Re: building legacy packages with poudriere ?
On 12/5/2014 3:24 AM, Shane Ambler wrote: default method is portsnap - pkg_install is an svn branch name poudriere ports -m svn+https -B pkg_install -c If that fails you could manually checkout with svn and use poudriere ports -c -p pkg_install -F -f none -M /path/to Thanks! I had to blow away the default as it was from head, and poudriere kept saying I already had a default. How does one typically maintain distinct ports trees on the same box, or do they bother to ? Anyways, at this point I achieved what I wanted to do (build a python package), so my immediate need is solved! Next is to integrate poudriere into future projects. Thanks everyone for the help! ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: building legacy packages with poudriere ?
On 12/4/2014 7:51 PM, Bryan Drewery wrote: Poudriere (as of latest 3.1) still supports pkg_install packages. It is *ports* that does not. You will need to use an older ports tree. You can use the /branches/pkg_install/ branch, but it is stuck at 2014 Sep. Excellent! Sept 2014 is fine for what I need to build from. Next question, how do I fetch that branch ? # poudriere ports -B pkg_install -c [00:00:00] >> Extracting portstree "default"... Looking up portsnap.FreeBSD.org mirrors... none found. Fetching public key from portsnap.FreeBSD.org... done. Fetching snapshot tag from portsnap.FreeBSD.org... done. Fetching snapshot metadata... done. Fetching snapshot generated at Thu Dec 4 19:12:03 EST 2014: 4ae3b8d808ed153ed27a765a9518a5bcb8e59126c5b08e100% of 70 MB 319 kBps 00m00s Extracting snapshot... and # poudriere ports -l # returns nothing ? I grabbed # poudriere version 3.1-RC3 # ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
building legacy packages with poudriere ?
I have a number of old legacy nanobsd boxes that I want to retrofit with a couple of packages remotely. Remote full image upgrade is not something I really want to do, as I would just like to add a couple of packages. I was looking at poudriere which seems the way to go, but it seems to only want to build .txz / pkgng style packages. Is there a way to get poudriere to build packages that an older releng8 installation would understand ? ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: bash velnerability
On 9/30/2014 5:25 PM, Charles Swiger wrote:
bash-3.2$ echo "Testing Exploit 4 (CVE-2014-7186)"
Testing Exploit 4 (CVE-2014-7186)
bash-3.2$ CVE7186="$(bash -c 'true </dev/null ||echo -n V)"
bash-3.2$ [ "${CVE7186}" == "V" ] && echo "VULNERABLE" || echo "NOT VULNERABLE"
NOT VULNERABLE
This being said, I'm not confident that there won't be further issues found
with bash
What are people using to check these issues ? I was using
https://github.com/hannob/bashcheck
Not sure if that gives false positives ? Even on linux with all patches
applied, it coredumps on 7186.
Yet the BASH maintainer says all holes are patched ? Or does he
consider 2014-7186 not a security issue ?
http://lists.gnu.org/archive/html/bug-bash/2014-09/msg00341.html
# bash ./bashcheck
Not vulnerable to CVE-2014-6271 (original shellshock)
Not vulnerable to CVE-2014-7169 (taviso bug)
./bashcheck: line 18: 19749 Segmentation fault (core dumped) bash
-c "true $(printf '< /dev/null
Vulnerable to CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Variable function parser inactive, likely safe from unknown parser bugs
#
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: bash velnerability
On 9/26/2014 5:01 PM, Bryan Drewery wrote: On 9/26/2014 12:41 PM, Bryan Drewery wrote: On 9/26/2014 11:51 AM, Bryan Drewery wrote: On 9/26/2014 11:46 AM, Bartek Rutkowski wrote: Apparently, the full fix is still not delivered, accordingly to this: http://seclists.org/oss-sec/2014/q3/741 Kind regards, Bartek Rutkowski I'm pretty sure they call that a "feature". This is a bit different. I've disabled environment function importing in the port. Using --import-functions will allow it to work if you need it. Hi Bryan, With the latest ports, bashcheck still sees some issues with bash. Are these false positives on FreeBSD ? Using https://raw.githubusercontent.com/hannob/bashcheck/master/bashcheck Not vulnerable to CVE-2014-6271 (original shellshock) Not vulnerable to CVE-2014-7169 (taviso bug) ./bashcheck: line 18: 54908 Segmentation fault (core dumped) bash -c "true $(printf '< /dev/null Vulnerable to CVE-2014-7186 (redir_stack bug) Test for CVE-2014-7187 not reliable without address sanitizer Variable function parser inactive, likely safe from unknown parser bugs ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Sudo security advisory
Hi, http://www.gratisoft.us/sudo/alerts/sudo_debug.html >From the advisory, Successful exploitation of the bug will allow a user to run arbitrary commands as root. Exploitation of the bug does *not* require that the attacker be listed in the sudoers file. As such, we strongly suggest that affected sites upgrade from affected sudo versions as soon as possible. ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Qugga port security fix
Hi, Any chance you could update the quagga port to the latest version ? There are some security fixes in it. http://www.freebsd.org/cgi/query-pr.cgi?pr=161161 and http://www.freebsd.org/cgi/query-pr.cgi?pr=156332&cat=port have patches, although the second one is probably more correct. ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
