FreshPorts -- The Place For Ports If you buy from Amazon USA, please support us by using this link.
Follow us
Blog
Twitter

I am looking for an LTO tape library. Do you have one to spare?
Port details
portaudit 0.6.2 ports-mgmt on this many watch lists=142 search for ports that depend on this port An older version of this port was marked as vulnerable.
Checks installed ports against a list of security vulnerabilities
Maintained by: ports-secteam@FreeBSD.org search for ports maintained by this maintainer
Port Added: 05 Feb 2007 01:09:12
Also Listed In: security
License: not specified in port


portaudit provides a system to check if installed ports are listed in a 
database of published security vulnerabilities.

After installation it will update this security database automatically and 
include its reports in the output of the daily security run.

If you have found a vulnerability not listed in the database, please contact 
the FreeBSD Security Officer <security-officer@FreeBSD.org>. Refer to

  http://www.freebsd.org/security/#sec

for more information.

WWW: http://people.freebsd.org/~eik/portaudit/

Oliver Eikemeier <eik@FreeBSD.org>
SVNWeb : Main Web Site : Distfiles Availability : PortsMon

This port is required by:

for Run * - deleted ports are only shown under the This port is required by section. It was harder to do for the Required section. Perhaps later...

To install the port: cd /usr/ports/ports-mgmt/portaudit/ && make install clean
To add the package: pkg install ports-mgmt/portaudit


Configuration Options
     No options to configure

Master Sites:
  1. http://distcache.FreeBSD.org/ports-distfiles/

Number of commits found: 19

Commit History - (may be incomplete: see SVNWeb link above for full details)
DateByDescription
24 Jul 2014 08:16:55
Original commit files touched by this commit  0.6.2
Revision:362769
delphij search for other commits by this committer
Remove unnecessary quotation.

PR:		ports/192081
Submitted by:	<takefu airport fm>
23 Dec 2013 22:26:43
Original commit files touched by this commit  0.6.2
Revision:337303
delphij search for other commits by this committer
Detect pkgNG.  When pkgNG is present and there is packages managed by pkgNG,
give user a warning and run pkg audit -F instead.

PR:		ports/185147
Submitted by:	ohauer
17 Nov 2013 02:00:30
Original commit files touched by this commit  0.6.1
Revision:334044
eadler search for other commits by this committer
Clean up the portaudit port
- let the ports-secteam maintain this port instead of secteam.  This should
assign PRs to the appropriate place. [1]
- recent freebsd versions should use pkg audit instead of portaudit
- stagify
- remove mention of preference file format changes which changed in 2004

PR:		ports/184004 (partial
Discussed with:	simon (many months ago) [1]
12 Nov 2013 13:09:18
Original commit files touched by this commit  0.6.1
Revision:333567
zi search for other commits by this committer
- Set MAINTAINER to ports-secteam

Requested by:	des@
With hat:	ports-secteam@
20 Sep 2013 22:36:49
Original commit files touched by this commit  0.6.1
Revision:327762
bapt search for other commits by this committer
Add NO_STAGE all over the place in preparation for the staging support (cat:
ports-mgmt)
01 Aug 2013 20:41:31
Original commit files touched by this commit  0.6.1
Revision:324124
remko (src,doc committer) search for other commits by this committer
Forgot to bump the version in the previous commit.  Eventhough
this is a minor change, it's still new and should tell people
that they can upgrade to this version.

Hat:	    secteam
01 Aug 2013 19:03:41
Original commit files touched by this commit  0.6.0
Revision:324119
remko (src,doc committer) search for other commits by this committer
Add support for an alternative openssl location, for example when installed
via the Ports Collection.

PR:		166561
Submitted by:	Eugene Grosbein <eugen@grosbein.pp.ru>
11 Mar 2012 22:05:39
Original commit files touched by this commit  0.6.0
simon search for other commits by this committer
Portaudit 0.6.0:

Fix remote code execution which can occur with a specially crafted
audit file.  The attacker would need to get the portaudit(1) to
download the bad audit database, e.g. by performing a man in the
middle attack.

Add signature verification of the portaudit database.  The public key
is for the database generated for portaudit.FreeBSD.org is included
in the distribution.

(This parts add the portaudit public key missed in initial commit.)

Submitted by:   Michael Gmelin <freebsd@grem.de>
Reported by:    Michael Gmelin <freebsd@grem.de>, Joerg Scheinert
Security:       Remote code execution
Security:      
http://vuxml.FreeBSD.org/6d329b64-6bbb-11e1-9166-001e4f0fb9b1.html
Feature safe:   yes
With hat:       so
11 Mar 2012 21:32:58
Original commit files touched by this commit  0.6.0
simon search for other commits by this committer
Portaudit 0.6.0:

Fix remote code execution which can occur with a specially crafted
audit file.  The attacker would need to get the portaudit(1) to
download the bad audit database, e.g. by performing a man in the
middle attack.

Add signature verification of the portaudit database.  The public key
is for the database generated for portaudit.FreeBSD.org is included
in the distribution.

Submitted by:   Michael Gmelin <freebsd@grem.de>
Reported by:    Michael Gmelin <freebsd@grem.de>, Joerg Scheinert
Security:       Remote code execution
Security:      
http://vuxml.FreeBSD.org/6d329b64-6bbb-11e1-9166-001e4f0fb9b1.html
Feature safe:   yes
With hat:       so
05 Feb 2011 08:37:06
Original commit files touched by this commit  0.5.17
 This port version is marked as vulnerable.
remko search for other commits by this committer
Add some improvements via Doug:

This patch changes the order in which the conf file is read vs.
when the default variable assignments are made in order to provide
the ability to override them in the conf file. It also adds the
ability to include a conf file in the same directory as the script.

