Date: Wed, 16 Jul 2014 10:35:37 +1000 From: Dewayne Geraghty <dewayne.geraghty@heuristicsystems.com.au> To: Bryan Drewery <bdrewery@freebsd.org>, =?UTF-8?B?UmVuw6kgTGFkYW4=?= <rene@freebsd.org>, "ports@freebsd.org Ports" <ports@freebsd.org> Subject: Re: marking vulnerable ports forbidden? Message-ID: <53C5C8D9.6090602@heuristicsystems.com.au> In-Reply-To: <53C5A1C5.90707@FreeBSD.org> References: <CADL2u4gw7VSvuYwk_N26QnrOCyBd71=-R9U225372vYPEVz=Bw@mail.gmail.com> <53C5A1C5.90707@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 16/07/2014 7:48 AM, Bryan Drewery wrote: > On 7/15/2014 7:45 AM, René Ladan wrote: >> Hi, >> >> according to Freshports [1] there are currently 24 vulnerable ports not >> marked as forbidden. >> How about checking this list on a regular basis and marking such ports and >> forbidden and optionally as deprecated? This would inform users not using >> vuxml earlier about vulnerabilities. >> >> [1] http://www.freshports.org/ports-vulnerable.php >> >> Regards, >> René >> _______________________________________________ > Do take it case-by-case though. Doing this wipes out most Linux ports > IIRC. Some of the vulns documented are not worthy of a FORBIDDEN. > Good point Bryan. I've added this to my /usr/ports/Mk/bsd.port.mk to accomodate an ability to choose and make my own informed decision. It might be worthy of adoption: --- /usr/ports/Mk/bsd.port.mk.orig2 2014-07-16 10:28:19.000000000 +1000 +++ /usr/ports/Mk/bsd.port.mk 2014-07-16 10:28:31.000000000 +1000 @@ -3036,7 +3036,7 @@ .if !defined(TRYBROKEN) IGNORE= is marked as broken on ${ARCH}: ${BROKEN_${ARCH}} .endif -.elif defined(FORBIDDEN) +.elif defined(FORBIDDEN) && !defined(NO_IGNORE_FORBIDDEN) IGNORE= is forbidden: ${FORBIDDEN} .endif The use of NO_IGNORE is far too course, so NO_IGNORE_FORBIDDEN is a compromise. :)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53C5C8D9.6090602>