pkg_install-20080313:

Audit functionality for pkg_admin. This uses the backend in
libpkg_install and will be extended to check for vulnerabilities at
pkg_add time later.

8 files changed, 668 insertions, 19 deletions

diff --git a/pkgtools/pkg_install/files/admin/Makefile.in b/pkgtools/pkg_install/files/admin/Makefile.in
index 4e763a8e226..db97f4ed5dd 100644
--- a/pkgtools/pkg_install/files/admin/Makefile.in
+++ b/pkgtools/pkg_install/files/admin/Makefile.in
@@ -1,9 +1,10 @@
-# $NetBSD: Makefile.in,v 1.13 2008/03/10 12:14:32 wiz Exp $
+# $NetBSD: Makefile.in,v 1.14 2008/03/13 16:35:30 joerg Exp $
 
 srcdir=		@srcdir@
 
 prefix=		@prefix@
 exec_prefix=	@exec_prefix@
+sysconfdir=	@sysconfdir@
 sbindir=	@sbindir@
 mandir=		@mandir@
 datarootdir=	@datarootdir@
@@ -11,10 +12,10 @@ datarootdir=	@datarootdir@
 man1dir=	$(mandir)/man1
 cat1dir=	$(mandir)/cat1
 
+BOOTSTRAP=	@bootstrap@
+
 CC=		@CC@
 CCLD=		$(CC)
-LIBS=		-linstall @LIBS@
-CPPFLAGS=	@CPPFLAGS@ -I. -I$(srcdir) -I../lib
 DEFS=		@DEFS@
 CFLAGS=		@CFLAGS@
 LDFLAGS=	@LDFLAGS@ -L../lib
@@ -23,7 +24,17 @@ INSTALL=	@INSTALL@
 
 PROG=		pkg_admin
 
-OBJS=		check.o main.o
+.if empty(BOOTSTRAP)
+LIBS=		-linstall -lbz2 -lz @LIBS@
+OBJS=		audit.o check.o config.o main.o
+CPPFLAGS=	@CPPFLAGS@ -I. -I$(srcdir) -I../lib \
+		-DSYSCONFDIR=\"$(sysconfdir)\"
+.else
+LIBS=		-linstall @LIBS@
+OBJS=		check.o config.o main.o
+CPPFLAGS=	@CPPFLAGS@ -I. -I$(srcdir) -I../lib -DBOOTSTRAP \
+		-DSYSCONFDIR=\"$(sysconfdir)\"
+.endif
 
 all: $(PROG)
 
diff --git a/pkgtools/pkg_install/files/admin/admin.h b/pkgtools/pkg_install/files/admin/admin.h
index 934bbfada3b..bcad1f6baeb 100644
--- a/pkgtools/pkg_install/files/admin/admin.h
+++ b/pkgtools/pkg_install/files/admin/admin.h
@@ -32,5 +32,23 @@
  */
 
 extern int quiet;
+extern int verbose;
+
+extern const char *pkg_vulnerabilities_dir;
+extern const char *pkg_vulnerabilities_file;
+extern const char *pkg_vulnerabilities_url;
+extern const char *fetch_cmd;
+extern const char *ignore_advisories;
+extern const char tnf_vulnerability_base[];
 
 void 	check(char **);
+
+void	audit_pkgdb(int, char **);
+void	audit_pkg(int, char **);
+void	audit_batch(int, char **);
+void	check_pkg_vulnerabilities(int, char **);
+void	fetch_pkg_vulnerabilities(int, char **);
+
+void	pkg_install_config(const char *);
+
+void 	usage(void);
diff --git a/pkgtools/pkg_install/files/admin/audit.c b/pkgtools/pkg_install/files/admin/audit.c
new file mode 100644
index 00000000000..8a83924b3f8
--- /dev/null
+++ b/pkgtools/pkg_install/files/admin/audit.c
@@ -0,0 +1,424 @@
+/*	$NetBSD: audit.c,v 1.1 2008/03/13 16:35:30 joerg Exp $	*/
+
+#if HAVE_CONFIG_H
+#include "config.h"
+#endif
+#include <nbcompat.h>
+#if HAVE_SYS_CDEFS_H
+#include <sys/cdefs.h>
+#endif
+#ifndef lint
+__RCSID("$NetBSD: audit.c,v 1.1 2008/03/13 16:35:30 joerg Exp $");
+#endif
+
+/*-
+ * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#if HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#if HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+#if HAVE_ERR_H
+#include <err.h>
+#endif
+#if HAVE_ERRNO_H
+#include <errno.h>
+#endif
+#if HAVE_SIGNAL_H
+#include <signal.h>
+#endif
+#if HAVE_STDIO_H
+#include <stdio.h>
+#endif
+#if HAVE_STRING_H
+#include <string.h>
+#endif
+
+#include "admin.h"
+#include "lib.h"
+
+static int check_eol = 0;
+static int check_signature = 0;
+static const char *limit_vul_types = NULL;
+
+static struct pkg_vulnerabilities *pv;
+
+static void
+parse_options(int argc, char **argv)
+{
+	int ch;
+
+	optreset = 1;
+	optind = 0;
+
+	while ((ch = getopt(argc, argv, "est")) != -1) {
+		switch (ch) {
+		case 'e':
+			check_eol = 1;
+			break;
+		case 's':
+			check_signature = 1;
+			break;
+		case 't':
+			limit_vul_types = optarg;
+			break;
+		default:
+			usage();
+			/* NOTREACHED */
+		}
+	}
+}
+
+static int
+check_exact_pkg(const char *pkg)
+{
+	const char *iter, *next;
+	int ret;
+	size_t i;
+
+	ret = 0;
+	for (i = 0; i < pv->entries; ++i) {
+		if (ignore_advisories != NULL) {
+			size_t url_len = strlen(pv->advisory[i]);
+			size_t entry_len;
+
+			for (iter = ignore_advisories; *iter; iter = next) {
+				if ((next = strchr(iter, '\n')) == NULL) {
+					entry_len = strlen(iter);
+					next = iter + entry_len;
+				} else {
+					entry_len = next - iter;
+					++next;
+				}
+				if (url_len != entry_len)
+					continue;
+				if (!strncmp(pv->advisory[i], iter, entry_len))
+					break;
+			}
+			if (*iter != '\0')
+				continue;
+		}
+		if (limit_vul_types != NULL &&
+		    strcmp(limit_vul_types, pv->classification[i]))
+			continue;
+		if (!pkg_match(pv->vulnerability[i], pkg))
+			continue;
+		if (strcmp("eol", pv->classification[i]) == 0) {
+			if (!check_eol)
+				continue;
+			if (quiet)
+				puts(pkg);
+			else
+				printf("Package %s has reached end-of-life (eol), "
+				    "see %s/eol-packages\n", pkg,
+				    tnf_vulnerability_base);
+			continue;
+		}
+		if (quiet)
+			puts(pkg);
+		else
+			printf("Package %s has a %s vulnerability, see %s\n",
+			    pkg, pv->classification[i], pv->advisory[i]);
+		ret = 1;
+	}
+	return ret;
+}
+
+static int
+check_batch_exact_pkgs(const char *fname)
+{
+	FILE *f;
+	char buf[4096], *line, *eol;
+	int ret;
+
+	ret = 0;
+	if (strcmp(fname, "-") == 0)
+		f = stdin;
+	else {
+		f = fopen(fname, "r");
+		if (f == NULL)
+			err(EXIT_FAILURE, "Failed to open input file %s",
+			    fname);
+	}
+	while ((line = fgets(buf, sizeof(buf), f)) != NULL) {
+		eol = line + strlen(line);
+		if (eol == line)
+			continue;
+		--eol;
+		if (*eol == '\n') {
+			if (eol == line)
+				continue;
+			*eol = '\0';
+		}
+		ret |= check_exact_pkg(line);
+	}
+	if (f != stdin)
+		fclose(f);
+
+	return ret;
+}
+
+static int
+check_one_installed_pkg(const char *pkg, void *cookie)
+{
+	int *ret = cookie;
+
+	*ret |= check_exact_pkg(pkg);
+	return 0;
+}
+
+static int
+check_installed_pattern(const char *pattern)
