Broke portaudit 0.60 ( 6.4-RELEASE)

[CaptainSASH]

After updating to version 0.60 to 6.4-RELEASE broke portaudit

root@gw-dream # uname -v
FreeBSD 6.4-RELEASE-p11 #1: Thu Nov 17 11:43:11 EET 2011     root@gw-dream.uti-ua.com:/usr/obj/usr/src/sys/GW-DREAM

root@gw-dream # portaudit -Fda
auditfile.tbz                                 100% of   75 kB   75 kBps
unknown option '-sha256'
options are
-c              to output the digest with separating colons
-d              to output debug info
-hex            output as hex dump
-binary         output in binary form
-sign   file    sign digest using private key in file
-verify file    verify a signature using public key in file
-prverify file  verify a signature using private key in file
-keyform arg    key file format (PEM or ENGINE)
-signature file signature to verify
-binary         output in binary form
-engine e       use engine e, possibly a hardware device.
-md5 to use the md5 message digest algorithm (default)
-md4 to use the md4 message digest algorithm
-md2 to use the md2 message digest algorithm
-sha1 to use the sha1 message digest algorithm
-sha to use the sha message digest algorithm
-mdc2 to use the mdc2 message digest algorithm
-ripemd160 to use the ripemd160 message digest algorithm
portaudit: Database contains invalid signature.
Old database restored.
portaudit: Download failed.
root@gw-dream #

Any ideas?

 

[SirDice]

Support for 6.4-RELEASE ended in November 2010.

 

[DutchDaemon]

Upgrade to a supported release of FreeBSD. We cannot and will not offer support on end-of-life releases on this forum.

 

[hatifnatt]

My solution.

Do you have security/openssl installed? If you have, its version must be 0.9.8у or greater, I have

/usr/local/bin/openssl version
OpenSSL 1.0.0h 12 Mar 2012

If you don't have security/openssl installed, you must install it. Simply like

cd /usr/ports/security/openssl
make -DDISABLE_VULNERABILITIES install

-DDISABLE_VULNERABILITIES - because if you have a broken portaudit installed every port has "vulnerabilities". Then you need to copy the configuration file for openssl.

cp /usr/local/openssl/openssl.cnf.sample /usr/local/openssl/openssl.cnf

Also a small patch file

--- portaudit-cmd.sh.orig       Mon Mar 12 01:32:58 2012
+++ portaudit-cmd.sh    Sat Mar 31 07:31:47 2012
@@ -31,7 +31,7 @@
 #
 # $FreeBSD: ports/ports-mgmt/portaudit/files/portaudit-cmd.sh,v 1.20 2012/03/11 21:32:58 simon Exp $
 #
-
+openssl="/usr/local/bin/openssl"
 portaudit_confs()
 {
        if [ -r %%PREFIX%%/etc/portaudit.conf ]; then
@@ -78,10 +78,10 @@
        local TMPFILE=`mktemp -t portaudit`

        extract_auditfile_raw | egrep "^#SIGNATURE: " | sed "s/^#SIGNATURE: //g" \
-               | openssl enc -d -a >$TMPFILE
+               | "$openssl" enc -d -a >$TMPFILE
        signatureresult=`extract_auditfile_raw | egrep -v "^#SIGNATURE: " \
            | egrep -v "^#CHECKSUM: " \
-           | openssl dgst -sha256 -verify ${portaudit_pubkey} -signature $TMPFILE`
+           | "$openssl" dgst -sha256 -verify ${portaudit_pubkey} -signature $TMPFILE`
        if [ -n "$TMPFILE" ]; then
                rm "$TMPFILE"
        fi

You need to use it on ports-mgmt/portaudit like

cd /usr/ports/ports-mgmt/portaudit/files
patch -p0 < patch-file

That must help to temporary solve the problem, but you must update your system, or stop updating ports. Because every update now full of pain :e

 

[CaptainSASH]

@hatifnatt, thanks for the question decided to radically - updated to 7.4-RELEASE.