The patch also changes some of the = assignments to := where
having a null setting by mistake would be fatal.

The use case for these changes is the ability to "package" all
of the elements together in one place for use on multiple systems
that can all mount the same central location.

PR:             154518
Submitted by:   dougb
Hat:            secteam
Feature safe:   yes
31 Jan 2011 20:17:04
Original commit files touched by this commit  0.5.16
 This port version is marked as vulnerable.
uqs search for other commits by this committer
Don't enclose URLs in <>, it makes them harder to copy&paste and URLs are
not email addresses.

PR:             ports/127214 (first half)
Reviewed by:    simon
Feature safe:   yes
03 May 2010 21:02:21
Original commit files touched by this commit  0.5.15
 This port version is marked as vulnerable.
delphij search for other commits by this committer
Prefer using base system binaries.

Reported by:    Paul Hoffman <phoffman proper com>
With hat:       secteam
26 Oct 2009 09:17:28
Original commit files touched by this commit  0.5.14
 This port version is marked as vulnerable.
remko search for other commits by this committer
Forgot to bump version.

Prodded by:     antoine
21 Oct 2009 08:30:57
Original commit files touched by this commit  0.5.13
 This port version is marked as vulnerable.
remko search for other commits by this committer
Fix unmatched quote.

PR:             ports/139810
Submitted by:   bf <bf1783 at gmail dot com>
21 Jun 2009 15:45:18
Original commit files touched by this commit  0.5.13
 This port version is marked as vulnerable.
simon search for other commits by this committer
Download portaudit database from http://portaudit.FreeBSD.org/ instead
of http://www.FreeBSD.org/ports/portaudit/.

This is primarily done to work around bug in lighttpd on www.FreeBSD.org
where If-Modified-Since isn't handled correctly possibly resulting in
users behind web proxies getting an outdated version of the portaudit
database.

Bump portaudit version number.

Big thanks to the reporter for the detailed PR with good information
about reproducing the issue.

PR:             www/134505
Reported by:    Christian Ullrich <chris@chrullrich.net>
Prodding by:    remko, Christian Ullrich
27 Dec 2007 09:54:23
Original commit files touched by this commit  0.5.12
 This port version is marked as vulnerable.
simon search for other commits by this committer
- Fix portaudit -Fq to actually be quiet. [1]
- Remove support for FreeBSD older than 4.11 and 5.3.
- Remove conditional dependency on bzip2 which I can't really see how
  could be activated automatically.

Reported by:    "J. Martin Petersen" <jmp@alvorlig.dk> [1]
PR:             ports/117845 [1]
With hat:       maintainer / secteam
02 Apr 2007 12:40:32
Original commit files touched by this commit  0.5.11
 This port version is marked as vulnerable.
erwin search for other commits by this committer
Add security to CATEGORIES

"Sounds like a good idea":      simon
15 Mar 2007 07:14:35
Original commit files touched by this commit  0.5.11
 This port version is marked as vulnerable.
remko search for other commits by this committer
Correct URL to the VuXML pages for FreeBSD. Also bump modification date.

PR:             ports/104813
Submitted by:   Alan Amesbury <amesbury at umn dot edu>
05 Feb 2007 01:08:46
Original commit files touched by this commit  0.5.11
 This port version is marked as vulnerable.
pav search for other commits by this committer
Populate a new ports-mgmt category. List of moved ports:

  devel/portcheckout -> ports-mgmt/portcheckout
  devel/portlint -> ports-mgmt/portlint
  devel/portmk -> ports-mgmt/portmk
  devel/porttools -> ports-mgmt/porttools
  misc/instant-tinderbox -> ports-mgmt/instant-tinderbox
  misc/porteasy -> ports-mgmt/porteasy
  misc/portell -> ports-mgmt/portell
  misc/portless -> ports-mgmt/portless
  misc/tinderbox -> ports-mgmt/tinderbox
  security/jailaudit -> ports-mgmt/jailaudit
  security/portaudit -> ports-mgmt/portaudit
  security/portaudit-db -> ports-mgmt/portaudit-db
  security/vulnerability-test-port -> ports-mgmt/vulnerability-test-port
(Only the first 15 lines of the commit message are shown above View all of this commit message)

Number of commits found: 19

Login
User Login
Create account

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD

This site
What is FreshPorts?
About the authors
FAQ
How big is it?
The latest upgrade!
Privacy
Forums
Blog
Contact

Search
Enter Keywords:
 
more...

Latest Vulnerabilities
bashOct 01
bashOct 01
bash-staticOct 01
bash-staticOct 01
jenkinsOct 01
jenkins-ltsOct 01
phpmyadminOct 01
rsyslog7Sep 30
fishSep 29
bash*Sep 25
bash-static*Sep 25
chromiumSep 25
krfbSep 25
linux-c6-nssSep 25
linux-firefoxSep 25

12 vulnerabilities affecting 35 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities


Ports
Home
Categories
Deleted ports
Sanity Test Failures
Newsfeeds


Statistics
Graphs
NEW Graphs (Javascript)
Traffic

Calculated hourly:
Port count 24166
Broken 104
Deprecated 27
Ignore 359
Forbidden 3
Restricted 205
No CDROM 93
Vulnerable 21
Expired 2
Set to expire 22
Interactive 0
new 24 hours 2
new 48 hours10
new 7 days54
new fortnight144
new month288

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD
Valid HTML, CSS, and RSS.
Copyright © 2000-2014 Dan Langille. All rights reserved.