pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/mk The code for the pkg_install<20070714 vulnerability...
details: https://anonhg.NetBSD.org/pkgsrc/rev/bac1060a149e
branches: trunk
changeset: 532719:bac1060a149e
user: adrianp <adrianp%pkgsrc.org@localhost>
date: Wed Aug 29 23:26:30 2007 +0000
description:
The code for the pkg_install<20070714 vulnerability checks used in the
README.html generation are broken. It will not find vulnerabilities in any
packages that have complex names in the pkg-vulnerabilties file.
e.g. php{4,5}-perl and sun-{jdk,jre}15
Post pkg_install-20070714 this is now fixed and only currently known
vulnerabilities are shown in the generated README.html files for packages.
You will need to update to pkg_install>=20070714 to get this fix.
diffstat:
mk/bsd.pkg.readme.mk | 5 +++--
mk/scripts/genreadme.awk | 31 +++++++++++++++++++++++++++++--
2 files changed, 32 insertions(+), 4 deletions(-)
diffs (80 lines):
diff -r 7b27676b26bd -r bac1060a149e mk/bsd.pkg.readme.mk
--- a/mk/bsd.pkg.readme.mk Wed Aug 29 23:22:26 2007 +0000
+++ b/mk/bsd.pkg.readme.mk Wed Aug 29 23:26:30 2007 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: bsd.pkg.readme.mk,v 1.12 2007/08/13 09:45:49 rillig Exp $
+# $NetBSD: bsd.pkg.readme.mk,v 1.13 2007/08/29 23:26:30 adrianp Exp $
#
# This Makefile fragment is included by bsd.pkg.mk and encapsulates the
# code to produce README.html files in each package directory.
@@ -235,7 +235,7 @@
# XXX: have complex names in the pkg-vulnerabilties file.
# XXX: e.g. php{4,5}-perl and sun-{jdk,jre}15
# XXX: Post pkg_install-20070714 only currently known vulnerabilities are
-# XXX: shown in the generated files for packages.
+# XXX: shown in the generated README.html files for packages.
#
.PHONY: show-vulnerabilities-html
show-vulnerabilities-html:
@@ -299,6 +299,7 @@
PKG_URL=${PKG_URL:Q} \
PKGSRCDIR=${.CURDIR:C|/[^/]*/[^/]*$||:Q} \
PVDIR=$$_PVDIR \
+ PKGTOOLS_VER=${PKGTOOLS_VERSION} \
SED=${SED:Q} \
SETENV=${SETENV:Q} \
SORT=${SORT:Q} \
diff -r 7b27676b26bd -r bac1060a149e mk/scripts/genreadme.awk
--- a/mk/scripts/genreadme.awk Wed Aug 29 23:22:26 2007 +0000
+++ b/mk/scripts/genreadme.awk Wed Aug 29 23:26:30 2007 +0000
@@ -1,5 +1,5 @@
#!/usr/bin/awk -f
-# $NetBSD: genreadme.awk,v 1.27 2007/05/28 11:07:00 martti Exp $
+# $NetBSD: genreadme.awk,v 1.28 2007/08/29 23:26:30 adrianp Exp $
#
# Copyright (c) 2002, 2003, 2005, 2006 The NetBSD Foundation, Inc.
# All rights reserved.
@@ -372,8 +372,15 @@
if (debug) printf("wrote = %d entries to \"%s\"\n",
i-1, htmldeps_file);
+# XXX: The code for the pkg_install<20070714 vulnerability checks are
+# XXX: broken. It will not find vulnerabilities in any packages that
+# XXX: have complex names in the pkg-vulnerabilties file.
+# XXX: e.g. php{4,5}-perl and sun-{jdk,jre}15
+# XXX: Post pkg_install-20070714 only currently known vulnerabilities are
+# XXX: shown in the generated README.html files for packages.
+
vul = "";
- if (have_vfile) {
+ if (have_vfile && PKGTOOLS_VER < 20070714) {
i = 1;
pkgbase = pkgdir2name[toppkg];
gsub(/-[^-]*$/, "", pkgbase);
@@ -403,6 +410,26 @@
}
}
+ if (have_vfile && PKGTOOLS_VER >= 20070714) {
+ pkg = pkgdir2name[toppkg];
+
+ if (debug) {
+ printf("Checking for %s (%s) vulnerabilities\n",
+ toppkg, pkg);
+ }
+
+ cmd = sprintf("audit-packages -n %s", pkg);
+ while (cmd | getline vuln_entry) {
+ split(vuln_entry, entry, " ");
+ vul = sprintf("%s<LI><STRONG>%s has a <a href=\"%s\">%s</a> vulnerability</STRONG></LI>\n",
+ vul, pkg, entry[8], entry[5]);
+ }
+ close(cmd);
+
+ if ( vul == "" ){
+ vul="<I>(no vulnerabilities known)</I>";
+ }
+ }
if (debug) {
printf("Checking for binary package with lookup_cache( %s)\n",
Home |
Main Index |
Thread Index |
Old Index