+{
+	int ret = 0;
+
+	match_installed_pkgs(pattern, check_one_installed_pkg, &ret);
+
+	return ret;
+}
+
+static void
+check_and_read_pkg_vulnerabilities(void)
+{
+	struct stat st;
+	time_t now;
+
+	if (pkg_vulnerabilities_file == NULL)
+		errx(EXIT_FAILURE, "PKG_VULNERABILITIES is not set");
+
+	if (verbose >= 1) {
+		if (stat(pkg_vulnerabilities_file, &st) == -1) {
+			if (errno == ENOENT)
+				errx(EXIT_FAILURE,
+				    "pkg-vulnerabilities not found, run %s -d",
+				    getprogname());
+			errx(EXIT_FAILURE, "pkg-vulnerabilities not readable");
+		}
+		now = time(NULL);
+		now -= st.st_mtime;
+		if (now < 0)
+			warnx("pkg-vulnerabilities is from the future");
+		else if (now > 86400 * 7)
+			warnx("pkg-vulnerabilities is out of day (%d days old)",
+			    now / 86400);
+		else if (verbose >= 2)
+			warnx("pkg-vulnerabilities is %d day%s old",
+			    now / 86400, now / 86400 == 1 ? "" : "s");
+	}
+
+	pv = read_pkg_vulnerabilities(pkg_vulnerabilities_file, 0, check_signature);
+}
+
+void
+audit_pkgdb(int argc, char **argv)
+{
+	int rv;
+
+	parse_options(argc, argv);
+	argv += optind;
+
+	check_and_read_pkg_vulnerabilities();
+
+	rv = 0;
+	if (*argv == NULL)
+		rv |= check_installed_pattern("*");
+	else {
+		for (; *argv != NULL; ++argv)
+			rv |= check_installed_pattern(*argv);
+	}
+	free_pkg_vulnerabilities(pv);
+
+	if (rv == 0 && verbose >= 1)
+		fputs("No vulnerabilities found\n", stderr);
+	exit(rv ? EXIT_FAILURE : EXIT_SUCCESS);
+}
+
+void
+audit_pkg(int argc, char **argv)
+{
+	int rv;
+
+	parse_options(argc, argv);
+	argv += optind;
+
+	check_and_read_pkg_vulnerabilities();
+	rv = 0;
+	for (; *argv != NULL; ++argv)
+		rv |= check_exact_pkg(*argv);
+
+	free_pkg_vulnerabilities(pv);
+
+	if (rv == 0 && verbose >= 1)
+		fputs("No vulnerabilities found\n", stderr);
+	exit(rv ? EXIT_FAILURE : EXIT_SUCCESS);
+}
+
+void
+audit_batch(int argc, char **argv)
+{
+	int rv;
+
+	parse_options(argc, argv);
+	argv += optind;
+
+	check_and_read_pkg_vulnerabilities();
+	rv = 0;
+	for (; *argv != NULL; ++argv)
+		rv |= check_batch_exact_pkgs(*argv);
+	free_pkg_vulnerabilities(pv);
+
+	if (rv == 0 && verbose >= 1)
+		fputs("No vulnerabilities found\n", stderr);
+	exit(rv ? EXIT_FAILURE : EXIT_SUCCESS);
+}
+
+void
+check_pkg_vulnerabilities(int argc, char **argv)
+{
+	parse_options(argc, argv);
+	if (argc != optind + 1)
+		usage();
+
+	pv = read_pkg_vulnerabilities(argv[optind], 0, check_signature);
+	free_pkg_vulnerabilities(pv);
+}
+
+void
+fetch_pkg_vulnerabilities(int argc, char **argv)
+{
+	struct pkg_vulnerabilities *pv_check;
+	const char *error;
+	pid_t child;
+	char *buf, *decompressed_input;
+	size_t buf_len, cur_len, decompressed_len;
+	ssize_t bytes_read;
+	int fd[2], status;
+
+	parse_options(argc, argv);
+	if (argc != optind)
+		usage();
+
+	if (verbose >= 2)
+		fprintf(stderr, "ftp -o - %s\n", pkg_vulnerabilities_url);
+
+	if (pipe(fd) == -1)
+		err(EXIT_FAILURE, "cannot create FTP data pipe");
+
+	child = vfork();
+	if (child == -1)
+		err(EXIT_FAILURE, "cannot fork FTP process");
+	if (child == 0) {
+		close(fd[0]);
+		close(STDOUT_FILENO);
+		if (dup2(fd[1], STDOUT_FILENO) == -1) {
+			static const char err_msg[] =
+			    "cannot redirect stdout of FTP process\n";
+			write(STDERR_FILENO, err_msg, sizeof(err_msg) - 1);
+			_exit(255);
+		}
+		close(fd[1]);
+		execlp(fetch_cmd, fetch_cmd, "-o", "-",
+		    pkg_vulnerabilities_url, (char *)NULL);
+		_exit(255);
+	}
+	close(fd[1]);
+
+	cur_len = 0;
+	buf_len = 32768;
+	if ((buf = malloc(buf_len + 1)) == NULL) {
+		error = "malloc failed";
+		goto ftp_error;
+	}
+
+	while ((bytes_read = read(fd[0], buf + cur_len, buf_len - cur_len)) > 0) {
+		cur_len += bytes_read;
+		if (cur_len * 2 < buf_len)
+			continue;
+		if (cur_len >= SSIZE_MAX / 2) {
+			error = "pkg-vulnerabilies too large";
+			goto ftp_error;
