[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-bugs
Subject: misc/111066: Portaudit does not skip ports fixed listed in
From: Hussain Ali<hali () datapipe ! com>
Date: 2007-03-31 18:40:22
Message-ID: 200703311840.l2VIeMu3067425 () www ! freebsd ! org
[Download RAW message or body]
> Number: 111066
> Category: misc
> Synopsis: Portaudit does not skip ports fixed listed in portaudit.conf only \
> FreeBSD-* are ignored
> Confidential: no
> Severity: non-critical
> Priority: medium
> Responsible: freebsd-bugs
> State: open
> Quarter:
> Keywords:
> Date-Required:
> Class: change-request
> Submitter-Id: current-users
> Arrival-Date: Sat Mar 31 18:50:03 GMT 2007
> Closed-Date:
> Last-Modified:
> Originator: Hussain Ali
> Release: FreeBSD4 - 7 (various versions)
> Organization:
Datapipe
> Environment:
FreeBSD <removed> 4.11-RELEASE-p16 FreeBSD 4.11-RELEASE-p16 #3: Fri Nov 3 03:10:58 \
EST 2006 root@<removed>:/usr/obj/usr/src/sys/EASYADMIN-SMP i386
FreeBSD <removed> 6.0-RELEASE-p4 FreeBSD 6.0-RELEASE-p4 #3: Fri Feb 17 18:23:59 EST \
2006 <removed>:/usr/obj/usr/src/sys/GENERIC i386
> Description:
Upon using the portaudit utility, it does not skip ports if we have applied a local \
patch to the port and listed it under portaudit_fixed.
All I could previously dig up on this was:
http://lists.freebsd.org/pipermail/freebsd-stable/2005-June/016403.html
> How-To-Repeat:
Roll back your ports tree or use some installed vulnerable package. Add the VUID to \
port_fixed in portaudit.conf. Run portaudit, the port is still there. Example:
$ grep portaudit_fixed /usr/local/etc/portaudit.conf
portaudit_fixed="d2102505-f03d-11d8-81b0-000347a4fa7di \
76562594-1f19-11db-b7d4-0008743bf21a"
$ portaudit -a | grep -A1 -B2 76562594-1f19-11db-b7d4-0008743bf21a
Affected package: ruby-1.8.4_4,1
Type of problem: ruby - multiple vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/76562594-1f19-11db-b7d4-0008743bf21a.html>
> Fix:
I am submitting a patch for the change request. I have added the -S (pkgSkip) flag to \
add this functionality. Sample run :
$ grep portaudit_fixed /usr/local/etc/portaudit.conf
portaudit_fixed="d2102505-f03d-11d8-81b0-000347a4fa7d \
76562594-1f19-11db-b7d4-0008743bf21a"
$ portaudit -a | grep -A1 -B2 76562594-1f19-11db-b7d4-0008743bf21a
Affected package: ruby-1.8.4_4,1
Type of problem: ruby - multiple vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/76562594-1f19-11db-b7d4-0008743bf21a.html>
$ portaudit -aS | grep -A1 -B2 76562594-1f19-11db-b7d4-0008743bf21a | wc -l
0
Patch attached with submission follows:
diff -r work/portaudit-cmd.sh work.new/portaudit-cmd.sh
137c137
< BEGIN { vul=0; fixedre="'"$fixedre"'" }
---
> BEGIN { vul=0; fixedre="'"$fixedre"'";opt_pkgSkip="'"$opt_pkgSkip"'" }
148a149,151
> if ( opt_pkgSkip == "true" ) {
> if (fixedre && $2 ~ fixedre) next
> }
349a353
> opt_pkgSkip=false
355c359
< while getopts aCdf:Fqr:vVX: opt; do
---
> while getopts aCdf:Fqr:vSVX: opt; do
370a375,376
> S)
> opt_pkgSkip=true;;
378c384
< echo "Usage: $0 -aCdFVvq [-X days] [-r pattern] [-f file] [pkg-name ...]"
---
> echo "Usage: $0 -aCdFVvqS [-X days] [-r pattern] [-f file] [pkg-name ...]"
455a462,466
> fi
>
> if $opt_pkgSkip; then
> echo "portaudit: skipping ALL vulnerablities listed in portaudit.conf"
> opt_audit=true
diff -r work/portaudit.1 work.new/portaudit.1
89a90,92
> .It Fl S
> Additionaly skip package vulnerabilities listed in portaudit.conf. The
> default is to only skip FreeBSD vulnerabilites if defined.
diff -r work/portaudit.conf work.new/portaudit.conf
18,19c18,21
< # this vulnerability has been fixed in your FreeBSD version
< #portaudit_fixed="d2102505-f03d-11d8-81b0-000347a4fa7d"
---
> # this vulnerability has been fixed in your FreeBSD or port version (space, tab \
> deliminated) #portaudit_fixed="d2102505-f03d-11d8-81b0-000347a4fa7d \
> 594eb447-e398-11d9-a8bd-000cf18bbe54"
>
> Release-Note:
> Audit-Trail:
> Unformatted:
_______________________________________________
freebsd-bugs@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscribe@freebsd.org"
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic