summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--security/audit-packages/Makefile4
-rw-r--r--security/audit-packages/files/audit-packages.079
-rw-r--r--security/audit-packages/files/audit-packages.816
-rw-r--r--security/audit-packages/files/download-vulnerability-list14
4 files changed, 74 insertions, 39 deletions
diff --git a/security/audit-packages/Makefile b/security/audit-packages/Makefile
index 84582084010..216fb1be505 100644
--- a/security/audit-packages/Makefile
+++ b/security/audit-packages/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.66 2006/04/16 16:15:01 salo Exp $
+# $NetBSD: Makefile,v 1.67 2006/05/21 13:31:27 adrianp Exp $
-DISTNAME= audit-packages-1.42
+DISTNAME= audit-packages-1.43
CATEGORIES= security pkgtools
MASTER_SITES= # empty
DISTFILES= # empty
diff --git a/security/audit-packages/files/audit-packages.0 b/security/audit-packages/files/audit-packages.0
index c89746b9421..69bcd368520 100644
--- a/security/audit-packages/files/audit-packages.0
+++ b/security/audit-packages/files/audit-packages.0
@@ -41,40 +41,40 @@ DDEESSCCRRIIPPTTIIOONN
The type of exploit can be any text, although some common types of
exploits listed are:
- ·· cross-site-html
- ·· cross-site-scripting
- ·· denial-of-service
- ·· file-permissions
- ·· local-access
- ·· local-code-execution
- ·· local-file-read
- ·· local-file-removal
- ·· local-file-write
- ·· local-root-file-view
- ·· local-root-shell
- ·· local-symlink-race
- ·· local-user-file-view
- ·· local-user-shell
- ·· privacy-leak
- ·· remote-code-execution
- ·· remote-command-inject
- ·· remote-file-creation
- ·· remote-file-read
- ·· remote-file-view
- ·· remote-file-write
- ·· remote-key-theft
- ·· remote-root-access
- ·· remote-root-shell
- ·· remote-script-inject
- ·· remote-server-admin
- ·· remote-use-of-secret
- ·· remote-user-access
- ·· remote-user-file-view
- ·· remote-user-shell
- ·· unknown
- ·· weak-authentication
- ·· weak-encryption
- ·· weak-ssl-authentication
+ ++oo cross-site-html
+ ++oo cross-site-scripting
+ ++oo denial-of-service
+ ++oo file-permissions
+ ++oo local-access
+ ++oo local-code-execution
+ ++oo local-file-read
+ ++oo local-file-removal
+ ++oo local-file-write
+ ++oo local-root-file-view
+ ++oo local-root-shell
+ ++oo local-symlink-race
+ ++oo local-user-file-view
+ ++oo local-user-shell
+ ++oo privacy-leak
+ ++oo remote-code-execution
+ ++oo remote-command-inject
+ ++oo remote-file-creation
+ ++oo remote-file-read
+ ++oo remote-file-view
+ ++oo remote-file-write
+ ++oo remote-key-theft
+ ++oo remote-root-access
+ ++oo remote-root-shell
+ ++oo remote-script-inject
+ ++oo remote-server-admin
+ ++oo remote-use-of-secret
+ ++oo remote-user-access
+ ++oo remote-user-file-view
+ ++oo remote-user-shell
+ ++oo unknown
+ ++oo weak-authentication
+ ++oo weak-encryption
+ ++oo weak-ssl-authentication
By default, the vulnerabilities file is stored in the @PKGVULNDIR@ direc-
tory. This can be changed by defining the environment variable
@@ -92,6 +92,11 @@ EENNVVIIRROONNMMEENNTT
FETCH_ARGS Specifies optional arguments for the ftp client.
+ FETCH_PROTO
+ Specifies the protocol to use when fetching the
+ _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file. Currently supports only http and
+ ftp. The default is ftp.
