Index: head/security/cvechecker/Makefile =================================================================== --- head/security/cvechecker/Makefile (revision 479396) +++ head/security/cvechecker/Makefile (revision 479397) @@ -1,47 +1,46 @@ # Created by: Stefan Esser # $FreeBSD$ PORTNAME= cvechecker DISTVERSIONPREFIX= v -DISTVERSION= 3.8 -PORTREVISION= 2 +DISTVERSION= 3.9 CATEGORIES= security MAINTAINER= se@FreeBSD.org COMMENT= Check CVE database for vulnerabilities affecting installed packages LICENSE= GPLv3 LIB_DEPENDS= libargp.so:devel/argp-standalone \ libconfig.so:devel/libconfig RUN_DEPENDS= bash:shells/bash MAKE_ENV+= LDADD=-largp USES= autoreconf pkgconfig shebangfix SHEBANG_FILES= scripts/cverules scripts/cvegenversdat GNU_CONFIGURE= yes CONFIGURE_ARGS= --localstatedir=/var/db bash_OLD_CMD+= /bin/sh OPTIONS_MULTI= DB OPTIONS_MULTI_DB= MYSQL SQLITE OPTIONS_DEFAULT= SQLITE DB_DESC= CVE Database MYSQL_USES= mysql ssl MYSQL_CONFIGURE_ENABLE= mysql SQLITE_USES= sqlite SQLITE_CONFIGURE_ENABLE= sqlite3 USE_GITHUB= yes GH_ACCOUNT= sjvermeu post-stage: ${MV} ${STAGEDIR}${PREFIX}/etc/cvechecker.conf ${STAGEDIR}${PREFIX}/etc/cvechecker.conf.sample .include Index: head/security/cvechecker/distinfo =================================================================== --- head/security/cvechecker/distinfo (revision 479396) +++ head/security/cvechecker/distinfo (revision 479397) @@ -1,3 +1,3 @@ -TIMESTAMP = 1507830626 -SHA256 (sjvermeu-cvechecker-v3.8_GH0.tar.gz) = 53a2f0edab34ea75d3d33b8c840f27c60464f0433c2b82bc8b02298306c53268 -SIZE (sjvermeu-cvechecker-v3.8_GH0.tar.gz) = 3329220 +TIMESTAMP = 1536581491 +SHA256 (sjvermeu-cvechecker-v3.9_GH0.tar.gz) = a8c05be9e81533bd1b9441fe1a38e54d2939123af7c5d933bac28cb51d41dc27 +SIZE (sjvermeu-cvechecker-v3.9_GH0.tar.gz) = 3329468 Index: head/security/cvechecker/files/patch-src_cvecheck.c =================================================================== --- head/security/cvechecker/files/patch-src_cvecheck.c (revision 479396) +++ head/security/cvechecker/files/patch-src_cvecheck.c (nonexistent) @@ -1,49 +0,0 @@ ---- src/cvecheck.c.orig 2017-03-27 16:42:38 UTC -+++ src/cvecheck.c -@@ -1170,15 +1170,11 @@ int load_watch_list(struct workstate * ws) { - rc = delete_cpe(line, ws); - if (rc) { - fprintf(stderr, " ! An error occurred while interpreting CPE on line %d\n", linenum-1); -- zero_string(line, CPELINESIZE); -- continue; - }; - } else { - rc = add_cpe(line, ws); - if (rc) { - fprintf(stderr, " ! An error occurred while interpreting CPE on line %d\n", linenum-1); -- zero_string(line, CPELINESIZE); -- continue; - }; - }; - zero_string(line, CPELINESIZE); -@@ -1366,9 +1362,9 @@ int load_cve(struct workstate * ws) { - fieldCounter = 0; - - // Split based on ':' character -+ int invalid_line = 0; - while (sscanf(bufferptr, "%[^:]s", field) == 1) { - int fieldLength = swstrlen(field); // Capture field length up front as strtok_r modifies the string -- - if (fieldCounter == 0) { - // Should be "CVE-####-####+" (CVE identifier) - char * sCVE; -@@ -1431,7 +1427,8 @@ int load_cve(struct workstate * ws) { - (strncmp(field, "/o", 2) != 0) && - (strncmp(field, "/h", 2) != 0) ) { - fprintf(stderr, " ! Error while reading in CVE entries: CPE type in line %d is not one of a/o/h\n", linenum); -- return 1; -+ invalid_line = 1; -+ break; - } - snprintf(tmpCpeId, 3, "%s", field); - -@@ -1463,7 +1460,8 @@ int load_cve(struct workstate * ws) { - bufferptr = bufferptr + fieldLength + 1; - ++fieldCounter; - } -- -+ if (invalid_line) -+ continue; - // Build the CPE up - snprintf(cpeId, CPELINESIZE, "cpe:%s:%s:%s:%s:%s:%s:%s", tmpCpeId, tmpCpeVendor, tmpCpeProduct, tmpCpeVersion, tmpCpeUpdate, tmpCpeEdition, tmpCpeLanguage); - Property changes on: head/security/cvechecker/files/patch-src_cvecheck.c ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/security/cvechecker/files/patch-scripts_pullcves =================================================================== --- head/security/cvechecker/files/patch-scripts_pullcves (revision 479396) +++ head/security/cvechecker/files/patch-scripts_pullcves (revision 479397) @@ -1,48 +1,48 @@ ---- scripts/pullcves.orig 2017-03-27 16:42:38 UTC +--- scripts/pullcves.orig 2018-09-09 10:32:47 UTC +++ scripts/pullcves @@ -44,17 +44,11 @@ then exit 1; fi -wget -V > /dev/null 2>&1; -if [ $? -ne 0 ]; -then - echo "This script requires wget to be available on the system and reachable in a directory mentioned in the PATH variable." - exit 1; -fi DATADIR=$(awk -F'=' '/^datadir/ {print $2}' ${CONFFILE} | awk -F'"' '{print $2}'); CVECACHE=$(awk -F'=' '/^cvecache/ {print $2}' ${CONFFILE} | awk -F'"' '{print $2}'); DLLOCATION=$(awk -F'=' '/^version_url/ {print $2}' ${CONFFILE} | awk -F'"' '{print $2}'); -WGETCMD="wget --no-check-certificate"; +FETCHCMD="fetch -q" DLCVE=0; DLDAT=0; COMMAND=$1; -@@ -68,7 +69,7 @@ do +@@ -68,7 +62,7 @@ do if [ ! -f ${CVECACHE}/nvdcve-2.0-20${YEAR}.xml ]; then printf "Downloading nvdcve-2.0-20${YEAR}.xml... "; - ${WGETCMD} -q -O ${CVECACHE}/nvdcve-2.0-20${YEAR}.xml.gz http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-20${YEAR}.xml.gz; + ${FETCHCMD} -o ${CVECACHE}/nvdcve-2.0-20${YEAR}.xml.gz http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-20${YEAR}.xml.gz; gunzip -c ${CVECACHE}/nvdcve-2.0-20${YEAR}.xml.gz > ${CVECACHE}/nvdcve-2.0-20${YEAR}.xml && rm ${CVECACHE}/nvdcve-2.0-20${YEAR}.xml.gz; printf "ok\nConverting nvdcve-2.0-20${YEAR}.xml to CSV... "; xsltproc ${DATADIR}/nvdcve2simple.xsl ${CVECACHE}/nvdcve-2.0-20${YEAR}.xml > ${CVECACHE}/nvdcve-2.0-20${YEAR}.csv; -@@ -85,7 +86,7 @@ else +@@ -85,7 +79,7 @@ else CKSUM=$(cksum nvdcve-2.0-Modified.xml 2>/dev/null); fi printf "Downloading nvdcve-2.0-Modified.xml... "; -${WGETCMD} -q -N http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-Modified.xml.gz; +${FETCHCMD} -i nvdcve-2.0-Modified.xml http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-Modified.xml.gz; gunzip -c nvdcve-2.0-Modified.xml.gz > nvdcve-2.0-Modified.xml && rm nvdcve-2.0-Modified.xml.gz; CKSUM2=$(cksum nvdcve-2.0-Modified.xml 2>/dev/null); if [ "${CKSUM2}" != "${CKSUM}" ] || [ -f nvdcve-2.0-Modified.xml.1 ]; -@@ -113,7 +114,7 @@ fi +@@ -113,7 +107,7 @@ fi CKSUM=$(cksum versions.dat 2>/dev/null); printf "Downloading versions.dat... "; -${WGETCMD} -q -N ${DLLOCATION}; +${FETCHCMD} -i versions.dat ${DLLOCATION}; CKSUM2=$(cksum versions.dat 2>/dev/null); if [ "${CKSUM}" != "${CKSUM2}" ] || [ -f versions.dat.1 ]; then Index: head/security/cvechecker/pkg-deinstall =================================================================== --- head/security/cvechecker/pkg-deinstall (revision 479396) +++ head/security/cvechecker/pkg-deinstall (revision 479397) @@ -1,13 +1,15 @@ #!/bin/sh +PORTNAME=${1%-*} + [ "$2" = DEINSTALL ] && cat <<***EOM ------------------------------------------------------------------------------ -If you are no longer using the $1 port, then manually delete -the following directory: +If you are no longer using the $PORTNAME port, then manually delete +the following directory and all its contents: - /var/db/cvechecker + /var/db/$PORTNAME ------------------------------------------------------------------------------ ***EOM exit 0