10 files changed, 0 insertions, 1037 deletions

diff --git a/security/audit-packages/DESCR b/security/audit-packages/DESCR
deleted file mode 100644
index 6c740bc296e..00000000000
--- a/security/audit-packages/DESCR
+++ /dev/null
@@ -1,12 +0,0 @@
-The audit-packages tools provide two scripts:
-
-(1) download-vulnerability-list, an easy way to download a list of
-security vulnerabilities which have been published.  This list is kept
-up to date by the NetBSD security officer.  It is held at the
-well-known URL:
-
-ftp://ftp.NetBSD.org/pub/NetBSD/packages/distfiles/vulnerabilities
-
-(2) audit-packages, an easy way to audit the current machine, checking
-each vulnerability listed by the security officer.  If a vulnerable
-package is installed, it will be shown by output to stdout.
diff --git a/security/audit-packages/MESSAGE b/security/audit-packages/MESSAGE
deleted file mode 100644
index d4f12dbf3fe..00000000000
--- a/security/audit-packages/MESSAGE
+++ /dev/null
@@ -1,22 +0,0 @@
-===========================================================================
-$NetBSD: MESSAGE,v 1.3 2003/09/02 10:20:27 agc Exp $
-
-You may wish to have the vulnerabilities file downloaded daily so that
-it remains current.  This may be done by adding an appropriate entry
-to the root users crontab(5) entry.  For example the entry
-
-# download vulnerabilities file
-0 3 * * * ${PREFIX}/sbin/download-vulnerability-list >/dev/null 2>&1
-
-will update the vulnerability list every day at 3AM. You may wish to do
-this more often than once a day.
-
-In addition, you may wish to run the package audit from the daily
-security script.  This may be accomplished by adding the following
-lines to /etc/security.local
-
-if [ -x ${PREFIX}/sbin/audit-packages ]; then
-        ${PREFIX}/sbin/audit-packages
-fi
-
-===========================================================================
diff --git a/security/audit-packages/MESSAGE.DragonFly b/security/audit-packages/MESSAGE.DragonFly
deleted file mode 100644
index 623fbe8f2ec..00000000000
--- a/security/audit-packages/MESSAGE.DragonFly
+++ /dev/null
@@ -1,23 +0,0 @@
-===========================================================================
-$NetBSD: MESSAGE.DragonFly,v 1.2 2006/03/02 18:31:49 joerg Exp $
-
-You may wish to have the vulnerabilities file downloaded daily so that
-it remains current.  This may be done by adding an appropriate entry
-to the root users crontab(5) entry.  For example the entry
-
-# download vulnerabilities file
-0 3 * * * ${PREFIX}/sbin/download-vulnerability-list >/dev/null 2>&1
-
-will update the vulnerability list every day at 3AM. You may wish to do
-this more often than once a day.
-
-In addition, you may wish to run the package audit from the daily
-security script.  This may be accomplished by adding the following
-lines to /etc/periodic/security/NNN.audit-packages, where NNN is a
-number specifying the order of execution.
-
-if [ -x ${PREFIX}/sbin/audit-packages ]; then
-        ${PREFIX}/sbin/audit-packages
-fi
-
-===========================================================================
diff --git a/security/audit-packages/Makefile b/security/audit-packages/Makefile
deleted file mode 100644
index 9eea3a98879..00000000000
--- a/security/audit-packages/Makefile
+++ /dev/null
@@ -1,102 +0,0 @@
-# $NetBSD: Makefile,v 1.78 2008/01/02 09:00:34 adrianp Exp $
-
-DISTNAME=	audit-packages-1.46
-CATEGORIES=	security pkgtools
-MASTER_SITES=	# empty
-DISTFILES=	# empty
-
-MAINTAINER=	agc@NetBSD.org
-COMMENT=	Tools to show vulnerabilities in installed packages
-
-PKG_INSTALLATION_TYPES=	overwrite pkgviews
-PKG_DESTDIR_SUPPORT=	user-destdir
-
-CONFLICTS+=	pkg_install>=20070714
-
-USE_TOOLS+=	digest:run
-
-BUILD_DEFS+=	PKGVULNDIR
-
-WRKSRC=		${WRKDIR}
-NO_CHECKSUM=	yes
-
-OWN_DIRS=	${PKGVULNDIR}
-MAN8DIR=	${PREFIX}/${PKGMANDIR}/man8
-CAT8DIR=	${PREFIX}/${PKGMANDIR}/cat8
-INSTALLATION_DIRS=	${CAT8DIR} ${MAN8DIR} sbin \
-			share/examples/audit-packages
-
-.include "../../mk/bsd.prefs.mk"
-
-.if ${OPSYS} == "DragonFly"
-MESSAGE_SRC=	${PKGDIR}/MESSAGE.DragonFly
-.else
-MESSAGE_SRC=	${PKGDIR}/MESSAGE
-.endif
-
-# If you're running NetBSD it's possible that you may already have
-# audit-packages installed as a part of the base OS.
