Date: Tue, 24 Apr 2001 12:00:52 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Sean Chittenden <sean@chittenden.org> Cc: Calvin NG <calvinng@brel.com>, Sean Chittenden <sean-freebsd-stable@chittenden.org>, Jeff Kletsky <Jeff+freebsd@wagsky.com>, freebsd-stable@FreeBSD.ORG, bmah@FreeBSD.ORG Subject: pkg_version perl hacker project Message-ID: <20010424120052.H89156@xor.obsecurity.org> In-Reply-To: <20010424014833.B19530@rand.tgd.net>; from sean@chittenden.org on Tue, Apr 24, 2001 at 01:48:33AM -0700 References: <Pine.BSF.4.21.0104230806060.27435-100000@wildside.wagsky.com> <20010423231827.A19530@rand.tgd.net> <20010424142340.E5216@brel.com> <20010424014833.B19530@rand.tgd.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--JI+G0+mN8WmwPnOn Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Tue, Apr 24, 2001 at 01:48:33AM -0700, Sean Chittenden wrote: > Man I'm glad I only sunk in a few minutes worth of work. > Thanks! I was looking for something with the word ports in it, but it > didn't dawn on me to look for something with pkg. At anyrate, thanks > again. -sc At least it was a learning experience, right? :-) If you're still in pkg_* perl script hacking mode, we could use a utility which does the following: Parses a set of ports security advisories, extracts a list of vulnerable package versions described in some form (regex/glob expression/etc) and checks for any vulnerable packages installed. We'd need to agree on a standard form to use in the advisories to aid in parsing. This could be done as an extension to pkg_version, since much of the code you will need to manage versions is already there, and it's a logical extension of that program's function. NetBSD have a port called audit-packages which does something similar, but not quite the same as the above (last I checked) -- it might still be useful as a starting point. Interested? Kris --JI+G0+mN8WmwPnOn Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE65c1jWry0BWjoQKURApDAAJ42zS0sAE7uNYe8slwQ3bFEJmxiQwCggGbk TYIWehqp2cNxp1tLyUQ2ohY= =7RGx -----END PGP SIGNATURE----- --JI+G0+mN8WmwPnOn-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010424120052.H89156>