![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / security / audit-packages / files
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.30, Sun Jan 13 20:20:09 2008 UTC (16 years, 3 months ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2013Q2-base,
pkgsrc-2013Q2,
pkgsrc-2012Q4-base,
pkgsrc-2012Q4,
pkgsrc-2011Q4-base,
pkgsrc-2011Q4,
pkgsrc-2011Q2-base,
pkgsrc-2011Q2,
pkgsrc-2009Q4-base,
pkgsrc-2009Q4,
pkgsrc-2008Q4-base,
pkgsrc-2008Q4,
pkgsrc-2008Q3-base,
pkgsrc-2008Q3,
pkgsrc-2008Q2-base,
pkgsrc-2008Q2,
pkgsrc-2008Q1-base,
pkgsrc-2008Q1,
cube-native-xorg-base,
cube-native-xorg,
HEAD
Changes since 1.29: +1 -1
lines
FILE REMOVED
Retire audit-packages in favour of pkg_install>=20070714. All functionality in this package is now in pkg_install>=20070714. As discussed on pkgsrc-users@ and OK'ed by agc@.
Revision 1.29 / (download) - annotate - [select for diffs], Fri Jul 14 22:41:58 2006 UTC (17 years, 9 months ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2007Q4-base,
pkgsrc-2007Q4,
pkgsrc-2007Q3-base,
pkgsrc-2007Q3,
pkgsrc-2007Q2-base,
pkgsrc-2007Q2,
pkgsrc-2007Q1-base,
pkgsrc-2007Q1,
pkgsrc-2006Q4-base,
pkgsrc-2006Q4,
pkgsrc-2006Q3-base,
pkgsrc-2006Q3
Changes since 1.28: +2 -2
lines
Diff to previous 1.28 (colored)
Minor typo fix.
Revision 1.28 / (download) - annotate - [select for diffs], Sun May 21 13:31:27 2006 UTC (17 years, 11 months ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2006Q2-base,
pkgsrc-2006Q2
Changes since 1.27: +12 -2
lines
Diff to previous 1.27 (colored)
Support fetching the pkg-vulnerabilities file over http Bump to version 1.43
Revision 1.27 / (download) - annotate - [select for diffs], Thu Oct 20 10:26:54 2005 UTC (18 years, 6 months ago) by agc
Branch: MAIN
CVS Tags: pkgsrc-2006Q1-base,
pkgsrc-2006Q1,
pkgsrc-2005Q4-base,
pkgsrc-2005Q4
Changes since 1.26: +2 -1
lines
Diff to previous 1.26 (colored)
Update audit-packages to version 1.39 Give the audit-pacakges a "-d" option to download the vulnerabilities file with downloaad-vulnerability-list before scanning the installed packages. Update the documentation accordingly. Get rid of some inconsistent style problems in the audit-packages script.
Revision 1.26 / (download) - annotate - [select for diffs], Fri Feb 11 16:51:16 2005 UTC (19 years, 2 months ago) by agc
Branch: MAIN
CVS Tags: pkgsrc-2005Q3-base,
pkgsrc-2005Q3,
pkgsrc-2005Q2-base,
pkgsrc-2005Q2,
pkgsrc-2005Q1-base,
pkgsrc-2005Q1
Changes since 1.25: +6 -6
lines
Diff to previous 1.25 (colored)
Update audit-packages to 1.33: In download-vulnerability-list, first set the PKGVULNDIR, then create the directory if it doesn't already exist. Pointed out by Geert Hendrickx on tech-pkg@
Revision 1.25 / (download) - annotate - [select for diffs], Fri Oct 29 10:45:45 2004 UTC (19 years, 5 months ago) by grant
Branch: MAIN
CVS Tags: pkgsrc-2004Q4-base,
pkgsrc-2004Q4
Changes since 1.24: +3 -4
lines
Diff to previous 1.24 (colored)
avoid use of test -e for consistency with pkgsrc itself. use consistent shell syntax.
Revision 1.24 / (download) - annotate - [select for diffs], Wed Apr 14 09:04:15 2004 UTC (20 years ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2004Q3-base,
pkgsrc-2004Q3,
pkgsrc-2004Q2-base,
pkgsrc-2004Q2
Changes since 1.23: +8 -1
lines
Diff to previous 1.23 (colored)
Make it a separate warning if downloading the file failed completely. Welcome to 1.30.
