From eugen@grosbein.pp.ru  Sun Apr  1 18:34:39 2012
Return-Path: <eugen@grosbein.pp.ru>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 14815106566C
	for <FreeBSD-gnats-submit@freebsd.org>; Sun,  1 Apr 2012 18:34:39 +0000 (UTC)
	(envelope-from eugen@grosbein.pp.ru)
Received: from grosbein.pp.ru (grosbein.pp.ru [89.189.172.146])
	by mx1.freebsd.org (Postfix) with ESMTP id C7D2F8FC1E
	for <FreeBSD-gnats-submit@freebsd.org>; Sun,  1 Apr 2012 18:34:36 +0000 (UTC)
Received: from grosbein.pp.ru (localhost [127.0.0.1])
	by grosbein.pp.ru (8.14.5/8.14.5) with ESMTP id q31IYSH5003500
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 2 Apr 2012 01:34:28 +0700 (NOVT)
	(envelope-from eugen@grosbein.pp.ru)
Received: (from eugen@localhost)
	by grosbein.pp.ru (8.14.5/8.14.5/Submit) id q31IYSEe003499;
	Mon, 2 Apr 2012 01:34:28 +0700 (NOVT)
	(envelope-from eugen)
Message-Id: <201204011834.q31IYSEe003499@grosbein.pp.ru>
Date: Mon, 2 Apr 2012 01:34:28 +0700 (NOVT)
From: Eugene Grosbein <eugen@grosbein.pp.ru>
Reply-To: Eugene Grosbein <eugen@grosbein.pp.ru>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [patch] ports-mgmt/portaudit should be able to use ports openssl(1)
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         166561
>Category:       ports
>Synopsis:       [patch] ports-mgmt/portaudit should be able to use ports openssl(1)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    secteam
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sun Apr 01 18:40:12 UTC 2012
>Closed-Date:    Thu Aug 01 20:22:49 UTC 2013
>Last-Modified:  Thu Aug 01 20:22:49 UTC 2013
>Originator:     Eugene Grosbein
>Release:        FreeBSD 8.3-PRERELEASE amd64
>Organization:
RDTC JSC 
>Environment:
System: FreeBSD grosbein.pp.ru 8.3-PRERELEASE FreeBSD 8.3-PRERELEASE #19: Tue Mar 20 03:24:04 NOVT 2012 root@grosbein.pp.ru:/usr/local/obj/usr/local/src/sys/DADV amd64

>Description:
	Sometimes, one may install openssl from ports without overwriting
	base system stock openssl.

	portaudit should have an option to make it use /usr/local/bin/openssl
	instead of /usr/bin/openssl. Let it recognise new option named
	"portaudit_openssl" in its /usr/local/etc/portaudit.conf
	and use provided openssl(1) path.

>How-To-Repeat:

	N/A
>Fix:

diff -urN portaudit.orig/files/portaudit-cmd.sh portaudit/files/portaudit-cmd.sh
--- portaudit.orig/files/portaudit-cmd.sh	2012-04-02 00:09:31.000000000 +0700
+++ portaudit/files/portaudit-cmd.sh	2012-04-02 01:25:56.000000000 +0700
@@ -52,6 +52,7 @@
 	: ${portaudit_pubkey:="%%PREFIX%%/etc/portaudit.pubkey"}
 
 	: ${portaudit_fixed=""}
+	: ${portaudit_openssl:="/usr/bin/openssl"}
 }
 
 extract_auditfile_raw()
@@ -78,10 +79,10 @@
 	local TMPFILE=`mktemp -t portaudit`
 
 	extract_auditfile_raw | egrep "^#SIGNATURE: " | sed "s/^#SIGNATURE: //g" \
-		| openssl enc -d -a >$TMPFILE
+		| $portaudit_openssl enc -d -a >$TMPFILE
 	signatureresult=`extract_auditfile_raw | egrep -v "^#SIGNATURE: " \
 	    | egrep -v "^#CHECKSUM: " \
-	    | openssl dgst -sha256 -verify ${portaudit_pubkey} -signature $TMPFILE`
+	    | $portaudit_openssl dgst -sha256 -verify ${portaudit_pubkey} -signature $TMPFILE`
 	if [ -n "$TMPFILE" ]; then
 		rm "$TMPFILE"
 	fi


