From owner-freebsd-security@FreeBSD.ORG  Mon Feb  1 00:27:57 2010
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 12F6B106566B
	for <freebsd-security@FreeBSD.org>;
	Mon,  1 Feb 2010 00:27:57 +0000 (UTC) (envelope-from marck@rinet.ru)
Received: from woozle.rinet.ru (woozle.rinet.ru [195.54.192.68])
	by mx1.freebsd.org (Postfix) with ESMTP id 8CEA78FC13
	for <freebsd-security@FreeBSD.org>;
	Mon,  1 Feb 2010 00:27:55 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by woozle.rinet.ru (8.14.3/8.14.3) with ESMTP id o110DdtK067508
	for <freebsd-security@FreeBSD.org>; Mon, 1 Feb 2010 03:13:39 +0300 (MSK)
	(envelope-from marck@rinet.ru)
Date: Mon, 1 Feb 2010 03:13:39 +0300 (MSK)
From: Dmitry Morozovsky <marck@rinet.ru>
To: freebsd-security@FreeBSD.org
Message-ID: <alpine.BSF.2.00.1002010310180.61449@woozle.rinet.ru>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
X-NCC-RegID: ru.rinet
X-OpenPGP-Key-ID: 6B691B03
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.3
	(woozle.rinet.ru [0.0.0.0]); Mon, 01 Feb 2010 03:13:39 +0300 (MSK)
Cc: 
Subject: security scripts diff
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Feb 2010 00:27:57 -0000

Dear colleagues,

looking at regular security mails I found that foloowing patch would greatly 
desreases amount of false positive reports; it's totally possible I'm missing 
some vital areas, but my current look at security scripts did not reveal any.

What do you think? Thank you in advance.

marck@woozle:/lh/src.current/etc/periodic/security> cvs -R diff
Index: security.functions
===================================================================
RCS file: /home/ncvs/src/etc/periodic/security/security.functions,v
retrieving revision 1.5
diff -u -r1.5 security.functions
--- security.functions  22 Aug 2005 09:33:36 -0000      1.5
+++ security.functions  1 Feb 2010 00:09:59 -0000
@@ -67,7 +67,7 @@
     [ $rc -lt 1 ] && rc=1
     echo ""
     echo "${msg}"
-    diff ${daily_status_security_diff_flags} ${LOG}/${label}.today \
+    diff -w ${daily_status_security_diff_flags} ${LOG}/${label}.today \
        ${tmpf} | eval "${filter}"
     mv ${LOG}/${label}.today ${LOG}/${label}.yesterday || rc=3
     mv ${tmpf} ${LOG}/${label}.today || rc=3


-- 
Sincerely,
D.Marck                                     [DM5020, MCK-RIPE, DM3-RIPN]
[ FreeBSD committer:                                 marck@FreeBSD.org ]
------------------------------------------------------------------------
*** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru ***
------------------------------------------------------------------------