Vulnerability check disabled
Hello, Hope I'm not missing something obvious, but since today morning, I've been getting wierd warnings when running make in the ports: [madras!/usr/ports/www/apache13]# make fetch-recursive === Fetching all distfiles for apache-1.3.29_1 and dependencies === Vulnerability check disabled === Vulnerability check disabled === Vulnerability check disabled === Vulnerability check disabled [madras!/usr/ports/www/apache13]# cd ../mod_php4 [madras!/usr/ports/www/mod_php4]# make fetch === Vulnerability check disabled [madras!/usr/ports/www/mod_php4]# Happened in www/zope as well. Thanks Gautam ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Vulnerability check disabled
On Wed, Feb 04, 2004 at 07:31:27PM +1100, Gautam Gopalakrishnan wrote: Hello, Hope I'm not missing something obvious, but since today morning, I've been getting wierd warnings when running make in the ports: Ports questions should be asked on ports@ Kris pgp0.pgp Description: PGP signature
Re: Vulnerability check disabled
On Wed, 4 Feb 2004 19:31:27 +1100 Gautam Gopalakrishnan [EMAIL PROTECTED] wrote: Hello, Hope I'm not missing something obvious, but since today morning, I've been getting wierd warnings when running make in the ports: [madras!/usr/ports/www/apache13]# make fetch-recursive === Fetching all distfiles for apache-1.3.29_1 and dependencies === Vulnerability check disabled === Vulnerability check disabled === Vulnerability check disabled === Vulnerability check disabled [madras!/usr/ports/www/apache13]# cd ../mod_php4 [madras!/usr/ports/www/mod_php4]# make fetch === Vulnerability check disabled [madras!/usr/ports/www/mod_php4]# Happened in www/zope as well. What about reading /usr/ports/CHANGES ? and From: Joe Marcus Clarke [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: HEADS UP: MAJOR changes to the ports system thread on ports ? -- IOnut Unregistered ;) FreeBSD user ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Vulnerability check disabled
On Wed, 2004-02-04 at 13:17, Ion-Mihai Tetcu wrote: On Wed, 4 Feb 2004 19:31:27 +1100 Gautam Gopalakrishnan [EMAIL PROTECTED] wrote: Hello, Hope I'm not missing something obvious, but since today morning, I've been getting wierd warnings when running make in the ports: [madras!/usr/ports/www/apache13]# make fetch-recursive === Fetching all distfiles for apache-1.3.29_1 and dependencies === Vulnerability check disabled === Vulnerability check disabled === Vulnerability check disabled === Vulnerability check disabled [madras!/usr/ports/www/apache13]# cd ../mod_php4 [madras!/usr/ports/www/mod_php4]# make fetch === Vulnerability check disabled [madras!/usr/ports/www/mod_php4]# Happened in www/zope as well. What about reading /usr/ports/CHANGES ? Yep, that will talk about it. and From: Joe Marcus Clarke [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: HEADS UP: MAJOR changes to the ports system thread on ports ? This thread doesn't cover the vulnerability change. Basically, we now have the ability to keep a dynamic database of ports vulnerabilities which the ports system can check. If you do not have the database installed, you'll get the benign Vulnerability check disabled message. Joe -- PGP Key : http://www.marcuscom.com/pgp.asc signature.asc Description: This is a digitally signed message part
Re: Vulnerability check disabled
On Wed, Feb 04, 2004 at 01:25:44PM -0500, Joe Marcus Clarke wrote: On Wed, 2004-02-04 at 13:17, Ion-Mihai Tetcu wrote: On Wed, 4 Feb 2004 19:31:27 +1100 Gautam Gopalakrishnan [EMAIL PROTECTED] wrote: Hello, Hope I'm not missing something obvious, but since today morning, I've been getting wierd warnings when running make in the ports: [madras!/usr/ports/www/apache13]# make fetch-recursive === Fetching all distfiles for apache-1.3.29_1 and dependencies === Vulnerability check disabled === Vulnerability check disabled === Vulnerability check disabled === Vulnerability check disabled [madras!/usr/ports/www/apache13]# cd ../mod_php4 [madras!/usr/ports/www/mod_php4]# make fetch === Vulnerability check disabled [madras!/usr/ports/www/mod_php4]# Happened in www/zope as well. What about reading /usr/ports/CHANGES ? Yep, that will talk about it. and From: Joe Marcus Clarke [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: HEADS UP: MAJOR changes to the ports system thread on ports ? This thread doesn't cover the vulnerability change. Basically, we now have the ability to keep a dynamic database of ports vulnerabilities which the ports system can check. If you do not have the database installed, you'll get the benign Vulnerability check disabled message. True, but would it be possible to just have the warning emitted once, say just before the build target? Ceri -- pgp0.pgp Description: PGP signature
Re: Vulnerability check disabled