+		}
+		buf_len *= 2;
+		if ((buf = realloc(buf, buf_len + 1)) == NULL) {
+			error = "realloc failed";
+			goto ftp_error;
+		}
+	}
+
+	if (bytes_read == -1) {
+		error = "read from FTP process failed";
+		goto ftp_error;
+	}
+
+	waitpid(child, &status, 0);
+	close(fd[0]);
+
+	if (status)
+		errx(EXIT_FAILURE,
+		    "Download of pkg-vulnerabilities from %s failed",
+		    pkg_vulnerabilities_url);
+
+	buf[cur_len] = '\0';
+
+	if (decompress_buffer(buf, cur_len, &decompressed_input,
+	    &decompressed_len)) {
+		pv_check = parse_pkg_vulnerabilities(decompressed_input,
+		    decompressed_len, check_signature);
+		free(decompressed_input);
+	} else {
+		pv_check = parse_pkg_vulnerabilities(buf, cur_len,
+		    check_signature);
+	}
+	free_pkg_vulnerabilities(pv_check);
+
+	fd[0] = open(pkg_vulnerabilities_file, O_WRONLY | O_CREAT | O_TRUNC, 0644);
+	if (fd[0] == -1)
+		err(EXIT_FAILURE, "Cannot create pkg-vulnerability file %s",
+		    pkg_vulnerabilities_file);
+
+	if (write(fd[0], buf, cur_len) != cur_len)
+		err(EXIT_FAILURE, "Cannot write pkg-vulnerability file");
+	if (close(fd[0]) == -1)
+		err(EXIT_FAILURE, "Cannot close pkg-vulnerability file after write");
+
+	free(buf);
+
+	exit(EXIT_SUCCESS);
+
+ ftp_error:
+	(void)kill(child, SIGTERM);
+	(void)close(fd[0]);
+	(void)waitpid(child, &status, 0);
+	err(EXIT_FAILURE, error);
+}
diff --git a/pkgtools/pkg_install/files/admin/config.c b/pkgtools/pkg_install/files/admin/config.c
new file mode 100644
index 00000000000..4b1a670c74a
--- /dev/null
+++ b/pkgtools/pkg_install/files/admin/config.c
@@ -0,0 +1,99 @@
+/*	$NetBSD: config.c,v 1.1 2008/03/13 16:35:30 joerg Exp $	*/
+
+#if HAVE_CONFIG_H
+#include "config.h"
+#endif
+#include <nbcompat.h>
+#if HAVE_SYS_CDEFS_H
+#include <sys/cdefs.h>
+#endif
+#ifndef lint
+__RCSID("$NetBSD: config.c,v 1.1 2008/03/13 16:35:30 joerg Exp $");
+#endif
+
+/*-
+ * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if HAVE_ERR_H
+#include <err.h>
+#endif
+#if HAVE_STRING_H
+#include <string.h>
+#endif
+
+#include "admin.h"
+#include "lib.h"
+
+const char *pkg_vulnerabilities_dir;
+const char *pkg_vulnerabilities_file;
+const char *pkg_vulnerabilities_url;
+const char *fetch_cmd = FTP_CMD;
+const char *ignore_advisories = NULL;
+const char tnf_vulnerability_base[] = "ftp://ftp.NetBSD.org/pub/NetBSD/packages/vulns";
+
+static struct config_variable {
+	const char *name;
+	const char **var;
+} config_variables[] = {
+	{ "GPG", &gpg_cmd },
+	{ "PKGVULNDIR", &pkg_vulnerabilities_dir },
+	{ "PKGVULNURL", &pkg_vulnerabilities_url },
+	{ "IGNORE_URL", &ignore_advisories },
+	{ "FETCH_CMD", &fetch_cmd },
+	{ NULL, NULL }
+};
+
+void
+pkg_install_config(const char *config_file)
+{
+	char *value;
+	int ret;
+	struct config_variable *var;
+
+	for (var = config_variables; var->name != NULL; ++var) {
+		value = var_get(config_file, var->name);
+		if (value != NULL)
+			*var->var = value;
+	}
+
+	if (pkg_vulnerabilities_dir != NULL)
+		ret = asprintf(&value, "%s/pkg-vulnerabilities", pkg_vulnerabilities_dir);
+	else
+		ret = asprintf(&value, "%s/pkg-vulnerabilities", _pkgdb_getPKGDB_DIR());
+	pkg_vulnerabilities_file = value;
+	if (ret == -1)
+		err(EXIT_FAILURE, "asprintf failed");
+	if (pkg_vulnerabilities_url == NULL) {
+		ret = asprintf(&value, "%s/pkg-vulnerabilities.gz",
+		    tnf_vulnerability_base);
+		pkg_vulnerabilities_url = value;
+		if (ret == -1)
+			err(EXIT_FAILURE, "asprintf failed");
+	}
+}
diff --git a/pkgtools/pkg_install/files/admin/main.c b/pkgtools/pkg_install/files/admin/main.c
index 475f49c1acb..b9d4e360524 100644
--- a/pkgtools/pkg_install/files/admin/main.c
+++ b/pkgtools/pkg_install/files/admin/main.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: main.c,v 1.37 2008/03/09 20:55:25 joerg Exp $	*/
+/*	$NetBSD: main.c,v 1.38 2008/03/13 16:35:30 joerg Exp $	*/
 
