summaryrefslogtreecommitdiff
path: root/pkgtools
diff options
context:
space:
mode:
authorginsbach <ginsbach@pkgsrc.org>2018-02-26 23:45:01 +0000
committerginsbach <ginsbach@pkgsrc.org>2018-02-26 23:45:01 +0000
commit10a51ed802ecacd90a957a21682e3d8b72b30faa (patch)
tree18c0d7d60834dad7737cce49b55fde726e47780a /pkgtools
parentcef84cd81c7460aaab8783c82c7e29dae4f8af75 (diff)
downloadpkgsrc-10a51ed802ecacd90a957a21682e3d8b72b30faa.tar.gz
pkg_install-20180226:
- add option to include IGNORE_URL pkg_install.conf entries in audit but flagged as "ignored". - bump version to 20180226
Diffstat (limited to 'pkgtools')
-rw-r--r--pkgtools/pkg_install/files/add/perform.c6
-rw-r--r--pkgtools/pkg_install/files/admin/audit.c13
-rw-r--r--pkgtools/pkg_install/files/admin/main.c10
-rw-r--r--pkgtools/pkg_install/files/admin/pkg_admin.119
-rw-r--r--pkgtools/pkg_install/files/admin/pkg_admin.cat16
-rw-r--r--pkgtools/pkg_install/files/lib/lib.h4
-rw-r--r--pkgtools/pkg_install/files/lib/version.h4
-rw-r--r--pkgtools/pkg_install/files/lib/vulnerabilities-file.c19
8 files changed, 55 insertions, 36 deletions
diff --git a/pkgtools/pkg_install/files/add/perform.c b/pkgtools/pkg_install/files/add/perform.c
index e954cbed2e8..c0111998c23 100644
--- a/pkgtools/pkg_install/files/add/perform.c
+++ b/pkgtools/pkg_install/files/add/perform.c
@@ -1,4 +1,4 @@
-/* $NetBSD: perform.c,v 1.109 2017/04/19 21:42:50 joerg Exp $ */
+/* $NetBSD: perform.c,v 1.110 2018/02/26 23:45:01 ginsbach Exp $ */
#if HAVE_CONFIG_H
#include "config.h"
#endif
@@ -6,7 +6,7 @@
#if HAVE_SYS_CDEFS_H
#include <sys/cdefs.h>
#endif
-__RCSID("$NetBSD: perform.c,v 1.109 2017/04/19 21:42:50 joerg Exp $");
+__RCSID("$NetBSD: perform.c,v 1.110 2018/02/26 23:45:01 ginsbach Exp $");
/*-
* Copyright (c) 2003 Grant Beattie <grant@NetBSD.org>
@@ -1318,7 +1318,7 @@ check_vulnerable(struct pkg_task *pkg)
return require_check;
}
- if (!audit_package(pv, pkg->pkgname, NULL, 2))
+ if (!audit_package(pv, pkg->pkgname, NULL, 0, 2))
return 0;
if (require_check)
diff --git a/pkgtools/pkg_install/files/admin/audit.c b/pkgtools/pkg_install/files/admin/audit.c
index fce7c1a5a55..a3b445ef570 100644
--- a/pkgtools/pkg_install/files/admin/audit.c
+++ b/pkgtools/pkg_install/files/admin/audit.c
@@ -1,4 +1,4 @@
-/* $NetBSD: audit.c,v 1.17 2011/02/18 15:59:52 aymeric Exp $ */
+/* $NetBSD: audit.c,v 1.18 2018/02/26 23:45:02 ginsbach Exp $ */
#if HAVE_CONFIG_H
#include "config.h"
@@ -7,7 +7,7 @@
#if HAVE_SYS_CDEFS_H
#include <sys/cdefs.h>
#endif
-__RCSID("$NetBSD: audit.c,v 1.17 2011/02/18 15:59:52 aymeric Exp $");
+__RCSID("$NetBSD: audit.c,v 1.18 2018/02/26 23:45:02 ginsbach Exp $");
/*-
* Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>.
