summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorjschauma <jschauma>2004-04-09 15:30:57 +0000
committerjschauma <jschauma>2004-04-09 15:30:57 +0000
commita5e59c859f3c92e5d8c95e624ee1f8acb53b2976 (patch)
tree0482edd8446d46996b43842b9a9252dc04086f9d /security
parente4e4b0aaa2f1799baac33e37f2c3e0fd9e9936c8 (diff)
downloadpkgsrc-a5e59c859f3c92e5d8c95e624ee1f8acb53b2976.tar.gz
Add a pre-formatted catman page which is only used (copied into place)
under IRIX. Other OS regen the catman page. This addresses PR pkg/23452. Since just depending on textproc/groff would pull in a large number of packages (such as perl, ghostscript, tiff etc.), and since this is a very important package that should NOT depend on all this gunk, Jeremy C. Reed suggested this solution. Ok agc.
Diffstat (limited to 'security')
-rw-r--r--security/audit-packages/Makefile6
-rw-r--r--security/audit-packages/files/audit-packages.0103
2 files changed, 108 insertions, 1 deletions
diff --git a/security/audit-packages/Makefile b/security/audit-packages/Makefile
index 89f63731461..55cc74eb509 100644
--- a/security/audit-packages/Makefile
+++ b/security/audit-packages/Makefile
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.43 2004/02/09 03:56:34 jlam Exp $
+# $NetBSD: Makefile,v 1.44 2004/04/09 15:30:57 jschauma Exp $
DISTNAME= audit-packages-1.29
CATEGORIES= security pkgtools
@@ -46,7 +46,11 @@ do-build:
-e 's|@PKG_SYSCONFDIR@|${PKG_SYSCONFDIR}|g' \
${FILESDIR}/$$f > ${WRKSRC}/$$f; \
done
+.if ${OPSYS} == "IRIX"
+ ${CP} ${FILESDIR}/audit-packages.0 ${WRKSRC}/audit-packages.0
+.else
${NROFF} ${WRKSRC}/audit-packages.8 >${WRKSRC}/audit-packages.0
+.endif
do-install:
@for f in audit-packages download-vulnerability-list; do \
diff --git a/security/audit-packages/files/audit-packages.0 b/security/audit-packages/files/audit-packages.0
new file mode 100644
index 00000000000..d9fb5a182ff
--- /dev/null
+++ b/security/audit-packages/files/audit-packages.0
@@ -0,0 +1,103 @@
+AUDIT-PACKAGES(8) NetBSD System Manager's Manual AUDIT-PACKAGES(8)
+
+NNAAMMEE
+ aauuddiitt--ppaacckkaaggeess, ddoowwnnllooaadd--vvuullnneerraabbiilliittyy--lliisstt - show vulnerabilities in
+ installed packages
+
+SSYYNNOOPPSSIISS
+ aauuddiitt--ppaacckkaaggeess [--vv]
+ ddoowwnnllooaadd--vvuullnneerraabbiilliittyy--lliisstt
+
+DDEESSCCRRIIPPTTIIOONN
+ The aauuddiitt--ppaacckkaaggeess program compares the installed packages with the
+ _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file and reports any known security issues to stan-
+ dard output. This output contains the name and version of the package,
+ the type of vulnerability, and an URL for further information for each
+ vulnerable package.
+
+ The ddoowwnnllooaadd--vvuullnneerraabbiilliittyy--lliisstt program downloads this file from
+ _f_t_p_:_/_/_f_t_p_._N_e_t_B_S_D_._o_r_g_/_p_u_b_/_N_e_t_B_S_D_/_p_a_c_k_a_g_e_s_/_d_i_s_t_f_i_l_e_s_/_p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s
+ using ftp(1). This vulnerabilities file documents all known security
+ issues in pkgsrc packages and is kept up-to-date by the NetBSD packages
+ team.
