Subject: mirror-distfiles vs. vulnerable packages
To: None <tech-pkg@netbsd.org>
From: Hubert Feyrer <hubert.feyrer@informatik.fh-regensburg.de>
List: tech-pkg
Date: 09/26/2003 13:54:06
Can we disable that check on 'mirror-distfiles'?
- Hubert
--=20
___ _ _ _ _ * Harddisk Image Cloning *
/ __| | || | | | www.feyrer.de/g4u/
| (_ |_ _| |_| |
\___| |_| \___/ v1.12 out now, including partition support!
---------- Forwarded message ----------
Date: Fri, 26 Sep 2003 08:03:00 +0000 (UTC)
From: Cron Daemon <root@netbsd.org>
To: hubertf@netbsd.org
Subject: Cron <hubertf@babylon5> /usr/bin/time
/home/hubertf/bin/update-distfiles
proc.curproc.rlimit.maxproc.soft: 2048 -> 500
=3D=3D=3D> Checking for vulnerabilities in kdemultimedia-1.1.2nb2
*** WARNING - remote-code-execution vulnerability in kdemultimedia-1.1=
=2E2nb2 - see http://www.kde.org/info/security/advisory-20021220-1.txt for =
more information ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely esse=
ntial
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in kdemultimedia-2.2.2nb3
*** WARNING - remote-code-execution vulnerability in kdemultimedia-2.2=
=2E2nb3 - see http://www.kde.org/info/security/advisory-20021220-1.txt for =
more information ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely esse=
ntial
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in pdbalign-20030812
=3D> pdbalign.tar.gz doesn't seem to exist on this system.
=3D> Attempting to fetch pdbalign.tar.gz from ftp://ftp.ebi.ac.uk/pub/=
software/unix/pdbalign/.
=3D> [10457 bytes]
'EPSV': command not understood.
=3D=3D=3D> Checking for vulnerabilities in openldap-1.2.13
*** WARNING - denial-of-service vulnerability in openldap-1.2.13 - see=
http://www.openldap.org/lists/openldap-announce/200201/msg00002.html for m=
ore information ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely esse=
ntial
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in boost-1.30.2
=3D> boost-1.30.2.tar.bz2 doesn't seem to exist on this system.
=3D> Attempting to fetch boost-1.30.2.tar.bz2 from http://aleron.dl.so=
urceforge.net/sourceforge/boost/.
=3D> [5439464 bytes]
=3D=3D=3D> Checking for vulnerabilities in devhelp-0.7
=3D> devhelp-0.7.tar.bz2 doesn't seem to exist on this system.
=3D> Attempting to fetch devhelp-0.7.tar.bz2 from ftp://ftp.gnome.org/=
pub/GNOME/sources/devhelp/0.7/.
=3D> [371493 bytes]
Trying 130.239.18.137...
=3D=3D=3D> Checking for vulnerabilities in kdesdk-2.2.2nb3
*** WARNING - remote-code-execution vulnerability in kdesdk-2.2.2nb3 -=
see http://www.kde.org/info/security/advisory-20021220-1.txt for more info=
rmation ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely esse=
ntial
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in conglomerate-0.7.4
=3D> conglomerate-0.7.4.tar.gz doesn't seem to exist on this system.
=3D> Attempting to fetch conglomerate-0.7.4.tar.gz from http://aleron.=
dl.sourceforge.net/sourceforge/conglomerate/.
=3D> [846534 bytes]
=3D=3D=3D> Checking for vulnerabilities in compat14-1.4.3.1
*** WARNING - remote-root-shell vulnerability in compat14-1.4.3.1 - se=
e http://www.kb.cert.org/vuls/id/738331 for more information ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely esse=
ntial
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in compat14-crypto-1.4.3.1
*** WARNING - remote-root-shell vulnerability in compat14-crypto-1.4.3=
=2E1 - see http://www.kb.cert.org/vuls/id/738331 for more information ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely esse=
ntial
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in dgen-sdl-1.23
=3D> dgen-sdl-1.23.tar.gz doesn't seem to exist on this system.
=3D> Attempting to fetch dgen-sdl-1.23.tar.gz from http://www.pknet.co=
m/~joe/.
=3D> [340556 bytes]
=3D=3D=3D> Checking for vulnerabilities in netbsd32_compat14-1.4.3.1
*** WARNING - remote-root-shell vulnerability in netbsd32_compat14-1.4=
=2E3.1 - see http://www.kb.cert.org/vuls/id/738331 for more information ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely esse=
ntial
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in netbsd32_compat15-1.0
*** WARNING - remote-root-shell vulnerability in netbsd32_compat15-1.0=
- see http://www.kb.cert.org/vuls/id/738331 for more information ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely esse=
ntial
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in netbsd32_compat16-1.0
=3D> compat16-i386.tar.bz2 doesn't seem to exist on this system.
=3D> Attempting to fetch compat16-i386.tar.bz2 from ftp://ftp.fi.netbs=
d.org/pub/NetBSD/packages/distfiles/LOCAL_PORTS/.
'EPSV': command not understood.
/pub/NetBSD/packages/distfiles/LOCAL_PORTS/compat16-i386.tar.bz2: No s=
uch file or directory.
=3D> Attempting to fetch compat16-i386.tar.bz2 from ftp://ftp.netbsd.o=
rg/pub/NetBSD/packages/distfiles/LOCAL_PORTS/.
Trying 2001:4f8:4:7:2e0:81ff:fe21:6563...
compat16-i386.tar.bz2: No such file or directory.
=3D> Attempting to fetch compat16-i386.tar.bz2 from ftp://ftp.freebsd.=
org/pub/FreeBSD/distfiles/LOCAL_PORTS/.
Trying 2001:4f8:0:2::e...
LOCAL_PORTS: No such file or directory.
=3D> Attempting to fetch compat16-i386.tar.bz2 from ftp://ftp.fi.netbs=
d.org/pub/NetBSD/packages/distfiles/.
'EPSV': command not understood.
/pub/NetBSD/packages/distfiles/compat16-i386.tar.bz2: No such file or =
directory.
=3D> Attempting to fetch compat16-i386.tar.bz2 from ftp://ftp.netbsd.o=
rg/pub/NetBSD/packages/distfiles/.
Trying 2001:4f8:4:7:2e0:81ff:fe21:6563...
compat16-i386.tar.bz2: No such file or directory.
=3D> Attempting to fetch compat16-i386.tar.bz2 from ftp://ftp.freebsd.=
org/pub/FreeBSD/distfiles/.
Trying 2001:4f8:0:2::e...
compat16-i386.tar.bz2: No such file or directory.
=3D> Couldn't fetch compat16-i386.tar.bz2 - please try to retrieve thi=
s
=3D> file manually into /pub/NetBSD/packages/distfiles/ and try again.
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in suse_base-6.4nb8
*** WARNING - remote-code-execution vulnerability in suse_base-6.4nb8 =
- see http://www.suse.com/de/security/2002_031_glibc.html for more informat=
ion ***
*** WARNING - remote-code-execution vulnerability in suse_base-6.4nb8 =
- see http://www.suse.com/de/security/2003_027_glibc.html for more informat=
ion ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely esse=
ntial
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in suse_devel-6.4nb2
*** WARNING - remote-code-execution vulnerability in suse_devel-6.4nb2=
- see http://www.suse.com/de/security/2002_031_glibc.html for more informa=
tion ***
*** WARNING - remote-code-execution vulnerability in suse_devel-6.4nb2=
- see http://www.suse.com/de/security/2003_027_glibc.html for more informa=
tion ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely esse=
ntial
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in suse_libpng-6.4
*** WARNING - remote-user-shell vulnerability in suse_libpng-6.4 - see=
http://www.suse.com/de/security/2003_004_libpng.html for more information =
***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely esse=
ntial
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in foobillard-2.8
=3D> foobillard-2.8.tar.gz doesn't seem to exist on this system.
=3D> Attempting to fetch foobillard-2.8.tar.gz from http://foobillard.=
sunsite.dk/dnl/.
