From acfc901f7a317facb10a915f6520d5f7faf18afe Mon Sep 17 00:00:00 2001
From: adrianp <adrianp@pkgsrc.org>
Date: Sun, 21 May 2006 13:31:27 +0000
Subject: Support fetching the pkg-vulnerabilities file over http Bump to
 version 1.43

---
 security/audit-packages/Makefile                   |  4 +-
 security/audit-packages/files/audit-packages.0     | 79 ++++++++++++----------
 security/audit-packages/files/audit-packages.8     | 16 ++++-
 .../files/download-vulnerability-list              | 14 +++-
 4 files changed, 74 insertions(+), 39 deletions(-)

(limited to 'security/audit-packages')

diff --git a/security/audit-packages/Makefile b/security/audit-packages/Makefile
index 84582084010..216fb1be505 100644
--- a/security/audit-packages/Makefile
+++ b/security/audit-packages/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.66 2006/04/16 16:15:01 salo Exp $
+# $NetBSD: Makefile,v 1.67 2006/05/21 13:31:27 adrianp Exp $
 
-DISTNAME=	audit-packages-1.42
+DISTNAME=	audit-packages-1.43
 CATEGORIES=	security pkgtools
 MASTER_SITES=	# empty
 DISTFILES=	# empty
diff --git a/security/audit-packages/files/audit-packages.0 b/security/audit-packages/files/audit-packages.0
index c89746b9421..69bcd368520 100644
--- a/security/audit-packages/files/audit-packages.0
+++ b/security/audit-packages/files/audit-packages.0
@@ -41,40 +41,40 @@ DDEESSCCRRIIPPTTIIOONN
 
      The type of exploit can be any text, although some common types of
      exploits listed are:
-           ··   cross-site-html
-           ··   cross-site-scripting
-           ··   denial-of-service
-           ··   file-permissions
-           ··   local-access
-           ··   local-code-execution
-           ··   local-file-read
-           ··   local-file-removal
-           ··   local-file-write
-           ··   local-root-file-view
-           ··   local-root-shell
-           ··   local-symlink-race
-           ··   local-user-file-view
-           ··   local-user-shell
-           ··   privacy-leak
-           ··   remote-code-execution
-           ··   remote-command-inject
-           ··   remote-file-creation
-           ··   remote-file-read
-           ··   remote-file-view
-           ··   remote-file-write
-           ··   remote-key-theft
-           ··   remote-root-access
-           ··   remote-root-shell
-           ··   remote-script-inject
-           ··   remote-server-admin
-           ··   remote-use-of-secret
-           ··   remote-user-access
-           ··   remote-user-file-view
-           ··   remote-user-shell
-           ··   unknown
-           ··   weak-authentication
-           ··   weak-encryption
-           ··   weak-ssl-authentication
+           ++oo   cross-site-html
+           ++oo   cross-site-scripting
+           ++oo   denial-of-service
+           ++oo   file-permissions
+           ++oo   local-access
+           ++oo   local-code-execution
+           ++oo   local-file-read
+           ++oo   local-file-removal
+           ++oo   local-file-write
+           ++oo   local-root-file-view
+           ++oo   local-root-shell
+           ++oo   local-symlink-race
+           ++oo   local-user-file-view
+           ++oo   local-user-shell
+           ++oo   privacy-leak
+           ++oo   remote-code-execution
+           ++oo   remote-command-inject
+           ++oo   remote-file-creation
+           ++oo   remote-file-read
+           ++oo   remote-file-view
+           ++oo   remote-file-write
+           ++oo   remote-key-theft
+           ++oo   remote-root-access
+           ++oo   remote-root-shell
+           ++oo   remote-script-inject
+           ++oo   remote-server-admin
+           ++oo   remote-use-of-secret
+           ++oo   remote-user-access
+           ++oo   remote-user-file-view
+           ++oo   remote-user-shell
+           ++oo   unknown
+           ++oo   weak-authentication
+           ++oo   weak-encryption
+           ++oo   weak-ssl-authentication
 
      By default, the vulnerabilities file is stored in the @PKGVULNDIR@ direc-
      tory.  This can be changed by defining the environment variable
@@ -92,6 +92,11 @@ EENNVVIIRROONNMMEENNTT
 
      FETCH_ARGS  Specifies optional arguments for the ftp client.
 
