aboutsummaryrefslogtreecommitdiff
path: root/ports-mgmt/portaudit
diff options
context:
space:
mode:
Diffstat (limited to 'ports-mgmt/portaudit')
-rw-r--r--ports-mgmt/portaudit/Makefile82
-rw-r--r--ports-mgmt/portaudit/files/portaudit-cmd.sh474
-rw-r--r--ports-mgmt/portaudit/files/portaudit.1175
-rw-r--r--ports-mgmt/portaudit/files/portaudit.conf19
-rw-r--r--ports-mgmt/portaudit/files/portaudit.sh61
-rw-r--r--ports-mgmt/portaudit/pkg-deinstall19
-rw-r--r--ports-mgmt/portaudit/pkg-descr16
-rw-r--r--ports-mgmt/portaudit/pkg-install36
-rw-r--r--ports-mgmt/portaudit/pkg-plist7
-rw-r--r--ports-mgmt/portaudit/pkg-req32
10 files changed, 0 insertions, 921 deletions
diff --git a/ports-mgmt/portaudit/Makefile b/ports-mgmt/portaudit/Makefile
deleted file mode 100644
index 914dd0c95f35..000000000000
--- a/ports-mgmt/portaudit/Makefile
+++ /dev/null
@@ -1,82 +0,0 @@
-# New ports collection makefile for: portaudit
-# Date created: 25 Jan 2004
-# Whom: Oliver Eikemeier
-#
-# $FreeBSD$
-#
-
-PORTNAME= portaudit
-PORTVERSION= 0.5.10
-CATEGORIES= security
-DISTFILES=
-
-MAINTAINER= secteam@FreeBSD.org
-COMMENT= Checks installed ports against a list of security vulnerabilities
-
-MAN1= portaudit.1
-
-PERIODICDIR?= ${PREFIX}/etc/periodic
-DATABASEDIR?= /var/db/portaudit
-
-PKGREQ= ${WRKDIR}/pkg-req
-PKGINSTALL= ${WRKDIR}/pkg-install
-PKGDEINSTALL= ${WRKDIR}/pkg-deinstall
-
-PLIST_SUB+= PERIODICDIR="${PERIODICDIR:S,^${PREFIX}/,,}" \
- DATABASEDIR="${DATABASEDIR}"
-
-REQPKGVER= 20040623
-
-SED_SCRIPT= -e 's|%%PREFIX%%|${PREFIX}|g' \
- -e 's|%%LOCALBASE%%|${LOCALBASE}|g' \
- -e "s|%%PORTSDIR%%|${PORTSDIR}|g" \
- -e "s|%%INDEXFILE%%|${INDEXFILE}|g" \
- -e "s|%%DATABASEDIR%%|${DATABASEDIR}|g" \
- -e "s|%%PORTVERSION%%|${PORTVERSION}|g" \
- -e "s|%%REQPKGVER%%|${REQPKGVER}|g" \
- -e "s|%%BZIP2_CMD%%|${BZIP2_CMD}|g" \
-
-.include <bsd.port.pre.mk>
-
-.if !defined(DFOSVERSION)
-.if ${OSVERSION} < 491101 || ${OSVERSION} >= 500000 && ${OSVERSION} < 502120
-RUN_DEPENDS= ${LOCALBASE}/sbin/pkg_info:${PORTSDIR}/sysutils/pkg_install-devel
-.endif
-.else
-.if ${DFOSVERSION} < 110000
-RUN_DEPENDS= ${LOCALBASE}/sbin/pkg_info:${PORTSDIR}/sysutils/pkg_install-devel
-.endif
-.endif
-
-.if defined(BZIP2DEPENDS)
-RUN_DEPENDS+= bzip2:${PORTSDIR}/archivers/bzip2
-.endif
-
-do-build:
-.for f in portaudit-cmd.sh portaudit.sh portaudit.1 portaudit.conf
- @${SED} ${SED_SCRIPT} ${FILESDIR}/${f} >${WRKDIR}/${f}
-.endfor
-
-post-build:
-.for f in pkg-req pkg-install pkg-deinstall
- @${SED} ${SED_SCRIPT} ${PKGDIR}/${f} >${WRKDIR}/${f}
-.endfor
-
-pre-install:
-.if !defined(PACKAGE_BUILDING)
- @${SETENV} "PKG_PREFIX=${PREFIX}" ${SH} ${PKGREQ} ${PKGNAME} INSTALL