-#
-.if ${OPSYS} == "NetBSD"
-.	if exists(/usr/sbin/audit-packages)
-PKG_FAIL_REASON+=	"audit-packages is already installed on this system"
-.	endif
-.endif
-
-CONF_FILES=	${PREFIX}/share/examples/audit-packages/audit-packages.conf \
-		${PKG_SYSCONFDIR}/audit-packages.conf
-
-SUBST_CLASSES=		paths
-SUBST_STAGE.paths=	post-build
-SUBST_FILES.paths=	audit-packages audit-packages.0 audit-packages.8
-SUBST_FILES.paths+=	download-vulnerability-list
-SUBST_SED.paths=	-e 's|@PKGVULNDIR@|${PKGVULNDIR}|g'
-SUBST_SED.paths+=	-e 's|@AWK@|${AWK}|g'
-SUBST_SED.paths+=	-e 's|@FETCH_CMD@|${FETCH_CMD:Q}|g'
-SUBST_SED.paths+=	-e 's|@FETCH_CMD_SHORT@|${FETCH_CMD:T:Q}|g'
-SUBST_SED.paths+=	-e 's|@PKGSRCDIR@|${PKGSRCDIR}|g'
-SUBST_SED.paths+=	-e 's|@PKG_TOOLS_BIN@|${PKG_TOOLS_BIN}|g'
-SUBST_SED.paths+=	-e 's|@PREFIX@|${PREFIX}|g'
-SUBST_SED.paths+=	-e 's|@SH@|${SH}|g'
-SUBST_SED.paths+=	-e 's|@DIGEST@|${DIGEST}|g'
-SUBST_SED.paths+=	-e 's|@CHMOD@|${CHMOD}|g'
-SUBST_SED.paths+=	-e 's|@MV@|${MV}|g'
-SUBST_SED.paths+=	-e 's|@RM@|${RM}|g'
-SUBST_SED.paths+=	-e 's|@MKDIR@|${MKDIR}|g'
-SUBST_SED.paths+=	-e 's|@PKG_SYSCONFDIR@|${PKG_SYSCONFDIR}|g'
-SUBST_SED.paths+=	-e 's|@FIND@|${FIND}|g'
-SUBST_MESSAGE.paths=	Fixing paths.
-
-.if ${OPSYS} == "SunOS" || ${OPSYS} == "AIX"
-USE_TOOLS+=	nroff
-.endif
-
-do-build:
-	for f in audit-packages audit-packages.0 audit-packages.8 	\
-		download-vulnerability-list; do				\
-		${CP} ${FILESDIR}/$$f ${WRKSRC} ;			\
-	done
-
-.if ${OPSYS} == "SunOS" || ${OPSYS} == "AIX"
-	# pre-created man-pages are "mandoc" pages, these OS need "man",
-	# so regen the .0 page
-	${NROFF} -man ${WRKSRC}/audit-packages.8 >${WRKSRC}/audit-packages.0
-.endif
-
-do-install:
-	${INSTALL_DATA} ${FILESDIR}/audit-packages.conf \
-		${DESTDIR}${PREFIX}/share/examples/audit-packages
-
-	for f in audit-packages download-vulnerability-list; do	\
-		${INSTALL_SCRIPT} ${WRKSRC}/$$f ${DESTDIR}${PREFIX}/sbin; \
-	done
-
-	${INSTALL_MAN} ${WRKSRC}/audit-packages.0 ${DESTDIR}${CAT8DIR}/
-	${INSTALL_MAN} ${WRKSRC}/audit-packages.8 ${DESTDIR}${MAN8DIR}/
-
-	${RM} -f ${DESTDIR}${CAT8DIR}/download-vulnerability-list.0
-	${LN} -s audit-packages.0 ${DESTDIR}${CAT8DIR}/download-vulnerability-list.0
-	${RM} -f ${DESTDIR}${MAN8DIR}/download-vulnerability-list.8
-	${LN} -s audit-packages.8 ${DESTDIR}${MAN8DIR}/download-vulnerability-list.8
-
-.include "../../mk/bsd.pkg.mk"
diff --git a/security/audit-packages/PLIST b/security/audit-packages/PLIST
deleted file mode 100644
index e6f0d589075..00000000000
--- a/security/audit-packages/PLIST
+++ /dev/null
@@ -1,9 +0,0 @@
-@comment $NetBSD: PLIST,v 1.3 2006/12/09 12:30:47 adrianp Exp $
-man/cat8/audit-packages.0
-man/cat8/download-vulnerability-list.0
-man/man8/audit-packages.8
-man/man8/download-vulnerability-list.8
-sbin/audit-packages
-sbin/download-vulnerability-list
-share/examples/audit-packages/audit-packages.conf
-@dirrm share/examples/audit-packages
diff --git a/security/audit-packages/files/audit-packages b/security/audit-packages/files/audit-packages
deleted file mode 100755
index 6d88a30c930..00000000000
--- a/security/audit-packages/files/audit-packages
+++ /dev/null
@@ -1,235 +0,0 @@
-#! @SH@
-#
-# $NetBSD: audit-packages,v 1.31 2007/07/10 15:27:57 joerg Exp $
-#
-# Copyright (c) 2000-2003 Alistair Crooks.  All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in the
-#    documentation and/or other materials provided with the distribution.
-# 3. All advertising materials mentioning features or use of this software
-#    must display the following acknowledgement:
-#	This product includes software developed by Alistair Crooks
-#	for the NetBSD project.
