diff options
author | adrianp <adrianp> | 2007-08-29 23:26:30 +0000 |
---|---|---|
committer | adrianp <adrianp> | 2007-08-29 23:26:30 +0000 |
commit | ba4e8251fe7e2717e2bdf3d080e752fe6b769bf1 (patch) | |
tree | 3dac5f7b1140e6a1c1cb0226bba29f9c6b818b37 /mk | |
parent | 67be63f863c3d2f0e7bb4d0334a5103050fcc74b (diff) | |
download | pkgsrc-ba4e8251fe7e2717e2bdf3d080e752fe6b769bf1.tar.gz |
The code for the pkg_install<20070714 vulnerability checks used in the
README.html generation are broken. It will not find vulnerabilities in any
packages that have complex names in the pkg-vulnerabilties file.
e.g. php{4,5}-perl and sun-{jdk,jre}15
Post pkg_install-20070714 this is now fixed and only currently known
vulnerabilities are shown in the generated README.html files for packages.
You will need to update to pkg_install>=20070714 to get this fix.
Diffstat (limited to 'mk')
-rw-r--r-- | mk/bsd.pkg.readme.mk | 5 | ||||
-rwxr-xr-x | mk/scripts/genreadme.awk | 31 |
2 files changed, 32 insertions, 4 deletions
diff --git a/mk/bsd.pkg.readme.mk b/mk/bsd.pkg.readme.mk index 3c4855d573f..40c6eef1811 100644 --- a/mk/bsd.pkg.readme.mk +++ b/mk/bsd.pkg.readme.mk @@ -1,4 +1,4 @@ -# $NetBSD: bsd.pkg.readme.mk,v 1.12 2007/08/13 09:45:49 rillig Exp $ +# $NetBSD: bsd.pkg.readme.mk,v 1.13 2007/08/29 23:26:30 adrianp Exp $ # # This Makefile fragment is included by bsd.pkg.mk and encapsulates the # code to produce README.html files in each package directory. @@ -235,7 +235,7 @@ SED_HOMEPAGE_EXPR= -e 's|%%HOMEPAGE%%||' # XXX: have complex names in the pkg-vulnerabilties file. # XXX: e.g. php{4,5}-perl and sun-{jdk,jre}15 # XXX: Post pkg_install-20070714 only currently known vulnerabilities are -# XXX: shown in the generated files for packages. +# XXX: shown in the generated README.html files for packages. # .PHONY: show-vulnerabilities-html show-vulnerabilities-html: @@ -299,6 +299,7 @@ README.html: .PRECIOUS PKG_URL=${PKG_URL:Q} \ PKGSRCDIR=${.CURDIR:C|/[^/]*/[^/]*$||:Q} \ PVDIR=$$_PVDIR \ + PKGTOOLS_VER=${PKGTOOLS_VERSION} \ SED=${SED:Q} \ SETENV=${SETENV:Q} \ SORT=${SORT:Q} \ diff --git a/mk/scripts/genreadme.awk b/mk/scripts/genreadme.awk index 5fdf718bfd8..320afb5a35d 100755 --- a/mk/scripts/genreadme.awk +++ b/mk/scripts/genreadme.awk @@ -1,5 +1,5 @@ #!/usr/bin/awk -f -# $NetBSD: genreadme.awk,v 1.27 2007/05/28 11:07:00 martti Exp $ +# $NetBSD: genreadme.awk,v 1.28 2007/08/29 23:26:30 adrianp Exp $ # # Copyright (c) 2002, 2003, 2005, 2006 The NetBSD Foundation, Inc. # All rights reserved. @@ -372,8 +372,15 @@ END { if (debug) printf("wrote = %d entries to \"%s\"\n", i-1, htmldeps_file); +# XXX: The code for the pkg_install<20070714 vulnerability checks are +# XXX: broken. It will not find vulnerabilities in any packages that +# XXX: have complex names in the pkg-vulnerabilties file. +# XXX: e.g. php{4,5}-perl and sun-{jdk,jre}15 +# XXX: Post pkg_install-20070714 only currently known vulnerabilities are +# XXX: shown in the generated README.html files for packages. + vul = ""; - if (have_vfile) { + if (have_vfile && PKGTOOLS_VER < 20070714) { i = 1; pkgbase = pkgdir2name[toppkg]; gsub(/-[^-]*$/, "", pkgbase); @@ -403,6 +410,26 @@ END { } } + if (have_vfile && PKGTOOLS_VER >= 20070714) { + pkg = pkgdir2name[toppkg]; + + if (debug) { + printf("Checking for %s (%s) vulnerabilities\n", + toppkg, pkg); + } + + cmd = sprintf("audit-packages -n %s", pkg); + while (cmd | getline vuln_entry) { + split(vuln_entry, entry, " "); + vul = sprintf("%s<LI><STRONG>%s has a <a href=\"%s\">%s</a> vulnerability</STRONG></LI>\n", + vul, pkg, entry[8], entry[5]); + } + close(cmd); + + if ( vul == "" ){ + vul="<I>(no vulnerabilities known)</I>"; + } + } if (debug) { printf("Checking for binary package with lookup_cache( %s)\n", |