From owner-cvs-all@FreeBSD.ORG Sun Mar 11 21:30:50 2012 Return-Path: Delivered-To: cvs-all@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0FEC8106566B; Sun, 11 Mar 2012 21:30:50 +0000 (UTC) (envelope-from simon@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id F099F8FC08; Sun, 11 Mar 2012 21:30:49 +0000 (UTC) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.4/8.14.4) with ESMTP id q2BLUn8E074334; Sun, 11 Mar 2012 21:30:49 GMT (envelope-from simon@repoman.freebsd.org) Received: (from simon@localhost) by repoman.freebsd.org (8.14.4/8.14.4/Submit) id q2BLUn1c074333; Sun, 11 Mar 2012 21:30:49 GMT (envelope-from simon) Message-Id: <201203112130.q2BLUn1c074333@repoman.freebsd.org> From: "Simon L. Nielsen" Date: Sun, 11 Mar 2012 21:30:49 +0000 (UTC) To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org X-FreeBSD-CVS-Branch: HEAD Cc: Subject: cvs commit: ports/Mk bsd.port.mk X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: **OBSOLETE** CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Mar 2012 21:30:50 -0000 simon 2012-03-11 21:30:49 UTC FreeBSD ports repository Modified files: Mk bsd.port.mk Log: Make bsd.port.mk not parse port audit's auditfile directly to check for vulnerabilities, but call portaudit instead. This fixes a remote command execution vulnerability for users who have portaudit installed. While changing the code anyway, remove the annoying and very verbose "Vulnerability check disabled, database not found" warning. Security: Remote code execution Security: http://vuxml.FreeBSD.org/6d329b64-6bbb-11e1-9166-001e4f0fb9b1.html Approved by: portmgr Feature safe: yes (or at least approved) With hat: so Revision Changes Path 1.707 +6 -15 ports/Mk/bsd.port.mk