1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-13 03:03:15 +00:00
Commit Graph

40 Commits

Author SHA1 Message Date
Simon L. B. Nielsen
75654bee2f Avoid unnecessary invocations of pkg_info by checking whether the
package is installed or not using a precalculated regex.

This speeds up "portaudit -a" with around a factor of 10.

The change is slightly modified from the one from the PR by using
pkg_info -aE instead of ls /var/db/pkg for determining installed
packages.

Submitted by:	Kuang-che Wu <kcwu@csie.org>
PR:		ports/92942
2006-04-16 13:32:28 +00:00
Edwin Groothuis
508b8d82f4 Replace ugly "@unexec rmdir %D... 2>/dev/null || true" with @dirrmtry
Approved by:    krion@
PR:             ports/88711 (related)
2006-01-22 03:01:03 +00:00
Simon L. B. Nielsen
8c91f8349c Change MAINTAINER address for ports maintained by the Security Team to
secteam@ instead of security@ to make it more clear that the ports are
not maintained by the freebsd-security@ mailing list.  Both addresses
go to the same people.
2005-07-30 19:13:10 +00:00
Simon L. B. Nielsen
9e1a5a3459 portaudit 0.5.10:
- Unbreak portaudit -vF.
- Sync usage with reality.
- Document the q, v, and V options.
- Markup fixes for the portaudit(1) manual page.
- Make quiet mode output even less "redundant" text [1].
- Set maintainership to security@. [2]

Suggested by:	Phil Kernick philk at rotfl dot com dot au [1]
Suggested by:	nectar, remko [2]
2005-07-03 20:31:00 +00:00
Simon L. B. Nielsen
de9b30b80a Grab maintainer-ship of portaudit. While I do not currently have any
plans for improvements (though I have ideas) I feel that portaudit is
too important to not have an active maintainer.

Approved by:	portmgr (linimon)
2005-06-14 22:04:55 +00:00
Christian Brueffer
488bd7efe4 Typo-fix in a comment
Approved by:	portmgr (krion)
2004-09-09 13:15:25 +00:00
Oliver Eikemeier
e8a6142888 - update to version 0.5.9
(first attempts to check the base system for vulnerabilities)
2004-09-03 20:30:54 +00:00
Oliver Eikemeier
b88b1935d9 fix "too many open files" error when using the -r flag
Noted by:	nectar
2004-08-23 17:39:12 +00:00
Oliver Eikemeier
01977fcaea Don't check the base system when PACKAGE_BUILDING 2004-08-16 02:24:06 +00:00
Oliver Eikemeier
153f0ae562 Remove -a from the default fetch(1) flags, so that the daily security
report is not delayed when the distribution site is down.

Submitted by:	kuriyama
2004-08-15 12:26:16 +00:00
Oliver Eikemeier
40f8b91153 fix man page nits,
modify the vulnerability report depending on -q/-v (experimental)

PR:		69935, 68942
Submitted by:	Chris Pepper <pepper@reppep.com>, Johan Karlsson <k@numeri.campus.luth.se>
2004-08-13 17:07:05 +00:00
Oliver Eikemeier
5e008424e7 New option -r: restrict listed entries to selected references.
Useful for testing new entries.
2004-07-24 13:34:52 +00:00
Oliver Eikemeier
76de274928 check for a working tr(1). 2004-07-13 19:36:15 +00:00
Oliver Eikemeier
580eeeff30 Test OSVERSION instead of pkg_info -P to enable cross-version builds
Requested by:	kris
2004-07-02 00:31:18 +00:00
Oliver Eikemeier
2e23771c68 - update to version 0.5
*** NOTE ***

The preferences file format has changed, as have the periodic.conf(5) names.
Normally the default settings should be adequate, except when you need to
configure a proxy. Use $PREFIX/etc/portaudit.conf.sample as an example.

- moved portaudit to sbin
- clean up, merging stuff into the portaudit script
- better return codes and errors to stderr
- -f can check stdin now
- dropped ports tree auditing
- merged the periodic(8) scripts into one
- run daily auditing as `nobody'
2004-07-01 10:59:48 +00:00
Oliver Eikemeier
41c24e6c48 update to version 0.4.1
Use
  portaudit [packagename ...]
to check if package is listed as vulnerable
2004-06-25 01:21:20 +00:00
Oliver Eikemeier
8d9c87c405 Add pkg-req file which was forgotten in the last commit. 2004-06-23 16:02:23 +00:00
Oliver Eikemeier
f5b10d70f9 Update to version 0.4, with a new `-f' option.
To check which of the current ports have known vulnerabilities, do

  portaudit -f /usr/ports/INDEX

This port requires pkg_install(-devel)>=20040623
2004-06-23 16:01:38 +00:00
Oliver Eikemeier
9dec4894a1 make expiry date customizable via daily_status_portaudit_expiry 2004-06-21 16:04:27 +00:00
Oliver Eikemeier
cfaf552880 Fetch the database from http://www.FreeBSD.org/ports/ first.
Thanks to:	kuriyama
2004-06-18 08:07:29 +00:00
Oliver Eikemeier
10813956a8 update to 0.3.1:
- use passive ftp by default, don't retry on failure [1]
- add a -C flag, portlint style
- don't keep databases that are tool old [2]

