From 53ec7442a9325113735ee05e7835d4ac9f2b4c7c Mon Sep 17 00:00:00 2001 From: Oliver Eikemeier Date: Sat, 12 Jun 2004 22:43:44 +0000 Subject: portaudit-db generates a portaudit database from a current ports tree. It also features a file `database/portaudit.txt' where UUIDs for vulnerabilities can be allocated quickly before they are moved to the VuXML database. Call `packaudit' after upgrading your ports tree. --- security/portaudit-db/files/packaudit.conf | 9 + security/portaudit-db/files/packaudit.sh | 112 +++++++++ security/portaudit-db/files/vuxml2html.xslt | 287 +++++++++++++++++++++++ security/portaudit-db/files/vuxml2portaudit.xslt | 92 ++++++++ 4 files changed, 500 insertions(+) create mode 100644 security/portaudit-db/files/packaudit.conf create mode 100644 security/portaudit-db/files/packaudit.sh create mode 100644 security/portaudit-db/files/vuxml2html.xslt create mode 100644 security/portaudit-db/files/vuxml2portaudit.xslt (limited to 'security/portaudit-db/files') diff --git a/security/portaudit-db/files/packaudit.conf b/security/portaudit-db/files/packaudit.conf new file mode 100644 index 000000000000..6b952effc14f --- /dev/null +++ b/security/portaudit-db/files/packaudit.conf @@ -0,0 +1,9 @@ +# +# $FreeBSD$ +# +# packaudit.conf sample file +# + +# avoid network access +export SGML_CATALOG_FILES="%%LOCALBASE%%/share/xml/catalog" +XSLTPROC_EXTRA_ARGS="--catalogs --nonet" diff --git a/security/portaudit-db/files/packaudit.sh b/security/portaudit-db/files/packaudit.sh new file mode 100644 index 000000000000..ff8ebd767625 --- /dev/null +++ b/security/portaudit-db/files/packaudit.sh @@ -0,0 +1,112 @@ +#!/bin/sh -e +# +# Copyright (c) 2004 Oliver Eikemeier. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# +# 1. Redistributions of source code must retain the above copyright notice +# this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# 3. Neither the name of the author nor the names of its contributors may be +# used to endorse or promote products derived from this software without +# specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, +# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# $FreeBSD$ +# + +AWK=/usr/bin/awk +BASENAME=/usr/bin/basename +CAT=/bin/cat +DATE=/bin/date +ENV=/usr/bin/env +MD5=/sbin/md5 +MKTEMP=/usr/bin/mktemp +RM=/bin/rm +SED=/usr/bin/sed +TAR=/usr/bin/tar +XSLTPROC=%%LOCALBASE%%/bin/xsltproc + +PORTSDIR="${PORTSDIR:-%%PORTSDIR%%}" +VUXMLDIR="${VUXMLDIR:-$PORTSDIR/security/vuxml}" +PORTAUDITDBDIR="${PORTAUDITDBDIR:-$PORTSDIR/security/portaudit-db}" + +DATABASEDIR="${DATABASEDIR:-%%DATABASEDIR%%}" + +STYLESHEET="%%DATADIR%%/vuxml2portaudit.xslt" + +PUBLIC_HTML="${PUBLIC_HTML:-$HOME/public_html/portaudit}" +HTMLSHEET="%%DATADIR%%/vuxml2html.xslt" +BASEURL="http://people.freebsd.org/~eik/portaudit/" + +[ -r "%%PREFIX%%/etc/packaudit.conf" ] && . "%%PREFIX%%/etc/packaudit.conf" + +VULVER=`$SED -En -e '/^.*\\$FreeBSD\: [^$ ]+,v ([0-9]+(\.[0-9]+)+) [^$]+\\$.*$/{s//\1/p;q;}' "$VUXMLDIR/vuln.xml"` +VULURL="http://cvsweb.freebsd.org/ports/security/vuxml/vuln.xml?rev=$VULVER" + +if [ -d "$PUBLIC_HTML" ]; then + VULNMD5=`$CAT "$VUXMLDIR/vuln.xml" "$PORTAUDITDBDIR/database/portaudit.xml" | $MD5` + if [ -f "$PUBLIC_HTML/portaudit.md5" ]; then + VULNMD5_OLD=`$CAT "$PUBLIC_HTML/portaudit.md5"` + fi + if [ "$VULNMD5" != "$VULNMD5_OLD" ]; then + echo -n "$VULNMD5" > "$PUBLIC_HTML/portaudit.md5" + $XSLTPROC $XSLTPROC_EXTRA_ARGS --stringparam vulurl "$VULURL" --stringparam extradoc "$PORTAUDITDBDIR/database/portaudit.xml" \ + -o "$PUBLIC_HTML/" "$HTMLSHEET" "$VUXMLDIR/vuln.xml" + fi +fi + +TMPNAME=`$BASENAME "$0"` +TMPDIR=`$MKTEMP -d -t "$TMPNAME.$$"` || exit 1 + +TESTPORT="vulnerability-test-port>=2000<`$DATE -u +%Y.%m.%d`" +TESTURL="http://cvsweb.freebsd.org/ports/security/vulnerability-test-port/" +TESTREASON="Not vulnerable, just a test port (database: `$DATE -u +%Y-%m-%d`)" + +XLIST_FILE="$PORTAUDITDBDIR/database/portaudit.xlist" + +cd "$TMPDIR" || exit 1 +{ + $DATE -u "+#CREATED: %Y-%m-%d %H:%M:%S" + echo "# Created by packaudit %%PORTVERSION%%" + echo "$TESTPORT|$TESTURL|$TESTREASON" + echo "# Please refer to the original document for copyright information:" + echo "# $VULURL" + $XSLTPROC $XSLTPROC_EXTRA_ARGS --stringparam baseurl "$BASEURL" "$STYLESHEET" "$VUXMLDIR/vuln.xml" + echo "# This part is in the public domain" + $XSLTPROC $XSLTPROC_EXTRA_ARGS --stringparam baseurl "$BASEURL" "$STYLESHEET" "$PORTAUDITDBDIR/database/portaudit.xml" + $CAT "$PORTAUDITDBDIR/database/portaudit.txt" +} | $AWK -F\| -v XLIST_FILE="$XLIST_FILE" ' + BEGIN { + while((getline < XLIST_FILE) > 0) + if(!/^(#|$)/) + ignore[$1]=1 + } + /^(#|$)/ { + print + next + } + { + if (!ignore[$4]) + print $1 "|" $2 "|" $3 + }' > auditfile +echo "#CHECKSUM: MD5 `$MD5 < auditfile`" >> auditfile +$TAR -jcf "$DATABASEDIR/auditfile.tbz" auditfile +cd +$RM -Rf "$TMPDIR" diff --git a/security/portaudit-db/files/vuxml2html.xslt b/security/portaudit-db/files/vuxml2html.xslt new file mode 100644 index 000000000000..75a5e4cfc48b --- /dev/null +++ b/security/portaudit-db/files/vuxml2html.xslt @@ -0,0 +1,287 @@ + + + + + + + + + + + + portaudit: Vulnerability list + + + +
+ +
+

