diff options
| author | adrianp <adrianp@pkgsrc.org> | 2007-08-29 23:26:30 +0000 |
|---|---|---|
| committer | adrianp <adrianp@pkgsrc.org> | 2007-08-29 23:26:30 +0000 |
| commit | 583342970a8624e981cae7ed3f98047a8e00de19 (patch) | |
| tree | 3dac5f7b1140e6a1c1cb0226bba29f9c6b818b37 /mk/scripts | |
| parent | 14c931f57cc211d1f0640b74b5eb8643b659e06e (diff) | |
| download | pkgsrc-583342970a8624e981cae7ed3f98047a8e00de19.tar.gz | |
The code for the pkg_install<20070714 vulnerability checks used in the
README.html generation are broken. It will not find vulnerabilities in any
packages that have complex names in the pkg-vulnerabilties file.
e.g. php{4,5}-perl and sun-{jdk,jre}15
Post pkg_install-20070714 this is now fixed and only currently known
vulnerabilities are shown in the generated README.html files for packages.
You will need to update to pkg_install>=20070714 to get this fix.
Diffstat (limited to 'mk/scripts')
| -rwxr-xr-x | mk/scripts/genreadme.awk | 31 |
1 files changed, 29 insertions, 2 deletions
diff --git a/mk/scripts/genreadme.awk b/mk/scripts/genreadme.awk index 5fdf718bfd8..320afb5a35d 100755 --- a/mk/scripts/genreadme.awk +++ b/mk/scripts/genreadme.awk @@ -1,5 +1,5 @@ #!/usr/bin/awk -f -# $NetBSD: genreadme.awk,v 1.27 2007/05/28 11:07:00 martti Exp $ +# $NetBSD: genreadme.awk,v 1.28 2007/08/29 23:26:30 adrianp Exp $ # # Copyright (c) 2002, 2003, 2005, 2006 The NetBSD Foundation, Inc. # All rights reserved. @@ -372,8 +372,15 @@ END { if (debug) printf("wrote = %d entries to \"%s\"\n", i-1, htmldeps_file); +# XXX: The code for the pkg_install<20070714 vulnerability checks are +# XXX: broken. It will not find vulnerabilities in any packages that +# XXX: have complex names in the pkg-vulnerabilties file. +# XXX: e.g. php{4,5}-perl and sun-{jdk,jre}15 +# XXX: Post pkg_install-20070714 only currently known vulnerabilities are +# XXX: shown in the generated README.html files for packages. + vul = ""; - if (have_vfile) { + if (have_vfile && PKGTOOLS_VER < 20070714) { i = 1; pkgbase = pkgdir2name[toppkg]; gsub(/-[^-]*$/, "", pkgbase); @@ -403,6 +410,26 @@ END { } } + if (have_vfile && PKGTOOLS_VER >= 20070714) { + pkg = pkgdir2name[toppkg]; + + if (debug) { + printf("Checking for %s (%s) vulnerabilities\n", + toppkg, pkg); + } + + cmd = sprintf("audit-packages -n %s", pkg); + while (cmd | getline vuln_entry) { + split(vuln_entry, entry, " "); + vul = sprintf("%s<LI><STRONG>%s has a <a href=\"%s\">%s</a> vulnerability</STRONG></LI>\n", + vul, pkg, entry[8], entry[5]); + } + close(cmd); + + if ( vul == "" ){ + vul="<I>(no vulnerabilities known)</I>"; + } + } if (debug) { printf("Checking for binary package with lookup_cache( %s)\n", |