Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 18 Jul 2015 14:17:13 +0300
From:      Ion-Mihai Tetcu <itetcu@FreeBSD.org>
To:        freebsd-ports@freebsd.org, ports-secteam@freebsd.org
Subject:   AUDITFILE default for ports users
Message-ID:  <20150718141713.5153018d@it.tim.tetcu.info>
next in thread | raw e-mail | index | archive | help 
--MP_/cA9DmIcgt9KbjJaY=1fwJUE
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi,


I have some machines on which, for various reasons, only ports are used.

On upgrading ports, I keep running into the the fact that 
/var/db/pkg/vuln.xml is lagging behind /usr/ports/security/vuxml/vuln.xml 
which is updated via portsnap (and thus upgrading the vulnerable ports
fails).

So I'd like to propose defaulting to vuln.xml from ports if it is newer
that the one from /var/db/pkg/ and AUDITFILE is not defined by the user.

Tentative patch attached (I'm not happy with the != constuct).


-- 
IOnut - Un^d^dregistered ;) FreeBSD "user"
  "Intellectual Property" is   nowhere near as valuable   as "Intellect"
FreeBSD committer -> itetcu@FreeBSD.org, PGP Key ID 29597D20


--MP_/cA9DmIcgt9KbjJaY=1fwJUE
Content-Type: text/x-patch
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment; filename=bsd.port.mk.diff

Index: bsd.port.mk
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- bsd.port.mk	(revision 392405)
+++ bsd.port.mk	(working copy)
@@ -2970,14 +2970,15 @@
=20
 # Check if the port is listed in the vulnerability database
=20
-AUDITFILE?=3D		${PKG_DBDIR}/vuln.xml
-_EXTRACT_AUDITFILE=3D	${CAT} "${AUDITFILE}"
+_AUDITFILE!=3D	${TEST} ${PORTSDIR}/security/vuxml/vuln.xml -nt ${PKG_DBDIR=
}/vuln.xml && \
+		${ECHO} ${PORTSDIR}/security/vuxml/vuln.xml || ${ECHO} ${PKG_DBDIR}/vuln=
.xml
+AUDITFILE?=3D	${_AUDITFILE}
=20
 check-vulnerable:
 .if !defined(DISABLE_VULNERABILITIES) && !defined(PACKAGE_BUILDING)
 	@if [ -f "${AUDITFILE}" ]; then \
 		if [ -x "${PKG_BIN}" ]; then \
-			vlist=3D`${PKG_BIN} audit "${PKGNAME}" || :`; \
+			vlist=3D`${PKG_BIN} audit -f ${AUDITFILE} "${PKGNAME}" || :`; \
 			if [ "$${vlist}" =3D "0 problem(s) in the installed packages found." ];=
 then \
 				vlist=3D""; \
 			fi; \

--MP_/cA9DmIcgt9KbjJaY=1fwJUE--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150718141713.5153018d>