Vulnerabilities

+ + + + + + + + +
+ + + + + +
+

+ [Sorted by package name] +

+ + + + + + + + + portaudit: Vulnerability list by packages + + + +
+ +
+

Vulnerabilities

+ + + + + + + + + +
+ + + + + +
+

+ [Sorted by last modification] +

+ + + + + + + + + + portaudit: <xsl:value-of select="vuxml:topic"/> + + + +
+ +
+

+ +

+

Description:

+ +

References:

+
    + +
+

Affects:

+
    + + + + +
  • + + +
    • +     +     +     + + + + +
  • + + +
    • +     +     +     +
+ + + + + + + + + +
  • + + + +
    • +     + +
  • CVE name
    • +     + +
  • BugTraq ID
    • +     + +
  • CERT security advisory
    • +     + +
  • CERT vulnerability note
    • +     + +
  • FreeBSD security advisory FreeBSD-
    • +     + + + < + + + + <= + + + + > + + + + >= + + + + = + + + + + + + + + + Navigation Bar + + Top + Applications + Support + Documentation + Vendors + Search + Index + Top + Top + + + +
    +

    Disclaimer: The data contained on this page is derived for the VuXML document, + please refer to the the original document for copyright information. The author of + portaudit makes no claim of authorship or ownership of any of the information contained herein.

    +

    + If you have found a vulnerability in a FreeBSD port not listed in the + database, please contact the + FreeBSD Security Officer. Refer to + "FreeBSD Security + Information" for more information. +

    +
    +
    + Oliver Eikemeier <eik@FreeBSD.org> +
    +     +     diff --git a/security/portaudit-db/files/vuxml2portaudit.xslt b/security/portaudit-db/files/vuxml2portaudit.xslt new file mode 100644 index 000000000000..60beed5ec52e --- /dev/null +++ b/security/portaudit-db/files/vuxml2portaudit.xslt @@ -0,0 +1,92 @@ + + + + + + + + + + + # Converted by vuxml2portaudit + + + + + + + + + + + | + + + .html + | + + | + + + + + + + + + + < + + + + <= + + + + > + + + + >= + + + + = + + + -- cgit v1.2.3