mirror of
https://git.freebsd.org/ports.git
synced 2025-07-18 01:39:16 -04:00
Check installed packages for vulnerabilities recorded in the CVE database.
Approved by: antoine (mentor)
This commit is contained in:
parent
a0e2d97661
commit
7bd275a7c6
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=451847
6 changed files with 132 additions and 0 deletions
47
security/cvechecker/Makefile
Normal file
47
security/cvechecker/Makefile
Normal file
|
@ -0,0 +1,47 @@
|
||||||
|
# Created by: Stefan Esser <se@FreeBSD.org>
|
||||||
|
# $FreeBSD$
|
||||||
|
|
||||||
|
PORTNAME= cvechecker
|
||||||
|
PORTVERSION= 3.8
|
||||||
|
CATEGORIES= security
|
||||||
|
|
||||||
|
MAINTAINER= se@FreeBSD.org
|
||||||
|
COMMENT= Check CVE database for vulnerabilities affecting installed packages
|
||||||
|
|
||||||
|
LICENSE= GPLv3
|
||||||
|
|
||||||
|
LIB_DEPENDS= libargp.so:devel/argp-standalone \
|
||||||
|
libconfig.so:devel/libconfig
|
||||||
|
RUN_DEPENDS= bash:shells/bash
|
||||||
|
|
||||||
|
MAKE_ENV+= LDADD=-largp
|
||||||
|
|
||||||
|
USES= autoreconf pkgconfig shebangfix
|
||||||
|
|
||||||
|
SHEBANG_FILES= scripts/cverules scripts/cvegenversdat
|
||||||
|
|
||||||
|
GNU_CONFIGURE= yes
|
||||||
|
CONFIGURE_ARGS= --localstatedir=/var/db
|
||||||
|
|
||||||
|
bash_OLD_CMD+= /bin/sh
|
||||||
|
|
||||||
|
OPTIONS_MULTI= DB
|
||||||
|
OPTIONS_MULTI_DB= MYSQL SQLITE
|
||||||
|
OPTIONS_DEFAULT= SQLITE
|
||||||
|
DB_DESC= CVE Database
|
||||||
|
|
||||||
|
MYSQL_USES= mysql ssl
|
||||||
|
MYSQL_CONFIGURE_ENABLE= mysql
|
||||||
|
|
||||||
|
SQLITE_USES= sqlite
|
||||||
|
SQLITE_CONFIGURE_ENABLE= sqlite3
|
||||||
|
|
||||||
|
USE_GITHUB= yes
|
||||||
|
GH_ACCOUNT= sjvermeu
|
||||||
|
GH_PROJECT= cvechecker
|
||||||
|
GH_TAGNAME= v${PORTVERSION}
|
||||||
|
|
||||||
|
post-stage:
|
||||||
|
${MV} ${STAGEDIR}${PREFIX}/etc/cvechecker.conf ${STAGEDIR}${PREFIX}/etc/cvechecker.conf.sample
|
||||||
|
|
||||||
|
.include <bsd.port.mk>
|
3
security/cvechecker/distinfo
Normal file
3
security/cvechecker/distinfo
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
TIMESTAMP = 1507628153
|
||||||
|
SHA256 (sjvermeu-cvechecker-3.8-v3.8_GH0.tar.gz) = 53a2f0edab34ea75d3d33b8c840f27c60464f0433c2b82bc8b02298306c53268
|
||||||
|
SIZE (sjvermeu-cvechecker-3.8-v3.8_GH0.tar.gz) = 3329220
|
37
security/cvechecker/files/patch-scripts_cverules
Normal file
37
security/cvechecker/files/patch-scripts_cverules
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
--- scripts/cverules.orig 2017-10-11 10:44:44 UTC
|
||||||
|
+++ scripts/cverules
|
||||||
|
@@ -19,26 +19,11 @@ then
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
-if [ -f /etc/gentoo-release ];
|
||||||
|
-then
|
||||||
|
- cd /var/db/pkg;
|
||||||
|
- for CAT in *;
|
||||||
|
- do
|
||||||
|
- cd ${CAT};
|
||||||
|
- for PKG in *;
|
||||||
|
- do
|
||||||
|
- echo "!!!! Checking ${PKG}";
|
||||||
|
- typeset PKGNAME=$(echo ${PKG} | sed -e 's:\(.*\)-[0-9][0-9]*.*:\1:g');
|
||||||
|
- typeset PKGVERSION=$(echo ${PKG} | sed -e 's:.*-\([0-9][0-9]*.*\):\1:g' | sed -e 's:-r[0-9]*$::g' | sed -e 's:\.:\\.:g');
|
||||||
|
- export IGNORESTRINGS="tmp/portage";
|
||||||
|
- qlist ${PKG} | egrep '(bin/|\.so)' | cvegenversdat ${PKGNAME} ${PKGVERSION} ${CONFFILE} breakon;
|
||||||
|
- done
|
||||||
|
- cd ..
