pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/pkgtools/pkg_install/files



Module Name:    pkgsrc
Committed By:   ginsbach
Date:           Mon Feb 26 23:45:02 UTC 2018

Modified Files:
        pkgsrc/pkgtools/pkg_install/files/add: perform.c
        pkgsrc/pkgtools/pkg_install/files/admin: audit.c main.c pkg_admin.1
            pkg_admin.cat
        pkgsrc/pkgtools/pkg_install/files/lib: lib.h version.h
            vulnerabilities-file.c

Log Message:
pkg_install-20180226:
- add option to include IGNORE_URL pkg_install.conf entries in audit
  but flagged as "ignored".
- bump version to 20180226


To generate a diff of this commit:
cvs rdiff -u -r1.109 -r1.110 pkgsrc/pkgtools/pkg_install/files/add/perform.c
cvs rdiff -u -r1.17 -r1.18 pkgsrc/pkgtools/pkg_install/files/admin/audit.c
cvs rdiff -u -r1.65 -r1.66 pkgsrc/pkgtools/pkg_install/files/admin/main.c
cvs rdiff -u -r1.34 -r1.35 \
    pkgsrc/pkgtools/pkg_install/files/admin/pkg_admin.1
cvs rdiff -u -r1.3 -r1.4 \
    pkgsrc/pkgtools/pkg_install/files/admin/pkg_admin.cat
cvs rdiff -u -r1.68 -r1.69 pkgsrc/pkgtools/pkg_install/files/lib/lib.h
cvs rdiff -u -r1.172 -r1.173 pkgsrc/pkgtools/pkg_install/files/lib/version.h
cvs rdiff -u -r1.9 -r1.10 \
    pkgsrc/pkgtools/pkg_install/files/lib/vulnerabilities-file.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/pkgtools/pkg_install/files/add/perform.c
diff -u pkgsrc/pkgtools/pkg_install/files/add/perform.c:1.109 pkgsrc/pkgtools/pkg_install/files/add/perform.c:1.110
--- pkgsrc/pkgtools/pkg_install/files/add/perform.c:1.109       Wed Apr 19 21:42:50 2017
+++ pkgsrc/pkgtools/pkg_install/files/add/perform.c     Mon Feb 26 23:45:01 2018
@@ -1,4 +1,4 @@
-/*     $NetBSD: perform.c,v 1.109 2017/04/19 21:42:50 joerg Exp $      */
+/*     $NetBSD: perform.c,v 1.110 2018/02/26 23:45:01 ginsbach Exp $   */
 #if HAVE_CONFIG_H
 #include "config.h"
 #endif
@@ -6,7 +6,7 @@
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-__RCSID("$NetBSD: perform.c,v 1.109 2017/04/19 21:42:50 joerg Exp $");
+__RCSID("$NetBSD: perform.c,v 1.110 2018/02/26 23:45:01 ginsbach Exp $");
 
 /*-
  * Copyright (c) 2003 Grant Beattie <grant%NetBSD.org@localhost>
@@ -1318,7 +1318,7 @@ check_vulnerable(struct pkg_task *pkg)
                        return require_check;
        }
 
-       if (!audit_package(pv, pkg->pkgname, NULL, 2))
+       if (!audit_package(pv, pkg->pkgname, NULL, 0, 2))
                return 0;
 
        if (require_check)

Index: pkgsrc/pkgtools/pkg_install/files/admin/audit.c
diff -u pkgsrc/pkgtools/pkg_install/files/admin/audit.c:1.17 pkgsrc/pkgtools/pkg_install/files/admin/audit.c:1.18
--- pkgsrc/pkgtools/pkg_install/files/admin/audit.c:1.17        Fri Feb 18 15:59:52 2011
+++ pkgsrc/pkgtools/pkg_install/files/admin/audit.c     Mon Feb 26 23:45:02 2018
@@ -1,4 +1,4 @@
-/*     $NetBSD: audit.c,v 1.17 2011/02/18 15:59:52 aymeric Exp $       */
+/*     $NetBSD: audit.c,v 1.18 2018/02/26 23:45:02 ginsbach Exp $      */
 
 #if HAVE_CONFIG_H
 #include "config.h"
@@ -7,7 +7,7 @@
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-__RCSID("$NetBSD: audit.c,v 1.17 2011/02/18 15:59:52 aymeric Exp $");
+__RCSID("$NetBSD: audit.c,v 1.18 2018/02/26 23:45:02 ginsbach Exp $");
 
 /*-
  * Copyright (c) 2008 Joerg Sonnenberger <joerg%NetBSD.org@localhost>.
@@ -73,13 +73,14 @@ __RCSID("$NetBSD: audit.c,v 1.17 2011/02
 #include "admin.h"
 #include "lib.h"
 
