5 files changed, 39 insertions, 10 deletions
diff --git a/pkgtools/pkg_install/files/lib/lib.h b/pkgtools/pkg_install/files/lib/lib.h
index 8320ddf87a3..50b7f554cef 100644
--- a/pkgtools/pkg_install/files/lib/lib.h
+++ b/pkgtools/pkg_install/files/lib/lib.h
@@ -1,4 +1,4 @@
-/* $NetBSD: lib.h,v 1.42.2.16 2008/12/30 15:55:57 joerg Exp $ */
+/* $NetBSD: lib.h,v 1.42.2.17 2009/01/08 00:01:31 joerg Exp $ */
 
 /* from FreeBSD Id: lib.h,v 1.25 1997/10/08 07:48:03 charnier Exp */
 
@@ -412,6 +412,7 @@ extern Boolean Force;
 extern const char *cert_chain_file;
 extern const char *certs_packages;
 extern const char *certs_pkg_vulnerabilities;
+extern const char *check_vulnerabilities;
 extern const char *config_file;
 extern const char *verified_installation;
 extern const char *gpg_cmd;
diff --git a/pkgtools/pkg_install/files/lib/parse-config.c b/pkgtools/pkg_install/files/lib/parse-config.c
index e35271a36cf..d629c85c3af 100644
--- a/pkgtools/pkg_install/files/lib/parse-config.c
+++ b/pkgtools/pkg_install/files/lib/parse-config.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: parse-config.c,v 1.1.2.5 2008/08/21 16:04:39 joerg Exp $	*/
+/*	$NetBSD: parse-config.c,v 1.1.2.6 2009/01/08 00:01:31 joerg Exp $	*/
 
 #if HAVE_CONFIG_H
 #include "config.h"
@@ -8,7 +8,7 @@
 #include <sys/cdefs.h>
 #endif
 #ifndef lint
-__RCSID("$NetBSD: parse-config.c,v 1.1.2.5 2008/08/21 16:04:39 joerg Exp $");
+__RCSID("$NetBSD: parse-config.c,v 1.1.2.6 2009/01/08 00:01:31 joerg Exp $");
 #endif
 
 /*-
@@ -58,6 +58,7 @@ static const char *ignore_proxy;
 const char *cert_chain_file;
 const char *certs_packages;
 const char *certs_pkg_vulnerabilities;
+const char *check_vulnerabilities;
 const char *verified_installation;
 const char *gpg_cmd;
 const char *pkg_vulnerabilities_dir;
@@ -75,6 +76,7 @@ static struct config_variable {
 	{ "CERTIFICATE_ANCHOR_PKGS", &certs_packages },
 	{ "CERTIFICATE_ANCHOR_PKGVULN", &certs_pkg_vulnerabilities },
 	{ "CERTIFICATE_CHAIN", &cert_chain_file },
+	{ "CHECK_VULNERABILITIES", &check_vulnerabilities },
 	{ "GPG", &gpg_cmd },
 	{ "IGNORE_PROXY", &ignore_proxy },
 	{ "IGNORE_URL", &ignore_advisories },
@@ -108,6 +110,9 @@ pkg_install_config(void)
 	if (verified_installation == NULL)
 		verified_installation = "never";
 
