pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/audit-packages Add a file format version to p...
details: https://anonhg.NetBSD.org/pkgsrc/rev/78f4ee25fcf6
branches: trunk
changeset: 495373:78f4ee25fcf6
user: dillo <dillo%pkgsrc.org@localhost>
date: Tue Jun 07 19:17:01 2005 +0000
description:
Add a file format version to pkg-vulnerabilities, and check for
its compatiblity. Bump version to 1.35
Done during the freeze to have the support on the branch.
Okayed by wiz.
diffstat:
security/audit-packages/Makefile | 4 +-
security/audit-packages/files/audit-packages | 48 ++++++++++-
security/audit-packages/files/audit-packages.0 | 102 ++++++++++++++++--------
security/audit-packages/files/audit-packages.8 | 39 ++++++++-
4 files changed, 145 insertions(+), 48 deletions(-)
diffs (298 lines):
diff -r 52f329d05d05 -r 78f4ee25fcf6 security/audit-packages/Makefile
--- a/security/audit-packages/Makefile Tue Jun 07 17:53:08 2005 +0000
+++ b/security/audit-packages/Makefile Tue Jun 07 19:17:01 2005 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.54 2005/05/21 16:36:37 dillo Exp $
+# $NetBSD: Makefile,v 1.55 2005/06/07 19:17:01 dillo Exp $
-DISTNAME= audit-packages-1.34
+DISTNAME= audit-packages-1.35
CATEGORIES= security pkgtools
MASTER_SITES= # empty
DISTFILES= # empty
diff -r 52f329d05d05 -r 78f4ee25fcf6 security/audit-packages/files/audit-packages
--- a/security/audit-packages/files/audit-packages Tue Jun 07 17:53:08 2005 +0000
+++ b/security/audit-packages/files/audit-packages Tue Jun 07 19:17:01 2005 +0000
@@ -1,6 +1,6 @@
#! @SH@
#
-# $NetBSD: audit-packages,v 1.18 2005/05/21 16:36:37 dillo Exp $
+# $NetBSD: audit-packages,v 1.19 2005/06/07 19:17:01 dillo Exp $
#
# Copyright (c) 2000-2003 Alistair Crooks. All rights reserved.
#
@@ -33,8 +33,14 @@
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
+ERR_DOWNLOAD="Please run download-vulnerability-list"
+ERR_UPGRADE="Please upgrade audit-packages to the newest version"
+
: ${PKGVULNDIR=@PKGVULNDIR@}
+FORMAT_MAJOR=1
+FORMAT_MINOR=0
+
if [ -r @PKG_SYSCONFDIR@/audit-packages.conf ]; then
echo "Reading settings from @PKG_SYSCONFDIR@/audit-packages.conf"
. @PKG_SYSCONFDIR@/audit-packages.conf
@@ -53,7 +59,11 @@
errmsg=""
# check for missing vulnerabilities file
-[ ! -f "$vuls" ] && errmsg="** Missing $vuls"
+if [ ! -f "$vuls" ]
+then
+ errmsg="Missing vulnerabilities file $vuls"
+ errsolution="$ERR_DOWNLOAD"
+fi
case "$errmsg" in
"") # check for old vulnerabilities file if we're being verbose
@@ -65,18 +75,42 @@
esac
case "$errmsg" in
+"") # check format version of vulnerabilities file
+ file_major=`@AWK@ '$1 == "#FORMAT" { split($2, a, "\\."); print a[1] }' "$vuls"`
+ file_minor=`@AWK@ '$1 == "#FORMAT" { split($2, a, "\\."); print a[2] }' "$vuls"`
+ if [ "x$file_major" = "x" -o "x$file_minor" = "x" ]
+ then
+ errmsg="No file format version found in $vuls"
+ errsolution="$ERR_DOWNLOAD"
+ elif [ "$file_major" -ne "$FORMAT_MAJOR" -o "$file_minor" -gt "$FORMAT_MINOR" ]
+ then
+ errmsg="Unsupported file format version $file_major.$file_minor in $vuls (supported version: $FORMAT_MAJOR.$FORMAT_MINOR)."
