head	1.22;
access;
symbols
	RELEASE_4_EOL:1.21
	RELEASE_6_2_0:1.21
	RELEASE_6_1_0:1.20
	RELEASE_5_5_0:1.20
	RELEASE_6_0_0:1.20
	RELEASE_5_4_0:1.17
	RELEASE_4_11_0:1.17
	RELEASE_5_3_0:1.17
	RELEASE_4_10_0:1.5;
locks; strict;
comment	@# @;


1.22
date	2007.02.05.01.08.33;	author pav;	state dead;
branches;
next	1.21;

1.21
date	2006.04.16.13.32.27;	author simon;	state Exp;
branches;
next	1.20;

1.20
date	2005.07.30.19.13.10;	author simon;	state Exp;
branches;
next	1.19;

1.19
date	2005.07.03.20.31.00;	author simon;	state Exp;
branches;
next	1.18;

1.18
date	2005.06.14.22.04.55;	author simon;	state Exp;
branches;
next	1.17;

1.17
date	2004.09.03.20.30.53;	author eik;	state Exp;
branches;
next	1.16;

1.16
date	2004.08.23.17.39.12;	author eik;	state Exp;
branches;
next	1.15;

1.15
date	2004.08.16.02.24.06;	author eik;	state Exp;
branches;
next	1.14;

1.14
date	2004.08.15.12.26.16;	author eik;	state Exp;
branches;
next	1.13;

1.13
date	2004.08.13.17.07.05;	author eik;	state Exp;
branches;
next	1.12;

1.12
date	2004.07.24.13.34.52;	author eik;	state Exp;
branches;
next	1.11;

1.11
date	2004.07.02.00.31.18;	author eik;	state Exp;
branches;
next	1.10;

1.10
date	2004.07.01.10.59.47;	author eik;	state Exp;
branches;
next	1.9;

1.9
date	2004.06.25.01.21.20;	author eik;	state Exp;
branches;
next	1.8;

1.8
date	2004.06.23.16.01.37;	author eik;	state Exp;
branches;
next	1.7;

1.7
date	2004.06.21.16.04.26;	author eik;	state Exp;
branches;
next	1.6;

1.6
date	2004.06.18.08.07.29;	author eik;	state Exp;
branches;
next	1.5;

1.5
date	2004.03.31.22.52.01;	author eik;	state Exp;
branches;
next	1.4;

1.4
date	2004.03.11.11.11.59;	author eik;	state Exp;
branches;
next	1.3;

1.3
date	2004.02.25.09.46.26;	author eik;	state Exp;
branches;
next	1.2;

1.2
date	2004.02.21.21.19.41;	author eik;	state Exp;
branches;
next	1.1;

1.1
date	2004.01.27.19.24.52;	author eik;	state Exp;
branches;
next	;


desc
@@


1.22
log
@Populate a new ports-mgmt category. List of moved ports:

