From root@server.t-hosting.hu Wed Sep 6 17:56:59 2006 Return-Path: Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3B7B516A4DE; Wed, 6 Sep 2006 17:56:59 +0000 (UTC) (envelope-from root@server.t-hosting.hu) Received: from server.t-hosting.hu (server.t-hosting.hu [217.20.133.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id 860E043D45; Wed, 6 Sep 2006 17:56:58 +0000 (GMT) (envelope-from root@server.t-hosting.hu) Received: from localhost (localhost [127.0.0.1]) by server.t-hosting.hu (Postfix) with ESMTP id 6167499C880; Wed, 6 Sep 2006 19:56:57 +0200 (CEST) Received: from server.t-hosting.hu ([127.0.0.1]) by localhost (server.t-hosting.hu [127.0.0.1]) (amavisd-new, port 10024) with LMTP id BNHGygGPkfBg; Wed, 6 Sep 2006 19:56:56 +0200 (CEST) Received: by server.t-hosting.hu (Postfix, from userid 0) id 8404B99C87C; Wed, 6 Sep 2006 19:56:56 +0200 (CEST) Message-Id: <20060906175656.8404B99C87C@server.t-hosting.hu> Date: Wed, 6 Sep 2006 19:56:56 +0200 (CEST) From: Gabor Kovesdan Reply-To: Gabor Kovesdan To: FreeBSD-gnats-submit@freebsd.org Cc: Gabor Kovesdan Subject: [patch] security/portaudit X-Send-Pr-Version: 3.113 X-GNATS-Notify: >Number: 102946 >Category: ports >Synopsis: [patch] ports-mgmt/portaudit >Confidential: no >Severity: non-critical >Priority: medium >Responsible: secteam >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Wed Sep 06 18:00:28 GMT 2006 >Closed-Date: >Last-Modified: Mon Mar 26 01:50:37 GMT 2007 >Originator: Gabor Kovesdan >Release: FreeBSD 6.1-RELEASE-p3 amd64 >Organization: n/a >Environment: System: FreeBSD server.t-hosting.hu 6.1-RELEASE-p3 FreeBSD 6.1-RELEASE-p3 #0: Sat Aug 19 11:08:15 CEST 2006 root@server.t-hosting.hu:/usr/src/sys/amd64/compile/FREEBSD amd64 >Description: The periodic script of portaudit looks for the vulnerable packages daily, but doesn't ever fetches the new vulnerability database. The end-user might be deceived everything is done automatically, but the check itself is not very useful without updating the database regularly. Currently, this has to be done manually or from cron. My patch adds an another block to portaudit's periodic script to automatically update the database as well, before looking for vulnerable packgages, and bumps PORTREVISION. >How-To-Repeat: >Fix: --- portaudit.diff begins here --- Index: Makefile =================================================================== RCS file: /usr/cvs/ports/security/portaudit/Makefile,v retrieving revision 1.21 diff -u -r1.21 Makefile --- Makefile 16 Apr 2006 13:32:27 -0000 1.21 +++ Makefile 6 Sep 2006 17:50:25 -0000 @@ -7,6 +7,7 @@ PORTNAME= portaudit PORTVERSION= 0.5.11 +PORTREVISION= 1 CATEGORIES= security DISTFILES= Index: files/portaudit.sh =================================================================== RCS file: /usr/cvs/ports/security/portaudit/files/portaudit.sh,v retrieving revision 1.3 diff -u -r1.3 portaudit.sh --- files/portaudit.sh 1 Jul 2004 10:59:48 -0000 1.3 +++ files/portaudit.sh 6 Sep 2006 17:47:59 -0000 @@ -39,6 +39,18 @@ fi rc=0 + +case "${daily_status_security_portaudit_update_enable:-YES}" in + [Nn][Oo]) + ;; + *) + echo + echo "Updating the package vulnerability database:" + echo + %%PREFIX%%/sbin/portaudit -F + ;; +esac + case "${daily_status_security_portaudit_enable:-YES}" in [Nn][Oo]) ;; --- portaudit.diff ends here --- >Release-Note: >Audit-Trail: Responsible-Changed-From-To: freebsd-ports-bugs->secteam Responsible-Changed-By: edwin Responsible-Changed-When: Wed Sep 6 18:00:47 UTC 2006 Responsible-Changed-Why: Over to maintainer http://www.freebsd.org/cgi/query-pr.cgi?pr=102946 From: "Simon L. Nielsen" To: Gabor Kovesdan Cc: FreeBSD-gnats-submit@FreeBSD.org Subject: Re: ports/102946: [patch] security/portaudit Date: Wed, 6 Sep 2006 20:49:17 +0200 On 2006.09.06 19:56:56 +0200, Gabor Kovesdan wrote: > The periodic script of portaudit looks for the vulnerable packages daily, but doesn't ever > fetches the new vulnerability database. [For the "records"] The current script does in fact update the database, it just uses the -X parameter to only fetch the database once every 2 days (by default). This should probably be changed so it's downloaded every day, so I keep this PR open as a reminder of that (I need to test before updating). -- Simon L. Nielsen From: Gabor Kovesdan To: bug-followup@FreeBSD.org, gabor@FreeBSD.org Cc: Subject: Re: ports/102946: [patch] security/portaudit Date: Mon, 25 Dec 2006 23:33:54 +0100 As discussed with simon@ on IRC, here's the new patch: http://gabor.t-hosting.hu/patches/security-portaudit.diff Cheers, Gabor >Unformatted: