mirror of
https://git.FreeBSD.org/ports.git
synced 2024-12-03 01:23:49 +00:00
portaudit-db generates a portaudit database from a current
ports tree. It also features a file `database/portaudit.txt' where UUIDs for vulnerabilities can be allocated quickly before they are moved to the VuXML database. Call `packaudit' after upgrading your ports tree.
This commit is contained in:
parent
b0551a5266
commit
53ec7442a9
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=111367
41
ports-mgmt/portaudit-db/Makefile
Normal file
41
ports-mgmt/portaudit-db/Makefile
Normal file
@ -0,0 +1,41 @@
|
||||
# New ports collection makefile for: portaudit-db
|
||||
# Date created: 12 Jun 2004
|
||||
# Whom: Oliver Eikemeier
|
||||
#
|
||||
# $FreeBSD$
|
||||
#
|
||||
|
||||
PORTNAME= portaudit-db
|
||||
PORTVERSION= 0.1
|
||||
CATEGORIES= security
|
||||
DISTFILES=
|
||||
|
||||
MAINTAINER= eik@FreeBSD.org
|
||||
COMMENT= Creates a portaudit database from a current ports tree
|
||||
|
||||
RUN_DEPENDS= xsltproc:${PORTSDIR}/textproc/libxslt
|
||||
|
||||
DATABASEDIR?= ${AUDITFILE:H}
|
||||
|
||||
PLIST_SUB+= DATABASEDIR="${DATABASEDIR}"
|
||||
|
||||
SED_SCRIPT= -e 's,%%PREFIX%%,${PREFIX},g' \
|
||||
-e "s|%%DATADIR%%|${DATADIR}|g" \
|
||||
-e "s|%%LOCALBASE%%|${LOCALBASE}|g" \
|
||||
-e "s|%%PORTSDIR%%|${PORTSDIR}|g" \
|
||||
-e "s|%%PORTVERSION%%|${PORTVERSION}|g" \
|
||||
-e "s|%%DATABASEDIR%%|${DATABASEDIR}|g"
|
||||
|
||||
do-build:
|
||||
@for f in packaudit.sh packaudit.conf; do \
|
||||
${SED} ${SED_SCRIPT} "${FILESDIR}/$$f" > "${WRKDIR}/$$f"; \
|
||||
done
|
||||
|
||||
do-install:
|
||||
@${INSTALL_SCRIPT} ${WRKDIR}/packaudit.sh ${PREFIX}/bin/packaudit
|
||||
@${INSTALL_DATA} ${WRKDIR}/packaudit.conf ${PREFIX}/etc/packaudit.conf.sample
|
||||
@${MKDIR} ${DATADIR}
|
||||
@${INSTALL_DATA} ${FILESDIR}/vuxml2html.xslt ${FILESDIR}/vuxml2portaudit.xslt ${DATADIR}
|
||||
@${MKDIR} ${DATABASEDIR}
|
||||
|
||||
.include <bsd.port.mk>
|
7
ports-mgmt/portaudit-db/database/portaudit.txt
Normal file
7
ports-mgmt/portaudit-db/database/portaudit.txt
Normal file
@ -0,0 +1,7 @@
|
||||
# portaudit text based database
|
||||
# $FreeBSD$
|
||||
smtpproxy<=1.1.3|http://0xbadc0ded.org/advisories/0402.txt|remotely exploitable format string vulnerability|1abf65f9-bc9d-11d8-916c-000347dd607f
|
||||
apache<1.3.31_1|http://www.apacheweek.com/features/security-13|mod_proxy buffer overflow (CAN-2004-0492)|5bcd500c-bc9d-11d8-916c-000347dd607f
|
||||
apache+mod_ssl<1.3.31+2.8.18_3|http://www.apacheweek.com/features/security-13|mod_proxy buffer overflow (CAN-2004-0492)|5bcd500c-bc9d-11d8-916c-000347dd607f
|
||||
apache<2.0.49_1|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0488|mod_ssl stack-based buffer overflow|662cd99e-bc9d-11d8-916c-000347dd607f
|
||||
apache+mod_ssl*<1.3.31+2.8.18_4|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0488|mod_ssl stack-based buffer overflow|662cd99e-bc9d-11d8-916c-000347dd607f
|
4
ports-mgmt/portaudit-db/database/portaudit.xlist
Normal file
4
ports-mgmt/portaudit-db/database/portaudit.xlist
Normal file
@ -0,0 +1,4 @@
|
||||
# portaudit exclude list
|
||||
# $FreeBSD$
|
||||
3362f2c1-8344-11d8-a41f-0020ed76ef5a
|
||||
5e7f58c3-b3f8-4258-aeb8-795e5e940ff8
|
69
ports-mgmt/portaudit-db/database/portaudit.xml
Normal file
69
ports-mgmt/portaudit-db/database/portaudit.xml
Normal file
@ -0,0 +1,69 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!--
|
||||
This file is in the public domain.
|
||||
$FreeBSD$
|
||||
-->
|
||||
<!DOCTYPE vuxml PUBLIC "-//vuxml.org//DTD VuXML 1.1//EN" "http://www.vuxml.org/dtd/vuxml-1/vuxml-11.dtd">
|
||||
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
|
||||
|
||||
<vuln vid="42e330ab-82a4-11d8-868e-000347dd607f">
|
||||
<topic>MPlayer remotely exploitable buffer overflow in the ASX parser</topic>
|
||||
<affects>
|
||||
<package>
|
||||
<name>mplayer</name>
|
||||
<name>mplayer-esound</name>
|
||||
<name>mplayer-gtk</name>
|
||||
<name>mplayer-gtk-esound</name>
|
||||
<range><lt>0.92</lt></range>
|
||||
</package>
|
||||
</affects>
|
||||
<description>
|
||||
<body xmlns="http://www.w3.org/1999/xhtml">
|
||||
<p>A remotely exploitable buffer overflow vulnerability was found in
|
||||
MPlayer. A malicious host can craft a harmful ASX header,
|
||||
and trick MPlayer into executing arbitrary code upon parsing that header.</p>
|
||||
</body>
|
||||
</description>
|
||||
<references>
|
||||
<url>http://www.mplayerhq.hu/</url>
|
||||
<url>http://www.securityfocus.com/archive/1/339330</url>
|
||||
<url>http://www.securityfocus.com/archive/1/339193</url>
|
||||
<cvename>CAN-2003-0835</cvename>
|
||||
<bid>8702</bid>
|
||||
</references>
|
||||
<dates>
|
||||
<discovery>2003-09-24</discovery>
|
||||
<entry>2004-03-30</entry>
|
||||
</dates>
|
||||
</vuln>
|
||||
|
||||
<vuln vid="d8c46d74-8288-11d8-868e-000347dd607f">
|
||||
<topic>MPlayer remotely exploitable buffer overflow in the HTTP parser</topic>
|
||||
<affects>
|
||||
<package>
|
||||
<name>mplayer</name>
|
||||
<name>mplayer-esound</name>
|
||||
<name>mplayer-gtk</name>
|
||||
<name>mplayer-gtk-esound</name>
|
||||
<range><lt>0.92.1</lt></range>
|
||||
</package>
|
||||
</affects>
|
||||
<description>
|
||||
<body xmlns="http://www.w3.org/1999/xhtml">
|
||||
<p>A remotely exploitable buffer overflow vulnerability was found in
|
||||
MPlayer. A malicious host can craft a harmful HTTP header ("Location:"),
|
||||
and trick MPlayer into executing arbitrary code upon parsing that header.</p>
|
||||
</body>
|
||||
</description>
|
||||
<references>
|
||||
<url>http://www.mplayerhq.hu/</url>
|
||||
<url>http://www.securityfocus.com/archive/1/359029</url>
|
||||
<url>http://www.securityfocus.com/archive/1/359025</url>
|
||||
</references>
|
||||
<dates>
|
||||
<discovery>2004-03-29</discovery>
|
||||
<entry>2004-03-30</entry>
|
||||
</dates>
|
||||
</vuln>
|
||||
|
||||
</vuxml>
|
9
ports-mgmt/portaudit-db/files/packaudit.conf
Normal file
9
ports-mgmt/portaudit-db/files/packaudit.conf
Normal file
@ -0,0 +1,9 @@
|
||||
#
|
||||
# $FreeBSD$
|
||||
#
|
||||
# packaudit.conf sample file
|
||||
#
|
||||
|
||||
# avoid network access
|
||||
export SGML_CATALOG_FILES="%%LOCALBASE%%/share/xml/catalog"
|
||||
XSLTPROC_EXTRA_ARGS="--catalogs --nonet"
