summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorwiz <wiz@pkgsrc.org>2005-11-16 22:57:43 +0000
committerwiz <wiz@pkgsrc.org>2005-11-16 22:57:43 +0000
commit4ac4b1232e7a6cbaa64768a71a50a7e841486d46 (patch)
tree3b8578b088d60fc63bcbcfe71dcb257f1503ca28 /security
parentb73bd2c8417d98536a17b7a9c76399e0e9e3ccee (diff)
downloadpkgsrc-4ac4b1232e7a6cbaa64768a71a50a7e841486d46.tar.gz
regen.
Diffstat (limited to 'security')
-rw-r--r--security/audit-packages/files/audit-packages.0112
1 files changed, 67 insertions, 45 deletions
diff --git a/security/audit-packages/files/audit-packages.0 b/security/audit-packages/files/audit-packages.0
index 52f5e0de014..36ff25fbd00 100644
--- a/security/audit-packages/files/audit-packages.0
+++ b/security/audit-packages/files/audit-packages.0
@@ -5,7 +5,7 @@ NNAAMMEE
installed packages
SSYYNNOOPPSSIISS
- aauuddiitt--ppaacckkaaggeess [--ddvv]
+ aauuddiitt--ppaacckkaaggeess [--ddvv] [--ii _i_g_n_o_r_e_-_l_i_s_t] [--KK _p_k_g___d_b_d_i_r] [--pp _p_a_c_k_a_g_e]
ddoowwnnllooaadd--vvuullnneerraabbiilliittyy--lliisstt
DDEESSCCRRIIPPTTIIOONN
@@ -13,59 +13,83 @@ DDEESSCCRRIIPPTTIIOONN
_p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file and reports any known security issues to stan-
dard output. This output contains the name and version of the package,
the type of vulnerability, and an URL for further information for each
- vulnerable package. If the --vv option is specified, aauuddiitt--ppaacckkaaggeess will
- warn when the vulnerabilities file is more than a week old. The --dd
- option will attempt to download this vulnerabilities file before scanning
- the installed packages for vulnerabilities.
+ vulnerable package.
+
+ The following flags are supported:
+
+ --dd aauuddiitt--ppaacckkaaggeess will attempt to download the vulnerabilities
+ file before scanning the installed packages for vulnerabil-
+ ities.
+
+ --ii [vvuullnniidd::_v_u_l_n_i_d|ppkkggppaatt::_p_a_t_t_e_r_n]
+ Specify a list of vulnerabilities or packages to ignore.
+ Packages can be specified using package wildcards (see
+ pkg_info(1)). Vulnerabilities can be specified with the
+ form vvuullnniidd::_v_u_l_n_i_d. Vulnerability ids are only present in
+ file format 1.0.1 or higher.
+
+ --KK _p_k_g___d_b_d_i_r Use package database directory _p_k_g___d_b_d_i_r.
+
+ --pp _p_a_c_k_a_g_e Check only the package _p_a_c_k_a_g_e for vulnerabilities.
+
+ --vv Set verbose mode. aauuddiitt--ppaacckkaaggeess will warn when the vul-
+ nerabilities file is more than a week old.
The ddoowwnnllooaadd--vvuullnneerraabbiilliittyy--lliisstt program downloads this file from
_f_t_p_:_/_/_f_t_p_._N_e_t_B_S_D_._o_r_g_/_p_u_b_/_N_e_t_B_S_D_/_p_a_c_k_a_g_e_s_/_d_i_s_t_f_i_l_e_s_/_p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s
using @FETCH_CMD_SHORT@(1). This vulnerabilities file documents all
known security issues in pkgsrc packages and is kept up-to-date by the
- NetBSD packages team.
+ NetBSD pkgsrc-security team.
Each line lists the package and vulnerable versions, the type of exploit,
- and an Internet address for further information. The type of exploit can
- be any text, although some common types of exploits listed are:
- ++oo cross-site-html
- ++oo cross-site-scripting
- ++oo denial-of-service
- ++oo file-permissions
- ++oo local-access
- ++oo local-code-execution
- ++oo local-file-read
- ++oo local-file-removal
- ++oo local-file-write
- ++oo local-root-file-view
- ++oo local-root-shell
- ++oo local-symlink-race
- ++oo local-user-file-view
- ++oo local-user-shell
- ++oo privacy-leak
- ++oo remote-code-execution
- ++oo remote-command-inject
- ++oo remote-file-creation
- ++oo remote-file-read
- ++oo remote-file-view
- ++oo remote-file-write
- ++oo remote-key-theft
- ++oo remote-root-access
- ++oo remote-root-shell
- ++oo remote-script-inject
- ++oo remote-server-admin
- ++oo remote-use-of-secret
- ++oo remote-user-access
- ++oo remote-user-file-view
- ++oo remote-user-shell
- ++oo unknown
- ++oo weak-authentication
- ++oo weak-encryption
- ++oo weak-ssl-authentication
+ and an Internet address for further information:
+
+ <package pattern> <vulnid>,<type> <url>
+
+ The type of exploit can be any text, although some common types of
+ exploits listed are:
+ ·· cross-site-html
+ ·· cross-site-scripting
+ ·· denial-of-service
+ ·· file-permissions
+ ·· local-access
+ ·· local-code-execution
+ ·· local-file-read
+ ·· local-file-removal
+ ·· local-file-write
+ ·· local-root-file-view
+ ·· local-root-shell
+ ·· local-symlink-race
+ ·· local-user-file-view
+ ·· local-user-shell
+ ·· privacy-leak
+ ·· remote-code-execution
+ ·· remote-command-inject
+ ·· remote-file-creation
+ ·· remote-file-read
+ ·· remote-file-view
+ ·· remote-file-write
+ ·· remote-key-theft
+ ·· remote-root-access
+ ·· remote-root-shell
+ ·· remote-script-inject
+ ·· remote-server-admin
+ ·· remote-use-of-secret
+ ·· remote-user-access
+ ·· remote-user-file-view
+ ·· remote-user-shell
+ ·· unknown
+ ·· weak-authentication
+ ·· weak-encryption
+ ·· weak-ssl-authentication
By default, the vulnerabilities file is stored in the @PKGVULNDIR@ direc-
tory. This can be changed by defining the environment variable
PKGVULNDIR to the directory containing the vulnerabilities file.
+EEXXIITT SSTTAATTUUSS
+ The aauuddiitt--ppaacckkaaggeess utility exits 0 on success, and >0 if an error occurs.
+
EENNVVIIRROONNMMEENNTT
These variables can also be defined in the @PKG_SYSCONFDIR@/audit-pack-
ages.conf file.
@@ -91,8 +115,6 @@ EEXXAAMMPPLLEESS
export FETCH_ARGS="-4"
DDIIAAGGNNOOSSTTIICCSS
- The aauuddiitt--ppaacckkaaggeess utility exits 0 on success, and >0 if an error occurs.
-
The following errors can occur:
Checksum mismatch
@@ -135,4 +157,4 @@ HHIISSTTOORRYY
September 19, 2000. The original idea came from Roland Dowdeswell and
Bill Sommerfeld.
-NetBSD 3.0 June 9, 2005 NetBSD 3.0
+NetBSD 3.0 November 16, 2005 NetBSD 3.0
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-22 01:03:45 +0000