+ if [ "$file_major" -le "$FORMAT_MAJOR" ]
+ then
+ errsolution="$ERR_DOWNLOAD"
+ else
+ errsolution="$ERR_UPGRADE"
+ fi
+ fi
+ ;;
+esac
+
+case "$errmsg" in
"") # check integrity of vulnerabilities file
recordedsum=`@AWK@ '$1 == "#CHECKSUM" { print $3 }' "$vuls"`
recordedalg=`@AWK@ '$1 == "#CHECKSUM" { print $2 }' "$vuls"`
case "$recordedsum" in
- "") errmsg="***WARNING*** No checksum found in $vuls"
+ "") errmsg="No checksum found in $vuls"
+ errsolution="$ERR_DOWNLOAD"
;;
*) case "$recordedalg" in
- "") errmsg="***WARNING*** No checksum algorithm found in $vuls file"
+ "") errmsg="No checksum algorithm found in $vuls file"
+ errsolution="$ERR_DOWNLOAD"
;;
*) calcsum=`@AWK@ '$1 == "#CHECKSUM" || /\$NetBSD.*/ { next } { print }' "$vuls" | @DIGEST@ "$recordedalg"`
if [ "$recordedsum" != "$calcsum" ]; then
- errmsg="***WARNING*** Checksum mismatch - recorded $recordedalg checksum \"$recordedsum\", calculated checksum \"$calcsum\""
+ errmsg="Checksum mismatch - recorded $recordedalg checksum \"$recordedsum\", calculated checksum \"$calcsum\""
+ errsolution="$ERR_DOWNLOAD"
fi
;;
esac
@@ -88,8 +122,8 @@
# if we have found an error, then complain and exit
case "$errmsg" in
"") ;;
-*) echo "$errmsg" 1>&2
- echo "** Please run download-vulnerability-list" 1>&2
+*) echo "***ERROR*** $errmsg" 1>&2
+ echo "** $errsolution" 1>&2
exit 1
;;
esac
diff -r 52f329d05d05 -r 78f4ee25fcf6 security/audit-packages/files/audit-packages.0
--- a/security/audit-packages/files/audit-packages.0 Tue Jun 07 17:53:08 2005 +0000
+++ b/security/audit-packages/files/audit-packages.0 Tue Jun 07 19:17:01 2005 +0000
@@ -1,7 +1,7 @@
AUDIT-PACKAGES(8) NetBSD System Manager's Manual AUDIT-PACKAGES(8)
N�NA�AM�ME�E
- a�au�ud�di�it�t-�-p�pa�ac�ck�ka�ag�ge�es�s, d�do�ow�wn�nl�lo�oa�ad�d-�-v�vu�ul�ln�ne�er�ra�ab�bi�il�li�it�ty�y-�-l�li�is�st�t - show vulnerabilities in
+ a�au�ud�di�it�t-�-p�pa�ac�ck�ka�ag�ge�es�s, d�do�ow�wn�nl�lo�oa�ad�d-�-v�vu�ul�ln�ne�er�ra�ab�bi�il�li�it�ty�y-�-l�li�is�st�t -- show vulnerabilities in
installed packages
S�SY�YN�NO�OP�PS�SI�IS�S
@@ -25,40 +25,40 @@
Each line lists the package and vulnerable versions, the type of exploit,
and an Internet address for further information. The type of exploit can
be any text, although some common types of exploits listed are:
- +�+�o�o cross-site-html
- +�+�o�o cross-site-scripting
- +�+�o�o denial-of-service
- +�+�o�o file-permissions
- +�+�o�o local-access
- +�+�o�o local-code-execution
- +�+�o�o local-file-read
- +�+�o�o local-file-removal
- +�+�o�o local-file-write
- +�+�o�o local-root-file-view
- +�+�o�o local-root-shell
- +�+�o�o local-symlink-race
- +�+�o�o local-user-file-view
- +�+�o�o local-user-shell
- +�+�o�o privacy-leak
- +�+�o�o remote-code-execution
- +�+�o�o remote-command-inject
- +�+�o�o remote-file-creation
- +�+�o�o remote-file-read
- +�+�o�o remote-file-view
- +�+�o�o remote-file-write
- +�+�o�o remote-key-theft
- +�+�o�o remote-root-access
- +�+�o�o remote-root-shell
- +�+�o�o remote-script-inject
- +�+�o�o remote-server-admin
- +�+�o�o remote-use-of-secret
- +�+�o�o remote-user-access
- +�+�o�o remote-user-file-view
- +�+�o�o remote-user-shell
- +�+�o�o unknown
- +�+�o�o weak-authentication
- +�+�o�o weak-encryption
- +�+�o�o weak-ssl-authentication
+ ·�· cross-site-html
+ ·�· cross-site-scripting
+ ·�· denial-of-service
+ ·�· file-permissions
+ ·�· local-access
+ ·�· local-code-execution
+ ·�· local-file-read
+ ·�· local-file-removal
+ ·�· local-file-write
+ ·�· local-root-file-view
+ ·�· local-root-shell
+ ·�· local-symlink-race
+ ·�· local-user-file-view
+ ·�· local-user-shell
+ ·�· privacy-leak
+ ·�· remote-code-execution
+ ·�· remote-command-inject
+ ·�· remote-file-creation
+ ·�· remote-file-read
+ ·�· remote-file-view
+ ·�· remote-file-write
+ ·�· remote-key-theft
+ ·�· remote-root-access
+ ·�· remote-root-shell
+ ·�· remote-script-inject
+ ·�· remote-server-admin
+ ·�· remote-use-of-secret
+ ·�· remote-user-access
+ ·�· remote-user-file-view
+ ·�· remote-user-shell
+ ·�· unknown
+ ·�· weak-authentication
+ ·�· weak-encryption
+ ·�· weak-ssl-authentication
By default, the vulnerabilities file is stored in the @PKGVULNDIR@ direc-
tory. This can be changed by defining the environment variable
@@ -88,6 +88,36 @@
export FETCH_ARGS="-4"
+D�DI�IA�AG�GN�NO�OS�ST�TI�IC�CS�S
+ The a�au�ud�di�it�t-�-p�pa�ac�ck�ka�ag�ge�es�s utility exits 0 on success, and >0 if an error occurs.
