166561 – [patch] ports-mgmt/portaudit should be able to use ports openssl(1)

Bug 166561 - [patch] ports-mgmt/portaudit should be able to use ports openssl(1)

Summary: [patch] ports-mgmt/portaudit should be able to use ports openssl(1)

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	Security Team

URL:
Keywords:

Depends on:
Blocks:

Reported:	2012-04-01 19:40 UTC by Eugene Grosbein
Modified:	2013-08-01 21:22 UTC (History)
CC List:	0 users

See Also:

Attachments
file.diff (947 bytes, patch) 2012-04-01 19:40 UTC, Eugene Grosbein	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Eugene Grosbein 2012-04-01 19:40:12 UTC

	Sometimes, one may install openssl from ports without overwriting
	base system stock openssl.

	portaudit should have an option to make it use /usr/local/bin/openssl
	instead of /usr/bin/openssl. Let it recognise new option named
	"portaudit_openssl" in its /usr/local/etc/portaudit.conf
	and use provided openssl(1) path.

How-To-Repeat: 
	N/A

Comment 1 Edwin Groothuis freebsd_committer

2012-04-01 19:40:23 UTC

Responsible Changed
From-To: freebsd-ports-bugs->secteam

Over to maintainer (via the GNATS Auto Assign Tool)

Comment 2 dfilter service freebsd_committer

2013-08-01 20:03:48 UTC

Author: remko (src,doc committer)
Date: Thu Aug  1 19:03:40 2013
New Revision: 324119
URL: http://svnweb.freebsd.org/changeset/ports/324119

Log:
  Add support for an alternative openssl location, for example when installed
  via the Ports Collection.
  
  PR:		166561
  Submitted by:	Eugene Grosbein <eugen@grosbein.pp.ru>

Modified:
  head/ports-mgmt/portaudit/files/portaudit-cmd.sh
  head/ports-mgmt/portaudit/files/portaudit.conf

Modified: head/ports-mgmt/portaudit/files/portaudit-cmd.sh
==============================================================================
--- head/ports-mgmt/portaudit/files/portaudit-cmd.sh	Thu Aug  1 18:47:43 2013	(r324118)
+++ head/ports-mgmt/portaudit/files/portaudit-cmd.sh	Thu Aug  1 19:03:40 2013	(r324119)
@@ -52,6 +52,7 @@ portaudit_confs()
 	: ${portaudit_pubkey:="%%PREFIX%%/etc/portaudit.pubkey"}
 
 	: ${portaudit_fixed=""}
+	: ${portaudit_openssl:="/usr/bin/openssl"}
 }
 
 extract_auditfile_raw()
@@ -78,10 +79,10 @@ checksignature_auditfile()
 	local TMPFILE=`mktemp -t portaudit`
 
 	extract_auditfile_raw | egrep "^#SIGNATURE: " | sed "s/^#SIGNATURE: //g" \
-		| openssl enc -d -a >$TMPFILE
+		| $portaudit_openssl enc -d -a >$TMPFILE
 	signatureresult=`extract_auditfile_raw | egrep -v "^#SIGNATURE: " \
 	    | egrep -v "^#CHECKSUM: " \
-	    | openssl dgst -sha256 -verify ${portaudit_pubkey} -signature $TMPFILE`
+	    | $portaudit_openssl dgst -sha256 -verify ${portaudit_pubkey} -signature $TMPFILE`
 	if [ -n "$TMPFILE" ]; then
 		rm "$TMPFILE"
 	fi

Modified: head/ports-mgmt/portaudit/files/portaudit.conf
==============================================================================
--- head/ports-mgmt/portaudit/files/portaudit.conf	Thu Aug  1 18:47:43 2013	(r324118)
+++ head/ports-mgmt/portaudit/files/portaudit.conf	Thu Aug  1 19:03:40 2013	(r324119)
@@ -17,3 +17,6 @@
 
 # this vulnerability has been fixed in your FreeBSD version
 #portaudit_fixed="d2102505-f03d-11d8-81b0-000347a4fa7d"
+
+# Alternative location for openssl
+#portaudit_openssl="/usr/bin/openssl"
_______________________________________________
svn-ports-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-ports-all
To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"

Comment 3 Remko Lodder freebsd_committer

2013-08-01 21:22:47 UTC

State Changed
From-To: open->closed

Hello, I have committed the patch and suggested the default openssl 
version in portaudit.conf. Thanks for your submission and for using 
FreeBSD!