 #if HAVE_CONFIG_H
 #include "config.h"
@@ -8,7 +8,7 @@
 #include <sys/cdefs.h>
 #endif
 #ifndef lint
-__RCSID("$NetBSD: main.c,v 1.37 2008/03/09 20:55:25 joerg Exp $");
+__RCSID("$NetBSD: main.c,v 1.38 2008/03/13 16:35:30 joerg Exp $");
 #endif
 
 /*-
@@ -16,7 +16,8 @@ __RCSID("$NetBSD: main.c,v 1.37 2008/03/09 20:55:25 joerg Exp $");
  * All rights reserved.
  *
  * This code is derived from software contributed to The NetBSD Foundation
- * by Hubert Feyrer <hubert@feyrer.de>.
+ * by Hubert Feyrer <hubert@feyrer.de> and
+ * by Joerg Sonnenberger <joerg@NetBSD.org>.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -83,17 +84,17 @@ __RCSID("$NetBSD: main.c,v 1.37 2008/03/09 20:55:25 joerg Exp $");
 
 #define DEFAULT_SFX	".t[bg]z"	/* default suffix for ls{all,best} */
 
-static const char Options[] = "K:SVbd:qs:";
+static const char Options[] = "C:K:SVbd:qs:v";
 
-int	quiet;
+int	quiet, verbose;
 
 static void set_unset_variable(char **, Boolean);
 
