Make pkglint really happy.

Add IGNORE_URLS code from agc@:
"If a URL is specified in IGNORE_URLS then all entries listed in
 pkg-vulnerabilities that match that URL will not be reported when
 audit-packages is run.  Running audit-packages -v will display the
 details of all entries skipped if IGNORE_URLS is set."
Add a sample audit-packages.conf detailing all the options we now support.
Update to 1.46

6 files changed, 114 insertions, 27 deletions

diff --git a/security/audit-packages/Makefile b/security/audit-packages/Makefile
index 088bd5bfbb3..5c4088e2699 100644
--- a/security/audit-packages/Makefile
+++ b/security/audit-packages/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.73 2006/11/25 13:43:42 agc Exp $
+# $NetBSD: Makefile,v 1.74 2006/12/09 12:30:46 adrianp Exp $
 
-DISTNAME=	audit-packages-1.45
+DISTNAME=	audit-packages-1.46
 CATEGORIES=	security pkgtools
 MASTER_SITES=	# empty
 DISTFILES=	# empty
@@ -16,7 +16,7 @@ USE_TOOLS+=	digest:run
 BUILD_DEFS+=	PKGVULNDIR
 
 WRKSRC=		${WRKDIR}
-NO_CHECKSUM=    yes
+NO_CHECKSUM=	yes
 
 OWN_DIRS=	${PKGVULNDIR}
 MAN8DIR=	${PREFIX}/${PKGMANDIR}/man8
@@ -31,38 +31,57 @@ MESSAGE_SRC=	${PKGDIR}/MESSAGE.DragonFly
 MESSAGE_SRC=	${PKGDIR}/MESSAGE
 .endif
 
+CONF_FILES=	${PREFIX}/share/examples/audit-packages/audit-packages.conf \
+		${PKG_SYSCONFDIR}/audit-packages.conf
+
+SUBST_CLASSES=		paths
+SUBST_STAGE.paths=	post-build
+SUBST_FILES.paths=	audit-packages audit-packages.0 audit-packages.8
+SUBST_FILES.paths+=	download-vulnerability-list
+SUBST_SED.paths=	-e 's|@PKGVULNDIR@|${PKGVULNDIR}|g'
+SUBST_SED.paths+=	-e 's|@AWK@|${AWK}|g'
+SUBST_SED.paths+=	-e 's|@FETCH_CMD@|${FETCH_CMD:Q}|g'
+SUBST_SED.paths+=	-e 's|@FETCH_CMD_SHORT@|${FETCH_CMD:T:Q}|g'
+SUBST_SED.paths+=	-e 's|@PKGSRCDIR@|${PKGSRCDIR}|g'
+SUBST_SED.paths+=	-e 's|@PKG_TOOLS_BIN@|${PKG_TOOLS_BIN}|g'
+SUBST_SED.paths+=	-e 's|@PREFIX@|${PREFIX}|g'
+SUBST_SED.paths+=	-e 's|@SH@|${SH}|g'
+SUBST_SED.paths+=	-e 's|@DIGEST@|${DIGEST}|g'
+SUBST_SED.paths+=	-e 's|@CHMOD@|${CHMOD}|g'
+SUBST_SED.paths+=	-e 's|@MV@|${MV}|g'
+SUBST_SED.paths+=	-e 's|@RM@|${RM}|g'
+SUBST_SED.paths+=	-e 's|@MKDIR@|${MKDIR}|g'
+SUBST_SED.paths+=	-e 's|@PKG_SYSCONFDIR@|${PKG_SYSCONFDIR}|g'
+SUBST_SED.paths+=	-e 's|@FIND@|${FIND}|g'
+SUBST_MESSAGE.paths=	Fixing paths.
+
 do-build:
-	@for f in audit-packages audit-packages.0 audit-packages.8 	\
+	for f in audit-packages audit-packages.0 audit-packages.8 	\
 		download-vulnerability-list; do				\
-		${SED} -e 's|@PKGVULNDIR@|${PKGVULNDIR}|g' 		\
-			-e 's|@AWK@|${AWK}|g'				\
-			-e 's|@FETCH_CMD@|${FETCH_CMD}|g'		\
-			-e 's|@FETCH_CMD_SHORT@|${FETCH_CMD:T}|g'	\
-			-e 's|@PKGSRCDIR@|${PKGSRCDIR}|g'		\
-			-e 's|@PKG_TOOLS_BIN@|${PKG_TOOLS_BIN}|g'	\
-			-e 's|@PREFIX@|${PREFIX}|g'			\
-			-e 's|@SH@|${SH}|g'				\
-			-e 's|@DIGEST@|${DIGEST}|g'			\
-			-e 's|@CHMOD@|${CHMOD}|g'			\
-			-e 's|@MV@|${MV}|g'				\
-			-e 's|@RM@|${RM}|g'				\
-			-e 's|@MKDIR@|${MKDIR}|g'			\
-			-e 's|@PKG_SYSCONFDIR@|${PKG_SYSCONFDIR}|g'	\
-			-e 's|@FIND@|${FIND}|g'				\
-			${FILESDIR}/$$f > ${WRKSRC}/$$f;		\
+		${CP} ${FILESDIR}/$$f ${WRKSRC} ;			\
 	done
+
 .if ${OPSYS} == "SunOS" || ${OPSYS} == "AIX"
+USE_TOOLS+=	nroff
+
 	# pre-created man-pages are "mandoc" pages, these OS need "man",
 	# so regen the .0 page
-	nroff -man ${WRKSRC}/audit-packages.8 >${WRKSRC}/audit-packages.0
+	${NROFF} -man ${WRKSRC}/audit-packages.8 >${WRKSRC}/audit-packages.0
 .endif
 
