Re: ANN: Availability of pkg(8)-capable pkgsrc

[Alistair Crooks <agc%pkgsrc.org@localhost>]

If the answer is xml, it must be a pretty stupid question.

And XML in a security-related part of things. No.

If pkg can't handle the way things are done in pkgsrc, then it'll need
a front-end to be written. It's a pretty dumb beast, especially in the
matching of patterns. I have no idea why the people who wrote it
couldn't have followed the pkgsrc lead.

On 12 November 2016 at 18:20, Sevan / Venture37 <venture37%gmail.com@localhost> wrote:
> On 13 November 2016 at 01:03, John Marino <netbsd%marino.st@localhost> wrote:
>
>> examples of non-standard entry:
>> - php{53,54,55}-soycms=<1.4.0c  cross-site-scripting
>> http://jvn.jp/en/jp/JVN54650130/index.html
>> (=< instead of <=)
>
> Corrected along with the other 2 entries.
>
>> example of non-sense URL:
>> * sun-j{re,dk}14<2.18   multiple-vulnerabilities
>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-[3103-3115]
>> (vuxml was created to add 2 references which is totally normal)
>> (This is also an example of using curly brackets to create multiple packages
>> per vulnerability, this is simple example).
>
> ugh, 12 different vulnerabilities across 3 different versions. >(
>
>> extreme use of curly brackets:
>> * mysql-server-4.1.{0,1,2,3,4,5,6,7,8,9,10,11,12}{,nb*}
>> (that should be a range >=4.1.0<=4.1.12nb4)
>> (the nb numbers should reflect reality, not wildcards.  Each one is a unique
>> package identifier.  I had to replace these wildcards with nb99 which is
>> just a huge hack but I had no choice with this input)
>
> Fixed.
>
>> more abuse:
>> * perl{,-thread}-5.8.{[0-4]{,nb*},5{,nb[1-7]},6{,nb[12]}}
>> * samba-3.0.[0-4]{,a*,nb?}
>
> :s
>
> Sevan
>