<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<p><span>We're still restoring VMs from our recent server issue.
Some services are back up, but we still have a few like Jenkins,
OpenGrok, and build nodes for our package cluster to restore. </span><br>
<br>
<span>We've been running package builds on a single server lately.
The latest amd64 run has had a few issues that we're working
through. </span><br>
<br>
<span>mport package manager has received several updates in recent
weeks. It now supports an audit command that lets you check for
CVEs against a copy of the NVD data. </span><br>
<span>Usage:</span><br>
<span>mport audit</span><br>
<span>mport audit -r</span><br>
<span>mport -q audit</span><br>
<br>
<span>The first version prints a list of all CVEs with
descriptions for each package. </span><br>
<br>
<span>The second includes a list of packages that depend on this
vulnerable port so you can also update those. </span><br>
<br>
<span>The third doesn't give details about the vulnerabilities and
just prints a list of vulnerable packages with package name and
package number using the "global" -q aka quiet flag. </span><br>
<br>
<span>This isn't included in MidnightBSD src git yet as we're
working through a few bugs. You can check it out and try it now
though git clone </span><a
href="https://github.com/midnightbsd/mport.git" class="x1fey0fg
xmper1u x1edh9d7"><span>https://github.com/midnightbsd/mport.git</span></a><span>
</span><br>
<br>
<br>
</p>
<pre class="moz-signature" cols="72">--
Lucas Holt
<a class="moz-txt-link-abbreviated" href="mailto:Luke@FoolishGames.com">Luke@FoolishGames.com</a>
________________________________________________________
MidnightBSD.org (Free OS)
JustJournal.com (Free blogging)</pre>
</body>
</html>