=3D> [1098364 bytes]
=3D=3D=3D> Checking for vulnerabilities in gnuchess-5.00nb2
*** WARNING - remote-user-shell vulnerability in gnuchess-5.00nb2 - se=
e http://linux.oreillynet.com/pub/a/linux/2002/01/28/insecurities.html for =
more information ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely esse=
ntial
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in kdegames-1.1.2nb2
*** WARNING - remote-code-execution vulnerability in kdegames-1.1.2nb2=
- see http://www.kde.org/info/security/advisory-20021220-1.txt for more in=
formation ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely esse=
ntial
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in kdegames-2.2.2nb3
*** WARNING - remote-code-execution vulnerability in kdegames-2.2.2nb3=
- see http://www.kde.org/info/security/advisory-20021220-1.txt for more in=
formation ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely esse=
ntial
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in kdegraphics-1.1.2nb2
*** WARNING - remote-code-execution vulnerability in kdegraphics-1.1.2=
nb2 - see http://www.kde.org/info/security/advisory-20021008-1.txt for more=
information ***
*** WARNING - remote-code-execution vulnerability in kdegraphics-1.1.2=
nb2 - see http://www.kde.org/info/security/advisory-20021220-1.txt for more=
information ***
*** WARNING - remote-code-execution vulnerability in kdegraphics-1.1.2=
nb2 - see http://www.kde.org/info/security/advisory-20030409-1.txt for more=
information ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely esse=
ntial
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in kdegraphics-2.2.2nb4
*** WARNING - remote-code-execution vulnerability in kdegraphics-2.2.2=
nb4 - see http://www.kde.org/info/security/advisory-20021220-1.txt for more=
information ***
*** WARNING - remote-code-execution vulnerability in kdegraphics-2.2.2=
nb4 - see http://www.kde.org/info/security/advisory-20030409-1.txt for more=
information ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely esse=
ntial
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in pixieplus-0.5.4
=3D> pixieplus-0.5.4.tar.gz doesn't seem to exist on this system.
=3D> Attempting to fetch pixieplus-0.5.4.tar.gz from http://people.fru=
itsalad.org/avleeuwen/distfiles/pixieplus/.
=3D> [2297945 bytes]
=3D=3D=3D> Checking for vulnerabilities in mono-0.26
=3D> mono-0.26.tar.gz doesn't seem to exist on this system.
=3D> Attempting to fetch mono-0.26.tar.gz from http://www.go-mono.org/=
archive/.
=3D> [8939242 bytes]
=3D=3D=3D> Checking for vulnerabilities in sendmail-8.11.6nb6
*** WARNING - local-user-shell vulnerability in sendmail-8.11.6nb6 - s=
ee http://www.sendmail.org/smrsh.adv.txt for more information ***
*** WARNING - unknown vulnerability in sendmail-8.11.6nb6 - see http:/=
/www.sendmail.org/8.12.10.html for more information ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely esse=
ntial
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in dnetc-2.8018.472
=3D> dnetc-netbsd-i386-elf.tar.gz doesn't seem to exist on this system=
=2E
=3D> Attempting to fetch dnetc-netbsd-i386-elf.tar.gz from http://http=
=2Edistributed.net/pub/dcti/current-client/.
=3D> [319938 bytes]
=3D=3D=3D> Checking for vulnerabilities in kdepim-2.2.2nb4
*** WARNING - remote-code-execution vulnerability in kdepim-2.2.2nb4 -=
see http://www.kde.org/info/security/advisory-20021220-1.txt for more info=
rmation ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely esse=
ntial
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in kdeutils-1.1.2nb2
*** WARNING - remote-code-execution vulnerability in kdeutils-1.1.2nb2=
- see http://www.kde.org/info/security/advisory-20021220-1.txt for more in=
formation ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely esse=
ntial
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in kdeutils-2.2.2nb3
*** WARNING - remote-code-execution vulnerability in kdeutils-2.2.2nb3=
- see http://www.kde.org/info/security/advisory-20021220-1.txt for more in=
formation ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely esse=
ntial
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in setiathome-3.03nb2
*** WARNING - remote-code-execution vulnerability in setiathome-3.03nb=
2 - see http://spoor12.edup.tudelft.nl/SkyLined%20v4.2/?Advisories/Seti@hom=
e for more information ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely esse=
ntial
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in bind-4.9.11
*** WARNING - denial-of-service vulnerability in bind-4.9.11 - see htt=
p://www.isc.org/products/BIND/bind-security.html for more information ***
*** WARNING - remote-root-shell vulnerability in bind-4.9.11 - see htt=
p://www.cert.org/advisories/CA-2001-02.html for more information ***
*** WARNING - remote-root-shell vulnerability in bind-4.9.11 - see htt=
p://www.pine.nl/advisories/pine-cert-20020601.html for more information ***
*** WARNING - remote-root-shell vulnerability in bind-4.9.11 - see htt=
p://www.isc.org/products/BIND/bind-security.html for more information ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely esse=
ntial
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in hping-2.0.0.2
=3D> hping2.0.0-rc2.tar.gz doesn't seem to exist on this system.
=3D> Attempting to fetch hping2.0.0-rc2.tar.gz from http://www.hping.o=
rg/.
=3D> [100501 bytes]
=3D=3D=3D> Checking for vulnerabilities in kdenetwork-1.1.2nb3
*** WARNING - remote-code-execution vulnerability in kdenetwork-1.1.2n=
b3 - see http://www.kde.org/info/security/advisory-20021220-1.txt for more =
information ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely esse=
ntial
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in kdenetwork-2.2.2nb6
*** WARNING - remote-root-shell vulnerability in kdenetwork-2.2.2nb6 -=
see http://www.kde.org/info/security/advisory-20021111-2.txt for more info=
rmation ***
*** WARNING - remote-code-execution vulnerability in kdenetwork-2.2.2n=
b6 - see http://www.kde.org/info/security/advisory-20021220-1.txt for more =
information ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely esse=
ntial
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in maradns-1.0.17
=3D> maradns-1.0.17.tar.bz2 doesn't seem to exist on this system.
=3D> Attempting to fetch maradns-1.0.17.tar.bz2 from http://www.maradn=
s.org/download/.
=3D> [414083 bytes]
=3D=3D=3D> Checking for vulnerabilities in nprobe-1.3.1nb1
=3D> nProbe-source-1.3.1.tgz doesn't seem to exist on this system.
=3D> Attempting to fetch nProbe-source-1.3.1.tgz from http://luca.ntop=
=2Eorg/nprobeDownload/.
=3D> [161478 bytes]
401 Authorization Required
Username for `Restricted Area': =3D> Attempting to fetch nProbe-source=
-1.3.1.tgz from ftp://ftp.fi.netbsd.org/pub/NetBSD/packages/distfiles/.
=3D> [161478 bytes]
'EPSV': command not understood.
/pub/NetBSD/packages/distfiles/nProbe-source-1.3.1.tgz: No such file o=
r directory.
=3D> Attempting to fetch nProbe-source-1.3.1.tgz from ftp://ftp.netbsd=
=2Eorg/pub/NetBSD/packages/distfiles/.
=3D> [161478 bytes]
Trying 2001:4f8:4:7:2e0:81ff:fe21:6563...
nProbe-source-1.3.1.tgz: No such file or directory.
=3D> Attempting to fetch nProbe-source-1.3.1.tgz from ftp://ftp.freebs=
d.org/pub/FreeBSD/distfiles/.
=3D> [161478 bytes]
Trying 2001:4f8:0:2::e...
nProbe-source-1.3.1.tgz: No such file or directory.
=3D> Couldn't fetch nProbe-source-1.3.1.tgz - please try to retrieve t=
his
=3D> file manually into /pub/NetBSD/packages/distfiles/ and try again.
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in socks5-1.0.2nb1
*** WARNING - remote-root-shell vulnerability in socks5-1.0.2nb1 - see=
http://online.securityfocus.com/archive/1/9842 for more information ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely esse=
ntial
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in speakfreely-7.2
*** WARNING - remote-code-execution vulnerability in speakfreely-7.2 -=
see http://www.securityfocus.com/archive/1/324257/2003-06-06/2003-06-12/0 =
for more information ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely esse=
ntial
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in trickle-1.06
=3D> trickle-1.06.tar.gz doesn't seem to exist on this system.
=3D> Attempting to fetch trickle-1.06.tar.gz from http://monkey.org/~m=
arius/trickle/.
=3D> [166044 bytes]
=3D=3D=3D> Checking for vulnerabilities in tsclient-0.124
=3D> tsclient-0.124.tar.gz doesn't seem to exist on this system.
=3D> Attempting to fetch tsclient-0.124.tar.gz from http://www.gnomepr=
o.com/tsclient/.