 /* print usage message and exit */
-static void 
+void 
 usage(void)
 {
-	(void) fprintf(stderr, "usage: %s [-bqSV] [-d lsdir] [-K pkg_dbdir] [-s sfx] command args ...\n"
+	(void) fprintf(stderr, "usage: %s [-bqSvV] [-C config] [-d lsdir] [-K pkg_dbdir] [-s sfx] command args ...\n"
 	    "Where 'commands' and 'args' are:\n"
 	    " rebuild                     - rebuild pkgdb from +CONTENTS files\n"
 	    " rebuild-tree                - rebuild +REQUIRED_BY files from forward deps\n"
@@ -109,7 +110,12 @@ usage(void)
 	    " lsall /path/to/pkgpattern   - list all pkgs matching the pattern\n"
 	    " lsbest /path/to/pkgpattern  - list pkgs matching the pattern best\n"
 	    " dump                        - dump database\n"
-	    " pmatch pattern pkg          - returns true if pkg matches pattern, otherwise false\n",
+	    " pmatch pattern pkg          - returns true if pkg matches pattern, otherwise false\n"
+	    " fetch-pkg-vulnerabilities [-s] - fetch new vulnerability file\n"
+	    " check-pkg-vulneraiblities [-s] <file> - check syntax and checksums of the vulnerability file\n"
+	    " audit [-es] [-t type] ...\n"
+	    " audit-pkg [-es] [-t type] ...\n"
+	    " audit-batch [-es] [-t type] ...\n",
 	    getprogname());
 	exit(EXIT_FAILURE);
 }
@@ -127,7 +133,7 @@ add_pkg(const char *pkgdir, void *vp)
 	plist_t	       *p;
 	package_t	Plist;
 	char 	       *contents;
-	const char	*PkgDBDir;
+	const char     *PkgDBDir;
 	char *PkgName, *dirp;
 	char 		file[MaxPathSize];
 	char		dir[MaxPathSize];
@@ -339,6 +345,7 @@ rebuild_tree(void)
 int 
 main(int argc, char *argv[])
 {
+	const char     *config_file = SYSCONFDIR"/pkg_install.conf";
 	Boolean		 use_default_sfx = TRUE;
 	Boolean 	 show_basename_only = FALSE;
 	char		 lsdir[MaxPathSize];
@@ -353,6 +360,10 @@ main(int argc, char *argv[])
 
 	while ((ch = getopt(argc, argv, Options)) != -1)
 		switch (ch) {
+		case 'C':
+			config_file = optarg;
+			break;
+
 		case 'K':
 			_pkgdb_setPKGDB_DIR(optarg);
 			break;
@@ -384,6 +395,10 @@ main(int argc, char *argv[])
 			use_default_sfx = FALSE;
 			break;
 
+		case 'v':
+			++verbose;
+			break;
+
 		default:
 			usage();
 			/* NOTREACHED */
@@ -396,6 +411,8 @@ main(int argc, char *argv[])
 		usage();
 	}
 
+	pkg_install_config(config_file);
+
 	if (use_default_sfx)
 		(void) snprintf(sfx, sizeof(sfx), "%s", DEFAULT_SFX);
 