-.endif
- @${SETENV} "PKG_PREFIX=${PREFIX}" ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
-
-do-install:
- @${INSTALL_SCRIPT} ${WRKDIR}/portaudit-cmd.sh ${PREFIX}/sbin/portaudit
- @${INSTALL_DATA} ${WRKDIR}/portaudit.conf ${PREFIX}/etc/portaudit.conf.sample
- @${INSTALL_MAN} ${WRKDIR}/portaudit.1 ${MAN1PREFIX}/man/man1
- @${MKDIR} ${PERIODICDIR}/security
- @${INSTALL_SCRIPT} ${WRKDIR}/portaudit.sh ${PERIODICDIR}/security/410.portaudit
- @${MKDIR} ${DATABASEDIR}
-
-post-install:
- @${SETENV} "PKG_PREFIX=${PREFIX}" ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
-
-.include <bsd.port.post.mk>
diff --git a/ports-mgmt/portaudit/files/portaudit-cmd.sh b/ports-mgmt/portaudit/files/portaudit-cmd.sh
deleted file mode 100644
index b16c7e368dab..000000000000
--- a/ports-mgmt/portaudit/files/portaudit-cmd.sh
+++ /dev/null
@@ -1,474 +0,0 @@
-#!/bin/sh -efu
-#
-# Copyright (c) 2004 Oliver Eikemeier. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#
-# 1. Redistributions of source code must retain the above copyright notice
-# this list of conditions and the following disclaimer.
-#
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-#
-# 3. Neither the name of the author nor the names of its contributors may be
-# used to endorse or promote products derived from this software without
-# specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
-# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-# $FreeBSD$
-#
-
-portaudit_confs()
-{
- : ${portaudit_dir="%%DATABASEDIR%%"}
- : ${portaudit_filename="auditfile.tbz"}
-
- : ${portaudit_fetch_env=""}
- : ${portaudit_fetch_cmd="fetch -1mp"}
-
- : ${portaudit_sites="http://www.FreeBSD.org/ports/"}
-
- : ${portaudit_fixed=""}
-
- if [ -r %%PREFIX%%/etc/portaudit.conf ]; then
- . %%PREFIX%%/etc/portaudit.conf
- fi
-}
-
-extract_auditfile()
-{
- %%BZIP2_CMD%% -dc -- "$portaudit_dir/$portaudit_filename" | \
- tar -xOf - auditfile
-}
-
-checksum_auditfile()
-{
- chksum1=`extract_auditfile |
- sed -nE -e '$s/^#CHECKSUM: *MD5 *([0-9a-f]{32})$/\1/p'`
- chksum2=`extract_auditfile | sed -e '$d' | md5`
- [ "$chksum1" = "$chksum2" ];
-}
-
-getcreated_auditfile()
-{
- extract_auditfile |
- sed -nE -e '1s/^#CREATED: *([0-9]{4})-?([0-9]{2})-?([0-9]{2}) *([0-9]{2}):?([0-9]{2}):?([0-9]{2}).*$/\1-\2-\3 \4:\5:\6/p'
-}
-
-gettimestamp_auditfile()
-{
- extract_auditfile |
- sed -nE -e '1s/^#CREATED: *([0-9]{4})-?([0-9]{2})-?([0-9]{2}).*$/\1\2\3/p'
-}
-
-checkexpiry_auditfile()
-{
- created=`gettimestamp_auditfile`
- expiry=`date -u -v-$1d '+%Y%m%d'`
- [ "$created" -gt "$expiry" ];
-}
-
-portaudit_prerequisites()
-{
- if $prerequisites_checked; then
- return 0
- fi
-
- if [ -z "${pkg_info:-}" ]; then
