Add man page supplied by Jeremy C. Reed in PR 21865, with some fixes by me.

Bump to 1.16.
2003-06-12 06:59:30 +00:00 · 2003-06-12 06:59:30 +00:00 · 6dacb668a8
commit 6dacb668a8
parent afef40e1c0
3 changed files with 188 additions and 6 deletions
--- a/security/audit-packages/Makefile
+++ b/security/audit-packages/Makefile
@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.20 2003/05/21 14:07:45 seb Exp $
+# $NetBSD: Makefile,v 1.21 2003/06/12 06:59:30 wiz Exp $

-DISTNAME=	audit-packages-1.15
+DISTNAME=	audit-packages-1.16
 WRKSRC=		${WRKDIR}
 CATEGORIES=	security pkgtools
 MASTER_SITES=	# empty
@ -10,22 +10,39 @@ MAINTAINER=	agc@netbsd.org
 COMMENT=	tools to show vulnerabilities in installed packages

 NO_CHECKSUM=    yes
-NO_BUILD=	yes
 NO_MTREE=	yes

-do-configure:
-	@for f in audit-packages download-vulnerability-list; do	\
+.include "../../mk/bsd.prefs.mk"
+
+.if ${OPSYS} == "SunOS"
+# This doesn't create readable manual pages. "mandoc" should be added
+# to zoularis.
+NROFF=		nroff -man
+.else
+NROFF=		nroff -mandoc
+.endif
+
+do-build:
+	@for f in audit-packages audit-packages.8 \
+		download-vulnerability-list; do	\
 		${SED} -e 's|@PKGVULNDIR@|${PKGVULNDIR}|g' 		\
 			-e 's|@AWK@|${AWK}|g'				\
 			-e 's|@FETCH_CMD@|${FETCH_CMD}|g'		\
+			-e 's|@FETCH_CMD_SHORT@|${FETCH_CMD:T}|g'	\
+			-e 's|@PKGSRCDIR@|${_PKGSRCDIR}|g'		\
 			-e 's|@PKG_TOOLS_BIN@|${PKG_TOOLS_BIN}|g'	\
 			-e 's|@SH@|${SH}|g'				\
 			${FILESDIR}/$$f > ${WRKSRC}/$$f;		\
 	done
+	${NROFF} ${WRKSRC}/audit-packages.8 >${WRKSRC}/audit-packages.0

 do-install:
 	@for f in audit-packages download-vulnerability-list; do	\
 		${INSTALL_SCRIPT} ${WRKSRC}/$$f ${PREFIX}/sbin;	\
 	done
+	${INSTALL_MAN} ${WRKSRC}/audit-packages.0 ${PREFIX}/man/cat8
+	${INSTALL_MAN} ${WRKSRC}/audit-packages.8 ${PREFIX}/man/man8
+	${LN} -s audit-packages.0 ${PREFIX}/man/cat8/download-vulnerability-list.0
+	${LN} -s audit-packages.8 ${PREFIX}/man/man8/download-vulnerability-list.8

 .include "../../mk/bsd.pkg.mk"
--- a/security/audit-packages/PLIST
+++ b/security/audit-packages/PLIST
@ -1,3 +1,7 @@
-@comment $NetBSD: PLIST,v 1.1 2001/11/01 01:16:32 zuntum Exp $
+@comment $NetBSD: PLIST,v 1.2 2003/06/12 06:59:30 wiz Exp $
+man/cat8/audit-packages.0
+man/cat8/download-vulnerability-list.0
+man/man8/audit-packages.8
+man/man8/download-vulnerability-list.8
 sbin/audit-packages
 sbin/download-vulnerability-list
--- a/security/audit-packages/files/audit-packages.8
+++ b/security/audit-packages/files/audit-packages.8
@ -0,0 +1,161 @@
+.\" $NetBSD: audit-packages.8,v 1.1 2003/06/12 06:59:31 wiz Exp $
+.Dd June 11, 2003
+.Os
+.Dt AUDIT-PACKAGES 8
+.Sh NAME
+.Nm audit-packages ,
+.Nm download-vulnerability-list
+.Nd show vulnerabilities in installed packages
+.Sh SYNOPSIS
+.Nm
+.Nm download-vulnerability-list
+.Sh DESCRIPTION
+The
+.Nm
+program compares the installed packages with the
+.Pa vulnerabilities
+file and reports any known security issues to standard output.
+This output contains the name and version of the package, the
+type of vulnerability, and an URL for further information for each
+vulnerable package.
+.Pp
+The
+.Nm download-vulnerability-list
+program downloads this file from
+.Pa ftp://ftp.netbsd.org/pub/NetBSD/packages/distfiles/vulnerabilities
+using
+.Xr @FETCH_CMD_SHORT@ 1 .
+This vulnerabilities file documents all known security issues in
+pkgsrc packages and is kept up-to-date by the
+.Nx
+packages team.
+.Pp
+Each line lists the package and vulnerable versions, the type of exploit,
+and an Internet address for further information.
+Commonly, the types of exploits listed are:
+.Bl -bullet -compact -offset indent
+.It
+cross-site-html
+.It
+cross-site-scripting
+.It
+denial-of-service
+.It
+file-permissions
+.It
+local-access
+.It
+local-code-execution
+.It
+local-file-read
+.It
+local-file-removal
+.It
+local-file-write
+.It
+local-root-file-view
+.It
+local-root-shell
+.It
+local-symlink-race
+.It
+local-user-file-view
+.It
+local-user-shell
+.It
+privacy-leak
+.It
+remote-code-execution
+.It
+remote-command-inject
+.It
+remote-file-creation
+.It
+remote-file-read
+.It
+remote-file-view
+.It
+remote-file-write
+.It
+remote-key-theft
+.It
+remote-root-access
+.It
+remote-root-shell
+.It
+remote-script-inject
+.It
+remote-server-admin
+.It
+remote-use-of-secret
+.It
+remote-user-access
+.It
+remote-user-file-view
+.It
+remote-user-shell
+.It
+unknown
+.It
+weak-authentication
+.It
+weak-encryption
+.It
+weak-ssl-authentication
+.El
+.Pp
+By default, the vulnerabilities file is stored in the
+.Pa @PKGVULNDIR@
+directory.
+This can be changed by defining the environment variable
+.Ev PKGVULNDIR
+to the directory containing the vulnerabilities file.
+.Sh ENVIRONMENT
+.Bl -tag -width PKGVULNDIR
+.It Ev PKGVULNDIR
+Specifies the directory containing the
+.Pa vulnerabilities
+file.
+.El
+.Sh FILES
+.Pa @PKGVULNDIR@/vulnerabilities
+.\" .Sh EXAMPLES
+.Sh EXAMPLES
+The
+.Nm download-vulnerability-list
+command can be run via
+.Xr cron 8
+to update the
+.Pa vulnerabilities
+daily.
+And
+.Nm
+can be run via
+.Xr cron 8
+(or with
+.Nx Ns 's
+.Pa /etc/security.local
+daily security script).
+.Sh SEE ALSO
+.Xr pkg_info 1 ,
+.Xr mk.conf 5 ,
+.Xr packages 7 ,
+.Pa @PKGSRCDIR@/mk/bsd.pkg.defaults.mk
+and
+.Rs
+.%T "Documentation on the NetBSD Package System"
+.Re
+.Pa @PKGSRCDIR@/Packages.txt
+.Sh HISTORY
+The
+.Nm
+and
+.Nm download-vulnerability-list
+commands were originally implemented and added to
+.Nx Ns 's
+pkgsrc by
+.An Alistair Crooks
+on September 19, 2000.
+The original idea came from Roland Dowdeswell and Bill Sommerfeld.
+.\" .Sh AUTHORS
+.\" .Sh SECURITY CONSIDERATIONS