|
112
ports-mgmt/portaudit-db/files/packaudit.sh
Normal file
112
ports-mgmt/portaudit-db/files/packaudit.sh
Normal file
@ -0,0 +1,112 @@
|
||||
#!/bin/sh -e
|
||||
#
|
||||
# Copyright (c) 2004 Oliver Eikemeier. All rights reserved.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions are
|
||||
# met:
|
||||
#
|
||||
# 1. Redistributions of source code must retain the above copyright notice
|
||||
# this list of conditions and the following disclaimer.
|
||||
#
|
||||
# 2. Redistributions in binary form must reproduce the above copyright
|
||||
# notice, this list of conditions and the following disclaimer in the
|
||||
# documentation and/or other materials provided with the distribution.
|
||||
#
|
||||
# 3. Neither the name of the author nor the names of its contributors may be
|
||||
# used to endorse or promote products derived from this software without
|
||||
# specific prior written permission.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
|
||||
# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
|
||||
# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
||||
# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
#
|
||||
# $FreeBSD$
|
||||
#
|
||||
|
||||
AWK=/usr/bin/awk
|
||||
BASENAME=/usr/bin/basename
|
||||
CAT=/bin/cat
|
||||
DATE=/bin/date
|
||||
ENV=/usr/bin/env
|
||||
MD5=/sbin/md5
|
||||
MKTEMP=/usr/bin/mktemp
|
||||
RM=/bin/rm
|
||||
SED=/usr/bin/sed
|
||||
TAR=/usr/bin/tar
|
||||
XSLTPROC=%%LOCALBASE%%/bin/xsltproc
|
||||
|
||||
PORTSDIR="${PORTSDIR:-%%PORTSDIR%%}"
|
||||
VUXMLDIR="${VUXMLDIR:-$PORTSDIR/security/vuxml}"
|
||||
PORTAUDITDBDIR="${PORTAUDITDBDIR:-$PORTSDIR/security/portaudit-db}"
|
||||
|
||||
DATABASEDIR="${DATABASEDIR:-%%DATABASEDIR%%}"
|
||||
|
||||
STYLESHEET="%%DATADIR%%/vuxml2portaudit.xslt"
|
||||
|
||||
PUBLIC_HTML="${PUBLIC_HTML:-$HOME/public_html/portaudit}"
|
||||
HTMLSHEET="%%DATADIR%%/vuxml2html.xslt"
|
||||
BASEURL="http://people.freebsd.org/~eik/portaudit/"
|
||||
|
||||
[ -r "%%PREFIX%%/etc/packaudit.conf" ] && . "%%PREFIX%%/etc/packaudit.conf"
|
||||
|
||||
VULVER=`$SED -En -e '/^.*\\$FreeBSD\: [^$ ]+,v ([0-9]+(\.[0-9]+)+) [^$]+\\$.*$/{s//\1/p;q;}' "$VUXMLDIR/vuln.xml"`
|
||||
VULURL="http://cvsweb.freebsd.org/ports/security/vuxml/vuln.xml?rev=$VULVER"
|
||||
|
||||
if [ -d "$PUBLIC_HTML" ]; then
|
||||
VULNMD5=`$CAT "$VUXMLDIR/vuln.xml" "$PORTAUDITDBDIR/database/portaudit.xml" | $MD5`
|
||||
if [ -f "$PUBLIC_HTML/portaudit.md5" ]; then
|
||||
VULNMD5_OLD=`$CAT "$PUBLIC_HTML/portaudit.md5"`
|
||||
fi
|
||||
if [ "$VULNMD5" != "$VULNMD5_OLD" ]; then
|
||||
echo -n "$VULNMD5" > "$PUBLIC_HTML/portaudit.md5"
|
||||
$XSLTPROC $XSLTPROC_EXTRA_ARGS --stringparam vulurl "$VULURL" --stringparam extradoc "$PORTAUDITDBDIR/database/portaudit.xml" \
|
||||
-o "$PUBLIC_HTML/" "$HTMLSHEET" "$VUXMLDIR/vuln.xml"
|
||||
fi
|
||||
fi
|
||||
|
||||
TMPNAME=`$BASENAME "$0"`
|
||||
TMPDIR=`$MKTEMP -d -t "$TMPNAME.$$"` || exit 1
|
||||
|
||||
TESTPORT="vulnerability-test-port>=2000<`$DATE -u +%Y.%m.%d`"
|
||||
TESTURL="http://cvsweb.freebsd.org/ports/security/vulnerability-test-port/"
|
||||
TESTREASON="Not vulnerable, just a test port (database: `$DATE -u +%Y-%m-%d`)"
|
||||
|
||||
XLIST_FILE="$PORTAUDITDBDIR/database/portaudit.xlist"
|
||||
|
||||
cd "$TMPDIR" || exit 1
|
||||
{
|
||||
$DATE -u "+#CREATED: %Y-%m-%d %H:%M:%S"
|
||||
echo "# Created by packaudit %%PORTVERSION%%"
|
||||
echo "$TESTPORT|$TESTURL|$TESTREASON"
|
||||
echo "# Please refer to the original document for copyright information:"
|
||||
echo "# $VULURL"
|
||||
$XSLTPROC $XSLTPROC_EXTRA_ARGS --stringparam baseurl "$BASEURL" "$STYLESHEET" "$VUXMLDIR/vuln.xml"
|
||||
echo "# This part is in the public domain"
|
||||
$XSLTPROC $XSLTPROC_EXTRA_ARGS --stringparam baseurl "$BASEURL" "$STYLESHEET" "$PORTAUDITDBDIR/database/portaudit.xml"
|
||||
$CAT "$PORTAUDITDBDIR/database/portaudit.txt"
|
||||
} | $AWK -F\| -v XLIST_FILE="$XLIST_FILE" '
|
||||
BEGIN {
|
||||
while((getline < XLIST_FILE) > 0)
|
||||
if(!/^(#|$)/)
|
||||
ignore[$1]=1
|
||||
}
|
||||
/^(#|$)/ {
|
||||
print
|
||||
next
|
||||
}
|
||||
{
|
||||
if (!ignore[$4])
|
||||
print $1 "|" $2 "|" $3
|
||||
}' > auditfile
|
||||
echo "#CHECKSUM: MD5 `$MD5 < auditfile`" >> auditfile
|
||||
$TAR -jcf "$DATABASEDIR/auditfile.tbz" auditfile
|
||||
cd
|
||||
$RM -Rf "$TMPDIR"
|
287
ports-mgmt/portaudit-db/files/vuxml2html.xslt
Normal file
287
ports-mgmt/portaudit-db/files/vuxml2html.xslt
Normal file
@ -0,0 +1,287 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
|
||||
$FreeBSD$
|
||||
|
||||
Copyright (c) 2004 Oliver Eikemeier. All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions are met:
|
||||
|
||||
1. Redistributions of source code must retain the above copyright notice,
|
||||
this list of conditions and the following disclaimer.
|
||||
2. Redistributions in binary form must reproduce the above copyright notice,
|
||||
this list of conditions and the following disclaimer in the documentation
|
||||
and/or other materials provided with the distribution.
|
||||
3. Neither the name of the author nor the names of its contributors may be
|
||||
used to endorse or promote products derived from this software without
|
||||
specific prior written permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
|
||||
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
|
||||
FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
||||
COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
|
||||
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
|
||||
VuXML to HTML converter.
|
||||
|
||||
Usage:
|
||||
xsltproc -o html/ vuxml2html.xslt vuxml.xml
|
||||
|
||||
-->
|
||||
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:xhtml="http://www.w3.org/1999/xhtml" xmlns:vuxml="http://www.vuxml.org/apps/vuxml-1" xmlns="http://www.w3.org/1999/xhtml" exclude-result-prefixes="xhtml vuxml" version="1.0">
|
||||
<xsl:output method="xml"/>
|
||||
<xsl:strip-space elements="vuxml:affects vuxml:package vuxml:name vuxml:range" />
|
||||
<!-- whole vuxml file -->
|
||||
<xsl:template match="vuxml:vuxml">
|
||||
<!-- index page, xhtml strict -->
|
||||
<xsl:document href="index.html" method="xml" indent="yes" encoding="UTF-8" doctype-public="-//W3C//DTD XHTML 1.0 Strict//EN" doctype-system="http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<title>portaudit: Vulnerability list</title>
|
||||
<xsl:call-template name="css"/>
|
||||
</head>
|
||||
<body>
|
||||
<div>
|
||||
<xsl:call-template name="bar"/>
|
||||
</div>
|
||||
<h1>Vulnerabilities</h1>
|
||||
<table>
|
||||
<xsl:for-each select="vuxml:vuln | document($extradoc)/vuxml:vuxml/vuxml:vuln">
|
||||
<xsl:sort select="(vuxml:dates/vuxml:modified | vuxml:dates/vuxml:entry)[1]" order="descending"/>
|
||||
<tr>
|
||||
<td>
|
||||
<xsl:value-of select="(vuxml:dates/vuxml:modified | vuxml:dates/vuxml:entry)[1]"/>
|
||||
</td>
|
||||
<td>
|
||||
<a href="{translate(@vid, 'ABCDEF', 'abcdef')}.html">
|
||||
<xsl:value-of select="vuxml:topic"/>
|
||||
</a>
|
||||
</td>
|
||||
</tr>
|
||||
</xsl:for-each>
|
||||
</table>
|
||||
<p>
|
||||
<a href="index-pkg.html">[Sorted by package name]</a>
|
||||
</p>
|
||||
<xsl:call-template name="foo"/>
|
||||
</body>
|
||||
</html>
|
||||
</xsl:document>
|
||||
<!-- index page by packages, xhtml strict -->
|
||||
<xsl:document href="index-pkg.html" method="xml" indent="yes" encoding="UTF-8" doctype-public="-//W3C//DTD XHTML 1.0 Strict//EN" doctype-system="http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<title>portaudit: Vulnerability list by packages</title>
|
||||
<xsl:call-template name="css"/>
|
||||
</head>
|
||||
<body>
|
||||
<div>
|
||||
<xsl:call-template name="bar"/>
|
||||
</div>
|
||||
<h1>Vulnerabilities</h1>
|
||||
<table>
|
||||
<xsl:for-each select="//vuxml:affects/vuxml:package/vuxml:name | document($extradoc)//vuxml:affects/vuxml:package/vuxml:name">
|
||||
<xsl:sort select="translate(., 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz')"/>
|
||||
<xsl:sort select="(ancestor-or-self::vuxml:vuln/vuxml:dates/vuxml:modified | ancestor-or-self::vuxml:vuln/vuxml:dates/vuxml:entry)[1]" order="descending"/>
|
||||
<tr>
|
||||
<td>
|
||||
<xsl:value-of select="."/>
|
||||
</td>
|
||||
<td>
|
||||
<a href="{translate(ancestor-or-self::vuxml:vuln/@vid, 'ABCDEF', 'abcdef')}.html">
|
||||
<xsl:value-of select="ancestor-or-self::vuxml:vuln/vuxml:topic"/>
|
||||
</a>
|
||||
</td>
|
||||
</tr>
|
||||
</xsl:for-each>
|
||||
</table>
|
||||
<p>
|
||||
<a href="index.html">[Sorted by last modification]</a>
|
||||
</p>
|
||||
<xsl:call-template name="foo"/>
|
||||
</body>
|
||||
</html>
|
||||
</xsl:document>
|
||||
<!-- individual pages, xhtml strict -->
|
||||
<xsl:for-each select="vuxml:vuln | document($extradoc)/vuxml:vuxml/vuxml:vuln">
|
||||
<xsl:document href="{translate(@vid, 'ABCDEF', 'abcdef')}.html" method="xml" indent="yes" encoding="UTF-8" doctype-public="-//W3C//DTD XHTML 1.0 Strict//EN" doctype-system="http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<title>portaudit: <xsl:value-of select="vuxml:topic"/></title>
|
||||
<xsl:call-template name="css"/>
|
||||
</head>
|
||||
<body>
|
||||
<div>
|
||||
<xsl:call-template name="bar"/>
|
||||
</div>
|
||||
<h1>
|
||||
<xsl:value-of select="vuxml:topic"/>
|
||||
</h1>
|
||||
<h2>Description:</h2>
|
||||
<xsl:copy-of select="vuxml:description/xhtml:body/*"/>
|
||||
<h2>References:</h2>
|
||||
<ul>
|
||||
<xsl:apply-templates select="vuxml:references"/>
|
||||
</ul>
|
||||
<h2>Affects:</h2>
|
||||
<ul>
|
||||
<xsl:for-each select="vuxml:affects/vuxml:package">
|
||||
<xsl:for-each select="vuxml:name">
|
||||
<xsl:variable name="name" select="."/>
|
||||
<xsl:for-each select="../vuxml:range">
|
||||
<li>
|
||||
<xsl:value-of select="$name"/>
|
||||
<xsl:apply-templates/>
|
||||
</li>
|
||||
</xsl:for-each>
|
||||
</xsl:for-each>
|
||||
</xsl:for-each>
|
||||
<xsl:for-each select="vuxml:affects/vuxml:system">
|
||||
<xsl:for-each select="vuxml:name">
|
||||
<xsl:variable name="name" select="."/>
|
||||
<xsl:for-each select="../vuxml:range">
|
||||
<li>
|
||||
<xsl:value-of select="$name"/>
|
||||
<xsl:apply-templates/>
|
||||
</li>
|
||||
</xsl:for-each>
|
||||
</xsl:for-each>
|
||||
</xsl:for-each>
|
||||
</ul>
|
||||
<xsl:call-template name="foo"/>
|
||||
</body>
|
||||
</html>
|
||||
</xsl:document>
|
||||
</xsl:for-each>
|
||||
<!-- end of vuxml file processing -->
|
||||
</xsl:template>
|
||||
<!-- vulnerability references -->
|
||||
<xsl:template match="vuxml:url">
|
||||
<li>
|
||||
<a href="{.}">
|
||||
<xsl:value-of select="."/>
|
||||
</a>
|
||||
</li>
|
||||
</xsl:template>
|
||||
<xsl:template match="vuxml:cvename">
|
||||
<li>CVE name <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name={text()}"><xsl:value-of select="text()"/></a></li>
|
||||
</xsl:template>
|
||||
<xsl:template match="vuxml:bid">
|
||||
<li>BugTraq ID <a href="http://www.securityfocus.com/bid/{.}"><xsl:value-of select="."/></a></li>
|
||||
</xsl:template>
|
||||
<xsl:template match="vuxml:certsa">
|
||||
<li>CERT security advisory <a href="http://www.cert.org/advisories/{.}.html"><xsl:value-of select="."/></a></li>
|
||||
</xsl:template>
|
||||
<xsl:template match="vuxml:certvu">
|
||||
<li>CERT vulnerability note <a href="http://www.kb.cert.org/vuls/id/{.}"><xsl:value-of select="."/></a></li>
|
||||
</xsl:template>
|
||||
<xsl:template match="vuxml:freebsdsa">
|
||||
<li>FreeBSD security advisory <a href="ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-{.}.asc">FreeBSD-<xsl:value-of select="."/></a></li>
|
||||
</xsl:template>
|
||||
<!-- comparison operators -->
|
||||
<xsl:template match="vuxml:lt">
|
||||
<xsl:text> <</xsl:text>
|
||||
<xsl:value-of select="text()"/>
|
||||
</xsl:template>
|
||||
<xsl:template match="vuxml:le">
|
||||
<xsl:text> <=</xsl:text>
|
||||
<xsl:value-of select="text()"/>
|
||||
</xsl:template>
|
||||
<xsl:template match="vuxml:gt">
|
||||
<xsl:text> ></xsl:text>
|
||||
<xsl:value-of select="text()"/>
|
||||
</xsl:template>
|
||||
<xsl:template match="vuxml:ge">
|
||||
<xsl:text> >=</xsl:text>
|
||||
<xsl:value-of select="text()"/>
|
||||
</xsl:template>
|
||||
<xsl:template match="vuxml:eq">
|
||||
<xsl:text> =</xsl:text>
|
||||
<xsl:value-of select="text()"/>
|
||||
</xsl:template>
|
||||
<!-- style sheet -->
|
||||
<xsl:template name="css">
|
||||
<link rel="shortcut icon" href="http://www.freebsd.org/favicon.ico" type="image/x-icon"/>
|
||||
<style type="text/css">
|
||||
<xsl:comment>
|
||||
<xsl:text>
|
||||
body {
|
||||
background-color : #ffffff;
|
||||
color : #000000;
|
||||
}
|
||||
|
||||
a:link { color: #0000ff }
|
||||
a:visited { color: #840084 }
|
||||
a:active { color: #0000ff }
|
||||
|
||||
h1 { color: #990000 }
|
||||
|
||||
img { color: white; border:none }
|
||||
|
||||
table {
|
||||
border: none;
|
||||
margin-top: 10px;
|
||||
margin-bottom: 10px;
|
||||
}
|
||||
|
||||
th {
|
||||
text-align: left;
|
||||
padding: 3px;
|
||||
border: none;
|
||||
vertical-align: top;
|
||||
}
|
||||
|
||||
td {
|
||||
padding: 3px;
|
||||
border: none;
|
||||
vertical-align: top;
|
||||
}
|
||||
|
||||
tr.odd {
|
||||
background: #eeeeee;
|
||||
color: inherit;
|
||||
}
|
||||
</xsl:text>
|
||||
</xsl:comment>
|
||||
</style>
|
||||
</xsl:template>
|
||||
<!-- xhtml elements -->
|
||||
<xsl:template name="bar">
|
||||
<img src="http://www.freebsd.org/gifs/bar.gif" alt="Navigation Bar" height="33" width="565" usemap="#bar"/>
|
||||
<map id="bar" name="bar">
|
||||
<area shape="rect" coords="1,1,111,33" href="http://www.freebsd.org/" alt="Top"/>
|
||||
<area shape="rect" coords="112,16,196,33" href="http://www.freebsd.org/ports/index.html" alt="Applications"/>
|
||||
<area shape="rect" coords="197,16,256,33" href="http://www.freebsd.org/support.html" alt="Support"/>
|
||||
<area shape="rect" coords="257,16,365,33" href="http://www.freebsd.org/docs.html" alt="Documentation"/>
|
||||
<area shape="rect" coords="366,16,424,33" href="http://www.freebsd.org/commercial/commercial.html" alt="Vendors"/>
|
||||
<area shape="rect" coords="425,16,475,33" href="http://www.freebsd.org/search/search.html" alt="Search"/>
|
||||
<area shape="rect" coords="476,16,516,33" href="http://www.freebsd.org/search/index-site.html" alt="Index"/>
|
||||
<area shape="rect" coords="517,16,565,33" href="http://www.freebsd.org/" alt="Top"/>
|
||||
<area shape="rect" coords="0,0,565,33" href="http://www.freebsd.org/" alt="Top"/>
|
||||
</map>
|
||||
</xsl:template>
|
||||
<xsl:template name="foo">
|
||||
<hr/>
|
||||
<p><strong>Disclaimer:</strong> The data contained on this page is derived for the VuXML document,
|
||||
please refer to the <a href="{$vulurl}">the original document</a> for copyright information. The author of
|
||||
portaudit makes no claim of authorship or ownership of any of the information contained herein.</p>
|
||||
<p>
|
||||
If you have found a vulnerability in a FreeBSD port not listed in the
|
||||
database, please <a href="mailto:security-officer@FreeBSD.org">contact the
|
||||
FreeBSD Security Officer</a>. Refer to
|
||||
<a href="http://www.freebsd.org/security/#sec">"FreeBSD Security
|
||||
Information"</a> for more information.
|
||||
</p>
|
||||
<hr/>
|
||||
<address title="Oliver Eikemeier">
|
||||
Oliver Eikemeier <a href="mailto:eik@FreeBSD.org?subject=portaudit"><eik@FreeBSD.org></a>
|
||||
</address>
|
||||
</xsl:template>
|
||||
</xsl:stylesheet>
|
92
ports-mgmt/portaudit-db/files/vuxml2portaudit.xslt
Normal file
92
ports-mgmt/portaudit-db/files/vuxml2portaudit.xslt
Normal file
@ -0,0 +1,92 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
|
||||
$FreeBSD$
|
||||
|
||||
Copyright (c) 2004 Oliver Eikemeier. All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions are met:
|
||||
|
||||
1. Redistributions of source code must retain the above copyright notice,
|
||||
this list of conditions and the following disclaimer.
|
||||
2. Redistributions in binary form must reproduce the above copyright notice,
|
||||
this list of conditions and the following disclaimer in the documentation
|
||||
and/or other materials provided with the distribution.
|
||||
3. Neither the name of the author nor the names of its contributors may be
|
||||
used to endorse or promote products derived from this software without
|
||||
specific prior written permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
|
||||
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
|
||||
FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
||||
COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
|
||||
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
|
||||
VuXML to portaudit database converter.
|
||||
|
||||
Usage:
|
||||
xsltproc -o auditfile vuxml2portaudit.xslt vuxml.xml
|
||||
|
||||
-->
|
||||
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:vuxml="http://www.vuxml.org/apps/vuxml-1" version="1.0">
|
||||
<xsl:output method="text"/>
|
||||
<xsl:variable name="newline">
|
||||
<xsl:text>
</xsl:text>
|
||||
</xsl:variable>
|
||||
<!-- xxx -->
|
||||
<xsl:strip-space elements="vuxml:affects vuxml:package vuxml:name vuxml:range"/>
|
||||
<xsl:template match="/">
|
||||
<xsl:text># Converted by vuxml2portaudit
|
||||
</xsl:text>
|
||||
<xsl:for-each select="vuxml:vuxml/vuxml:vuln">
|
||||
<xsl:variable name="topic" select="normalize-space(vuxml:topic)"/>
|
||||
<xsl:variable name="vid" select="translate(@vid, 'ABCDEF', 'abcdef')"/>
|
||||
<xsl:for-each select="vuxml:affects/vuxml:package">
|
||||
<xsl:for-each select="vuxml:name">
|
||||
<xsl:variable name="name" select="."/>
|
||||
<xsl:for-each select="../vuxml:range">
|
||||
<xsl:value-of select="$name"/>
|
||||
<xsl:apply-templates/>
|
||||
<xsl:text>|</xsl:text>
|
||||
<xsl:value-of select="$baseurl"/>
|
||||
<xsl:value-of select="$vid"/>
|
||||
<xsl:text>.html</xsl:text>
|
||||
<xsl:text>|</xsl:text>
|
||||
<xsl:value-of select="$topic"/>
|
||||
<xsl:text>|</xsl:text>
|
||||
<xsl:value-of select="$vid"/>
|
||||
<xsl:value-of select="$newline"/>
|
||||
</xsl:for-each>
|
||||
</xsl:for-each>
|
||||
</xsl:for-each>
|
||||
</xsl:for-each>
|
||||
</xsl:template>
|
||||
<!-- xxx -->
|
||||
<xsl:template match="vuxml:lt">
|
||||
<xsl:text><</xsl:text>
|
||||
<xsl:value-of select="text()"/>
|
||||
</xsl:template>
|
||||
<xsl:template match="vuxml:le">
|
||||
<xsl:text><=</xsl:text>
|
||||
<xsl:value-of select="text()"/>
|
||||
</xsl:template>
|
||||
<xsl:template match="vuxml:gt">
|
||||
<xsl:text>></xsl:text>
|
||||
<xsl:value-of select="text()"/>
|
||||
</xsl:template>
|
||||
<xsl:template match="vuxml:ge">
|
||||
<xsl:text>>=</xsl:text>
|
||||
<xsl:value-of select="text()"/>
|
||||
</xsl:template>
|
||||
<xsl:template match="vuxml:eq">
|
||||
<xsl:text>=</xsl:text>
|
||||
<xsl:value-of select="text()"/>
|
||||
</xsl:template>
|
||||
</xsl:stylesheet>
|
16
ports-mgmt/portaudit-db/pkg-descr
Normal file
16
ports-mgmt/portaudit-db/pkg-descr
Normal file
@ -0,0 +1,16 @@
|
||||
In contrast to security/portaudit, which is designed to be an
|
||||
install-and-forget solution, portaudit-db requires a current
|
||||
ports tree and generates a database that can be used locally
|
||||
or distributed over a network.
|
||||
|
||||
Furthermore committers that want to add entries to the VuXML
|
||||
database may use this port to check their changes locally.
|
||||
It also features a file `database/portaudit.txt' where UUIDs
|
||||
for vulnerabilities can be allocated before they have been
|
||||
investigated thoroughly and moved to the VuXML database by
|
||||
the security officer team.
|
||||
|
||||
Call `packaudit' after upgrading your ports tree.
