Re: Checking for vulnerable packages before installing

To: Leonardo Taccari <leot%NetBSD.org@localhost>
Subject: Re: Checking for vulnerable packages before installing
From: Iain Morgan <Iain.Morgan%nasa.gov@localhost>
Date: Thu, 28 Feb 2019 14:25:14 -0800

On Wed, Feb 27, 2019 at 21:24:58 +0100, Leonardo Taccari wrote:
> Hello Iain,
> 
> Iain Morgan writes:
> > [...]
> > What I would like is a way to have pkgsrc check for vulnerabilities for
> > all packages (and their dependencies) without building them or halting,
> > so that I can evaluate the vulnerabilities in one go and then run the
> > build with less of a chance of it being interrupted. I'm not aware of
> > any make target that would accomplish this, but is such an approach
> > supported?
> > [...]
> 
> AFAIK there is no target for that but this can be done via
> pkg_admin(1).  I wrote a shell script that given one or more packages
> as argument (installed or not) print corresponding entries in
> pkg-vulnerabilities.  I will attach it on this email.
> 
> I think it be adopted and/or should give an idea how to possibly
> handle that if you have a list of package.
> 

Thanks for the tip. I wasn't aware of the audit-history option to
pkg_admin. That's a big help.

-- 
Iain Morgan

References:
- Checking for vulnerable packages before installing
  - From: Iain Morgan
- Re: Checking for vulnerable packages before installing
  - From: Leonardo Taccari

Prev by Date: patch: fix CVE-2019-8906, CVE-2019-8904 (not sure about CVE-2019-8905, CVE-2019-8907) in sysutils/file
Next by Date: Re: Can't compile perl5 on Soalris 10
Previous by Thread: Re: Checking for vulnerable packages before installing
Next by Thread: patch: fix CVE-2019-8906, CVE-2019-8904 (not sure about CVE-2019-8905, CVE-2019-8907) in sysutils/file
Indexes:

Home | Main Index | Thread Index | Old Index