Revision 1.23 / (download) - annotate - [select for diffs], Mon Feb 9 03:56:34 2004 UTC (20 years, 2 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2004Q1-base,
pkgsrc-2004Q1
Changes since 1.22: +2 -1
lines
Diff to previous 1.22 (colored)
Update security/audit-packages to 1.29. Changes from version 1.28 include supporting using the FreeBSD "fetch" command to get the vulnerabilities list. Patch provided in PR 24371 by Michal Pasternak.
Revision 1.21.2.1 / (download) - annotate - [select for diffs], Tue Dec 30 15:45:01 2003 UTC (20 years, 3 months ago) by agc
Branch: pkgsrc-2003Q4
Changes since 1.21: +9 -4
lines
Diff to previous 1.21 (colored) next main 1.22 (colored)
Pullup more forgiving functionality to the pkgsrc-2003Q4 branch, and also incorporate the patches for an audit-packages.conf file. Requested by Jeremy Reed. PatchSet 46 Date: 2003/12/03 04:58:01 Author: martti Log: Updated audit-packages to 1.26 Added support for audit-packages.conf. This file can be used to define environment variables (e.g. FETCH_ARGS). Members: Makefile:1.34->1.35 files/audit-packages.8:1.3->1.4 files/download-vulnerability-list:1.21->1.22 --------------------- PatchSet 47 Date: 2003/12/03 09:31:01 Author: wiz Log: Bump date for previous. Fix typo. Members: files/audit-packages.8:1.4->1.5 --------------------- PatchSet 48 Date: 2003/12/11 17:10:21 Author: agc Log: Update audit-packages to version 1.27. Difference from previous version (1.26): + if the vulnerability list is older than a week, just display a warning message - don't consider this a fatal error. Members: Makefile:1.35->1.36 files/audit-packages:1.14->1.15
Revision 1.22 / (download) - annotate - [select for diffs], Wed Dec 3 04:58:01 2003 UTC (20 years, 4 months ago) by martti
Branch: MAIN
Changes since 1.21: +9 -4
lines
Diff to previous 1.21 (colored)
Updated audit-packages to 1.26 Added support for audit-packages.conf. This file can be used to define environment variables (e.g. FETCH_ARGS).
Revision 1.21 / (download) - annotate - [select for diffs], Sat Oct 18 10:16:57 2003 UTC (20 years, 6 months ago) by agc
Branch: MAIN
CVS Tags: pkgsrc-2003Q4-base
Branch point for: pkgsrc-2003Q4
Changes since 1.20: +33 -1
lines
Diff to previous 1.20 (colored)
Update audit-packages to 1.25. + get rid of unnecessary awk invocation in audit-packages, use shell construction instead, pointed out by enami tsugutomo. Cuts system and user execution times for audit-packages in half. + add (4-clause) licences to audit-packages and download-vulnerability-list + check integrity of pkg-vulnerabilities file in audit-packages by using the same construct as in download-vulnerability-list + CSE in error checking in audit-packages + properly terminate a case expression in download-vulnerability-list
Revision 1.20 / (download) - annotate - [select for diffs], Tue Sep 16 14:47:49 2003 UTC (20 years, 7 months ago) by grant
Branch: MAIN
Changes since 1.19: +2 -2
lines
Diff to previous 1.19 (colored)
netbsd.org -> NetBSD.org.
Revision 1.19 / (download) - annotate - [select for diffs], Tue Sep 16 09:06:04 2003 UTC (20 years, 7 months ago) by agc
Branch: MAIN
Changes since 1.18: +3 -2
lines
Diff to previous 1.18 (colored)
Update audit-packages to 1.23.
Use the first word of ${FETCH_CMD} to determine which utility is used.
Addresses PR 22760 from Todd Vierling.
Revision 1.18 / (download) - annotate - [select for diffs], Tue Sep 16 07:21:03 2003 UTC (20 years, 7 months ago) by agc
Branch: MAIN
Changes since 1.17: +2 -2
lines
Diff to previous 1.17 (colored)
Update audit-packages to 1.22: Make an informational message clearer.
Revision 1.17 / (download) - annotate - [select for diffs], Tue Sep 9 17:31:34 2003 UTC (20 years, 7 months ago) by agc
Branch: MAIN
Changes since 1.16: +9 -2
lines
Diff to previous 1.16 (colored)
Update audit-packages to 1.20. Support wget and curl as FETCH_CMDs, as discussed in PR 19103.
Revision 1.16 / (download) - annotate - [select for diffs], Tue Sep 2 10:20:29 2003 UTC (20 years, 7 months ago) by agc
Branch: MAIN
Changes since 1.15: +49 -18
lines
Diff to previous 1.15 (colored)
Update audit-packages to 1.18.
Changes from previous version:
+ rely on an embedded sha1 digest to tell whether the vulnerabilities
file has been damaged in transit or received successfully, rather than
trusting that the file will not grow smaller
+ use the new filename "pkg-vulnerabilities"
+ use definitions from defs.${OPSYS}.mk in the download-vulnerability-list
script
+ at installation time, don't rely on "ln -sf" to DTRT - explicitly call
"rm -f" before attempting the symbolc link
With thanks to seb@ for testing.
Revision 1.15 / (download) - annotate - [select for diffs], Fri Aug 22 10:11:58 2003 UTC (20 years, 8 months ago) by agc
Branch: MAIN
Changes since 1.14: +4 -4
lines
Diff to previous 1.14 (colored)
Update audit-packages to 1.17. Instead of using the number of bytes to determine whether or not the file has shrunk, use the number of lines. This will allow for spelling corrections, login name of committers being shorter than others, etc. This is a temporary measure until a better distribution mechanism is used. Suggested by David Brownlee.
Revision 1.14 / (download) - annotate - [select for diffs], Wed May 21 14:07:45 2003 UTC (20 years, 11 months ago) by seb
Branch: MAIN
Changes since 1.13: +7 -5
lines
Diff to previous 1.13 (colored)
Update to version 1.15.
The directory ${PKGVULNDIR)} holding the 'vulnerabilities' file
which default value is determined at configure time can now be
overridden at runtime from the environment.
As a side effect the strings substituted at configure time in
files/{audit-packages,download-vulnerability-list} are now of the
form '@VAR@' and not '${VAR}'.
Revision 1.13 / (download) - annotate - [select for diffs], Fri Dec 13 11:18:14 2002 UTC (21 years, 4 months ago) by uebayasi
Branch: MAIN
CVS Tags: netbsd-1-6-1-base,
netbsd-1-6-1
Changes since 1.12: +4 -3
lines
Diff to previous 1.12 (colored)
Change directory before ${FETCH_CMD} as mk/bsd.pkg.mk does. This avoids a
fetch error if FETCH_CMD is e.g. ``curl -O''. No functional changes.
Revision 1.12 / (download) - annotate - [select for diffs], Thu Jul 4 23:51:28 2002 UTC (21 years, 9 months ago) by wiz
Branch: MAIN
CVS Tags: pkgviews-base,
pkgviews,
netbsd-1-6-RELEASE-base,
netbsd-1-6
Changes since 1.11: +2 -1
lines
Diff to previous 1.11 (colored)
Add chmod a+r after downloading the new vulnerability file. Addresses part of pkg/17368. Bump to 1.14.
Revision 1.11 / (download) - annotate - [select for diffs], Fri Apr 26 12:45:24 2002 UTC (21 years, 11 months ago) by lukem
Branch: MAIN
CVS Tags: buildlink2-base,
buildlink2
Changes since 1.10: +6 -6
lines
Diff to previous 1.10 (colored)
Store vulnerabilities file in ${PKGVULNDIR} instead of ${DISTDIR}, in case
the latter is not appropriate. The former defaults to the latter.
Bump version to 1.12. Per discussion with Alistair Crooks.
Revision 1.10 / (download) - annotate - [select for diffs], Mon Dec 17 18:08:21 2001 UTC (22 years, 4 months ago) by wiz
Branch: MAIN
CVS Tags: netbsd-1-5-PATCH003
Changes since 1.9: +1 -0
lines
Diff to previous 1.9 (colored)
Add RCS Ids.
Revision 1.9 / (download) - annotate - [select for diffs], Mon Jun 25 18:31:20 2001 UTC (22 years, 9 months ago) by wiz
Branch: MAIN
Changes since 1.8: +1 -1
lines
Diff to previous 1.8 (colored)
Apply patch from pkg/13295; seems not to hurt NetBSD, and should help Solaris. Bump to 1.10.
Revision 1.8 / (download) - annotate - [select for diffs], Wed Jun 6 23:37:53 2001 UTC (22 years, 10 months ago) by wiz
Branch: MAIN
Changes since 1.7: +1 -1
lines
Diff to previous 1.7 (colored)
Fix warning output if new file is smaller than old one. Noted by Kimmo Suominen. Bump to 1.9.
Revision 1.7 / (download) - annotate - [select for diffs], Fri Apr 27 08:40:54 2001 UTC (22 years, 11 months ago) by agc
Branch: MAIN
CVS Tags: netbsd-1-5-PATCH001
Changes since 1.6: +8 -2
lines
Diff to previous 1.6 (colored)
Update audit-packages to 1.8: Fix a problem which occurs if the vulnerability list does not already exist. This fixes PR 12763 from Brian de Alwis (bsd@cs.ubc.ca), albeit in a slightly different manner. (I also added a check for the existence of the new vulnerabilities file, in case it was not downloaded for some reason).