- if [ -x "%%LOCALBASE%%/sbin/pkg_info" ]; then
- pkg_info="%%LOCALBASE%%/sbin/pkg_info"
- else
- pkg_info="/usr/sbin/pkg_info"
- fi
- fi
-
- if [ -z "${pkg_version:-}"]; then
- case "$pkg_info" in
- */*)
- pkg_version="${pkg_info%/*}/pkg_version";;
- *)
- pkg_version="pkg_version";;
- esac
- fi
-
- PKG_INSTALL_VER=`$pkg_info -qP 2>/dev/null`
- if [ -z "$PKG_INSTALL_VER" -o "$PKG_INSTALL_VER" -lt %%REQPKGVER%% ]; then
- echo "$pkg_info is too old, please update port sysutils/pkg_install-devel"
- return 1
- fi
-
- if [ ! -r "$portaudit_dir/$portaudit_filename" ]; then
- echo "portaudit: Database missing, run \`portaudit -F' to update." >&2
- return 2
- elif ! checksum_auditfile; then
- echo "portaudit: Corrupt database." >&2
- return 2
- elif ! checkexpiry_auditfile 14; then
- echo "portaudit: Database too old." >&2
- return 2
- fi
-
- prerequisites_checked=true
- return 0
-}
-
-audit_installed()
-{
- local rc=0
- local osversion=`sysctl -n kern.osreldate`
-
- fixedre=`echo -n $portaudit_fixed | tr -c '[:alnum:]- \t\n' 'x' | tr -s ' \t\n' '|'`
-
- extract_auditfile | awk -F\| "$PRINTAFFECTED_AWK"'
- BEGIN { vul=0; fixedre="'"$fixedre"'" }
- /^(#|\$)/ { next }
- $2 !~ /'"$opt_restrict"'/ { next }
- $1 ~ /^FreeBSD[<=>!]/ {
- if (fixedre && $2 ~ fixedre) next
- if (!system("'"$pkg_version"' -T \"FreeBSD-'"$osversion"'\" \"" $1 "\"")) {
- print_affected("FreeBSD-'"$osversion"'", \
- "To disable this check add the uuid to \`portaudit_fixed'"'"' in %%PREFIX%%/etc/portaudit.conf")
- }
- next
- }
- {
- cmd="'"$pkg_info"' -E \"" $1 "\""
- while((cmd | getline pkg) > 0) {
- vul++
- print_affected(pkg, "")
- }
- close(cmd)
- }
- END {
- if ("'$opt_quiet'" == "false") {
- print vul " problem(s) in your installed packages found."
- }
- if (vul > 0) {
- if ("'$opt_quiet'" == "false") {
- print "\nYou are advised to update or deinstall" \
- " the affected package(s) immediately."
- }
- exit(1)
- }
- }
- ' || rc=$?
-
- return $rc
-}
-
-audit_file()
-{
- local rc=0
- local TMPFILE=
-
- case "$1" in
- -)
- TMPFILE=`mktemp -t portaudit`
- cat > "$TMPFILE"
- FILE="$TMPFILE"
- ;;
- http://*|ftp://*|https://*|file://*)
- echo "portaudit: Can't audit remote file $1" >&2
- return 2
- ;;
- *)
- if [ -r "$1" ]; then
- FILE="$1"
- else
- echo "portaudit: Can't read $1" >&2
- return 2
- fi
- ;;
- esac
-
- extract_auditfile | awk -F\| "$PRINTAFFECTED_AWK"'
- BEGIN { vul=0 }
- /^(#|\$)/ { next }
- {
- cmd="'"$pkg_version"' -T - \"" $1 "\" <\"'"$FILE"'\""
- while((cmd | getline pkg) > 0) {
- if ($2 !~ /'"$opt_restrict"'/)
- continue
- vul++
- print_affected(pkg, "")
- }
- close(cmd)
- }
- END {
- print vul " problem(s) found."
