summaryrefslogtreecommitdiff
path: root/mk
diff options
context:
space:
mode:
authoradrianp <adrianp>2007-08-29 23:26:30 +0000
committeradrianp <adrianp>2007-08-29 23:26:30 +0000
commitba4e8251fe7e2717e2bdf3d080e752fe6b769bf1 (patch)
tree3dac5f7b1140e6a1c1cb0226bba29f9c6b818b37 /mk
parent67be63f863c3d2f0e7bb4d0334a5103050fcc74b (diff)
downloadpkgsrc-ba4e8251fe7e2717e2bdf3d080e752fe6b769bf1.tar.gz
The code for the pkg_install<20070714 vulnerability checks used in the
README.html generation are broken. It will not find vulnerabilities in any packages that have complex names in the pkg-vulnerabilties file. e.g. php{4,5}-perl and sun-{jdk,jre}15 Post pkg_install-20070714 this is now fixed and only currently known vulnerabilities are shown in the generated README.html files for packages. You will need to update to pkg_install>=20070714 to get this fix.
Diffstat (limited to 'mk')
-rw-r--r--mk/bsd.pkg.readme.mk5
-rwxr-xr-xmk/scripts/genreadme.awk31
2 files changed, 32 insertions, 4 deletions
diff --git a/mk/bsd.pkg.readme.mk b/mk/bsd.pkg.readme.mk
index 3c4855d573f..40c6eef1811 100644
--- a/mk/bsd.pkg.readme.mk
+++ b/mk/bsd.pkg.readme.mk
@@ -1,4 +1,4 @@
-# $NetBSD: bsd.pkg.readme.mk,v 1.12 2007/08/13 09:45:49 rillig Exp $
+# $NetBSD: bsd.pkg.readme.mk,v 1.13 2007/08/29 23:26:30 adrianp Exp $
#
# This Makefile fragment is included by bsd.pkg.mk and encapsulates the
# code to produce README.html files in each package directory.
@@ -235,7 +235,7 @@ SED_HOMEPAGE_EXPR= -e 's|%%HOMEPAGE%%||'
# XXX: have complex names in the pkg-vulnerabilties file.
# XXX: e.g. php{4,5}-perl and sun-{jdk,jre}15
# XXX: Post pkg_install-20070714 only currently known vulnerabilities are
-# XXX: shown in the generated files for packages.
+# XXX: shown in the generated README.html files for packages.
#
.PHONY: show-vulnerabilities-html
show-vulnerabilities-html:
@@ -299,6 +299,7 @@ README.html: .PRECIOUS
PKG_URL=${PKG_URL:Q} \
PKGSRCDIR=${.CURDIR:C|/[^/]*/[^/]*$||:Q} \
PVDIR=$$_PVDIR \
+ PKGTOOLS_VER=${PKGTOOLS_VERSION} \
SED=${SED:Q} \
SETENV=${SETENV:Q} \
SORT=${SORT:Q} \
diff --git a/mk/scripts/genreadme.awk b/mk/scripts/genreadme.awk
index 5fdf718bfd8..320afb5a35d 100755
--- a/mk/scripts/genreadme.awk
+++ b/mk/scripts/genreadme.awk
@@ -1,5 +1,5 @@
#!/usr/bin/awk -f
-# $NetBSD: genreadme.awk,v 1.27 2007/05/28 11:07:00 martti Exp $
+# $NetBSD: genreadme.awk,v 1.28 2007/08/29 23:26:30 adrianp Exp $
#
# Copyright (c) 2002, 2003, 2005, 2006 The NetBSD Foundation, Inc.
# All rights reserved.
@@ -372,8 +372,15 @@ END {
if (debug) printf("wrote = %d entries to \"%s\"\n",
i-1, htmldeps_file);
+# XXX: The code for the pkg_install<20070714 vulnerability checks are
+# XXX: broken. It will not find vulnerabilities in any packages that
+# XXX: have complex names in the pkg-vulnerabilties file.
+# XXX: e.g. php{4,5}-perl and sun-{jdk,jre}15
+# XXX: Post pkg_install-20070714 only currently known vulnerabilities are
+# XXX: shown in the generated README.html files for packages.
+
vul = "";
- if (have_vfile) {
+ if (have_vfile && PKGTOOLS_VER < 20070714) {
i = 1;
pkgbase = pkgdir2name[toppkg];
gsub(/-[^-]*$/, "", pkgbase);
@@ -403,6 +410,26 @@ END {
}
}
+ if (have_vfile && PKGTOOLS_VER >= 20070714) {
+ pkg = pkgdir2name[toppkg];
+
+ if (debug) {
+ printf("Checking for %s (%s) vulnerabilities\n",
+ toppkg, pkg);
+ }
+
+ cmd = sprintf("audit-packages -n %s", pkg);
+ while (cmd | getline vuln_entry) {
+ split(vuln_entry, entry, " ");
+ vul = sprintf("%s<LI><STRONG>%s has a <a href=\"%s\">%s</a> vulnerability</STRONG></LI>\n",
+ vul, pkg, entry[8], entry[5]);
+ }
+ close(cmd);
+
+ if ( vul == "" ){
+ vul="<I>(no vulnerabilities known)</I>";
+ }
+ }
if (debug) {
printf("Checking for binary package with lookup_cache( %s)\n",