pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/pkgtools/pkg_install/files/audit-packages regen.
details: https://anonhg.NetBSD.org/pkgsrc/rev/c0ed368adf3f
branches: trunk
changeset: 532021:c0ed368adf3f
user: wiz <wiz%pkgsrc.org@localhost>
date: Fri Aug 10 01:12:02 2007 +0000
description:
regen.
diffstat:
pkgtools/pkg_install/files/audit-packages/audit-packages.cat1.in | 179 +++++----
1 files changed, 93 insertions(+), 86 deletions(-)
diffs (245 lines):
diff -r 090809d7b919 -r c0ed368adf3f pkgtools/pkg_install/files/audit-packages/audit-packages.cat1.in
--- a/pkgtools/pkg_install/files/audit-packages/audit-packages.cat1.in Fri Aug 10 01:11:05 2007 +0000
+++ b/pkgtools/pkg_install/files/audit-packages/audit-packages.cat1.in Fri Aug 10 01:12:02 2007 +0000
@@ -19,49 +19,51 @@
The following flags are supported:
- -�-d�d Attempt to download the vulnerabilities file using the
- _�d_�o_�w_�n_�l_�o_�a_�d_�-_�v_�u_�l_�n_�e_�r_�a_�b_�i_�l_�i_�t_�y_�-_�l_�i_�s_�t script before scanning the
- installed packages for vulnerabilities.
+ -�-c�c _�c_�o_�n_�f_�i_�g_�__�f_�i_�l_�e Specify a custom _�c_�o_�n_�f_�i_�g_�__�f_�i_�l_�e configuration file to use.
- -�-e�e Check for end-of-life (eol) packages.
+ -�-d�d Attempt to download the vulnerabilities file using the
+ d�do�ow�wn�nl�lo�oa�ad�d-�-v�vu�ul�ln�ne�er�ra�ab�bi�il�li�it�ty�y-�-l�li�is�st�t script before scanning the
+ installed packages for vulnerabilities.
- -�-s�s Verify the signature of the current _�p_�k_�g_�-_�v_�u_�l_�n_�e_�r_�a_�b_�i_�l_�i_�t_�i_�e_�s
- file. The key used to sign the file is available from:
-
_�f_�t_�p_�._�n_�e_�t_�b_�s_�d_�._�o_�r_�g_�/_�p_�u_�b_�/_�N_�e_�t_�B_�S_�D_�/_�s_�e_�c_�u_�r_�i_�t_�y_�/_�P_�G_�P_�/_�p_�k_�g_�s_�r_�c_�-_�s_�e_�c_�u_�r_�i_�t_�y_�@_�N_�e_�t_�B_�S_�D_�._�o_�r_�g_�._�a_�s_�c
+ -�-e�e Check for end-of-life (eol) packages.
+
+ -�-g�g _�f_�i_�l_�e Compute the SHA512 hash on _�f_�i_�l_�e.
- In order for this to function correctly the above key must
- be added to the gpg keyring of the user who runs
- _�a_�u_�d_�i_�t_�-_�p_�a_�c_�k_�a_�g_�e_�s _�-_�s and/or _�d_�o_�w_�n_�l_�o_�a_�d_�-_�v_�u_�l_�n_�e_�r_�a_�b_�i_�l_�i_�t_�y_�-_�l_�i_�s_�t _�-_�s.
- In addition to this the gpg binary must be installed on
- your system. The path to the gpg binary can be set in
- audit-packages.conf(5).
+ -�-h�h _�f_�i_�l_�e Check the SHA512 hash of a _�f_�i_�l_�e against the internally
+ stored value.
+
+ -�-K�K _�p_�k_�g_�__�d_�b_�d_�i_�r Use package database directory _�p_�k_�g_�__�d_�b_�d_�i_�r.
- The requirement for GnuPG may go away in the future when a
- suitable replacement is implemented.
+ -�-n�n _�p_�a_�c_�k_�a_�g_�e Check only the package _�p_�a_�c_�k_�a_�g_�e for vulnerabilities.
- -�-V�V Display the version number and exit.
+ -�-p�p _�p_�a_�c_�k_�a_�g_�e Check only the installed package _�p_�a_�c_�k_�a_�g_�e for vulnera-
+ bilities.
- -�-v�v Be more verbose. Specify multiple -v flags to increase ver-
- bosity. Currently a maximum level of three is supported.
-
- -�-c�c _�c_�o_�n_�f_�__�f_�i_�l_�e Specify a custom _�c_�o_�n_�f_�__�f_�i_�l_�e configuration file to use.