- if (vul > 0) {
- exit(1)
- }
- }
- ' || rc=$?
-
- if [ -n "$TMPFILE" ]; then
- rm "$TMPFILE"
- fi
- return $rc
-}
-
-audit_args()
-{
- local VULCNT=0
- while [ $# -gt 0 ]; do
- case "$1" in
- /*|-)
- echo "portaudit: $1 is a file, please use the -f option" >&2
- ;;
- http://*|ftp://*|https://*|file://*)
- echo "portaudit: Can't audit remote file $1" >&2
- ;;
- *)
- if VLIST=`extract_auditfile | awk -F\| '
- /^(#|\$)/ { next }
- $2 !~ /'"$opt_restrict"'/ { next }
- { print }
- ' | $pkg_version -T "$1" -`; then
- VULCNT=$(($VULCNT+1))
- echo "$VLIST" | awk -F\| "$PRINTAFFECTED_AWK"'
- { print_affected("'"$1"'", "") }
- '
- fi
- ;;
- esac
- shift
- done
- $opt_quiet || echo "$VULCNT problem(s) found."
- if [ $VULCNT -gt 0 ]; then
- return 1
- fi
-}
-
-audit_cwd()
-{
- if [ ! -r "Makefile" ]; then
- echo "portaudit: No Makefile here" >&2
- return 2
- fi
-
- PKGNAME=`make -VPKGNAME 2>/dev/null || true"`
-
- if [ -z "$PKGNAME" ]; then
- echo "portaudit: Can't determine the package name" >&2
- return 2
- fi
-
- if VLIST=`extract_auditfile | awk -F\| '
- /^(#|\$)/ { next }
- $2 !~ /'"$opt_restrict"'/ { next }
- { print }
- ' | $pkg_version -T "$PKGNAME" -`; then
- echo "$VLIST" | awk -F\| "$PRINTAFFECTED_AWK"'
- { print_affected("'"$PKGNAME"'", "") }
- '
- return 1
- fi
-}
-
-fetch_auditfile()
-{
- local rc=2
-
- if [ ! -d "$portaudit_dir" ]; then
- if ! mkdir -p "$portaudit_dir"; then
- echo "Couldn't create $portaudit_dir, try running \`portaudit -F' as root" >&2
- return 2
- fi
- fi
- if [ ! -w "$portaudit_dir" ]; then
- echo "Couldn't write to $portaudit_dir, try running \`portaudit -F' as root" >&2
- return 2
-
- fi
- cd "$portaudit_dir"
- if [ -r "$portaudit_filename" ]; then
- cp -f "$portaudit_filename" "$portaudit_filename.old"
- fi
-
- $opt_verbose && echo "Attempting to fetch from $portaudit_sites."
- urls=`echo "$portaudit_sites" | tr -s ' \t' '\n' | sed -E -e "s/?\$/$portaudit_filename"`
-
- if ! env $portaudit_fetch_env $portaudit_fetch_cmd $urls; then
- echo "Couldn't fetch database." >&2
- elif [ ! -f "$portaudit_dir/$portaudit_filename" ] ; then
- echo "portaudit: No database." >&2
- elif ! checksum_auditfile; then
- echo "portaudit: Database corrupt." >&2
- elif ! checkexpiry_auditfile 7; then
- echo "portaudit: Database too old." >&2
- else
- $opt_quiet || echo "New database installed."
- rc=0
- break
- fi
-
- if [ -f "$portaudit_filename.old" ]; then
- if [ $rc -eq 0 ]; then
- rm -f "$portaudit_filename.old"
- else
- mv -f "$portaudit_filename.old" "$portaudit_filename"
- $opt_quiet || echo "Old database restored."
