head	1.6;
access;
symbols
	RELEASE_4_EOL:1.5
	RELEASE_6_2_0:1.5
	RELEASE_6_1_0:1.5
	RELEASE_5_5_0:1.5
	RELEASE_6_0_0:1.5
	RELEASE_5_4_0:1.5
	RELEASE_4_11_0:1.5
	RELEASE_5_3_0:1.5
	RELEASE_4_10_0:1.5;
locks; strict;
comment	@# @;


1.6
date	2007.02.05.01.08.33;	author pav;	state dead;
branches;
next	1.5;

1.5
date	2004.03.11.11.11.59;	author eik;	state Exp;
branches;
next	1.4;

1.4
date	2004.02.25.14.12.03;	author eik;	state Exp;
branches;
next	1.3;

1.3
date	2004.02.25.12.47.13;	author eik;	state Exp;
branches;
next	1.2;

1.2
date	2004.02.21.21.19.41;	author eik;	state Exp;
branches;
next	1.1;

1.1
date	2004.01.27.19.24.52;	author eik;	state Exp;
branches;
next	;


desc
@@


1.6
log
@Populate a new ports-mgmt category. List of moved ports:

  devel/portcheckout -> ports-mgmt/portcheckout
  devel/portlint -> ports-mgmt/portlint
  devel/portmk -> ports-mgmt/portmk
  devel/porttools -> ports-mgmt/porttools
  misc/instant-tinderbox -> ports-mgmt/instant-tinderbox
  misc/porteasy -> ports-mgmt/porteasy
  misc/portell -> ports-mgmt/portell
  misc/portless -> ports-mgmt/portless
  misc/tinderbox -> ports-mgmt/tinderbox
  security/jailaudit -> ports-mgmt/jailaudit
  security/portaudit -> ports-mgmt/portaudit
  security/portaudit-db -> ports-mgmt/portaudit-db
  security/vulnerability-test-port -> ports-mgmt/vulnerability-test-port
  sysutils/barry -> ports-mgmt/barry
  sysutils/bpm -> ports-mgmt/bpm
  sysutils/kports -> ports-mgmt/kports
  sysutils/managepkg -> ports-mgmt/managepkg
  sysutils/newportsversioncheck -> ports-mgmt/newportsversioncheck
  sysutils/pib -> ports-mgmt/pib
  sysutils/pkgfe -> ports-mgmt/pkgfe
  sysutils/pkg-orphan -> ports-mgmt/pkg-orphan
  sysutils/pkg_cutleaves -> ports-mgmt/pkg_cutleaves
  sysutils/pkg_install -> ports-mgmt/pkg_install
  sysutils/pkg_install-devel -> ports-mgmt/pkg_install-devel
  sysutils/pkg_remove -> ports-mgmt/pkg_remove
  sysutils/pkg_rmleaves -> ports-mgmt/pkg_rmleaves
  sysutils/pkg_trackinst -> ports-mgmt/pkg_trackinst
  sysutils/pkg_tree -> ports-mgmt/pkg_tree
  sysutils/portbrowser -> ports-mgmt/portbrowser
  sysutils/portconf -> ports-mgmt/portconf
  sysutils/portdowngrade -> ports-mgmt/portdowngrade
  sysutils/portcheck -> ports-mgmt/portcheck
  sysutils/portmanager -> ports-mgmt/portmanager
  sysutils/portmaster -> ports-mgmt/portmaster
  sysutils/portscout -> ports-mgmt/portscout
  sysutils/portsearch -> ports-mgmt/portsearch
  sysutils/portsman -> ports-mgmt/portsman
  sysutils/portsnap -> ports-mgmt/portsnap
  sysutils/portsopt -> ports-mgmt/portsopt
  sysutils/portupgrade -> ports-mgmt/portupgrade
  sysutils/portupgrade-devel -> ports-mgmt/portupgrade-devel
  sysutils/port-authoring-tools -> ports-mgmt/port-authoring-tools
  sysutils/port-maintenance-tools -> ports-mgmt/port-maintenance-tools
  sysutils/psearch -> ports-mgmt/psearch
  sysutils/p5-FreeBSD-Portindex -> ports-mgmt/p5-FreeBSD-Portindex
  sysutils/qtpkg -> ports-mgmt/qtpkg
  textproc/p5-FreeBSD-Ports -> ports-mgmt/p5-FreeBSD-Ports

Repocopies by:	marcus
@
text
@portaudit provides a system to check if installed ports are listed in a 
database of published security vulnerabilities.

After installation it will update this security database automatically and 
include its reports in the output of the daily security run.

If you have found a vulnerability not listed in the database, please contact 
the FreeBSD Security Officer <security-officer@@FreeBSD.org>. Refer to

  http://www.freebsd.org/security/#sec

for more information.

WWW: http://people.freebsd.org/~eik/portaudit/

Oliver Eikemeier <eik@@FreeBSD.org>
@


1.5
log
@Update to 0.3.
Since we are using the official VuXML database
the auditing should be pretty complete.

- mention web page
- add more mirrors, disabling .ru mirror (too much lag)
- allow combined options in portaudit shell script
- add sample configuration file
- use absolute paths for binaries, to ease use in crontab scripts [1]
- correct type in man page [2]

PR:		64005 [2]
Submitted by:	Tomasz Pilat <poncki@@axelspringer.com.pl> [1]
		Nathan Dove <njdove@@wafer.sandia.gov> [2]
@
text
@@


1.4
log
@grammar

Submitted by:	will, nectar
@
text
@a6 3
Since this system is in development it can currently not be relied upon as an 
extensive security auditing tool.

d14 1
a14 1
WWW: http://sourceforge.net/projects/portaudit/
@


1.3
log
@add a security contact
@
text
@d10 2
a11 2
If you found a vulnerability not listed in the database, please contact the
FreeBSD Security Officer <security-officer@@FreeBSD.org>, refer to
@


1.2
log
@update to 0.2:
- new command line tool
- new man page
- reworked database update code, incorporating feedback from
  Max Khon <fjoe>, Radim Kolar <hsn@@netmag.cz> (PR 63066) and
  Ion-Mihai Tetcu <itetcu@@apropo.ro> (PR 62655)
@
text
@d10 7
@


1.1
log
@portaudit provides a list of published security vulnerabilities
of FreeBSD ports and tools to check if installed ports are listed.

Since this is a prerelease version, it is mostly usable for
committers that want to contribute to the project, and can currently
not be relied upon as an extensive security auditing tool.
@
text
@d1 2
a2 2
portaudit provides a list of published security vulnerabilities
of FreeBSD ports and tools to check if installed ports are listed.
d4 2
a5 2
After installation it will update the security database automatically
and include its reports in the output of the daily security run.
d7 2
a8 7
Since this is a prerelease version, it is mostly usable for
committers that want to contribute to the project, and can currently
not be relied upon as an extensive security auditing tool.

Credits go to Roland Dowdeswell <elric@@NetBSD.org> and Bill
Sommerfeld <sommerfeld@@NetBSD.org> for the idea and Alistair
Crooks <agc@@NetBSD.org>  for the initial implementation.
@