+ -�-Q�Q _�v_�a_�r_�n_�a_�m_�e Display the current value of _�v_�a_�r_�n_�a_�m_�e and exit. Cur-
+ rently supported _�v_�a_�r_�n_�a_�m_�e are GPG, PKGVULNDIR, and
+ IGNORE_URLS.
- -�-g�g _�f_�i_�l_�e Compute the SHA512 hash on _�f_�i_�l_�e.
-
- -�-h�h _�f_�i_�l_�e Check the SHA512 hash of a _�f_�i_�l_�e against the internally
- stored value.
+ -�-s�s Verify the signature of the current _�p_�k_�g_�-_�v_�u_�l_�n_�e_�r_�a_�b_�i_�l_�i_�t_�i_�e_�s
+ file. The key used to sign the file is available from:
+
_�f_�t_�p_�:_�/_�/_�f_�t_�p_�._�n_�e_�t_�b_�s_�d_�._�o_�r_�g_�/_�p_�u_�b_�/_�N_�e_�t_�B_�S_�D_�/_�s_�e_�c_�u_�r_�i_�t_�y_�/_�P_�G_�P_�/_�p_�k_�g_�s_�r_�c_�-_�s_�e_�c_�u_�r_�i_�t_�y_�@_�N_�e_�t_�B_�S_�D_�._�o_�r_�g_�._�a_�s_�c
- -�-K�K _�p_�k_�g_�__�d_�b_�d_�i_�r Use package database directory _�p_�k_�g_�__�d_�b_�d_�i_�r.
-
- -�-n�n _�p_�a_�c_�k_�a_�g_�e Check only the package _�p_�a_�c_�k_�a_�g_�e for vulnerabilities.
+ In order for this to function correctly the above key
+ must be added to the gpg keyring of the user who runs
+ a�au�ud�di�it�t-�-p�pa�ac�ck�ka�ag�ge�es�s -�-s�s and/or d�do�ow�wn�nl�lo�oa�ad�d-�-v�vu�ul�ln�ne�er�ra�ab�bi�il�li�it�ty�y-�-l�li�is�st�t
+ -�-s�s. In addition to this the gpg binary must be
+ installed on your system. The path to the gpg binary
+ can be set in audit-packages.conf(5).
- -�-p�p _�p_�a_�c_�k_�a_�g_�e Check only the installed package _�p_�a_�c_�k_�a_�g_�e for vulnerabili-
- ties.
+ The requirement for GnuPG may go away in the future
+ when a suitable replacement is implemented.
+
+ -�-t�t _�t_�y_�p_�e Only check for the specified _�t_�y_�p_�e of vulnerability.
- -�-Q�Q _�v_�a_�r_�n_�a_�m_�e Display the current value of _�v_�a_�r_�n_�a_�m_�e and exit. Currently
- supported _�v_�a_�r_�n_�a_�m_�e are GPG, PKGVULNDIR and IGNORE_URLS.
+ -�-V�V Display the version number and exit.
- -�-t�t _�t_�y_�p_�e Only check for the specified _�t_�y_�p_�e of vulnerability.
+ -�-v�v Be more verbose. Specify multiple -�-v�v flags to increase
+ verbosity. Currently a maximum level of three is sup-
+ ported.
The d�do�ow�wn�nl�lo�oa�ad�d-�-v�vu�ul�ln�ne�er�ra�ab�bi�il�li�it�ty�y-�-l�li�is�st�t program downloads the _�p_�k_�g_�-_�v_�u_�l_�n_�e_�r_�a_�b_�i_�l_�i_�t_�i_�e_�s
file from _�f_�t_�p_�._�N_�e_�t_�B_�S_�D_�._�o_�r_�g using ftp(1) by default. This vulnerabilities
@@ -70,18 +72,18 @@
The following flags are supported:
- -�-h�h Display program usage.
+ -�-c�c _�c_�o_�n_�f_�i_�g_�__�f_�i_�l_�e Specify a custom _�c_�o_�n_�f_�i_�g_�__�f_�i_�l_�e configuration file to use.
+
+ -�-h�h Display program usage.
- -�-s�s Verify the signature of the current _�p_�k_�g_�-_�v_�u_�l_�n_�e_�r_�a_�b_�i_�l_�i_�t_�i_�e_�s
- file. In order for this to function correctly you will
- need to add the pkgsrc Security Team key to your gpg
- keyring and trust it. The key is available from:
-
_�f_�t_�p_�._�n_�e_�t_�b_�s_�d_�._�o_�r_�g_�/_�p_�u_�b_�/_�N_�e_�t_�B_�S_�D_�/_�s_�e_�c_�u_�r_�i_�t_�y_�/_�P_�G_�P_�/_�p_�k_�g_�s_�r_�c_�-_�s_�e_�c_�u_�r_�i_�t_�y_�@_�N_�e_�t_�B_�S_�D_�._�o_�r_�g_�._�a_�s_�c
- In addition to this the gpg binary must be installed on
- your system. The path to the gpg binary can be set in
- audit-packages.conf(5).