 do-install:
-	@for f in audit-packages download-vulnerability-list; do	\
+	${INSTALL_DATA_DIR} ${PREFIX}/share/examples/audit-packages
+
+	${INSTALL_DATA} ${FILESDIR}/audit-packages.conf \
+		${PREFIX}/share/examples/audit-packages
+
+	for f in audit-packages download-vulnerability-list; do	\
 		${INSTALL_SCRIPT} ${WRKSRC}/$$f ${DESTDIR}${PREFIX}/sbin; \
 	done
+
 	${INSTALL_MAN} ${WRKSRC}/audit-packages.0 ${DESTDIR}${CAT8DIR}/
 	${INSTALL_MAN} ${WRKSRC}/audit-packages.8 ${DESTDIR}${MAN8DIR}/
+
 	${RM} -f ${DESTDIR}${CAT8DIR}/download-vulnerability-list.0
 	${LN} -s audit-packages.0 ${DESTDIR}${CAT8DIR}/download-vulnerability-list.0
 	${RM} -f ${DESTDIR}${MAN8DIR}/download-vulnerability-list.8
diff --git a/security/audit-packages/PLIST b/security/audit-packages/PLIST
index c337d07a7df..e6f0d589075 100644
--- a/security/audit-packages/PLIST
+++ b/security/audit-packages/PLIST
@@ -1,7 +1,9 @@
-@comment $NetBSD: PLIST,v 1.2 2003/06/12 06:59:30 wiz Exp $
+@comment $NetBSD: PLIST,v 1.3 2006/12/09 12:30:47 adrianp Exp $
 man/cat8/audit-packages.0
 man/cat8/download-vulnerability-list.0
 man/man8/audit-packages.8
 man/man8/download-vulnerability-list.8
 sbin/audit-packages
 sbin/download-vulnerability-list
+share/examples/audit-packages/audit-packages.conf
+@dirrm share/examples/audit-packages
diff --git a/security/audit-packages/files/audit-packages b/security/audit-packages/files/audit-packages
index 89931890299..5f136bc077d 100755
--- a/security/audit-packages/files/audit-packages
+++ b/security/audit-packages/files/audit-packages
@@ -1,6 +1,6 @@
 #! @SH@
 #
-# $NetBSD: audit-packages,v 1.29 2006/11/25 13:43:42 agc Exp $
+# $NetBSD: audit-packages,v 1.30 2006/12/09 12:30:47 adrianp Exp $
 #
 # Copyright (c) 2000-2003 Alistair Crooks.  All rights reserved.
 #
@@ -193,6 +193,25 @@ while read pat type url; do
 	\#*|'') continue;;
 	esac
 
+	case "$IGNORE_URLS" in
+	"")	;;
+	*)	ignore=false;
+		for u in $IGNORE_URLS; do
+			if [ "x$u" = "x$url" ]; then
+				ignore=true
+				break
+			fi
+		done
+		if $ignore; then
+			case "$verbose" in
+			yes)	echo "Ignoring vulnerability for $url with pattern $pat"
+				;;
+			esac
+			continue
+		fi
+		;;
+	esac
+
 	if [ -z "$one_package" ] ; then
 		vulnpkgs=`@PKG_TOOLS_BIN@/pkg_info -e "$pat"`
 	else
diff --git a/security/audit-packages/files/audit-packages.0 b/security/audit-packages/files/audit-packages.0
index 69bcd368520..da2389ba088 100644
--- a/security/audit-packages/files/audit-packages.0
+++ b/security/audit-packages/files/audit-packages.0
@@ -1,4 +1,4 @@
-AUDIT-PACKAGES(8)       NetBSD System Manager's Manual       AUDIT-PACKAGES(8)
+AUDIT-PACKAGES(8)         BSD System Manager's Manual        AUDIT-PACKAGES(8)
 
 NNAAMMEE
      aauuddiitt--ppaacckkaaggeess, ddoowwnnllooaadd--vvuullnneerraabbiilliittyy--lliisstt -- show vulnerabilities in
@@ -80,6 +80,11 @@ DDEESSCCRRIIPPTTIIOONN
      tory.  This can be changed by defining the environment variable
      PKGVULNDIR to the directory containing the vulnerabilities file.
 
+     If a URL is specified in IGNORE_URLS then all entries listed in
+     _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s that match that URL will not be reported when
+     _a_u_d_i_t_-_p_a_c_k_a_g_e_s is run.  Running _a_u_d_i_t_-_p_a_c_k_a_g_e_s -v will display the
+     details of all entries skipped if IGNORE_URLS is set.
+
 EEXXIITT SSTTAATTUUSS
      The aauuddiitt--ppaacckkaaggeess utility exits 0 on success, and >0 if an error occurs.
 
@@ -97,6 +102,10 @@ EENNVVIIRROONNMMEENNTT
                  _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file. Currently supports only http and
                  ftp. The default is ftp.
 
+     IGNORE_URLS
+                 A list of vulnerability URLs to be ignored.  This allows for
+                 ignoring certain URLs that are attached to a vulnerability.
+
 FFIILLEESS
      @PKGVULNDIR@/pkg-vulnerabilities
 
@@ -161,4 +170,4 @@ HHIISSTTOORRYY
      September 19, 2000.  The original idea came from Roland Dowdeswell and
      Bill Sommerfeld.
 
-NetBSD 3.0                      April 15, 2006                      NetBSD 3.0
+BSD                             April 15, 2006                             BSD
diff --git a/security/audit-packages/files/audit-packages.8 b/security/audit-packages/files/audit-packages.8
index 4ce2c6313c4..282cba1db27 100644
--- a/security/audit-packages/files/audit-packages.8
+++ b/security/audit-packages/files/audit-packages.8
@@ -1,4 +1,4 @@
-.\" $NetBSD: audit-packages.8,v 1.19 2006/05/21 13:31:27 adrianp Exp $
+.\" $NetBSD: audit-packages.8,v 1.20 2006/12/09 12:30:47 adrianp Exp $
 .\"
 .\" Copyright (c) 2003 Jeremy C. Reed.  All rights reserved.
 .\"
@@ -172,6 +172,15 @@ directory.
 This can be changed by defining the environment variable
 .Ev PKGVULNDIR
 to the directory containing the vulnerabilities file.
+.Pp
+If a URL is specified in IGNORE_URLS then all entries listed in
+.Pa pkg-vulnerabilities
+that match that URL will not be reported when
+.Pa audit-packages 
+is run.  Running
+.Pa audit-packages
+-v will display the details of all entries skipped if IGNORE_URLS
+is set.
 .Sh EXIT STATUS
 .Ex -std audit-packages
 .Sh ENVIRONMENT
@@ -190,6 +199,9 @@ Specifies optional arguments for the ftp client.
 Specifies the protocol to use when fetching the 
 .Pa pkg-vulnerabilities
 file. Currently supports only http and ftp. The default is ftp.
+.It Ev IGNORE_URLS
+A list of vulnerability URLs to be ignored.  This allows for
+ignoring certain URLs that are attached to a vulnerability.
 .El
 .Sh FILES
 @PKGVULNDIR@/pkg-vulnerabilities
diff --git a/security/audit-packages/files/audit-packages.conf b/security/audit-packages/files/audit-packages.conf
new file mode 100644
index 00000000000..a7980535d74
--- /dev/null
+++ b/security/audit-packages/files/audit-packages.conf
@@ -0,0 +1,26 @@
+# $NetBSD: audit-packages.conf,v 1.1 2006/12/09 12:30:47 adrianp Exp $
+
+#
+# sample configuration file for audit-packages(8) and 
+# download-vulnerability-list(8)
+#
+
+# PKGVULNDIR
+#
+# Specifies the directory containing the pkg-vulnerabilities file.
+# Default: PKGVULNDIR="${DISTDIR}"
+
+# FETCH_ARGS
+#
+# Specifies optional arguments for the download-vulnerability-list client.
+# Default: FETCH_ARGS=
+
+# FETCH_PROTO
+#
+# Specifies the protocol to use when fetching the pkg-vulnerabilities file.
+# Default: FETCH_PROTO="ftp"
+
+# IGNORE_URLS
+#
+# A list of vulnerability URLs to be ignored.
+# Default: IGNORE_URLS=