+
+ Each line lists the package and vulnerable versions, the type of exploit,
+ and an Internet address for further information. The type of exploit can
+ be any text, although some common types of exploits listed are:
+ ++oo cross-site-html
+ ++oo cross-site-scripting
+ ++oo denial-of-service
+ ++oo file-permissions
+ ++oo local-access
+ ++oo local-code-execution
+ ++oo local-file-read
+ ++oo local-file-removal
+ ++oo local-file-write
+ ++oo local-root-file-view
+ ++oo local-root-shell
+ ++oo local-symlink-race
+ ++oo local-user-file-view
+ ++oo local-user-shell
+ ++oo privacy-leak
+ ++oo remote-code-execution
+ ++oo remote-command-inject
+ ++oo remote-file-creation
+ ++oo remote-file-read
+ ++oo remote-file-view
+ ++oo remote-file-write
+ ++oo remote-key-theft
+ ++oo remote-root-access
+ ++oo remote-root-shell
+ ++oo remote-script-inject
+ ++oo remote-server-admin
+ ++oo remote-use-of-secret
+ ++oo remote-user-access
+ ++oo remote-user-file-view
+ ++oo remote-user-shell
+ ++oo unknown
+ ++oo weak-authentication
+ ++oo weak-encryption
+ ++oo weak-ssl-authentication
+
+ By default, the vulnerabilities file is stored in the
+ _/_u_s_r_/_p_k_g_s_r_c_/_d_i_s_t_f_i_l_e_s directory. This can be changed by defining the
+ environment variable PKGVULNDIR to the directory containing the vulnera-
+ bilities file.
+
+EENNVVIIRROONNMMEENNTT
+ These variables can also be defined in the
+ _/_u_s_r_/_p_k_g_/_e_t_c_/_a_u_d_i_t_-_p_a_c_k_a_g_e_s_._c_o_n_f file.
+
+ PKGVULNDIR Specifies the directory containing the _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s
+ file.
+
+ FETCH_ARGS Specifies optional arguments for the ftp client.
+
+FFIILLEESS
+ _/_u_s_r_/_p_k_g_s_r_c_/_d_i_s_t_f_i_l_e_s_/_p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s
+
+ _/_u_s_r_/_p_k_g_/_e_t_c_/_a_u_d_i_t_-_p_a_c_k_a_g_e_s_._c_o_n_f
+
+EEXXAAMMPPLLEESS
+ The ddoowwnnllooaadd--vvuullnneerraabbiilliittyy--lliisstt command can be run via cron(8) to update
+ the _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file daily. And aauuddiitt--ppaacckkaaggeess can be run via
+ cron(8) (or with NetBSD's _/_e_t_c_/_s_e_c_u_r_i_t_y_._l_o_c_a_l daily security script).
+
+ The ddoowwnnllooaadd--vvuullnneerraabbiilliittyy--lliisstt command can be forced to use IPv4 with
+ the following setting in _/_u_s_r_/_p_k_g_/_e_t_c_/_a_u_d_i_t_-_p_a_c_k_a_g_e_s_._c_o_n_f:
+
+ export FETCH_ARGS="-4"
+
+SSEEEE AALLSSOO
+ pkg_info(1), mk.conf(5), packages(7), _/_u_s_r_/_p_k_g_s_r_c_/_m_k_/_b_s_d_._p_k_g_._d_e_f_a_u_l_t_s_._m_k
+ and
+
+ _D_o_c_u_m_e_n_t_a_t_i_o_n _o_n _t_h_e _N_e_t_B_S_D _P_a_c_k_a_g_e _S_y_s_t_e_m. _/_u_s_r_/_p_k_g_s_r_c_/_P_a_c_k_a_g_e_s_._t_x_t
+
+HHIISSTTOORRYY
+ The aauuddiitt--ppaacckkaaggeess and ddoowwnnllooaadd--vvuullnneerraabbiilliittyy--lliisstt commands were origi-
+ nally implemented and added to NetBSD's pkgsrc by Alistair Crooks on
+ September 19, 2000. The original idea came from Roland Dowdeswell and
+ Bill Sommerfeld.
+
+NetBSD 1.6 January 1, 2004 NetBSD 1.6
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-14 12:37:20 +0000