- fi
- fi
- if [ -f "$portaudit_filename" ]; then
- chmod a=r "$portaudit_filename"
- fi
-
- return $rc
-}
-
-portaudit_confs
-
-opt_audit=false
-opt_auditcwd=false
-opt_dbversion=false
-opt_fetch=false
-opt_file=
-opt_quiet=false
-opt_restrict=
-opt_verbose=false
-opt_version=false
-opt_expiry=
-
-if [ $# -eq 0 ] ; then
- opt_audit=true
-fi
-
-while getopts aCdf:Fqr:vVX: opt; do
- case "$opt" in
- a)
- opt_audit=true;;
- C)
- opt_auditcwd=true;;
- d)
- opt_dbversion=true;;
- f)
- opt_file="$OPTARG";;
- F)
- opt_fetch=true;;
- q)
- opt_quiet=true;;
- r)
- opt_restrict="$OPTARG";;
- v)
- opt_verbose=true;;
- V)
- opt_version=true;;
- X)
- opt_expiry="$OPTARG";;
- ?)
- echo "Usage: $0 -aCdFVvq [-X days] [-r pattern] [-f file] [pkg-name ...]"
- exit 2;;
- esac
-done
-
-shift $(($OPTIND-1))
-
-ret=0
-
-if $opt_version; then
- echo "portaudit version %%PORTVERSION%%"
-fi
-
-if $opt_fetch; then
- if ! fetch_auditfile; then
- echo "portaudit: Download failed." >&2
- exit 2
- fi
-elif [ -n "$opt_expiry" ]; then
- if [ ! -r "$portaudit_dir/$portaudit_filename" ] || ! checkexpiry_auditfile "$opt_expiry"; then
- $opt_quiet || echo "Downloading fresh database."
- if ! fetch_auditfile; then
- echo "portaudit: Download failed." >&2
- exit 2
- fi
- ret=1
- fi
-fi
-
-if $opt_dbversion; then
- if [ ! -f "$portaudit_dir/$portaudit_filename" ]; then
- echo "portaudit: Database missing, run \`portaudit -F' to update." >&2
- exit 2
- fi
- if ! checksum_auditfile; then
- echo "portaudit: Database corrupt." >&2
- exit 2
- fi
- created=`getcreated_auditfile`
- echo "Database created: `date -j -f '%Y-%m-%d %H:%M:%S %Z' \"$created GMT\"`"
-fi
-
-prerequisites_checked=false
-
-if $opt_quiet; then
- PRINTAFFECTED_AWK='
- function print_affected(apkg, note) {
- print apkg
- }
- '
-elif $opt_verbose; then
- PRINTAFFECTED_AWK='
- function print_affected(apkg, note) {
- split(apkg, thepkg)
- print "Affected package: " thepkg[1] " (matched by " $1 ")"
- print "Type of problem: " $3 "."
- split($2, ref, / /)
- for (r in ref)
- print "Reference: <" ref[r] ">"
- if (note)
- print "Note: " note
- print ""
- }
- '
-else
- PRINTAFFECTED_AWK='
- function print_affected(apkg, note) {
- split(apkg, thepkg)
- print "Affected package: " thepkg[1]
- print "Type of problem: " $3 "."
- split($2, ref, / /)
- for (r in ref)
- print "Reference: <" ref[r] ">"
- if (note)
- print "Note: " note
- print ""
- }
- '
-fi
-
-if $opt_audit; then
- portaudit_prerequisites
- audit_installed || ret=$?
-fi
-
-if $opt_auditcwd; then
- portaudit_prerequisites
- audit_cwd || ret=$?
-fi
-
-if [ -n "$opt_file" ]; then
- portaudit_prerequisites
- audit_file "$opt_file" || ret=$?
-fi
-
-if [ $# -gt 0 ]; then
- portaudit_prerequisites
- audit_args "$@" || ret=$?