|
||||
|
||||
WWW: http://people.freebsd.org/~eik/portaudit/
|
||||
Oliver Eikemeier <eik@FreeBSD.org>
|
7
ports-mgmt/portaudit-db/pkg-plist
Normal file
7
ports-mgmt/portaudit-db/pkg-plist
Normal file
@ -0,0 +1,7 @@
|
||||
bin/packaudit
|
||||
etc/packaudit.conf.sample
|
||||
%%DATADIR%%/vuxml2html.xslt
|
||||
%%DATADIR%%/vuxml2portaudit.xslt
|
||||
@dirrm %%DATADIR%%
|
||||
@exec mkdir -p %%DATABASEDIR%%
|
||||
@unexec rmdir %%DATABASEDIR%% 2>/dev/null || true
|
@ -320,6 +320,7 @@
|
||||
SUBDIR += pktsuckers
|
||||
SUBDIR += poc
|
||||
SUBDIR += portaudit
|
||||
SUBDIR += portaudit-db
|
||||
SUBDIR += portscanner
|
||||
SUBDIR += portsentry
|
||||
SUBDIR += ppgen
|
||||
|
41
security/portaudit-db/Makefile
Normal file
41
security/portaudit-db/Makefile
Normal file
@ -0,0 +1,41 @@
|
||||
# New ports collection makefile for: portaudit-db
|
||||
# Date created: 12 Jun 2004
|
||||
# Whom: Oliver Eikemeier
|
||||
#
|
||||
# $FreeBSD$
|
||||
#
|
||||
|
||||
PORTNAME= portaudit-db
|
||||
PORTVERSION= 0.1
|
||||
CATEGORIES= security
|
||||
DISTFILES=
|
||||
|
||||
MAINTAINER= eik@FreeBSD.org
|
||||
COMMENT= Creates a portaudit database from a current ports tree
|
||||
|
||||
RUN_DEPENDS= xsltproc:${PORTSDIR}/textproc/libxslt
|
||||
|
||||
DATABASEDIR?= ${AUDITFILE:H}
|
||||
|
||||
PLIST_SUB+= DATABASEDIR="${DATABASEDIR}"
|
||||
|
||||
SED_SCRIPT= -e 's,%%PREFIX%%,${PREFIX},g' \
|
||||
-e "s|%%DATADIR%%|${DATADIR}|g" \
|
||||
-e "s|%%LOCALBASE%%|${LOCALBASE}|g" \
|
||||
-e "s|%%PORTSDIR%%|${PORTSDIR}|g" \
|
||||
-e "s|%%PORTVERSION%%|${PORTVERSION}|g" \
|
||||
-e "s|%%DATABASEDIR%%|${DATABASEDIR}|g"
|
||||
|
||||
do-build:
|
||||
@for f in packaudit.sh packaudit.conf; do \
|
||||
${SED} ${SED_SCRIPT} "${FILESDIR}/$$f" > "${WRKDIR}/$$f"; \
|
||||
done
|
||||
|
||||
do-install:
|
||||
@${INSTALL_SCRIPT} ${WRKDIR}/packaudit.sh ${PREFIX}/bin/packaudit
|
||||
@${INSTALL_DATA} ${WRKDIR}/packaudit.conf ${PREFIX}/etc/packaudit.conf.sample
|
||||
@${MKDIR} ${DATADIR}
|
||||
@${INSTALL_DATA} ${FILESDIR}/vuxml2html.xslt ${FILESDIR}/vuxml2portaudit.xslt ${DATADIR}
|
||||
@${MKDIR} ${DATABASEDIR}
|
||||
|
||||
.include <bsd.port.mk>
|
7
security/portaudit-db/database/portaudit.txt
Normal file
7
security/portaudit-db/database/portaudit.txt
Normal file
@ -0,0 +1,7 @@
|
||||
# portaudit text based database
|
||||
# $FreeBSD$
|
||||
smtpproxy<=1.1.3|http://0xbadc0ded.org/advisories/0402.txt|remotely exploitable format string vulnerability|1abf65f9-bc9d-11d8-916c-000347dd607f
|
||||
apache<1.3.31_1|http://www.apacheweek.com/features/security-13|mod_proxy buffer overflow (CAN-2004-0492)|5bcd500c-bc9d-11d8-916c-000347dd607f
|
||||
apache+mod_ssl<1.3.31+2.8.18_3|http://www.apacheweek.com/features/security-13|mod_proxy buffer overflow (CAN-2004-0492)|5bcd500c-bc9d-11d8-916c-000347dd607f
|
||||
apache<2.0.49_1|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0488|mod_ssl stack-based buffer overflow|662cd99e-bc9d-11d8-916c-000347dd607f
|
||||
apache+mod_ssl*<1.3.31+2.8.18_4|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0488|mod_ssl stack-based buffer overflow|662cd99e-bc9d-11d8-916c-000347dd607f
|
4
security/portaudit-db/database/portaudit.xlist
Normal file
4
security/portaudit-db/database/portaudit.xlist
Normal file
@ -0,0 +1,4 @@
|
||||
# portaudit exclude list
|
||||
# $FreeBSD$
|
||||
3362f2c1-8344-11d8-a41f-0020ed76ef5a
|
||||
5e7f58c3-b3f8-4258-aeb8-795e5e940ff8
|
69
security/portaudit-db/database/portaudit.xml
Normal file
69
security/portaudit-db/database/portaudit.xml
Normal file
@ -0,0 +1,69 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!--
|
||||
This file is in the public domain.
|
||||
$FreeBSD$
|
||||
-->
|
||||
<!DOCTYPE vuxml PUBLIC "-//vuxml.org//DTD VuXML 1.1//EN" "http://www.vuxml.org/dtd/vuxml-1/vuxml-11.dtd">
|
||||
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
|
||||
|
||||
<vuln vid="42e330ab-82a4-11d8-868e-000347dd607f">
|
||||
<topic>MPlayer remotely exploitable buffer overflow in the ASX parser</topic>
|
||||
<affects>
|
||||
<package>
|
||||
<name>mplayer</name>
|
||||
<name>mplayer-esound</name>
|
||||
<name>mplayer-gtk</name>
|
||||
<name>mplayer-gtk-esound</name>
|
||||
<range><lt>0.92</lt></range>
|
||||
</package>
|
||||
</affects>
|
||||
<description>
|
||||
<body xmlns="http://www.w3.org/1999/xhtml">
|
||||
<p>A remotely exploitable buffer overflow vulnerability was found in
|
||||
MPlayer. A malicious host can craft a harmful ASX header,
|
||||
and trick MPlayer into executing arbitrary code upon parsing that header.</p>
|
||||
</body>
|
||||
</description>
|
||||
<references>
|
||||
<url>http://www.mplayerhq.hu/</url>
|
||||
<url>http://www.securityfocus.com/archive/1/339330</url>
|
||||
<url>http://www.securityfocus.com/archive/1/339193</url>
|
||||
<cvename>CAN-2003-0835</cvename>
|
||||
<bid>8702</bid>
|
||||
</references>
|
||||
<dates>
|
||||
<discovery>2003-09-24</discovery>
|
||||
<entry>2004-03-30</entry>
|
||||
</dates>
|
||||
</vuln>
|
||||
|
||||
<vuln vid="d8c46d74-8288-11d8-868e-000347dd607f">
|
||||
<topic>MPlayer remotely exploitable buffer overflow in the HTTP parser</topic>
|
||||
<affects>
|
||||
<package>
|
||||
<name>mplayer</name>
|
||||
<name>mplayer-esound</name>
|
||||
<name>mplayer-gtk</name>
|
||||
<name>mplayer-gtk-esound</name>
|
||||
<range><lt>0.92.1</lt></range>
|
||||
</package>
|
||||
</affects>
|
||||
<description>
|
||||
<body xmlns="http://www.w3.org/1999/xhtml">
|
||||
<p>A remotely exploitable buffer overflow vulnerability was found in
|
||||
MPlayer. A malicious host can craft a harmful HTTP header ("Location:"),
|
||||
and trick MPlayer into executing arbitrary code upon parsing that header.</p>
|
||||
</body>
|
||||
</description>
|
||||
<references>
|
||||
<url>http://www.mplayerhq.hu/</url>
|
||||
<url>http://www.securityfocus.com/archive/1/359029</url>
|
||||
<url>http://www.securityfocus.com/archive/1/359025</url>
|
||||
</references>
|
||||
<dates>
|
||||
<discovery>2004-03-29</discovery>
|
||||
<entry>2004-03-30</entry>
|
||||
</dates>
|
||||
</vuln>
|
||||
|
||||
</vuxml>
|
9
security/portaudit-db/files/packaudit.conf
Normal file
9
security/portaudit-db/files/packaudit.conf
Normal file
@ -0,0 +1,9 @@
|
||||
#
|
||||
# $FreeBSD$
|
||||
#
|
||||
# packaudit.conf sample file
|
||||
#
|
||||
|
||||
# avoid network access
|
||||
export SGML_CATALOG_FILES="%%LOCALBASE%%/share/xml/catalog"
|
||||
XSLTPROC_EXTRA_ARGS="--catalogs --nonet"
