diff options
| -rw-r--r-- | mk/bsd.pkg.defaults.mk | 9 | ||||
| -rw-r--r-- | mk/bsd.pkg.mk | 18 | ||||
| -rw-r--r-- | security/audit-packages/Makefile | 4 |
3 files changed, 18 insertions, 13 deletions
diff --git a/mk/bsd.pkg.defaults.mk b/mk/bsd.pkg.defaults.mk index e7b9469c267..9a675758e6a 100644 --- a/mk/bsd.pkg.defaults.mk +++ b/mk/bsd.pkg.defaults.mk @@ -1,4 +1,4 @@ -# $NetBSD: bsd.pkg.defaults.mk,v 1.140 2003/04/17 13:04:56 agc Exp $ +# $NetBSD: bsd.pkg.defaults.mk,v 1.141 2003/04/25 20:05:19 jmmv Exp $ # # A file providing defaults for pkgsrc and the packages collection. @@ -138,6 +138,13 @@ PACKAGES?= ${_PKGSRCDIR}/packages # Possible: any path you like # Default: /usr/pkgsrc/packages +PKGVULNDIR?= ${DISTDIR} +# Specifies where the `vulnerabilities' file is located. This variable +# is used by the audit-packages program and by pkgsrc itself to do security +# checks before building/installing programs. +# Possible: any path you like +# Default: /usr/pkgsrc/distfiles + #PASSIVE_FETCH= # Use ftp(1) in passive mode, for use behind filtering firewalls. # (Set by default in ftp(1) in NetBSD-current) diff --git a/mk/bsd.pkg.mk b/mk/bsd.pkg.mk index fcfe797c933..1a02fc5a2a9 100644 --- a/mk/bsd.pkg.mk +++ b/mk/bsd.pkg.mk @@ -1,4 +1,4 @@ -# $NetBSD: bsd.pkg.mk,v 1.1171 2003/04/17 15:33:26 grant Exp $ +# $NetBSD: bsd.pkg.mk,v 1.1172 2003/04/25 20:05:18 jmmv Exp $ # # This file is in the public domain. # @@ -1406,10 +1406,10 @@ batch-check-distfiles: # check for any vulnerabilities in the package # Please do not modify the leading "@" here check-vulnerable: - @if [ -f ${DISTDIR}/vulnerabilities ]; then \ + @if [ -f ${PKGVULNDIR}/vulnerabilities ]; then \ ${SETENV} PKGNAME="${PKGNAME}" \ ${AWK} '/#.*/ { next } \ - { s = sprintf("${PKG_ADMIN} pmatch \"%s\" %s && ${ECHO} \"*** WARNING - %s vulnerability in %s - see %s for more information ***\"", $$1, ENVIRON["PKGNAME"], $$2, ENVIRON["PKGNAME"], $$3); system(s); }' < ${DISTDIR}/vulnerabilities || ${FALSE}; \ + { s = sprintf("${PKG_ADMIN} pmatch \"%s\" %s && ${ECHO} \"*** WARNING - %s vulnerability in %s - see %s for more information ***\"", $$1, ENVIRON["PKGNAME"], $$2, ENVIRON["PKGNAME"], $$3); system(s); }' < ${PKGVULNDIR}/vulnerabilities || ${FALSE}; \ fi .if !target(do-fetch) @@ -3761,19 +3761,19 @@ SED_HOMEPAGE_EXPR= -e 's|%%HOMEPAGE%%||' show-vulnerabilities: ${_PKG_SILENT}${_PKG_DEBUG} \ - if [ -f ${DISTDIR}/vulnerabilities ]; then \ - ${AWK} '/^${PKGBASE}[-<>=]+[0-9]/ { print $$0 }' ${DISTDIR}/vulnerabilities; \ + if [ -f ${PKGVULNDIR}/vulnerabilities ]; then \ + ${AWK} '/^${PKGBASE}[-<>=]+[0-9]/ { print $$0 }' ${PKGVULNDIR}/vulnerabilities; \ else \ ${ECHO} "No vulnerabilities list found."; \ fi show-vulnerabilities-html: ${_PKG_SILENT}${_PKG_DEBUG} \ - if [ -f ${DISTDIR}/vulnerabilities ]; then \ + if [ -f ${PKGVULNDIR}/vulnerabilities ]; then \ ${AWK} '/^${PKGBASE}[-<>=]+[0-9]/ { gsub("\<", "\\<", $$1); \ gsub("\>", "\\>", $$1); \ printf("<LI><STRONG>%s has a %s exploit (see <a href=\"%s\">%s</a> for more details)</STRONG></LI>\n", $$1, $$2, $$3, $$3) }' \ - ${DISTDIR}/vulnerabilities; \ + ${PKGVULNDIR}/vulnerabilities; \ fi @@ -4164,8 +4164,8 @@ fake-pkg: ${PLIST} ${DESCR} ${MESSAGE} done; \ fi ${_PKG_SILENT}${_PKG_DEBUG} \ - if [ -f ${DISTDIR}/vulnerabilities ]; then \ - allvul="`${AWK} '/#.*/ { next } NF > 0 { cmd = sprintf(\"${PKG_INFO} -e \\\"%s\\\"\", $$1); system(cmd) }' ${DISTDIR}/vulnerabilities`"; \ + if [ -f ${PKGVULNDIR}/vulnerabilities ]; then \ + allvul="`${AWK} '/#.*/ { next } NF > 0 { cmd = sprintf(\"${PKG_INFO} -e \\\"%s\\\"\", $$1); system(cmd) }' ${PKGVULNDIR}/vulnerabilities`"; \ for vul in "" $$allvul; do \ if [ "X$$vul" = "X" ]; then continue; fi; \ if [ "$$vul" = "${PKGNAME}" ]; then \ diff --git a/security/audit-packages/Makefile b/security/audit-packages/Makefile index 35c912b4eba..6bb603f1eb3 100644 --- a/security/audit-packages/Makefile +++ b/security/audit-packages/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.18 2003/03/29 12:42:22 jmmv Exp $ +# $NetBSD: Makefile,v 1.19 2003/04/25 20:05:20 jmmv Exp $ DISTNAME= audit-packages-1.14 WRKSRC= ${WRKDIR} @@ -13,8 +13,6 @@ NO_CHECKSUM= yes NO_BUILD= yes NO_MTREE= yes -PKGVULNDIR?= ${DISTDIR} - do-configure: @for f in audit-packages download-vulnerability-list; do \ ${SED} -e 's|\$${PKGVULNDIR}|${PKGVULNDIR}|g' \ |