  devel/portcheckout -> ports-mgmt/portcheckout
  devel/portlint -> ports-mgmt/portlint
  devel/portmk -> ports-mgmt/portmk
  devel/porttools -> ports-mgmt/porttools
  misc/instant-tinderbox -> ports-mgmt/instant-tinderbox
  misc/porteasy -> ports-mgmt/porteasy
  misc/portell -> ports-mgmt/portell
  misc/portless -> ports-mgmt/portless
  misc/tinderbox -> ports-mgmt/tinderbox
  security/jailaudit -> ports-mgmt/jailaudit
  security/portaudit -> ports-mgmt/portaudit
  security/portaudit-db -> ports-mgmt/portaudit-db
  security/vulnerability-test-port -> ports-mgmt/vulnerability-test-port
  sysutils/barry -> ports-mgmt/barry
  sysutils/bpm -> ports-mgmt/bpm
  sysutils/kports -> ports-mgmt/kports
  sysutils/managepkg -> ports-mgmt/managepkg
  sysutils/newportsversioncheck -> ports-mgmt/newportsversioncheck
  sysutils/pib -> ports-mgmt/pib
  sysutils/pkgfe -> ports-mgmt/pkgfe
  sysutils/pkg-orphan -> ports-mgmt/pkg-orphan
  sysutils/pkg_cutleaves -> ports-mgmt/pkg_cutleaves
  sysutils/pkg_install -> ports-mgmt/pkg_install
  sysutils/pkg_install-devel -> ports-mgmt/pkg_install-devel
  sysutils/pkg_remove -> ports-mgmt/pkg_remove
  sysutils/pkg_rmleaves -> ports-mgmt/pkg_rmleaves
  sysutils/pkg_trackinst -> ports-mgmt/pkg_trackinst
  sysutils/pkg_tree -> ports-mgmt/pkg_tree
  sysutils/portbrowser -> ports-mgmt/portbrowser
  sysutils/portconf -> ports-mgmt/portconf
  sysutils/portdowngrade -> ports-mgmt/portdowngrade
  sysutils/portcheck -> ports-mgmt/portcheck
  sysutils/portmanager -> ports-mgmt/portmanager
  sysutils/portmaster -> ports-mgmt/portmaster
  sysutils/portscout -> ports-mgmt/portscout
  sysutils/portsearch -> ports-mgmt/portsearch
  sysutils/portsman -> ports-mgmt/portsman
  sysutils/portsnap -> ports-mgmt/portsnap
  sysutils/portsopt -> ports-mgmt/portsopt
  sysutils/portupgrade -> ports-mgmt/portupgrade
  sysutils/portupgrade-devel -> ports-mgmt/portupgrade-devel
  sysutils/port-authoring-tools -> ports-mgmt/port-authoring-tools
  sysutils/port-maintenance-tools -> ports-mgmt/port-maintenance-tools
  sysutils/psearch -> ports-mgmt/psearch
  sysutils/p5-FreeBSD-Portindex -> ports-mgmt/p5-FreeBSD-Portindex
  sysutils/qtpkg -> ports-mgmt/qtpkg
  textproc/p5-FreeBSD-Ports -> ports-mgmt/p5-FreeBSD-Ports

Repocopies by:	marcus
@
text
@# New ports collection makefile for:	portaudit
# Date created:				25 Jan 2004
# Whom:					Oliver Eikemeier
#
# $FreeBSD: ports/security/portaudit/Makefile,v 1.21 2006/04/16 13:32:27 simon Exp $
#

PORTNAME=	portaudit
PORTVERSION=	0.5.11
CATEGORIES=	security
DISTFILES=

MAINTAINER=	secteam@@FreeBSD.org
COMMENT=	Checks installed ports against a list of security vulnerabilities

MAN1=		portaudit.1

PERIODICDIR?=	${PREFIX}/etc/periodic
DATABASEDIR?=	/var/db/portaudit

PKGREQ=		${WRKDIR}/pkg-req
PKGINSTALL=	${WRKDIR}/pkg-install
PKGDEINSTALL=	${WRKDIR}/pkg-deinstall

PLIST_SUB+=	PERIODICDIR="${PERIODICDIR:S,^${PREFIX}/,,}" \
		DATABASEDIR="${DATABASEDIR}"

REQPKGVER=	20040623

SED_SCRIPT=	-e 's|%%PREFIX%%|${PREFIX}|g' \
		-e 's|%%LOCALBASE%%|${LOCALBASE}|g' \
		-e "s|%%PORTSDIR%%|${PORTSDIR}|g" \
		-e "s|%%INDEXFILE%%|${INDEXFILE}|g" \
		-e "s|%%DATABASEDIR%%|${DATABASEDIR}|g" \
		-e "s|%%PORTVERSION%%|${PORTVERSION}|g" \
		-e "s|%%REQPKGVER%%|${REQPKGVER}|g" \
		-e "s|%%BZIP2_CMD%%|${BZIP2_CMD}|g" \

.include <bsd.port.pre.mk>

.if !defined(DFOSVERSION)
.if ${OSVERSION} < 491101 || ${OSVERSION} >= 500000 && ${OSVERSION} < 502120
RUN_DEPENDS=	${LOCALBASE}/sbin/pkg_info:${PORTSDIR}/sysutils/pkg_install-devel
.endif
.else
.if ${DFOSVERSION} < 110000
RUN_DEPENDS=	${LOCALBASE}/sbin/pkg_info:${PORTSDIR}/sysutils/pkg_install-devel
.endif
.endif