+
FFIILLEESS
@PKGVULNDIR@/pkg-vulnerabilities
@@ -107,6 +112,12 @@ EEXXAAMMPPLLEESS
export FETCH_ARGS="-4"
+ The ddoowwnnllooaadd--vvuullnneerraabbiilliittyy--lliisstt command can be forced to use http to
+ download the _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file with the following setting in
+ @PKG_SYSCONFDIR@/audit-packages.conf :
+
+ export FETCH_PROTO="http"
+
DDIIAAGGNNOOSSTTIICCSS
The following errors can occur:
diff --git a/security/audit-packages/files/audit-packages.8 b/security/audit-packages/files/audit-packages.8
index a70d15dddac..4ce2c6313c4 100644
--- a/security/audit-packages/files/audit-packages.8
+++ b/security/audit-packages/files/audit-packages.8
@@ -1,4 +1,4 @@
-.\" $NetBSD: audit-packages.8,v 1.18 2006/04/15 15:02:10 salo Exp $
+.\" $NetBSD: audit-packages.8,v 1.19 2006/05/21 13:31:27 adrianp Exp $
.\"
.\" Copyright (c) 2003 Jeremy C. Reed. All rights reserved.
.\"
@@ -186,6 +186,10 @@ Specifies the directory containing the
file.
.It Ev FETCH_ARGS
Specifies optional arguments for the ftp client.
+.It Ev FETCH_PROTO
+Specifies the protocol to use when fetching the
+.Pa pkg-vulnerabilities
+file. Currently supports only http and ftp. The default is ftp.
.El
.Sh FILES
@PKGVULNDIR@/pkg-vulnerabilities
@@ -214,6 +218,16 @@ command can be forced to use IPv4 with the following setting in
@PKG_SYSCONFDIR@/audit-packages.conf :
.Pp
export FETCH_ARGS="-4"
+.Pp
+The
+.Nm download-vulnerability-list
+command can be forced to use http to download the
+.Pa pkg-vulnerabilities
+file with the following setting in
+@PKG_SYSCONFDIR@/audit-packages.conf :
+.Pp
+export FETCH_PROTO="http"
+.Pp
.Sh DIAGNOSTICS
The following errors can occur:
.Bl -tag -width 10n
diff --git a/security/audit-packages/files/download-vulnerability-list b/security/audit-packages/files/download-vulnerability-list
index 886c2e0d399..e25b6b536ff 100644
--- a/security/audit-packages/files/download-vulnerability-list
+++ b/security/audit-packages/files/download-vulnerability-list
@@ -1,6 +1,6 @@
#! @SH@
-# $NetBSD: download-vulnerability-list,v 1.27 2005/10/20 10:26:54 agc Exp $
+# $NetBSD: download-vulnerability-list,v 1.28 2006/05/21 13:31:27 adrianp Exp $
#
# Copyright (c) 2000-2003 Alistair Crooks. All rights reserved.
#
@@ -34,8 +34,8 @@
#
: ${PKGVULNDIR=@PKGVULNDIR@}
+: ${FETCH_PROTO=ftp}
-VUL_SOURCE="ftp://ftp.NetBSD.org/pub/NetBSD/packages/distfiles/pkg-vulnerabilities"
NEW_VUL_LIST=pkg-vulnerabilities.$$
EXIST_VUL_LIST=pkg-vulnerabilities
@@ -45,11 +45,21 @@ if [ -r @PKG_SYSCONFDIR@/audit-packages.conf ]; then
. @PKG_SYSCONFDIR@/audit-packages.conf
fi
+VUL_SOURCE="${FETCH_PROTO}://ftp.NetBSD.org/pub/NetBSD/packages/distfiles/pkg-vulnerabilities"
+
if [ ! -d ${PKGVULNDIR}/. ]; then
echo "Creating ${PKGVULNDIR}"
@MKDIR@ ${PKGVULNDIR} || (echo "Can't create ${PKGVULNDIR}" 1>&2; exit 1)
fi
+case ${FETCH_PROTO} in
+http) ;;
+ftp) ;;
+*) echo "Unknown FETCH_PROTO specified - Only http and ftp are aurrently supported."
+ exit 1
+ ;;
+esac
+
cd ${PKGVULNDIR}
utility=`echo "@FETCH_CMD@" | @AWK@ '{ print $1 }'`
case "$utility" in