=3D> [387864 bytes]
=3D=3D=3D> Checking for vulnerabilities in tspc-0.9.7
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
The Freenet6 client must be fetched
into /pub/NetBSD/packages/distfiles from
http://www.freenet6.net/cgi-bin/download.cgi?fn=3Dfreenet6-0.9.7.tgz=
=2E
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=3D=3D> parallel/glunix
cd /ftp/pub/NetBSD/NetBSD-current/pkgsrc/parallel/glunix && /usr/bin/e=
nv ARCH=3Di386 RM=3D/bin/rm NOW_ROOT=3D/usr/pkg/now BSD_INSTALL_PROGRAM=3D"=
install -c -s -o root -g wheel -m 555"=09=09 BSD_INSTALL_SCRIPT=3D"install =
-c -o root -g wheel -m 555"=09=09=09 BSD_INSTALL_DATA=3D"install -c -o root=
-g wheel -m 444"=09=09=09 BSD_INSTALL_MAN=3D"install -c -o root -g wheel -=
m 444"=09=09=09 BSD_INSTALL=3D"install"=09=09=09=09 BSD_INSTALL_PROGRAM_DIR=
=3D"install -d -o root -g wheel -m 755"=09 BSD_INSTALL_SCRIPT_DIR=3D"instal=
l -d -o root -g wheel -m 755"=09=09 BSD_INSTALL_DATA_DIR=3D"install -d -o r=
oot -g wheel -m 755"=09=09 BSD_INSTALL_MAN_DIR=3D"install -d -o root -g whe=
el -m 755" CURDIR=3D/ftp/pub/NetBSD/NetBSD-current/pkgsrc/parallel/glunix D=
ISTDIR=3D/pub/NetBSD/packages/distfiles PATH=3D/ftp/pub/NetBSD/NetBSD-curr=
ent/pkgsrc/parallel/glunix/work/.tools/bin:/usr/bin:/bin:/usr/pkg/bin:/usr/=
local/bin:/sbin:/usr/pkg/bin:/usr/X11R6/bin WRKDIR=3D/ftp/pub/NetBSD/NetBS=
D-current/pkgsrc/parallel/glunix/work WRKSRC=3D/ftp/pub/NetBSD/NetBSD-curre=
nt/pkgsrc/parallel/glunix/work PATCHDIR=3D/ftp/pub/NetBSD/NetBSD-current/pk=
gsrc/parallel/glunix/patches SCRIPTDIR=3D/ftp/pub/NetBSD/NetBSD-current/pk=
gsrc/parallel/glunix/scripts FILESDIR=3D/ftp/pub/NetBSD/NetBSD-current/pkgs=
rc/parallel/glunix/files _PKGSRCDIR=3D/ftp/pub/NetBSD/NetBSD-current/pkgsr=
c DEPENDS=3D"perl>=3D5.0:../../lang/perl5" PREFIX=3D/usr/pkg LOCALBASE=3D/=
usr/pkg X11BASE=3D/usr/X11R6 /bin/sh /ftp/pub/NetBSD/NetBSD-current/pkgsrc/=
parallel/glunix/scripts/pre-fetch
=3D=3D=3D> Checking for vulnerabilities in glunix-1.0anb1
=3D> makedepend.tar.gz doesn't seem to exist on this system.
=3D> Attempting to fetch makedepend.tar.gz from http://now.cs.berkeley=
=2Eedu/Glunix/.
=3D> [29283 bytes]
ftp: Error retrieving file - `404 Not Found'
=3D> Attempting to fetch makedepend.tar.gz from http://www.inficad.com=
/~garbled/.
=3D> [29283 bytes]
ftp: Error retrieving file - `404 Not Found'
=3D> Attempting to fetch makedepend.tar.gz from ftp://ftp.fi.netbsd.or=
g/pub/NetBSD/packages/distfiles/.
=3D> [29283 bytes]
'EPSV': command not understood.
/pub/NetBSD/packages/distfiles/makedepend.tar.gz: No such file or dire=
ctory.
=3D> Attempting to fetch makedepend.tar.gz from ftp://ftp.netbsd.org/p=
ub/NetBSD/packages/distfiles/.
=3D> [29283 bytes]
Trying 2001:4f8:4:7:2e0:81ff:fe21:6563...
makedepend.tar.gz: No such file or directory.
=3D> Attempting to fetch makedepend.tar.gz from ftp://ftp.freebsd.org/=
pub/FreeBSD/distfiles/.
=3D> [29283 bytes]
Trying 2001:4f8:0:2::e...
makedepend.tar.gz: No such file or directory.
=3D> Couldn't fetch makedepend.tar.gz - please try to retrieve this
=3D> file manually into /pub/NetBSD/packages/distfiles/ and try again.
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in openpbs-2.3.16
=3D> OpenPBS_2_3_16.tar.gz doesn't seem to exist on this system.
