Index: head/security/greenbone-security-assistant9/Makefile =================================================================== --- head/security/greenbone-security-assistant9/Makefile (revision 447482) +++ head/security/greenbone-security-assistant9/Makefile (revision 447483) @@ -1,19 +1,20 @@ # $FreeBSD$ PORTNAME= greenbone-security-assistant9 PORTVERSION= 7.0.2 +PORTREVISION= 2 MASTER_SITES= http://wald.intevation.org/frs/download.php/2429/ COMMENT= OpenVAS 9 web interface CONFLICTS= ${PORTNAME:S/${OPENVAS_VER}/8/}-* MASTERDIR= ${.CURDIR}/../../security/greenbone-security-assistant8 DISTINFO_FILE= ${.CURDIR}/distinfo PATCHDIR= ${.CURDIR}/files PLIST= ${.CURDIR}/pkg-plist OPENVAS_VER= 9 .include "${MASTERDIR}/Makefile" Index: head/security/greenbone-security-assistant9/files/gsad.in =================================================================== --- head/security/greenbone-security-assistant9/files/gsad.in (revision 447482) +++ head/security/greenbone-security-assistant9/files/gsad.in (revision 447483) @@ -1,27 +1,27 @@ #!/bin/sh # # $FreeBSD$ # # PROVIDE: gsad # REQUIRE: DAEMON # KEYWORD: shutdown # # Add the following to /etc/rc.conf[.local] to enable this service # # gsad_enable (bool): Set to NO by default. # Set it to YES to enable gsad. # gsad_flags (params): Set params used to start gsad. # . /etc/rc.subr name=gsad rcvar=${name}_enable command="%%PREFIX%%/sbin/gsad" pidfile=/var/run/gsad.pid : ${gsad_enable="NO"} -: ${gsad_flags="--listen=127.0.0.1 --port=8080 --http-only"} +: ${gsad_flags="--listen=127.0.0.1 --port=8080 --http-only --munix-socket=/var/run/openvasmd.sock"} load_rc_config $name run_rc_command "$1" Index: head/security/openvas8/Makefile =================================================================== --- head/security/openvas8/Makefile (revision 447482) +++ head/security/openvas8/Makefile (revision 447483) @@ -1,32 +1,33 @@ # Created by: Alonso Cardenas Marquez # $FreeBSD$ PORTNAME= openvas8 PORTVERSION= 8.0 +PORTREVISION= 1 CATEGORIES= security MAINTAINER= acm@FreeBSD.org COMMENT= openvas 8 vulnerability scanner (metaport) USES= metaport # Install OpenVAS libraries RUN_DEPENDS+= ${LOCALBASE}/lib/libopenvas_base.so:security/openvas${OPENVAS_VER}-libraries # Install OpenVAS Commnad Line RUN_DEPENDS+= ${LOCALBASE}/bin/omp:security/openvas${OPENVAS_VER}-cli # Install OpenVAS Manager RUN_DEPENDS+= ${LOCALBASE}/sbin/openvasmd:security/openvas${OPENVAS_VER}-manager # Install OpenVAS Scanner RUN_DEPENDS+= ${LOCALBASE}/sbin/openvassd:security/openvas${OPENVAS_VER}-scanner # Install OpenVAS Web Interface RUN_DEPENDS+= ${LOCALBASE}/sbin/gsad:security/greenbone-security-assistant${OPENVAS_VER} SUB_FILES= pkg-message OPENVAS_VER= 8 .include Index: head/security/openvas8/files/pkg-message.in =================================================================== --- head/security/openvas8/files/pkg-message.in (revision 447482) +++ head/security/openvas8/files/pkg-message.in (revision 447483) @@ -1,56 +1,57 @@ ############################################################################### OpenVAS 8 ports were installed 1) Redis is a dependency of OpenVAS. Please, configure redis-server for listening on socket /tmp/redis.sock. openvassd needs it 2) If you installed security/openvas8-manager port (openvasmd) with PostgrSQL support, please look at: %%LOCALBASE%%/share/docs/openvas-scanner/postgres-HOWTO It will guide you for configure PostgreSQL as OpenVAS database backend instead of SQLite3 3) The following steps are neccessary before of you can access to OpenVAS web interface (gsad): + # openvassd # openvas-mkcert # openvas-mkcert-client -n -i - # openvasmd --rebuild --progress # openvas-nvt-sync # openvas-scapdata-sync # openvas-certdata-sync + # openvasmd --rebuild --progress # openvasmd --create-user=admin --role=Admin # openvasmd --user=admin --new-password=yourpassword 4) Add the following lines to /etc/rc.conf openvassd_enable="YES" openvasmd_enable="YES" gsad_enable="YES" 5) Start OpenVAS Scanner. It will listen on 127.0.0.1:9391 by default # service openvassd restart 6) 5) Start OpenVAS Manager. It will listen on 127.0.0.1:9390 by default # service openvasmd restart # openvasmd --rebuild --progress 7) Start OpenVAS web interface. It will listen on http://127.0.0.1:8080 by default # service gsad start 8) gsad can export results to PDF. It needs print/texlive-texmf port # pkg install texlive-texmf It will install 1G of data 9) Enjoy it ############################################################################### Index: head/security/openvas8-manager/Makefile =================================================================== --- head/security/openvas8-manager/Makefile (revision 447482) +++ head/security/openvas8-manager/Makefile (revision 447483) @@ -1,56 +1,57 @@ # $FreeBSD$ PORTNAME?= openvas8-manager PORTVERSION?= 6.0.11 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES?= http://wald.intevation.org/frs/download.php/2445/ DISTNAME= ${PORTNAME:S/${OPENVAS_VER}//}-${PORTVERSION} DIST_SUBDIR= openvas${OPENVAS_VER} MAINTAINER= acm@FreeBSD.org COMMENT?= OpenVAS 8 manager LICENSE= GPLv2+ LICENSE_FILE= ${WRKSRC}/COPYING BUILD_DEPENDS= p5-SQL-Translator>=0:databases/p5-SQL-Translator LIB_DEPENDS= libgnutls.so:security/gnutls \ libgpgme.so:security/gpgme \ libgcrypt.so:security/libgcrypt \ libopenvas_base.so:security/openvas${OPENVAS_VER}-libraries -RUN_DEPENDS:= ${BUILD_DEPENDS} +RUN_DEPENDS:= ${BUILD_DEPENDS} \ + wget:ftp/wget CONFLICTS?= ${PORTNAME:S/${OPENVAS_VER}/9/}-* USES= cmake:outsource execinfo gnome pkgconfig USE_GNOME= glib20 libxslt:run PGSQL_USES= pgsql SQLITE3_USES= sqlite PGSQL_CMAKE_ON+=-DBACKEND:STRING="POSTGRESQL" SQLITE3_CMAKE_ON+=-DBACKEND:STRING="SQLITE3" USE_RC_SUBR= openvasmd DOCSDIR= ${PREFIX}/share/doc/${PORTNAME:S/${OPENVAS_VER}//} ETCDIR= ${PREFIX}/etc/openvas REINPLACE_ARGS= -i '' OPENVAS_VER?