-fi
-
-exit $ret
diff --git a/ports-mgmt/portaudit/files/portaudit.1 b/ports-mgmt/portaudit/files/portaudit.1
deleted file mode 100644
index da683a2a6e8b..000000000000
--- a/ports-mgmt/portaudit/files/portaudit.1
+++ /dev/null
@@ -1,175 +0,0 @@
-.\" Copyright (c) 2004 Oliver Eikemeier. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions are
-.\" met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright notice
-.\" this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the author nor the names of its contributors may be
-.\" used to endorse or promote products derived from this software without
-.\" specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
-.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-.\" COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.\" $FreeBSD$
-.\"
-.Dd July 3, 2005
-.Os
-.Dt PORTAUDIT \&1 "FreeBSD ports collection"
-.
-.
-.Sh NAME
-.
-.Nm portaudit
-.Nd system to check installed packages for known vulnerabilities
-.
-.
-.Sh SYNOPSIS
-.
-.Nm
-.Op Fl aCdFqvV
-.Op Fl X Ar days
-.Op Fl f Ar file
-.Op Fl r Ar eregex
-.Op Ar pkg-name ...
-.
-.
-.Sh DESCRIPTION
-.
-.Nm
-checks installed packages for known vulnerabilities and generates reports
-including references to security advisories.
-Its intended audience is system administrators and individual users.
-.Pp
-.Nm
-uses a database maintained by port committers and the FreeBSD security team
-to check if security advisories for any installed packages exist.
-Note that a current ports tree (or any local copy of the ports tree) is not
-required for operation.
-.Pp
-This package also installs a script into %%PREFIX%%/etc/periodic/security
-that regularly updates this database and includes a report of vulnerable
-packages in the daily security report.
-.Pp
-If you have a vulnerable package installed, you are advised to update or
-deinstall it immediately.
-.
-.
-.Sh OPTIONS
-.
-The following options are supported:
-.Bl -tag -width ".Fl X"
-.It Fl a
-Print a vulnerability report for all installed packages.
-.It Fl C
-Print a vulnerability report for the port in the current working directory.
-Mostly useful for port developers.
-.It Fl d
-Print the creation date of the database.
-.It Fl F
-Fetch the current database from the
-.Fx
-servers.
-.It Fl q
-Quiet mode.
-.It Fl V
-Show
-.Nm
-version number.
-.It Fl v
-Verbose mode.
-.It Fl X Ar days
-Download a fresh database when the local is at least
-.Ar days
-old.
-.It Fl f Ar file
-Check the packages listed in
-.Ar file
-for known vulnerabilities.
-.It Fl r Ar eregex
-Restrict listed vulnerabilities to those where a reference matches
-.Xr egrep 1
-pattern
-.Ar eregex .
-Useful to test new entries.
-.It Ar pkg-name ...
-Test whether
-.Ar pkg-name
-is listed in the audit database.
-.El
-.Pp
-If no options are given,
-.Nm
-prints a vulnerability report for all installed packages.
-.
-.
-.Sh EXAMPLES
-.
-.Bl -item
-.It
-Fetch the current database and print its creation date:
-.Pp
-.Dl "portaudit -Fd"
-.It
-Print a vulnerability report for all installed packages:
-.Pp
-.Dl "portaudit -a"
-.It
-Print a vulnerability report for a remote machine:
-.Pp
-.Dl "ssh remote.example pkg_info | awk '{ print $1 }' | xargs portaudit"
-.It
-Print a vulnerability report for the local INDEX:
-.Pp
-.Dl "portaudit -f %%PORTSDIR%%/%%INDEXFILE%%"
-.It
-Print a vulnerability report for the current set of prebuild packages:
-.Pp
-.Dl "curl -l ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/All/ | sed -n -e 's/\.t[bg]z[[:cntrl:]]*$//p' | portaudit -f -"
-.El
-.
-.
-.Sh FILES
-.
-.Pa %%PREFIX%%/etc/portaudit.conf ,
-.Pa %%DATABASEDIR%%/auditfile.tbz
-.
-.
-.Sh SEE ALSO
-.