-# 4. The name of the author may not be used to endorse or promote
-#    products derived from this software without specific prior written
-#    permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
-# OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
-# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
-# GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-
-ERR_DOWNLOAD="Please run download-vulnerability-list."
-ERR_UPGRADE="Please upgrade security/audit-packages to the newest version."
-ERR_PKGINSTALL="Please upgrade pkgtools/pkg_install to the newest version."
-
-: ${PKGVULNDIR=@PKGVULNDIR@}
-
-FORMAT_MAJOR=1
-FORMAT_MINOR=0
-FORMAT_TEENY=0
-PKG_INSTALL_REQUIRED=20050530
-
-usage() {
-	argv0="${1##*/}"
-	cat <<EOF
-$2
-Usage: $argv0 [-dv] [-K pkg_dbdir] [-p package]
-    -d : Run download-vulnerability-list before anything else.
-    -K : Use pkg_dbdir as PKG_DBDIR.
-    -p : Check a specific package for vulnerabilities.
-    -v : Verbose mode
-EOF
-	exit 1
-}
-
-settingsmsg=""
-if [ -r @PKG_SYSCONFDIR@/audit-packages.conf ]; then
-	settingsmsg="Reading settings from @PKG_SYSCONFDIR@/audit-packages.conf"
-	. @PKG_SYSCONFDIR@/audit-packages.conf
-fi
-
-vuls="${PKGVULNDIR}/pkg-vulnerabilities"
-
-download=no
-verbose=no
-one_package=
-while [ $# -gt 0 ]; do
-	case "$1" in
-	-d)	download=yes ;;
-	-v)	verbose=yes ;;
-	-p)
-		one_package="$2"
-		shift
-		;;
-	-K)
-	 	export PKG_DBDIR="$2"
-		shift
-		;;
-	*)
-		usage "$0" "Unknown option $1"
-	esac
-	shift
-done
-
-case $verbose in
-yes)	case "$settingsmsg" in
-	"")	;;
-	*)	echo "$settingsmsg"
-		;;
-	esac
-	;;
-esac
-
-# try to download vulnerability list, as requested
-# the integrity of the list is checked below
-# so just issue a warning if there was a failure
-case "$download" in
-yes)	@PREFIX@/sbin/download-vulnerability-list || \
-		echo "***WARNING***: download-vulnerability-list failure" 1>&2;;
-esac
-
-errmsg=""
-
-# check for missing vulnerabilities file
-if [ ! -f "$vuls" ]; then
-	errmsg="Missing vulnerabilities file $vuls"
-	errsolution="$ERR_DOWNLOAD"
-fi
-
-case "$errmsg" in
-"")	# check for old vulnerabilities file if we're being verbose
-	case "$verbose" in
-	# XXX: quote vuls
-	yes)	[ -n "$(@FIND@ $vuls -ctime +7)" ] && echo "*** WARNING - $vuls more than a week old, continuing..." ;;
-	esac
-	;;
-esac
-
-case "$errmsg" in
-"")	# check that pkg_info is new enough (supports ranges)
-	if [ `@PKG_TOOLS_BIN@/pkg_info -V` -lt "$PKG_INSTALL_REQUIRED" ]; then
-		errmsg='Installed pkg_info is too old.'
-		errsolution="$ERR_PKGINSTALL"
-	fi
-	;;
-esac
-
-case "$errmsg" in
-"")	# check format version of vulnerabilities file
-	file_major=`@AWK@ '$1 == "#FORMAT" { split($2, a, "\\\\."); print a[1]; exit; }' "$vuls"`
-	file_minor=`@AWK@ '$1 == "#FORMAT" { split($2, a, "\\\\."); print a[2]; exit; }' "$vuls"`
-	file_teeny=`@AWK@ '$1 == "#FORMAT" { split($2, a, "\\\\."); print a[3]; exit; }' "$vuls"`
-	if [ -z "$file_teeny" ] ; then
-		file_teeny=0
-	fi
-	if [ "x$file_major" = "x" -o "x$file_minor" = "x" ]; then
-		errmsg="No file format version found in $vuls"
-		errsolution="$ERR_DOWNLOAD"
-	elif [ "$file_major" -ne "$FORMAT_MAJOR" -o "$file_minor" -gt "$FORMAT_MINOR" ]; then
-		errmsg="Unsupported file format version $file_major.$file_minor${file_teeny:+.${file_teeny}} in $vuls (supported version: $FORMAT_MAJOR.$FORMAT_MINOR.$FORMAT_TEENY)."