=3D> Attempting to fetch OpenPBS_2_3_16.tar.gz from http://www.openpbs=
=2Eorg/UserArea/Download/.
=3D> [1307483 bytes]
401 Authorization Required
Username for `PBS User Area': =3D> Attempting to fetch OpenPBS_2_3_16.=
tar.gz from ftp://ftp.fi.netbsd.org/pub/NetBSD/packages/distfiles/.
=3D> [1307483 bytes]
'EPSV': command not understood.
/pub/NetBSD/packages/distfiles/OpenPBS_2_3_16.tar.gz: No such file or =
directory.
=3D> Attempting to fetch OpenPBS_2_3_16.tar.gz from ftp://ftp.netbsd.o=
rg/pub/NetBSD/packages/distfiles/.
=3D> [1307483 bytes]
Trying 2001:4f8:4:7:2e0:81ff:fe21:6563...
OpenPBS_2_3_16.tar.gz: No such file or directory.
=3D> Attempting to fetch OpenPBS_2_3_16.tar.gz from ftp://ftp.freebsd.=
org/pub/FreeBSD/distfiles/.
=3D> [1307483 bytes]
Trying 2001:4f8:0:2::e...
OpenPBS_2_3_16.tar.gz: No such file or directory.
=3D> Couldn't fetch OpenPBS_2_3_16.tar.gz - please try to retrieve thi=
s
=3D> file manually into /pub/NetBSD/packages/distfiles/ and try again.
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in ssh-1.2.27nb2
*** WARNING - local-root-shell vulnerability in ssh-1.2.27nb2 - see ht=
tp://www.kb.cert.org/vuls/id/740619 for more information ***
*** WARNING - denial-of-service vulnerability in ssh-1.2.27nb2 - see h=
ttp://www.rapid7.com/advisories/R7-0009.txt for more information ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely esse=
ntial
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in apcupsd-3.8.6nb1
*** WARNING - denial-of-service vulnerability in apcupsd-3.8.6nb1 - se=
e http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2003-0099 for more in=
formation ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely esse=
ntial
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> sysutils/fdgw
********************************************************
Please note: The install stage of fdgw requires a kernel
with 'pseudo-device vnd 4' enabled.
********************************************************
=3D=3D=3D> Checking for vulnerabilities in rconfig-0.21
=3D> rconfig-0.21.tar.gz doesn't seem to exist on this system.
=3D> Attempting to fetch rconfig-0.21.tar.gz from http://www.mono.org/=
abs/tools/rconfig/.
=3D> [10611 bytes]
=3D=3D=3D> Checking for vulnerabilities in ispell-russian-0.99.5
=3D> rus-ispell-0.99f5.tar.gz doesn't seem to exist on this system.
=3D> Attempting to fetch rus-ispell-0.99f5.tar.gz from ftp://scon155.p=
hys.msu.su/pub/russian/ispell/.
=3D> [473507 bytes]
'EPSV': command not understood.
=3D=3D=3D> Checking for vulnerabilities in libcroco-0.2.0
=3D> libcroco-0.2.0.tar.bz2 doesn't seem to exist on this system.
=3D> Attempting to fetch libcroco-0.2.0.tar.bz2 from ftp://ftp.gnome.o=
rg/pub/GNOME/sources/libcroco/0.2/.
=3D> [286024 bytes]
Trying 130.239.18.137...
=3D=3D=3D> Checking for vulnerabilities in py23pth-SimpleParse-2.0.0
=3D> SimpleParse-2.0.0.zip doesn't seem to exist on this system.
=3D> Attempting to fetch SimpleParse-2.0.0.zip from http://aleron.dl.s=
ourceforge.net/sourceforge/simpleparse/.
=3D> [301542 bytes]
=3D=3D=3D> Checking for vulnerabilities in raptor-1.0.0
=3D> raptor-1.0.0.tar.gz doesn't seem to exist on this system.
=3D> Attempting to fetch raptor-1.0.0.tar.gz from http://www.redland.o=
pensource.ac.uk/dist/source/.
=3D> [420807 bytes]
=3D=3D=3D> Checking for vulnerabilities in 3ddesktop-0.2.5
=3D> 3ddesktop-0.2.5.tar.gz doesn't seem to exist on this system.
=3D> Attempting to fetch 3ddesktop-0.2.5.tar.gz from http://aleron.dl.=
sourceforge.net/sourceforge/desk3d/.