+static int check_ignored_advisories = 0;
 static int check_signature = 0;
 static const char *limit_vul_types = NULL;
 static int update_pkg_vuln = 0;
 
 static struct pkg_vulnerabilities *pv;
 
-static const char audit_options[] = "est:";
+static const char audit_options[] = "eist:";
 
 static void
 parse_options(int argc, char **argv, const char *options)
@@ -101,6 +102,9 @@ parse_options(int argc, char **argv, con
                case 'e':
                        check_eol = "yes";
                        break;
+               case 'i':
+                       check_ignored_advisories = 1;
+                       break;
                case 's':
                        check_signature = 1;
                        break;
@@ -122,7 +126,8 @@ parse_options(int argc, char **argv, con
 static int
 check_exact_pkg(const char *pkg)
 {
-       return audit_package(pv, pkg, limit_vul_types, quiet ? 0 : 1);
+       return audit_package(pv, pkg, limit_vul_types,
+                            check_ignored_advisories, quiet ? 0 : 1);
 }
 
 static int

Index: pkgsrc/pkgtools/pkg_install/files/admin/main.c
diff -u pkgsrc/pkgtools/pkg_install/files/admin/main.c:1.65 pkgsrc/pkgtools/pkg_install/files/admin/main.c:1.66
--- pkgsrc/pkgtools/pkg_install/files/admin/main.c:1.65 Wed Apr 19 21:42:50 2017
+++ pkgsrc/pkgtools/pkg_install/files/admin/main.c      Mon Feb 26 23:45:02 2018
@@ -1,4 +1,4 @@
-/*     $NetBSD: main.c,v 1.65 2017/04/19 21:42:50 joerg Exp $  */
+/*     $NetBSD: main.c,v 1.66 2018/02/26 23:45:02 ginsbach Exp $       */
 
 #if HAVE_CONFIG_H
 #include "config.h"
@@ -7,7 +7,7 @@
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-__RCSID("$NetBSD: main.c,v 1.65 2017/04/19 21:42:50 joerg Exp $");
+__RCSID("$NetBSD: main.c,v 1.66 2018/02/26 23:45:02 ginsbach Exp $");
 
 /*-
  * Copyright (c) 1999-2009 The NetBSD Foundation, Inc.
@@ -112,9 +112,9 @@ usage(void)
            " pmatch pattern pkg          - returns true if pkg matches pattern, otherwise false\n"
            " fetch-pkg-vulnerabilities [-s] - fetch new vulnerability file\n"
            " check-pkg-vulnerabilities [-s] <file> - check syntax and checksums of the vulnerability file\n"
-           " audit [-es] [-t type] ...       - check installed packages for vulnerabilities\n"
-           " audit-pkg [-es] [-t type] ...   - check listed packages for vulnerabilities\n"
-           " audit-batch [-es] [-t type] ... - check packages in listed files for vulnerabilities\n"
+           " audit [-eis] [-t type] ...       - check installed packages for vulnerabilities\n"
+           " audit-pkg [-eis] [-t type] ...   - check listed packages for vulnerabilities\n"
+           " audit-batch [-eis] [-t type] ... - check packages in listed files for vulnerabilities\n"
            " audit-history [-t type] ...     - print all advisories for package names\n"
            " check-license <condition>       - check if condition is acceptable\n"
            " check-single-license <license>  - check if license is acceptable\n"

Index: pkgsrc/pkgtools/pkg_install/files/admin/pkg_admin.1
diff -u pkgsrc/pkgtools/pkg_install/files/admin/pkg_admin.1:1.34 pkgsrc/pkgtools/pkg_install/files/admin/pkg_admin.1:1.35
--- pkgsrc/pkgtools/pkg_install/files/admin/pkg_admin.1:1.34    Tue Dec 30 15:13:20 2014
+++ pkgsrc/pkgtools/pkg_install/files/admin/pkg_admin.1 Mon Feb 26 23:45:02 2018
@@ -1,4 +1,4 @@
-.\"    $NetBSD: pkg_admin.1,v 1.34 2014/12/30 15:13:20 wiz Exp $
+.\"    $NetBSD: pkg_admin.1,v 1.35 2018/02/26 23:45:02 ginsbach Exp $
 .\"
 .\" Copyright (c) 1999-2010 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -34,7 +34,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd December 27, 2014
+.Dd February 25, 2018
 .Dt PKG_ADMIN 1
 .Os
 .Sh NAME
@@ -106,7 +106,7 @@ Be more verbose.
 .Pp
 The following commands are supported:
 .Bl -tag -width indent
-.It Cm audit Oo Fl es Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ...
+.It Cm audit Oo Fl eis Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ...
 Check the listed installed packages for vulnerabilities.
 If no package is given, check all installed packages.
 If
@@ -118,16 +118,25 @@ option from
 with
 .Qq Li yes .
 If
+.Fl i
+is given,
+any advisory ignored by
+.Dv IGNORE_URL
+in
+.Xr pkg_install.conf 5
+is included but flagged as
+.Qq ignored .
+If
 .Fl s
 is given, check the signature of the pkg-vulnerabilities file before using it.
 .Fl t
 restricts the reported vulnerabilities to type
 .Ar type .
-.It Cm audit-pkg Oo Fl es Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ...
+.It Cm audit-pkg Oo Fl eis Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ...
 Like
 .Cm audit ,
 but check only the given package names or patterns.
-.It Cm audit-batch Oo Fl es Oc Oo Fl t Ar type Oc Oo Ar pkg-list Oc ...
+.It Cm audit-batch Oo Fl eis Oc Oo Fl t Ar type Oc Oo Ar pkg-list Oc ...
 Like
 .Cm audit-pkg ,
 but read the package names or patterns one per line from the given files.