On Wed, 04 Feb 2004 13:25:44 -0500 Joe Marcus Clarke [EMAIL PROTECTED] wrote: On Wed, 2004-02-04 at 13:17, Ion-Mihai Tetcu wrote: On Wed, 4 Feb 2004 19:31:27 +1100 Gautam Gopalakrishnan [EMAIL PROTECTED] wrote: Hello, Hope I'm not missing something obvious, but since today morning, I've been getting wierd warnings when running make in the ports: [madras!/usr/ports/www/apache13]# make fetch-recursive === Fetching all distfiles for apache-1.3.29_1 and dependencies === Vulnerability check disabled === Vulnerability check disabled === Vulnerability check disabled === Vulnerability check disabled [madras!/usr/ports/www/apache13]# cd ../mod_php4 [madras!/usr/ports/www/mod_php4]# make fetch === Vulnerability check disabled [madras!/usr/ports/www/mod_php4]# Happened in www/zope as well. What about reading /usr/ports/CHANGES ? Yep, that will talk about it. I hope did get a sleep since freezing the ports ;) ? From: Joe Marcus Clarke [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: HEADS UP: MAJOR changes to the ports system thread on ports ? This thread doesn't cover the vulnerability change. Basically, we now have the ability to keep a dynamic database of ports vulnerabilities which the ports system can check. If you do not have the database installed, you'll get the benign Vulnerability check disabled message. Type: FEATURE Title: Do not install ports with security vulnerabilities Affects: bsd.port.mk Description: A new vulnerabilities database has been added to the ports system in order to keep more accurate, up-to-date, track of security vulnerabilities. The ports system now knows how to query that database and dynamically prevents the installation of vulnerable ports. PR: http://www.freebsd.org/cgi/query-pr.cgi?pr=62039 Submitted by: eik Now, maybe this could be clarified a little bit in CHANGES ? Like: __ For using the new security feature of ports infrastructure, you should: cd /usr/ports/security/portaudit; make install /usr/local/etc/periodic/daily/330.fetchaudit To test: cd /usr/ports/security/vulnerability-test-port make INSTALLATION_DATE=`date -u -v-14d +%Y.%m.%d` install A message like this should appear: === vulnerability-test-port-2004.01.14 has known vulnerabilities: Not vulnerable, just a test port (database: 2004-01-28). Reference: http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/vulnerability-test-port/ Please update your ports tree and try again. *** Error code 1 If you don't install this port, for the majority of make's targtets you will get the following message: === Vulnerability check disabled __ IMHO, as this is a log desired feature, a news on annouce@ / security / security-notifications could be send. Now, what is the status of the vulnerabilities database ? -- IOnut Unregistered ;) FreeBSD user ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Vulnerability check disabled
On Wed, 4 Feb 2004 21:26:01 +0200 Ion-Mihai Tetcu [EMAIL PROTECTED] wrote: [..] Type: FEATURE Title: Do not install ports with security vulnerabilities [..] Now, maybe this could be clarified a little bit in CHANGES ? Like: __ For using the new security feature of ports infrastructure, you should: cd /usr/ports/security/portaudit; make install Note that this is a prerelease version, it is mostly usable for committers that want to contribute to the project, and can currently not be relied upon as an extensive security auditing tool. /usr/local/etc/periodic/daily/330.fetchaudit To test: cd /usr/ports/security/vulnerability-test-port make INSTALLATION_DATE=`date -u -v-14d +%Y.%m.%d` install A message like this should appear: === vulnerability-test-port-2004.01.14 has known vulnerabilities: Not vulnerable, just a test port (database: 2004-01-28). Reference: http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/vulnerability-test-port/ Please update your ports tree and try again. *** Error code 1 If you don't install this port, for the majority of make's targtets you will get the following message: === Vulnerability check disabled __ IMHO, as this is a log desired feature, a news on annouce@ / security / security-notifications could be send. Now, what is the status of the vulnerabilities database ? Did I just responded to my question ? -- IOnut Unregistered ;) FreeBSD user ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Vulnerability check disabled
On Wed, 4 Feb 2004 19:12:57 + Ceri Davies [EMAIL PROTECTED] wrote: On Wed, Feb 04, 2004 at 01:25:44PM -0500, Joe Marcus Clarke wrote: On Wed, 2004-02-04 at 13:17, Ion-Mihai Tetcu wrote: On Wed, 4 Feb 2004 19:31:27 +1100 Gautam Gopalakrishnan [EMAIL PROTECTED] wrote: Hello, Hope I'm not missing something obvious, but since today morning, I've been getting wierd warnings when running make in the ports: [madras!/usr/ports/www/apache13]# make fetch-recursive === Fetching all distfiles for apache-1.3.29_1 and dependencies === Vulnerability check disabled [..] This thread doesn't cover the vulnerability change. Basically, we now have the ability to keep a dynamic database of ports vulnerabilities which the ports system can check. If you do not have the database installed, you'll get the benign Vulnerability check disabled message. True, but would it be possible to just have the warning emitted once, say just before the build target? Yes, please don't break fetching with this. Fetch should mean fetch. Stop building if necessary, but let fetch go. -- IOnut Unregistered ;) FreeBSD user ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
