From owner-freebsd-ports@freebsd.org Sat Jul 18 11:26:22 2015 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 38F019A2FF1; Sat, 18 Jul 2015 11:26:22 +0000 (UTC) (envelope-from itetcu@FreeBSD.org) Received: from mx.tetcu.info (mx.tetcu.info [217.19.15.179]) by mx1.freebsd.org (Postfix) with ESMTP id E95F2123D; Sat, 18 Jul 2015 11:26:21 +0000 (UTC) (envelope-from itetcu@FreeBSD.org) Received: from it.tim.tetcu.info (unknown [84.232.221.7]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mx.tetcu.info (Postfix) with ESMTPSA id 537482E07F0; Sat, 18 Jul 2015 14:17:14 +0300 (EEST) Date: Sat, 18 Jul 2015 14:17:13 +0300 From: Ion-Mihai Tetcu To: freebsd-ports@freebsd.org, ports-secteam@freebsd.org Subject: AUDITFILE default for ports users Message-ID: <20150718141713.5153018d@it.tim.tetcu.info> X-Mailer: Claws Mail 3.11.1 (GTK+ 2.24.27; amd64-portbld-freebsd10.1) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="MP_/cA9DmIcgt9KbjJaY=1fwJUE" X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Jul 2015 11:26:22 -0000 --MP_/cA9DmIcgt9KbjJaY=1fwJUE Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Disposition: inline Hi, I have some machines on which, for various reasons, only ports are used. On upgrading ports, I keep running into the the fact that /var/db/pkg/vuln.xml is lagging behind /usr/ports/security/vuxml/vuln.xml which is updated via portsnap (and thus upgrading the vulnerable ports fails). So I'd like to propose defaulting to vuln.xml from ports if it is newer that the one from /var/db/pkg/ and AUDITFILE is not defined by the user. Tentative patch attached (I'm not happy with the != constuct). -- IOnut - Un^d^dregistered ;) FreeBSD "user" "Intellectual Property" is nowhere near as valuable as "Intellect" FreeBSD committer -> itetcu@FreeBSD.org, PGP Key ID 29597D20 --MP_/cA9DmIcgt9KbjJaY=1fwJUE Content-Type: text/x-patch Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename=bsd.port.mk.diff Index: bsd.port.mk =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- bsd.port.mk (revision 392405) +++ bsd.port.mk (working copy) @@ -2970,14 +2970,15 @@ =20 # Check if the port is listed in the vulnerability database =20 -AUDITFILE?=3D ${PKG_DBDIR}/vuln.xml -_EXTRACT_AUDITFILE=3D ${CAT} "${AUDITFILE}" +_AUDITFILE!=3D ${TEST} ${PORTSDIR}/security/vuxml/vuln.xml -nt ${PKG_DBDIR= }/vuln.xml && \ + ${ECHO} ${PORTSDIR}/security/vuxml/vuln.xml || ${ECHO} ${PKG_DBDIR}/vuln= .xml +AUDITFILE?=3D ${_AUDITFILE} =20 check-vulnerable: .if !defined(DISABLE_VULNERABILITIES) && !defined(PACKAGE_BUILDING) @if [ -f "${AUDITFILE}" ]; then \ if [ -x "${PKG_BIN}" ]; then \ - vlist=3D`${PKG_BIN} audit "${PKGNAME}" || :`; \ + vlist=3D`${PKG_BIN} audit -f ${AUDITFILE} "${PKGNAME}" || :`; \ if [ "$${vlist}" =3D "0 problem(s) in the installed packages found." ];= then \ vlist=3D""; \ fi; \ --MP_/cA9DmIcgt9KbjJaY=1fwJUE--