+
+ The following errors can occur:
+
+ Checksum mismatch
+ The vulnerabilities file is corrupted. Run
+ d�do�ow�wn�nl�lo�oa�ad�d-�-v�vu�ul�ln�ne�er�ra�ab�bi�il�li�it�ty�y-�-l�li�is�st�t.
+
+ Missing vulnerabilities file
+ The vulnerabilities file could not be found. Run
+ d�do�ow�wn�nl�lo�oa�ad�d-�-v�vu�ul�ln�ne�er�ra�ab�bi�il�li�it�ty�y-�-l�li�is�st�t.
+
+ No checksum algorithm found
+ The vulnerabilities file is too old or incomplete. Run
+ d�do�ow�wn�nl�lo�oa�ad�d-�-v�vu�ul�ln�ne�er�ra�ab�bi�il�li�it�ty�y-�-l�li�is�st�t.
+
+ No checksum found
+ The vulnerabilities file is too old or incomplete. Run
+ d�do�ow�wn�nl�lo�oa�ad�d-�-v�vu�ul�ln�ne�er�ra�ab�bi�il�li�it�ty�y-�-l�li�is�st�t.
+
+ No file format version found
+ The vulnerabilities file is too old or incomplete. Run
+ d�do�ow�wn�nl�lo�oa�ad�d-�-v�vu�ul�ln�ne�er�ra�ab�bi�il�li�it�ty�y-�-l�li�is�st�t.
+
+ Unsupported file format version
+ The vulnerabilities file is too old or too new. If it's too
+ old, run d�do�ow�wn�nl�lo�oa�ad�d-�-v�vu�ul�ln�ne�er�ra�ab�bi�il�li�it�ty�y-�-l�li�is�st�t. If it's too new,
+ update the a�au�ud�di�it�t-�-p�pa�ac�ck�ka�ag�ge�es�s package.
+
S�SE�EE�E A�AL�LS�SO�O
pkg_info(1), mk.conf(5), packages(7), @PKGSRCDIR@/mk/bsd.pkg.defaults.mk
and
@@ -100,4 +130,4 @@
September 19, 2000. The original idea came from Roland Dowdeswell and
Bill Sommerfeld.
-NetBSD 2.0 May 12, 2004 NetBSD 2.0
+NetBSD 3.0 May 27, 2005 NetBSD 3.0
diff -r 52f329d05d05 -r 78f4ee25fcf6 security/audit-packages/files/audit-packages.8
--- a/security/audit-packages/files/audit-packages.8 Tue Jun 07 17:53:08 2005 +0000
+++ b/security/audit-packages/files/audit-packages.8 Tue Jun 07 19:17:01 2005 +0000
@@ -1,5 +1,6 @@
-.\" $NetBSD: audit-packages.8,v 1.9 2005/05/07 22:15:25 wiz Exp $
-.Dd May 12, 2004
+.\" $NetBSD: audit-packages.8,v 1.10 2005/06/07 19:17:01 dillo Exp $
+.\" XXX: License?
+.Dd May 27, 2005
.Os
.Dt AUDIT-PACKAGES 8
.Sh NAME
@@ -135,7 +136,6 @@
@PKGVULNDIR@/pkg-vulnerabilities
.Pp
@PKG_SYSCONFDIR@/audit-packages.conf
-.\" .Sh EXAMPLES
.Sh EXAMPLES
The
.Nm download-vulnerability-list
@@ -159,6 +159,39 @@
@PKG_SYSCONFDIR@/audit-packages.conf :
.Pp
export FETCH_ARGS="-4"
+.Sh DIAGNOSTICS
+.Ex -std audit-packages
+.Pp
+The following errors can occur:
+.Bl -tag -width 10n
+.It Checksum mismatch
+The vulnerabilities file is corrupted.
+Run
+.Nm download-vulnerability-list .
+.It Missing vulnerabilities file
+The vulnerabilities file could not be found.
+Run
+.Nm download-vulnerability-list .
+.It \&No checksum algorithm found
+The vulnerabilities file is too old or incomplete.
+Run
+.Nm download-vulnerability-list .
+.It \&No checksum found
+The vulnerabilities file is too old or incomplete.
+Run
+.Nm download-vulnerability-list .
+.It \&No file format version found
+The vulnerabilities file is too old or incomplete.
+Run
+.Nm download-vulnerability-list .
+.It Unsupported file format version
+The vulnerabilities file is too old or too new.
+If it's too old, run
+.Nm download-vulnerability-list .
+If it's too new, update the
+.Nm audit-packages
+package.
+.El
.Sh SEE ALSO
.Xr pkg_info 1 ,
.Xr mk.conf 5 ,
Home |
Main Index |
Thread Index |
Old Index