Bug 166561 - [patch] ports-mgmt/portaudit should be able to use ports openssl(1)
Summary: [patch] ports-mgmt/portaudit should be able to use ports openssl(1)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Security Team
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-04-01 19:40 UTC by Eugene Grosbein
Modified: 2013-08-01 21:22 UTC (History)
0 users

See Also:


Attachments
file.diff (947 bytes, patch)
2012-04-01 19:40 UTC, Eugene Grosbein
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Eugene Grosbein 2012-04-01 19:40:12 UTC
	Sometimes, one may install openssl from ports without overwriting
	base system stock openssl.

	portaudit should have an option to make it use /usr/local/bin/openssl
	instead of /usr/bin/openssl. Let it recognise new option named
	"portaudit_openssl" in its /usr/local/etc/portaudit.conf
	and use provided openssl(1) path.

How-To-Repeat: 
	N/A
Comment 1 Edwin Groothuis freebsd_committer 2012-04-01 19:40:23 UTC
Responsible Changed
From-To: freebsd-ports-bugs->secteam

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 dfilter service freebsd_committer 2013-08-01 20:03:48 UTC
Author: remko (src,doc committer)
Date: Thu Aug  1 19:03:40 2013
New Revision: 324119
URL: http://svnweb.freebsd.org/changeset/ports/324119

Log:
  Add support for an alternative openssl location, for example when installed
  via the Ports Collection.
  
  PR:		166561
  Submitted by:	Eugene Grosbein <eugen@grosbein.pp.ru>

Modified:
  head/ports-mgmt/portaudit/files/portaudit-cmd.sh
  head/ports-mgmt/portaudit/files/portaudit.conf

Modified: head/ports-mgmt/portaudit/files/portaudit-cmd.sh
==============================================================================
--- head/ports-mgmt/portaudit/files/portaudit-cmd.sh	Thu Aug  1 18:47:43 2013	(r324118)
+++ head/ports-mgmt/portaudit/files/portaudit-cmd.sh	Thu Aug  1 19:03:40 2013	(r324119)
@@ -52,6 +52,7 @@ portaudit_confs()
 	: ${portaudit_pubkey:="%%PREFIX%%/etc/portaudit.pubkey"}
 
 	: ${portaudit_fixed=""}
+	: ${portaudit_openssl:="/usr/bin/openssl"}
 }
 
 extract_auditfile_raw()
@@ -78,10 +79,10 @@ checksignature_auditfile()
 	local TMPFILE=`mktemp -t portaudit`
 
 	extract_auditfile_raw | egrep "^#SIGNATURE: " | sed "s/^#SIGNATURE: //g" \
-		| openssl enc -d -a >$TMPFILE
+		| $portaudit_openssl enc -d -a >$TMPFILE
 	signatureresult=`extract_auditfile_raw | egrep -v "^#SIGNATURE: " \
 	    | egrep -v "^#CHECKSUM: " \
-	    | openssl dgst -sha256 -verify ${portaudit_pubkey} -signature $TMPFILE`
+	    | $portaudit_openssl dgst -sha256 -verify ${portaudit_pubkey} -signature $TMPFILE`
 	if [ -n "$TMPFILE" ]; then
 		rm "$TMPFILE"
 	fi

Modified: head/ports-mgmt/portaudit/files/portaudit.conf
==============================================================================
--- head/ports-mgmt/portaudit/files/portaudit.conf	Thu Aug  1 18:47:43 2013	(r324118)
+++ head/ports-mgmt/portaudit/files/portaudit.conf	Thu Aug  1 19:03:40 2013	(r324119)
@@ -17,3 +17,6 @@
 
 # this vulnerability has been fixed in your FreeBSD version
 #portaudit_fixed="d2102505-f03d-11d8-81b0-000347a4fa7d"
+
+# Alternative location for openssl
+#portaudit_openssl="/usr/bin/openssl"
_______________________________________________
svn-ports-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-ports-all
To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
Comment 3 Remko Lodder freebsd_committer 2013-08-01 21:22:47 UTC
State Changed
From-To: open->closed

Hello, I have committed the patch and suggested the default openssl 
version in portaudit.conf. Thanks for your submission and for using 
FreeBSD!