Index: pkgsrc/pkgtools/pkg_install/files/admin/pkg_admin.cat
diff -u pkgsrc/pkgtools/pkg_install/files/admin/pkg_admin.cat:1.3 pkgsrc/pkgtools/pkg_install/files/admin/pkg_admin.cat:1.4
--- pkgsrc/pkgtools/pkg_install/files/admin/pkg_admin.cat:1.3   Tue Dec 30 15:17:28 2014
+++ pkgsrc/pkgtools/pkg_install/files/admin/pkg_admin.cat       Mon Feb 26 23:45:02 2018
@@ -47,18 +47,20 @@ OOPPTTIIOONNSS
 
      The following commands are supported:
 
-     aauuddiitt [--eess] [--tt _t_y_p_e] [_p_k_g] ...
+     aauuddiitt [--eeiiss] [--tt _t_y_p_e] [_p_k_g] ...
              Check the listed installed packages for vulnerabilities.  If no
              package is given, check all installed packages.  If --ee is given,
              override the CHECK_END_OF_LIFE option from pkg_install.conf(5)
-             with "yes".  If --ss is given, check the signature of the pkg-
-             vulnerabilities file before using it.  --tt restricts the reported
-             vulnerabilities to type _t_y_p_e.
+             with "yes".  If --ii is given, any advisory ignored by IGNORE_URL
+             in pkg_install.conf(5) is included but flagged as "ignored".  If
+             --ss is given, check the signature of the pkg-vulnerabilities file
+             before using it.  --tt restricts the reported vulnerabilities to
+             type _t_y_p_e.
 
-     aauuddiitt--ppkkgg [--eess] [--tt _t_y_p_e] [_p_k_g] ...
+     aauuddiitt--ppkkgg [--eeiiss] [--tt _t_y_p_e] [_p_k_g] ...
              Like aauuddiitt, but check only the given package names or patterns.
 
-     aauuddiitt--bbaattcchh [--eess] [--tt _t_y_p_e] [_p_k_g_-_l_i_s_t] ...
+     aauuddiitt--bbaattcchh [--eeiiss] [--tt _t_y_p_e] [_p_k_g_-_l_i_s_t] ...
              Like aauuddiitt--ppkkgg, but read the package names or patterns one per
              line from the given files.
 
@@ -204,4 +206,4 @@ HHIISSTTOORRYY
 AAUUTTHHOORRSS
      The ppkkgg__aaddmmiinn command was written by Hubert Feyrer.
 
-pkgsrc                         December 27, 2014                        pkgsrc
+pkgsrc                         February 25, 2018                        pkgsrc

Index: pkgsrc/pkgtools/pkg_install/files/lib/lib.h
diff -u pkgsrc/pkgtools/pkg_install/files/lib/lib.h:1.68 pkgsrc/pkgtools/pkg_install/files/lib/lib.h:1.69
--- pkgsrc/pkgtools/pkg_install/files/lib/lib.h:1.68    Wed Apr 19 21:42:50 2017
+++ pkgsrc/pkgtools/pkg_install/files/lib/lib.h Mon Feb 26 23:45:02 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: lib.h,v 1.68 2017/04/19 21:42:50 joerg Exp $ */
+/* $NetBSD: lib.h,v 1.69 2018/02/26 23:45:02 ginsbach Exp $ */
 
