pkg_install-20080415:

Add audit-history subcommand for pkg_admin, that lists all known vulnerabilities for a given base package name. E.g. if you run a web server, don't run "pkg_admin audit-history php" before going to bed.
author: joerg <joerg@pkgsrc.org> 2008-04-16 00:53:06 +0000
committer: joerg <joerg@pkgsrc.org> 2008-04-16 00:53:06 +0000
commit: d82752f969d56953c5ae48158a47f62705b870bc (patch)
tree: 90843b2d75c289e93b1e5f77f185fd856668531f /pkgtools/pkg_install
parent: d9da2d5ff729eb4a765c107dd340154e5bb41fe4 (diff)
download: pkgsrc-d82752f969d56953c5ae48158a47f62705b870bc.tar.gz
6 files changed, 136 insertions, 7 deletions
diff --git a/pkgtools/pkg_install/files/admin/admin.h b/pkgtools/pkg_install/files/admin/admin.h
index f7c9644e84e..d3090416e5f 100644
--- a/pkgtools/pkg_install/files/admin/admin.h
+++ b/pkgtools/pkg_install/files/admin/admin.h
@@ -45,6 +45,7 @@ void 	check(char **);
 void	audit_pkgdb(int, char **);
 void	audit_pkg(int, char **);
 void	audit_batch(int, char **);
+void	audit_history(int, char **);
 void	check_pkg_vulnerabilities(int, char **);
 void	fetch_pkg_vulnerabilities(int, char **);
 
diff --git a/pkgtools/pkg_install/files/admin/audit.c b/pkgtools/pkg_install/files/admin/audit.c
index a6ef50a4ae9..6707c5873ca 100644
--- a/pkgtools/pkg_install/files/admin/audit.c
+++ b/pkgtools/pkg_install/files/admin/audit.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: audit.c,v 1.7 2008/04/15 22:24:38 joerg Exp $	*/
+/*	$NetBSD: audit.c,v 1.8 2008/04/16 00:53:06 joerg Exp $	*/
 
 #if HAVE_CONFIG_H
 #include "config.h"
@@ -8,7 +8,7 @@
 #include <sys/cdefs.h>
 #endif
 #ifndef lint
-__RCSID("$NetBSD: audit.c,v 1.7 2008/04/15 22:24:38 joerg Exp $");
+__RCSID("$NetBSD: audit.c,v 1.8 2008/04/16 00:53:06 joerg Exp $");
 #endif
 
 /*-
@@ -386,3 +386,123 @@ fetch_pkg_vulnerabilities(int argc, char **argv)
 