-		if [ "$file_major" -le "$FORMAT_MAJOR" -o
-		     \( "$file_major" -eq "$FORMAT_MAJOR" -a
-		        "$file_minor" -lt "$FORMAT_MINOR" \) ]; then
-			errsolution="$ERR_DOWNLOAD"
-		else
-			errsolution="$ERR_UPGRADE"
-		fi
-	fi
-	;;
-esac
-
-case "$errmsg" in
-"")	# check integrity of vulnerabilities file
-	recordedsum=`@AWK@ '$1 == "#CHECKSUM" { print $3 }' "$vuls"`
-	recordedalg=`@AWK@ '$1 == "#CHECKSUM" { print $2 }' "$vuls"`
-	case "$recordedsum" in
-	"")	errmsg="No checksum found in $vuls"
-		errsolution="$ERR_DOWNLOAD"
-		;;
-	*)	case "$recordedalg" in
-		"")	errmsg="No checksum algorithm found in $vuls file"
-			errsolution="$ERR_DOWNLOAD"
-			;;
-		*)	calcsum=`@AWK@ '$1 == "#CHECKSUM" || /\$[N]etBSD.*/ { next } { print }' "$vuls" | @DIGEST@ "$recordedalg"`
-			if [ "$recordedsum" != "$calcsum" ]; then
-				errmsg="Checksum mismatch - recorded $recordedalg checksum \"$recordedsum\", calculated checksum \"$calcsum\""
-				errsolution="$ERR_DOWNLOAD"
-			fi
-			;;
-		esac
-		;;
-	esac
-	;;
-esac
-
-# if we have found an error, then complain and exit
-case "$errmsg" in
-"")	;;
-*)	echo "***ERROR*** $errmsg" 1>&2
-	echo "** $errsolution" 1>&2
-	exit 1
-	;;
-esac
-
-found_vulnpkg=0
-# check for vulnerabilities
-while read pat type url; do
-	case "$pat" in
-	\#*|'') continue;;
-	esac
-
-	case "$IGNORE_URLS" in
-	"")	;;
-	*)	ignore=false;
-		for u in $IGNORE_URLS; do
-			if [ "x$u" = "x$url" ]; then
-				ignore=true
-				break
-			fi
-		done
-		if $ignore; then
-			case "$verbose" in
-			yes)	echo "Ignoring vulnerability for $url with pattern $pat"
-				;;
-			esac
-			continue
-		fi
-		;;
-	esac
-
-	if [ -z "$one_package" ] ; then
-		vulnpkgs=`@PKG_TOOLS_BIN@/pkg_info -e "$pat"`
-	else
-		vulnpkgs=
-		one_pkg=`@PKG_TOOLS_BIN@/pkg_info -e "$one_package"`
-		if `@PKG_TOOLS_BIN@/pkg_admin pmatch "$pat" "$one_pkg"` ; then
-			vulnpkgs=$one_pkg
-		fi
-	fi
-	for pkg in $vulnpkgs ; do
-		found_vulnpkg=`expr $found_vulnpkg + 1`
-		echo "Package $pkg has a" \
-			"$type vulnerability, see $url"
-	done
-done < "$vuls"
-
-if [ "$verbose" = "yes" -a "$found_vulnpkg" -eq 0 ]; then
-	echo "No vulnerable packages found."
-fi
-
-exit 0
diff --git a/security/audit-packages/files/audit-packages.0 b/security/audit-packages/files/audit-packages.0
deleted file mode 100644
index 431e62b32bd..00000000000
--- a/security/audit-packages/files/audit-packages.0
+++ /dev/null
@@ -1,173 +0,0 @@
-AUDIT-PACKAGES(8)       NetBSD System Manager's Manual       AUDIT-PACKAGES(8)
-
-NNAAMMEE
-     aauuddiitt--ppaacckkaaggeess, ddoowwnnllooaadd--vvuullnneerraabbiilliittyy--lliisstt -- show vulnerabilities in
-     installed packages
-
-SSYYNNOOPPSSIISS
-     aauuddiitt--ppaacckkaaggeess [--ddvv] [--KK _p_k_g___d_b_d_i_r] [--pp _p_a_c_k_a_g_e]
-     ddoowwnnllooaadd--vvuullnneerraabbiilliittyy--lliisstt
-
-DDEESSCCRRIIPPTTIIOONN
-     The aauuddiitt--ppaacckkaaggeess program compares the installed packages with the
-     _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file and reports any known security issues to stan-
-     dard output.  This output contains the name and version of the package,
-     the type of vulnerability, and an URL for further information for each
-     vulnerable package.
-
-     The following flags are supported:
-
-     --dd            aauuddiitt--ppaacckkaaggeess will attempt to download the vulnerabilities
-                   file before scanning the installed packages for vulnerabil-
-                   ities.
-
-     --KK _p_k_g___d_b_d_i_r  Use package database directory _p_k_g___d_b_d_i_r.
-
-     --pp _p_a_c_k_a_g_e    Check only the package _p_a_c_k_a_g_e for vulnerabilities.
-
-     --vv            Set verbose mode.  aauuddiitt--ppaacckkaaggeess will warn when the vul-
-                   nerabilities file is more than a week old.
-
-     The ddoowwnnllooaadd--vvuullnneerraabbiilliittyy--lliisstt program downloads this file from
-     _f_t_p_:_/_/_f_t_p_._N_e_t_B_S_D_._o_r_g_/_p_u_b_/_N_e_t_B_S_D_/_p_a_c_k_a_g_e_s_/_d_i_s_t_f_i_l_e_s_/_p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s
-     using @FETCH_CMD_SHORT@(1).  This vulnerabilities file documents all
-     known security issues in pkgsrc packages and is kept up-to-date by the
-     NetBSD pkgsrc-security team.