Requested by:	hubs [1]
Noticed by:	Nicolas Rachinsky <nicolas@rachinsky.de> [2]
2004-03-31 22:52:01 +00:00
Oliver Eikemeier
1832c23a94 Update to 0.3.
Since we are using the official VuXML database
the auditing should be pretty complete.

- mention web page
- add more mirrors, disabling .ru mirror (too much lag)
- allow combined options in portaudit shell script
- add sample configuration file
- use absolute paths for binaries, to ease use in crontab scripts [1]
- correct type in man page [2]

PR:		64005 [2]
Submitted by:	Tomasz Pilat <poncki@axelspringer.com.pl> [1]
		Nathan Dove <njdove@wafer.sandia.gov> [2]
2004-03-11 11:11:59 +00:00
Oliver Eikemeier
598dedc510 grammar
Submitted by:	will, nectar
2004-02-25 14:12:03 +00:00
Oliver Eikemeier
16af0c01c0 add a security contact 2004-02-25 12:47:13 +00:00
Oliver Eikemeier
6cd6202ef7 - bugfix: awk in -CURRENT accepts no regexes in RS, causing the database
update to fail

- add an install & deinstall message

Submitted by:	nectar & Ion-Mihai Tetcu <itetcu@apropo.ro>
2004-02-25 09:46:26 +00:00
Oliver Eikemeier
dd190f52fe update to 0.2:
- new command line tool
- new man page
- reworked database update code, incorporating feedback from
  Max Khon <fjoe>, Radim Kolar <hsn@netmag.cz> (PR 63066) and
  Ion-Mihai Tetcu <itetcu@apropo.ro> (PR 62655)
2004-02-21 21:19:41 +00:00
Oliver Eikemeier
5ef80c7ef0 Disable auditfile.txt until we decide on a database format,
two databases cause more confusion than it is worth.

portaudit uses ports/security/vuxml/vuln.xml in the meantime,
please commit your changes there and send feedback wich format
you prefer.

Currently we have to migrate gnats, mailman, monkey and some
apache versions.
2004-02-19 02:19:33 +00:00
Oliver Eikemeier
2ea4608d31 add bind, pine, samba 3.x 2004-02-17 12:28:13 +00:00
Oliver Eikemeier
2f1bc26f47 remove duplicate mutt entry, sorry. 2004-02-16 20:19:53 +00:00
Oliver Eikemeier
3fcca49ba6 add mutt and mailman 2004-02-16 19:14:24 +00:00
Oliver Eikemeier
f78667fc99 XFree86-Server font file buffer overflows 2004-02-16 18:41:05 +00:00
Oliver Eikemeier
c9d6de4408 add GNATS3 2004-02-16 15:02:04 +00:00
Oliver Eikemeier
dcb711e3ef require gaim version 0.75_6, since the vulnerability has been re-introduced
add libtool symlink vulnerability
2004-02-13 14:20:15 +00:00
Oliver Eikemeier
d873cb4b08 add fspd <= 2.8.1.3
PR:		62747
Submitted by:	Radim Kolar <hsn@netmag.cz>
2004-02-13 01:22:49 +00:00
Clement Laforet
88f171bfd3 Add mutt < 1.4.2 vulnerabilty. 2004-02-11 18:28:18 +00:00
Oliver Eikemeier
89e295c836 add an URL where at least somek kind of advisory for monkeyd can be found... 2004-02-11 11:54:29 +00:00
Clement Laforet
51242e4c41 Add entries for:
- www/apache13-ssl<1.3.29.1.53
	- www/monkey < 0.8.2
2004-02-11 00:07:28 +00:00
Oliver Eikemeier
14c08ca6ff add clamav<0.65_7
PR:		62586
2004-02-10 14:11:14 +00:00
Oliver Eikemeier
5ddd771fd6 Add some more examples (inn, apache) to test combined >= & < relations 2004-01-28 16:19:08 +00:00
Oliver Eikemeier
34522b5af1 portaudit provides a list of published security vulnerabilities
of FreeBSD ports and tools to check if installed ports are listed.

Since this is a prerelease version, it is mostly usable for
committers that want to contribute to the project, and can currently
not be relied upon as an extensive security auditing tool.
2004-01-27 19:24:52 +00:00