ports/126853: ports-mgmt/portaudit: speed up audit of installed packages

Sun Sep 28 12:14:28 UTC 2008

Miroslav, good day.

Sun, Sep 28, 2008 at 01:15:01PM +0200, Miroslav Lachman wrote:
> Is there any possibility to cooperate portaudit / pkg_audit with 
> pkg_version to show vulnerable package with information if newer (not 
> vulnerable) package (or port) version is available for upgrade to?
> 
> If I read nightly security e-mail with for example 4 vulnerable 
> packages, then I need to log in to server and manualy try, if newer 
> (fixed) packages are available. It seems not so hard to check output of 
> `pkg_version -vIL =` and compare both versions (installed and available) 
> with portaudit in some shellscript, I didn't start to write it yet ;).

I think it won't be very hard: I'll try to see how to extend portaudit
with such functionality -- it would be very handy, in my opinion.

Hadn't you have a chance to test my patch?

Thanks!
-- 
Eygene
 _                ___       _.--.   #
 \`.|\..----...-'`   `-._.-'_.-'`   #  Remember that it is hard
 /  ' `         ,       __.--'      #  to read the on-line manual   
 )/' _/     \   `-_,   /            #  while single-stepping the kernel.
 `-'" `"\_  ,_.-;_.-\_ ',  fsc/as   #
     _.-'_./   {_.'   ; /           #    -- FreeBSD Developers handbook 
    {_.-``-'         {_/            #
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20080928/0f23306a/attachment.pgp