|
||||||
|
- done
|
||||||
|
-else
|
||||||
|
- echo "Could not deduce if this system is a supported distribution or platform.";
|
||||||
|
- echo "Currently supported platforms are: Gentoo."
|
||||||
|
- echo "If you wish to help expand the supported distributions or platforms, please";
|
||||||
|
- echo "do not hesitate to contact the author at sven.vermeulen@siphos.be.";
|
||||||
|
- exit 1;
|
||||||
|
-fi
|
||||||
|
+for PKG in $(pkg info -q)
|
||||||
|
+do
|
||||||
|
+ echo "!!!! Checking ${PKG}"
|
||||||
|
+ set -- $(echo ${PKG} | sed -e 's:,[0-9][0-9]*$::; s:_[0-9][0-9]*$::; s:\(.*\)-r\{0,1\}\([0-9][0-9]*.*\):\1 \2:; s:\.:\\.:g')
|
||||||
|
+ PKGNAME=$1
|
||||||
|
+ PKGVERSION=$2
|
||||||
|
+ pkg list ${PKG} | egrep '(/bin/|/sbin/|/libexec/|\.so\.|\.so$)' | cvegenversdat ${PKGNAME} ${PKGVERSION} ${CONFFILE} breakon
|
||||||
|
+done
|
13
security/cvechecker/pkg-deinstall
Normal file
13
security/cvechecker/pkg-deinstall
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
[ "$2" = DEINSTALL ] && cat <<***EOM
|
||||||
|
------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
If you are no longer using the $1 port, then manually delete
|
||||||
|
the following directory:
|
||||||
|
|
||||||
|
/var/db/cvechecker
|
||||||
|
|
||||||
|
------------------------------------------------------------------------------
|
||||||
|
***EOM
|
||||||
|
exit 0
|
11
security/cvechecker/pkg-descr
Normal file
11
security/cvechecker/pkg-descr
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
------------------------------------------------------------------------------
|
||||||
|
The goal of cvechecker is to report about possible vulnerabilities on your
|
||||||
|
system, by scanning a list of installed software and matching results with
|
||||||
|
the CVE database.
|
||||||
|
|
||||||
|
This is not a bullet-proof method and you may have many false positives (ie:
|
||||||
|
vulnerability is fixed with a revision-release, but the tool isn't able to
|
||||||
|
detect the revision itself), yet it is still better than nothing, especially
|
||||||
|
if you are running a distribution with little security coverage.
|
||||||
|
|
||||||
|
WWW: https://github.com/sjvermeu/cvechecker/wiki
|
21
security/cvechecker/pkg-plist
Normal file
21
security/cvechecker/pkg-plist
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
bin/cvechecker
|
||||||
|
bin/cvegenversdat
|
||||||
|
bin/cvereport
|
||||||
|
bin/cverules
|
||||||
|
bin/pullcves
|
||||||
|
@sample %%ETCDIR%%.conf.sample
|
||||||
|
man/man1/cvechecker.1.gz
|
||||||
|
man/man1/cvegenversdat.1.gz
|
||||||
|
man/man1/cvereport.1.gz
|
||||||
|
man/man1/cverules.1.gz
|
||||||
|
man/man1/pullcves.1.gz
|
||||||
|
%%DATADIR%%/csv2xml.awk
|
||||||
|
%%DATADIR%%/cvereport.xsl
|
||||||
|
%%DATADIR%%/mysql_cvechecker.sql
|
||||||
|
%%DATADIR%%/nvdcve2simple.xsl
|
||||||
|
%%DATADIR%%/report.css
|
||||||
|
%%PORTDOCS%%%%DOCSDIR%%/acknowledgements.xml
|
||||||
|
%%PORTDOCS%%%%DOCSDIR%%/userguide.xml
|
||||||
|
@dir /var/db/cvechecker/cache
|
||||||
|
@dir /var/db/cvechecker/local
|
||||||
|
@dir /var/db/cvechecker
|
Loading…
Add table
Reference in a new issue