./security/pscan, Security C code scanner for misuse of format strings

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.3, Package name: pscan-1.3, Maintainer: pkgsrc-users

PScan is a C source code security scanner, which looks for misuse of
libc functions which use varargs and printf-style formatting
operators. In many situations these can cause security vulnerabilities
in the application if it runs with privileges (setugid, or listening
to a network socket, etc).

An example of the kind of situation pscan looks for is the following:

variable = "%s"; /* or malicious user input */
sprintf(buffer, variable); /* BAD! */


Required to build:
[pkgtools/cwrappers]

Master sites:

Filesize: 14.214 KB

Version history: (Expand)


CVS history: (Expand)


   2021-10-26 13:18:07 by Nia Alarie | Files touched by this commit (605)
Log message:
security: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo \ 
cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
   2021-10-07 16:54:50 by Nia Alarie | Files touched by this commit (606)
Log message:
security: Remove SHA1 hashes for distfiles
   2020-02-04 18:25:59 by Roland Illig | Files touched by this commit (3)
Log message:
security/pscan: fix pkglint warnings
   2020-02-04 18:22:07 by Roland Illig | Files touched by this commit (1) | Package updated
Log message:
security/pscan: update HOMEPAGE, document MASTER_SITES
   2018-01-01 23:30:04 by Roland Illig | Files touched by this commit (537)
Log message:
Sort PLIST files.

Unsorted entries in PLIST files have generated a pkglint warning for at
least 12 years. Somewhat more recently, pkglint has learned to sort
PLIST files automatically. Since pkglint 5.4.23, the sorting is only
done in obvious, simple cases. These have been applied by running:

  pkglint -Cnone,PLIST -Wnone,plist-sort -r -F
   2017-09-03 10:37:04 by Thomas Klausner | Files touched by this commit (182)
Log message:
Comment out dead MASTER_SITES/HOMEPAGEs.
   2015-11-04 02:18:12 by Alistair G. Crooks | Files touched by this commit (434)
Log message:
Add SHA512 digests for distfiles for security category

Problems found locating distfiles:
	Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
	Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
	Package libidea: missing distfile libidea-0.8.2b.tar.gz
	Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
	Package uvscan: missing distfile vlp4510e.tar.Z

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2012-10-23 20:17:02 by Aleksej Saushev | Files touched by this commit (368)
Log message:
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.