diff --git a/ports-mgmt/portaudit/Makefile b/ports-mgmt/portaudit/Makefile index 7dab2b326c63..f315e2b847c1 100644 --- a/ports-mgmt/portaudit/Makefile +++ b/ports-mgmt/portaudit/Makefile @@ -6,7 +6,7 @@ # PORTNAME= portaudit -PORTVERSION= 0.5.1 +PORTVERSION= 0.5.2 CATEGORIES= security DISTFILES= @@ -38,9 +38,15 @@ SED_SCRIPT= -e 's|%%PREFIX%%|${PREFIX}|g' \ .include -.if ${OSVERSION} < 492000 || ${OSVERSION} >= 500000 && ${OSVERSION} < 502120 +.if !defined(DFOSVERSION) +.if ${OSVERSION} < 491101 || ${OSVERSION} >= 500000 && ${OSVERSION} < 502120 RUN_DEPENDS= ${LOCALBASE}/sbin/pkg_info:${PORTSDIR}/sysutils/pkg_install-devel .endif +.else +.if ${DFOSVERSION} < 110000 +RUN_DEPENDS= ${LOCALBASE}/sbin/pkg_info:${PORTSDIR}/sysutils/pkg_install-devel +.endif +.endif .if defined(BZIP2DEPENDS) RUN_DEPENDS+= bzip2:${PORTSDIR}/archivers/bzip2 diff --git a/ports-mgmt/portaudit/files/portaudit-cmd.sh b/ports-mgmt/portaudit/files/portaudit-cmd.sh index d482f0c0a646..b76be3fc2581 100644 --- a/ports-mgmt/portaudit/files/portaudit-cmd.sh +++ b/ports-mgmt/portaudit/files/portaudit-cmd.sh @@ -127,7 +127,7 @@ audit_installed() { local rc=0 - extract_auditfile | awk -F\| ' + extract_auditfile | awk -F\| "$PRINTAFFECTED_AWK"' BEGIN { vul=0 } /^(#|\$)/ { next } $2 !~ /'"$opt_restrict"'/ { next } @@ -135,12 +135,7 @@ audit_installed() cmd="'"$pkg_info"' -E \"" $1 "\"" while((cmd | getline pkg) > 0) { vul++ - split($2, ref, / /) - print "Affected package: " pkg - print "Type of problem: " $3 "." - for (r in ref) - print "Reference: <" ref[r] ">" - print "" + print_affected(pkg) } close(cmd) } @@ -182,7 +177,7 @@ audit_file() ;; esac - extract_auditfile | awk -F\| ' + extract_auditfile | awk -F\| "$PRINTAFFECTED_AWK"' BEGIN { vul=0 } /^(#|\$)/ { next } { @@ -191,13 +186,7 @@ audit_file() if ($2 !~ /'"$opt_restrict"'/) next vul++ - split($2, ref, / /) - split(pkg, p) - print "Affected package: " p[1] - print "Type of problem: " $3 "." - for (r in ref) - print "Reference: <" ref[r] ">" - print "" + print_affected(pkg) } close(cmd) } @@ -233,14 +222,9 @@ audit_args() { print } ' | $pkg_version -T "$1" -`; then VULCNT=$(($VULCNT+1)) - echo "$VLIST" | awk -F\| '{ - print "Affected package: '$1' (matched by " $1 ")" - print "Type of problem: " $3 "." - split($2, ref, / /) - for (r in ref) - print "Reference: <" ref[r] ">" - print "" - }' + echo "$VLIST" | awk -F\| "$PRINTAFFECTED_AWK"' + { print_affected("'"$1"'") } + ' fi ;; esac @@ -271,14 +255,9 @@ audit_cwd() $2 !~ /'"$opt_restrict"'/ { next } { print } ' | $pkg_version -T "$PKGNAME" -`; then - echo "$VLIST" | awk -F\| '{ - print "Affected package: '$PKGNAME' (matched by " $1 ")" - print "Type of problem: " $3 "." - split($2, ref, / /) - for (r in ref) - print "Reference: <" ref[r] ">" - print "" - }' + echo "$VLIST" | awk -F\| "$PRINTAFFECTED_AWK"' + { print_affected("'"$PKGNAME"'") } + ' return 1 fi } @@ -375,7 +354,7 @@ while getopts aCdf:Fqr:vVX: opt; do X) opt_expiry="$OPTARG";; ?) - echo "Usage: $0 -aCdF [-f file] [pkg-name ...]" + echo "Usage: $0 -aCdF [-X days] [-r pattern] [-f file] [pkg-name ...]" exit 2;; esac done @@ -419,6 +398,38 @@ fi prerequisites_checked=false +if $opt_quiet; then + PRINTAFFECTED_AWK=' + function print_affected(apkg) { + print apkg + } + ' +elif $opt_verbose; then + PRINTAFFECTED_AWK=' + function print_affected(apkg) { + split(apkg, thepkg) + print "Affected package: " thepkg[1] " (matched