Date: Wed, 4 Feb 2004 21:26:01 +0200 From: Ion-Mihai Tetcu <itetcu@apropo.ro> To: Joe Marcus Clarke <marcus@marcuscom.com> Cc: FreeBSD User Questions List <freebsd-questions@freebsd.org> Subject: Re: Vulnerability check disabled Message-ID: <20040204212601.42d6f19f@it.buh.cameradicommercio.ro> In-Reply-To: <1075919144.761.13.camel@gyros> References: <20040204193127.70e3568f.ggop@myrealbox.com> <20040204201702.55f0321f@it.buh.cameradicommercio.ro> <1075919144.761.13.camel@gyros>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 04 Feb 2004 13:25:44 -0500 Joe Marcus Clarke <marcus@marcuscom.com> wrote: > On Wed, 2004-02-04 at 13:17, Ion-Mihai Tetcu wrote: > > On Wed, 4 Feb 2004 19:31:27 +1100 > > Gautam Gopalakrishnan <ggop@myrealbox.com> wrote: > > > > > Hello, > > > > > > Hope I'm not missing something obvious, but since today morning, I've > > > been getting wierd warnings when running make in the ports: > > > > > > [madras!/usr/ports/www/apache13]# make fetch-recursive > > > ===> Fetching all distfiles for apache-1.3.29_1 and dependencies > > > ===> Vulnerability check disabled > > > ===> Vulnerability check disabled > > > ===> Vulnerability check disabled > > > ===> Vulnerability check disabled > > > [madras!/usr/ports/www/apache13]# cd ../mod_php4 > > > [madras!/usr/ports/www/mod_php4]# make fetch > > > ===> Vulnerability check disabled > > > [madras!/usr/ports/www/mod_php4]# > > > > > > Happened in www/zope as well. > > > > What about reading > > /usr/ports/CHANGES ? > > Yep, that will talk about it. I hope did get a sleep since freezing the ports ;) ? > > From: Joe Marcus Clarke <marcus@FreeBSD.org> > > To: ports@FreeBSD.org, questions@FreeBSD.org, current@FreeBSD.org > > Subject: HEADS UP: MAJOR changes to the ports system > > thread on ports ? > > This thread doesn't cover the vulnerability change. Basically, we now > have the ability to keep a dynamic database of ports vulnerabilities > which the ports system can check. If you do not have the database > installed, you'll get the benign Vulnerability check disabled message. >>> Type: FEATURE Title: Do not install ports with security vulnerabilities Affects: bsd.port.mk Description: A new vulnerabilities database has been added to the ports system in order to keep more accurate, up-to-date, track of security vulnerabilities. The ports system now knows how to query that database and dynamically prevents the installation of vulnerable ports. PR: http://www.freebsd.org/cgi/query-pr.cgi?pr=62039 >>> Submitted by: eik Now, maybe this could be clarified a little bit in CHANGES ? Like: __ For using the new security feature of ports infrastructure, you should: cd /usr/ports/security/portaudit; make install /usr/local/etc/periodic/daily/330.fetchaudit To test: cd /usr/ports/security/vulnerability-test-port make INSTALLATION_DATE=`date -u -v-14d "+%Y.%m.%d"` install A message like this should appear: ===> vulnerability-test-port-2004.01.14 has known vulnerabilities: >> Not vulnerable, just a test port (database: 2004-01-28). Reference: <http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/vulnerability-test-port/>; >> Please update your ports tree and try again. *** Error code 1 If you don't install this port, for the majority of make's targtets you will get the following message: ===> Vulnerability check disabled __ IMHO, as this is a log desired feature, a news on annouce@ / security / security-notifications could be send. Now, what is the status of the vulnerabilities database ? -- IOnut Unregistered ;) FreeBSD user
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040204212601.42d6f19f>