.if defined(BZIP2DEPENDS)
RUN_DEPENDS+=	bzip2:${PORTSDIR}/archivers/bzip2
.endif

do-build:
.for f in portaudit-cmd.sh portaudit.sh portaudit.1 portaudit.conf
	@@${SED} ${SED_SCRIPT} ${FILESDIR}/${f} >${WRKDIR}/${f}
.endfor

post-build:
.for f in pkg-req pkg-install pkg-deinstall
	@@${SED} ${SED_SCRIPT} ${PKGDIR}/${f} >${WRKDIR}/${f}
.endfor

pre-install:
.if !defined(PACKAGE_BUILDING)
	@@${SETENV} "PKG_PREFIX=${PREFIX}" ${SH} ${PKGREQ} ${PKGNAME} INSTALL
.endif
	@@${SETENV} "PKG_PREFIX=${PREFIX}" ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL

do-install:
	@@${INSTALL_SCRIPT} ${WRKDIR}/portaudit-cmd.sh ${PREFIX}/sbin/portaudit
	@@${INSTALL_DATA} ${WRKDIR}/portaudit.conf ${PREFIX}/etc/portaudit.conf.sample
	@@${INSTALL_MAN} ${WRKDIR}/portaudit.1 ${MAN1PREFIX}/man/man1
	@@${MKDIR} ${PERIODICDIR}/security
	@@${INSTALL_SCRIPT} ${WRKDIR}/portaudit.sh ${PERIODICDIR}/security/410.portaudit
	@@${MKDIR} ${DATABASEDIR}

post-install:
	@@${SETENV} "PKG_PREFIX=${PREFIX}" ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL

.include <bsd.port.post.mk>
@


1.21
log
@Avoid unnecessary invocations of pkg_info by checking whether the
package is installed or not using a precalculated regex.

This speeds up "portaudit -a" with around a factor of 10.

The change is slightly modified from the one from the PR by using
pkg_info -aE instead of ls /var/db/pkg for determining installed
packages.

Submitted by:	Kuang-che Wu <kcwu@@csie.org>
PR:		ports/92942
@
text
@d5 1
a5 1
# $FreeBSD$
@


1.20
log
@Change MAINTAINER address for ports maintained by the Security Team to
secteam@@ instead of security@@ to make it more clear that the ports are
not maintained by the freebsd-security@@ mailing list.  Both addresses
go to the same people.
@
text
@d9 1
a9 1
PORTVERSION=	0.5.10
@


1.19
log
@portaudit 0.5.10:

- Unbreak portaudit -vF.
- Sync usage with reality.
- Document the q, v, and V options.
- Markup fixes for the portaudit(1) manual page.
- Make quiet mode output even less "redundant" text [1].
- Set maintainership to security@@. [2]

Suggested by:	Phil Kernick philk at rotfl dot com dot au [1]
Suggested by:	nectar, remko [2]
@
text
@d13 1
a13 1
MAINTAINER=	security@@FreeBSD.org
@


1.18
log
@Grab maintainer-ship of portaudit.  While I do not currently have any
plans for improvements (though I have ideas) I feel that portaudit is
too important to not have an active maintainer.

Approved by:	portmgr (linimon)
@
text
@d9 1
a9 1
PORTVERSION=	0.5.9
d13 1
a13 1
MAINTAINER=	simon@@FreeBSD.org
@


1.17
log
@- update to version 0.5.9
  (first attempts to check the base system for vulnerabilities)
@
text
@d13 1
a13 1
MAINTAINER=	eik@@FreeBSD.org
@


1.16
log
@fix "too many open files" error when using the -r flag

Noted by:	nectar
@
text
@d9 1
a9 1
PORTVERSION=	0.5.4
@


1.15
log
@Don't check the base system when PACKAGE_BUILDING
@
text
@d9 1
a9 1
PORTVERSION=	0.5.3
@


1.14
log
@Remove -a from the default fetch(1) flags, so that the daily security
report is not delayed when the distribution site is down.