@@ -73,13 +73,14 @@ __RCSID("$NetBSD: audit.c,v 1.17 2011/02/18 15:59:52 aymeric Exp $");
#include "admin.h"
#include "lib.h"
+static int check_ignored_advisories = 0;
static int check_signature = 0;
static const char *limit_vul_types = NULL;
static int update_pkg_vuln = 0;
static struct pkg_vulnerabilities *pv;
-static const char audit_options[] = "est:";
+static const char audit_options[] = "eist:";
static void
parse_options(int argc, char **argv, const char *options)
@@ -101,6 +102,9 @@ parse_options(int argc, char **argv, const char *options)
case 'e':
check_eol = "yes";
break;
+ case 'i':
+ check_ignored_advisories = 1;
+ break;
case 's':
check_signature = 1;
break;
@@ -122,7 +126,8 @@ parse_options(int argc, char **argv, const char *options)
static int
check_exact_pkg(const char *pkg)
{
- return audit_package(pv, pkg, limit_vul_types, quiet ? 0 : 1);
+ return audit_package(pv, pkg, limit_vul_types,
+ check_ignored_advisories, quiet ? 0 : 1);
}
static int
diff --git a/pkgtools/pkg_install/files/admin/main.c b/pkgtools/pkg_install/files/admin/main.c
index 482f8b0aa92..e018d8994d5 100644
--- a/pkgtools/pkg_install/files/admin/main.c
+++ b/pkgtools/pkg_install/files/admin/main.c
@@ -1,4 +1,4 @@
-/* $NetBSD: main.c,v 1.65 2017/04/19 21:42:50 joerg Exp $ */
+/* $NetBSD: main.c,v 1.66 2018/02/26 23:45:02 ginsbach Exp $ */
#if HAVE_CONFIG_H
#include "config.h"
@@ -7,7 +7,7 @@
#if HAVE_SYS_CDEFS_H
#include <sys/cdefs.h>
#endif
-__RCSID("$NetBSD: main.c,v 1.65 2017/04/19 21:42:50 joerg Exp $");
+__RCSID("$NetBSD: main.c,v 1.66 2018/02/26 23:45:02 ginsbach Exp $");
/*-
* Copyright (c) 1999-2009 The NetBSD Foundation, Inc.
@@ -112,9 +112,9 @@ usage(void)
" pmatch pattern pkg - returns true if pkg matches pattern, otherwise false\n"
" fetch-pkg-vulnerabilities [-s] - fetch new vulnerability file\n"
" check-pkg-vulnerabilities [-s] <file> - check syntax and checksums of the vulnerability file\n"
- " audit [-es] [-t type] ... - check installed packages for vulnerabilities\n"
- " audit-pkg [-es] [-t type] ... - check listed packages for vulnerabilities\n"
- " audit-batch [-es] [-t type] ... - check packages in listed files for vulnerabilities\n"
+ " audit [-eis] [-t type] ... - check installed packages for vulnerabilities\n"
+ " audit-pkg [-eis] [-t type] ... - check listed packages for vulnerabilities\n"
+ " audit-batch [-eis] [-t type] ... - check packages in listed files for vulnerabilities\n"
" audit-history [-t type] ... - print all advisories for package names\n"
" check-license <condition> - check if condition is acceptable\n"
" check-single-license <license> - check if license is acceptable\n"
diff --git a/pkgtools/pkg_install/files/admin/pkg_admin.1 b/pkgtools/pkg_install/files/admin/pkg_admin.1
index ea4ac6f3d4e..a96daa1ff6e 100644
--- a/pkgtools/pkg_install/files/admin/pkg_admin.1
+++ b/pkgtools/pkg_install/files/admin/pkg_admin.1
@@ -1,4 +1,4 @@
-.\" $NetBSD: pkg_admin.1,v 1.34 2014/12/30 15:13:20 wiz Exp $
+.\" $NetBSD: pkg_admin.1,v 1.35 2018/02/26 23:45:02 ginsbach Exp $
.\"
.\" Copyright (c) 1999-2010 The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -34,7 +34,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd December 27, 2014
+.Dd February 25, 2018
.Dt PKG_ADMIN 1
.Os
.Sh NAME
@@ -106,7 +106,7 @@ Be more verbose.
.Pp
The following commands are supported:
.Bl -tag -width indent
-.It Cm audit Oo Fl es Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ...
