[pkgsrc/trunk]: pkgsrc/pkgtools/pkg_install/files pkg_install-20080415:

[joerg <joerg%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/34cae2a1be64
branches:  trunk
changeset: 541161:34cae2a1be64
user:      joerg <joerg%pkgsrc.org@localhost>
date:      Wed Apr 16 00:53:06 2008 +0000

description:
pkg_install-20080415:
Add audit-history subcommand for pkg_admin, that lists all known
vulnerabilities for a given base package name. E.g. if you run a web
server, don't run "pkg_admin audit-history php" before going to bed.

diffstat:

 pkgtools/pkg_install/files/admin/admin.h        |    1 +
 pkgtools/pkg_install/files/admin/audit.c        |  124 +++++++++++++++++++++++-
 pkgtools/pkg_install/files/admin/main.c         |    7 +-
 pkgtools/pkg_install/files/admin/pkg_admin.1    |    4 +-
 pkgtools/pkg_install/files/admin/pkg_admin.cat1 |    3 +
 pkgtools/pkg_install/files/lib/version.h        |    4 +-
 6 files changed, 136 insertions(+), 7 deletions(-)

diffs (236 lines):

diff -r ba2e0bacdc77 -r 34cae2a1be64 pkgtools/pkg_install/files/admin/admin.h
--- a/pkgtools/pkg_install/files/admin/admin.h  Wed Apr 16 00:10:24 2008 +0000
+++ b/pkgtools/pkg_install/files/admin/admin.h  Wed Apr 16 00:53:06 2008 +0000
@@ -45,6 +45,7 @@
 void   audit_pkgdb(int, char **);
 void   audit_pkg(int, char **);
 void   audit_batch(int, char **);
+void   audit_history(int, char **);
 void   check_pkg_vulnerabilities(int, char **);
 void   fetch_pkg_vulnerabilities(int, char **);
 
diff -r ba2e0bacdc77 -r 34cae2a1be64 pkgtools/pkg_install/files/admin/audit.c
--- a/pkgtools/pkg_install/files/admin/audit.c  Wed Apr 16 00:10:24 2008 +0000
+++ b/pkgtools/pkg_install/files/admin/audit.c  Wed Apr 16 00:53:06 2008 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: audit.c,v 1.7 2008/04/15 22:24:38 joerg Exp $  */
+/*     $NetBSD: audit.c,v 1.8 2008/04/16 00:53:06 joerg Exp $  */
 
 #if HAVE_CONFIG_H
 #include "config.h"
@@ -8,7 +8,7 @@
 #include <sys/cdefs.h>
 #endif
 #ifndef lint
-__RCSID("$NetBSD: audit.c,v 1.7 2008/04/15 22:24:38 joerg Exp $");
+__RCSID("$NetBSD: audit.c,v 1.8 2008/04/16 00:53:06 joerg Exp $");
 #endif
 
 /*-
@@ -386,3 +386,123 @@
 
        exit(EXIT_SUCCESS);
 }
+
+static int
+check_pkg_history_pattern(const char *pkg, const char *pattern)
+{
+       const char *delim, *end_base;
+
+       if ((delim = strchr(pattern, '*')) != NULL) {
+               if ((end_base = strrchr(pattern, '-')) == NULL)
+                       errx(EXIT_FAILURE, "Missing - in wildcard pattern %s",
+                           pattern);
+               if ((delim = strchr(pattern, '>')) != NULL ||
+                   (delim = strchr(pattern, '<')) != NULL)
+                       errx(EXIT_FAILURE,
+                           "Mixed relational and wildcard patterns in %s",
+                           pattern);
+       } else if ((delim = strchr(pattern, '>')) != NULL) {
+               end_base = delim;
+               if ((delim = strchr(pattern, '<')) != NULL && delim < end_base)
+                       errx(EXIT_FAILURE, "Inverted operators in %s",
+                           pattern);
+       } else if ((delim = strchr(pattern, '<')) != NULL) {
+               end_base = delim;
+       } else if ((end_base = strrchr(pattern, '-')) == NULL) {
+               errx(EXIT_FAILURE, "Missing - in absolute pattern %s",
+                   pattern);
+       }
+
+       if (strncmp(pkg, pattern, end_base - pattern) != 0)
+               return 0;
+       if (pkg[end_base - pattern] != '\0')
+               return 0;
+
+       return 1;
+}
+
+static int
+check_pkg_history1(const char *pkg, const char *pattern)
+{
+       const char *open_brace, *close_brace, *inner_brace, *suffix, *iter;
+       size_t prefix_len, suffix_len, middle_len;
+       char *expanded_pkg;
+
+       open_brace = strchr(pattern, '{');
+       if (open_brace == NULL) {
+               if ((close_brace = strchr(pattern, '}')) != NULL)
+                       errx(EXIT_FAILURE, "Unbalanced {} in pattern %s",
+                           pattern);
+               return check_pkg_history_pattern(pkg, pattern);
+       }
+       close_brace = strchr(open_brace, '}');
+       if (strchr(pattern, '}') != close_brace)
+               errx(EXIT_FAILURE, "Unbalanced {} in pattern %s",
+                   pattern);
+
+       while ((inner_brace = strchr(open_brace + 1, '{')) != NULL) {
+               if (inner_brace >= close_brace)
+                       break;
+               open_brace = inner_brace;
+       }
+
+       expanded_pkg = malloc(strlen(pattern)); /* {} are going away... */
+       if (expanded_pkg == NULL)
+               err(EXIT_FAILURE, "malloc failed");
+
+       prefix_len = open_brace - pattern;
+       suffix = close_brace + 1;
+       suffix_len = strlen(suffix) + 1;
+       memcpy(expanded_pkg, pattern, prefix_len);
+
+       ++open_brace;
+
+       do {
+               iter = strchr(open_brace, ',');
+               if (iter == NULL || iter > close_brace)
+                       iter = close_brace;
+
+               middle_len = iter - open_brace;
+               memcpy(expanded_pkg + prefix_len, open_brace, middle_len);
+               memcpy(expanded_pkg + prefix_len + middle_len, suffix,
+                   suffix_len);
+               if (check_pkg_history1(pkg, expanded_pkg)) {
+                       free(expanded_pkg);
+                       return 1;
+               }
+               open_brace = iter + 1;
+       } while (iter < close_brace);
+
+       free(expanded_pkg);
+       return 0;
+}
+
+static void
+check_pkg_history(const char *pkg)
+{
+       size_t i;
+
+       for (i = 0; i < pv->entries; ++i) {
+               if (strcmp("eol", pv->classification[i]) == 0)
+                       continue;
+               if (check_pkg_history1(pkg, pv->vulnerability[i]) == 0)
+                       continue;
+
+               printf("%s %s %s\n", pv->vulnerability[i],
+                   pv->classification[i], pv->advisory[i]);
+       }
+}
+
+void
+audit_history(int argc, char **argv)
+{
+       parse_options(argc, argv);
+       argv += optind;
+
+       check_and_read_pkg_vulnerabilities();
+       for (; *argv != NULL; ++argv)
+               check_pkg_history(*argv);
+
+       free_pkg_vulnerabilities(pv);
+       exit(EXIT_SUCCESS);
+}
diff -r ba2e0bacdc77 -r 34cae2a1be64 pkgtools/pkg_install/files/admin/main.c
--- a/pkgtools/pkg_install/files/admin/main.c   Wed Apr 16 00:10:24 2008 +0000
+++ b/pkgtools/pkg_install/files/admin/main.c   Wed Apr 16 00:53:06 2008 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: main.c,v 1.41 2008/04/07 13:07:14 joerg Exp $  */
+/*     $NetBSD: main.c,v 1.42 2008/04/16 00:53:06 joerg Exp $  */
 
 #if HAVE_CONFIG_H
 #include "config.h"
@@ -8,7 +8,7 @@
 #include <sys/cdefs.h>
 #endif
 #ifndef lint
-__RCSID("$NetBSD: main.c,v 1.41 2008/04/07 13:07:14 joerg Exp $");
+__RCSID("$NetBSD: main.c,v 1.42 2008/04/16 00:53:06 joerg Exp $");
 #endif
 