= 8 OPTIONS_DEFINE= DOCS OPTIONS_DEFAULT=DOCS SQLITE3 OPTIONS_SUB= yes OPTIONS_SINGLE_DATABASE=SQLITE3 PGSQL OPTIONS_SINGLE= DATABASE DATABASE_DESC= Database support post-patch: @${REINPLACE_CMD} -e '1d' ${WRKSRC}/tools/extra/xml_split @${REINPLACE_CMD} -e 's|OPENVAS_STATE_DIR|OPENVAS_LIB_INSTALL_DIR|g' ${WRKSRC}/src/manage_pg.c post-install: ${INSTALL_DATA} ${WRKSRC}/INSTALL ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/doc/postgres-HOWTO ${STAGEDIR}${DOCSDIR} ${MV} ${STAGEDIR}${ETCDIR}/openvasmd_log.conf ${STAGEDIR}${ETCDIR}/openvasmd_log.conf.sample ${MV} ${STAGEDIR}${ETCDIR}/pwpolicy.conf ${STAGEDIR}${ETCDIR}/pwpolicy.conf.sample .include Index: head/security/openvas8-scanner/Makefile =================================================================== --- head/security/openvas8-scanner/Makefile (revision 447482) +++ head/security/openvas8-scanner/Makefile (revision 447483) @@ -1,39 +1,40 @@ # Created by: Tomoyuki Sakurai # $FreeBSD$ PORTNAME?= openvas8-scanner PORTVERSION?= 5.0.8 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES?= http://wald.intevation.org/frs/download.php/2436/ DISTNAME= ${PORTNAME:S/${OPENVAS_VER}//}-${PORTVERSION} DIST_SUBDIR= openvas${OPENVAS_VER} MAINTAINER= acm@FreeBSD.org COMMENT?= OpenVAS 8 scanner LICENSE= GPLv2 LICENSE_FILE= ${WRKSRC}/COPYING.GPLv2 LIB_DEPENDS= libgcrypt.so:security/libgcrypt \ libopenvas_base.so:security/openvas${OPENVAS_VER}-libraries RUN_DEPENDS= redis-server:databases/redis \ curl:ftp/curl \ rsync:net/rsync \ + wget:ftp/wget \ nmap:security/nmap CONFLICTS?= ${PORTNAME:S/${OPENVAS_VER}/9/}-* USES= cmake:outsource execinfo gettext-runtime gnome pkgconfig USE_GNOME= glib20 USE_RC_SUBR= openvassd DOCSDIR= ${PREFIX}/share/doc/${PORTNAME:S/${OPENVAS_VER}//} OPENVAS_VER?= 8 OPTIONS_DEFINE= DOCS post-install: ${INSTALL_DATA} ${WRKSRC}/INSTALL ${STAGEDIR}${DOCSDIR} .include Index: head/security/openvas9/Makefile =================================================================== --- head/security/openvas9/Makefile (revision 447482) +++ head/security/openvas9/Makefile (revision 447483) @@ -1,32 +1,33 @@ # Created by: Alonso Cardenas Marquez # $FreeBSD$ PORTNAME= openvas9 PORTVERSION= 9.0 +PORTREVISION= 1 CATEGORIES= security MAINTAINER= acm@FreeBSD.org COMMENT= openvas 8 vulnerability scanner (metaport) USES= metaport # Install OpenVAS libraries RUN_DEPENDS+= ${LOCALBASE}/lib/libopenvas_base.so:security/openvas${OPENVAS_VER}-libraries # Install OpenVAS Commnad Line RUN_DEPENDS+= ${LOCALBASE}/bin/omp:security/openvas${OPENVAS_VER}-cli # Install OpenVAS Manager RUN_DEPENDS+= ${LOCALBASE}/sbin/openvasmd:security/openvas${OPENVAS_VER}-manager # Install OpenVAS Scanner RUN_DEPENDS+= ${LOCALBASE}/sbin/openvassd:security/openvas${OPENVAS_VER}-scanner # Install OpenVAS Web Interface RUN_DEPENDS+= ${LOCALBASE}/sbin/gsad:security/greenbone-security-assistant${OPENVAS_VER} SUB_FILES= pkg-message OPENVAS_VER= 9 .include Index: head/security/openvas9/files/pkg-message.in =================================================================== --- head/security/openvas9/files/pkg-message.in (revision 447482) +++ head/security/openvas9/files/pkg-message.in (revision 447483) @@ -1,56 +1,55 @@ ############################################################################### OpenVAS 9 ports were installed 1) Redis is a dependency of OpenVAS. Please, configure redis-server for listening on socket /tmp/redis.sock. openvassd needs it 2) If you installed security/openvas8-manager port (openvasmd) with PostgrSQL support, please look at: %%LOCALBASE%%/share/docs/openvas-scanner/postgres-HOWTO It will guide you for configure PostgreSQL as OpenVAS database backend instead of SQLite3 3) The following steps are neccessary before of you can access to OpenVAS web interface (gsad): - # openvas-mkcert - # openvas-mkcert-client -n -i - # openvasmd --rebuild --progress + # openvassd # greenbone-nvt-sync # greenbone-scapdata-sync # greenbone-certdata-sync + # openvasmd --rebuild --progress # openvasmd --create-user=admin --role=Admin # openvasmd --user=admin --new-password=yourpassword 4) Add the following lines to /etc/rc.conf openvassd_enable="YES" openvasmd_enable="YES" gsad_enable="YES" -5) Start OpenVAS Scanner. It will listen on 127.0.0.1:9391 by default +5) Start OpenVAS Scanner. It will listen on /var/run/openvassd.sock by default # service openvassd restart -6) 5) Start OpenVAS Manager. It will listen on 127.0.0.1:9390 by default +6) 5) Start OpenVAS Manager. It will listen on /var/run/openvasmd.sock by default # service openvasmd restart # openvasmd --rebuild --progress 7) Start OpenVAS web interface. It will listen on http://127.0.0.1:8080 by default # service gsad start 8) gsad can export results to PDF. It needs print/texlive-texmf port # pkg install texlive-texmf It will install 1G of data 9) Enjoy it ############################################################################### Index: head/security/openvas9-manager/files/openvasmd.in =================================================================== --- head/security/openvas9-manager/files/openvasmd.in (revision 447482) +++ head/security/openvas9-manager/files/openvasmd.in (revision 447483) @@ -1,28 +1,28 @@ #!/bin/sh # # $FreeBSD$ # # PROVIDE: openvasmd # REQUIRE: DAEMON # KEYWORD: shutdown # # Add the following to /etc/rc.conf[.local] to enable this service # # openvasmd_enable (bool): Set to NO by default. # Set it to YES to enable bareos_dir. # openvasmd_flags (params): Set params used to start openvasmd. # . /etc/rc.subr name=openvasmd rcvar=${name}_enable command="%%PREFIX%%/sbin/openvasmd" pidfile=/var/run/openvasmd.pid extra_commands="reload" : ${openvasmd_enable="NO"} -: ${openvasmd_flags="--listen=127.0.0.1"} +: ${openvasmd_flags="--unix-socket=/var/run/${name}.sock --listen=127.0.0.1"} load_rc_config $name run_rc_command "$1" Index: head/security/openvas9-manager/files/patch-src-scanner.c =================================================================== --- head/security/openvas9-manager/files/patch-src-scanner.c (nonexistent) +++ head/security/openvas9-manager/files/patch-src-scanner.c (revision 447483) @@ -0,0 +1,34 @@ +--- src/scanner.c 2016-11-10 04:58:06.000000000 -0500 ++++ src/scanner.c 2017-08-06 21:58:23.868844000 -0500 +@@ -33,6 +33,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -586,7 +587,6 @@ + openvas_scanner_connect_unix () + { + struct