-.Xr ports 7 ,
-.Xr periodic.conf 5 ,
-.Pa http://www.FreeBSD.org/ports/portaudit/ ,
-.Pa http://www.FreeBSD.org/security/#adv ,
-.Pa http://FreeBSD.VuXML.org/ .
-.
-.
-.Sh BUGS
-.
-Sure to be some.
-.
-.
-.Sh AUTHOR
-.
-.An Oliver Eikemeier Aq eik@FreeBSD.org
-.
-.
-.Sh HISTORY
-.
-Package auditing first appeared in
-.Nx 1.4.3 .
diff --git a/ports-mgmt/portaudit/files/portaudit.conf b/ports-mgmt/portaudit/files/portaudit.conf
deleted file mode 100644
index c4b7362594c8..000000000000
--- a/ports-mgmt/portaudit/files/portaudit.conf
+++ /dev/null
@@ -1,19 +0,0 @@
-#
-# Sample configuration file for portaudit(1)
-#
-# copy to %%PREFIX%%/etc/portaudit.conf
-#
-# $FreeBSD$
-#
-
-# specify a proxy if needed, see fetch(3)
-#portaudit_fetch_env="FTP_PROXY=http://ftp.proxy.sample/ HTTP_PROXY=http://http.proxy.sample:80/"
-
-# default fetch command
-#portaudit_fetch_cmd="fetch -1amp"
-
-# specify a local mirror that generates databases with portaudit-db here
-#portaudit_sites="http://www.FreeBSD.org/ports/"
-
-# this vulnerability has been fixed in your FreeBSD version
-#portaudit_fixed="d2102505-f03d-11d8-81b0-000347a4fa7d"
diff --git a/ports-mgmt/portaudit/files/portaudit.sh b/ports-mgmt/portaudit/files/portaudit.sh
deleted file mode 100644
index 8e3b460ec750..000000000000
--- a/ports-mgmt/portaudit/files/portaudit.sh
+++ /dev/null
@@ -1,61 +0,0 @@
-#!/bin/sh -f
-#
-# Copyright (c) 2004 Oliver Eikemeier. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#
-# 1. Redistributions of source code must retain the above copyright notice
-# this list of conditions and the following disclaimer.
-#
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-#
-# 3. Neither the name of the author nor the names of its contributors may be
-# used to endorse or promote products derived from this software without
-# specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
-# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-# $FreeBSD$
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]; then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-rc=0
-case "${daily_status_security_portaudit_enable:-YES}" in
- [Nn][Oo])
- ;;
- *)
- echo
- echo "Checking for a current audit database:"
- echo
- %%PREFIX%%/sbin/portaudit -X "${daily_status_security_portaudit_expiry:-2}" || rc=$?
- if [ $rc -lt 2 ]; then
- %%PREFIX%%/sbin/portaudit -d
- echo
- echo "Checking for packages with security vulnerabilities:"
- echo
- echo %%PREFIX%%/sbin/portaudit -a |
- su -fm "${daily_status_security_portaudit_user:-nobody}" || rc=$?
- fi
- ;;
-esac
-
-exit "$rc"
diff --git a/ports-mgmt/portaudit/pkg-deinstall b/ports-mgmt/portaudit/pkg-deinstall
deleted file mode 100644
index 948c7135abb6..000000000000
--- a/ports-mgmt/portaudit/pkg-deinstall
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-
-case $2 in
-POST-DEINSTALL)
- echo
- echo "The portaudit package has been deleted."
- if [ -f "%%DATABASEDIR%%/auditfile.tbz" ]; then
- echo "If you're *not* upgrading and won't be using"
- echo "it any longer, you may want to remove the"
- echo "portaudit database:"
- echo
- echo " rm -Rf %%DATABASEDIR%%"
- fi
- echo
- ;;
-esac
diff --git a/ports-mgmt/portaudit/pkg-descr b/ports-mgmt/portaudit/pkg-descr
deleted file mode 100644
index 9dd30dd115f6..000000000000
--- a/ports-mgmt/portaudit/pkg-descr
+++ /dev/null
@@ -1,16 +0,0 @@
-portaudit provides a system to check if installed ports are listed in a
-database of published security vulnerabilities.