 	exit(EXIT_SUCCESS);
 }
+
+static int
+check_pkg_history_pattern(const char *pkg, const char *pattern)
+{
+	const char *delim, *end_base;
+
+	if ((delim = strchr(pattern, '*')) != NULL) {
+		if ((end_base = strrchr(pattern, '-')) == NULL)
+			errx(EXIT_FAILURE, "Missing - in wildcard pattern %s",
+			    pattern);
+		if ((delim = strchr(pattern, '>')) != NULL ||
+		    (delim = strchr(pattern, '<')) != NULL)
+			errx(EXIT_FAILURE,
+			    "Mixed relational and wildcard patterns in %s",
+			    pattern);
+	} else if ((delim = strchr(pattern, '>')) != NULL) {
+		end_base = delim;
+		if ((delim = strchr(pattern, '<')) != NULL && delim < end_base)
+			errx(EXIT_FAILURE, "Inverted operators in %s",
+			    pattern);
+	} else if ((delim = strchr(pattern, '<')) != NULL) {
+		end_base = delim;
+	} else if ((end_base = strrchr(pattern, '-')) == NULL) {
+		errx(EXIT_FAILURE, "Missing - in absolute pattern %s",
+		    pattern);
+	}
+
+	if (strncmp(pkg, pattern, end_base - pattern) != 0)
+		return 0;
+	if (pkg[end_base - pattern] != '\0')
+		return 0;
+
+	return 1;
+}
+
+static int
+check_pkg_history1(const char *pkg, const char *pattern)
+{
+	const char *open_brace, *close_brace, *inner_brace, *suffix, *iter;
+	size_t prefix_len, suffix_len, middle_len;
+	char *expanded_pkg;
+
+	open_brace = strchr(pattern, '{');
+	if (open_brace == NULL) {
+		if ((close_brace = strchr(pattern, '}')) != NULL)
+			errx(EXIT_FAILURE, "Unbalanced {} in pattern %s",
+			    pattern);
+		return check_pkg_history_pattern(pkg, pattern);
+	}
+	close_brace = strchr(open_brace, '}');
+	if (strchr(pattern, '}') != close_brace)
+		errx(EXIT_FAILURE, "Unbalanced {} in pattern %s",
+		    pattern);
+
+	while ((inner_brace = strchr(open_brace + 1, '{')) != NULL) {
+		if (inner_brace >= close_brace)
+			break;
+		open_brace = inner_brace;
+	}
+
+	expanded_pkg = malloc(strlen(pattern)); /* {} are going away... */
+	if (expanded_pkg == NULL)
+		err(EXIT_FAILURE, "malloc failed");
+
+	prefix_len = open_brace - pattern;
+	suffix = close_brace + 1;
+	suffix_len = strlen(suffix) + 1;
+	memcpy(expanded_pkg, pattern, prefix_len);
+
+	++open_brace;
+
+	do {
+		iter = strchr(open_brace, ',');
+		if (iter == NULL || iter > close_brace)
+			iter = close_brace;
+
+		middle_len = iter - open_brace;
+		memcpy(expanded_pkg + prefix_len, open_brace, middle_len);
+		memcpy(expanded_pkg + prefix_len + middle_len, suffix,
+		    suffix_len);
+		if (check_pkg_history1(pkg, expanded_pkg)) {
+			free(expanded_pkg);
+			return 1;
+		}
+		open_brace = iter + 1;
+	} while (iter < close_brace);
+
+	free(expanded_pkg);
+	return 0;
+}
+
+static void
+check_pkg_history(const char *pkg)
+{
+	size_t i;
+
+	for (i = 0; i < pv->entries; ++i) {
+		if (strcmp("eol", pv->classification[i]) == 0)
+			continue;
+		if (check_pkg_history1(pkg, pv->vulnerability[i]) == 0)
+			continue;
+
+		printf("%s %s %s\n", pv->vulnerability[i],
+		    pv->classification[i], pv->advisory[i]);
+	}
+}
+
+void
+audit_history(int argc, char **argv)
+{
+	parse_options(argc, argv);
+	argv += optind;
+
+	check_and_read_pkg_vulnerabilities();
+	for (; *argv != NULL; ++argv)
+		check_pkg_history(*argv);
+
+	free_pkg_vulnerabilities(pv);
+	exit(EXIT_SUCCESS);
+}
diff --git a/pkgtools/pkg_install/files/admin/main.c b/pkgtools/pkg_install/files/admin/main.c
index a3952e6a80d..8f55980bbdd 100644
--- a/pkgtools/pkg_install/files/admin/main.c
+++ b/pkgtools/pkg_install/files/admin/main.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: main.c,v 1.41 2008/04/07 13:07:14 joerg Exp $	*/
+/*	$NetBSD: main.c,v 1.42 2008/04/16 00:53:06 joerg Exp $	*/
 
 #if HAVE_CONFIG_H
 #include "config.h"
@@ -8,7 +8,7 @@
 #include <sys/cdefs.h>
 #endif
 #ifndef lint
-__RCSID("$NetBSD: main.c,v 1.41 2008/04/07 13:07:14 joerg Exp $");
+__RCSID("$NetBSD: main.c,v 1.42 2008/04/16 00:53:06 joerg Exp $");
 #endif
 