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->secteam 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Sun Apr 1 18:40:23 UTC 2012 
Responsible-Changed-Why:  
Over to maintainer (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=166561 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/166561: commit references a PR
Date: Thu,  1 Aug 2013 19:03:48 +0000 (UTC)

 Author: remko (src,doc committer)
 Date: Thu Aug  1 19:03:40 2013
 New Revision: 324119
 URL: http://svnweb.freebsd.org/changeset/ports/324119
 
 Log:
   Add support for an alternative openssl location, for example when installed
   via the Ports Collection.
   
   PR:		166561
   Submitted by:	Eugene Grosbein <eugen@grosbein.pp.ru>
 
 Modified:
   head/ports-mgmt/portaudit/files/portaudit-cmd.sh
   head/ports-mgmt/portaudit/files/portaudit.conf
 
 Modified: head/ports-mgmt/portaudit/files/portaudit-cmd.sh
 ==============================================================================
 --- head/ports-mgmt/portaudit/files/portaudit-cmd.sh	Thu Aug  1 18:47:43 2013	(r324118)
 +++ head/ports-mgmt/portaudit/files/portaudit-cmd.sh	Thu Aug  1 19:03:40 2013	(r324119)
 @@ -52,6 +52,7 @@ portaudit_confs()
  	: ${portaudit_pubkey:="%%PREFIX%%/etc/portaudit.pubkey"}
  
  	: ${portaudit_fixed=""}
 +	: ${portaudit_openssl:="/usr/bin/openssl"}
  }
  
  extract_auditfile_raw()
 @@ -78,10 +79,10 @@ checksignature_auditfile()
  	local TMPFILE=`mktemp -t portaudit`
  
  	extract_auditfile_raw | egrep "^#SIGNATURE: " | sed "s/^#SIGNATURE: //g" \
 -		| openssl enc -d -a >$TMPFILE
 +		| $portaudit_openssl enc -d -a >$TMPFILE
  	signatureresult=`extract_auditfile_raw | egrep -v "^#SIGNATURE: " \
  	    | egrep -v "^#CHECKSUM: " \
 -	    | openssl dgst -sha256 -verify ${portaudit_pubkey} -signature $TMPFILE`
 +	    | $portaudit_openssl dgst -sha256 -verify ${portaudit_pubkey} -signature $TMPFILE`
  	if [ -n "$TMPFILE" ]; then
  		rm "$TMPFILE"
  	fi
 
 Modified: head/ports-mgmt/portaudit/files/portaudit.conf
 ==============================================================================
 --- head/ports-mgmt/portaudit/files/portaudit.conf	Thu Aug  1 18:47:43 2013	(r324118)
 +++ head/ports-mgmt/portaudit/files/portaudit.conf	Thu Aug  1 19:03:40 2013	(r324119)
 @@ -17,3 +17,6 @@
  
  # this vulnerability has been fixed in your FreeBSD version
  #portaudit_fixed="d2102505-f03d-11d8-81b0-000347a4fa7d"
 +
 +# Alternative location for openssl
 +#portaudit_openssl="/usr/bin/openssl"
 _______________________________________________
 svn-ports-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-ports-all
 To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->closed 
State-Changed-By: remko 
State-Changed-When: Thu Aug 1 20:22:47 UTC 2013 
State-Changed-Why:  
Hello, I have committed the patch and suggested the default openssl 
version in portaudit.conf. Thanks for your submission and for using 
FreeBSD! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=166561 
>Unformatted:
