9:34 AM - Project Update
We're still restoring VMs from our recent server issue. Some services are back up, but we still have a few like Jenkins, OpenGrok, and build nodes for our package cluster to restore.
We've been running package builds on a single server lately. The latest amd64 run has had a few issues that we're working through.
mport package manager has received several updates in recent weeks. It now supports an audit command that lets you check for CVEs against a copy of the NVD data.
mport audit -r
mport -q audit
The first version prints a list of all CVEs with descriptions for each package.
The second includes a list of packages that depend on this vulnerable port so you can also update those.
The third doesn't give details about the vulnerabilities and just prints a list of vulnerable packages with package name and package number using the "global" -q aka quiet flag.
This isn't included in MidnightBSD src git yet as we're working through a few bugs. You can check it out and try it now though git clone https://github.com/midnightbsd/mport.git