diff options
author | ginsbach <ginsbach@pkgsrc.org> | 2018-02-26 23:45:01 +0000 |
---|---|---|
committer | ginsbach <ginsbach@pkgsrc.org> | 2018-02-26 23:45:01 +0000 |
commit | 10a51ed802ecacd90a957a21682e3d8b72b30faa (patch) | |
tree | 18c0d7d60834dad7737cce49b55fde726e47780a /pkgtools | |
parent | cef84cd81c7460aaab8783c82c7e29dae4f8af75 (diff) | |
download | pkgsrc-10a51ed802ecacd90a957a21682e3d8b72b30faa.tar.gz |
pkg_install-20180226:
- add option to include IGNORE_URL pkg_install.conf entries in audit
but flagged as "ignored".
- bump version to 20180226
Diffstat (limited to 'pkgtools')
-rw-r--r-- | pkgtools/pkg_install/files/add/perform.c | 6 | ||||
-rw-r--r-- | pkgtools/pkg_install/files/admin/audit.c | 13 | ||||
-rw-r--r-- | pkgtools/pkg_install/files/admin/main.c | 10 | ||||
-rw-r--r-- | pkgtools/pkg_install/files/admin/pkg_admin.1 | 19 | ||||
-rw-r--r-- | pkgtools/pkg_install/files/admin/pkg_admin.cat | 16 | ||||
-rw-r--r-- | pkgtools/pkg_install/files/lib/lib.h | 4 | ||||
-rw-r--r-- | pkgtools/pkg_install/files/lib/version.h | 4 | ||||
-rw-r--r-- | pkgtools/pkg_install/files/lib/vulnerabilities-file.c | 19 |
8 files changed, 55 insertions, 36 deletions
diff --git a/pkgtools/pkg_install/files/add/perform.c b/pkgtools/pkg_install/files/add/perform.c index e954cbed2e8..c0111998c23 100644 --- a/pkgtools/pkg_install/files/add/perform.c +++ b/pkgtools/pkg_install/files/add/perform.c @@ -1,4 +1,4 @@ -/* $NetBSD: perform.c,v 1.109 2017/04/19 21:42:50 joerg Exp $ */ +/* $NetBSD: perform.c,v 1.110 2018/02/26 23:45:01 ginsbach Exp $ */ #if HAVE_CONFIG_H #include "config.h" #endif @@ -6,7 +6,7 @@ #if HAVE_SYS_CDEFS_H #include <sys/cdefs.h> #endif -__RCSID("$NetBSD: perform.c,v 1.109 2017/04/19 21:42:50 joerg Exp $"); +__RCSID("$NetBSD: perform.c,v 1.110 2018/02/26 23:45:01 ginsbach Exp $"); /*- * Copyright (c) 2003 Grant Beattie <grant@NetBSD.org> @@ -1318,7 +1318,7 @@ check_vulnerable(struct pkg_task *pkg) return require_check; } - if (!audit_package(pv, pkg->pkgname, NULL, 2)) + if (!audit_package(pv, pkg->pkgname, NULL, 0, 2)) return 0; if (require_check) diff --git a/pkgtools/pkg_install/files/admin/audit.c b/pkgtools/pkg_install/files/admin/audit.c index fce7c1a5a55..a3b445ef570 100644 --- a/pkgtools/pkg_install/files/admin/audit.c +++ b/pkgtools/pkg_install/files/admin/audit.c @@ -1,4 +1,4 @@ -/* $NetBSD: audit.c,v 1.17 2011/02/18 15:59:52 aymeric Exp $ */ +/* $NetBSD: audit.c,v 1.18 2018/02/26 23:45:02 ginsbach Exp $ */ #if HAVE_CONFIG_H #include "config.h" @@ -7,7 +7,7 @@ #if HAVE_SYS_CDEFS_H #include <sys/cdefs.h> #endif -__RCSID("$NetBSD: audit.c,v 1.17 2011/02/18 15:59:52 aymeric Exp $"); +__RCSID("$NetBSD: audit.c,v 1.18 2018/02/26 23:45:02 ginsbach Exp $"); /*- * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>. @@ -73,13 +73,14 @@ __RCSID("$NetBSD: audit.c,v 1.17 2011/02/18 15:59:52 aymeric Exp $"); #include "admin.h" #include "lib.h" +static int check_ignored_advisories = 0; static int check_signature = 0; static const char *limit_vul_types = NULL; static int update_pkg_vuln = 0; static struct pkg_vulnerabilities *pv; -static const char audit_options[] = "est:"; +static const char audit_options[] = "eist:"; static void parse_options(int argc, char **argv, const char *options) @@ -101,6 +102,9 @@ parse_options(int argc, char **argv, const char *options) case 'e': check_eol = "yes"; break; + case 'i': + check_ignored_advisories = 1; + break; case 's': check_signature = 1; break; @@ -122,7 +126,8 @@ parse_options(int argc, char **argv, const char *options) static int check_exact_pkg(const char *pkg) { - return audit_package(pv, pkg, limit_vul_types, quiet ? 0 : 1); + return audit_package(pv, pkg, limit_vul_types, + check_ignored_advisories, quiet ? 0 : 1); } static int diff --git a/pkgtools/pkg_install/files/admin/main.c b/pkgtools/pkg_install/files/admin/main.c index 482f8b0aa92..e018d8994d5 100644 --- a/pkgtools/pkg_install/files/admin/main.c +++ b/pkgtools/pkg_install/files/admin/main.c @@ -1,4 +1,4 @@ -/* $NetBSD: main.c,v 1.65 2017/04/19 21:42:50 joerg Exp $ */ +/* $NetBSD: main.c,v 1.66 2018/02/26 23:45:02 ginsbach Exp $ */ #if HAVE_CONFIG_H #include "config.h" @@ -7,7 +7,7 @@ #if HAVE_SYS_CDEFS_H #include <sys/cdefs.h> #endif -__RCSID("$NetBSD: main.c,v 1.65 2017/04/19 21:42:50 joerg Exp $"); +__RCSID("$NetBSD: main.c,v 1.66 2018/02/26 23:45:02 ginsbach Exp $"); /*- * Copyright (c) 1999-2009 The NetBSD Foundation, Inc. @@ -112,9 +112,9 @@ usage(void) " pmatch pattern pkg - returns true if pkg matches pattern, otherwise false\n" " fetch-pkg-vulnerabilities [-s] - fetch new vulnerability file\n" " check-pkg-vulnerabilities [-s] <file> - check syntax and checksums of the vulnerability file\n" - " audit [-es] [-t type] ... - check installed packages for vulnerabilities\n" - " audit-pkg [-es] [-t type] ... - check listed packages for vulnerabilities\n" - " audit-batch [-es] [-t type] ... - check packages in listed files for vulnerabilities\n" + " audit [-eis] [-t type] ... - check installed packages for vulnerabilities\n" + " audit-pkg [-eis] [-t type] ... - check listed packages for vulnerabilities\n" + " audit-batch [-eis] [-t type] ... - check packages in listed files for vulnerabilities\n" " audit-history [-t type] ... - print all advisories for package names\n" " check-license <condition> - check if condition is acceptable\n" " check-single-license <license> - check if license is acceptable\n" diff --git a/pkgtools/pkg_install/files/admin/pkg_admin.1 b/pkgtools/pkg_install/files/admin/pkg_admin.1 index ea4ac6f3d4e..a96daa1ff6e 100644 --- a/pkgtools/pkg_install/files/admin/pkg_admin.1 +++ b/pkgtools/pkg_install/files/admin/pkg_admin.1 @@ -1,4 +1,4 @@ -.\" $NetBSD: pkg_admin.1,v 1.34 2014/12/30 15:13:20 wiz Exp $ +.\" $NetBSD: pkg_admin.1,v 1.35 2018/02/26 23:45:02 ginsbach Exp $ .\" .\" Copyright (c) 1999-2010 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -34,7 +34,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd December 27, 2014 +.Dd February 25, 2018 .Dt PKG_ADMIN 1 .Os .Sh NAME @@ -106,7 +106,7 @@ Be more verbose. .Pp The following commands are supported: .Bl -tag -width indent -.It Cm audit Oo Fl es Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ... +.It Cm audit Oo Fl eis Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ... Check the listed installed packages for vulnerabilities. If no package is given, check all installed packages. If @@ -118,16 +118,25 @@ option from with .Qq Li yes . If +.Fl i +is given, +any advisory ignored by +.Dv IGNORE_URL +in +.Xr pkg_install.conf 5 +is included but flagged as +.Qq ignored . +If .Fl s is given, check the signature of the pkg-vulnerabilities file before using it. .Fl t restricts the reported vulnerabilities to type .Ar type . -.It Cm audit-pkg Oo Fl es Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ... +.It Cm audit-pkg Oo Fl eis Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ... Like .Cm audit , but check only the given package names or patterns. -.It Cm audit-batch Oo Fl es Oc Oo Fl t Ar type Oc Oo Ar pkg-list Oc ... +.It Cm audit-batch Oo Fl eis Oc Oo Fl t Ar type Oc Oo Ar pkg-list Oc ... Like .Cm audit-pkg , but read the package names or patterns one per line from the given files. diff --git a/pkgtools/pkg_install/files/admin/pkg_admin.cat b/pkgtools/pkg_install/files/admin/pkg_admin.cat index 4e751d493ff..8173dee12a7 100644 --- a/pkgtools/pkg_install/files/admin/pkg_admin.cat +++ b/pkgtools/pkg_install/files/admin/pkg_admin.cat @@ -47,18 +47,20 @@ OOPPTTIIOONNSS The following commands are supported: - aauuddiitt [--eess] [--tt _t_y_p_e] [_p_k_g] ... + aauuddiitt [--eeiiss] [--tt _t_y_p_e] [_p_k_g] ... Check the listed installed packages for vulnerabilities. If no package is given, check all installed packages. If --ee is given, override the CHECK_END_OF_LIFE option from pkg_install.conf(5) - with "yes". If --ss is given, check the signature of the pkg- - vulnerabilities file before using it. --tt restricts the reported - vulnerabilities to type _t_y_p_e. + with "yes". If --ii is given, any advisory ignored by IGNORE_URL + in pkg_install.conf(5) is included but flagged as "ignored". If + --ss is given, check the signature of the pkg-vulnerabilities file + before using it. --tt restricts the reported vulnerabilities to + type _t_y_p_e. - aauuddiitt--ppkkgg [--eess] [--tt _t_y_p_e] [_p_k_g] ... + aauuddiitt--ppkkgg [--eeiiss] [--tt _t_y_p_e] [_p_k_g] ... Like aauuddiitt, but check only the given package names or patterns. - aauuddiitt--bbaattcchh [--eess] [--tt _t_y_p_e] [_p_k_g_-_l_i_s_t] ... + aauuddiitt--bbaattcchh [--eeiiss] [--tt _t_y_p_e] [_p_k_g_-_l_i_s_t] ... Like aauuddiitt--ppkkgg, but read the package names or patterns one per line from the given files. @@ -204,4 +206,4 @@ HHIISSTTOORRYY AAUUTTHHOORRSS The ppkkgg__aaddmmiinn command was written by Hubert Feyrer. -pkgsrc December 27, 2014 pkgsrc +pkgsrc February 25, 2018 pkgsrc diff --git a/pkgtools/pkg_install/files/lib/lib.h b/pkgtools/pkg_install/files/lib/lib.h index d4e72ce2f79..17fe9231c59 100644 --- a/pkgtools/pkg_install/files/lib/lib.h +++ b/pkgtools/pkg_install/files/lib/lib.h @@ -1,4 +1,4 @@ -/* $NetBSD: lib.h,v 1.68 2017/04/19 21:42:50 joerg Exp $ */ +/* $NetBSD: lib.h,v 1.69 2018/02/26 23:45:02 ginsbach