- use passive ftp by default, don't retry on failure [1]
- add a -C flag, portlint style
- don't keep databases that are tool old [2]
Requested by: hubs [1]
Noticed by: Nicolas Rachinsky <nicolas@rachinsky.de> [2]
* Add some additional checks for USE_* variables included too late [1]
* Add a check for SIZE in distinfo [2]
* Fix a small style nit [2]
* Warn is USE_SIZE is used in a port's Makefile
* Check to see if a port supports WITHOUT_NLS if USE_GETTEXT is defined [3]
Submitted by: eik [1]
krion [2]
Requested by: kris [3]
- Ignore padded 0's in version comparison.
This fixes a bug 2.00 being wrongly regarded as equal to 2.0.2.
- Show a summary of how many packages were upgraded, ignored, skipped
and failed after listing results.
Requested by: netchild
* Add code for formal master/slave checking rules as defined in ports/64393 [1]:
1. A port is a slave port if and only if MASTERDIR != .CURDIR
2. Slave ports should define MASTERDIR using one of the following lines:
MASTERDIR= ${.CURDIR}/../../<category>/<port>
MASTERDIR= ${.CURDIR}/../<port>
3. Non-slave ports shouldn't define MASTERDIR at all
4. The last line of a slave port's Makefile has to be
.include "${MASTERDIR}/Makefile"
5. The last line of a non-slave ports Makefile must be one of:
.include <bsd.port.mk>
.include <bsd.port.post.mk>
6. slave ports may not include bsd.port(.pre).mk
* Check to make sure MACHINE_ARCH is not defined and make sure it is never
tested directly [2]
* Fix some grammar nits [3]
PR: 64420 [1]
Submitted by: eik [1]
krion [3]
Requested by: kris [2]
Since we are using the official VuXML database
the auditing should be pretty complete.
- mention web page
- add more mirrors, disabling .ru mirror (too much lag)
- allow combined options in portaudit shell script
- add sample configuration file
- use absolute paths for binaries, to ease use in crontab scripts [1]
- correct type in man page [2]
PR: 64005 [2]
Submitted by: Tomasz Pilat <poncki@axelspringer.com.pl> [1]
Nathan Dove <njdove@wafer.sandia.gov> [2]
* Add dirname and egrep direct command use checks
* Add a missing '?' in checking for text after bsd.port(.post)?.mk [1]
* Add a check to make sure OPTIONS is set before bsd.port.pre.mk
Submitted by: eik [1]
- new command line tool
- new man page
- reworked database update code, incorporating feedback from
Max Khon <fjoe>, Radim Kolar <hsn@netmag.cz> (PR 63066) and
Ion-Mihai Tetcu <itetcu@apropo.ro> (PR 62655)
two databases cause more confusion than it is worth.
portaudit uses ports/security/vuxml/vuln.xml in the meantime,
please commit your changes there and send feedback wich format
you prefer.
Currently we have to migrate gnats, mailman, monkey and some
apache versions.
- provide a dummy exclusion pattern if the exclude file exists but
doesn't contain any patterns (Yen-Ming Lee <leeym@FreeBSD.org>)
- progress status display for interactive phase, too
- minor code cleanups, improved comments/docs
PR: ports/62539
Submitted by: Stefan Walter <sw@gegenunendlich.de> (author)
This is a package to test FreeBSD port auditing systems, e.g. portaudit
and the upcoming VuXML based system. Even though it installs no files,
it is listed in the portaudit database as vulnerable.
Kind of a EICAR-STANDARD-ANTIVIRUS-TEST-FILE
of FreeBSD ports and tools to check if installed ports are listed.
Since this is a prerelease version, it is mostly usable for
committers that want to contribute to the project, and can currently
not be relied upon as an extensive security auditing tool.
* Fix some grammar nits in portlint.1
* Add some missing options to the summary in portlint.1
* Reorganize some option descriptions in portlint.1
* Add an ENVIRONMENT section describing PL_CVS_IGNORE and PORTSDIR in
portlint.1
* Don't check the MAINTAINER field for direct command use [1]
* Add a new PL_CVS_IGNORE environment variable that allows users to filter
out certain patterns from the CVS files check [2]
* Only warn about CATEGORY problems if the user is in PORTSDIR [3]
* Sync new command macros with recent bsd.port.mk changes
* Correct a regular expression problem when looking for direct command use [4]
PR: 61562 [1]
61449 [2] [3]
Submitted by: Sergey Matveychuk <sem@ciam.ru> [1]
sergei [3]
leeym [4]