Submitted by:	kuriyama
@
text
@d66 1
d68 1
@


1.13
log
@fix man page nits,
modify the vulnerability report depending on -q/-v (experimental)

PR:		69935, 68942
Submitted by:	Chris Pepper <pepper@@reppep.com>, Johan Karlsson <k@@numeri.campus.luth.se>
@
text
@d9 1
a9 1
PORTVERSION=	0.5.2
@


1.12
log
@New option -r: restrict listed entries to selected references.
Useful for testing new entries.
@
text
@d9 1
a9 1
PORTVERSION=	0.5.1
d41 2
a42 1
.if ${OSVERSION} < 492000 || ${OSVERSION} >= 500000 && ${OSVERSION} < 502120
d44 5
@


1.11
log
@Test OSVERSION instead of pkg_info -P to enable cross-version builds

Requested by:	kris
@
text
@d9 1
a9 1
PORTVERSION=	0.5
@


1.10
log
@- update to version 0.5

*** NOTE ***

The preferences file format has changed, as have the periodic.conf(5) names.
Normally the default settings should be adequate, except when you need to
configure a proxy. Use $PREFIX/etc/portaudit.conf.sample as an example.

- moved portaudit to sbin
- clean up, merging stuff into the portaudit script
- better return codes and errors to stderr
- -f can check stdin now
- dropped ports tree auditing
- merged the periodic(8) scripts into one
- run daily auditing as `nobody'
@
text
@d39 1
a39 2
PKG_INFO_BASE?=	/usr/sbin/pkg_info
BASEPKGVER!=	${PKG_INFO_BASE} -qP 2>/dev/null || ${TRUE}
d41 1
a41 1
.if ${BASEPKGVER} < ${REQPKGVER}
a43 2

.include <bsd.port.pre.mk>
@


1.9
log
@update to version 0.4.1

Use
  portaudit [packagename ...]
to check if package is listed as vulnerable
@
text
@d9 1
a9 1
PORTVERSION=	0.4.1
d32 2
a33 1
		-e "s|%%DATADIR%%|${DATADIR}|g" \
d53 2
a54 2
.for f in portaudit-cmd.sh portaudit.sh fetchaudit.sh portaudit.functions portaudit.1 portaudit.conf
	@@${SED} ${SED_SCRIPT} ${FILESDIR}/${f} > ${WRKDIR}/${f}
d58 2
a59 4
.for text in pkg-req pkg-install pkg-deinstall
	@@if [ -f ${PKGDIR}/${text} ]; then \
		${SED} ${SED_SCRIPT} ${PKGDIR}/${text} >${WRKDIR}/${text}; \
	fi
d63 2
a64 6
	@@if [ -f ${PKGREQ} ]; then \
		${SETENV} "PKG_PREFIX=${PREFIX}" ${SH} ${PKGREQ} ${PKGNAME} INSTALL; \
	fi
	@@if [ -f ${PKGINSTALL} ]; then \
		${SETENV} "PKG_PREFIX=${PREFIX}" ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL; \
	fi
d67 2
a68 1
	@@${INSTALL_SCRIPT} ${WRKDIR}/portaudit-cmd.sh ${PREFIX}/bin/portaudit
d71 1
a71 6
	@@${INSTALL_SCRIPT} ${WRKDIR}/portaudit.sh ${PERIODICDIR}/security/910.portaudit
	@@${MKDIR} ${PERIODICDIR}/daily
	@@${INSTALL_SCRIPT} ${WRKDIR}/fetchaudit.sh ${PERIODICDIR}/daily/330.fetchaudit
	@@${MKDIR} ${DATADIR}
	@@${INSTALL_DATA} ${WRKDIR}/portaudit.functions ${DATADIR}
	@@${INSTALL_DATA} ${WRKDIR}/portaudit.conf ${PREFIX}/etc/portaudit.conf.sample
d75 1
a75 3
	@@if [ -f ${PKGINSTALL} ]; then \
		${SETENV} "PKG_PREFIX=${PREFIX}" ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL; \
	fi
@


1.8
log
@Update to version 0.4, with a new `-f' option.