 /*-
@@ -116,6 +116,7 @@ usage(void)
 	    " audit [-es] [-t type] ...       - check installed packages for vulnerabilities\n"
 	    " audit-pkg [-es] [-t type] ...   - check listed packages for vulnerabilities\n"
 	    " audit-batch [-es] [-t type] ... - check packages in listed files for vulnerabilities\n"
+	    " audit-history [-t type] ...     - print all advisories for package names\n"
 	    " config-var name                 - print current value of the configuration variable\n",
 	    getprogname());
 	exit(EXIT_FAILURE);
@@ -539,6 +540,8 @@ main(int argc, char *argv[])
 		audit_pkg(--argc, ++argv);
 	} else if (strcasecmp(argv[0], "audit-batch") == 0) {
 		audit_batch(--argc, ++argv);
+	} else if (strcasecmp(argv[0], "audit-history") == 0) {
+		audit_history(--argc, ++argv);
 	}
 #endif
 #ifdef PKGDB_DEBUG
diff --git a/pkgtools/pkg_install/files/admin/pkg_admin.1 b/pkgtools/pkg_install/files/admin/pkg_admin.1
index bc74c163b4c..03e813b848c 100644
--- a/pkgtools/pkg_install/files/admin/pkg_admin.1
+++ b/pkgtools/pkg_install/files/admin/pkg_admin.1
@@ -1,4 +1,4 @@
-.\"	$NetBSD: pkg_admin.1,v 1.17 2008/04/07 13:07:14 joerg Exp $
+.\"	$NetBSD: pkg_admin.1,v 1.18 2008/04/16 00:53:06 joerg Exp $
 .\"
 .\" Copyright (c) 1999-2008 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -137,6 +137,8 @@ but check only the given package names or patterns.
 Like
 .Cm audit-pkg ,
 but read the package names or patterns one per line from the given files.
+.It Cm audit-history Oo Fl t Ar type Oc Oo Ar pkgbase Oc ...
+Print all vulnerabilities for the given base package names.
 .It Cm check Op Ar pkg ...
 Use this command to check the files belonging to some or all of the
 packages installed on the local machine against the checksum
diff --git a/pkgtools/pkg_install/files/admin/pkg_admin.cat1 b/pkgtools/pkg_install/files/admin/pkg_admin.cat1
index f8e4f609dd3..74a53e3a807 100644
--- a/pkgtools/pkg_install/files/admin/pkg_admin.cat1
+++ b/pkgtools/pkg_install/files/admin/pkg_admin.cat1
@@ -69,6 +69,9 @@ OOPPTTIIOONNSS
              Like aauuddiitt--ppkkgg, but read the package names or patterns one per
              line from the given files.
 
+     aauuddiitt--hhiissttoorryy [--tt _t_y_p_e] [_p_k_g_b_a_s_e] ...
+             Print all vulnerabilities for the given base package names.
+
      cchheecckk [_p_k_g _._._.]
              Use this command to check the files belonging to some or all of
              the packages installed on the local machine against the checksum
diff --git a/pkgtools/pkg_install/files/lib/version.h b/pkgtools/pkg_install/files/lib/version.h
index 3943599651d..048ae938095 100644
--- a/pkgtools/pkg_install/files/lib/version.h
+++ b/pkgtools/pkg_install/files/lib/version.h
@@ -1,4 +1,4 @@
-/*	$NetBSD: version.h,v 1.99 2008/04/07 13:07:14 joerg Exp $	*/
+/*	$NetBSD: version.h,v 1.100 2008/04/16 00:53:06 joerg Exp $	*/
 
 /*
  * Copyright (c) 2001 Thomas Klausner.  All rights reserved.
@@ -33,6 +33,6 @@
 #ifndef _INST_LIB_VERSION_H_
 #define _INST_LIB_VERSION_H_
 
-#define PKGTOOLS_VERSION "20080407"
+#define PKGTOOLS_VERSION "20080415"
 
 #endif /* _INST_LIB_VERSION_H_ */
author	joerg <joerg@pkgsrc.org>	2008-04-16 00:53:06 +0000
committer	joerg <joerg@pkgsrc.org>	2008-04-16 00:53:06 +0000
commit	d82752f969d56953c5ae48158a47f62705b870bc (patch)
tree	90843b2d75c289e93b1e5f77f185fd856668531f /pkgtools/pkg_install
parent	d9da2d5ff729eb4a765c107dd340154e5bb41fe4 (diff)
download	pkgsrc-d82752f969d56953c5ae48158a47f62705b870bc.tar.gz