-
-     Each line lists the package and vulnerable versions, the type of exploit,
-     and an Internet address for further information:
-
-     <package pattern> <type> <url>
-
-     The type of exploit can be any text, although some common types of
-     exploits listed are:
-           ++oo   cross-site-html
-           ++oo   cross-site-scripting
-           ++oo   denial-of-service
-           ++oo   file-permissions
-           ++oo   local-access
-           ++oo   local-code-execution
-           ++oo   local-file-read
-           ++oo   local-file-removal
-           ++oo   local-file-write
-           ++oo   local-root-file-view
-           ++oo   local-root-shell
-           ++oo   local-symlink-race
-           ++oo   local-user-file-view
-           ++oo   local-user-shell
-           ++oo   privacy-leak
-           ++oo   remote-code-execution
-           ++oo   remote-command-inject
-           ++oo   remote-file-creation
-           ++oo   remote-file-read
-           ++oo   remote-file-view
-           ++oo   remote-file-write
-           ++oo   remote-key-theft
-           ++oo   remote-root-access
-           ++oo   remote-root-shell
-           ++oo   remote-script-inject
-           ++oo   remote-server-admin
-           ++oo   remote-use-of-secret
-           ++oo   remote-user-access
-           ++oo   remote-user-file-view
-           ++oo   remote-user-shell
-           ++oo   unknown
-           ++oo   weak-authentication
-           ++oo   weak-encryption
-           ++oo   weak-ssl-authentication
-
-     By default, the vulnerabilities file is stored in the @PKGVULNDIR@ direc-
-     tory.  This can be changed by defining the environment variable
-     PKGVULNDIR to the directory containing the vulnerabilities file.
-
-     If a URL is specified in IGNORE_URLS then all entries listed in
-     _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s that match that URL will not be reported when
-     _a_u_d_i_t_-_p_a_c_k_a_g_e_s is run.  Running aauuddiitt--ppaacckkaaggeess --vv will display the
-     details of all entries skipped if IGNORE_URLS is set.
-
-EEXXIITT SSTTAATTUUSS
-     The aauuddiitt--ppaacckkaaggeess utility exits 0 on success, and >0 if an error occurs.
-
-EENNVVIIRROONNMMEENNTT
-     These variables can also be defined in the @PKG_SYSCONFDIR@/audit-pack-
-     ages.conf file.
-
-     PKGVULNDIR  Specifies the directory containing the _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s
-                 file.
-
-     FETCH_ARGS  Specifies optional arguments for the ftp client.
-
-     FETCH_PROTO
-                 Specifies the protocol to use when fetching the
-                 _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file.  Currently supports only http and
-                 ftp.  The default is ftp.
-
-     IGNORE_URLS
-                 A list of vulnerability URLs to be ignored.  This allows for
-                 ignoring certain URLs that are attached to a vulnerability.
-
-FFIILLEESS
-     @PKGVULNDIR@/pkg-vulnerabilities
-
-     @PKG_SYSCONFDIR@/audit-packages.conf
-
-EEXXAAMMPPLLEESS
-     The ddoowwnnllooaadd--vvuullnneerraabbiilliittyy--lliisstt command can be run via cron(8) to update
-     the _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file daily.  And aauuddiitt--ppaacckkaaggeess can be run via
-     cron(8) (or with NetBSD's _/_e_t_c_/_s_e_c_u_r_i_t_y_._l_o_c_a_l daily security script).
-
-     The ddoowwnnllooaadd--vvuullnneerraabbiilliittyy--lliisstt command can be forced to use IPv4 with
-     the following setting in @PKG_SYSCONFDIR@/audit-packages.conf :
-
-     export FETCH_ARGS="-4"
-
-     The ddoowwnnllooaadd--vvuullnneerraabbiilliittyy--lliisstt command can be forced to use http to
-     download the _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file with the following setting in
-     @PKG_SYSCONFDIR@/audit-packages.conf :
-
-     export FETCH_PROTO="http"
-
-DDIIAAGGNNOOSSTTIICCSS
-     The following errors can occur:
-
-     Checksum mismatch
-                 The vulnerabilities file is corrupted.  Run
-                 ddoowwnnllooaadd--vvuullnneerraabbiilliittyy--lliisstt.
-
-     Missing vulnerabilities file
-                 The vulnerabilities file could not be found.  Run
-                 ddoowwnnllooaadd--vvuullnneerraabbiilliittyy--lliisstt.
-
-     No checksum algorithm found
-                 The vulnerabilities file is too old or incomplete.  Run
-                 ddoowwnnllooaadd--vvuullnneerraabbiilliittyy--lliisstt.
-
-     No checksum found
-                 The vulnerabilities file is too old or incomplete.  Run
-                 ddoowwnnllooaadd--vvuullnneerraabbiilliittyy--lliisstt.
-
-     No file format version found
-                 The vulnerabilities file is too old or incomplete.  Run
-                 ddoowwnnllooaadd--vvuullnneerraabbiilliittyy--lliisstt.
-
-     Unsupported file format version
-                 The vulnerabilities file is too old or too new.  If it's too
-                 old, run ddoowwnnllooaadd--vvuullnneerraabbiilliittyy--lliisstt.  If it's too new,
-                 update the _s_e_c_u_r_i_t_y_/_a_u_d_i_t_-_p_a_c_k_a_g_e_s package.
-
-     Installed pkg_info too old
-                 aauuddiitt--ppaacckkaaggeess requires a newer version of pkg_info(1).
-                 Update the _p_k_g_t_o_o_l_s_/_p_k_g___i_n_s_t_a_l_l package.
