netbsd-bugs: pkg/21865: here's a manpage for audit-packages

Subject: pkg/21865: here's a manpage for audit-packages
To: None <gnats-bugs@gnats.netbsd.org>
From: None <reed@reedmedia.net>
List: netbsd-bugs
Date: 06/11/2003 18:54:12
>Number:         21865
>Category:       pkg
>Synopsis:       here's a manpage for audit-packages
>Confidential:   yes
>Severity:       non-critical
>Priority:       low
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jun 12 01:55:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator:     
>Release:        NetBSD 1.6
>Organization:
http://bsd.reedmedia.net/
>Environment:
	
	
System: NetBSD rainier.reedmedia.net 1.6 NetBSD 1.6 (JCR-20020927) #3: Sat Sep 28 13:40:20 PDT 2002 reed@rainier.reedmedia.net:/usr/src/sys/arch/i386/compile/JCR-20020927 i386
Architecture: i386
Machine: i386
>Description:
>How-To-Repeat:
	
>Fix:
Here's a manual page and patches for Makefile and PLIST
for security/audit-packages. Please note that I use
an internal variable _PKGSRCDIR with the Makefile.
Tested with NetBSD's nroff and man/nroff from a Linux system.

? security/audit-packages/files/audit-packages.8

This is:

\" $NetBSD$
Dd June 11, 2003
Os
Dt AUDIT-PACKAGES 8
Sh NAME
Nm audit-packages ,
Nm download-vulnerability-list
Nd show vulnerabilities in installed packages
Sh SYNOPSIS
Nm
Nm download-vulnerability-list
Sh DESCRIPTION
The
Nm
program compares the installed packages with the
Pa vulnerabilities
file and reports any known security issues to standard output.
This output contains the name and version of the package, the
type of vulnerability, and an URL for further information for each
vulnerable package.
Pp
The
Nm download-vulnerability-list
program downloads this file from
Pa ftp://ftp.netbsd.org/pub/NetBSD/packages/distfiles/vulnerabilities
using
Xr @FETCH_CMD_SHORT@ 1 .
This vulnerabilities file documents all known security issues in
pkgsrc packages and is kept up-to-date by the NetBSD security officers.
Pp
Each line lists the package and vulnerable versions, the type of exploit,
and an internet address for further information.
Commonly, the types of exploits listed are:
Bl -bullet -compact -offset indent
It
cross-site-html
It
cross-site-scripting
It
denial-of-service
It
file-permissions
It
local-access
It
local-code-execution
It
local-file-read
It
local-file-removal
It
local-file-write
It
local-root-file-view
It
local-root-shell
It
local-symlink-race
It
local-user-file-view
It
local-user-shell
It
privacy-leak
It
remote-code-execution
It
remote-command-inject
It
remote-file-creation
It
remote-file-read
It
remote-file-view
It
remote-file-write
It
remote-key-theft
It
remote-root-access
It
remote-root-shell
It
remote-script-inject
It
remote-server-admin
It
remote-use-of-secret
It
remote-user-access
It
remote-user-file-view
It
remote-user-shell
It
unknown
It
weak-authentication
It
weak-encryption
It
weak-ssl-authentication
El
Pp
Pp
By default, the vulnerabilities file is stored in the
Pa @PKGVULNDIR@
directory.
This can be changed by defining the environment variable
Ev PKGVULNDIR
to the directory containing the vulnerabilities file.
Sh EXAMPLES
The
Nm download-vulnerability-list
command can be run via
Xr cron 8
to update the
Pa vulnerabilities
daily.
And
Nm
can be ran via
Xr cron 8
(or with NetBSD's
Pa /etc/security.local
daily security script).
Sh ENVIRONMENT
Bl -tag -width PKGVULNDIR
It Ev PKGVULNDIR
Specifies the directory containing the
Pa vulnerabilities
file.
El
Sh FILES
Pa @PKGVULNDIR@/vulnerabilities
\" .Sh EXAMPLES
Sh SEE ALSO
Xr pkg_info 1 ,
Xr mk.conf 5 ,
Xr packages 7 ,
Pa @PKGSRCDIR@/mk/bsd.pkg.defaults.mk
and
Rs
%T "Documentation on the NetBSD Package System"
Re
Pa @PKGSRCDIR@/Packages.txt
Sh HISTORY
The
Nm
and
Nm download-vulnerability-list
commands were originally implemented and added to NetBSD's pkgsrc by
Alistair Crooks on September 19, 2000.
The original idea came from Roland Dowdeswell and Bill Sommerfeld.
\" .Sh AUTHORS
\" .Sh SECURITY CONSIDERATIONS

Index: security/audit-packages/Makefile
===================================================================
RCS file: /cvsroot/pkgsrc/security/audit-packages/Makefile,v
retrieving revision 1.20
diff -b -u -r1.20 Makefile
--- security/audit-packages/Makefile	2003/05/21 14:07:45	1.20
+++ security/audit-packages/Makefile	2003/06/12 01:50:31
@@ -14,12 +14,14 @@
 NO_MTREE=	yes
 
 do-configure:
-	@for f in audit-packages download-vulnerability-list; do	\
+	@for f in audit-packages audit-packages.8 download-vulnerability-list; do	\
 		${SED} -e 's|@PKGVULNDIR@|${PKGVULNDIR}|g' 		\
 			-e 's|@AWK@|${AWK}|g'				\
 			-e 's|@FETCH_CMD@|${FETCH_CMD}|g'		\
+			-e 's|@FETCH_CMD_SHORT@|${FETCH_CMD:C/^.*\///}|g'		\
 			-e 's|@PKG_TOOLS_BIN@|${PKG_TOOLS_BIN}|g'	\
 			-e 's|@SH@|${SH}|g'				\
+			-e 's|@PKGSRCDIR@|${_PKGSRCDIR}|g'		\
 			${FILESDIR}/$$f > ${WRKSRC}/$$f;		\
 	done
 
@@ -27,5 +29,7 @@
 	@for f in audit-packages download-vulnerability-list; do	\
 		${INSTALL_SCRIPT} ${WRKSRC}/$$f ${PREFIX}/sbin;	\
 	done
+	${INSTALL_MAN} ${WRKSRC}/audit-packages.8 ${PREFIX}/man/man8
+	${LN} -sf ${PREFIX}/man/man8/audit-packages.8 ${PREFIX}/man/man8/download-vulnerability-list.8
 
 .include "../../mk/bsd.pkg.mk"
Index: security/audit-packages/PLIST
===================================================================
RCS file: /cvsroot/pkgsrc/security/audit-packages/PLIST,v
retrieving revision 1.1
diff -b -u -r1.1 PLIST
--- security/audit-packages/PLIST	2001/11/01 01:16:32	1.1
+++ security/audit-packages/PLIST	2003/06/12 01:50:31
@@ -1,3 +1,5 @@
 @comment $NetBSD: PLIST,v 1.1 2001/11/01 01:16:32 zuntum Exp $
 sbin/audit-packages
 sbin/download-vulnerability-list
+man/man8/audit-packages.8
+man/man8/download-vulnerability-list.8
>Release-Note:
>Audit-Trail:
>Unformatted: