From 836f9338d02fdf99f58e9f93e0b4c7a35d837395 Mon Sep 17 00:00:00 2001 From: Eygene Ryabinkin Date: Sun, 5 Oct 2008 19:20:34 +0400 Subject: [PATCH 3/4] Use pkg_audit utility if it is available Pkg_audit provides a good speed-up to the search of vulnerable packages within installed ones. It can be unavailable, so its usage is conditionalized. Signed-off-by: Eygene Ryabinkin --- ports-mgmt/portaudit/files/portaudit-cmd.sh | 15 +++++++++++++++ ports-mgmt/portaudit/files/portaudit.conf | 4 ++++ 2 files changed, 19 insertions(+), 0 deletions(-) diff --git a/ports-mgmt/portaudit/files/portaudit-cmd.sh b/ports-mgmt/portaudit/files/portaudit-cmd.sh index 5fc0d1d..32c121d 100755 --- a/ports-mgmt/portaudit/files/portaudit-cmd.sh +++ b/ports-mgmt/portaudit/files/portaudit-cmd.sh @@ -43,6 +43,8 @@ portaudit_confs() : ${portaudit_fixed=""} + : ${portaudit_pkg_audit="/usr/sbin/pkg_audit"} + if [ -r %%PREFIX%%/etc/portaudit.conf ]; then . %%PREFIX%%/etc/portaudit.conf fi @@ -135,6 +137,19 @@ portaudit_prerequisites() findvuln_installed() { local fixedre=`echo -n $portaudit_fixed | tr -c '[:alnum:]- \t\n' 'x' | tr -s ' \t\n' '|'` + + if [ -x "${portaudit_pkg_audit}" ]; then + "${portaudit_pkg_audit}" | awk -F \| \ + -v fixedre="$fixedre" -v opt_restrict="$opt_restrict" \ + ' +opt_restrict && $3 !~ opt_restrict { next } +$2 ~ /^FreeBSD[<=>!]/ && fixedre && $3 ~ fixedre { next } +{ print } +' + + return + fi + local installedre=`$pkg_info -aE | sed -e 's/-[^-]*$//g' | paste -s -d '|' -` local osversion=`sysctl -n kern.osreldate` diff --git a/ports-mgmt/portaudit/files/portaudit.conf b/ports-mgmt/portaudit/files/portaudit.conf index 4eb08d7..9ea2c4a 100644 --- a/ports-mgmt/portaudit/files/portaudit.conf +++ b/ports-mgmt/portaudit/files/portaudit.conf @@ -17,3 +17,7 @@ # this vulnerability has been fixed in your FreeBSD version #portaudit_fixed="d2102505-f03d-11d8-81b0-000347a4fa7d" + +# this command will be used to find the vulnerable packages +# instead of awk(1) script. +# portaudit_pkg_audit="/usr/sbin/pkg_audit" -- 1.6.2.4