sockaddr_un addr; +- int len; + + openvas_scanner_socket = socket (AF_UNIX, SOCK_STREAM, 0); + if (openvas_scanner_socket == -1) +@@ -596,10 +596,12 @@ + return -1; + } + ++ memset(&addr, 0, sizeof(struct sockaddr_un)); ++ + addr.sun_family = AF_UNIX; +- strncpy (addr.sun_path, openvas_scanner_unix_path, 108); +- len = strlen (addr.sun_path) + sizeof (addr.sun_family); +- if (connect (openvas_scanner_socket, (struct sockaddr *) &addr, len) == -1) ++ strlcpy(addr.sun_path, openvas_scanner_unix_path, sizeof(addr.sun_path)); ++ ++ if (connect (openvas_scanner_socket, (struct sockaddr *) &addr, SUN_LEN(&addr)) == -1) + { + g_warning ("%s: Failed to connect to scanner (%s): %s\n", __FUNCTION__, + openvas_scanner_unix_path, strerror (errno)); Property changes on: head/security/openvas9-manager/files/patch-src-scanner.c ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/security/openvas9-manager/files/patch-tools+greenbone-certdata-sync.in =================================================================== --- head/security/openvas9-manager/files/patch-tools+greenbone-certdata-sync.in (revision 447482) +++ head/security/openvas9-manager/files/patch-tools+greenbone-certdata-sync.in (revision 447483) @@ -1,29 +1,47 @@ ---- tools/greenbone-certdata-sync.in.orig 2016-11-10 04:58:06.000000000 -0500 -+++ tools/greenbone-certdata-sync.in 2017-07-29 00:06:06.535930000 -0500 +--- tools/greenbone-certdata-sync.in 2016-11-10 04:58:06.000000000 -0500 ++++ tools/greenbone-certdata-sync.in 2017-08-06 13:11:30.155406000 -0500 +@@ -99,7 +99,7 @@ + + # Delay between retries + if [ -z "$SQL_RETRY_DELAY" ]; then +- SQL_RETRY_DELAY="10m" # allowed unit suffixes: see sleep command ++ SQL_RETRY_DELAY="600" # allowed unit suffixes: see sleep command + fi + + # LOG_CMD defines the command to use for logging. To have logger log to stderr @@ -766,7 +766,7 @@ for certfile in $CERT_DIR/CB-K*.xml do [ -e "$certfile" ] || break # No file found - filedate=`stat -c "%Y" $certfile | cut -d " " -f 1 | tr -d "-"` -+ filedate=`stat -c "%m" $certfile | cut -d " " -f 1 | tr -d "-"` ++ filedate=`stat -f "%m" $certfile | cut -d " " -f 1 | tr -d "-"` filedate=$(( $filedate - ( $filedate % 60 ) )) if [ $filedate -gt $DB_LASTUPDATE ] then @@ -801,7 +801,7 @@ for certfile in $CERT_DIR/dfn-cert-*.xml do [ -e "$certfile" ] || break # no file found - filedate=`stat -c "%Y" $certfile | cut -d " " -f 1 | tr -d "-"` -+ filedate=`stat -c "%m" $certfile | cut -d " " -f 1 | tr -d "-"` ++ filedate=`stat -f "%m" $certfile | cut -d " " -f 1 | tr -d "-"` filedate=$(( $filedate - ( $filedate % 60 ) )) if [ $filedate -gt $DB_LASTUPDATE ] then +@@ -831,7 +831,7 @@ + + update_cvss + +- LAST_UPDATE_TIMESTAMP=`sed 's/^\(.