 /* from FreeBSD Id: lib.h,v 1.25 1997/10/08 07:48:03 charnier Exp */
 
@@ -374,7 +374,7 @@ struct pkg_vulnerabilities *read_pkg_vul
 struct pkg_vulnerabilities *read_pkg_vulnerabilities_memory(void *, size_t, int);
 void free_pkg_vulnerabilities(struct pkg_vulnerabilities *);
 int audit_package(struct pkg_vulnerabilities *, const char *, const char *,
-    int);
+    int, int);
 
 /* Parse configuration file */
 void pkg_install_config(void);

Index: pkgsrc/pkgtools/pkg_install/files/lib/version.h
diff -u pkgsrc/pkgtools/pkg_install/files/lib/version.h:1.172 pkgsrc/pkgtools/pkg_install/files/lib/version.h:1.173
--- pkgsrc/pkgtools/pkg_install/files/lib/version.h:1.172       Mon Oct 30 12:03:50 2017
+++ pkgsrc/pkgtools/pkg_install/files/lib/version.h     Mon Feb 26 23:45:02 2018
@@ -1,4 +1,4 @@
-/*     $NetBSD: version.h,v 1.172 2017/10/30 12:03:50 jperkin Exp $    */
+/*     $NetBSD: version.h,v 1.173 2018/02/26 23:45:02 ginsbach Exp $   */
 
 /*
  * Copyright (c) 2001 Thomas Klausner.  All rights reserved.
@@ -27,6 +27,6 @@
 #ifndef _INST_LIB_VERSION_H_
 #define _INST_LIB_VERSION_H_
 
-#define PKGTOOLS_VERSION 20171030
+#define PKGTOOLS_VERSION 20180226
 
 #endif /* _INST_LIB_VERSION_H_ */

Index: pkgsrc/pkgtools/pkg_install/files/lib/vulnerabilities-file.c
diff -u pkgsrc/pkgtools/pkg_install/files/lib/vulnerabilities-file.c:1.9 pkgsrc/pkgtools/pkg_install/files/lib/vulnerabilities-file.c:1.10
--- pkgsrc/pkgtools/pkg_install/files/lib/vulnerabilities-file.c:1.9    Wed Apr 19 21:42:50 2017
+++ pkgsrc/pkgtools/pkg_install/files/lib/vulnerabilities-file.c        Mon Feb 26 23:45:02 2018
@@ -1,4 +1,4 @@
-/*     $NetBSD: vulnerabilities-file.c,v 1.9 2017/04/19 21:42:50 joerg Exp $   */
+/*     $NetBSD: vulnerabilities-file.c,v 1.10 2018/02/26 23:45:02 ginsbach Exp $       */
 
 /*-
  * Copyright (c) 2008, 2010 Joerg Sonnenberger <joerg%NetBSD.org@localhost>.
@@ -38,7 +38,7 @@
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-__RCSID("$NetBSD: vulnerabilities-file.c,v 1.9 2017/04/19 21:42:50 joerg Exp $");
+__RCSID("$NetBSD: vulnerabilities-file.c,v 1.10 2018/02/26 23:45:02 ginsbach Exp $");
 
 #if HAVE_SYS_STAT_H
 #include <sys/stat.h>
@@ -608,18 +608,19 @@ check_ignored_entry(struct pkg_vulnerabi
 
 int
 audit_package(struct pkg_vulnerabilities *pv, const char *pkgname,
-    const char *limit_vul_types, int output_type)
+    const char *limit_vul_types, int include_ignored, int output_type)
 {
        FILE *output = output_type == 1 ? stdout : stderr;
        size_t i;
-       int retval, do_eol;
+       int retval, do_eol, ignored;
 
        retval = 0;
 
        do_eol = (strcasecmp(check_eol, "yes") == 0);
 
        for (i = 0; i < pv->entries; ++i) {
-               if (check_ignored_entry(pv, i))
+               ignored = check_ignored_entry(pv, i);
+               if (ignored && !include_ignored)
                        continue;
                if (limit_vul_types != NULL &&
                    strcmp(limit_vul_types, pv->classification[i]))
@@ -642,11 +643,13 @@ audit_package(struct pkg_vulnerabilities
                }
                retval = 1;
                if (output_type == 0) {
-                       puts(pkgname);
+                       fprintf(stdout, "%s%s\n",
+                               pkgname, ignored ? " (ignored)" : "");
                } else {
                        fprintf(output,
-                           "Package %s has a %s vulnerability, see %s\n",
-                           pkgname, pv->classification[i], pv->advisory[i]);
+                           "Package %s has a%s %s vulnerability, see %s\n",
+                           pkgname, ignored ? "n ignored" : "",
+                           pv->classification[i], pv->advisory[i]);
                }
        }
        return retval;



Home | Main Index | Thread Index | Old Index