Bug 223716

Summary: [NEW PORT] sysutils/base-audit Periodic script to check base for vulnerabilities
Product: Ports & Packages Reporter: Miroslav Lachman <000.fbsd>
Component: Individual Port(s)Assignee: Mark Felder <feld>
Status: Closed FIXED    
Severity: Affects Only Me CC: feld
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   
See Also: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212306
Description Flags
sysutils/base-audit shar
poudriere testport build log none

Description Miroslav Lachman 2017-11-16 23:34:36 UTC
Created attachment 188060 [details]
sysutils/base-audit shar

Mark Felder created VuXML entries for FreeBSD base about a year ago so we can check vulnerabilities based on version returned by freebsd-version.

We discussed it here

Mark was talking about creating a port but I can't find any.

I already submitted PR 212306 with patch for ports-mgmt/pkg to include this periodic script but it was left without any attention for more than one year. That's why I created this simple port just to install one periodic file:

Example of output e-mail by daily security periodic:

Checking for security vulnerabilities in base (userland & kernel):
Host system:
vulnxml file up-to-date
FreeBSD-10.3_3 is vulnerable:
libarchive -- multiple vulnerabilities
CVE: CVE-2015-2304
CVE: CVE-2013-0211
WWW: https://vuxml.FreeBSD.org/freebsd/7c63775e-be31-11e5-b5fe-002590263bf5.html

FreeBSD-10.3_3 is vulnerable:
FreeBSD -- Heap vulnerability in bspatch
CVE: CVE-2014-9862
WWW: https://vuxml.FreeBSD.org/freebsd/7d4f4955-600a-11e6-a6c3-14dae9d210b8.html
Comment 1 Miroslav Lachman 2017-11-16 23:35:43 UTC
Created attachment 188061 [details]
poudriere testport build log
Comment 2 Mark Felder freebsd_committer 2017-12-10 16:00:53 UTC
Committed with minor changes in https://svnweb.freebsd.org/ports?view=revision&revision=455902