+.It Cm audit Oo Fl eis Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ...
Check the listed installed packages for vulnerabilities.
If no package is given, check all installed packages.
If
@@ -118,16 +118,25 @@ option from
with
.Qq Li yes .
If
+.Fl i
+is given,
+any advisory ignored by
+.Dv IGNORE_URL
+in
+.Xr pkg_install.conf 5
+is included but flagged as
+.Qq ignored .
+If
.Fl s
is given, check the signature of the pkg-vulnerabilities file before using it.
.Fl t
restricts the reported vulnerabilities to type
.Ar type .
-.It Cm audit-pkg Oo Fl es Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ...
+.It Cm audit-pkg Oo Fl eis Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ...
Like
.Cm audit ,
but check only the given package names or patterns.
-.It Cm audit-batch Oo Fl es Oc Oo Fl t Ar type Oc Oo Ar pkg-list Oc ...
+.It Cm audit-batch Oo Fl eis Oc Oo Fl t Ar type Oc Oo Ar pkg-list Oc ...
Like
.Cm audit-pkg ,
but read the package names or patterns one per line from the given files.
diff --git a/pkgtools/pkg_install/files/admin/pkg_admin.cat b/pkgtools/pkg_install/files/admin/pkg_admin.cat
index 4e751d493ff..8173dee12a7 100644
--- a/pkgtools/pkg_install/files/admin/pkg_admin.cat
+++ b/pkgtools/pkg_install/files/admin/pkg_admin.cat
@@ -47,18 +47,20 @@ OOPPTTIIOONNSS
The following commands are supported:
- aauuddiitt [--eess] [--tt _t_y_p_e] [_p_k_g] ...
+ aauuddiitt [--eeiiss] [--tt _t_y_p_e] [_p_k_g] ...
Check the listed installed packages for vulnerabilities. If no
package is given, check all installed packages. If --ee is given,
override the CHECK_END_OF_LIFE option from pkg_install.conf(5)
- with "yes". If --ss is given, check the signature of the pkg-
- vulnerabilities file before using it. --tt restricts the reported
- vulnerabilities to type _t_y_p_e.
+ with "yes". If --ii is given, any advisory ignored by IGNORE_URL
+ in pkg_install.conf(5) is included but flagged as "ignored". If
+ --ss is given, check the signature of the pkg-vulnerabilities file
+ before using it. --tt restricts the reported vulnerabilities to
+ type _t_y_p_e.
- aauuddiitt--ppkkgg [--eess] [--tt _t_y_p_e] [_p_k_g] ...
+ aauuddiitt--ppkkgg [--eeiiss] [--tt _t_y_p_e] [_p_k_g] ...
Like aauuddiitt, but check only the given package names or patterns.
- aauuddiitt--bbaattcchh [--eess] [--tt _t_y_p_e] [_p_k_g_-_l_i_s_t] ...
+ aauuddiitt--bbaattcchh [--eeiiss] [--tt _t_y_p_e] [_p_k_g_-_l_i_s_t] ...
Like aauuddiitt--ppkkgg, but read the package names or patterns one per
line from the given files.
@@ -204,4 +206,4 @@ HHIISSTTOORRYY
AAUUTTHHOORRSS
The ppkkgg__aaddmmiinn command was written by Hubert Feyrer.