|
112
security/portaudit-db/files/packaudit.sh
Normal file
112
security/portaudit-db/files/packaudit.sh
Normal file
@ -0,0 +1,112 @@
|
||||
#!/bin/sh -e
|
||||
#
|
||||
# Copyright (c) 2004 Oliver Eikemeier. All rights reserved.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions are
|
||||
# met:
|
||||
#
|
||||
# 1. Redistributions of source code must retain the above copyright notice
|
||||
# this list of conditions and the following disclaimer.
|
||||
#
|
||||
# 2. Redistributions in binary form must reproduce the above copyright
|
||||
# notice, this list of conditions and the following disclaimer in the
|
||||
# documentation and/or other materials provided with the distribution.
|
||||
#
|
||||
# 3. Neither the name of the author nor the names of its contributors may be
|
||||
# used to endorse or promote products derived from this software without
|
||||
# specific prior written permission.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
|
||||
# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
|
||||
# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
||||
# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
#
|
||||
# $FreeBSD$
|
||||
#
|
||||
|
||||
AWK=/usr/bin/awk
|
||||
BASENAME=/usr/bin/basename
|
||||
CAT=/bin/cat
|
||||
DATE=/bin/date
|
||||
ENV=/usr/bin/env
|
||||
MD5=/sbin/md5
|
||||
MKTEMP=/usr/bin/mktemp
|
||||
RM=/bin/rm
|
||||
SED=/usr/bin/sed
|
||||
TAR=/usr/bin/tar
|
||||
XSLTPROC=%%LOCALBASE%%/bin/xsltproc
|
||||
|
||||
PORTSDIR="${PORTSDIR:-%%PORTSDIR%%}"
|
||||
VUXMLDIR="${VUXMLDIR:-$PORTSDIR/security/vuxml}"
|
||||
PORTAUDITDBDIR="${PORTAUDITDBDIR:-$PORTSDIR/security/portaudit-db}"
|
||||
|
||||
DATABASEDIR="${DATABASEDIR:-%%DATABASEDIR%%}"
|
||||
|
||||
STYLESHEET="%%DATADIR%%/vuxml2portaudit.xslt"
|
||||
|
||||
PUBLIC_HTML="${PUBLIC_HTML:-$HOME/public_html/portaudit}"
|
||||
HTMLSHEET="%%DATADIR%%/vuxml2html.xslt"
|
||||
BASEURL="http://people.freebsd.org/~eik/portaudit/"
|
||||
|
||||
[ -r "%%PREFIX%%/etc/packaudit.conf" ] && . "%%PREFIX%%/etc/packaudit.conf"
|
||||
|
||||
VULVER=`$SED -En -e '/^.*\\$FreeBSD\: [^$ ]+,v ([0-9]+(\.[0-9]+)+) [^$]+\\$.*$/{s//\1/p;q;}' "$VUXMLDIR/vuln.xml"`
|
||||
VULURL="http://cvsweb.freebsd.org/ports/security/vuxml/vuln.xml?rev=$VULVER"
|
||||
|
||||
if [ -d "$PUBLIC_HTML" ]; then
|
||||
VULNMD5=`$CAT "$VUXMLDIR/vuln.xml" "$PORTAUDITDBDIR/database/portaudit.xml" | $MD5`
|
||||
if [ -f "$PUBLIC_HTML/portaudit.md5" ]; then
|
||||
VULNMD5_OLD=`$CAT "$PUBLIC_HTML/portaudit.md5"`
|
||||
fi
|
||||
if [ "$VULNMD5" != "$VULNMD5_OLD" ]; then
|
||||
echo -n "$VULNMD5" > "$PUBLIC_HTML/portaudit.md5"
|
||||
$XSLTPROC $XSLTPROC_EXTRA_ARGS --stringparam vulurl "$VULURL" --stringparam extradoc "$PORTAUDITDBDIR/database/portaudit.xml" \
|
||||
-o "$PUBLIC_HTML/" "$HTMLSHEET" "$VUXMLDIR/vuln.xml"
|
||||
fi
|
||||
fi
|
||||
|
||||
TMPNAME=`$BASENAME "$0"`
|
||||
TMPDIR=`$MKTEMP -d -t "$TMPNAME.$$"` || exit 1
|
||||
|
||||
TESTPORT="vulnerability-test-port>=2000<`$DATE -u +%Y.%m.%d`"
|
||||
TESTURL="http://cvsweb.freebsd.org/ports/security/vulnerability-test-port/"
|
||||
TESTREASON="Not vulnerable, just a test port (database: `$DATE -u +%Y-%m-%d`)"
|
||||
|
||||
XLIST_FILE="$PORTAUDITDBDIR/database/portaudit.xlist"
|
||||
|
||||
cd "$TMPDIR" || exit 1
|
||||
{
|
||||
$DATE -u "+#CREATED: %Y-%m-%d %H:%M:%S"
|
||||
echo "# Created by packaudit %%PORTVERSION%%"
|
||||
echo "$TESTPORT|$TESTURL|$TESTREASON"
|
||||
echo "# Please refer to the original document for copyright information:"
|
||||
echo "# $VULURL"
|
||||
$XSLTPROC $XSLTPROC_EXTRA_ARGS --stringparam baseurl "$BASEURL" "$STYLESHEET" "$VUXMLDIR/vuln.xml"
|
||||
echo "# This part is in the public domain"
|
||||
$XSLTPROC $XSLTPROC_EXTRA_ARGS --stringparam baseurl "$BASEURL" "$STYLESHEET" "$PORTAUDITDBDIR/database/portaudit.xml"
|
||||
$CAT "$PORTAUDITDBDIR/database/portaudit.txt"
|
||||
} | $AWK -F\| -v XLIST_FILE="$XLIST_FILE" '
|
||||
BEGIN {
|
||||
while((getline < XLIST_FILE) > 0)
|
||||
if(!/^(#|$)/)
|
||||
ignore[$1]=1
|
||||
}
|
||||
/^(#|$)/ {
|
||||
print
|
||||
next
|
||||
}
|
||||
{
|
||||
if (!ignore[$4])
|
||||
print $1 "|" $2 "|" $3
|
||||
}' > auditfile
|
||||
echo "#CHECKSUM: MD5 `$MD5 < auditfile`" >> auditfile
|
||||
$TAR -jcf "$DATABASEDIR/auditfile.tbz" auditfile
|
||||
cd
|
||||
$RM -Rf "$TMPDIR"
|
287
security/portaudit-db/files/vuxml2html.xslt
Normal file
287
security/portaudit-db/files/vuxml2html.xslt
Normal file
@ -0,0 +1,287 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
|
||||
$FreeBSD$
|
||||
|
||||
Copyright (c) 2004 Oliver Eikemeier. All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions are met:
|
||||
|
||||
1. Redistributions of source code must retain the above copyright notice,
|
||||
this list of conditions and the following disclaimer.
|
||||
2. Redistributions in binary form must reproduce the above copyright notice,
|
||||
this list of conditions and the following disclaimer in the documentation
|
||||
and/or other materials provided with the distribution.
|
||||
3. Neither the name of the author nor the names of its contributors may be
|
||||
used to endorse or promote products derived from this software without
|
||||
specific prior written permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
|
||||
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
|
||||
FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
||||
COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
|
||||
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
|
||||
VuXML to HTML converter.
