| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | <!-- $NetBSD: faq.xml,v 1.39 2008/01/04 15:53:41 rillig Exp $ --> | | 1 | <!-- $NetBSD: faq.xml,v 1.40 2008/03/04 02:39:37 jschauma Exp $ --> |
2 | | | 2 | |
3 | <chapter id="faq"> <?dbhtml filename="faq.html"?> | | 3 | <chapter id="faq"> <?dbhtml filename="faq.html"?> |
4 | <title>Frequently Asked Questions</title> | | 4 | <title>Frequently Asked Questions</title> |
5 | | | 5 | |
6 | <para>This section contains hints, tips & tricks on special things in | | 6 | <para>This section contains hints, tips & tricks on special things in |
7 | pkgsrc that we didn't find a better place for in the previous chapters, and | | 7 | pkgsrc that we didn't find a better place for in the previous chapters, and |
8 | it contains items for both pkgsrc users and developers.</para> | | 8 | it contains items for both pkgsrc users and developers.</para> |
9 | | | 9 | |
10 | <!-- ================================================================== --> | | 10 | <!-- ================================================================== --> |
11 | | | 11 | |
12 | <sect1 id="mailing-list-pointers"> | | 12 | <sect1 id="mailing-list-pointers"> |
13 | <title>Are there any mailing lists for pkg-related discussion?</title> | | 13 | <title>Are there any mailing lists for pkg-related discussion?</title> |
14 | | | 14 | |
| @@ -499,57 +499,55 @@ reinstall any affected packages. | | | @@ -499,57 +499,55 @@ reinstall any affected packages. |
499 | </sect1> | | 499 | </sect1> |
500 | | | 500 | |
501 | <!-- ================================================================== --> | | 501 | <!-- ================================================================== --> |
502 | | | 502 | |
503 | <sect1 id="audit-packages"> | | 503 | <sect1 id="audit-packages"> |
504 | <title>Automated security checks</title> | | 504 | <title>Automated security checks</title> |
505 | | | 505 | |
506 | <para>Please be aware that there can often be bugs in third-party software, | | 506 | <para>Please be aware that there can often be bugs in third-party software, |
507 | and some of these bugs can leave a machine vulnerable to exploitation by | | 507 | and some of these bugs can leave a machine vulnerable to exploitation by |
508 | attackers. In an effort to lessen the exposure, the NetBSD packages team | | 508 | attackers. In an effort to lessen the exposure, the NetBSD packages team |
509 | maintains a database of known-exploits to packages which have at one time | | 509 | maintains a database of known-exploits to packages which have at one time |
510 | been included in pkgsrc. The database can be downloaded automatically, and | | 510 | been included in pkgsrc. The database can be downloaded automatically, and |
511 | a security audit of all packages installed on a system can take place. To | | 511 | a security audit of all packages installed on a system can take place. To |
512 | do this, install the <filename | | 512 | do this, refer to the following two tools (installed as part of the |
513 | role="pkg">security/audit-packages</filename> package. It has two | | 513 | <filename role="pkg">pkgtools/pkg_install</filename> package):</para> |
514 | components:</para> | | | |
515 | | | 514 | |
516 | <orderedlist> | | 515 | <orderedlist> |
517 | | | 516 | |
518 | <listitem> | | 517 | <listitem> |
519 | <para><command>download-vulnerability-list</command>, an easy way to | | 518 | <para><command>download-vulnerability-list</command>, an easy way to |
520 | download a list of the security vulnerabilities information. This list | | 519 | download a list of the security vulnerabilities information. This list |
521 | is kept up to date by the NetBSD security officer and the NetBSD | | 520 | is kept up to date by the NetBSD security officer and the NetBSD |
522 | packages team, and is distributed from the NetBSD ftp server:</para> | | 521 | packages team, and is distributed from the NetBSD ftp server:</para> |
523 | | | 522 | |
524 | <para><ulink | | 523 | <para><ulink |
525 | url="ftp://ftp.NetBSD.org/pub/NetBSD/packages/distfiles/pkg-vulnerabilities"/></para> | | 524 | url="ftp://ftp.NetBSD.org/pub/NetBSD/packages/distfiles/pkg-vulnerabilities"/></para> |
526 | </listitem> | | 525 | </listitem> |
527 | | | 526 | |
528 | <listitem> | | 527 | <listitem> |
529 | <para><command>audit-packages</command>, an easy way to audit the | | 528 | <para><command>audit-packages</command>, an easy way to audit the |
530 | current machine, checking each vulnerability which is known. If a | | 529 | current machine, checking each vulnerability which is known. If a |
531 | vulnerable package is installed, it will be shown by output to stdout, | | 530 | vulnerable package is installed, it will be shown by output to stdout, |
532 | including a description of the type of vulnerability, and a URL | | 531 | including a description of the type of vulnerability, and a URL |
533 | containing more information.</para> | | 532 | containing more information.</para> |
534 | </listitem> | | 533 | </listitem> |
535 | | | 534 | |
536 | </orderedlist> | | 535 | </orderedlist> |
537 | | | 536 | |
538 | <para>Use of the <filename role="pkg">security/audit-packages</filename> | | 537 | <para>Use of these tools is strongly recommended! After |
539 | package is strongly recommended! After | | 538 | <quote>pkg_install</quote> is installed, please read |
540 | <quote>audit-packages</quote> is installed, please read | | | |
541 | the package's message, which you can get by running <userinput>pkg_info -D | | 539 | the package's message, which you can get by running <userinput>pkg_info -D |
542 | audit-packages</userinput>.</para> | | 540 | pkg_install</userinput>.</para> |
543 | | | 541 | |
544 | <para>If this package is installed, pkgsrc builds will use it to | | 542 | <para>If this package is installed, pkgsrc builds will use it to |
545 | perform a security check before building any package. See <xref | | 543 | perform a security check before building any package. See <xref |
546 | linkend="variables-affecting-build"/> for ways to control this | | 544 | linkend="variables-affecting-build"/> for ways to control this |
547 | check.</para> | | 545 | check.</para> |
548 | | | 546 | |
549 | </sect1> | | 547 | </sect1> |
550 | | | 548 | |
551 | <sect1 id="ufaq-cflags"> | | 549 | <sect1 id="ufaq-cflags"> |
552 | <title>Why do some packages ignore my <varname>CFLAGS</varname>?</title> | | 550 | <title>Why do some packages ignore my <varname>CFLAGS</varname>?</title> |
553 | | | 551 | |
554 | <para>When you add your own preferences to the | | 552 | <para>When you add your own preferences to the |
555 | <varname>CFLAGS</varname> variable in your | | 553 | <varname>CFLAGS</varname> variable in your |