-
- -�-c�c _�c_�o_�n_�f_�__�f_�i_�l_�e Specify a custom _�c_�o_�n_�f_�__�f_�i_�l_�e configuration file to use.
+ -�-s�s Verify the signature of the current _�p_�k_�g_�-_�v_�u_�l_�n_�e_�r_�a_�b_�i_�l_�i_�t_�i_�e_�s
+ file. In order for this to function correctly you will
+ need to add the pkgsrc Security Team key to your gpg
+ keyring and trust it. The key is available from:
+
_�f_�t_�p_�:_�/_�/_�f_�t_�p_�._�n_�e_�t_�b_�s_�d_�._�o_�r_�g_�/_�p_�u_�b_�/_�N_�e_�t_�B_�S_�D_�/_�s_�e_�c_�u_�r_�i_�t_�y_�/_�P_�G_�P_�/_�p_�k_�g_�s_�r_�c_�-_�s_�e_�c_�u_�r_�i_�t_�y_�@_�N_�e_�t_�B_�S_�D_�._�o_�r_�g_�._�a_�s_�c
+ In addition to this the gpg binary must be installed on
+ your system. The path to the gpg binary can be set in
+ audit-packages.conf(5).
By default d�do�ow�wn�nl�lo�oa�ad�d-�-v�vu�ul�ln�ne�er�ra�ab�bi�il�li�it�ty�y-�-l�li�is�st�t will download a compressed version
of _�p_�k_�g_�-_�v_�u_�l_�n_�e_�r_�a_�b_�i_�l_�i_�t_�i_�e_�s from ftp.netbsd.org. The default file downloaded
@@ -96,65 +98,69 @@
The type of exploit can be any text, although some common types of
exploits listed are:
- ·�· cross-site-html
- ·�· cross-site-scripting
- ·�· denial-of-service
- ·�· eol
- ·�· file-permissions
- ·�· local-access
- ·�· local-code-execution
- ·�· local-file-read
- ·�· local-file-removal
- ·�· local-file-write
- ·�· local-root-file-view
- ·�· local-root-shell
- ·�· local-symlink-race
- ·�· local-user-file-view
- ·�· local-user-shell
- ·�· privacy-leak
- ·�· remote-code-execution
- ·�· remote-command-inject
- ·�· remote-file-creation
- ·�· remote-file-read
- ·�· remote-file-view
- ·�· remote-file-write
- ·�· remote-key-theft
- ·�· remote-root-access
- ·�· remote-root-shell
- ·�· remote-script-inject
- ·�· remote-server-admin
- ·�· remote-use-of-secret
- ·�· remote-user-access
- ·�· remote-user-file-view
- ·�· remote-user-shell
- ·�· unknown
- ·�· weak-authentication
- ·�· weak-encryption
- ·�· weak-ssl-authentication
+ +�+�o�o cross-site-html
+ +�+�o�o cross-site-scripting
+ +�+�o�o denial-of-service
+ +�+�o�o eol
+ +�+�o�o file-permissions
+ +�+�o�o local-access
+ +�+�o�o local-code-execution
+ +�+�o�o local-file-read
+ +�+�o�o local-file-removal
+ +�+�o�o local-file-write
+ +�+�o�o local-root-file-view
+ +�+�o�o local-root-shell
+ +�+�o�o local-symlink-race
+ +�+�o�o local-user-file-view
+ +�+�o�o local-user-shell
+ +�+�o�o privacy-leak
+ +�+�o�o remote-code-execution
+ +�+�o�o remote-command-inject
+ +�+�o�o remote-file-creation
+ +�+�o�o remote-file-read
+ +�+�o�o remote-file-view
+ +�+�o�o remote-file-write
+ +�+�o�o remote-key-theft
+ +�+�o�o remote-root-access
+ +�+�o�o remote-root-shell
+ +�+�o�o remote-script-inject
+ +�+�o�o remote-server-admin
+ +�+�o�o remote-use-of-secret
+ +�+�o�o remote-user-access
+ +�+�o�o remote-user-file-view
+ +�+�o�o remote-user-shell
+ +�+�o�o unknown
+ +�+�o�o weak-authentication
+ +�+�o�o weak-encryption
+ +�+�o�o weak-ssl-authentication
The type _�e_�o_�l implies that the package is no longer maintained by the
software vendor but is provided by the pkgsrc team for your convenience
only. It may contain any number of the above mentioned vulnerabilities.
