Per request, back out all the SKIP_AUDIT_PACKAGES changes.

bsd.pkg.mk:1.1758-1.1752
bsd.prefs.mk:1.210
bulk/build:1.79
defaults/mk.conf:1.93-1.92

1 files changed, 19 insertions, 33 deletions

diff --git a/mk/bsd.pkg.mk b/mk/bsd.pkg.mk
index b02e65f3d70..346e61b761b 100644
--- a/mk/bsd.pkg.mk
+++ b/mk/bsd.pkg.mk
@@ -1,4 +1,4 @@
-#	$NetBSD: bsd.pkg.mk,v 1.1767 2005/11/22 03:41:20 jlam Exp $
+#	$NetBSD: bsd.pkg.mk,v 1.1768 2005/11/23 18:27:13 erh Exp $
 #
 # This file is in the public domain.
 #
@@ -1315,48 +1315,36 @@ batch-check-distfiles:
 	esac
 
 # check for any vulnerabilities in the package
-
-_AUDIT_PACKAGES_MIN_VERSION=1.40
-_AUDIT_PACKAGES_OK!=	${PKG_INFO} -qe 'audit-packages>=${_AUDIT_PACKAGES_MIN_VERSION}' ; echo $$?
-
-# Note: _any_ output from check-vulnerable is considered an error by do-fetch.
+# Please do not modify the leading "@" here
 .PHONY: check-vulnerable
 check-vulnerable:
-.if empty(_AUDIT_PACKAGES_OK:M0)
-	@${ECHO_MSG} "${_PKGSRC_IN}> *** The audit-packages package must be at least version ${_AUDIT_PACKAGES_MIN_VERSION}"
-	@${ECHO_MSG} "${_PKGSRC_IN}> *** Please install the security/audit-packages package and run";
-	@${ECHO_MSG} "${_PKGSRC_IN}> *** '${LOCALBASE}/sbin/download-vulnerability-list'.";
-	@false
-.else
-	@${AUDIT_PACKAGES} -i ""${ALLOW_VULNERABILITIES.${PKGBASE}:Q} -p ${PKGNAME:Q}
-.endif
-
-
-.if defined(ALLOW_VULNERABILITIES.${PKGBASE})
-_ALLOW_VULNERABILITIES=${ALLOW_VULNERABILITIES.${PKGBASE}}
-.else
-_ALLOW_VULNERABILITIES=#none
-.endif
+	@if [ ! -z "${PKG_SYSCONFDIR.audit-packages}" -a -f ${PKG_SYSCONFDIR.audit-packages}/audit-packages.conf ]; then \
+		. ${PKG_SYSCONFDIR.audit-packages}/audit-packages.conf; \
+	elif [ ! -z "${PKG_SYSCONFDIR}" -a -f ${PKG_SYSCONFDIR}/audit-packages.conf ]; then \
+		. ${PKG_SYSCONFDIR}/audit-packages.conf;		\
+	fi;								\
+	if [ -f ${PKGVULNDIR}/pkg-vulnerabilities ]; then		\
+		${SETENV} PKGNAME=${PKGNAME:Q}				\
+			  PKGBASE=${PKGBASE:Q}				\
+			${AWK} '/^$$/ { next }				\
+				/^#.*/ { next }				\
+				$$1 !~ ENVIRON["PKGBASE"] && $$1 !~ /\{/ { next } \
+				{ s = sprintf("${PKG_ADMIN} pmatch \"%s\" %s && ${ECHO} \"*** WARNING - %s vulnerability in %s - see %s for more information ***\"", $$1, ENVIRON["PKGNAME"], $$2, ENVIRON["PKGNAME"], $$3); system(s); }' < ${PKGVULNDIR}/pkg-vulnerabilities || ${FALSE}; \
+	fi
 
 .PHONY: do-fetch
 .if !target(do-fetch)
 do-fetch:
-.  if empty(SKIP_AUDIT_PACKAGES:M[Yy][Ee][Ss]) && empty(_ALLOW_VULNERABILITIES:M[Yy][Ee][Ss])
+.  if !defined(ALLOW_VULNERABLE_PACKAGES)
 	${_PKG_SILENT}${_PKG_DEBUG}					\
 	if [ -f ${PKGVULNDIR}/pkg-vulnerabilities ]; then		\
 		${ECHO_MSG} "${_PKGSRC_IN}> Checking for vulnerabilities in ${PKGNAME}"; \
-		vul=`${MAKE} ${MAKEFLAGS} check-vulnerable || ${TRUE}`;		\
+		vul=`${MAKE} ${MAKEFLAGS} check-vulnerable`;		\
 		case "$$vul" in						\
 		"")	;;						\
-		*vulnid:*)	vulnids=`echo "$$vul" | ${GREP} vulnid: | ${SED} -e's/.*vulnid:\\([[:digit:]]*\\).*/\\1/'`; \
-			${ECHO} "$$vul";				\
-			${ECHO} "or if this package is absolutely essential, add this to mk.conf:"; \
-			for vulnid in $$vulnids ; do \
-				${ECHO} " ALLOW_VULNERABILITIES.${PKGBASE}+=$$vulnid"; \
-			done ; \
+		*)	${ECHO} "$$vul";				\
+			${ECHO} "or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential"; \
 			${FALSE} ;;					\
-		*) ${ECHO} "$$vul";				\
-			${FALSE} ;;                 \
 		esac;							\
 	else								\
 		${ECHO_MSG} "${_PKGSRC_IN}> *** No ${PKGVULNDIR}/pkg-vulnerabilities file found,"; \
@@ -1364,8 +1352,6 @@ do-fetch:
 		${ECHO_MSG} "${_PKGSRC_IN}> *** the pkgsrc/security/audit-packages package and run"; \
 		${ECHO_MSG} "${_PKGSRC_IN}> *** '${LOCALBASE}/sbin/download-vulnerability-list'."; \
 	fi
-.  else
-	@${ECHO_MSG} "${_PKGSRC_IN}> *** Skipping vulnerability checks for ${PKGNAME}"
 .  endif
 .  if !empty(_ALLFILES)
 	${_PKG_SILENT}${_PKG_DEBUG}					\