Exp $ */ /* from FreeBSD Id: lib.h,v 1.25 1997/10/08 07:48:03 charnier Exp */ @@ -374,7 +374,7 @@ struct pkg_vulnerabilities *read_pkg_vulnerabilities_file(const char *, int, int struct pkg_vulnerabilities *read_pkg_vulnerabilities_memory(void *, size_t, int); void free_pkg_vulnerabilities(struct pkg_vulnerabilities *); int audit_package(struct pkg_vulnerabilities *, const char *, const char *, - int); + int, int); /* Parse configuration file */ void pkg_install_config(void); diff --git a/pkgtools/pkg_install/files/lib/version.h b/pkgtools/pkg_install/files/lib/version.h index 3bb89b7801c..469e11d7d75 100644 --- a/pkgtools/pkg_install/files/lib/version.h +++ b/pkgtools/pkg_install/files/lib/version.h @@ -1,4 +1,4 @@ -/* $NetBSD: version.h,v 1.172 2017/10/30 12:03:50 jperkin Exp $ */ +/* $NetBSD: version.h,v 1.173 2018/02/26 23:45:02 ginsbach Exp $ */ /* * Copyright (c) 2001 Thomas Klausner. All rights reserved. @@ -27,6 +27,6 @@ #ifndef _INST_LIB_VERSION_H_ #define _INST_LIB_VERSION_H_ -#define PKGTOOLS_VERSION 20171030 +#define PKGTOOLS_VERSION 20180226 #endif /* _INST_LIB_VERSION_H_ */ diff --git a/pkgtools/pkg_install/files/lib/vulnerabilities-file.c b/pkgtools/pkg_install/files/lib/vulnerabilities-file.c index 614522220bb..8991e4eb0dc 100644 --- a/pkgtools/pkg_install/files/lib/vulnerabilities-file.c +++ b/pkgtools/pkg_install/files/lib/vulnerabilities-file.c @@ -1,4 +1,4 @@ -/* $NetBSD: vulnerabilities-file.c,v 1.9 2017/04/19 21:42:50 joerg Exp $ */ +/* $NetBSD: vulnerabilities-file.c,v 1.10 2018/02/26 23:45:02 ginsbach Exp $ */ /*- * Copyright (c) 2008, 2010 Joerg Sonnenberger <joerg@NetBSD.org>. @@ -38,7 +38,7 @@ #if HAVE_SYS_CDEFS_H #include <sys/cdefs.h> #endif -__RCSID("$NetBSD: vulnerabilities-file.c,v 1.9 2017/04/19 21:42:50 joerg Exp $"); +__RCSID("$NetBSD: vulnerabilities-file.c,v 1.10 2018/02/26 23:45:02 ginsbach Exp $"); #if HAVE_SYS_STAT_H #include <sys/stat.h> @@ -608,18 +608,19 @@ check_ignored_entry(struct pkg_vulnerabilities *pv, size_t i) int audit_package(struct pkg_vulnerabilities *pv, const char *pkgname, - const char *limit_vul_types, int output_type) + const char *limit_vul_types, int include_ignored, int output_type) { FILE *output = output_type == 1 ? stdout : stderr; size_t i; - int retval, do_eol; + int retval, do_eol, ignored; retval = 0; do_eol = (strcasecmp(check_eol, "yes") == 0); for (i = 0; i < pv->entries; ++i) { - if (check_ignored_entry(pv, i)) + ignored = check_ignored_entry(pv, i); + if (ignored && !include_ignored) continue; if (limit_vul_types != NULL && strcmp(limit_vul_types, pv->classification[i])) @@ -642,11 +643,13 @@ audit_package(struct pkg_vulnerabilities *pv, const char *pkgname, } retval = 1; if (output_type == 0) { - puts(pkgname); + fprintf(stdout, "%s%s\n", + pkgname, ignored ? " (ignored)" : ""); } else { fprintf(output, - "Package %s has a %s vulnerability, see %s\n", - pkgname, pv->classification[i], pv->advisory[i]); + "Package %s has a%s %s vulnerability, see %s\n", + pkgname, ignored ? "n ignored" : "", + pv->classification[i], pv->advisory[i]); } } return retval; |