@@ -504,7 +521,20 @@ main(int argc, char *argv[])
 	} else if (strcasecmp(argv[0], "unset") == 0) {
 		argv++;		/* "unset" */
 		set_unset_variable(argv, TRUE);
+	} else if (strcasecmp(argv[0], "fetch-pkg-vulnerabilities") == 0) {
+		fetch_pkg_vulnerabilities(--argc, ++argv);
+	} else if (strcasecmp(argv[0], "check-pkg-vulnerabilities") == 0) {
+		check_pkg_vulnerabilities(--argc, ++argv);
 	}
+#ifndef BOOTSTRAP
+	else if (strcasecmp(argv[0], "audit") == 0) {
+		audit_pkgdb(--argc, ++argv);
+	} else if (strcasecmp(argv[0], "audit-pkg") == 0) {
+		audit_pkg(--argc, ++argv);
+	} else if (strcasecmp(argv[0], "audit-batch") == 0) {
+		audit_batch(--argc, ++argv);
+	}
+#endif
 #ifdef PKGDB_DEBUG
 	else if (strcasecmp(argv[0], "delkey") == 0) {
 		int     rc;
diff --git a/pkgtools/pkg_install/files/admin/pkg_admin.1 b/pkgtools/pkg_install/files/admin/pkg_admin.1
index 34339add8ae..5287512f5d6 100644
--- a/pkgtools/pkg_install/files/admin/pkg_admin.1
+++ b/pkgtools/pkg_install/files/admin/pkg_admin.1
@@ -1,4 +1,4 @@
-.\"	$NetBSD: pkg_admin.1,v 1.15 2008/01/29 15:39:30 hubertf Exp $
+.\"	$NetBSD: pkg_admin.1,v 1.16 2008/03/13 16:35:30 joerg Exp $
 .\"
 .\" Copyright (c) 1999-2008 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -42,7 +42,8 @@
 .Nd perform various administrative tasks to the pkg system
 .Sh SYNOPSIS
 .Nm
-.Op Fl bqSV
+.Op Fl bqSvV
+.Op Fl C Ar config
 .Op Fl d Ar lsdir
 .Op Fl K Ar pkg_dbdir
 .Op Fl s Ar sfx_pattern
@@ -59,6 +60,10 @@ Print only the basenames when matching package names for
 .Cm lsall
 and
 .Cm lsbest .
+.It Fl C Ar config
+Read the configuration file from
+.Ar config
+instead of the system default.
 .It Fl d Ar lsdir
 Set
 .Ar lsdir
@@ -99,6 +104,8 @@ and
 The default pattern is ".t[bg]z".
 .It Fl V
 Print version number and exit.
+.It Fl v
+Be more verbose.
 .El
 .Pp
 The following commands are supported:
@@ -110,6 +117,26 @@ its
 file together with the package they belong to into the package database.
 This should be used only by
 .Xr pkg_view 1 .
+.It Cm audit Oo Fl es Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ...
+Check the listed installed packages for vulnerabilities.
+If no package is given, check all installed packages.
+If
+.Fl e
+is given, also include end-of-life information.
+If
+.Fl s
+is given, check the signature of the pkg-vulnerabilities file before using it.
+.Fl t
+restricts the reported vulnerabilities to type
+.Ar type .
+.It Cm audit-pkg Oo Fl es Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ...
+Like
+.Cm audit ,
+but check only the given package names or patterns.
+.It Cm audit-batch Oo Fl es Oc Oo Fl t Ar type Oc Oo Ar pkg-list Oc ...
+Like
+.Cm audit-pkg ,
+but read the package names or patterns one per line from the given files.
 .It Cm check Op Ar pkg ...
 Use this command to check the files belonging to some or all of the
 packages installed on the local machine against the checksum
@@ -131,6 +158,12 @@ A warning message is printed if the expected checksum differs from the
 checksum of the file on disk.
 Symbolic links are also checked, ensuring that the targets on disk are
 the same as the contents recorded at package installation time.
+.It Cm check-pkg-vulnerabilities Oo Fl s Oc Ar file
+Check format and hashes in the pkg-vulnerabilties file
+.Ar file .
+If
+.Fl s
+is given, also check the embedded signature.
 .It Cm delete Ar pkg ...
 For each listed package, remove all file entries in the package database that
 belong to the package.
@@ -141,6 +174,11 @@ Dump the contents of the package database, similar to
 .Cm pkg_info -F .
 Columns are printed for the keyfield used in the pkgdb - the filename -,
 and the data field - the package the file belongs to.
+.It Cm fetch-pkg-vulnerabilities Op Fl s
+Fetch a new pkg-vulnerabilities file, check the format and if
+.Fl s
+is given the signature.
+If all checks are passed, write it to pkgdb.
 .It Cm lsall Ar /dir/pkgpattern
 .It Cm lsbest Ar /dir/pkgpattern
 List all/best package matching pattern in the given directory
diff --git a/pkgtools/pkg_install/files/admin/pkg_admin.cat1 b/pkgtools/pkg_install/files/admin/pkg_admin.cat1
index 41f9721bd52..35545c6af18 100644
--- a/pkgtools/pkg_install/files/admin/pkg_admin.cat1
+++ b/pkgtools/pkg_install/files/admin/pkg_admin.cat1
@@ -4,8 +4,8 @@ NNAAMMEE
      ppkkgg__aaddmmiinn -- perform various administrative tasks to the pkg system
 
 SSYYNNOOPPSSIISS
-     ppkkgg__aaddmmiinn [--bbqqSSVV] [--dd _l_s_d_i_r] [--KK _p_k_g___d_b_d_i_r] [--ss _s_f_x___p_a_t_t_e_r_n] _c_o_m_m_a_n_d
-               [args ...]
+     ppkkgg__aaddmmiinn [--bbqqSSvvVV] [--CC _c_o_n_f_i_g] [--dd _l_s_d_i_r] [--KK _p_k_g___d_b_d_i_r] [--ss _s_f_x___p_a_t_t_e_r_n]
+               _c_o_m_m_a_n_d [args ...]
 