|
||||
|
||||
Usage:
|
||||
xsltproc -o html/ vuxml2html.xslt vuxml.xml
|
||||
|
||||
-->
|
||||
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:xhtml="http://www.w3.org/1999/xhtml" xmlns:vuxml="http://www.vuxml.org/apps/vuxml-1" xmlns="http://www.w3.org/1999/xhtml" exclude-result-prefixes="xhtml vuxml" version="1.0">
|
||||
<xsl:output method="xml"/>
|
||||
<xsl:strip-space elements="vuxml:affects vuxml:package vuxml:name vuxml:range" />
|
||||
<!-- whole vuxml file -->
|
||||
<xsl:template match="vuxml:vuxml">
|
||||
<!-- index page, xhtml strict -->
|
||||
<xsl:document href="index.html" method="xml" indent="yes" encoding="UTF-8" doctype-public="-//W3C//DTD XHTML 1.0 Strict//EN" doctype-system="http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<title>portaudit: Vulnerability list</title>
|
||||
<xsl:call-template name="css"/>
|
||||
</head>
|
||||
<body>
|
||||
<div>
|
||||
<xsl:call-template name="bar"/>
|
||||
</div>
|
||||
<h1>Vulnerabilities</h1>
|
||||
<table>
|
||||
<xsl:for-each select="vuxml:vuln | document($extradoc)/vuxml:vuxml/vuxml:vuln">
|
||||
<xsl:sort select="(vuxml:dates/vuxml:modified | vuxml:dates/vuxml:entry)[1]" order="descending"/>
|
||||
<tr>
|
||||
<td>
|
||||
<xsl:value-of select="(vuxml:dates/vuxml:modified | vuxml:dates/vuxml:entry)[1]"/>
|
||||
</td>
|
||||
<td>
|
||||
<a href="{translate(@vid, 'ABCDEF', 'abcdef')}.html">
|
||||
<xsl:value-of select="vuxml:topic"/>
|
||||
</a>
|
||||
</td>
|
||||
</tr>
|
||||
</xsl:for-each>
|
||||
</table>
|
||||
<p>
|
||||
<a href="index-pkg.html">[Sorted by package name]</a>
|
||||
</p>
|
||||
<xsl:call-template name="foo"/>
|
||||
</body>
|
||||
</html>
|
||||
</xsl:document>
|
||||
<!-- index page by packages, xhtml strict -->
|
||||
<xsl:document href="index-pkg.html" method="xml" indent="yes" encoding="UTF-8" doctype-public="-//W3C//DTD XHTML 1.0 Strict//EN" doctype-system="http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<title>portaudit: Vulnerability list by packages</title>
|
||||
<xsl:call-template name="css"/>
|
||||
</head>
|
||||
<body>
|
||||
<div>
|
||||
<xsl:call-template name="bar"/>
|
||||
</div>
|
||||
<h1>Vulnerabilities</h1>
|
||||
<table>
|
||||
<xsl:for-each select="//vuxml:affects/vuxml:package/vuxml:name | document($extradoc)//vuxml:affects/vuxml:package/vuxml:name">
|
||||
<xsl:sort select="translate(., 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz')"/>
|
||||
<xsl:sort select="(ancestor-or-self::vuxml:vuln/vuxml:dates/vuxml:modified | ancestor-or-self::vuxml:vuln/vuxml:dates/vuxml:entry)[1]" order="descending"/>
|
||||
<tr>
|
||||
<td>
|
||||
<xsl:value-of select="."/>
|
||||
</td>
|
||||
<td>
|
||||
<a href="{translate(ancestor-or-self::vuxml:vuln/@vid, 'ABCDEF', 'abcdef')}.html">
|
||||
<xsl:value-of select="ancestor-or-self::vuxml:vuln/vuxml:topic"/>
|
||||
</a>
|
||||
</td>
|
||||
</tr>
|
||||
</xsl:for-each>
|
||||
</table>
|
||||
<p>
|
||||
<a href="index.html">[Sorted by last modification]</a>
|
||||
</p>
|
||||
<xsl:call-template name="foo"/>
|
||||
</body>
|
||||
</html>
|
||||
</xsl:document>
|
||||
<!-- individual pages, xhtml strict -->
|
||||
<xsl:for-each select="vuxml:vuln | document($extradoc)/vuxml:vuxml/vuxml:vuln">
|
||||
<xsl:document href="{translate(@vid, 'ABCDEF', 'abcdef')}.html" method="xml" indent="yes" encoding="UTF-8" doctype-public="-//W3C//DTD XHTML 1.0 Strict//EN" doctype-system="http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<title>portaudit: <xsl:value-of select="vuxml:topic"/></title>
|
||||
<xsl:call-template name="css"/>
|
||||
</head>
|
||||
<body>
|
||||
<div>
|
||||
<xsl:call-template name="bar"/>
|
||||
</div>
|
||||
<h1>
|
||||
<xsl:value-of select="vuxml:topic"/>
|
||||
</h1>
|
||||
<h2>Description:</h2>
|
||||
<xsl:copy-of select="vuxml:description/xhtml:body/*"/>
|
||||
<h2>References:</h2>
|
||||
<ul>
|
||||
<xsl:apply-templates select="vuxml:references"/>
|
||||
</ul>
|
||||
<h2>Affects:</h2>
|
||||
<ul>
|
||||
<xsl:for-each select="vuxml:affects/vuxml:package">
|
||||
<xsl:for-each select="vuxml:name">
|
||||
<xsl:variable name="name" select="."/>
|
||||
<xsl:for-each select="../vuxml:range">
|
||||
<li>
|
||||
<xsl:value-of select="$name"/>
|
||||
<xsl:apply-templates/>
|
||||
</li>
|
||||
</xsl:for-each>
|
||||
</xsl:for-each>
|
||||
</xsl:for-each>
|
||||
<xsl:for-each select="vuxml:affects/vuxml:system">
|
||||
<xsl:for-each select="vuxml:name">
|
||||
<xsl:variable name="name" select="."/>
|
||||
<xsl:for-each select="../vuxml:range">
|
||||
<li>
|
||||
<xsl:value-of select="$name"/>
|
||||
<xsl:apply-templates/>
|
||||
</li>
|
||||
</xsl:for-each>
|
||||
</xsl:for-each>
|
||||
</xsl:for-each>
|
||||
</ul>
|
||||
<xsl:call-template name="foo"/>
|
||||
</body>
|
||||
</html>
|
||||
</xsl:document>
|
||||
</xsl:for-each>
|
||||
<!-- end of vuxml file processing -->
|
||||
</xsl:template>
|
||||
<!-- vulnerability references -->
|
||||
<xsl:template match="vuxml:url">
|
||||
<li>
|
||||
<a href="{.}">
|
||||
<xsl:value-of select="."/>
|
||||
</a>
|
||||
</li>
|
||||
</xsl:template>
|
||||
<xsl:template match="vuxml:cvename">
|
||||
<li>CVE name <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name={text()}"><xsl:value-of select="text()"/></a></li>
|
||||
</xsl:template>
|
||||
<xsl:template match="vuxml:bid">
|
||||
<li>BugTraq ID <a href="http://www.securityfocus.com/bid/{.}"><xsl:value-of select="."/></a></li>
|
||||
</xsl:template>
|
||||
<xsl:template match="vuxml:certsa">
|
||||
<li>CERT security advisory <a href="http://www.cert.org/advisories/{.}.html"><xsl:value-of select="."/></a></li>
|
||||
</xsl:template>
|
||||
<xsl:template match="vuxml:certvu">
|
||||
<li>CERT vulnerability note <a href="http://www.kb.cert.org/vuls/id/{.}"><xsl:value-of select="."/></a></li>
|
||||
</xsl:template>
|
||||
<xsl:template match="vuxml:freebsdsa">
|
||||
<li>FreeBSD security advisory <a href="ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-{.}.asc">FreeBSD-<xsl:value-of select="."/></a></li>
|
||||
</xsl:template>
|
||||
<!-- comparison operators -->
|
||||
<xsl:template match="vuxml:lt">
|
||||
<xsl:text> <</xsl:text>
|
||||
<xsl:value-of select="text()"/>
|
||||
</xsl:template>
|
||||
<xsl:template match="vuxml:le">
|
||||
<xsl:text> <=</xsl:text>
|
||||
<xsl:value-of select="text()"/>
|
||||
</xsl:template>
|
||||
<xsl:template match="vuxml:gt">
|
||||
<xsl:text> ></xsl:text>
|
||||
<xsl:value-of select="text()"/>
|
||||
</xsl:template>
|
||||
<xsl:template match="vuxml:ge">
|
||||
<xsl:text> >=</xsl:text>
|
||||
<xsl:value-of select="text()"/>
|
||||
</xsl:template>
|
||||
<xsl:template match="vuxml:eq">
|
||||
<xsl:text> =</xsl:text>
|
||||
<xsl:value-of select="text()"/>
|
||||
</xsl:template>
|
||||
<!-- style sheet -->
|
||||
<xsl:template name="css">
|
||||
<link rel="shortcut icon" href="http://www.freebsd.org/favicon.ico" type="image/x-icon"/>
|
||||
<style type="text/css">
|
||||
<xsl:comment>
|
||||
<xsl:text>
|
||||
body {
|
||||
background-color : #ffffff;
|
||||
color : #000000;
|
||||
}
|
||||
|
||||
a:link { color: #0000ff }
|
||||
a:visited { color: #840084 }
|
||||
a:active { color: #0000ff }
|
||||
|
||||
h1 { color: #990000 }
|
||||
|
||||
img { color: white; border:none }
|
||||
|
||||
table {
|
||||
border: none;
|
||||
margin-top: 10px;
