FreeBSD Bugzilla – Attachment 234940 Details for
Bug 264878
security/base-audit: Mark DEPRECATED and set EXPIRATION_DATE
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Updated patch file
security_base-audit.patch (text/plain), 11.64 KB, created by
Yasuhiro Kimura
on 2022-06-26 02:29:48 UTC
(
hide
)
Description:
Updated patch file
Filename:
MIME Type:
Creator:
Yasuhiro Kimura
Created:
2022-06-26 02:29:48 UTC
Size:
11.64 KB
patch
obsolete
>From b9c34691e9290dfa9a1245ccc9d3d5bb950fc3bc Mon Sep 17 00:00:00 2001 >From: Yasuhiro Kimura <yasu@FreeBSD.org> >Date: Sun, 26 Jun 2022 11:24:36 +0900 >Subject: [PATCH] security/base-audit: Remove port > >* Remove port as 405.pkg-base-audit, core file of the port, is merged > into ports-mgmt/pkg with pkg 1.18.1. >* Add entry to MOVED and UPDATING. > >PR: 264878 >--- > MOVED | 1 + > UPDATING | 10 + > security/Makefile | 1 - > security/base-audit/Makefile | 31 --- > .../base-audit/files/405.pkg-base-audit.in | 223 ------------------ > security/base-audit/pkg-descr | 4 - > security/base-audit/pkg-message | 21 -- > 7 files changed, 11 insertions(+), 280 deletions(-) > delete mode 100644 security/base-audit/Makefile > delete mode 100755 security/base-audit/files/405.pkg-base-audit.in > delete mode 100644 security/base-audit/pkg-descr > delete mode 100644 security/base-audit/pkg-message > >diff --git a/MOVED b/MOVED >index 0d4ad2ac330b..741e449192f4 100644 >--- a/MOVED >+++ b/MOVED >@@ -17221,3 +17221,4 @@ textproc/rubygem-elasticsearch-rails6|textproc/rubygem-elasticsearch-rails|2022- > devel/p5-Goo-Canvas|devel/p5-Goo-Canvas2|2022-06-24|Obsolete use devel/p5-Goo-Canvas2 instead > graphics/goocanvas|graphics/goocanvas3|2022-06-24|Obsolete use graphics/goocanvas3 > x11-toolkits/tepl|x11-toolkits/tepl6|2022-06-25|Obsolete use x11-toolkits/tepl6 >+security/base-audit|ports-mgmt/pkg|2022-06-26|Merged into ports-mgmt/pkg >diff --git a/UPDATING b/UPDATING >index dd97de6ce469..46ed32dc9996 100644 >--- a/UPDATING >+++ b/UPDATING >@@ -5,6 +5,16 @@ they are unavoidable. > You should get into the habit of checking this file for changes each time > you update your ports collection, before attempting any port upgrades. > >+20220626: >+AFFECTS: users of security/base-audit >+ AUTHOR: yasu@FreeBSD.org >+ >+ This port is removed as 405.pkg-base-audit, core file of the port, >+ is merged into ports-mgmt/pkg with pkg 1.18.1. If you use portmaster >+ or portupgrade, do `pkg delete base-audit` before upgrading >+ ports-mgmt/pkg. If you use pkg with binary packages, `pkg upgrade` >+ should do everething properly. >+ > 20220625: > AFFECTS: users of sysutils/fusefs-bindfs > AUTHOR: doralitze@chaotikum.org >diff --git a/security/Makefile b/security/Makefile >index 8445234bfeda..8517f5e1378f 100644 >--- a/security/Makefile >+++ b/security/Makefile >@@ -40,7 +40,6 @@ > SUBDIR += aws-vault > SUBDIR += barnyard2 > SUBDIR += barnyard2-sguil >- SUBDIR += base-audit > SUBDIR += bastillion > SUBDIR += bcrypt > SUBDIR += bcwipe >diff --git a/security/base-audit/Makefile b/security/base-audit/Makefile >deleted file mode 100644 >index f6233a937f9e..000000000000 >--- a/security/base-audit/Makefile >+++ /dev/null >@@ -1,31 +0,0 @@ >-# Created by: Miroslav Lachman >- >-PORTNAME= base-audit >-PORTVERSION= 0.5 >-CATEGORIES= security >-MASTER_SITES= # none >-DISTFILES= # none >- >-MAINTAINER= 000.fbsd@quip.cz >-COMMENT= Daily periodic check of vulnerabilities in base system >- >-LICENSE= BSD3CLAUSE >- >-RUN_DEPENDS= ${LOCALBASE}/sbin/pkg:${PKG_ORIGIN} >- >-NO_ARCH= yes >-NO_BUILD= yes >-NO_INSTALL= yes >- >-SUB_FILES= 405.pkg-base-audit >- >-PERIODIC_SECURITY= etc/periodic/security >- >-PLIST_FILES= ${PERIODIC_SECURITY}/405.pkg-base-audit >- >-do-install: >- @${MKDIR} ${STAGEDIR}${PREFIX}/${PERIODIC_SECURITY} >- ${INSTALL_SCRIPT} ${WRKDIR}/405.pkg-base-audit \ >- ${STAGEDIR}${PREFIX}/${PERIODIC_SECURITY} >- >-.include <bsd.port.mk> >diff --git a/security/base-audit/files/405.pkg-base-audit.in b/security/base-audit/files/405.pkg-base-audit.in >deleted file mode 100755 >index f607a5929fc7..000000000000 >--- a/security/base-audit/files/405.pkg-base-audit.in >+++ /dev/null >@@ -1,223 +0,0 @@ >-#!