From owner-freebsd-security@FreeBSD.ORG Wed Oct 29 20:45:05 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 989F230C for ; Wed, 29 Oct 2014 20:45:05 +0000 (UTC) Received: from mail-wi0-f179.google.com (mail-wi0-f179.google.com [209.85.212.179]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 30C332EF for ; Wed, 29 Oct 2014 20:45:04 +0000 (UTC) Received: by mail-wi0-f179.google.com with SMTP id h11so5691394wiw.6 for ; Wed, 29 Oct 2014 13:45:02 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:subject:message-id:mail-followup-to :mime-version:content-type:content-disposition:user-agent; bh=iuIojOcLcorXB2slwCuXxlms7WyDKdI3PpXi/HXjAPo=; b=Mw4WGZXLY0FChb7fxCKHHvJw/2PQQRbmOCeqPzIwHmebRd+CngLutT9Vizjd2/fCQv DlR+YvDC/pb0NiYwYs/aAsH5rnAWz56OiMg1qFyKRlDvkr1+Sw2GFuio1ZX1Lsg3sN5t IHhnFI4CTRWehzfew8YVDE129tSlazUPl8p4Qj0DZ5drWrU97M1z0Dtwx6AH1t4CrVkB tdx/a5emXEBHzdoTPjDD6EXasMBkqjObbvX2EKzbIkFP7OaJt9gUOiM2YBQhXZ+e+rX3 kiCHaAUwhTRoAiZMGAXT6tP6/lL2VjeLLFQeNRAHnmO6zsDMRS5nCUXOFthJKz1wdxdx /Bow== X-Gm-Message-State: ALoCoQl5qRrcpmtdwig7Xn8aZOSoi0HzumbtYXR1DhUXOwvcxtKgTyIY3JivNfbmPzkytwqyaSeg X-Received: by 10.180.103.233 with SMTP id fz9mr37763083wib.80.1414615502784; Wed, 29 Oct 2014 13:45:02 -0700 (PDT) Received: from localhost (itcom245.staff.itd.umich.edu. [141.213.135.249]) by mx.google.com with ESMTPSA id mc4sm6730308wic.6.2014.10.29.13.45.01 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 29 Oct 2014 13:45:02 -0700 (PDT) Date: Wed, 29 Oct 2014 16:42:03 -0400 From: William Bulley To: freebsd-security@freebsd.org Subject: broken portaudit !! Message-ID: <20141029204203.GA1265@itcom245.staff.itd.umich.edu> Mail-Followup-To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Oct 2014 20:45:05 -0000 Thinking that I might wish to upgrade my 9.2-STABLE system (to 9.3-STABLE), I decided to run "# /usr/local/sbin/portaudit -Fda" only to find that someone at FreeBSD.org has borked the system: unix# /usr/local/sbin/portaudit -Fda fetch: http://portaudit.FreeBSD.org/auditfile.tbz: Not Found Couldn't fetch database. Old database restored. portaudit: Download failed. I think some folks have moved on (to the new system) without having given any thought to those folks (like me!) who are just a tad bit behind the herd... :-( See the security risks here: http://vuxml.freebsd.org/freebsd/ [[Note: portaudit.FreeBSD.org resolves to vuxml.freebsd.org/freebsd/]] unix% dig -t A portaudit.FreeBSD.org ; <<>> DiG 9.9.3-P2 <<>> -t A portaudit.FreeBSD.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60842 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;portaudit.FreeBSD.org. IN A ;; ANSWER SECTION: portaudit.freebsd.org. 3600 IN CNAME wfe0.ysv.freebsd.org. wfe0.ysv.FreeBSD.org. 2737 IN A 8.8.178.110 ;; Query time: 51 msec ;; SERVER: 68.94.156.1#53(68.94.156.1) ;; WHEN: Wed Oct 29 16:43:38 EDT 2014 ;; MSG SIZE rcvd: 116 unix% dig -t A vuxml.freebsd.org ; <<>> DiG 9.9.3-P2 <<>> -t A vuxml.freebsd.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41971 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;vuxml.freebsd.org. IN A ;; ANSWER SECTION: vuxml.freebsd.org. 3600 IN CNAME wfe0.ysv.freebsd.org. wfe0.ysv.freebsd.org. 3600 IN A 8.8.178.110 ;; Query time: 90 msec ;; SERVER: 68.94.156.1#53(68.94.156.1) ;; WHEN: Wed Oct 29 16:43:50 EDT 2014 ;; MSG SIZE rcvd: 85 I also note that not only is the database MIA, but there is at least one bad link at the bottom of: http://vuxml.freebsd.org/ and that (borked) link would be: http://svnweb.freebsd.org/ports/head/ports-mgmt/portaudit :-( Regards, web... -- /"\ ASCII RIBBON / William Bulley \ / CAMPAIGN AGAINST / X HTML E-MAIL AND / E-MAIL: web@umich.edu / \ LISTSERV POSTINGS / 72 characters width template ----------------------------------------->|