by " $1 ")" + print "Type of problem: " $3 "." + split($2, ref, / /) + for (r in ref) + print "Reference: <" ref[r] ">" + print "" + } + ' +else + PRINTAFFECTED_AWK=' + function print_affected(apkg) { + split(apkg, thepkg) + print "Affected package: " thepkg[1] + print "Type of problem: " $3 "." + split($2, ref, / /) + for (r in ref) + print "Reference: <" ref[r] ">" + print "" + } + ' +fi + if $opt_audit; then portaudit_prerequisites audit_installed || ret=$? diff --git a/ports-mgmt/portaudit/files/portaudit.1 b/ports-mgmt/portaudit/files/portaudit.1 index f834628f77a1..19531f4db1d2 100644 --- a/ports-mgmt/portaudit/files/portaudit.1 +++ b/ports-mgmt/portaudit/files/portaudit.1 @@ -28,7 +28,7 @@ .\" .\" $FreeBSD$ .\" -.Dd June 29, 2004 +.Dd August 12, 2004 .Os .Dt PORTAUDIT \&1 "FreeBSD ports collection" . @@ -54,7 +54,7 @@ .Nm checks installed packages for known vulnerabilities and generates reports including references to security advisories. -Its audience are system administrators or individual users. +Its intended audience is system administrators and individual users. .Pp .Nm uses a database maintained by port committers and the FreeBSD security team @@ -103,6 +103,10 @@ Test whether .Ar pkg-name is listed in the audit database. .El +.Pp +If no options are given, +.Nm +prints a vulnerability report for all installed packages. . . .Sh EXAMPLES @@ -117,6 +121,10 @@ Print a vulnerability report for all installed packages: .Pp .Dl "portaudit -a" .It +Print a vulnerability report for a remote machine: +.Pp +.Dl "ssh remote.example pkg_info | awk '{ print $1 }' | xargs portaudit" +.It Print a vulnerability report for the local INDEX: .Pp .Dl "portaudit -f %%PORTSDIR%%/%%INDEXFILE%%" diff --git a/security/portaudit/Makefile b/security/portaudit/Makefile index 7dab2b326c63..f315e2b847c1 100644 --- a/security/portaudit/Makefile +++ b/security/portaudit/Makefile @@ -6,7 +6,7 @@ # PORTNAME= portaudit -PORTVERSION= 0.5.1 +PORTVERSION= 0.5.2 CATEGORIES= security DISTFILES= @@ -38,9 +38,15 @@ SED_SCRIPT= -e 's|%%PREFIX%%|${PREFIX}|g' \ .include -.if ${OSVERSION} < 492000 || ${OSVERSION} >= 500000 && ${OSVERSION} < 502120 +.if !defined(DFOSVERSION) +.if ${OSVERSION} < 491101 || ${OSVERSION} >= 500000 && ${OSVERSION} < 502120 RUN_DEPENDS= ${LOCALBASE}/sbin/pkg_info:${PORTSDIR}/sysutils/pkg_install-devel .endif +.else +.if ${DFOSVERSION} < 110000 +RUN_DEPENDS= ${LOCALBASE}/sbin/pkg_info:${PORTSDIR}/sysutils/pkg_install-devel +.endif +.endif .if defined(BZIP2DEPENDS) RUN_DEPENDS+= bzip2:${PORTSDIR}/archivers/bzip2 diff --git a/security/portaudit/files/portaudit-cmd.sh b/security/portaudit/files/portaudit-cmd.sh index d482f0c0a646..b76be3fc2581 100644 --- a/security/portaudit/files/portaudit-cmd.sh +++ b/security/portaudit/files/portaudit-cmd.sh @@ -127,7 +127,7 @@ audit_installed() { local rc=0 - extract_auditfile | awk -F\| ' + extract_auditfile | awk -F\| "$PRINTAFFECTED_AWK"' BEGIN { vul=0 } /^(#|\$)/ { next } $2 !~ /'"$opt_restrict"'/ { next } @@ -135,12 +135,7 @@ audit_installed() cmd="'"$pkg_info"' -E \"" $1 "\"" while((cmd | getline pkg) > 0) { vul++ - split($2, ref, / /) - print "Affected package: " pkg - print "Type of problem: " $3 "." - for (r in ref) - print "Reference: <" ref[r] ">" - print "" + print_affected(pkg) } close(cmd) } @@ -182,7 +177,7 @@ audit_file() ;; esac - extract_auditfile | awk -F\| ' + extract_auditfile | awk -F\| "$PRINTAFFECTED_AWK"' BEGIN { vul=0 } /^(#|\$)/ { next } { @@ -191,13 +186,7 @@ audit_file() if ($2 !