-
-SSEEEE AALLSSOO
-     pkg_info(1), mk.conf(5), packages(7), _@_P_K_G_S_R_C_D_I_R_@_/_m_k_/_d_e_f_a_u_l_t_s_/_m_k_._c_o_n_f and
-
-     _D_o_c_u_m_e_n_t_a_t_i_o_n _o_n _t_h_e _N_e_t_B_S_D _P_a_c_k_a_g_e _S_y_s_t_e_m.  _@_P_K_G_S_R_C_D_I_R_@_/_d_o_c_/_p_k_g_s_r_c_._t_x_t
-
-HHIISSTTOORRYY
-     The aauuddiitt--ppaacckkaaggeess and ddoowwnnllooaadd--vvuullnneerraabbiilliittyy--lliisstt commands were origi-
-     nally implemented and added to NetBSD's pkgsrc by Alistair Crooks on
-     September 19, 2000.  The original idea came from Roland Dowdeswell and
-     Bill Sommerfeld.
-
-NetBSD 4.0                      April 15, 2006                      NetBSD 4.0
diff --git a/security/audit-packages/files/audit-packages.8 b/security/audit-packages/files/audit-packages.8
deleted file mode 100644
index a6560ac9ccb..00000000000
--- a/security/audit-packages/files/audit-packages.8
+++ /dev/null
@@ -1,307 +0,0 @@
-.\" $NetBSD: audit-packages.8,v 1.21 2006/12/23 09:34:56 wiz Exp $
-.\"
-.\" Copyright (c) 2003 Jeremy C. Reed.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\"    must display the following acknowledgement:
-.\"      This product includes software developed by Jeremy C. Reed
-.\"      for the NetBSD project.
-.\" 4. The name of the author may not be used to endorse or promote
-.\"    products derived from this software without specific prior written
-.\"    permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
-.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
-.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
-.\" GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-.\" NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-.\" SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd April 15, 2006
-.Os
-.Dt AUDIT-PACKAGES 8
-.Sh NAME
-.Nm audit-packages ,
-.Nm download-vulnerability-list
-.Nd show vulnerabilities in installed packages
-.Sh SYNOPSIS
-.Nm
-.Op Fl dv
-.Op Fl K Ar pkg_dbdir
-.Op Fl p Ar package
-.Nm download-vulnerability-list
-.Sh DESCRIPTION
-The
-.Nm
-program compares the installed packages with the
-.Pa pkg-vulnerabilities
-file and reports any known security issues to standard output.
-This output contains the name and version of the package, the
-type of vulnerability, and an URL for further information for each
-vulnerable package.
-.Pp
-The following flags are supported:
-.Bl -tag -width Ar
-.It Fl d
-.Nm
-will attempt to download the vulnerabilities
-file before scanning
-the installed packages for vulnerabilities.
-.It Fl K Ar pkg_dbdir
-Use package database directory
-.Ar pkg_dbdir .
-.It Fl p Ar package
-Check only the package
-.Ar package
-for vulnerabilities.
-.It Fl v
-Set verbose mode.
-.Nm
-will warn when the vulnerabilities file is more than a week old.
-.El
-.Pp
-The
-.Nm download-vulnerability-list
-program downloads this file from
-.Pa ftp://ftp.NetBSD.org/pub/NetBSD/packages/distfiles/pkg-vulnerabilities
-using
-.Xr @FETCH_CMD_SHORT@ 1 .
-This vulnerabilities file documents all known security issues in
-pkgsrc packages and is kept up-to-date by the
-.Nx
-pkgsrc-security team.
-.Pp
-Each line lists the package and vulnerable versions, the type of exploit,
-and an Internet address for further information:
-.Bl -item
-.It
-.Aq package pattern
-.Aq type
-.Aq url
-.El
-.Pp
-The type of exploit can be any text, although
-some common types of exploits listed are:
-.Bl -bullet -compact -offset indent
-.It
-cross-site-html
-.It
-cross-site-scripting
-.It
-denial-of-service
-.It
-file-permissions
-.It
-local-access
-.It
-local-code-execution
-.It
-local-file-read
-.It
-local-file-removal
-.It
-local-file-write
-.It
-local-root-file-view
-.It
-local-root-shell
-.It
-local-symlink-race
-.It
-local-user-file-view
-.It
-local-user-shell
-.It
-privacy-leak
-.It
-remote-code-execution
-.It
-remote-command-inject
-.It
-remote-file-creation
-.It
-remote-file-read
-.It
-remote-file-view
-.It
-remote-file-write
-.It
-remote-key-theft
-.It
-remote-root-access
-.It
-remote-root-shell
-.It
-remote-script-inject
-.It
-remote-server-admin
-.It
-remote-use-of-secret
-.It
-remote-user-access
-.It
-remote-user-file-view
-.It
-remote-user-shell
-.It
-unknown
-.It
-weak-authentication
-.It
-weak-encryption
-.It
-weak-ssl-authentication
-.El
-.Pp
-By default, the vulnerabilities file is stored in the
-@PKGVULNDIR@
-directory.
-This can be changed by defining the environment variable
-.Ev PKGVULNDIR
-to the directory containing the vulnerabilities file.