-pkgsrc December 27, 2014 pkgsrc
+pkgsrc February 25, 2018 pkgsrc
diff --git a/pkgtools/pkg_install/files/lib/lib.h b/pkgtools/pkg_install/files/lib/lib.h
index d4e72ce2f79..17fe9231c59 100644
--- a/pkgtools/pkg_install/files/lib/lib.h
+++ b/pkgtools/pkg_install/files/lib/lib.h
@@ -1,4 +1,4 @@
-/* $NetBSD: lib.h,v 1.68 2017/04/19 21:42:50 joerg Exp $ */
+/* $NetBSD: lib.h,v 1.69 2018/02/26 23:45:02 ginsbach Exp $ */
/* from FreeBSD Id: lib.h,v 1.25 1997/10/08 07:48:03 charnier Exp */
@@ -374,7 +374,7 @@ struct pkg_vulnerabilities *read_pkg_vulnerabilities_file(const char *, int, int
struct pkg_vulnerabilities *read_pkg_vulnerabilities_memory(void *, size_t, int);
void free_pkg_vulnerabilities(struct pkg_vulnerabilities *);
int audit_package(struct pkg_vulnerabilities *, const char *, const char *,
- int);
+ int, int);
/* Parse configuration file */
void pkg_install_config(void);
diff --git a/pkgtools/pkg_install/files/lib/version.h b/pkgtools/pkg_install/files/lib/version.h
index 3bb89b7801c..469e11d7d75 100644
--- a/pkgtools/pkg_install/files/lib/version.h
+++ b/pkgtools/pkg_install/files/lib/version.h
@@ -1,4 +1,4 @@
-/* $NetBSD: version.h,v 1.172 2017/10/30 12:03:50 jperkin Exp $ */
+/* $NetBSD: version.h,v 1.173 2018/02/26 23:45:02 ginsbach Exp $ */
/*
* Copyright (c) 2001 Thomas Klausner. All rights reserved.
@@ -27,6 +27,6 @@
#ifndef _INST_LIB_VERSION_H_
#define _INST_LIB_VERSION_H_
-#define PKGTOOLS_VERSION 20171030
+#define PKGTOOLS_VERSION 20180226
#endif /* _INST_LIB_VERSION_H_ */
diff --git a/pkgtools/pkg_install/files/lib/vulnerabilities-file.c b/pkgtools/pkg_install/files/lib/vulnerabilities-file.c
index 614522220bb..8991e4eb0dc 100644
--- a/pkgtools/pkg_install/files/lib/vulnerabilities-file.c
+++ b/pkgtools/pkg_install/files/lib/vulnerabilities-file.c
@@ -1,4 +1,4 @@
-/* $NetBSD: vulnerabilities-file.c,v 1.9 2017/04/19 21:42:50 joerg Exp $ */
+/* $NetBSD: vulnerabilities-file.c,v 1.10 2018/02/26 23:45:02 ginsbach Exp $ */
/*-
* Copyright (c) 2008, 2010 Joerg Sonnenberger <joerg@NetBSD.org>.
@@ -38,7 +38,7 @@
#if HAVE_SYS_CDEFS_H
#include <sys/cdefs.h>
#endif
-__RCSID("$NetBSD: vulnerabilities-file.c,v 1.9 2017/04/19 21:42:50 joerg Exp $");
+__RCSID("$NetBSD: vulnerabilities-file.c,v 1.10 2018/02/26 23:45:02 ginsbach Exp $");
#if HAVE_SYS_STAT_H
#include <sys/stat.h>
@@ -608,18 +608,19 @@ check_ignored_entry(struct pkg_vulnerabilities *pv, size_t i)
int
audit_package(struct pkg_vulnerabilities *pv, const char *pkgname,
- const char *limit_vul_types, int output_type)
+ const char *limit_vul_types, int include_ignored, int output_type)
{
FILE *output = output_type == 1 ? stdout : stderr;
size_t i;
- int retval, do_eol;
+ int retval, do_eol, ignored;
retval = 0;
do_eol = (strcasecmp(check_eol, "yes") == 0);
for (i = 0; i < pv->entries; ++i) {
- if (check_ignored_entry(pv, i))
+ ignored = check_ignored_entry(pv, i);
+ if (ignored && !include_ignored)
continue;
if (limit_vul_types != NULL &&
strcmp(limit_vul_types, pv->classification[i]))
@@ -642,11 +643,13 @@ audit_package(struct pkg_vulnerabilities *pv, const char *pkgname,
}
retval = 1;
if (output_type == 0) {
- puts(pkgname);
+ fprintf(stdout, "%s%s\n",
+ pkgname, ignored ? " (ignored)" : "");
} else {
fprintf(output,
- "Package %s has a %s vulnerability, see %s\n",
- pkgname, pv->classification[i], pv->advisory[i]);
+ "Package %s has a%s %s vulnerability, see %s\n",
+ pkgname, ignored ? "n ignored" : "",
+ pv->classification[i], pv->advisory[i]);
}
}
return retval;
generated by cgit v1.2.3 (git 2.39.1) at 2024-10-06 20:24:39 +0000