|
||||
margin-bottom: 10px;
|
||||
}
|
||||
|
||||
th {
|
||||
text-align: left;
|
||||
padding: 3px;
|
||||
border: none;
|
||||
vertical-align: top;
|
||||
}
|
||||
|
||||
td {
|
||||
padding: 3px;
|
||||
border: none;
|
||||
vertical-align: top;
|
||||
}
|
||||
|
||||
tr.odd {
|
||||
background: #eeeeee;
|
||||
color: inherit;
|
||||
}
|
||||
</xsl:text>
|
||||
</xsl:comment>
|
||||
</style>
|
||||
</xsl:template>
|
||||
<!-- xhtml elements -->
|
||||
<xsl:template name="bar">
|
||||
<img src="http://www.freebsd.org/gifs/bar.gif" alt="Navigation Bar" height="33" width="565" usemap="#bar"/>
|
||||
<map id="bar" name="bar">
|
||||
<area shape="rect" coords="1,1,111,33" href="http://www.freebsd.org/" alt="Top"/>
|
||||
<area shape="rect" coords="112,16,196,33" href="http://www.freebsd.org/ports/index.html" alt="Applications"/>
|
||||
<area shape="rect" coords="197,16,256,33" href="http://www.freebsd.org/support.html" alt="Support"/>
|
||||
<area shape="rect" coords="257,16,365,33" href="http://www.freebsd.org/docs.html" alt="Documentation"/>
|
||||
<area shape="rect" coords="366,16,424,33" href="http://www.freebsd.org/commercial/commercial.html" alt="Vendors"/>
|
||||
<area shape="rect" coords="425,16,475,33" href="http://www.freebsd.org/search/search.html" alt="Search"/>
|
||||
<area shape="rect" coords="476,16,516,33" href="http://www.freebsd.org/search/index-site.html" alt="Index"/>
|
||||
<area shape="rect" coords="517,16,565,33" href="http://www.freebsd.org/" alt="Top"/>
|
||||
<area shape="rect" coords="0,0,565,33" href="http://www.freebsd.org/" alt="Top"/>
|
||||
</map>
|
||||
</xsl:template>
|
||||
<xsl:template name="foo">
|
||||
<hr/>
|
||||
<p><strong>Disclaimer:</strong> The data contained on this page is derived for the VuXML document,
|
||||
please refer to the <a href="{$vulurl}">the original document</a> for copyright information. The author of
|
||||
portaudit makes no claim of authorship or ownership of any of the information contained herein.</p>
|
||||
<p>
|
||||
If you have found a vulnerability in a FreeBSD port not listed in the
|
||||
database, please <a href="mailto:security-officer@FreeBSD.org">contact the
|
||||
FreeBSD Security Officer</a>. Refer to
|
||||
<a href="http://www.freebsd.org/security/#sec">"FreeBSD Security
|
||||
Information"</a> for more information.
|
||||
</p>
|
||||
<hr/>
|
||||
<address title="Oliver Eikemeier">
|
||||
Oliver Eikemeier <a href="mailto:eik@FreeBSD.org?subject=portaudit"><eik@FreeBSD.org></a>
|
||||
</address>
|
||||
</xsl:template>
|
||||
</xsl:stylesheet>
|
92
security/portaudit-db/files/vuxml2portaudit.xslt
Normal file
92
security/portaudit-db/files/vuxml2portaudit.xslt
Normal file
@ -0,0 +1,92 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
|
||||
$FreeBSD$
|
||||
|
||||
Copyright (c) 2004 Oliver Eikemeier. All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions are met:
|
||||
|
||||
1. Redistributions of source code must retain the above copyright notice,
|
||||
this list of conditions and the following disclaimer.
|
||||
2. Redistributions in binary form must reproduce the above copyright notice,
|
||||
this list of conditions and the following disclaimer in the documentation
|
||||
and/or other materials provided with the distribution.
|
||||
3. Neither the name of the author nor the names of its contributors may be
|
||||
used to endorse or promote products derived from this software without
|
||||
specific prior written permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
|
||||
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
|
||||
FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
||||
COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
|
||||
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
|
||||
VuXML to portaudit database converter.
|
||||
|
||||
Usage:
|
||||
xsltproc -o auditfile vuxml2portaudit.xslt vuxml.xml
|
||||
|
||||
-->
|
||||
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:vuxml="http://www.vuxml.org/apps/vuxml-1" version="1.0">
|
||||
<xsl:output method="text"/>
|
||||
<xsl:variable name="newline">
|
||||
<xsl:text>
</xsl:text>
|
||||
</xsl:variable>
|
||||
<!-- xxx -->
|
||||
<xsl:strip-space elements="vuxml:affects vuxml:package vuxml:name vuxml:range"/>
|
||||
<xsl:template match="/">
|
||||
<xsl:text># Converted by vuxml2portaudit
|
||||
</xsl:text>
|
||||
<xsl:for-each select="vuxml:vuxml/vuxml:vuln">
|
||||
<xsl:variable name="topic" select="normalize-space(vuxml:topic)"/>
|
||||
<xsl:variable name="vid" select="translate(@vid, 'ABCDEF', 'abcdef')"/>
|
||||
<xsl:for-each select="vuxml:affects/vuxml:package">
|
||||
<xsl:for-each select="vuxml:name">
|
||||
<xsl:variable name="name" select="."/>
|
||||
<xsl:for-each select="../vuxml:range">
|
||||
<xsl:value-of select="$name"/>
|
||||
<xsl:apply-templates/>
|
||||
<xsl:text>|</xsl:text>
|
||||
<xsl:value-of select="$baseurl"/>
|
||||
<xsl:value-of select="$vid"/>
|
||||
<xsl:text>.html</xsl:text>
|
||||
<xsl:text>|</xsl:text>
|
||||
<xsl:value-of select="$topic"/>
|
||||
<xsl:text>|</xsl:text>
|
||||
<xsl:value-of select="$vid"/>
|
||||
<xsl:value-of select="$newline"/>
|
||||
</xsl:for-each>
|
||||
</xsl:for-each>
|
||||
</xsl:for-each>
|
||||
</xsl:for-each>
|
||||
</xsl:template>
|
||||
<!-- xxx -->
|
||||
<xsl:template match="vuxml:lt">
|
||||
<xsl:text><</xsl:text>
|
||||
<xsl:value-of select="text()"/>
|
||||
</xsl:template>
|
||||
<xsl:template match="vuxml:le">
|
||||
<xsl:text><=</xsl:text>
|
||||
<xsl:value-of select="text()"/>
|
||||
</xsl:template>
|
||||
<xsl:template match="vuxml:gt">
|
||||
<xsl:text>></xsl:text>
|
||||
<xsl:value-of select="text()"/>
|
||||
</xsl:template>
|
||||
<xsl:template match="vuxml:ge">
|
||||
<xsl:text>>=</xsl:text>
|
||||
<xsl:value-of select="text()"/>
|
||||
</xsl:template>
|
||||
<xsl:template match="vuxml:eq">
|
||||
<xsl:text>=</xsl:text>
|
||||
<xsl:value-of select="text()"/>
|
||||
</xsl:template>
|
||||
</xsl:stylesheet>
|
16
security/portaudit-db/pkg-descr
Normal file
16
security/portaudit-db/pkg-descr
Normal file
@ -0,0 +1,16 @@
|
||||
In contrast to security/portaudit, which is designed to be an
|
||||
install-and-forget solution, portaudit-db requires a current
|
||||
ports tree and generates a database that can be used locally
|
||||
or distributed over a network.
|
||||
|
||||
Furthermore committers that want to add entries to the VuXML
|
||||
database may use this port to check their changes locally.
|
||||
It also features a file `database/portaudit.txt' where UUIDs
|
||||
for vulnerabilities can be allocated before they have been
|
||||
investigated thoroughly and moved to the VuXML database by
|
||||
the security officer team.
|
||||
|
||||
Call `packaudit' after upgrading your ports tree.
|
||||
|
||||
WWW: http://people.freebsd.org/~eik/portaudit/
|
||||
Oliver Eikemeier <eik@FreeBSD.org>
|
7
security/portaudit-db/pkg-plist
Normal file
7
security/portaudit-db/pkg-plist
Normal file
@ -0,0 +1,7 @@
|
||||
bin/packaudit
|
||||
etc/packaudit.conf.sample
|
||||
%%DATADIR%%/vuxml2html.xslt
|
||||
%%DATADIR%%/vuxml2portaudit.xslt
|
||||
@dirrm %%DATADIR%%
|
||||
@exec mkdir -p %%DATABASEDIR%%
|
||||
@unexec rmdir %%DATABASEDIR%% 2>/dev/null || true
|
Loading…
Reference in New Issue
Block a user