Add the glue for showing any security vulnerabilities to the README.html

files.

2 files changed, 46 insertions, 10 deletions

diff --git a/mk/bsd.pkg.mk b/mk/bsd.pkg.mk
index 9e372df3d80..a2212ab4b44 100644
--- a/mk/bsd.pkg.mk
+++ b/mk/bsd.pkg.mk
@@ -1,4 +1,4 @@
-#	$NetBSD: bsd.pkg.mk,v 1.576 2000/09/15 16:53:30 veego Exp $
+#	$NetBSD: bsd.pkg.mk,v 1.577 2000/09/19 19:29:11 agc Exp $
 #
 # This file is in the public domain.
 #
@@ -1623,6 +1623,12 @@ root-install:
 		${ECHO_MSG} "If this is not desired, set it to an appropriate value (${DEF_UMASK})"; \
 		${ECHO_MSG} "and install this package again by \`\`${MAKE} deinstall reinstall''."; \
 	fi
+	${_PKG_SILENT}${_PKG_DEBUG}					\
+	vul="`${MAKE} show-vulnerabilities`";				\
+	if [ "$$vul" != "" ]; then					\
+		${ECHO_MSG} '*** WARNING: Vulnerabilities in this package ***'; \
+		${ECHO_MSG} "$$vul";					\
+	fi
 .if !defined(NO_MTREE)
 	${_PKG_SILENT}${_PKG_DEBUG}if [ `${ID} -u` = 0 ]; then		\
 		if [ ! -f ${MTREE_FILE} ]; then				\
@@ -2789,6 +2795,14 @@ SED_HOMEPAGE_EXPR=       -e 's|%%HOMEPAGE%%|<p>This package has a home page at <
 SED_HOMEPAGE_EXPR=       -e 's|%%HOMEPAGE%%||'
 .endif
 
+show-vulnerabilities: ${DISTDIR}/vulnerabilities
+	@${AWK} '/^${PKGBASE}/ { print $$0 }' ${DISTDIR}/vulnerabilities
+
+show-vulnerabilities-html: ${DISTDIR}/vulnerabilities
+	@${AWK} '/^${PKGBASE}/ { gsub("\<", "\\&lt;", $$1);		\
+		 gsub("\>", "\\&gt;", $$1);				\
+		 printf("<STRONG><LI>%s has a %s exploit (see <a href=\"%s\">%s</a> for more details)</STRONG>\n", $$1, $$2, $$3, $$3) }' ${DISTDIR}/vulnerabilities
+
 .PHONY: README.html
 README.html: .PRECIOUS
 	@${MAKE} ${MAKEFLAGS} build-depends-list PACKAGE_NAME_TYPE=html | sort -u >> $@.tmp1
@@ -2798,11 +2812,19 @@ README.html: .PRECIOUS
 	@${ECHO} '${PKGNAME:S/&/\&amp;/g:S/>/\&gt;/g:S/</\&lt;/g}' >> $@.tmp3
 	@${MAKE} ${MAKEFLAGS} binpkg-list  >> $@.tmp4
 	@[ -s $@.tmp4 ] || ${ECHO} "<TR><TD><I>(no precompiled binaries available)</I>" >> $@.tmp4
+	@${MAKE} ${MAKEFLAGS} show-vulnerabilities-html >> $@.tmp5
+	@[ -s $@.tmp5 ] || ${ECHO} "<I>(no vulnerabilities known)</I>" >> $@.tmp5
+	@${LS} -l ${DISTDIR}/vulnerabilities | ${AWK} 'NF > 7 { printf("at %s %s %s\n", $$6, $$7, $$8) }' >> $@.tmp6
+	@[ -s $@.tmp6 ] || ${ECHO} "<TR><TD><I>(no vulnerabilities list available)</I>" >> $@.tmp6
 	@${SED} -e 's|%%PORT%%|${PKGPATH}|g' \
 		-e '/%%PKG%%/r $@.tmp3'					\
 		-e '/%%PKG%%/d'						\
 		${SED_LICENSE_EXPR}					\
 		${SED_HOMEPAGE_EXPR}					\
+		-e '/%%VULNERABILITIES%%/r $@.tmp5'			\
+		-e '/%%VULNERABILITIES%%/d'				\
+		-e '/%%VULDATE%%/r $@.tmp6'				\
+		-e '/%%VULDATE%%/d'					\
 		-e '/%%COMMENT%%/r ${PKGDIR}/COMMENT'			\
 		-e '/%%COMMENT%%/d'					\
 		-e '/%%BUILD_DEPENDS%%/r $@.tmp1'			\
@@ -2815,7 +2837,7 @@ README.html: .PRECIOUS
 	@cmp -s $@.tmp $@ || 						\
 		(${ECHO_MSG} "${_PKGSRC_IN}> Creating README.html for ${_THISDIR_}${PKGNAME}"; \
 		${MV} -f $@.tmp $@)
-	@${RM} -f $@.tmp $@.tmp1 $@.tmp2 $@.tmp3 $@.tmp4 $@.tmp5
+	@${RM} -f $@.tmp $@.tmp1 $@.tmp2 $@.tmp3 $@.tmp4 $@.tmp5 $@.tmp6
 
 .if !target(show-pkgtools-version)
 show-pkgtools-version:
@@ -2849,7 +2871,7 @@ print-run-depends-list:
 # Stat all the files of one pkg and sum the sizes up. 
 # 
 # XXX This is intended to be run before pkg_create is called, so the
-# existance of ${PLIST} can be assumed as granted.
+# existence of ${PLIST} can be assumed.
 print-pkg-size-this:
 	@${SHCOMMENT} "This pkg's files" ;				\
 	${AWK} 'BEGIN { base = "${PREFIX}/" }				\
@@ -2859,9 +2881,9 @@ print-pkg-size-this:
 		<${PLIST} 						\
 	| sort -u							\
 	| ${SED} -e 's, ,\\ ,g'						\
-	| xargs ${LS} -ld							\
-	| ${AWK} 'BEGIN { print("0 "); }					\
-		  { print($$5, " + "); }					\
+	| xargs ${LS} -ld						\
+	| ${AWK} 'BEGIN { print("0 "); }				\
+		  { print($$5, " + "); }				\
 		  END { print("p"); }'					\
 	| ${DC}
 
diff --git a/templates/README.pkg b/templates/README.pkg
index 7b5c7f6b324..7ea97e17ec0 100644
--- a/templates/README.pkg
+++ b/templates/README.pkg
@@ -1,5 +1,5 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
-<!-- $NetBSD: README.pkg,v 1.14 2000/05/31 22:16:17 wiz Exp $ -->
+<!-- $NetBSD: README.pkg,v 1.15 2000/09/19 19:29:11 agc Exp $ -->
 <html>
 <head>
 <title>The NetBSD Packages Collection: %%PORT%%</title>
@@ -29,14 +29,28 @@ longer description, or browse the package's
 
 <p>The package is located in the 
 "<A HREF=".">%%PORT%%</A>"
-directory. It can be manipulated using the packaging tools,
-working on the
+directory.
+The current source version of the package is
 "%%PKG%%"
-package.
 For a summary on how to use the package collection, go to the
 <a href="../../README.html">top of the packages tree</a>.
 </p>
 
+<P>
+The following security vulnerabilities are known for %%PORT%%
+%%VULDATE%%
+:
+<UL>
+%%VULNERABILITIES%%
+</UL>
+If you have a vulnerable package installed on any machine, you are
+advised to remove the package
+immediately, using the standard package tools.
+The <a href="../../security/audit-packages/README.html">audit-packages</a>
+package locates any installed package which has been mentioned in security
+advisories as being vulnerable.
+</P>
+
 
 <p>
 This package requires the following package(s) to build: