pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/audit-packages/files regen.
details: https://anonhg.NetBSD.org/pkgsrc/rev/27a90d5d9d60
branches: trunk
changeset: 503247:27a90d5d9d60
user: wiz <wiz%pkgsrc.org@localhost>
date: Wed Nov 16 22:57:43 2005 +0000
description:
regen.
diffstat:
security/audit-packages/files/audit-packages.0 | 112 ++++++++++++++----------
1 files changed, 67 insertions(+), 45 deletions(-)
diffs (152 lines):
diff -r fdb76f58fcaf -r 27a90d5d9d60 security/audit-packages/files/audit-packages.0
--- a/security/audit-packages/files/audit-packages.0 Wed Nov 16 22:57:24 2005 +0000
+++ b/security/audit-packages/files/audit-packages.0 Wed Nov 16 22:57:43 2005 +0000
@@ -5,7 +5,7 @@
installed packages
SSYYNNOOPPSSIISS
- aauuddiitt--ppaacckkaaggeess [--ddvv]
+ aauuddiitt--ppaacckkaaggeess [--ddvv] [--ii _i_g_n_o_r_e_-_l_i_s_t] [--KK _p_k_g___d_b_d_i_r] [--pp _p_a_c_k_a_g_e]
ddoowwnnllooaadd--vvuullnneerraabbiilliittyy--lliisstt
DDEESSCCRRIIPPTTIIOONN
@@ -13,59 +13,83 @@
_p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file and reports any known security issues to stan-
dard output. This output contains the name and version of the package,
the type of vulnerability, and an URL for further information for each
- vulnerable package. If the --vv option is specified, aauuddiitt--ppaacckkaaggeess will
- warn when the vulnerabilities file is more than a week old. The --dd
- option will attempt to download this vulnerabilities file before scanning
- the installed packages for vulnerabilities.
+ vulnerable package.
+
+ The following flags are supported:
+
+ --dd aauuddiitt--ppaacckkaaggeess will attempt to download the vulnerabilities
+ file before scanning the installed packages for vulnerabil-
+ ities.
+
+ --ii [vvuullnniidd::_v_u_l_n_i_d|ppkkggppaatt::_p_a_t_t_e_r_n]
+ Specify a list of vulnerabilities or packages to ignore.
+ Packages can be specified using package wildcards (see
+ pkg_info(1)). Vulnerabilities can be specified with the
+ form vvuullnniidd::_v_u_l_n_i_d. Vulnerability ids are only present in
+ file format 1.0.1 or higher.
+
+ --KK _p_k_g___d_b_d_i_r Use package database directory _p_k_g___d_b_d_i_r.
+
+ --pp _p_a_c_k_a_g_e Check only the package _p_a_c_k_a_g_e for vulnerabilities.
+
+ --vv Set verbose mode. aauuddiitt--ppaacckkaaggeess will warn when the vul-
+ nerabilities file is more than a week old.
The ddoowwnnllooaadd--vvuullnneerraabbiilliittyy--lliisstt program downloads this file from
_f_t_p_:_/_/_f_t_p_._N_e_t_B_S_D_._o_r_g_/_p_u_b_/_N_e_t_B_S_D_/_p_a_c_k_a_g_e_s_/_d_i_s_t_f_i_l_e_s_/_p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s
using @FETCH_CMD_SHORT@(1). This vulnerabilities file documents all
known security issues in pkgsrc packages and is kept up-to-date by the
- NetBSD packages team.
+ NetBSD pkgsrc-security team.
Each line lists the package and vulnerable versions, the type of exploit,
- and an Internet address for further information. The type of exploit can
- be any text, although some common types of exploits listed are:
- ++oo cross-site-html
- ++oo cross-site-scripting
- ++oo denial-of-service
- ++oo file-permissions
- ++oo local-access
- ++oo local-code-execution
- ++oo local-file-read
- ++oo local-file-removal
- ++oo local-file-write
- ++oo local-root-file-view
- ++oo local-root-shell
- ++oo local-symlink-race
- ++oo local-user-file-view
- ++oo local-user-shell
- ++oo privacy-leak
- ++oo remote-code-execution
- ++oo remote-command-inject
- ++oo remote-file-creation
- ++oo remote-file-read
- ++oo remote-file-view
- ++oo remote-file-write
- ++oo remote-key-theft
- ++oo remote-root-access
- ++oo remote-root-shell
- ++oo remote-script-inject
- ++oo remote-server-admin
- ++oo remote-use-of-secret
- ++oo remote-user-access
- ++oo remote-user-file-view
- ++oo remote-user-shell
- ++oo unknown
- ++oo weak-authentication
- ++oo weak-encryption
- ++oo weak-ssl-authentication
+ and an Internet address for further information:
+
+ <package pattern> <vulnid>,<type> <url>
+
+ The type of exploit can be any text, although some common types of
+ exploits listed are:
+ ·· cross-site-html
+ ·· cross-site-scripting
+ ·· denial-of-service
+ ·· file-permissions
+ ·· local-access
+ ·· local-code-execution
+ ·· local-file-read
+ ·· local-file-removal
+ ·· local-file-write
+ ·· local-root-file-view
+ ·· local-root-shell
+ ·· local-symlink-race
+ ·· local-user-file-view
+ ·· local-user-shell
+ ·· privacy-leak
+ ·· remote-code-execution
+ ·· remote-command-inject
+ ·· remote-file-creation
+ ·· remote-file-read
+ ·· remote-file-view
+ ·· remote-file-write
+ ·· remote-key-theft
+ ·· remote-root-access
+ ·· remote-root-shell
+ ·· remote-script-inject
+ ·· remote-server-admin
+ ·· remote-use-of-secret
+ ·· remote-user-access
+ ·· remote-user-file-view
+ ·· remote-user-shell
+ ·· unknown
+ ·· weak-authentication
+ ·· weak-encryption
+ ·· weak-ssl-authentication
By default, the vulnerabilities file is stored in the @PKGVULNDIR@ direc-
tory. This can be changed by defining the environment variable
PKGVULNDIR to the directory containing the vulnerabilities file.
+EEXXIITT SSTTAATTUUSS
+ The aauuddiitt--ppaacckkaaggeess utility exits 0 on success, and >0 if an error occurs.
+
EENNVVIIRROONNMMEENNTT
These variables can also be defined in the @PKG_SYSCONFDIR@/audit-pack-
ages.conf file.
@@ -91,8 +115,6 @@
export FETCH_ARGS="-4"
DDIIAAGGNNOOSSTTIICCSS
- The aauuddiitt--ppaacckkaaggeess utility exits 0 on success, and >0 if an error occurs.
-
The following errors can occur:
Checksum mismatch
@@ -135,4 +157,4 @@
September 19, 2000. The original idea came from Roland Dowdeswell and
Bill Sommerfeld.
-NetBSD 3.0 June 9, 2005 NetBSD 3.0
+NetBSD 3.0 November 16, 2005 NetBSD 3.0
Home |
Main Index |
Thread Index |
Old Index