-.Pp
-If a URL is specified in
-.Ev IGNORE_URLS
-then all entries listed in
-.Pa pkg-vulnerabilities
-that match that URL will not be reported when
-.Pa audit-packages
-is run.
-Running
-.Nm Fl v
-will display the details of all entries skipped if
-.Ev IGNORE_URLS
-is set.
-.Sh EXIT STATUS
-.Ex -std audit-packages
-.Sh ENVIRONMENT
-These variables can also be defined in the
-@PKG_SYSCONFDIR@/audit-packages.conf
-file.
-.Pp
-.Bl -tag -width PKGVULNDIR
-.It Ev PKGVULNDIR
-Specifies the directory containing the
-.Pa pkg-vulnerabilities
-file.
-.It Ev FETCH_ARGS
-Specifies optional arguments for the ftp client.
-.It Ev FETCH_PROTO
-Specifies the protocol to use when fetching the
-.Pa pkg-vulnerabilities
-file.
-Currently supports only http and ftp.
-The default is ftp.
-.It Ev IGNORE_URLS
-A list of vulnerability URLs to be ignored.
-This allows for ignoring certain URLs that are attached to a
-vulnerability.
-.El
-.Sh FILES
-@PKGVULNDIR@/pkg-vulnerabilities
-.Pp
-@PKG_SYSCONFDIR@/audit-packages.conf
-.Sh EXAMPLES
-The
-.Nm download-vulnerability-list
-command can be run via
-.Xr cron 8
-to update the
-.Pa pkg-vulnerabilities
-file daily.
-And
-.Nm
-can be run via
-.Xr cron 8
-(or with
-.Nx Ap s
-.Pa /etc/security.local
-daily security script).
-.Pp
-The
-.Nm download-vulnerability-list
-command can be forced to use IPv4 with the following setting in
-@PKG_SYSCONFDIR@/audit-packages.conf :
-.Pp
-export FETCH_ARGS="-4"
-.Pp
-The
-.Nm download-vulnerability-list
-command can be forced to use http to download the
-.Pa pkg-vulnerabilities
-file with the following setting in
-@PKG_SYSCONFDIR@/audit-packages.conf :
-.Pp
-export FETCH_PROTO="http"
-.Sh DIAGNOSTICS
-The following errors can occur:
-.Bl -tag -width 10n
-.It Checksum mismatch
-The vulnerabilities file is corrupted.
-Run
-.Nm download-vulnerability-list .
-.It Missing vulnerabilities file
-The vulnerabilities file could not be found.
-Run
-.Nm download-vulnerability-list .
-.It \&No checksum algorithm found
-The vulnerabilities file is too old or incomplete.
-Run
-.Nm download-vulnerability-list .
-.It \&No checksum found
-The vulnerabilities file is too old or incomplete.
-Run
-.Nm download-vulnerability-list .
-.It \&No file format version found
-The vulnerabilities file is too old or incomplete.
-Run
-.Nm download-vulnerability-list .
-.It Unsupported file format version
-The vulnerabilities file is too old or too new.
-If it's too old, run
-.Nm download-vulnerability-list .
-If it's too new, update the
-.Pa security/audit-packages
-package.
-.It Installed pkg_info too old
-.Nm
-requires a newer version of
-.Xr pkg_info 1 .
-Update the
-.Pa pkgtools/pkg_install
-package.
-.El
-.Sh SEE ALSO
-.Xr pkg_info 1 ,
-.Xr mk.conf 5 ,
-.Xr packages 7 ,
-.Pa @PKGSRCDIR@/mk/defaults/mk.conf
-and
-.Rs
-.%T "Documentation on the NetBSD Package System"
-.Re
-.Pa @PKGSRCDIR@/doc/pkgsrc.txt
-.Sh HISTORY
-The
-.Nm
-and
-.Nm download-vulnerability-list
-commands were originally implemented and added to
-.Nx Ap s
-pkgsrc by
-.An Alistair Crooks
-on September 19, 2000.
-The original idea came from Roland Dowdeswell and Bill Sommerfeld.
diff --git a/security/audit-packages/files/audit-packages.conf b/security/audit-packages/files/audit-packages.conf
deleted file mode 100644
index a7980535d74..00000000000
--- a/security/audit-packages/files/audit-packages.conf
+++ /dev/null
@@ -1,26 +0,0 @@
-# $NetBSD: audit-packages.conf,v 1.1 2006/12/09 12:30:47 adrianp Exp $
-
-#
-# sample configuration file for audit-packages(8) and 
-# download-vulnerability-list(8)
-#
-
-# PKGVULNDIR
-#
-# Specifies the directory containing the pkg-vulnerabilities file.
-# Default: PKGVULNDIR="${DISTDIR}"
-
-# FETCH_ARGS
-#
-# Specifies optional arguments for the download-vulnerability-list client.
-# Default: FETCH_ARGS=
-
-# FETCH_PROTO
-#
-# Specifies the protocol to use when fetching the pkg-vulnerabilities file.
-# Default: FETCH_PROTO="ftp"
-
-# IGNORE_URLS
-#
-# A list of vulnerability URLs to be ignored.