/bin/sh -f >-# >-# Copyright (c) 2004 Oliver Eikemeier. All rights reserved. >-# Copyright (c) 2014 Matthew Seaman <matthew@FreeBSD.org> >-# Copyright (c) 2016 Miroslav Lachman <000.fbsd@quip.cz> >-# >-# Redistribution and use in source and binary forms, with or without >-# modification, are permitted provided that the following conditions are >-# met: >-# >-# 1. Redistributions of source code must retain the above copyright notice >-# this list of conditions and the following disclaimer. >-# >-# 2. Redistributions in binary form must reproduce the above copyright >-# notice, this list of conditions and the following disclaimer in the >-# documentation and/or other materials provided with the distribution. >-# >-# 3. Neither the name of the author nor the names of its contributors may be >-# used to endorse or promote products derived from this software without >-# specific prior written permission. >-# >-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, >-# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY >-# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE >-# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, >-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT >-# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, >-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY >-# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT >-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF >-# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. >- >-if [ -r /etc/defaults/periodic.conf ]; then >- . /etc/defaults/periodic.conf >- source_periodic_confs >-fi >- >-: ${security_status_baseaudit_enable:=YES} >-: ${security_status_baseaudit_period:=daily} >-: ${security_status_baseaudit_quiet:=NO} >-: ${security_status_baseaudit_chroots=$pkg_chroots} >-: ${security_status_baseaudit_jails=$pkg_jails} >-: ${security_status_baseaudit_jails_ignore=""} >-: ${security_status_baseaudit_expiry:=2} >- >-# Compute PKG_DBDIR from the config file. >-pkgcmd=%%PREFIX%%/sbin/pkg >-PKG_DBDIR=`${pkgcmd} config PKG_DBDIR` >-auditfile="${PKG_DBDIR}/vuln.xml" >- >-audit_base() { >- local pkgargs="$1" >- local basedir="$2" >- local rc >- local then >- local now >- local usrlv >- local krnlv >- local strlen >- local chrootv >- local jailv >- local jid >- >- ## get version from chroot >- if [ -n "`echo "$pkgargs" | egrep '^-c'`" ]; then >- if [ -x "$basedir/bin/freebsd-version" ]; then >- chrootv=$($basedir/bin/freebsd-version -u) >- ## safety check - strlen >- strlen=$(echo "$chrootv" | wc -c) >- if [ $strlen -gt 17 -o $strlen -lt 11 ]; then >- echo "Wrong version string, cannot run audit" >- return 3 >- fi >- usrlv=$(echo $chrootv | sed 's,^,FreeBSD-,;s,-RELEASE-p,_,;s,-RELEASE$,,') >- else >- echo "Cannot guess chroot version" >- return 3 >- fi >- ## get version from jail >- elif [ -n "`echo "$pkgargs" | egrep '^-j'`" ]; then >- jid=$(echo "$pkgargs" | awk '$1 ~ /^-[j]/ { print $2 }') >- jailv=$(jexec $jid freebsd-version -u) >- ## safety check - strlen >- strlen=$(echo "$jailv" | wc -c) >- if [ $strlen -gt 17 -o $strlen -lt 11 ]; then >- echo "Wrong version string, cannot run audit" >- return 3 >- fi >- usrlv=$(echo $jailv | sed 's,^,FreeBSD-,;s,-RELEASE-p,_,;s,-RELEASE$,,') >- ## get version from host >- else >- usrlv=$(freebsd-version -u | sed 's,^,FreeBSD-,;s,-RELEASE-p,_,;s,-RELEASE$,,') >- fi >- >- then=`stat -f '%m' "${basedir}${auditfile}" 2> /dev/null` || rc=3 >- now=`date +%s` || rc=3 >- ## Add 10 minutes of padding since the check is in seconds. >- if [ $rc -ne 0 -o \ >- $(( 86400 \* "${security_status_baseaudit_expiry}" )) \ >- -le $(( ${now} - ${then} + 600 )) ]; then >- ## When non-interactive, sleep to reduce congestion on mirrors >- anticongestion >- f="-F" >- else >- echo -n 'Database fetched: ' >- date -r "${then}" || rc=3 >- fi >- >- ## cannot check kernel in jail or chroot >- if [ -z "`echo "$pkgargs" | egrep '^-[cj]'`" -a `sysctl -n security.jail.jailed` = 0 ]; then >- krnlv=$(freebsd-version -k | sed 's,^,FreeBSD-kernel-,;s,-RELEASE-p,_,;s,-RELEASE$,,') >- ${pkgcmd} audit $f $q $krnlv || { rc=$?; [ $rc -lt 3 ] && rc=3; } >- fi >- >- ${pkgcmd} audit $f $q $usrlv || { rc=$?; [ $rc -lt 3 ] && rc=3; } >- >- return $rc >-} >- >-# Use $pkg_chroots to provide a default list of chroots, and >-# $pkg_jails to provide a default list of jails (or '*' for all jails) >-# for all pkg periodic scripts, or set >-# $security_status_baseaudit_chroots and >-# $security_status_baseaudit_jails for this script only. >- >-audit_base_all() { >- local rc >- local last_rc >- local jails >- >- # We always show audit results for the base system, but only print >- # a banner line if we're also showing audit results for any >- # chroots or jails. >- >- if [ -n "${security_status_baseaudit_chroots}" -o \ >- -n "${security_status_baseaudit_jails}" ]; then >- echo "Host system:" >- fi >- >- audit_base '' '' >- last_rc=$? >- [ $last_rc -gt 1 ] && rc=$last_rc >- >- for c in $security_status_baseaudit_chroots ; do >- echo >- echo "chroot: $c" >- audit_base "-c $c" $c >- last_rc=$? >- [ $last_rc -gt 1 ] && rc=$last_rc >- done >- >- case $security_status_baseaudit_jails in >- \*) >- jails=$(jls -q -h name path | sed -e 1d -e 's/ /|/') >- ;; >- '') >- jails= >- ;; >- *) >- # Given the jail name or jid, find the jail path >- jails= >- for j in $security_status_baseaudit_jails ; do >- p=$(jls -j $j -h name path | sed -e 1d -e 's/ /|/') >- jails="${jails} ${p}" >- done >- ;; >- esac >- >- for j in $jails ; do >- # ignore some jails >- if [ -n "$security_status_baseaudit_jails_ignore" ]; then >- # we iterate to get exact matches because we want substring matches >- # foo should not match foo.bar >- for ignore in $security_status_baseaudit_jails_ignore ; do >- if [ "${j%|*}" == "$ignore" ]; then >- echo >- echo "ignoring jail: ${j%|*}" >- # continue with the main loop >- continue 2 >- fi >- done >- fi >- echo >- echo "jail: ${j%|*}" >- audit_base "-j ${j%|*}" ${j##*|} >- last_rc=$? >- [ $last_rc -gt 1 ] && rc=$last_rc >- done >- >- return $rc >-} >- >-security_daily_compat_var security_status_baseaudit_enable >-security_daily_compat_var security_status_baseaudit_quiet >-security_daily_compat_var security_status_baseaudit_chroots >-security_daily_compat_var security_status_baseaudit_jails >-security_daily_compat_var security_status_baseaudit_exipiry >- >-rc=0 >- >-if check_yesno_period security_status_baseaudit_enable >-then >- echo >- echo 'Checking for security vulnerabilities in base (userland & kernel):' >- >- if ! ${pkgcmd} -N >/dev/null 2>&1 ; then >- echo 'pkg-audit is enabled but pkg is not used' >- rc=2 >- else >- case "${security_status_baseaudit_quiet}" in >- [Yy][Ee][Ss]) >- q='-q' >- ;; >- *) >- q= >- ;; >- esac >- >- audit_base_all ; rc=$? >- fi >-fi >- >-exit "$rc" >diff --git a/security/base-audit/pkg-descr b/security/base-audit/pkg-descr >deleted file mode 100644 >index 11e8cb99a1aa..000000000000 >--- a/security/base-audit/pkg-descr >+++ /dev/null >@@ -1,4 +0,0 @@ >-Audit base system against known vulnerabilities and generate reports >-including references to security advisories. >-It uses pkg audit and Vuxml database as is used for packages but this script >-checks base system. >diff --git a/security/base-audit/pkg-message b/security/base-audit/pkg-message >deleted file mode 100644 >index bc13d51ef98f..000000000000 >--- a/security/base-audit/pkg-message >+++ /dev/null >@@ -1,21 +0,0 @@ >-[ >-{ type: install >- message: <<EOM >-Add the following lines to /etc/periodic.conf(.local) to enable periodic check >- security_status_baseaudit_enable="YES" >- security_status_baseaudit_quiet="NO" >- >-Use pkg_chroots to provide a default list of chroots >-and pkg_jails to provide a default list of jails (or '*' for all jails) >-for all pkg periodic scripts, or set >- security_status_baseaudit_chroots >-and >- security_status_baseaudit_jails >-for this script only. >- >-You can also change following variables: >- security_status_baseaudit_period="daily" >- security_status_baseaudit_expiry="2" >-EOM >-} >-] >-- >2.36.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=234940">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 264878
:
234921
| 234940