~ /'"$opt_restrict"'/) next vul++ - split($2, ref, / /) - split(pkg, p) - print "Affected package: " p[1] - print "Type of problem: " $3 "." - for (r in ref) - print "Reference: <" ref[r] ">" - print "" + print_affected(pkg) } close(cmd) } @@ -233,14 +222,9 @@ audit_args() { print } ' | $pkg_version -T "$1" -`; then VULCNT=$(($VULCNT+1)) - echo "$VLIST" | awk -F\| '{ - print "Affected package: '$1' (matched by " $1 ")" - print "Type of problem: " $3 "." - split($2, ref, / /) - for (r in ref) - print "Reference: <" ref[r] ">" - print "" - }' + echo "$VLIST" | awk -F\| "$PRINTAFFECTED_AWK"' + { print_affected("'"$1"'") } + ' fi ;; esac @@ -271,14 +255,9 @@ audit_cwd() $2 !~ /'"$opt_restrict"'/ { next } { print } ' | $pkg_version -T "$PKGNAME" -`; then - echo "$VLIST" | awk -F\| '{ - print "Affected package: '$PKGNAME' (matched by " $1 ")" - print "Type of problem: " $3 "." - split($2, ref, / /) - for (r in ref) - print "Reference: <" ref[r] ">" - print "" - }' + echo "$VLIST" | awk -F\| "$PRINTAFFECTED_AWK"' + { print_affected("'"$PKGNAME"'") } + ' return 1 fi } @@ -375,7 +354,7 @@ while getopts aCdf:Fqr:vVX: opt; do X) opt_expiry="$OPTARG";; ?) - echo "Usage: $0 -aCdF [-f file] [pkg-name ...]" + echo "Usage: $0 -aCdF [-X days] [-r pattern] [-f file] [pkg-name ...]" exit 2;; esac done @@ -419,6 +398,38 @@ fi prerequisites_checked=false +if $opt_quiet; then + PRINTAFFECTED_AWK=' + function print_affected(apkg) { + print apkg + } + ' +elif $opt_verbose; then + PRINTAFFECTED_AWK=' + function print_affected(apkg) { + split(apkg, thepkg) + print "Affected package: " thepkg[1] " (matched by " $1 ")" + print "Type of problem: " $3 "." + split($2, ref, / /) + for (r in ref) + print "Reference: <" ref[r] ">" + print "" + } + ' +else + PRINTAFFECTED_AWK=' + function print_affected(apkg) { + split(apkg, thepkg) + print "Affected package: " thepkg[1] + print "Type of problem: " $3 "." + split($2, ref, / /) + for (r in ref) + print "Reference: <" ref[r] ">" + print "" + } + ' +fi + if $opt_audit; then portaudit_prerequisites audit_installed || ret=$? diff --git a/security/portaudit/files/portaudit.1 b/security/portaudit/files/portaudit.1 index f834628f77a1..19531f4db1d2 100644 --- a/security/portaudit/files/portaudit.1 +++ b/security/portaudit/files/portaudit.1 @@ -28,7 +28,7 @@ .\" .\" $FreeBSD$ .\" -.Dd June 29, 2004 +.Dd August 12, 2004 .Os .Dt PORTAUDIT \&1 "FreeBSD ports collection" . @@ -54,7 +54,7 @@ .Nm checks installed packages for known vulnerabilities and generates reports including references to security advisories. -Its audience are system administrators or individual users. +Its intended audience is system administrators and individual users. .Pp .Nm uses a database maintained by port committers and the FreeBSD security team @@ -103,6 +103,10 @@ Test whether .Ar pkg-name is listed in the audit database. .El +.Pp +If no options are given, +.Nm +prints a vulnerability report for all installed packages. . . .Sh EXAMPLES @@ -117,6 +121,10 @@ Print a vulnerability report for all installed packages: .Pp .Dl "portaudit -a" .It +Print a vulnerability report for a remote machine: +.Pp +.Dl "ssh remote.example pkg_info | awk '{ print $1 }' | xargs portaudit" +.It Print a vulnerability report for the local INDEX: .Pp .Dl "portaudit -f %%PORTSDIR%%/%%INDEXFILE%%"