-# Default: IGNORE_URLS=
diff --git a/security/audit-packages/files/download-vulnerability-list b/security/audit-packages/files/download-vulnerability-list
deleted file mode 100644
index 18503e54c62..00000000000
--- a/security/audit-packages/files/download-vulnerability-list
+++ /dev/null
@@ -1,128 +0,0 @@
-#! @SH@
-
-# $NetBSD: download-vulnerability-list,v 1.29 2006/07/14 22:41:58 adrianp Exp $
-#
-# Copyright (c) 2000-2003 Alistair Crooks.  All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in the
-#    documentation and/or other materials provided with the distribution.
-# 3. All advertising materials mentioning features or use of this software
-#    must display the following acknowledgement:
-#	This product includes software developed by Alistair Crooks
-#	for the NetBSD project.
-# 4. The name of the author may not be used to endorse or promote
-#    products derived from this software without specific prior written
-#    permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
-# OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
-# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
-# GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-
-: ${PKGVULNDIR=@PKGVULNDIR@}
-: ${FETCH_PROTO=ftp}
-
-NEW_VUL_LIST=pkg-vulnerabilities.$$
-EXIST_VUL_LIST=pkg-vulnerabilities
-
-# pick up any settings in audit-packages.conf
-if [ -r @PKG_SYSCONFDIR@/audit-packages.conf ]; then
-	echo "Reading settings from @PKG_SYSCONFDIR@/audit-packages.conf"
-	. @PKG_SYSCONFDIR@/audit-packages.conf
-fi
-
-VUL_SOURCE="${FETCH_PROTO}://ftp.NetBSD.org/pub/NetBSD/packages/distfiles/pkg-vulnerabilities"
-
-if [ ! -d ${PKGVULNDIR}/. ]; then
-	echo "Creating ${PKGVULNDIR}"
-	@MKDIR@ ${PKGVULNDIR} || (echo "Can't create ${PKGVULNDIR}" 1>&2; exit 1)
-fi
-
-case ${FETCH_PROTO} in
-http) 	;;
-ftp)	;;
-*)	echo "Unknown FETCH_PROTO specified - Only http and ftp are currently supported."
-	exit 1
-	;;
-esac
-
-cd ${PKGVULNDIR}
-utility=`echo "@FETCH_CMD@" | @AWK@ '{ print $1 }'`
-case "$utility" in
-*curl)	@FETCH_CMD@ ${FETCH_ARGS} -o ${NEW_VUL_LIST} ${VUL_SOURCE} ;;
-*ftp)	@FETCH_CMD@ ${FETCH_ARGS} -o ${NEW_VUL_LIST} ${VUL_SOURCE} ;;
-*wget)	@FETCH_CMD@ ${FETCH_ARGS} -O ${NEW_VUL_LIST} ${VUL_SOURCE} ;;
-*fetch)	@FETCH_CMD@ ${FETCH_ARGS} -o ${NEW_VUL_LIST} ${VUL_SOURCE} ;;
-*)	echo "Unknown fetch command - please use send-pr to send in support for your fetch command" 1>&2
-	exit 1
-	;;
-esac
-
-# see if we got a file
-if [ ! -f "${NEW_VUL_LIST}" ]; then
-	echo "***WARNING*** Download of vulnerabilities file failed" 1>&2
-	exit 1
-fi
-
-# see if the file got damaged while it was being downloaded
-errmsg=""
-recordedsum=`@AWK@ '$1 == "#CHECKSUM" { print $3 }' ${NEW_VUL_LIST}`
-recordedalg=`@AWK@ '$1 == "#CHECKSUM" { print $2 }' ${NEW_VUL_LIST}`
-case "$recordedsum" in
-"")	errmsg="***WARNING*** No checksum found in the downloaded vulnerabilities file"
-	;;
-*)	case "$recordedalg" in
-	"")	errmsg="***WARNING*** No checksum algorithm found in the downloaded vulnerabilities file"
-		;;
-	*)	calcsum=`@AWK@ '$1 == "#CHECKSUM" || /\$NetBSD.*/ { next } { print }' ${NEW_VUL_LIST} | @DIGEST@ $recordedalg`
-		if [ "$recordedsum" != "$calcsum" ]; then
-			errmsg="***WARNING*** Checksum mismatch - recorded $recordedalg checksum \"$recordedsum\", calculated checksum \"$calcsum\""
-		fi
-		;;
-	esac
-	;;
-esac
-case "$errmsg" in
-"")	;;
-*)	echo "$errmsg" 1>&2
-	@RM@ -f ${NEW_VUL_LIST}
-	exit 1
-	;;
-esac
-
-# test to see if file has been changed
-neednew=false
-if [ -f ${EXIST_VUL_LIST} ]; then
-	oldsum=`@AWK@ '$1 == "#CHECKSUM" { print $3 }' ${EXIST_VUL_LIST}`
-	if [ "$oldsum" != "$calcsum" ]; then
-		neednew=true
-	fi
-else
-	neednew=true
-fi
-
-# if we need the new file, move it into position
-if $neednew; then
-	echo "Package vulnerabilities file has been updated"
-	@CHMOD@ a+r ${NEW_VUL_LIST}
-	@MV@ -f ${NEW_VUL_LIST} ${EXIST_VUL_LIST}
-else
-	echo "No change from existing package vulnerabilities file"
-	@RM@ -f ${NEW_VUL_LIST}
-fi
-
-exit 0