1 files changed, 194 insertions, 5 deletions
diff --git a/security/portaudit/files/portaudit.functions b/security/portaudit/files/portaudit.functions
index 29d09ba5fb26..1b6a0fe9992c 100644
--- a/security/portaudit/files/portaudit.functions
+++ b/security/portaudit/files/portaudit.functions
@@ -1,8 +1,69 @@
 #!/bin/sh
+#
+# Copyright (c) 2004 Oliver Eikemeier. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#  1. Redistributions of source code must retain the above copyright notice
+#     this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the author nor the names of its contributors may be
+#    used to endorse or promote products derived from this software without
+#    specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+portaudit_confs()
+{
+	portaudit_dir=${portaudit_dir:-"%%DATABASEDIR%%"}
+	portaudit_filename=${portaudit_filename:-"auditfile.tbz"}
+
+	FETCH_ENV=
+	FETCH_CMD="fetch -1am"
+	FETCH_BEFORE_ARGS=
+	FETCH_AFTER_ARGS=
+
+	MASTER_SITE_LOCAL="
+		${MASTER_SITE_LOCAL}
+		ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
+		ftp://ftp.se.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
+		ftp://ftp.uk.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
+		ftp://ftp.ru.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
+		ftp://ftp.jp.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
+		ftp://ftp.tw.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
+		"
+
+	MASTER_SITE_SUBDIR=eik
+
+	#MASTER_SORT_REGEX="\.uk[.\/]"
+	MASTER_SORT_REGEX="#"
+
+	if [ -r %%PREFIX%%/etc/portaudit.conf ]; then
+		. %%PREFIX%%/etc/portaudit.conf
+	fi
+}
 
 extract_auditfile()
 {
-	tar -jxOf "${portaudit_file}" auditfile
+	tar -jxOf "${portaudit_dir}/${portaudit_filename}" auditfile
 }
 
 checksum_auditfile()
@@ -10,14 +71,142 @@ checksum_auditfile()
 	chksum1=`extract_auditfile |
 		sed -nEe '$s/^#CHECKSUM: *MD5 *([0-9a-f]{32})$/\1/p'`
 	chksum2=`extract_auditfile | sed -e '$d' | md5`
-	[ "${chksum1}" != "${chksum2}" ];
+	[ "${chksum1}" = "${chksum2}" ];
+}
+
+getcreated_auditfile()
+{
+	extract_auditfile |
+		sed -nEe '1s/^#CREATED: *([0-9]{4})-?([0-9]{2})-?([0-9]{2}).*$/\1\2\3/p'
 }
 
 checkexpiry_auditfile()
 {
-	created=`extract_auditfile |
-		sed -nEe '1s/^#CREATED: *([0-9]{4})-?([0-9]{2})-?([0-9]{2}).*$/\1\2\3/p'`
+	created=`getcreated_auditfile`
 	expiry=`date -u -v-$1d '+%Y%m%d'`
-	[ "${created}" -lt "${expiry}" ];
+	[ "${created}" -ge "${expiry}" ];
 }
 
+portaudit_prerequisites()
+{
+	if [ -z "${PKG_INFO}" ]; then
+		if [ -x %%LOCALBASE%%/sbin/pkg_info ]; then
+			PKG_INFO=%%LOCALBASE%%/sbin/pkg_info
+		else
+			PKG_INFO=/usr/sbin/pkg_info
+		fi
+	fi
+
+	if [ ! -x "${PKG_INFO}" ]; then
+		echo "${PKG_INFO} missing, please install port sysutils/pkg_install-devel"
+		return 1
+	fi
+
+	PKG_INSTALL_VER=`${PKG_INFO} -qP 2>/dev/null`
+	if [ -z "${PKG_INSTALL_VER}" -o "${PKG_INSTALL_VER}" -lt 20040125 ]; then
+		echo "${PKG_INFO} is too old, please update port sysutils/pkg_install-devel"
+		return 1
+	fi
+
+	if [ ! -r "${portaudit_dir}/${portaudit_filename}" ]; then
+		echo "portaudit: database missing, run \`portaudit -F' to update."
+		return 1
+	fi
+	if ! checksum_auditfile; then
+		echo "portaudit: corrupt database."
+		return 1
+	fi
+	if ! checkexpiry_auditfile 14; then
+		echo "portaudit: database too old."
+		return 1
+	fi
+
+	return 0
+}
+
+audit_installed()
+{
+	extract_auditfile | awk -F\| "
+		BEGIN { vul=0 }
+		/^(#|\$)/ { next }
+		{
+			cmd=\"${PKG_INFO} -E \\\"\" \$1 \"\\\"\"
+			while((cmd | getline pkg) > 0) {
+				vul++
+				print \"Affected package: \" pkg \"\\n\" \
+					\"Type of problem: \" \$3 \".\\n\" \
+					\"Reference: <\" \$2 \">\\n\"
+			}
+			close(cmd)
+		}
+		END {
+			print vul \" problem(s) in your installed packages found.\"
+			if (vul > 0) {
+				print \"\nYou are advised to update or deinstall\" \
+					\" the affected package(s) immediately.\"
+				exit(1)
+			}
+		}
+	"
+}
+
+fetch_locations()
+{
+	# site sort order is not overly smart
+	echo "${MASTER_SITE_LOCAL}" | awk "
+		BEGIN { RS=\"[ \\t\\n]\"; IGNORECASE=1; srand() }
+		/^$/ { next }
+		{
+			if (\$0 ~ /${MASTER_SORT_REGEX}/ ) rank=0; else rank=rand()
+			gsub(/%SUBDIR%/, \"${MASTER_SITE_SUBDIR}\")
+			print rank \"\\t\" \$0
+		}
+	" | sort -n | cut -f 2
+}
+
+fetch_auditfile()
+{
+	rc=1
+
+	if [ ! -d "${portaudit_dir}" ]; then
+		mkdir -p "${portaudit_dir}"
+	fi
+	if [ ! -w "${portaudit_dir}" ]; then
+		echo "Couldn't write to ${portaudit_dir}"
+		return 1
+
+	fi
+	cd "${portaudit_dir}"
+	if [ -r "${portaudit_filename}" ]; then
+		cp "${portaudit_filename}" "${portaudit_filename}.old"
+	fi
+
+	for site in `fetch_locations`; do
+		echo ">> Attempting to fetch from ${site}."
+		args="${site}/${portaudit_filename}"
+		env ${FETCH_ENV} ${FETCH_CMD} ${FETCH_BEFORE_ARGS} ${args} ${FETCH_AFTER_ARGS}
+		if [ $? -ne 0 ]; then
+			echo "Couldn't fetch database."
+		elif [ ! -f "${portaudit_dir}/${portaudit_filename}" ] ; then
+			echo "no database fetched."
+		elif ! checksum_auditfile; then
+			echo "fetched database corrupt."
+		elif ! checkexpiry_auditfile 7; then
+			echo "fetched database too old."
+		else
+			echo "new database installed."
+			rc=0
+			break
+		fi
+        done
+        if [ -f "${portaudit_filename}.old" ]; then
+        	if [ ${rc} -eq 0 ]; then
+			rm -f "${portaudit_filename}.old"
+		else
+			mv -f "${portaudit_filename}.old" "${portaudit_filename}"
+			echo "old database restored."
+		fi
+	fi
+	chmod a=r "${portaudit_filename}"
+	return ${rc}
+}