Revision 1.6 / (download) - annotate - [select for diffs], Tue Apr 24 09:32:14 2001 UTC (23 years ago) by agc
Branch: MAIN
Changes since 1.5: +11 -9
lines
Diff to previous 1.5 (colored)
Update to version 1.7 of audit-packages.
Incorporates the following changes from Anne Bennett
(anne@alcor.concordia.ca) in PR 12538:
(1) Running download-vulnerability-list as it stands from cron will
spam the sysadmin with ftp output. Easy to fix: redirect output
to /dev/null as per the example in pkg/MESSAGE. Problem: now
we lose some error messages as well. Patch: make sure error
complaints in that script are spouted to STDERR, not STDOUT.
(3) Minor readability issue: set the source location for the
vulnerability list in a variable at the top of the script.
(4) PR 12457 reported that audit-packages complained spuriously
when the vulnerability list had not been updated in over a
week, and suggested touching it as a solution. This loses
the information of when the file was really last updated.
I'd prefer to always "mv" the new file into place, and use
mtime instead of ctime in the file freshness test.
I did this part of the PR differently, as I was worried about
incomplete vulnerability lists being downloaded, and overwriting an
existing vulnerability list:
(2) ftp failure in download-vulnerability-list is not being detected
properly by the current "${FETCH_CMD} .. || (complain; exit 1)"
test. Patch: test for a non-zero vulnerability file instead.
Don't forget to remove any zero-length droppings, if any.
We know that the vulnerability list size will increase, and not
decrease, so test the size of the newly-downloaded file. If the new
file is smaller than the existing file, then a bad transfer has taken
place - log this fact, and remove the new list.
Revision 1.5 / (download) - annotate - [select for diffs], Mon Apr 2 10:35:26 2001 UTC (23 years ago) by agc
Branch: MAIN
Changes since 1.4: +6 -4
lines
Diff to previous 1.4 (colored)
Bump audit-packages to 1.6. Always touch the downloaded vulnerability list, so that the audit-packages script doesn't moan erroneously. From Jim Bernard, in PR 12457.
Revision 1.4 / (download) - annotate - [select for diffs], Tue Mar 27 10:54:34 2001 UTC (23 years ago) by agc
Branch: MAIN
Changes since 1.3: +2 -0
lines
Diff to previous 1.3 (colored)
Clean up temporary vulnerabilities file, if it's the same as the existing one - addresses 2nd part of PR 12457, from Jim Bernard.
Revision 1.3 / (download) - annotate - [select for diffs], Tue Mar 20 10:36:19 2001 UTC (23 years, 1 month ago) by agc
Branch: MAIN
Changes since 1.2: +5 -0
lines
Diff to previous 1.2 (colored)
Update the download-vulnerability-list script to check for the
existence of ${DISTDIR}, and to create it if it doesn't exist. This
is for machines built with binary packages, which lack pkgsrc, but
this way preserves the location of the vulnerabilities file.
Addresses PR 12367
Revision 1.2 / (download) - annotate - [select for diffs], Sat Nov 11 02:23:00 2000 UTC (23 years, 5 months ago) by itojun
Branch: MAIN
Changes since 1.1: +2 -1
lines
Diff to previous 1.1 (colored)
touch vulnerability list after update, to make audit-package happier when vulnerability list is not updated for more than a week. solves PR 11463 (there are other ways to solve this, i'm open to your opinion).
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Tue Sep 19 19:23:17 2000 UTC (23 years, 7 months ago) by agc
Branch: TNF
CVS Tags: pkgsrc-base,
netbsd-1-5-RELEASE,
netbsd-1-4-PATCH003
Changes since 1.1: +0 -0
lines
Diff to previous 1.1 (colored)
Initial import of a package to scan a vulnerability list, looking for installed packages which are insecure and open to exploitation. The original idea came from Roland Dowdeswell and Bill Sommerfeld, quite independently, the unorthodox implementation by me. This package contains two scripts: (1) download-vulnerability-list, which downloads a list of vulnerable packages from the NetBSD ftp server, and (2) audit-packages, which scans all the packages installed on the local machine, looking for packages which are vulnerable.
Revision 1.1 / (download) - annotate - [select for diffs], Tue Sep 19 19:23:17 2000 UTC (23 years, 7 months ago) by agc
Branch: MAIN
Initial revision