+     FETCH_PROTO
+                 Specifies the protocol to use when fetching the
+                 _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file. Currently supports only http and
+                 ftp. The default is ftp.
+
 FFIILLEESS
      @PKGVULNDIR@/pkg-vulnerabilities
 
@@ -107,6 +112,12 @@ EEXXAAMMPPLLEESS
 
      export FETCH_ARGS="-4"
 
+     The ddoowwnnllooaadd--vvuullnneerraabbiilliittyy--lliisstt command can be forced to use http to
+     download the _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file with the following setting in
+     @PKG_SYSCONFDIR@/audit-packages.conf :
+
+     export FETCH_PROTO="http"
+
 DDIIAAGGNNOOSSTTIICCSS
      The following errors can occur:
 
diff --git a/security/audit-packages/files/audit-packages.8 b/security/audit-packages/files/audit-packages.8
index a70d15dddac..4ce2c6313c4 100644
--- a/security/audit-packages/files/audit-packages.8
+++ b/security/audit-packages/files/audit-packages.8
@@ -1,4 +1,4 @@
-.\" $NetBSD: audit-packages.8,v 1.18 2006/04/15 15:02:10 salo Exp $
+.\" $NetBSD: audit-packages.8,v 1.19 2006/05/21 13:31:27 adrianp Exp $
 .\"
 .\" Copyright (c) 2003 Jeremy C. Reed.  All rights reserved.
 .\"
@@ -186,6 +186,10 @@ Specifies the directory containing the
 file.
 .It Ev FETCH_ARGS
 Specifies optional arguments for the ftp client.
+.It Ev FETCH_PROTO
+Specifies the protocol to use when fetching the 
+.Pa pkg-vulnerabilities
+file. Currently supports only http and ftp. The default is ftp.
 .El
 .Sh FILES
 @PKGVULNDIR@/pkg-vulnerabilities
@@ -214,6 +218,16 @@ command can be forced to use IPv4 with the following setting in
 @PKG_SYSCONFDIR@/audit-packages.conf :
 .Pp
 export FETCH_ARGS="-4"
+.Pp
+The
+.Nm download-vulnerability-list
+command can be forced to use http to download the
+.Pa pkg-vulnerabilities
+file with the following setting in
+@PKG_SYSCONFDIR@/audit-packages.conf :
+.Pp
+export FETCH_PROTO="http"
+.Pp
 .Sh DIAGNOSTICS
 The following errors can occur:
 .Bl -tag -width 10n
diff --git a/security/audit-packages/files/download-vulnerability-list b/security/audit-packages/files/download-vulnerability-list
index 886c2e0d399..e25b6b536ff 100644
--- a/security/audit-packages/files/download-vulnerability-list
+++ b/security/audit-packages/files/download-vulnerability-list
@@ -1,6 +1,6 @@
 #! @SH@
 
-# $NetBSD: download-vulnerability-list,v 1.27 2005/10/20 10:26:54 agc Exp $
+# $NetBSD: download-vulnerability-list,v 1.28 2006/05/21 13:31:27 adrianp Exp $
 #
 # Copyright (c) 2000-2003 Alistair Crooks.  All rights reserved.
 #
@@ -34,8 +34,8 @@
 #
 
 : ${PKGVULNDIR=@PKGVULNDIR@}
+: ${FETCH_PROTO=ftp}
 
-VUL_SOURCE="ftp://ftp.NetBSD.org/pub/NetBSD/packages/distfiles/pkg-vulnerabilities"
 NEW_VUL_LIST=pkg-vulnerabilities.$$
 EXIST_VUL_LIST=pkg-vulnerabilities
 
@@ -45,11 +45,21 @@ if [ -r @PKG_SYSCONFDIR@/audit-packages.conf ]; then
 	. @PKG_SYSCONFDIR@/audit-packages.conf
 fi
 
+VUL_SOURCE="${FETCH_PROTO}://ftp.NetBSD.org/pub/NetBSD/packages/distfiles/pkg-vulnerabilities"
+
 if [ ! -d ${PKGVULNDIR}/. ]; then
 	echo "Creating ${PKGVULNDIR}"
 	@MKDIR@ ${PKGVULNDIR} || (echo "Can't create ${PKGVULNDIR}" 1>&2; exit 1)
 fi
 
+case ${FETCH_PROTO} in
+http) 	;;
+ftp)	;;
+*)	echo "Unknown FETCH_PROTO specified - Only http and ftp are aurrently supported."
+	exit 1
+	;;
+esac
+
 cd ${PKGVULNDIR}
 utility=`echo "@FETCH_CMD@" | @AWK@ '{ print $1 }'`
 case "$utility" in
-- 
cgit v1.2.3