Date: Mon, 31 Oct 2005 21:34:35 +1100 From: Daniel Pittman <daniel@rimspace.net> To: "Michael C. Shultz" <ringworm01@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: portaudit reports: how to exclude a specific vulnerability Message-ID: <87k6furn44.fsf@rimspace.net> In-Reply-To: <200510302348.07655.ringworm01@gmail.com> (Michael C. Shultz's message of "Sun, 30 Oct 2005 23:48:06 -0800") References: <87oe56rxpi.fsf@rimspace.net> <200510302348.07655.ringworm01@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Michael C. Shultz" <ringworm01@gmail.com> writes:
> On Sunday 30 October 2005 22:45, you wrote:
G'day.
[...]
>> I can't work out how to tell portaudit to stop bothering me about
>> [a single] particular vulnerability, though.
>>
>> Can I ask it to exclude a vulnerability, or (ever better) a
>> vulnerability/package combination, from reports?
>
> I think this will do it, put it in /etc/make.conf
>
> .if ${.CURDIR:M*/security/p5-Crypt-OpenPGP}
> DISABLE_VULNERABILITIES="YES"
> .endif
Hrm. That doesn't exclude it from the command line tool, and a quick
check of the periodic/security file tells me that it won't work in the
periodic runs either.
Unfortunately, portaudit only seems to support the 'portaudit_fixed'
system for marking a problem in the core OS fixed, not for individual
versions.
More searching also shows a comment from the author(s) to the effect
that this would be easy to extend to non-core packages, but that has not
been done yet.
Ah, well. Either a local patch, or I just cope with the problem, I
guess.
Daniel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87k6furn44.fsf>