1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
#! @SH@
# $NetBSD: download-vulnerability-list,v 1.23 2004/02/09 03:56:34 jlam Exp $
#
# Copyright (c) 2000-2003 Alistair Crooks. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# 3. All advertising materials mentioning features or use of this software
# must display the following acknowledgement:
# This product includes software developed by Alistair Crooks
# for the NetBSD project.
# 4. The name of the author may not be used to endorse or promote
# products derived from this software without specific prior written
# permission.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
# OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
# GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
: ${PKGVULNDIR=@PKGVULNDIR@}
if [ ! -e ${PKGVULNDIR} ]; then
echo "Creating ${PKGVULNDIR}"
@MKDIR@ ${PKGVULNDIR} || (echo "Can't create ${PKGVULNDIR}" 1>&2; exit 1)
fi
VUL_SOURCE="ftp://ftp.NetBSD.org/pub/NetBSD/packages/distfiles/pkg-vulnerabilities"
NEW_VUL_LIST=pkg-vulnerabilities.$$
EXIST_VUL_LIST=pkg-vulnerabilities
if [ -r @PKG_SYSCONFDIR@/audit-packages.conf ]; then
echo "Reading settings from @PKG_SYSCONFDIR@/audit-packages.conf"
. @PKG_SYSCONFDIR@/audit-packages.conf
fi
cd ${PKGVULNDIR}
utility=`echo "@FETCH_CMD@" | @AWK@ '{ print $1 }'`
case "$utility" in
*curl) @FETCH_CMD@ ${FETCH_ARGS} -o ${NEW_VUL_LIST} ${VUL_SOURCE} ;;
*ftp) @FETCH_CMD@ ${FETCH_ARGS} -o ${NEW_VUL_LIST} ${VUL_SOURCE} ;;
*wget) @FETCH_CMD@ ${FETCH_ARGS} -O ${NEW_VUL_LIST} ${VUL_SOURCE} ;;
*fetch) @FETCH_CMD@ ${FETCH_ARGS} -o ${NEW_VUL_LIST} ${VUL_SOURCE} ;;
*) echo "Unknown fetch command - please use send-pr to send in support for your fetch command" 1>&2
exit 1
;;
esac
# see if the file got damaged while it was being downloaded
errmsg=""
recordedsum=`@AWK@ '$1 == "#CHECKSUM" { print $3 }' ${NEW_VUL_LIST}`
recordedalg=`@AWK@ '$1 == "#CHECKSUM" { print $2 }' ${NEW_VUL_LIST}`
case "$recordedsum" in
"") errmsg="***WARNING*** No checksum found in the downloaded vulnerabilities file"
;;
*) case "$recordedalg" in
"") errmsg="***WARNING*** No checksum algorithm found in the downloaded vulnerabilities file"
;;
*) calcsum=`@AWK@ '$1 == "#CHECKSUM" || /\$NetBSD.*/ { next } { print }' ${NEW_VUL_LIST} | @DIGEST@ $recordedalg`
if [ "$recordedsum" != "$calcsum" ]; then
errmsg="***WARNING*** Checksum mismatch - recorded $recordedalg checksum \"$recordedsum\", calculated checksum \"$calcsum\""
fi
;;
esac
;;
esac
case "$errmsg" in
"") ;;
*) echo "$errmsg" 1>&2
@RM@ -f ${NEW_VUL_LIST}
exit 1
;;
esac
# test to see if file has been changed
neednew=false
if [ -f ${EXIST_VUL_LIST} ]; then
oldsum=`@AWK@ '$1 == "#CHECKSUM" { print $3 }' ${EXIST_VUL_LIST}`
if [ "$oldsum" != "$calcsum" ]; then
neednew=true
fi
else
neednew=true
fi
# if we need the new file, move it into position
if $neednew; then
echo "Package vulnerabilities file has been updated"
@CHMOD@ a+r ${NEW_VUL_LIST}
@MV@ -f ${NEW_VUL_LIST} ${EXIST_VUL_LIST}
else
echo "No change from existing package vulnerabilities file"
@RM@ -f ${NEW_VUL_LIST}
fi
exit 0
|