To check which of the current ports have known vulnerabilities, do

  portaudit -f /usr/ports/INDEX

This port requires pkg_install(-devel)>=20040623
@
text
@d9 1
a9 1
PORTVERSION=	0.4
@


1.7
log
@make expiry date customizable via daily_status_portaudit_expiry
@
text
@d9 1
a9 1
PORTVERSION=	0.3.3
d21 1
d28 9
a36 2
SED_SCRIPT=	-e 's,%%PREFIX%%,${PREFIX},g' \
		-e 's,%%DATABASEDIR%%,${DATABASEDIR},g'
d41 1
a41 1
.if ${BASEPKGVER} < 20040125
d53 1
a53 7
	@@${SED} -e "s|%%DATADIR%%|${DATADIR}|g" \
		-e "s|%%DATABASEDIR%%|${DATABASEDIR}|g" \
		-e "s|%%PREFIX%%|${PREFIX}|g" \
		-e "s|%%LOCALBASE%%|${LOCALBASE}|g" \
		-e "s|%%PORTVERSION%%|${PORTVERSION}|g" \
		-e "s|%%BZIP2_CMD%%|${BZIP2_CMD}|g" \
		${FILESDIR}/${f} > ${WRKDIR}/${f}
d57 1
a57 1
.for text in pkg-install pkg-deinstall
d62 8
@


1.6
log
@Fetch the database from http://www.FreeBSD.org/ports/ first.

Thanks to:	kuriyama
@
text
@d9 1
a9 1
PORTVERSION=	0.3.2
@


1.5
log
@update to 0.3.1:

- use passive ftp by default, don't retry on failure [1]
- add a -C flag, portlint style
- don't keep databases that are tool old [2]

Requested by:	hubs [1]
Noticed by:	Nicolas Rachinsky <nicolas@@rachinsky.de> [2]
@
text
@d9 1
a9 1
PORTVERSION=	0.3.1
@


1.4
log
@Update to 0.3.
Since we are using the official VuXML database
the auditing should be pretty complete.

- mention web page
- add more mirrors, disabling .ru mirror (too much lag)
- allow combined options in portaudit shell script
- add sample configuration file
- use absolute paths for binaries, to ease use in crontab scripts [1]
- correct type in man page [2]

PR:		64005 [2]
Submitted by:	Tomasz Pilat <poncki@@axelspringer.com.pl> [1]
		Nathan Dove <njdove@@wafer.sandia.gov> [2]
@
text
@d9 1
a9 1
PORTVERSION=	0.3
d31 1
a31 1
BASEPKGVER!=	${PKG_INFO_BASE} -qP 2>/dev/null
@


1.3
log
@- bugfix: awk in -CURRENT accepts no regexes in RS, causing the database
  update to fail

- add an install & deinstall message

Submitted by:	nectar & Ion-Mihai Tetcu <itetcu@@apropo.ro>
@
text
@d9 1
a9 1
PORTVERSION=	0.2.1
d39 2
a40 2
.if ${OSVERSION} < 420001 || ${OSVERSION} >= 500000 && ${OSVERSION} < 500014
IGNORE=		"You need tar with bzip support to run portaudit"
d44 1
a44 1
.for f in portaudit-cmd.sh portaudit.sh fetchaudit.sh portaudit.functions portaudit.1
d50 1
d70 1
@


1.2
log
@update to 0.2:
- new command line tool
- new man page
- reworked database update code, incorporating feedback from
  Max Khon <fjoe>, Radim Kolar <hsn@@netmag.cz> (PR 63066) and
  Ion-Mihai Tetcu <itetcu@@apropo.ro> (PR 62655)
@
text
@d9 1
a9 1
PORTVERSION=	0.2
d21 3
d27 3
d53 7
d70 5
@


1.1
log
@portaudit provides a list of published security vulnerabilities
of FreeBSD ports and tools to check if installed ports are listed.

Since this is a prerelease version, it is mostly usable for
committers that want to contribute to the project, and can currently
not be relied upon as an extensive security auditing tool.
@
text
@d9 1
a9 1
PORTVERSION=	0.1
d16 2
d38 1
a38 1
.for f in portaudit.sh fetchaudit.sh portaudit.functions
d41 3
d48 2
@

