Version 1.42

- Remove the "ignore vulnerabilities" stuff which was backed out from pkgsrc
  infrastructure months ago.  We are back at format 1.0.0.

4 files changed, 12 insertions, 77 deletions

diff --git a/security/audit-packages/Makefile b/security/audit-packages/Makefile
index 76c0a4a45d8..9a522c73c35 100644
--- a/security/audit-packages/Makefile
+++ b/security/audit-packages/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.64 2005/12/29 23:47:55 agc Exp $
+# $NetBSD: Makefile,v 1.65 2006/04/15 15:02:10 salo Exp $
 
-DISTNAME=	audit-packages-1.41
+DISTNAME=	audit-packages-1.42
 CATEGORIES=	security pkgtools
 MASTER_SITES=	# empty
 DISTFILES=	# empty
diff --git a/security/audit-packages/files/audit-packages b/security/audit-packages/files/audit-packages
index 31309cb6d03..6fbc712dba2 100755
--- a/security/audit-packages/files/audit-packages
+++ b/security/audit-packages/files/audit-packages
@@ -1,6 +1,6 @@
 #! @SH@
 #
-# $NetBSD: audit-packages,v 1.26 2005/11/21 10:39:50 agc Exp $
+# $NetBSD: audit-packages,v 1.27 2006/04/15 15:02:10 salo Exp $
 #
 # Copyright (c) 2000-2003 Alistair Crooks.  All rights reserved.
 #
@@ -41,19 +41,15 @@ ERR_PKGINSTALL="Please upgrade pkgtools/pkg_install to the newest version."
 
 FORMAT_MAJOR=1
 FORMAT_MINOR=0
-FORMAT_TEENY=1
+FORMAT_TEENY=0
 PKG_INSTALL_REQUIRED=20050530
 
 usage() {
 	argv0="${1##*/}"
 	cat <<EOF
 $2
-Usage: $argv0 [-dv] [-i vulnid:id|pkgpat:pattern]
-		     [-K pkg_dbdir] [-p package]
+Usage: $argv0 [-dv] [-K pkg_dbdir] [-p package]
     -d : Run download-vulnerability-list before anything else.
-    -i : Ignore packages matching one of the specified vulnerabilities,
-          or matching one of the provided patterns.
-          Repeated -i options add to the ignore list.
     -K : Use pkg_dbdir as PKG_DBDIR.
     -p : Check a specific package for vulnerabilities.
     -v : Verbose mode
@@ -71,18 +67,11 @@ vuls="${PKGVULNDIR}/pkg-vulnerabilities"
 
 download=no
 verbose=no
-ignore_list=
-pkg_patterns=
-vulnids=
 one_package=
 while [ $# -gt 0 ]; do
 	case "$1" in
 	-d)	download=yes ;;
 	-v)	verbose=yes ;;
-	-i)
-		ignore_list="$ignore_list $2"
-		shift
-		;;
 	-p)
 		one_package="$2"
 		shift
@@ -106,18 +95,6 @@ yes)	case "$settingsmsg" in
 	;;
 esac
 
-for ign in $ignore_list ; do
-	case "$ign" in
-	pkgpat:*)
-		ign="${ign#*:}"
-		pkg_patterns="$pkg_patterns $ign"
-		;;
-	*)
-		vulnids="$vulnids $ign"
-		;;
-	esac
-done
-
 # try to download vulnerability list, as requested
 # the integrity of the list is checked below
 # so just issue a warning if there was a failure
@@ -215,22 +192,6 @@ while read pat type url; do
 	\#*|'') continue;;
 	esac
 
-	vulnid=unknown
-	if [ $file_teeny -gt 0 ] ; then
-		vulnid=${type%%,*}
-		type=${type#*,}
-
-		skipit=0
-		for ign in $vulnids; do
-			if [ "$ign" = "$vulnid" ] ; then
-				skipit=1
-			fi
-		done
-		if [ $skipit -eq 1 ] ; then
-			continue;
-		fi
-	fi
-
 	if [ -z "$one_package" ] ; then
 		vulnpkgs=`@PKG_TOOLS_BIN@/pkg_info -e "$pat"`
 	else
@@ -240,19 +201,8 @@ while read pat type url; do
 		fi
 	fi
 	for pkg in $vulnpkgs ; do
-		skipit=0
-		for ign in $pkg_patterns; do
-			ign="${ign#*:}"
-			if @PKG_TOOLS_BIN@/pkg_admin pmatch "${ign}" "$pkg" ; then
-				skipit=1
-				break
-			fi
-		done
-		if [ $skipit -eq 1 ] ; then
-			continue
-		fi
 		echo "Package $pkg has a" \
-			"$type vulnerability (vulnid:$vulnid), see $url"
+			"$type vulnerability, see $url"
 	done
 done < "$vuls"
 
diff --git a/security/audit-packages/files/audit-packages.0 b/security/audit-packages/files/audit-packages.0
index 36ff25fbd00..c89746b9421 100644
--- a/security/audit-packages/files/audit-packages.0
+++ b/security/audit-packages/files/audit-packages.0
@@ -5,7 +5,7 @@ NNAAMMEE
      installed packages
 
 SSYYNNOOPPSSIISS
-     aauuddiitt--ppaacckkaaggeess [--ddvv] [--ii _i_g_n_o_r_e_-_l_i_s_t] [--KK _p_k_g___d_b_d_i_r] [--pp _p_a_c_k_a_g_e]
+     aauuddiitt--ppaacckkaaggeess [--ddvv] [--KK _p_k_g___d_b_d_i_r] [--pp _p_a_c_k_a_g_e]
      ddoowwnnllooaadd--vvuullnneerraabbiilliittyy--lliisstt
 
 DDEESSCCRRIIPPTTIIOONN
@@ -21,13 +21,6 @@ DDEESSCCRRIIPPTTIIOONN
                    file before scanning the installed packages for vulnerabil-
                    ities.
 
-     --ii [vvuullnniidd::_v_u_l_n_i_d|ppkkggppaatt::_p_a_t_t_e_r_n]
-                   Specify a list of vulnerabilities or packages to ignore.
-                   Packages can be specified using package wildcards (see
-                   pkg_info(1)).  Vulnerabilities can be specified with the
-                   form vvuullnniidd::_v_u_l_n_i_d.  Vulnerability ids are only present in
-                   file format 1.0.1 or higher.
-
      --KK _p_k_g___d_b_d_i_r  Use package database directory _p_k_g___d_b_d_i_r.
 
      --pp _p_a_c_k_a_g_e    Check only the package _p_a_c_k_a_g_e for vulnerabilities.
@@ -44,7 +37,7 @@ DDEESSCCRRIIPPTTIIOONN
      Each line lists the package and vulnerable versions, the type of exploit,
      and an Internet address for further information:
 
-     <package pattern> <vulnid>,<type> <url>
+     <package pattern> <type> <url>
 
      The type of exploit can be any text, although some common types of
      exploits listed are:
@@ -157,4 +150,4 @@ HHIISSTTOORRYY
      September 19, 2000.  The original idea came from Roland Dowdeswell and
      Bill Sommerfeld.
 
-NetBSD 3.0                     November 16, 2005                    NetBSD 3.0
+NetBSD 3.0                      April 15, 2006                      NetBSD 3.0
diff --git a/security/audit-packages/files/audit-packages.8 b/security/audit-packages/files/audit-packages.8
index 83fa26875f4..a70d15dddac 100644
--- a/security/audit-packages/files/audit-packages.8
+++ b/security/audit-packages/files/audit-packages.8
@@ -1,4 +1,4 @@
-.\" $NetBSD: audit-packages.8,v 1.17 2005/11/16 22:54:58 wiz Exp $
+.\" $NetBSD: audit-packages.8,v 1.18 2006/04/15 15:02:10 salo Exp $
 .\"
 .\" Copyright (c) 2003 Jeremy C. Reed.  All rights reserved.
 .\"
@@ -30,7 +30,7 @@
 .\" NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 .\" SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd November 16, 2005
+.Dd April 15, 2006
 .Os
 .Dt AUDIT-PACKAGES 8
 .Sh NAME
@@ -40,7 +40,6 @@
 .Sh SYNOPSIS
 .Nm
 .Op Fl dv
-.Op Fl i Ar ignore-list
 .Op Fl K Ar pkg_dbdir
 .Op Fl p Ar package
 .Nm download-vulnerability-list
@@ -61,13 +60,6 @@ The following flags are supported:
 will attempt to download the vulnerabilities
 file before scanning
 the installed packages for vulnerabilities.
-.It Fl i Oo Cm vulnid: Ns Ar vulnid Ns | Ns Cm pkgpat: Ns Ar pattern Oc
-Specify a list of vulnerabilities or packages to ignore.
-Packages can be specified using package wildcards (see
-.Xr pkg_info 1 ) .
-Vulnerabilities can be specified with the form
-.Cm vulnid: Ns Ar vulnid .
-Vulnerability ids are only present in file format 1.0.1 or higher.
 .It Fl K Ar pkg_dbdir
 Use package database directory
 .Ar pkg_dbdir .
@@ -97,7 +89,7 @@ and an Internet address for further information:
 .Bl -item
 .It
 .Aq package pattern
-.Ao vulnid Ac Ns , Ns Aq type
+.Aq type
 .Aq url
 .El
 .Pp