From owner-freebsd-questions@FreeBSD.ORG  Mon Oct 31 10:34:44 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8E8C916A41F
	for <freebsd-questions@freebsd.org>;
	Mon, 31 Oct 2005 10:34:44 +0000 (GMT)
	(envelope-from daniel@rimspace.net)
Received: from anu.rimspace.net (203-217-29-35.perm.iinet.net.au
	[203.217.29.35])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CD15743D4C
	for <freebsd-questions@freebsd.org>;
	Mon, 31 Oct 2005 10:34:43 +0000 (GMT)
	(envelope-from daniel@rimspace.net)
Received: by anu.rimspace.net (Postfix, from userid 10)
	id 5D053AFE26; Mon, 31 Oct 2005 21:34:42 +1100 (EST)
Received: by enki.rimspace.net (Postfix, from userid 1000)
	id ED6FBBB54E8C; Mon, 31 Oct 2005 21:34:35 +1100 (EST)
From: Daniel Pittman <daniel@rimspace.net>
To: "Michael C. Shultz" <ringworm01@gmail.com>
In-Reply-To: <200510302348.07655.ringworm01@gmail.com> (Michael C. Shultz's
	message of "Sun, 30 Oct 2005 23:48:06 -0800")
References: <87oe56rxpi.fsf@rimspace.net>
	<200510302348.07655.ringworm01@gmail.com>
Date: Mon, 31 Oct 2005 21:34:35 +1100
Message-ID: <87k6furn44.fsf@rimspace.net>
User-Agent: Gnus/5.110004 (No Gnus v0.4) XEmacs/21.5-b21 (corn, linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: freebsd-questions@freebsd.org
Subject: Re: portaudit reports: how to exclude a specific vulnerability
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Oct 2005 10:34:44 -0000

"Michael C. Shultz" <ringworm01@gmail.com> writes:
> On Sunday 30 October 2005 22:45, you wrote:
G'day.

[...]

>> I can't work out how to tell portaudit to stop bothering me about 
>> [a single] particular vulnerability, though.
>>
>> Can I ask it to exclude a vulnerability, or (ever better) a
>> vulnerability/package combination, from reports?
>
> I think this will do it, put it in /etc/make.conf
>
> .if ${.CURDIR:M*/security/p5-Crypt-OpenPGP}
> DISABLE_VULNERABILITIES="YES"
> .endif

Hrm.  That doesn't exclude it from the command line tool, and a quick
check of the periodic/security file tells me that it won't work in the
periodic runs either.

Unfortunately, portaudit only seems to support the 'portaudit_fixed'
system for marking a problem in the core OS fixed, not for individual
versions.

More searching also shows a comment from the author(s) to the effect
that this would be easy to extend to non-core packages, but that has not
been done yet.

Ah, well.  Either a local patch, or I just cope with the problem, I
guess.
    Daniel