+	if (check_vulnerabilities == NULL)
+		check_vulnerabilities = "never";
+
 	snprintf(fetch_flags, sizeof(fetch_flags), "%s%s%s",
 	    (verbose_netio && *verbose_netio) ? "v" : "",
 	    (active_ftp && *active_ftp) ? "" : "p",
diff --git a/pkgtools/pkg_install/files/lib/pkg_install.conf.5 b/pkgtools/pkg_install/files/lib/pkg_install.conf.5
index f0996c0cac3..9a50fdaa4b8 100644
--- a/pkgtools/pkg_install/files/lib/pkg_install.conf.5
+++ b/pkgtools/pkg_install/files/lib/pkg_install.conf.5
@@ -1,6 +1,6 @@
-.\"	$NetBSD: pkg_install.conf.5,v 1.1.2.3 2008/08/21 16:10:01 joerg Exp $
+.\"	$NetBSD: pkg_install.conf.5,v 1.1.2.4 2009/01/08 00:01:31 joerg Exp $
 .\"
-.\" Copyright (c) 2008 The NetBSD Foundation, Inc.
+.\" Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
 .\" All rights reserved.
 .\"
 .\" This code is derived from software contributed to The NetBSD Foundation
@@ -27,7 +27,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd August 21, 2008
+.Dd January 8, 2009
 .Dt PKG_INSTALL.CONF 5
 .Os
 .Sh NAME
@@ -67,6 +67,18 @@ contained in this file.
 Path to a file containing additional certificates that can be used
 for completing certicate chains when validating binary packages or
 pkg-vulnerabilities files.
+.Dv CHECK_VULNERABILITIES
+Check for vulnerabilities when installating packages.
+Supported values are:
+.Bl -tag -width interactiveXX
+.It Dv never
+No check is performed.
+.It Dv always
+Passing the vulnerability check is required.
+A missing pkg-vulnerabilities file is considered an error.
+.It Dv interactive
+The user is always asked to confirm installation of vulnerable packages.
+.El
 .It Dv GPG
 Deprecated.
 Path to
diff --git a/pkgtools/pkg_install/files/lib/pkg_install.conf.cat5 b/pkgtools/pkg_install/files/lib/pkg_install.conf.cat5
index 8721a7fd9eb..47b15c26ef1 100644
--- a/pkgtools/pkg_install/files/lib/pkg_install.conf.cat5
+++ b/pkgtools/pkg_install/files/lib/pkg_install.conf.cat5
@@ -31,7 +31,18 @@ DDEESSCCRRIIPPTTIIOONN
      CERTIFICATE_CHAIN
              Path to a file containing additional certificates that can be
              used for completing certicate chains when validating binary pack-
-             ages or pkg-vulnerabilities files.
+             ages or pkg-vulnerabilities files.  CHECK_VULNERABILITIES Check
+             for vulnerabilities when installating packages.  Supported values
+             are:
+
+             never          No check is performed.
+
+             always         Passing the vulnerability check is required.  A
+                            missing pkg-vulnerabilities file is considered an
+                            error.
+
+             interactive    The user is always asked to confirm installation
+                            of vulnerable packages.
 
      GPG     Deprecated.  Path to gpg(1), which can be used to verify the sig-
              nature in the _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file when running
@@ -88,4 +99,4 @@ FFIILLEESS
 SSEEEE AALLSSOO
      pkg_add(1), pkg_admin(1)
 
-NetBSD 4.0                      August 21, 2008                     NetBSD 4.0
+NetBSD 5.0                      January 8, 2009                     NetBSD 5.0
diff --git a/pkgtools/pkg_install/files/lib/version.h b/pkgtools/pkg_install/files/lib/version.h
index 15191bcc6a7..13832d54163 100644
--- a/pkgtools/pkg_install/files/lib/version.h
+++ b/pkgtools/pkg_install/files/lib/version.h
@@ -1,4 +1,4 @@
-/*	$NetBSD: version.h,v 1.102.2.19 2008/12/30 15:55:57 joerg Exp $	*/
+/*	$NetBSD: version.h,v 1.102.2.20 2009/01/08 00:01:31 joerg Exp $	*/
 
 /*
  * Copyright (c) 2001 Thomas Klausner.  All rights reserved.
@@ -27,6 +27,6 @@
 #ifndef _INST_LIB_VERSION_H_
 #define _INST_LIB_VERSION_H_
 
-#define PKGTOOLS_VERSION "20081230"
+#define PKGTOOLS_VERSION "20090108"
 
 #endif /* _INST_LIB_VERSION_H_ */