\{8\}\)/\1 /' $TIMESTAMP | env TZ="UTC" date +%s -f -` ++ LAST_UPDATE_TIMESTAMP=`date -j -f '%Y%m%d%H%M%S' $(sed 's/$/00/g' $TIMESTAMP) +%s` + + reset_sql_tries + until [ "$try_sql" -eq 0 ] @@ -1045,7 +1045,7 @@ if [ -f "$CERT_DB" ] then - if [ "$(id -u)" -ne "$(stat -c %u $CERT_DB)" ] + if [ "$(id -u)" -ne "$(stat -f %u $CERT_DB)" ] then log_err "Not synchronizing or updating the database since the current user is not the owner of the database." echo "Not synchronizing or updating the database since the current user is not the owner of the database." Index: head/security/openvas9-manager/files/patch-tools+greenbone-scapdata-sync.in =================================================================== --- head/security/openvas9-manager/files/patch-tools+greenbone-scapdata-sync.in (revision 447482) +++ head/security/openvas9-manager/files/patch-tools+greenbone-scapdata-sync.in (revision 447483) @@ -1,106 +1,136 @@ --- tools/greenbone-scapdata-sync.in 2016-11-10 04:58:06.000000000 -0500 -+++ tools/greenbone-scapdata-sync.in 2017-08-05 22:42:35.986283000 -0500 -@@ -1080,11 +1080,11 @@ ++++ tools/greenbone-scapdata-sync.in 2017-08-06 13:50:52.849680000 -0500 +@@ -89,7 +89,7 @@ + + # Split CVE data files into parts of this size in kB. 0 = no splitting + # The default is 1/30 of the system memory. +-SPLIT_PART_SIZE=$(awk '/MemTotal/ { print int( $2/60) }' /proc/meminfo) ++SPLIT_PART_SIZE=$((($(sysctl hw.physmem | cut -d " " -f2)/1024)/60)) + + # SQLITE3 defines the name of the sqlite binary to call, along with additional + # parameters. +@@ -109,7 +109,7 @@ + + # Delay between retries + if [ -z "$SQL_RETRY_DELAY" ]; then +- SQL_RETRY_DELAY="10m" # allowed unit suffixes: see sleep command ++ SQL_RETRY_DELAY="600" # allowed unit suffixes: see sleep command + fi + + # SCRIPT_NAME is the name the scripts will use to identify itself and to mark +@@ -234,11 +234,6 @@ + + if [ -z "$TMPDIR" ]; then + SYNC_TMP_DIR=/tmp +- # If we have mktemp, create a temporary dir (safer) +- if [ -n "`which mktemp`" ]; then +- SYNC_TMP_DIR=`mktemp -t -d greenbone-scap-data-sync.XXXXXXXXXX` || { log_err "Cannot create temporary directory for file download" ; exit 1 ; } +- trap "rm -rf $SYNC_TMP_DIR" EXIT HUP INT TRAP TERM +- fi + else + SYNC_TMP_DIR="$TMPDIR" + fi +@@ -1080,11 +1075,11 @@ then for ovalfile in $oval_files_sorted_private do - filedate=`stat -c "%Y" "$ovalfile" | cut -d " " -f 1 | tr -d "-"` -+ filedate=`stat -c "%m" "$ovalfile" | cut -d " " -f 1 | tr -d "-"` ++ filedate=`stat -f "%m" "$ovalfile" | cut -d " " -f 1 | tr -d "-"` filedate=$(( $filedate - ( $filedate % 60 ) )) if [ $filedate -gt $DB_LASTUPDATE ] || [ 1 = "$REBUILD_OVAL" ] then - oval_timestamp=`xsltproc "$SCAP_RES_DIR/oval_timestamp.xsl" "$ovalfile" | date "+%s" -f -` + oval_timestamp=`date -j -f "%Y-%m-%dT%H:%M:%S" $(xsltproc "$SCAP_RES_DIR/oval_timestamp.xsl" "$ovalfile" | cut -d "." -f1) +%s` if [ 1 = "$REBUILD_OVAL" ] then -@@ -1153,7 +1153,7 @@ +@@ -1153,7 +1148,7 @@ DIR_STR_LENGTH=$((`echo "$SCAP_DIR" | wc -c` + 1)) oval_files_shortened="" - if [ 0 != "$xmlcount" ] + if [ "$xmlcount" -ne 0 ] then for ovalfile in $oval_files_sorted_private do -@@ -1163,7 +1163,7 @@ +@@ -1163,7 +1158,7 @@ fi oval_files_clause="" - if [ ! -z "$oval_files_shortened" ] + if [ "$oval_files_shortened" =! "" ] then oval_files_clause="AND (xml_file NOT IN ($oval_files_shortened))" fi -@@ -1186,7 +1186,7 @@ +@@ -1186,7 +1181,7 @@ fi # TODO: This is not quite accurate as it uses the timestamp of the non-private data. - LAST_UPDATE_TIMESTAMP=`sed 's/^\(.