=3D> [162089 bytes]
=3D=3D=3D> wm/sawfish-themes
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
We're now downloading >150 themes for Sawfish - if you
would like to install only a subset, you can specify the
themes using the SAWFISH_THEMES environment variable.
(See /ftp/pub/NetBSD/NetBSD-current/pkgsrc/wm/sawfish-themes/files/th=
emes.sawfish for defaults.)
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=3D=3D> Checking for vulnerabilities in openacs-3.2.5nb2
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Please fetch openacs-3.2.5.tgz into /pub/NetBSD/packages/distfiles
from http://www.openacs.org/ .
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=3D=3D> Checking for vulnerabilities in opera-5.0.1
*** WARNING - remote-user-shell vulnerability in opera-5.0.1 - see htt=
p://www.opera.com/linux/changelog/log603.html for more information ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely esse=
ntial
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in zope-2.2.2
*** WARNING - weak-authentication vulnerability in zope-2.2.2 - see ht=
tp://www.zope.org/Products/Zope/ for more information ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely esse=
ntial
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in filerunner-2.5.1
=3D> FileRunner-2.5.1.tar.gz doesn't seem to exist on this system.
=3D> Attempting to fetch FileRunner-2.5.1.tar.gz from http://www.cd.ch=
almers.se/~hch/.
=3D> [122795 bytes]
=3D=3D=3D> Checking for vulnerabilities in kde-1.1.2nb3
*** WARNING - remote-code-execution vulnerability in kde-1.1.2nb3 - se=
e http://www.kde.org/info/security/advisory-20030409-1.txt for more informa=
tion ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely esse=
ntial
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in kde-2.2.2nb7
*** WARNING - remote-code-execution vulnerability in kde-2.2.2nb7 - se=
e http://www.kde.org/info/security/advisory-20030409-1.txt for more informa=
tion ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely esse=
ntial
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in kdebase-1.1.2nb3
*** WARNING - remote-code-execution vulnerability in kdebase-1.1.2nb3 =
- see http://www.kde.org/info/security/advisory-20021220-1.txt for more inf=
ormation ***
*** WARNING - remote-code-execution vulnerability in kdebase-1.1.2nb3 =
- see http://www.kde.org/info/security/advisory-20030409-1.txt for more inf=
ormation ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely esse=
ntial
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in kdebase-2.2.2nb3
*** WARNING - remote-code-execution vulnerability in kdebase-2.2.2nb3 =
- see http://www.kde.org/info/security/advisory-20021220-1.txt for more inf=
ormation ***
*** WARNING - remote-code-execution vulnerability in kdebase-2.2.2nb3 =
- see http://www.kde.org/info/security/advisory-20030409-1.txt for more inf=
ormation ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely esse=
ntial
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in kdelibs-1.1.2nb1
*** WARNING - remote-code-execution vulnerability in kdelibs-1.1.2nb1 =
- see http://www.kde.org/info/security/advisory-20021220-1.txt for more inf=
ormation ***
*** WARNING - remote-code-execution vulnerability in kdelibs-1.1.2nb1 =
- see http://www.kde.org/info/security/advisory-20030409-1.txt for more inf=
ormation ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely esse=
ntial
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in kdelibs-2.2.2nb6
*** WARNING - remote-code-execution vulnerability in kdelibs-2.2.2nb6 =
- see http://www.kde.org/info/security/advisory-20021220-1.txt for more inf=
ormation ***
*** WARNING - remote-code-execution vulnerability in kdelibs-2.2.2nb6 =
- see http://www.kde.org/info/security/advisory-20030409-1.txt for more inf=
ormation ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely esse=
ntial
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> Checking for vulnerabilities in xfstt-1.4
*** WARNING - denial-of-service vulnerability in xfstt-1.4 - see http:=
//cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2003-0581 for more informati=
on ***
*** WARNING - privacy-leak vulnerability in xfstt-1.4 - see http://cve=
=2Emitre.org/cgi-bin/cvename.cgi?name=3DCAN-2003-0625 for more information =
***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely esse=
ntial
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
=3D=3D=3D> x11/xservers
Please set BSDXSRCDIR in /etc/mk.conf, pointing it
to a directory that contains NetBSD's X11 sources.
*** Error code 1 (continuing)
`real-fetch' not remade because of errors.
3779.32 real 810.93 user 280.56 sys