 /*-
@@ -116,6 +116,7 @@
            " audit [-es] [-t type] ...       - check installed packages for vulnerabilities\n"
            " audit-pkg [-es] [-t type] ...   - check listed packages for vulnerabilities\n"
            " audit-batch [-es] [-t type] ... - check packages in listed files for vulnerabilities\n"
+           " audit-history [-t type] ...     - print all advisories for package names\n"
            " config-var name                 - print current value of the configuration variable\n",
            getprogname());
        exit(EXIT_FAILURE);
@@ -539,6 +540,8 @@
                audit_pkg(--argc, ++argv);
        } else if (strcasecmp(argv[0], "audit-batch") == 0) {
                audit_batch(--argc, ++argv);
+       } else if (strcasecmp(argv[0], "audit-history") == 0) {
+               audit_history(--argc, ++argv);
        }
 #endif
 #ifdef PKGDB_DEBUG
diff -r ba2e0bacdc77 -r 34cae2a1be64 pkgtools/pkg_install/files/admin/pkg_admin.1
--- a/pkgtools/pkg_install/files/admin/pkg_admin.1      Wed Apr 16 00:10:24 2008 +0000
+++ b/pkgtools/pkg_install/files/admin/pkg_admin.1      Wed Apr 16 00:53:06 2008 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: pkg_admin.1,v 1.17 2008/04/07 13:07:14 joerg Exp $
+.\"    $NetBSD: pkg_admin.1,v 1.18 2008/04/16 00:53:06 joerg Exp $
 .\"
 .\" Copyright (c) 1999-2008 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -137,6 +137,8 @@
 Like
 .Cm audit-pkg ,
 but read the package names or patterns one per line from the given files.
+.It Cm audit-history Oo Fl t Ar type Oc Oo Ar pkgbase Oc ...
+Print all vulnerabilities for the given base package names.
 .It Cm check Op Ar pkg ...
 Use this command to check the files belonging to some or all of the
 packages installed on the local machine against the checksum
diff -r ba2e0bacdc77 -r 34cae2a1be64 pkgtools/pkg_install/files/admin/pkg_admin.cat1
--- a/pkgtools/pkg_install/files/admin/pkg_admin.cat1   Wed Apr 16 00:10:24 2008 +0000
+++ b/pkgtools/pkg_install/files/admin/pkg_admin.cat1   Wed Apr 16 00:53:06 2008 +0000
@@ -69,6 +69,9 @@
              Like aauuddiitt--ppkkgg, but read the package names or patterns one per
              line from the given files.
 
+     aauuddiitt--hhiissttoorryy [--tt _t_y_p_e] [_p_k_g_b_a_s_e] ...
+             Print all vulnerabilities for the given base package names.
+
      cchheecckk [_p_k_g _._._.]
              Use this command to check the files belonging to some or all of
              the packages installed on the local machine against the checksum
diff -r ba2e0bacdc77 -r 34cae2a1be64 pkgtools/pkg_install/files/lib/version.h
--- a/pkgtools/pkg_install/files/lib/version.h  Wed Apr 16 00:10:24 2008 +0000
+++ b/pkgtools/pkg_install/files/lib/version.h  Wed Apr 16 00:53:06 2008 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: version.h,v 1.99 2008/04/07 13:07:14 joerg Exp $       */
+/*     $NetBSD: version.h,v 1.100 2008/04/16 00:53:06 joerg Exp $      */
 
 /*
  * Copyright (c) 2001 Thomas Klausner.  All rights reserved.
@@ -33,6 +33,6 @@
 #ifndef _INST_LIB_VERSION_H_
 #define _INST_LIB_VERSION_H_
 
-#define PKGTOOLS_VERSION "20080407"
+#define PKGTOOLS_VERSION "20080415"
 
 #endif /* _INST_LIB_VERSION_H_ */