From owner-svn-doc-head@freebsd.org Thu Dec 17 01:59:31 2015 Return-Path: Delivered-To: svn-doc-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CC62BA494CA; Thu, 17 Dec 2015 01:59:31 +0000 (UTC) (envelope-from wblock@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8BEA71CAB; Thu, 17 Dec 2015 01:59:31 +0000 (UTC) (envelope-from wblock@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id tBH1xUBh061734; Thu, 17 Dec 2015 01:59:30 GMT (envelope-from wblock@FreeBSD.org) Received: (from wblock@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id tBH1xUdj061733; Thu, 17 Dec 2015 01:59:30 GMT (envelope-from wblock@FreeBSD.org) Message-Id: <201512170159.tBH1xUdj061733@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: wblock set sender to wblock@FreeBSD.org using -f From: Warren Block Date: Thu, 17 Dec 2015 01:59:30 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r47880 - head/en_US.ISO8859-1/books/porters-handbook/security X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Dec 2015 01:59:31 -0000 Author: wblock Date: Thu Dec 17 01:59:30 2015 New Revision: 47880 URL: https://svnweb.freebsd.org/changeset/doc/47880 Log: Whitespace-only fixes, translators please ignore. Modified: head/en_US.ISO8859-1/books/porters-handbook/security/chapter.xml Modified: head/en_US.ISO8859-1/books/porters-handbook/security/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/porters-handbook/security/chapter.xml Thu Dec 17 01:56:34 2015 (r47879) +++ head/en_US.ISO8859-1/books/porters-handbook/security/chapter.xml Thu Dec 17 01:59:30 2015 (r47880) @@ -97,12 +97,13 @@ the community of port users about the jeopardy. Such notification serves two purposes. First, if the danger is really severe it will be wise to apply an instant workaround. - For example, stop the affected network service or even deinstall the - port completely until the vulnerability is closed. Second, a - lot of users tend to upgrade installed packages only - occasionally. They will know from the notification that they - must update the package without delay as - soon as a corrected version is available. + For example, stop the affected network service or even + deinstall the port completely until the vulnerability is + closed. Second, a lot of users tend to upgrade installed + packages only occasionally. They will know from the + notification that they must update the + package without delay as soon as a corrected version is + available. Given the huge number of ports in the tree, a security advisory cannot be issued on each incident without creating a @@ -115,12 +116,14 @@ intervention. Committers can update the VuXML - database themselves, assisting the Security Officer Team - and delivering crucial information to the community more - quickly. Those who are not committers or have discovered - an exceptionally severe vulnerability should not hesitate - to contact the Security Officer Team directly, as described - on the &os; Security Information page. + database themselves, assisting the Security Officer Team and + delivering crucial information to the community more quickly. + Those who are not committers or have discovered an + exceptionally severe vulnerability should not hesitate to + contact the Security Officer Team directly, as described on + the &os; + Security Information page. The VuXML database is an XML document. Its source file vuln.xml is kept right @@ -204,8 +207,8 @@ </vuln> The tag names are supposed to be self-explanatory so we - shall take a closer look only at fields which needs to be filled - in: + shall take a closer look only at fields which needs to be + filled in: @@ -232,10 +235,10 @@ important build-time configuration options. - It is the submitter's responsibility to find all such related - packages when writing a VuXML entry. Keep in mind that - make search name=foo is helpful. - The primary points to look for are: + It is the submitter's responsibility to find all + such related packages when writing a VuXML entry. Keep + in mind that make search name=foo is + helpful. The primary points to look for are: @@ -267,8 +270,8 @@ <le>, <eq>, <ge>, and - <gt> elements. Check that the version - ranges given do not overlap. + <gt> elements. Check that the + version ranges given do not overlap. In a range specification, * (asterisk) denotes the smallest version number. In @@ -408,12 +411,11 @@ Testing Changes to the VuXML Database - This example describes a new entry for a - vulnerability in the package dropbear that - has been fixed in version dropbear-2013.59. + This example describes a new entry for a vulnerability in + the package dropbear that has been fixed in + version dropbear-2013.59. - As a prerequisite, - install a fresh version of + As a prerequisite, install a fresh version of security/vuxml port. First, check whether there already is an entry for this @@ -434,8 +436,8 @@ &prompt.user; make validate - At least one of these packages needs to be - installed: textproc/libxml2, + At least one of these packages needs to be installed: + textproc/libxml2, textproc/jade. @@ -464,4 +466,3 @@ WWW: http://portaudit.FreeBSD.org/8c9b48 -