From owner-svn-ports-head@FreeBSD.ORG Tue Apr 9 17:36:30 2013 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 2A6EC51C; Tue, 9 Apr 2013 17:36:30 +0000 (UTC) (envelope-from rea@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 02F33C48; Tue, 9 Apr 2013 17:36:30 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.6/8.14.6) with ESMTP id r39HaTmG085198; Tue, 9 Apr 2013 17:36:29 GMT (envelope-from rea@svn.freebsd.org) Received: (from rea@localhost) by svn.freebsd.org (8.14.6/8.14.5/Submit) id r39HaTtE085192; Tue, 9 Apr 2013 17:36:29 GMT (envelope-from rea@svn.freebsd.org) Message-Id: <201304091736.r39HaTtE085192@svn.freebsd.org> From: Eygene Ryabinkin Date: Tue, 9 Apr 2013 17:36:29 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r315772 - in head/ports-mgmt/portaudit-db: . files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Apr 2013 17:36:30 -0000 Author: rea Date: Tue Apr 9 17:36:29 2013 New Revision: 315772 URL: http://svnweb.freebsd.org/changeset/ports/315772 Log: Packaudit: switch to Subversion - use links to Subversion tree, HTTPS-flavored ones; - extract revision using Subversion format of $FreeBSD$; - refuse to work with vuln.xml that comes from CVS: automated exporter is switched off, so this source of vulnerabilities is stale. Reviewed by: simon, bz (partly), gavin Approved by: portmgr (tabthorpe), so (des), secteam (simon) Modified: head/ports-mgmt/portaudit-db/Makefile head/ports-mgmt/portaudit-db/files/packaudit.sh Modified: head/ports-mgmt/portaudit-db/Makefile ============================================================================== --- head/ports-mgmt/portaudit-db/Makefile Tue Apr 9 13:24:33 2013 (r315771) +++ head/ports-mgmt/portaudit-db/Makefile Tue Apr 9 17:36:29 2013 (r315772) @@ -7,7 +7,7 @@ PORTNAME= portaudit-db PORTVERSION= 0.2.3 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= ports-mgmt DISTFILES= Modified: head/ports-mgmt/portaudit-db/files/packaudit.sh ============================================================================== --- head/ports-mgmt/portaudit-db/files/packaudit.sh Tue Apr 9 13:24:33 2013 (r315771) +++ head/ports-mgmt/portaudit-db/files/packaudit.sh Tue Apr 9 17:36:29 2013 (r315772) @@ -67,8 +67,27 @@ fi TMPNAME=`$BASENAME "$0"` -VULVER=`$SED -En -e '/^.*\\$FreeBSD\: [^$ ]+,v ([0-9]+(\.[0-9]+)+) [^$]+\\$.*$/{s//\1/p;q;}' "$VUXMLDIR/vuln.xml"` -VULURL="http://cvsweb.freebsd.org/ports/security/vuxml/vuln.xml?rev=$VULVER" +# Is CVS still used for generation of VuXML entries? That's bad. +ISCVS=`$SED -En -e '/^.*\\$FreeBSD\: [^$ ]+\/vuln.xml,v ([0-9]+(\.[0-9]+)+) [^$]+\\$.*$/{s//\1/p;q;}' "$VUXMLDIR/vuln.xml"` +if [ -n "$ISCVS" ]; then + cat << EOF +File $VUXMLDIR/vuln.xml seem to come from CVS. + +CVS for FreeBSD ports is no longer synced with Subversion, so you will +get outdated vulnerability list. Please, check out your sources from +Subversion, refer to + http://www.freebsd.org/doc/handbook/svn.html +for the up to date instructions on how to actually do that. +EOF + exit 1 +fi + +VULPATH=`$SED -En -e '/^.*\\$FreeBSD\: ([^$ ]+\/vuln.xml) ([0-9]+) [^$]+\\$/{s//\1?revision=\2/p;q;}' "$VUXMLDIR/vuln.xml"` +if [ -z "$VULPATH" ]; then + echo "Can't determine origin and version of vuln.xml from $VUXMLDIR/vuln.xml" + exit 1 +fi +VULURL="https://svnweb.freebsd.org/ports/$VULPATH" [ -r "%%PREFIX%%/etc/packaudit.conf" ] && . "%%PREFIX%%/etc/packaudit.conf" @@ -90,7 +109,7 @@ fi TMPDIR=`$MKTEMP -d -t "$TMPNAME.$$"` || exit 1 TESTPORT="vulnerability-test-port>=2000<`$DATE -u +%Y.%m.%d`" -TESTURL="http://cvsweb.freebsd.org/ports/security/vulnerability-test-port/" +TESTURL="https://svnweb.freebsd.org/ports/head/ports-mgmt/vulnerability-test-port/" TESTREASON="Not vulnerable, just a test port (database: `$DATE -u +%Y-%m-%d`)" XLIST_FILE="$PORTAUDITDBDIR/database/portaudit.xlist"