- Any packages of type eol are not reported by default. Run a�au�ud�di�it�t-�-p�pa�ac�ck�ka�ag�ge�es�s
+ Any packages of type eol are not reported by default. Run a�au�ud�di�it�t-�-p�pa�ac�ck�ka�ag�ge�es�s
-�-e�e to also report on eol packages.
By default, the vulnerabilities file is stored in the PKG_DBDIR direc-
tory. On a standard installation this will be set to @pkgdbdir@. If you
have installed pkgsrc on a supported platform this will be what ever you
- specifed when bootstrapping pkgsrc i.e. --pkgdbdir <pkgdbdir>. The path
+ specifed when bootstrapping pkgsrc i.e., -�--�-p�pk�kg�gd�db�bd�di�ir�r <_�p_�k_�g_�d_�b_�d_�i_�r>. The path
to the _�p_�k_�g_�-_�v_�u_�l_�n_�e_�r_�a_�b_�i_�l_�i_�t_�i_�e_�s file can be set in audit-packages.conf(5).
E�EX�XI�IT�T S�ST�TA�AT�TU�US�S
The a�au�ud�di�it�t-�-p�pa�ac�ck�ka�ag�ge�es�s utility exits 0 on success, and >0 if an error occurs.
F�FI�IL�LE�ES�S
- @pkgdbdir@/pkg-vulnerabilities
+ @pkgdbdir@/pkg-vulnerabilities Vulnerabilities database.
+
+ @sysconfdir@/audit-packages.conf a�au�ud�di�it�t-�-p�pa�ac�ck�ka�ag�ge�es�s configuration file.
- @sysconfdir@/audit-packages.conf
+ ftp://ftp.netbsd.org/pub/NetBSD/security/PGP/pkgsrc-security%NetBSD.org.asc@localhost
+ Key used to sign the vulnerabilities
+ file.
E�EX�XA�AM�MP�PL�LE�ES�S
The d�do�ow�wn�nl�lo�oa�ad�d-�-v�vu�ul�ln�ne�er�ra�ab�bi�il�li�it�ty�y-�-l�li�is�st�t command can be run via cron(8) to update
- the _�p_�k_�g_�-_�v_�u_�l_�n_�e_�r_�a_�b_�i_�l_�i_�t_�i_�e_�s file daily. And a�au�ud�di�it�t-�-p�pa�ac�ck�ka�ag�ge�es�s can be run via
+ the _�p_�k_�g_�-_�v_�u_�l_�n_�e_�r_�a_�b_�i_�l_�i_�t_�i_�e_�s file daily. a�au�ud�di�it�t-�-p�pa�ac�ck�ka�ag�ge�es�s can be run via
cron(8) (or with NetBSD's _�/_�e_�t_�c_�/_�s_�e_�c_�u_�r_�i_�t_�y_�._�l_�o_�c_�a_�l daily security script).
The d�do�ow�wn�nl�lo�oa�ad�d-�-v�vu�ul�ln�ne�er�ra�ab�bi�il�li�it�ty�y-�-l�li�is�st�t command can be forced to use IPv4 with
@@ -169,8 +175,9 @@
FETCH_PROTO="http"
S�SE�EE�E A�AL�LS�SO�O
- pkg_info(1), audit-packages.conf(5), mk.conf(5), pkgsrc(7), _�D_�o_�c_�u_�m_�e_�n_�t_�a_�t_�i_�o_�n
- _�o_�n _�t_�h_�e _�N_�e_�t_�B_�S_�D _�P_�a_�c_�k_�a_�g_�e _�S_�y_�s_�t_�e_�m
+ pkg_info(1), audit-packages.conf(5), mk.conf(5), pkgsrc(7),
+
+ _�D_�o_�c_�u_�m_�e_�n_�t_�a_�t_�i_�o_�n _�o_�n _�t_�h_�e _�N_�e_�t_�B_�S_�D _�P_�a_�c_�k_�a_�g_�e _�S_�y_�s_�t_�e_�m.
H�HI�IS�ST�TO�OR�RY�Y
The a�au�ud�di�it�t-�-p�pa�ac�ck�ka�ag�ge�es�s and d�do�ow�wn�nl�lo�oa�ad�d-�-v�vu�ul�ln�ne�er�ra�ab�bi�il�li�it�ty�y-�-l�li�is�st�t commands were origi-
@@ -180,4 +187,4 @@
signatures on downloaded files. The original idea came from Roland
Dowdeswell and Bill Sommerfeld.
-NetBSD 4.0 July 07, 2007 NetBSD 4.0
+NetBSD 4.0 August 10, 2007 NetBSD 4.0
Home |
Main Index |
Thread Index |
Old Index