From 5ec1ad3733dd7f4733b5fc807e196b8a80c7d830 Mon Sep 17 00:00:00 2001 From: adrianp Date: Wed, 29 Aug 2007 23:26:30 +0000 Subject: The code for the pkg_install<20070714 vulnerability checks used in the README.html generation are broken. It will not find vulnerabilities in any packages that have complex names in the pkg-vulnerabilties file. e.g. php{4,5}-perl and sun-{jdk,jre}15 Post pkg_install-20070714 this is now fixed and only currently known vulnerabilities are shown in the generated README.html files for packages. You will need to update to pkg_install>=20070714 to get this fix. --- mk/bsd.pkg.readme.mk | 5 +++-- mk/scripts/genreadme.awk | 31 +++++++++++++++++++++++++++++-- 2 files changed, 32 insertions(+), 4 deletions(-) diff --git a/mk/bsd.pkg.readme.mk b/mk/bsd.pkg.readme.mk index 3c4855d573f..40c6eef1811 100644 --- a/mk/bsd.pkg.readme.mk +++ b/mk/bsd.pkg.readme.mk @@ -1,4 +1,4 @@ -# $NetBSD: bsd.pkg.readme.mk,v 1.12 2007/08/13 09:45:49 rillig Exp $ +# $NetBSD: bsd.pkg.readme.mk,v 1.13 2007/08/29 23:26:30 adrianp Exp $ # # This Makefile fragment is included by bsd.pkg.mk and encapsulates the # code to produce README.html files in each package directory. @@ -235,7 +235,7 @@ SED_HOMEPAGE_EXPR= -e 's|%%HOMEPAGE%%||' # XXX: have complex names in the pkg-vulnerabilties file. # XXX: e.g. php{4,5}-perl and sun-{jdk,jre}15 # XXX: Post pkg_install-20070714 only currently known vulnerabilities are -# XXX: shown in the generated files for packages. +# XXX: shown in the generated README.html files for packages. # .PHONY: show-vulnerabilities-html show-vulnerabilities-html: @@ -299,6 +299,7 @@ README.html: .PRECIOUS PKG_URL=${PKG_URL:Q} \ PKGSRCDIR=${.CURDIR:C|/[^/]*/[^/]*$||:Q} \ PVDIR=$$_PVDIR \ + PKGTOOLS_VER=${PKGTOOLS_VERSION} \ SED=${SED:Q} \ SETENV=${SETENV:Q} \ SORT=${SORT:Q} \ diff --git a/mk/scripts/genreadme.awk b/mk/scripts/genreadme.awk index 5fdf718bfd8..320afb5a35d 100755 --- a/mk/scripts/genreadme.awk +++ b/mk/scripts/genreadme.awk @@ -1,5 +1,5 @@ #!/usr/bin/awk -f -# $NetBSD: genreadme.awk,v 1.27 2007/05/28 11:07:00 martti Exp $ +# $NetBSD: genreadme.awk,v 1.28 2007/08/29 23:26:30 adrianp Exp $ # # Copyright (c) 2002, 2003, 2005, 2006 The NetBSD Foundation, Inc. # All rights reserved. @@ -372,8 +372,15 @@ END { if (debug) printf("wrote = %d entries to \"%s\"\n", i-1, htmldeps_file); +# XXX: The code for the pkg_install<20070714 vulnerability checks are +# XXX: broken. It will not find vulnerabilities in any packages that +# XXX: have complex names in the pkg-vulnerabilties file. +# XXX: e.g. php{4,5}-perl and sun-{jdk,jre}15 +# XXX: Post pkg_install-20070714 only currently known vulnerabilities are +# XXX: shown in the generated README.html files for packages. + vul = ""; - if (have_vfile) { + if (have_vfile && PKGTOOLS_VER < 20070714) { i = 1; pkgbase = pkgdir2name[toppkg]; gsub(/-[^-]*$/, "", pkgbase); @@ -403,6 +410,26 @@ END { } } + if (have_vfile && PKGTOOLS_VER >= 20070714) { + pkg = pkgdir2name[toppkg]; + + if (debug) { + printf("Checking for %s (%s) vulnerabilities\n", + toppkg, pkg); + } + + cmd = sprintf("audit-packages -n %s", pkg); + while (cmd | getline vuln_entry) { + split(vuln_entry, entry, " "); + vul = sprintf("%s
  • %s has a %s vulnerability
    • \n", + vul, pkg, entry[8], entry[5]); + } + close(cmd); + + if ( vul == "" ){ + vul="(no vulnerabilities known)"; + } + } if (debug) { printf("Checking for binary package with lookup_cache( %s)\n", -- cgit v1.2.3