\{8\}\)/\1 /' $TIMESTAMP | date +%s -f -` + LAST_UPDATE_TIMESTAMP=`date -j -f '%Y%m%d%H%M%S' $(sed 's/$/00/g' $TIMESTAMP) +%s` reset_sql_tries until [ "$try_sql" -eq 0 ] -@@ -1208,12 +1208,12 @@ +@@ -1208,12 +1203,12 @@ CPEBASE="$SCAP_DIR/official-cpe-dictionary_v2.2.xml" if [ -e $CPEBASE ] then - filedate=`stat -c "%Y" "$CPEBASE" | cut -d " " -f 1 | tr -d "-"` -+ filedate=`stat -c "%m" "$CPEBASE" | cut -d " " -f 1 | tr -d "-"` ++ filedate=`stat -f "%m" "$CPEBASE" | cut -d " " -f 1 | tr -d "-"` filedate=$(( $filedate - ( $filedate % 60 ) )) if [ $filedate -gt $DB_LASTUPDATE ] then log_info "Updating CPEs" - filesize=`stat -c "%s" "$CPEBASE"` + filesize=`stat -f "%z" "$CPEBASE"` if [ "0" -ne "$SPLIT_PART_SIZE" ] && [ "$filesize" -gt $(($SPLIT_PART_SIZE * 1024)) ] then log_info "File is larger than ${SPLIT_PART_SIZE}k. Splitting into multiple parts" -@@ -1271,13 +1271,13 @@ +@@ -1271,13 +1266,13 @@ for cvefile in $SCAP_DIR/nvdcve-2.0-*.xml do [ -e "$cvefile" ] || break # no file found - filedate=`stat -c "%Y" "$cvefile" | cut -d " " -f 1 | tr -d "-"` -+ filedate=`stat -c "%m" "$cvefile" | cut -d " " -f 1 | tr -d "-"` ++ filedate=`stat -f "%m" "$cvefile" | cut -d " " -f 1 | tr -d "-"` filedate=$(( $filedate - ( $filedate % 60 ) )) if [ $filedate -gt $DB_LASTUPDATE ] then log_info "Updating $cvefile" - filesize=`stat -c "%s" "$cvefile"` + filesize=`stat -f "%z" "$cvefile"` if [ "0" -ne "$SPLIT_PART_SIZE" ] && [ "$filesize" -gt $(($SPLIT_PART_SIZE * 1024)) ] then log_info "File is larger than ${SPLIT_PART_SIZE}k. Splitting into multiple parts" -@@ -1347,11 +1347,11 @@ +@@ -1347,11 +1342,11 @@ for ovalfile in $oval_files_sorted do - filedate=`stat -c "%Y" "$ovalfile" | cut -d " " -f 1 | tr -d "-"` -+ filedate=`stat -c "%m" "$ovalfile" | cut -d " " -f 1 | tr -d "-"` ++ filedate=`stat -f "%m" "$ovalfile" | cut -d " " -f 1 | tr -d "-"` filedate=$(( $filedate - ( $filedate % 60 ) )) if [ $filedate -gt $DB_LASTUPDATE ] || [ 1 = "$REBUILD_OVAL" ] then - oval_timestamp=`xsltproc "$SCAP_RES_DIR/oval_timestamp.xsl" "$ovalfile" | date "+%s" -f -` + oval_timestamp=`date -j -f '%Y-%m-%dT%H:%M:%S' $(xsltproc "$SCAP_RES_DIR/oval_timestamp.xsl" "$ovalfile" | cut -d "." -f1) +%s` if [ 1 = "$REBUILD_OVAL" ] then -@@ -1403,7 +1403,7 @@ +@@ -1403,7 +1398,7 @@ update_cvss update_placeholders - LAST_UPDATE_TIMESTAMP=`sed 's/^\(.\{8\}\)/\1 /' $TIMESTAMP | env TZ="UTC" date +%s -f -` + LAST_UPDATE_TIMESTAMP=`date -j -f '%Y%m%d%H%M%S' $(sed 's/$/00/g' $TIMESTAMP) +%s` reset_sql_tries until [ "$try_sql" -eq 0 ] -@@ -1635,7 +1635,7 @@ +@@ -1635,7 +1630,7 @@ then if [ -f "$SCAP_DB" ] then - if [ "$(id -u)" -ne "$(stat -c %u $SCAP_DB)" ] + if [ "$(id -u)" -ne "$(stat -f %u $SCAP_DB)" ] then log_err "Not synchronizing or updating the database since the current user is not the owner of the database." echo "Not synchronizing or updating the database since the current user is not the owner of the database." Index: head/security/openvas9-scanner/Makefile =================================================================== --- head/security/openvas9-scanner/Makefile (revision 447482) +++ head/security/openvas9-scanner/Makefile (revision 447483) @@ -1,19 +1,20 @@ # $FreeBSD$ PORTNAME= openvas9-scanner PORTVERSION= 5.1.1 +PORTREVISION= 1 MASTER_SITES= http://wald.intevation.org/frs/download.php/2423/ COMMENT= OpenVAS 9 scanner CONFLICTS= ${PORTNAME:S/${OPENVAS_VER}/8/}-* MASTERDIR= ${.CURDIR}/../../security/openvas8-scanner DISTINFO_FILE= ${.CURDIR}/distinfo PATCHDIR= ${.CURDIR}/files PLIST= ${.CURDIR}/pkg-plist OPENVAS_VER= 9 .include "${MASTERDIR}/Makefile" Index: head/security/openvas9-scanner/files/openvassd.in =================================================================== --- head/security/openvas9-scanner/files/openvassd.in (revision 447482) +++ head/security/openvas9-scanner/files/openvassd.in (revision 447483) @@ -1,25 +1,28 @@ #!/bin/sh # # $FreeBSD$ # # PROVIDE: openvassd # REQUIRE: DAEMON # KEYWORD: shutdown # # Add the following to /etc/rc.conf[.local] to enable this service # -# openvassd_enable="YES" +# openvassd_enable (bool): Set to NO by default. +# Set it to YES to enable openvassd. +# openvassd_flags (params): Set params used to start openvassd. # . /etc/rc.subr name=openvassd -rcvar=openvassd_enable +rcvar=${name}_enable command="%%PREFIX%%/sbin/openvassd" pidfile=/var/run/openvassd.pid extra_commands="reload" : ${openvassd_enable=NO} +: ${openvassd_flags="--unix-socket=/var/run/${name}.sock"} load_rc_config $name run_rc_command "$1" Index: head/security/openvas9-scanner/files/patch-tools_greenbone-nvt-sync.in =================================================================== --- head/security/openvas9-scanner/files/patch-tools_greenbone-nvt-sync.in (revision 447482) +++ head/security/openvas9-scanner/files/patch-tools_greenbone-nvt-sync.in (revision 447483) @@ -1,20 +1,32 @@ --- tools/greenbone-nvt-sync.in 2016-11-10 04:57:55.000000000 -0500 -+++ tools/greenbone-nvt-sync.in 2017-07-28 23:31:16.323079000 -0500 -@@ -577,7 +577,7 @@ ++++ tools/greenbone-nvt-sync.in 2017-08-06 13:55:03.833824000 -0500 +@@ -180,11 +180,6 @@ + + if [ -z "$TMPDIR" ]; then + SYNC_TMP_DIR=/tmp +- # If we have mktemp, create a temporary dir (safer) +- if [ -n "`which mktemp`" ]; then +- SYNC_TMP_DIR=`mktemp -t -d greenbone-nvt-sync.XXXXXXXXXX` || { echo "ERROR: Cannot create temporary directory for file download" >&2; exit 1 ; } +- trap "rm -rf $SYNC_TMP_DIR" EXIT HUP INT TRAP TERM +- fi + else + SYNC_TMP_DIR="$TMPDIR" + fi +@@ -577,7 +572,7 @@ log_err "rsync failed, aborting synchronization." exit 1 fi - eval "cd \"$NVT_DIR\" ; md5sum -c --status \"$NVT_DIR/md5sums\"" + eval "cd \"$NVT_DIR\" ; xargs -n 2 md5 -c < \"$NVT_DIR/md5sums\" > /dev/null" if [ $? -ne 0 ] ; then if [ -n "$retried" ] then -@@ -650,7 +650,7 @@ +@@ -650,7 +645,7 @@ do_self_test () { - MD5SUM_AVAIL=`command -v md5sum` + MD5SUM_AVAIL=`command -v md5` if [ $? -ne 0 ] ; then SELFTEST_FAIL=1 stderr_write "The md5sum binary could not be found."