "$errmsg" in +"") # check for old vulnerabilities file + [ -n "$(find $vuls -ctime +7)" ] && errmsg="** $vuls more than a week old" + ;; +esac + +case "$errmsg" in +"") # check integrity of vulnerabilities file + recordedsum=`@AWK@ '$1 == "#CHECKSUM" { print $3 }' $vuls` + recordedalg=`@AWK@ '$1 == "#CHECKSUM" { print $2 }' $vuls` + case "$recordedsum" in + "") errmsg="***WARNING*** No checksum found in $vuls" + ;; + *) case "$recordedalg" in + "") errmsg="***WARNING*** No checksum algorithm found in $vuls file" + ;; + *) calcsum=`@AWK@ '$1 == "#CHECKSUM" || /\$NetBSD.*/ { next } { print }' $vuls | @DIGEST@ $recordedalg` + if [ "$recordedsum" != "$calcsum" ]; then + errmsg="***WARNING*** Checksum mismatch - recorded $recordedalg checksum \"$recordedsum\", calculated checksum \"$calcsum\"" + fi + ;; + esac + ;; + esac + ;; +esac + +# if we have found an error, then complain and exit +case "$errmsg" in +"") ;; +*) echo "$errmsg" 1>&2 + echo "** Please run download-vulnerability-list" 1>&2 exit 1 -fi - -@AWK@ ' - /^#.*/ { next } - NF == 0 { next } - { cmd = sprintf("@PKG_TOOLS_BIN@/pkg_info -qe \"%s\" && echo Package \"`@PKG_TOOLS_BIN@/pkg_info -e %c%s%c`\" has a %s vulnerability, see %s ; wait", $1, 39, $1, 39, $2, $3); - system(cmd); } -' ${PKGVULNDIR}/pkg-vulnerabilities + ;; +esac + +# check for vulnerabilities +while read pat type url; do + case "$pat" in + \#*|'') continue;; + esac + + if @PKG_TOOLS_BIN@/pkg_info -qe "$pat"; then + echo Package `@PKG_TOOLS_BIN@/pkg_info -e "$pat"` has a \ + $type vulnerability, see $url + fi +done < $vuls exit 0 diff --git a/security/audit-packages/files/download-vulnerability-list b/security/audit-packages/files/download-vulnerability-list index fe8b1af8854..aa1b0e752f5 100644 --- a/security/audit-packages/files/download-vulnerability-list +++ b/security/audit-packages/files/download-vulnerability-list @@ -1,6 +1,37 @@ #! @SH@ -# $NetBSD: download-vulnerability-list,v 1.20 2003/09/16 14:47:49 grant Exp $ +# $NetBSD: download-vulnerability-list,v 1.21 2003/10/18 10:16:57 agc Exp $ +# +# Copyright (c) 2000-2003 Alistair Crooks. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. All advertising materials mentioning features or use of this software +# must display the following acknowledgement: +# This product includes software developed by Alistair Crooks +# for the NetBSD project. +# 4. The name of the author may not be used to endorse or promote +# products derived from this software without specific prior written +# permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS +# OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE +# GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# : ${PKGVULNDIR=@PKGVULNDIR@} @@ -40,6 +71,7 @@ case "$recordedsum" in fi ;; esac + ;; esac case "$errmsg" in "") ;; |