ports/127214: [PATCH] security/portaudit: Please change <URL> to URL

Mon Sep 8 17:50:03 UTC 2008

>Number:         127214
>Category:       ports
>Synopsis:       [PATCH] security/portaudit: Please change <URL> to URL
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon Sep 08 17:50:02 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Ulrich SpÃ¶rlein
>Release:        FreeBSD 7.1-PRERELEASE i386
>Organization:
>Environment:
>Description:
Hello SecTeam,

the current format, in which portaudit is printing its URLs is a pain
in the ass to copy and paste anywhere. Usually a double click will
select the space delimited word under the cursor, but thanks to the
surrounding < > you cannot paste this into a browser easily.

I also haven't seen <http://foo> used anywhere with URLs, just with
email addresses. If there's no good reason to use <URL> please, please
drop the surrounding brackets.
>How-To-Repeat:
>Fix:

This will update the portaudit(1) tool and the printing via ports make(1)
The webpage generating script would still need to be adjusted.

--- portaudit.diff begins here ---
Index: Mk/bsd.port.mk
===================================================================
RCS file: /home/ncvs/ports/Mk/bsd.port.mk,v
retrieving revision 1.604
diff -u -p -r1.604 bsd.port.mk
--- Mk/bsd.port.mk	5 Sep 2008 19:41:43 -0000	1.604
+++ Mk/bsd.port.mk	8 Sep 2008 17:09:27 -0000
@@ -3355,7 +3355,7 @@ check-vulnerable:
 		vlist=`${_EXTRACT_AUDITFILE} | ${GREP} "${PORTNAME}" | \
 			${AWK} -F\| ' /^[^#]/ { \
 				if (!system("${PKG_VERSION} -T \"${PKGNAME}\" \"" $$1 "\"")) \
-					print "=> " $$3 ".\n   Reference: <" $$2 ">" \
+					print "=> " $$3 ".\n   Reference: " $$2 \
 			} \
 		'`; \
 		if [ -n "$$vlist" ]; then \
Index: ports-mgmt/portaudit/files/portaudit-cmd.sh
===================================================================
RCS file: /home/ncvs/ports/ports-mgmt/portaudit/files/portaudit-cmd.sh,v
retrieving revision 1.14
diff -u -p -r1.14 portaudit-cmd.sh
--- ports-mgmt/portaudit/files/portaudit-cmd.sh	27 Dec 2007 09:54:23 -0000	1.14
+++ ports-mgmt/portaudit/files/portaudit-cmd.sh	8 Sep 2008 17:04:18 -0000
@@ -437,7 +437,7 @@ elif $opt_verbose; then
 			print "Type of problem: " $3 "."
 			split($2, ref, / /)
 			for (r in ref)
-				print "Reference: <" ref[r] ">"
+				print "Reference: " ref[r]
 			if (note)
 				print "Note: " note
 			print ""
@@ -451,7 +451,7 @@ else
 			print "Type of problem: " $3 "."
 			split($2, ref, / /)
 			for (r in ref)
-				print "Reference: <" ref[r] ">"
+				print "Reference: " ref[r]
 			if (note)
 				print "Note: " note
 			print ""
--- portaudit.diff ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