 DDEESSCCRRIIPPTTIIOONN
      This command performs various administrative tasks around the NetBSD
@@ -17,6 +17,10 @@ OOPPTTIIOONNSS
      --bb      Print only the basenames when matching package names for llssaallll
              and llssbbeesstt.
 
+     --CC _c_o_n_f_i_g
+             Read the configuration file from _c_o_n_f_i_g instead of the system
+             default.
+
      --dd _l_s_d_i_r
              Set _l_s_d_i_r as the path to the directory in which to find matching
              package names for llssaallll and llssbbeesstt.
@@ -41,6 +45,8 @@ OOPPTTIIOONNSS
 
      --VV      Print version number and exit.
 
+     --vv      Be more verbose.
+
      The following commands are supported:
 
      aadddd _p_k_g _._._.
@@ -49,6 +55,20 @@ OOPPTTIIOONNSS
              belong to into the package database.  This should be used only by
              pkg_view(1).
 
+     aauuddiitt [--eess] [--tt _t_y_p_e] [_p_k_g] ...
+             Check the listed installed packages for vulnerabilities.  If no
+             package is given, check all installed packages.  If --ee is given,
+             also include end-of-life information.  If --ss is given, check the
+             signature of the pkg-vulnerabilities file before using it.  --tt
+             restricts the reported vulnerabilities to type _t_y_p_e.
+
+     aauuddiitt--ppkkgg [--eess] [--tt _t_y_p_e] [_p_k_g] ...
+             Like aauuddiitt, but check only the given package names or patterns.
+
+     aauuddiitt--bbaattcchh [--eess] [--tt _t_y_p_e] [_p_k_g_-_l_i_s_t] ...
+             Like aauuddiitt--ppkkgg, but read the package names or patterns one per
+             line from the given files.
+
      cchheecckk [_p_k_g _._._.]
              Use this command to check the files belonging to some or all of
              the packages installed on the local machine against the checksum
@@ -66,6 +86,10 @@ OOPPTTIIOONNSS
              targets on disk are the same as the contents recorded at package
              installation time.
 
+     cchheecckk--ppkkgg--vvuullnneerraabbiilliittiieess [--ss] _f_i_l_e
+             Check format and hashes in the pkg-vulnerabilties file _f_i_l_e.  If
+             --ss is given, also check the embedded signature.
+
      ddeelleettee _p_k_g _._._.
              For each listed package, remove all file entries in the package
              database that belong to the package.  This should be used only by
@@ -75,6 +99,11 @@ OOPPTTIIOONNSS
              --FF.  Columns are printed for the keyfield used in the pkgdb - the
              filename -, and the data field - the package the file belongs to.
 
+     ffeettcchh--ppkkgg--vvuullnneerraabbiilliittiieess [--ss]
+             Fetch a new pkg-vulnerabilities file, check the format and if --ss
+             is given the signature.  If all checks are passed, write it to
+             pkgdb.
+
      llssaallll _/_d_i_r_/_p_k_g_p_a_t_t_e_r_n
 
      llssbbeesstt _/_d_i_r_/_p_k_g_p_a_t_t_e_r_n
diff --git a/pkgtools/pkg_install/files/lib/version.h b/pkgtools/pkg_install/files/lib/version.h
index a2eb86a657b..0a6307c47cb 100644
--- a/pkgtools/pkg_install/files/lib/version.h
+++ b/pkgtools/pkg_install/files/lib/version.h
@@ -1,4 +1,4 @@
-/*	$NetBSD: version.h,v 1.96 2008/03/11 18:01:35 joerg Exp $	*/
+/*	$NetBSD: version.h,v 1.97 2008/03/13 16:35:31 joerg Exp $	*/
 
 /*
  * Copyright (c) 2001 Thomas Klausner.  All rights reserved.
@@ -33,6 +33,6 @@
 #ifndef _INST_LIB_VERSION_H_
 #define _INST_LIB_VERSION_H_
 
-#define PKGTOOLS_VERSION "20080311"
+#define PKGTOOLS_VERSION "20080313"
 
 #endif /* _INST_LIB_VERSION_H_ */