-
-After installation it will update this security database automatically and
-include its reports in the output of the daily security run.
-
-If you have found a vulnerability not listed in the database, please contact
-the FreeBSD Security Officer <security-officer@FreeBSD.org>. Refer to
-
- http://www.freebsd.org/security/#sec
-
-for more information.
-
-WWW: http://people.freebsd.org/~eik/portaudit/
-
-Oliver Eikemeier <eik@FreeBSD.org>
diff --git a/ports-mgmt/portaudit/pkg-install b/ports-mgmt/portaudit/pkg-install
deleted file mode 100644
index 6ee3e0433e46..000000000000
--- a/ports-mgmt/portaudit/pkg-install
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-
-PREFIX="${PREFIX:-%%PREFIX%%}"
-
-case $2 in
-PRE-INSTALL)
- if egrep -qs "^(FETCH|MASTER_SITE)_" "$PREFIX/etc/portaudit.conf" ;then
- echo
- echo "*** WARNING ***"
- echo
- echo "The preference file format has changed. Please edit"
- echo " $PREFIX/etc/portaudit.conf"
- echo
- fi
- if egrep -qs "^daily_status_portaudit_" "/etc/periodic.conf" ;then
- echo
- echo "*** WARNING ***"
- echo
- echo "The periodic(8) names have changed. Please edit"
- echo " /etc/periodic.conf"
- echo
- fi
- ;;
-POST-INSTALL)
- if [ ! -f "%%DATABASEDIR%%/auditfile.tbz" ]; then
- echo
- echo "===> To check your installed ports for known vulnerabilities now, do:"
- echo
- echo " $PREFIX/sbin/portaudit -Fda"
- echo
- fi
- ;;
-esac
diff --git a/ports-mgmt/portaudit/pkg-plist b/ports-mgmt/portaudit/pkg-plist
deleted file mode 100644
index 84b4ccaaf52e..000000000000
--- a/ports-mgmt/portaudit/pkg-plist
+++ /dev/null
@@ -1,7 +0,0 @@
-sbin/portaudit
-etc/portaudit.conf.sample
-%%PERIODICDIR%%/security/410.portaudit
-@unexec rmdir %D/%%PERIODICDIR%%/security 2>/dev/null || true
-@unexec rmdir %D/%%PERIODICDIR%% 2>/dev/null || true
-@exec mkdir -p %%DATABASEDIR%%
-@unexec rmdir %%DATABASEDIR%% 2>/dev/null || true
diff --git a/ports-mgmt/portaudit/pkg-req b/ports-mgmt/portaudit/pkg-req
deleted file mode 100644
index 5a8ba2d087db..000000000000
--- a/ports-mgmt/portaudit/pkg-req
+++ /dev/null
@@ -1,32 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-
-case $2 in
-INSTALL)
- if [ -z "${PKG_INFO}" ]; then
- if [ -x "%%LOCALBASE%%/sbin/pkg_info" ]; then
- PKG_INFO="%%LOCALBASE%%/sbin/pkg_info"
- else
- PKG_INFO="/usr/sbin/pkg_info"
- fi
- fi
-
- if [ ! -x "${PKG_INFO}" ]; then
- echo "${PKG_INFO} missing, please install port sysutils/pkg_install-devel"
- exit 1
- fi
-
- PKG_INSTALL_VER=`${PKG_INFO} -qP 2>/dev/null`
- if [ -z "${PKG_INSTALL_VER}" -o "${PKG_INSTALL_VER}" -lt %%REQPKGVER%% ]; then
- echo "${PKG_INFO} is too old, please update port sysutils/pkg_install-devel"
- exit 1
- fi
-
- if [ "`echo FreeBSD | tr -s .`" != "FreeBSD" ]; then
- echo "tr(1) is broken."
- exit 1
- fi
- ;;
-esac